* [U-Boot] [PATCH v5 1/2] powerpc/mpc85xx: SECURE BOOT- Enable chain of trust in SPL
@ 2016-06-14 17:21 Sumit Garg
2016-06-14 17:21 ` [U-Boot] [PATCH v5 2/2] powerpc/mpc85xx: T104x: Add nand secure boot target Sumit Garg
2016-06-17 3:52 ` [U-Boot] [PATCH v5 1/2] powerpc/mpc85xx: SECURE BOOT- Enable chain of trust in SPL Simon Glass
0 siblings, 2 replies; 5+ messages in thread
From: Sumit Garg @ 2016-06-14 17:21 UTC (permalink / raw)
To: u-boot
As part of Chain of Trust for Secure boot, the SPL U-Boot will validate
the next level U-boot image. Add a new function spl_validate_uboot to
perform the validation.
Enable hardware crypto operations in SPL using SEC block.
In case of Secure Boot, PAMU is not bypassed. For allowing SEC block
access to CPC configured as SRAM, configure PAMU.
Reviewed-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
---
Changes in v2:
Patches rebased
Changes in v3:
Patches rebased
Changes in v4:
Generic changes in lib, drivers, common Makefiles removed from
this patchset. Rebased this patchset on top of patch [1], so this
patchset is dependent on patch [1].
[1]https://patchwork.ozlabs.org/patch/627664/
Changes in v5:
Check for def CONFIG_SPL_DM and ndef CONFIG_SPL_FRAMEWORK instead
of def CONFIG_DM macro to include call to dm_init_and_scan().
As dm_init_and_scan() is called as part of common SPL framework,
so no need to call it again but in case of powerpc platforms which
currently do not use common SPL framework, so need to include this
function call here.
arch/powerpc/cpu/mpc8xxx/fsl_pamu.c | 8 +++++
arch/powerpc/cpu/mpc8xxx/pamu_table.c | 8 +++++
arch/powerpc/include/asm/fsl_secure_boot.h | 28 +++++++++++++++
board/freescale/common/fsl_chain_of_trust.c | 54 +++++++++++++++++++++++++++++
drivers/crypto/fsl/jr.c | 16 +++++++++
drivers/mtd/nand/fsl_ifc_spl.c | 24 +++++++++++++
include/fsl_validate.h | 1 +
7 files changed, 139 insertions(+)
diff --git a/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c b/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c
index 9421f1e..ede8e66 100644
--- a/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c
+++ b/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c
@@ -239,15 +239,23 @@ int pamu_init(void)
spaact_size = sizeof(struct paace) * NUM_SPAACT_ENTRIES;
/* Allocate space for Primary PAACT Table */
+#if (defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_PPAACT_ADDR))
+ ppaact = (void *)CONFIG_SPL_PPAACT_ADDR;
+#else
ppaact = memalign(PAMU_TABLE_ALIGNMENT, ppaact_size);
if (!ppaact)
return -1;
+#endif
memset(ppaact, 0, ppaact_size);
/* Allocate space for Secondary PAACT Table */
+#if (defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_SPAACT_ADDR))
+ sec = (void *)CONFIG_SPL_SPAACT_ADDR;
+#else
sec = memalign(PAMU_TABLE_ALIGNMENT, spaact_size);
if (!sec)
return -1;
+#endif
memset(sec, 0, spaact_size);
ppaact_phys = virt_to_phys((void *)ppaact);
diff --git a/arch/powerpc/cpu/mpc8xxx/pamu_table.c b/arch/powerpc/cpu/mpc8xxx/pamu_table.c
index 26c5ea4..a8e6f51 100644
--- a/arch/powerpc/cpu/mpc8xxx/pamu_table.c
+++ b/arch/powerpc/cpu/mpc8xxx/pamu_table.c
@@ -28,6 +28,14 @@ void construct_pamu_addr_table(struct pamu_addr_tbl *tbl, int *num_entries)
i++;
#endif
+#if (defined(CONFIG_SPL_BUILD) && (CONFIG_SYS_INIT_L3_VADDR))
+ tbl->start_addr[i] =
+ (uint64_t)virt_to_phys((void *)CONFIG_SYS_INIT_L3_VADDR);
+ tbl->size[i] = 256 * 1024; /* 256K CPC flash */
+ tbl->end_addr[i] = tbl->start_addr[i] + tbl->size[i] - 1;
+
+ i++;
+#endif
debug("PAMU address\t\t\tsize\n");
for (j = 0; j < i ; j++)
debug("%llx \t\t\t%llx\n", tbl->start_addr[j], tbl->size[j]);
diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h
index 826f9c9..99eec7f 100644
--- a/arch/powerpc/include/asm/fsl_secure_boot.h
+++ b/arch/powerpc/include/asm/fsl_secure_boot.h
@@ -72,6 +72,32 @@
#ifdef CONFIG_CHAIN_OF_TRUST
+#ifdef CONFIG_SPL_BUILD
+#define CONFIG_SPL_DM 1
+#define CONFIG_SPL_CRYPTO_SUPPORT
+#define CONFIG_SPL_HASH_SUPPORT
+#define CONFIG_SPL_RSA
+#define CONFIG_SPL_DRIVERS_MISC_SUPPORT
+/*
+ * PPAACT and SPAACT table for PAMU must be placed on DDR after DDR init
+ * due to space crunch on CPC and thus malloc will not work.
