From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-11.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 962E4C07E95 for ; Fri, 16 Jul 2021 05:56:22 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id AD095613DF for ; Fri, 16 Jul 2021 05:56:21 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org AD095613DF Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=aspeedtech.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 576828060B; Fri, 16 Jul 2021 07:56:17 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=aspeedtech.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 10A41829CA; Fri, 16 Jul 2021 07:56:15 +0200 (CEST) Received: from twspam01.aspeedtech.com (twspam01.aspeedtech.com [211.20.114.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 6C35082051 for ; Fri, 16 Jul 2021 07:56:11 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=aspeedtech.com Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=chiawei_wang@aspeedtech.com Received: from mail.aspeedtech.com ([192.168.0.24]) by twspam01.aspeedtech.com with ESMTP id 16G5dfIE005064; Fri, 16 Jul 2021 13:39:41 +0800 (GMT-8) (envelope-from chiawei_wang@aspeedtech.com) Received: from ChiaWeiWang-PC.aspeed.com (192.168.2.66) by TWMBX02.aspeed.com (192.168.0.24) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 16 Jul 2021 13:55:50 +0800 From: Chia-Wei Wang To: , , , CC: , Subject: [PATCH v2 00/14] aspeed: Support secure boot chain with FIT image verification Date: Fri, 16 Jul 2021 13:55:32 +0800 Message-ID: <20210716055546.1619-1-chiawei_wang@aspeedtech.com> X-Mailer: git-send-email 2.17.1 MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [192.168.2.66] X-ClientProxiedBy: TWMBX02.aspeed.com (192.168.0.24) To TWMBX02.aspeed.com (192.168.0.24) X-DNSRBL: X-MAIL: twspam01.aspeedtech.com 16G5dfIE005064 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean This patch series intends to provide a secure boot chain from SPL to Linux kernel based on the hash and signature verification of FIT image paradigm. To improve the performance and save code size (SPL is limited to 64KB due to HW-RoT), the drviers of two HW crypto engine HACE and ARCY are also added for AST26xx SoCs. As HACE and ARCY can only access to DRAM space, additional configuration and boot command are also updated according to move each FIT image before its booting. In addition, the common code of FIT image hash algorithm lookup is also revised to leverage the HW accelerated calculation. v2: - update commit authors Chia-Wei Wang (9): aspeed: ast2600: Enlarge SRAM size clk: ast2600: Add RSACLK control for ARCY crypto: aspeed: Add AST2600 ARCY support ast2600: spl: Add ARCY probing ARM: dts: ast2600: Add ARCY to device tree ast2600: spl: Locate load buffer in DRAM space configs: ast2600-evb: Enable SPL FIT support configs: aspeed: Make EXTRA_ENV_SETTINGS board specific configs: ast2600: Boot kernel FIT in DRAM Joel Stanley (5): clk: ast2600: Add YCLK control for HACE crypto: aspeed: Add AST2600 HACE support ast2600: spl: Add HACE probing ARM: dts: ast2600: Add HACE to device tree common: fit: Use hash.c to call CRC/SHA function arch/arm/dts/ast2600-evb.dts | 10 + arch/arm/dts/ast2600.dtsi | 17 ++ arch/arm/include/asm/arch-aspeed/platform.h | 2 +- .../arm/include/asm/arch-aspeed/scu_ast2600.h | 6 +- arch/arm/mach-aspeed/ast2600/spl.c | 29 +- common/image-fit.c | 35 +-- configs/evb-ast2600_defconfig | 26 +- drivers/clk/aspeed/clk_ast2600.c | 35 +++ drivers/crypto/Kconfig | 2 + drivers/crypto/Makefile | 1 + drivers/crypto/aspeed/Kconfig | 22 ++ drivers/crypto/aspeed/Makefile | 2 + drivers/crypto/aspeed/aspeed_arcy.c | 182 +++++++++++ drivers/crypto/aspeed/aspeed_hace.c | 288 ++++++++++++++++++ include/configs/aspeed-common.h | 9 - include/configs/evb_ast2500.h | 6 + include/configs/evb_ast2600.h | 13 + lib/rsa/Kconfig | 10 +- 18 files changed, 645 insertions(+), 50 deletions(-) create mode 100644 drivers/crypto/aspeed/Kconfig create mode 100644 drivers/crypto/aspeed/Makefile create mode 100644 drivers/crypto/aspeed/aspeed_arcy.c create mode 100644 drivers/crypto/aspeed/aspeed_hace.c -- 2.17.1