+ */
+#define CONFIG_SPL_PPAACT_ADDR 0x2e000000
+#define CONFIG_SPL_SPAACT_ADDR 0x2f000000
+#define CONFIG_SPL_JR0_LIODN_S 454
+#define CONFIG_SPL_JR0_LIODN_NS 458
+/*
+ * Define the key hash for U-Boot here if public/private key pair used to
+ * sign U-boot are different from the SRK hash put in the fuse
+ * Example of defining KEY_HASH is
+ * #define CONFIG_SPL_UBOOT_KEY_HASH \
+ * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
+ * else leave it defined as NULL
+ */
+
+#define CONFIG_SPL_UBOOT_KEY_HASH NULL
+#endif /* ifdef CONFIG_SPL_BUILD */
+
#define CONFIG_CMD_ESBC_VALIDATE
#define CONFIG_CMD_BLOB
#define CONFIG_FSL_SEC_MON
@@ -82,6 +108,7 @@
#define CONFIG_FSL_CAAM
#endif
+#ifndef CONFIG_SPL_BUILD
/* fsl_setenv_chain_of_trust() must be called from
* board_late_init()
*/
@@ -119,5 +146,6 @@
#endif /* #ifdef CONFIG_BOOTSCRIPT_COPY_RAM */
#include <config_fsl_chain_trust.h>
+#endif /* #ifndef CONFIG_SPL_BUILD */
#endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
#endif
diff --git a/board/freescale/common/fsl_chain_of_trust.c b/board/freescale/common/fsl_chain_of_trust.c
index ecfcc82..7bf9827 100644
--- a/board/freescale/common/fsl_chain_of_trust.c
+++ b/board/freescale/common/fsl_chain_of_trust.c
@@ -6,7 +6,17 @@
#include <common.h>
#include <fsl_validate.h>
+#include <fsl_secboot_err.h>
#include <fsl_sfp.h>
+#include <dm/root.h>
+
+#ifdef CONFIG_ADDR_MAP
+#include <asm/mmu.h>
+#endif
+
+#ifdef CONFIG_FSL_CORENET
+#include <asm/fsl_pamu.h>
+#endif
#ifdef CONFIG_LS102XA
#include <asm/arch/immap_ls102xa.h>
@@ -52,6 +62,7 @@ int fsl_check_boot_mode_secure(void)
return 0;
}
+#ifndef CONFIG_SPL_BUILD
int fsl_setenv_chain_of_trust(void)
{
/* Check Boot Mode
@@ -68,3 +79,46 @@ int fsl_setenv_chain_of_trust(void)
setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD);
return 0;
}
+#endif
+
+#ifdef CONFIG_SPL_BUILD
+void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr)
+{
+ int res;
+
+ /* Check Boot Mode
+ * If Boot Mode is Non-Secure, skip validation
+ */
+ if (fsl_check_boot_mode_secure() == 0)
+ return;
+
+ printf("SPL: Validating U-Boot image\n");
+
+#ifdef CONFIG_ADDR_MAP
+ init_addr_map();
+#endif
+
+#ifdef CONFIG_FSL_CORENET
+ if (pamu_init() < 0)
+ fsl_secboot_handle_error(ERROR_ESBC_PAMU_INIT);
+#endif
+
+#ifdef CONFIG_FSL_CAAM
+ if (sec_init() < 0)
+ fsl_secboot_handle_error(ERROR_ESBC_SEC_INIT);
+#endif
+
+/* dm_init_and_scan is called as part of common SPL framework, so no
+ * need to call it again but in case of powerpc platforms which currently
+ * do not use common SPL framework, so need to call this function here.
+ */
+#if defined(CONFIG_SPL_DM) && (!defined(CONFIG_SPL_FRAMEWORK))
+ dm_init_and_scan(false);
+#endif
+ res = fsl_secboot_validate(hdr_addr, CONFIG_SPL_UBOOT_KEY_HASH,
+ &img_addr);
+
+ if (res == 0)
+ printf("SPL: Validation of U-boot successful\n");
+}
+#endif /* ifdef CONFIG_SPL_BUILD */
diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c
index 510fa4e..1d4dd32 100644
--- a/drivers/crypto/fsl/jr.c
+++ b/drivers/crypto/fsl/jr.c
@@ -599,10 +599,26 @@ int sec_init_idx(uint8_t sec_idx)
sec_out32(&sec->mcfgr, mcr);
#ifdef CONFIG_FSL_CORENET
+#ifdef CONFIG_SPL_BUILD
+ /* For SPL Build, Set the Liodns in SEC JR0 for
+ * creating PAMU entries corresponding to these.
+ * For normal build, these are set in set_liodns().
+ */
+ liodn_ns = CONFIG_SPL_JR0_LIODN_NS & JRNSLIODN_MASK;
+ liodn_s = CONFIG_SPL_JR0_LIODN_S & JRSLIODN_MASK;
+
+ liodnr = sec_in32(&sec->jrliodnr[0].ls) &
+ ~(JRNSLIODN_MASK | JRSLIODN_MASK);
+ liodnr = liodnr |
+ (liodn_ns << JRNSLIODN_SHIFT) |
+ (liodn_s << JRSLIODN_SHIFT);
+ sec_out32(&sec->jrliodnr[0].ls, liodnr);
+#else
liodnr = sec_in32(&sec->jrliodnr[0].ls);
liodn_ns = (liodnr & JRNSLIODN_MASK) >> JRNSLIODN_SHIFT;
liodn_s = (liodnr & JRSLIODN_MASK) >> JRSLIODN_SHIFT;
#endif
+#endif
ret = jr_init(sec_idx);
if (ret < 0) {
diff --git a/drivers/mtd/nand/fsl_ifc_spl.c b/drivers/mtd/nand/fsl_ifc_spl.c
index cbeb74a..30aa966 100644
--- a/drivers/mtd/nand/fsl_ifc_spl.c
+++ b/drivers/mtd/nand/fsl_ifc_spl.c
@@ -11,6 +11,9 @@
#include <asm/io.h>
#include <fsl_ifc.h>
#include <linux/mtd/nand.h>
+#ifdef CONFIG_CHAIN_OF_TRUST
+#include <fsl_validate.h>
+#endif
static inline int is_blank(uchar *addr, int page_size)
{
@@ -268,6 +271,27 @@ void nand_boot(void)
*/
flush_cache(CONFIG_SYS_NAND_U_BOOT_DST, CONFIG_SYS_NAND_U_BOOT_SIZE);
#endif
+
+#ifdef CONFIG_CHAIN_OF_TRUST
+ /*
+ * As U-Boot header is appended at end of U-boot image, so
+ * calculate U-boot header address using U-boot header size.
+ */
+#define CONFIG_U_BOOT_HDR_ADDR \
+ ((CONFIG_SYS_NAND_U_BOOT_START + \
+ CONFIG_SYS_NAND_U_BOOT_SIZE) - \
+ CONFIG_U_BOOT_HDR_SIZE)
+ spl_validate_uboot(CONFIG_U_BOOT_HDR_ADDR,
+ CONFIG_SYS_NAND_U_BOOT_START);
+ /*
+ * In case of failure in validation, spl_validate_uboot would
+ * not return back in case of Production environment with ITS=1.
+ * Thus U-Boot will not start.
+ * In Development environment (ITS=0 and SB_EN=1), the function
+ * may return back in case of non-fatal failures.
+ */
+#endif
+
uboot = (void *)CONFIG_SYS_NAND_U_BOOT_START;
uboot();
}
diff --git a/include/fsl_validate.h b/include/fsl_validate.h
index a71e1ce..7695b30 100644
--- a/include/fsl_validate.h
+++ b/include/fsl_validate.h
@@ -254,4 +254,5 @@ int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,
int fsl_check_boot_mode_secure(void);
int fsl_setenv_chain_of_trust(void);
+void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr);
#endif
--
1.8.1.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [U-Boot] [PATCH v5 2/2] powerpc/mpc85xx: T104x: Add nand secure boot target
2016-06-14 17:21 [U-Boot] [PATCH v5 1/2] powerpc/mpc85xx: SECURE BOOT- Enable chain of trust in SPL Sumit Garg
@ 2016-06-14 17:21 ` Sumit Garg
2016-06-17 3:52 ` Simon Glass
2016-06-17 3:52 ` [U-Boot] [PATCH v5 1/2] powerpc/mpc85xx: SECURE BOOT- Enable chain of trust in SPL Simon Glass
1 sibling, 1 reply; 5+ messages in thread
From: Sumit Garg @ 2016-06-14 17:21 UTC (permalink / raw)
To: u-boot
For mpc85xx SoCs, the core begins execution from address 0xFFFFFFFC.
In non-secure boot scenario from NAND, this address will map to CPC
configured as SRAM. But in case of secure boot, this default address
always maps to IBR (Internal Boot ROM).
The IBR code requires that the bootloader(U-boot) must lie in 0 to 3.5G
address space i.e. 0x0 - 0xDFFFFFFF.
For secure boot target from NAND, the text base for SPL is kept same as
non-secure boot target i.e. 0xFFFx_xxxx but the SPL U-boot binary will
be copied to CPC configured as SRAM with address in 0-3.5G(0xBFFC_0000)
As a the virtual and physical address of CPC would be different. The
virtual address 0xFFFx_xxxx needs to be mapped to physical address
0xBFFx_xxxx.
Create a new PBI file to configure CPC as SRAM with address 0xBFFC0000
and update DCFG SCRTACH1 register with location of Header required for
secure boot.
The changes are similar to
commit 467a40dfe35f48d830f01a72617207d03ca85b4d
powerpc/mpc85xx: SECURE BOOT- NAND secure boot target for P3041
While P3041 has a 1MB CPC and does not require SPL. On T104x, CPC
is only 256K and thus SPL framework is used.
The changes are only applicable for SPL U-Boot running out of CPC SRAM
and not the next level U-Boot loaded on DDR.
Reviewed-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
---
Changes in v2:
Patches rebased
Changes in v3:
Patches rebased
Changes in v4:
Generic changes in lib, drivers, common Makefiles removed from
this patchset. Rebased this patchset on top of patch [1], so this
patchset is dependent on patch [1].
[1]https://patchwork.ozlabs.org/patch/627664/
Changes in v5:
Check for def CONFIG_SPL_DM and ndef CONFIG_SPL_FRAMEWORK instead
of def CONFIG_DM macro to include call to dm_init_and_scan().
As dm_init_and_scan() is called as part of common SPL framework,
so no need to call it again but in case of powerpc platforms which
currently do not use common SPL framework, so need to include this
function call here.
arch/powerpc/cpu/mpc85xx/cpu_init.c | 4 +--
arch/powerpc/cpu/mpc85xx/start.S | 11 ++++++--
arch/powerpc/include/asm/fsl_secure_boot.h | 10 ++++++-
board/freescale/t104xrdb/t104x_pbi_sb.cfg | 38 ++++++++++++++++++++++++++
board/freescale/t104xrdb/tlb.c | 15 +++++++++-
configs/T1042RDB_PI_NAND_SECURE_BOOT_defconfig | 30 ++++++++++++++++++++
include/configs/T104xRDB.h | 29 +++++++++++++++++++-
7 files changed, 129 insertions(+), 8 deletions(-)
create mode 100644 board/freescale/t104xrdb/t104x_pbi_sb.cfg
create mode 100644 configs/T1042RDB_PI_NAND_SECURE_BOOT_defconfig
diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init.c b/arch/powerpc/cpu/mpc85xx/cpu_init.c
index 61f5639..ace4279 100644
--- a/arch/powerpc/cpu/mpc85xx/cpu_init.c
+++ b/arch/powerpc/cpu/mpc85xx/cpu_init.c
@@ -439,7 +439,7 @@ ulong cpu_init_f(void)
#ifdef CONFIG_SYS_DCSRBAR_PHYS
ccsr_gur_t *gur = (void *)(CONFIG_SYS_MPC85xx_GUTS_ADDR);
#endif
-#if defined(CONFIG_SECURE_BOOT)
+#if defined(CONFIG_SECURE_BOOT) && !defined(CONFIG_SYS_RAMBOOT)
struct law_entry law;
#endif
#ifdef CONFIG_MPC8548
@@ -459,7 +459,7 @@ ulong cpu_init_f(void)
disable_tlb(14);
disable_tlb(15);
-#if defined(CONFIG_SECURE_BOOT)
+#if defined(CONFIG_SECURE_BOOT) && !defined(CONFIG_SYS_RAMBOOT)
/* Disable the LAW created for NOR flash by the PBI commands */
law = find_law(CONFIG_SYS_PBI_FLASH_BASE);
if (law.index != -1)
diff --git a/arch/powerpc/cpu/mpc85xx/start.S b/arch/powerpc/cpu/mpc85xx/start.S
index 4c51225..0850727 100644
--- a/arch/powerpc/cpu/mpc85xx/start.S
+++ b/arch/powerpc/cpu/mpc85xx/start.S
@@ -1069,17 +1069,22 @@ create_init_ram_area:
#elif !defined(CONFIG_SYS_RAMBOOT) && defined(CONFIG_SECURE_BOOT)
/* create a temp mapping in AS = 1 for Flash mapping
* created by PBL for ISBC code
- */
+ */
create_tlb1_entry 15, \
1, BOOKE_PAGESZ_1M, \
CONFIG_SYS_MONITOR_BASE & 0xfff00000, MAS2_I|MAS2_G, \
CONFIG_SYS_PBI_FLASH_WINDOW & 0xfff00000, MAS3_SX|MAS3_SW|MAS3_SR, \
0, r6
-#elif defined(CONFIG_RAMBOOT_PBL) && defined(CONFIG_SECURE_BOOT)
+/* For Targets without CONFIG_SPL like P3, P5
+ * and for targets with CONFIG_SPL like T1, T2, T4, only for
+ * u-boot-spl i.e. CONFIG_SPL_BUILD
+ */
+#elif defined(CONFIG_RAMBOOT_PBL) && defined(CONFIG_SECURE_BOOT) && \
+ (!defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD))
/* create a temp mapping in AS = 1 for mapping CONFIG_SYS_MONITOR_BASE
* to L3 Address configured by PBL for ISBC code
- */
+ */
create_tlb1_entry 15, \
1, BOOKE_PAGESZ_1M, \
CONFIG_SYS_MONITOR_BASE & 0xfff00000, MAS2_I|MAS2_G, \
diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h
index 99eec7f..2435cf8 100644
--- a/arch/powerpc/include/asm/fsl_secure_boot.h
+++ b/arch/powerpc/include/asm/fsl_secure_boot.h
@@ -35,7 +35,9 @@
defined(CONFIG_T104xD4RDB) || \
defined(CONFIG_PPC_T1023) || \
defined(CONFIG_PPC_T1024)
+#ifndef CONFIG_SYS_RAMBOOT
#define CONFIG_SYS_CPC_REINIT_F
+#endif
#define CONFIG_KEY_REVOCATION
#undef CONFIG_SYS_INIT_L3_ADDR
#define CONFIG_SYS_INIT_L3_ADDR 0xbff00000
@@ -43,7 +45,13 @@
#if defined(CONFIG_RAMBOOT_PBL)
#undef CONFIG_SYS_INIT_L3_ADDR
-#define CONFIG_SYS_INIT_L3_ADDR 0xbff00000
+#ifdef CONFIG_SYS_INIT_L3_VADDR
+#define CONFIG_SYS_INIT_L3_ADDR \
+ (CONFIG_SYS_INIT_L3_VADDR & ~0xFFF00000) | \
+ 0xbff00000
+#else
+#define CONFIG_SYS_INIT_L3_ADDR 0xbff00000
+#endif
#endif
#if defined(CONFIG_C29XPCIE)
diff --git a/board/freescale/t104xrdb/t104x_pbi_sb.cfg b/board/freescale/t104xrdb/t104x_pbi_sb.cfg
new file mode 100644
index 0000000..98dc8e4
--- /dev/null
+++ b/board/freescale/t104xrdb/t104x_pbi_sb.cfg
@@ -0,0 +1,38 @@
+#PBI commands
+#Software Workaround for errata A-007662 to train PCIe2 controller in Gen2 speed
+09250100 00000400
+09250108 00002000
+#Software Workaround for errata A-008007 to reset PVR register
+09000010 0000000b
+09000014 c0000000
+09000018 81d00017
+89020400 a1000000
+091380c0 000f0000
+89020400 00000000
+#Initialize CPC1
+09010000 00200400
+09138000 00000000
+091380c0 00000100
+#Configure CPC1 as 256KB SRAM
+09010100 00000000
+09010104 bffc0007
+09010f00 081e000d
+09010000 80000000
+#Configure LAW for CPC1
+09000cd0 00000000
+09000cd4 bffc0000
+09000cd8 81000011
+#Configure alternate space
+09000010 00000000
+09000014 bf000000
+09000018 81000000
+#Configure SPI controller
+09110000 80000403
+09110020 2d170008
+09110024 00100008
+09110028 00100008
+0911002c 00100008
+#Flush PBL data
+091380c0 000FFFFF
+090e0200 bffd0000
+091380c0 000FFFFF
diff --git a/board/freescale/t104xrdb/tlb.c b/board/freescale/t104xrdb/tlb.c
index 95c15aa..7c0511e 100644
--- a/board/freescale/t104xrdb/tlb.c
+++ b/board/freescale/t104xrdb/tlb.c
@@ -28,7 +28,8 @@ struct fsl_e_tlb_entry tlb_table[] = {
/* TLB 1 */
/* *I*** - Covers boot page */
-#if defined(CONFIG_SYS_RAMBOOT) && defined(CONFIG_SYS_INIT_L3_ADDR)
+#if defined(CONFIG_SYS_RAMBOOT) && defined(CONFIG_SYS_INIT_L3_ADDR) && \
+ !defined(CONFIG_SECURE_BOOT)
/*
* *I*G - L3SRAM. When L3 is used as 256K SRAM, the address of the
* SRAM is at 0xfffc0000, it covered the 0xfffff000.
@@ -36,6 +37,18 @@ struct fsl_e_tlb_entry tlb_table[] = {
SET_TLB_ENTRY(1, CONFIG_SYS_INIT_L3_ADDR, CONFIG_SYS_INIT_L3_ADDR,
MAS3_SX|MAS3_SW|MAS3_SR, MAS2_I|MAS2_G,
0, 0, BOOKE_PAGESZ_256K, 1),
+
+#elif defined(CONFIG_SECURE_BOOT) && defined(CONFIG_SPL_BUILD)
+ /*
+ * *I*G - L3SRAM. When L3 is used as 256K SRAM, in case of Secure Boot
+ * the physical address of the SRAM is at 0xbffc0000,
+ * and virtual address is 0xfffc0000
+ */
+
+ SET_TLB_ENTRY(1, CONFIG_SYS_INIT_L3_VADDR,
+ CONFIG_SYS_INIT_L3_ADDR,
+ MAS3_SX|MAS3_SW|MAS3_SR, MAS2_I|MAS2_G,
+ 0, 0, BOOKE_PAGESZ_256K, 1),
#else
SET_TLB_ENTRY(1, 0xfffff000, 0xfffff000,
MAS3_SX|MAS3_SW|MAS3_SR, MAS2_I|MAS2_G,
diff --git a/configs/T1042RDB_PI_NAND_SECURE_BOOT_defconfig b/configs/T1042RDB_PI_NAND_SECURE_BOOT_defconfig
new file mode 100644
index 0000000..2e16255
--- /dev/null
+++ b/configs/T1042RDB_PI_NAND_SECURE_BOOT_defconfig
@@ -0,0 +1,30 @@
+CONFIG_PPC=y
+CONFIG_MPC85xx=y
+CONFIG_TARGET_T104XRDB=y
+CONFIG_SPL=y
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_SYS_EXTRA_OPTIONS="PPC_T1042,T1042RDB_PI,RAMBOOT_PBL,SPL_FSL_PBL,NAND,SECURE_BOOT"
+CONFIG_BOOTDELAY=0
+CONFIG_HUSH_PARSER=y
+CONFIG_CMD_GREPENV=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_USB=y
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_MII=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_EXT2=y
+CONFIG_CMD_FAT=y
+CONFIG_SPI_FLASH=y
+CONFIG_SPI_FLASH_STMICRO=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_SYS_NS16550=y
+CONFIG_FSL_ESPI=y
+CONFIG_OF_LIBFDT=y
+CONFIG_RSA=y
+CONFIG_DM=y
diff --git a/include/configs/T104xRDB.h b/include/configs/T104xRDB.h
index a8f4f74..2ec1962 100644
--- a/include/configs/T104xRDB.h
+++ b/include/configs/T104xRDB.h
@@ -18,7 +18,14 @@
#include <asm/config_mpc85xx.h>
#ifdef CONFIG_RAMBOOT_PBL
+
+#ifndef CONFIG_SECURE_BOOT
#define CONFIG_SYS_FSL_PBL_PBI $(SRCTREE)/board/freescale/t104xrdb/t104x_pbi.cfg
+#else
+#define CONFIG_SYS_FSL_PBL_PBI \
+ $(SRCTREE)/board/freescale/t104xrdb/t104x_pbi_sb.cfg
+#endif
+
#ifdef CONFIG_T1040RDB
#define CONFIG_SYS_FSL_PBL_RCW $(SRCTREE)/board/freescale/t104xrdb/t1040_rcw.cfg
#endif
@@ -62,7 +69,17 @@ $(SRCTREE)/board/freescale/t104xrdb/t1042d4_rcw.cfg
#ifdef CONFIG_NAND
#define CONFIG_SPL_NAND_SUPPORT
+#ifdef CONFIG_SECURE_BOOT
+#define CONFIG_U_BOOT_HDR_SIZE (16 << 10)
+/*
+ * HDR would be appended@end of image and copied to DDR along
+ * with U-Boot image.
+ */
+#define CONFIG_SYS_NAND_U_BOOT_SIZE ((768 << 10) + \
+ CONFIG_U_BOOT_HDR_SIZE)
+#else
#define CONFIG_SYS_NAND_U_BOOT_SIZE (768 << 10)
+#endif
#define CONFIG_SYS_NAND_U_BOOT_DST 0x30000000
#define CONFIG_SYS_NAND_U_BOOT_START 0x30000000
#define CONFIG_SYS_NAND_U_BOOT_OFFS (256 << 10)
@@ -161,6 +178,10 @@ $(SRCTREE)/board/freescale/t104xrdb/t1042d4_rcw.cfg
#define CONFIG_ENV_SIZE 0x2000
#define CONFIG_ENV_OFFSET (512 * 0x800)
#elif defined(CONFIG_NAND)
+#ifdef CONFIG_SECURE_BOOT
+#define CONFIG_RAMBOOT_NAND
+#define CONFIG_BOOTSCRIPT_COPY_RAM
+#endif
#define CONFIG_SYS_EXTRA_ENV_RELOC
#define CONFIG_ENV_IS_IN_NAND
#define CONFIG_ENV_SIZE 0x2000
@@ -202,8 +223,14 @@ $(SRCTREE)/board/freescale/t104xrdb/t1042d4_rcw.cfg
* Config the L3 Cache as L3 SRAM
*/
#define CONFIG_SYS_INIT_L3_ADDR 0xFFFC0000
+/*
+ * For Secure Boot CONFIG_SYS_INIT_L3_ADDR will be redefined and hence
+ * Physical address (CONFIG_SYS_INIT_L3_ADDR) and virtual address
+ * (CONFIG_SYS_INIT_L3_VADDR) will be different.
+ */
+#define CONFIG_SYS_INIT_L3_VADDR 0xFFFC0000
#define CONFIG_SYS_L3_SIZE 256 << 10
-#define CONFIG_SPL_GD_ADDR (CONFIG_SYS_INIT_L3_ADDR + 32 * 1024)
+#define CONFIG_SPL_GD_ADDR (CONFIG_SYS_INIT_L3_VADDR + 32 * 1024)
#ifdef CONFIG_RAMBOOT_PBL
#define CONFIG_ENV_ADDR (CONFIG_SPL_GD_ADDR + 4 * 1024)
#endif
--
1.8.1.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [U-Boot] [PATCH v5 1/2] powerpc/mpc85xx: SECURE BOOT- Enable chain of trust in SPL
2016-06-14 17:21 [U-Boot] [PATCH v5 1/2] powerpc/mpc85xx: SECURE BOOT- Enable chain of trust in SPL Sumit Garg
2016-06-14 17:21 ` [U-Boot] [PATCH v5 2/2] powerpc/mpc85xx: T104x: Add nand secure boot target Sumit Garg
@ 2016-06-17 3:52 ` Simon Glass
2016-06-20 4:07 ` Sumit Garg
1 sibling, 1 reply; 5+ messages in thread
From: Simon Glass @ 2016-06-17 3:52 UTC (permalink / raw)
To: u-boot
Hi,
On 14 June 2016 at 11:21, Sumit Garg <sumit.garg@nxp.com> wrote:
> As part of Chain of Trust for Secure boot, the SPL U-Boot will validate
> the next level U-boot image. Add a new function spl_validate_uboot to
> perform the validation.
>
> Enable hardware crypto operations in SPL using SEC block.
> In case of Secure Boot, PAMU is not bypassed. For allowing SEC block
> access to CPC configured as SRAM, configure PAMU.
>
> Reviewed-by: Ruchika Gupta <ruchika.gupta@nxp.com>
> Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
> Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
> ---
> Changes in v2:
> Patches rebased
>
> Changes in v3:
> Patches rebased
>
> Changes in v4:
> Generic changes in lib, drivers, common Makefiles removed from
> this patchset. Rebased this patchset on top of patch [1], so this
> patchset is dependent on patch [1].
>
> [1]https://patchwork.ozlabs.org/patch/627664/
>
> Changes in v5:
> Check for def CONFIG_SPL_DM and ndef CONFIG_SPL_FRAMEWORK instead
> of def CONFIG_DM macro to include call to dm_init_and_scan().
> As dm_init_and_scan() is called as part of common SPL framework,
> so no need to call it again but in case of powerpc platforms which
> currently do not use common SPL framework, so need to include this
> function call here.
>
> arch/powerpc/cpu/mpc8xxx/fsl_pamu.c | 8 +++++
> arch/powerpc/cpu/mpc8xxx/pamu_table.c | 8 +++++
> arch/powerpc/include/asm/fsl_secure_boot.h | 28 +++++++++++++++
> board/freescale/common/fsl_chain_of_trust.c | 54 +++++++++++++++++++++++++++++
> drivers/crypto/fsl/jr.c | 16 +++++++++
> drivers/mtd/nand/fsl_ifc_spl.c | 24 +++++++++++++
> include/fsl_validate.h | 1 +
> 7 files changed, 139 insertions(+)
This looks OK to me, but please can you add a small README explaining
how to use these feature?
>
> diff --git a/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c b/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c
> index 9421f1e..ede8e66 100644
> --- a/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c
> +++ b/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c
> @@ -239,15 +239,23 @@ int pamu_init(void)
> spaact_size = sizeof(struct paace) * NUM_SPAACT_ENTRIES;
>
> /* Allocate space for Primary PAACT Table */
> +#if (defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_PPAACT_ADDR))
> + ppaact = (void *)CONFIG_SPL_PPAACT_ADDR;
> +#else
> ppaact = memalign(PAMU_TABLE_ALIGNMENT, ppaact_size);
> if (!ppaact)
> return -1;
> +#endif
> memset(ppaact, 0, ppaact_size);
>
> /* Allocate space for Secondary PAACT Table */
> +#if (defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_SPAACT_ADDR))
> + sec = (void *)CONFIG_SPL_SPAACT_ADDR;
> +#else
> sec = memalign(PAMU_TABLE_ALIGNMENT, spaact_size);
> if (!sec)
> return -1;
> +#endif
> memset(sec, 0, spaact_size);
>
> ppaact_phys = virt_to_phys((void *)ppaact);
> diff --git a/arch/powerpc/cpu/mpc8xxx/pamu_table.c b/arch/powerpc/cpu/mpc8xxx/pamu_table.c
> index 26c5ea4..a8e6f51 100644
> --- a/arch/powerpc/cpu/mpc8xxx/pamu_table.c
> +++ b/arch/powerpc/cpu/mpc8xxx/pamu_table.c
> @@ -28,6 +28,14 @@ void construct_pamu_addr_table(struct pamu_addr_tbl *tbl, int *num_entries)
>
> i++;
> #endif
> +#if (defined(CONFIG_SPL_BUILD) && (CONFIG_SYS_INIT_L3_VADDR))
> + tbl->start_addr[i] =
> + (uint64_t)virt_to_phys((void *)CONFIG_SYS_INIT_L3_VADDR);
> + tbl->size[i] = 256 * 1024; /* 256K CPC flash */
> + tbl->end_addr[i] = tbl->start_addr[i] + tbl->size[i] - 1;
> +
> + i++;
> +#endif
> debug("PAMU address\t\t\tsize\n");
> for (j = 0; j < i ; j++)
> debug("%llx \t\t\t%llx\n", tbl->start_addr[j], tbl->size[j]);
> diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h
> index 826f9c9..99eec7f 100644
> --- a/arch/powerpc/include/asm/fsl_secure_boot.h
> +++ b/arch/powerpc/include/asm/fsl_secure_boot.h
> @@ -72,6 +72,32 @@
>
> #ifdef CONFIG_CHAIN_OF_TRUST
>
> +#ifdef CONFIG_SPL_BUILD
> +#define CONFIG_SPL_DM 1
> +#define CONFIG_SPL_CRYPTO_SUPPORT
> +#define CONFIG_SPL_HASH_SUPPORT
> +#define CONFIG_SPL_RSA
> +#define CONFIG_SPL_DRIVERS_MISC_SUPPORT
> +/*
> + * PPAACT and SPAACT table for PAMU must be placed on DDR after DDR init
> + * due to space crunch on CPC and thus malloc will not work.
> + */
> +#define CONFIG_SPL_PPAACT_ADDR 0x2e000000
> +#define CONFIG_SPL_SPAACT_ADDR 0x2f000000
> +#define CONFIG_SPL_JR0_LIODN_S 454
> +#define CONFIG_SPL_JR0_LIODN_NS 458
> +/*
> + * Define the key hash for U-Boot here if public/private key pair used to
> + * sign U-boot are different from the SRK hash put in the fuse
> + * Example of defining KEY_HASH is
> + * #define CONFIG_SPL_UBOOT_KEY_HASH \
> + * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
> + * else leave it defined as NULL
> + */
> +
> +#define CONFIG_SPL_UBOOT_KEY_HASH NULL
> +#endif /* ifdef CONFIG_SPL_BUILD */
> +
> #define CONFIG_CMD_ESBC_VALIDATE
> #define CONFIG_CMD_BLOB
> #define CONFIG_FSL_SEC_MON
> @@ -82,6 +108,7 @@
> #define CONFIG_FSL_CAAM
> #endif
>
> +#ifndef CONFIG_SPL_BUILD
> /* fsl_setenv_chain_of_trust() must be called from
> * board_late_init()
> */
First line should be empty:
/*
* fsl_setenv...
*/
> @@ -119,5 +146,6 @@
> #endif /* #ifdef CONFIG_BOOTSCRIPT_COPY_RAM */
>
> #include <config_fsl_chain_trust.h>
> +#endif /* #ifndef CONFIG_SPL_BUILD */
> #endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
> #endif
> diff --git a/board/freescale/common/fsl_chain_of_trust.c b/board/freescale/common/fsl_chain_of_trust.c
> index ecfcc82..7bf9827 100644
> --- a/board/freescale/common/fsl_chain_of_trust.c
> +++ b/board/freescale/common/fsl_chain_of_trust.c
> @@ -6,7 +6,17 @@
>
> #include <common.h>
> #include <fsl_validate.h>
> +#include <fsl_secboot_err.h>
> #include <fsl_sfp.h>
> +#include <dm/root.h>
> +
> +#ifdef CONFIG_ADDR_MAP
> +#include <asm/mmu.h>
> +#endif
> +
> +#ifdef CONFIG_FSL_CORENET
> +#include <asm/fsl_pamu.h>
> +#endif
>
> #ifdef CONFIG_LS102XA
> #include <asm/arch/immap_ls102xa.h>
> @@ -52,6 +62,7 @@ int fsl_check_boot_mode_secure(void)
> return 0;
> }
>
> +#ifndef CONFIG_SPL_BUILD
> int fsl_setenv_chain_of_trust(void)
> {
> /* Check Boot Mode
> @@ -68,3 +79,46 @@ int fsl_setenv_chain_of_trust(void)
> setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD);
> return 0;
> }
> +#endif
> +
> +#ifdef CONFIG_SPL_BUILD
> +void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr)
> +{
> + int res;
> +
> + /* Check Boot Mode
Here too
> + * If Boot Mode is Non-Secure, skip validation
> + */
> + if (fsl_check_boot_mode_secure() == 0)
> + return;
> +
> + printf("SPL: Validating U-Boot image\n");
> +
> +#ifdef CONFIG_ADDR_MAP
> + init_addr_map();
> +#endif
> +
> +#ifdef CONFIG_FSL_CORENET
> + if (pamu_init() < 0)
> + fsl_secboot_handle_error(ERROR_ESBC_PAMU_INIT);
> +#endif
> +
> +#ifdef CONFIG_FSL_CAAM
> + if (sec_init() < 0)
> + fsl_secboot_handle_error(ERROR_ESBC_SEC_INIT);
> +#endif
> +
> +/* dm_init_and_scan is called as part of common SPL framework, so no
and here
dm_init_and_scan()
> + * need to call it again but in case of powerpc platforms which currently
> + * do not use common SPL framework, so need to call this function here.
> + */
> +#if defined(CONFIG_SPL_DM) && (!defined(CONFIG_SPL_FRAMEWORK))
> + dm_init_and_scan(false);
> +#endif
> + res = fsl_secboot_validate(hdr_addr, CONFIG_SPL_UBOOT_KEY_HASH,
> + &img_addr);
> +
> + if (res == 0)
> + printf("SPL: Validation of U-boot successful\n");
> +}
> +#endif /* ifdef CONFIG_SPL_BUILD */
> diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c
> index 510fa4e..1d4dd32 100644
> --- a/drivers/crypto/fsl/jr.c
> +++ b/drivers/crypto/fsl/jr.c
> @@ -599,10 +599,26 @@ int sec_init_idx(uint8_t sec_idx)
> sec_out32(&sec->mcfgr, mcr);
>
> #ifdef CONFIG_FSL_CORENET
> +#ifdef CONFIG_SPL_BUILD
> + /* For SPL Build, Set the Liodns in SEC JR0 for
> + * creating PAMU entries corresponding to these.
> + * For normal build, these are set in set_liodns().
> + */
> + liodn_ns = CONFIG_SPL_JR0_LIODN_NS & JRNSLIODN_MASK;
> + liodn_s = CONFIG_SPL_JR0_LIODN_S & JRSLIODN_MASK;
> +
> + liodnr = sec_in32(&sec->jrliodnr[0].ls) &
> + ~(JRNSLIODN_MASK | JRSLIODN_MASK);
> + liodnr = liodnr |
> + (liodn_ns << JRNSLIODN_SHIFT) |
> + (liodn_s << JRSLIODN_SHIFT);
> + sec_out32(&sec->jrliodnr[0].ls, liodnr);
> +#else
> liodnr = sec_in32(&sec->jrliodnr[0].ls);
> liodn_ns = (liodnr & JRNSLIODN_MASK) >> JRNSLIODN_SHIFT;
> liodn_s = (liodnr & JRSLIODN_MASK) >> JRSLIODN_SHIFT;
> #endif
> +#endif
>
> ret = jr_init(sec_idx);
> if (ret < 0) {
> diff --git a/drivers/mtd/nand/fsl_ifc_spl.c b/drivers/mtd/nand/fsl_ifc_spl.c
> index cbeb74a..30aa966 100644
> --- a/drivers/mtd/nand/fsl_ifc_spl.c
> +++ b/drivers/mtd/nand/fsl_ifc_spl.c
> @@ -11,6 +11,9 @@
> #include <asm/io.h>
> #include <fsl_ifc.h>
> #include <linux/mtd/nand.h>
> +#ifdef CONFIG_CHAIN_OF_TRUST
> +#include <fsl_validate.h>
> +#endif
>
> static inline int is_blank(uchar *addr, int page_size)
> {
> @@ -268,6 +271,27 @@ void nand_boot(void)
> */
> flush_cache(CONFIG_SYS_NAND_U_BOOT_DST, CONFIG_SYS_NAND_U_BOOT_SIZE);
> #endif
> +
> +#ifdef CONFIG_CHAIN_OF_TRUST
> + /*
> + * As U-Boot header is appended at end of U-boot image, so
> + * calculate U-boot header address using U-boot header size.
U-Boot
> + */
> +#define CONFIG_U_BOOT_HDR_ADDR \
> + ((CONFIG_SYS_NAND_U_BOOT_START + \
> + CONFIG_SYS_NAND_U_BOOT_SIZE) - \
> + CONFIG_U_BOOT_HDR_SIZE)
> + spl_validate_uboot(CONFIG_U_BOOT_HDR_ADDR,
> + CONFIG_SYS_NAND_U_BOOT_START);
> + /*
> + * In case of failure in validation, spl_validate_uboot would
> + * not return back in case of Production environment with ITS=1.
> + * Thus U-Boot will not start.
> + * In Development environment (ITS=0 and SB_EN=1), the function
> + * may return back in case of non-fatal failures.
> + */
> +#endif
> +
> uboot = (void *)CONFIG_SYS_NAND_U_BOOT_START;
> uboot();
> }
> diff --git a/include/fsl_validate.h b/include/fsl_validate.h
> index a71e1ce..7695b30 100644
> --- a/include/fsl_validate.h
> +++ b/include/fsl_validate.h
> @@ -254,4 +254,5 @@ int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,
>
> int fsl_check_boot_mode_secure(void);
> int fsl_setenv_chain_of_trust(void);
> +void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr);
Please add a function comment.
> #endif
> --
> 1.8.1.4
>
Regards,
Simon
^ permalink raw reply [flat|nested] 5+ messages in thread
* [U-Boot] [PATCH v5 2/2] powerpc/mpc85xx: T104x: Add nand secure boot target
2016-06-14 17:21 ` [U-Boot] [PATCH v5 2/2] powerpc/mpc85xx: T104x: Add nand secure boot target Sumit Garg
@ 2016-06-17 3:52 ` Simon Glass
0 siblings, 0 replies; 5+ messages in thread
From: Simon Glass @ 2016-06-17 3:52 UTC (permalink / raw)
To: u-boot
On 14 June 2016 at 11:21, Sumit Garg <sumit.garg@nxp.com> wrote:
> For mpc85xx SoCs, the core begins execution from address 0xFFFFFFFC.
> In non-secure boot scenario from NAND, this address will map to CPC
> configured as SRAM. But in case of secure boot, this default address
> always maps to IBR (Internal Boot ROM).
> The IBR code requires that the bootloader(U-boot) must lie in 0 to 3.5G
> address space i.e. 0x0 - 0xDFFFFFFF.
>
> For secure boot target from NAND, the text base for SPL is kept same as
> non-secure boot target i.e. 0xFFFx_xxxx but the SPL U-boot binary will
> be copied to CPC configured as SRAM with address in 0-3.5G(0xBFFC_0000)
> As a the virtual and physical address of CPC would be different. The
> virtual address 0xFFFx_xxxx needs to be mapped to physical address
> 0xBFFx_xxxx.
>
> Create a new PBI file to configure CPC as SRAM with address 0xBFFC0000
> and update DCFG SCRTACH1 register with location of Header required for
> secure boot.
>
> The changes are similar to
> commit 467a40dfe35f48d830f01a72617207d03ca85b4d
> powerpc/mpc85xx: SECURE BOOT- NAND secure boot target for P3041
>
> While P3041 has a 1MB CPC and does not require SPL. On T104x, CPC
> is only 256K and thus SPL framework is used.
> The changes are only applicable for SPL U-Boot running out of CPC SRAM
> and not the next level U-Boot loaded on DDR.
>
> Reviewed-by: Ruchika Gupta <ruchika.gupta@nxp.com>
> Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
> Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
> ---
> Changes in v2:
> Patches rebased
>
> Changes in v3:
> Patches rebased
>
> Changes in v4:
> Generic changes in lib, drivers, common Makefiles removed from
> this patchset. Rebased this patchset on top of patch [1], so this
> patchset is dependent on patch [1].
>
> [1]https://patchwork.ozlabs.org/patch/627664/
>
> Changes in v5:
> Check for def CONFIG_SPL_DM and ndef CONFIG_SPL_FRAMEWORK instead
> of def CONFIG_DM macro to include call to dm_init_and_scan().
> As dm_init_and_scan() is called as part of common SPL framework,
> so no need to call it again but in case of powerpc platforms which
> currently do not use common SPL framework, so need to include this
> function call here.
>
> arch/powerpc/cpu/mpc85xx/cpu_init.c | 4 +--
> arch/powerpc/cpu/mpc85xx/start.S | 11 ++++++--
> arch/powerpc/include/asm/fsl_secure_boot.h | 10 ++++++-
> board/freescale/t104xrdb/t104x_pbi_sb.cfg | 38 ++++++++++++++++++++++++++
> board/freescale/t104xrdb/tlb.c | 15 +++++++++-
> configs/T1042RDB_PI_NAND_SECURE_BOOT_defconfig | 30 ++++++++++++++++++++
> include/configs/T104xRDB.h | 29 +++++++++++++++++++-
> 7 files changed, 129 insertions(+), 8 deletions(-)
> create mode 100644 board/freescale/t104xrdb/t104x_pbi_sb.cfg
> create mode 100644 configs/T1042RDB_PI_NAND_SECURE_BOOT_defconfig
Reviewed-by: Simon Glass <sjg@chromium.org>
nit: please check comment style, as mentioned on the first patch.
- Simon
^ permalink raw reply [flat|nested] 5+ messages in thread
* [U-Boot] [PATCH v5 1/2] powerpc/mpc85xx: SECURE BOOT- Enable chain of trust in SPL
2016-06-17 3:52 ` [U-Boot] [PATCH v5 1/2] powerpc/mpc85xx: SECURE BOOT- Enable chain of trust in SPL Simon Glass
@ 2016-06-20 4:07 ` Sumit Garg
0 siblings, 0 replies; 5+ messages in thread
From: Sumit Garg @ 2016-06-20 4:07 UTC (permalink / raw)
To: u-boot
Hi Simon,
> -----Original Message-----
> From: sjg at google.com [mailto:sjg at google.com] On Behalf Of Simon Glass
> Sent: Friday, June 17, 2016 9:22 AM
> To: Sumit Garg <sumit.garg@nxp.com>
> Cc: U-Boot Mailing List <u-boot@lists.denx.de>; york sun
> <york.sun@nxp.com>; Ruchika Gupta <ruchika.gupta@nxp.com>; Prabhakar
> Kushwaha <prabhakar.kushwaha@nxp.com>; Tom Rini <trini@konsulko.com>;
> Teddy Reed V <teddy.reed@gmail.com>; Andreas Dannenberg
> <dannenberg@ti.com>; Aneesh Bansal <aneesh.bansal@nxp.com>
> Subject: Re: [PATCH v5 1/2] powerpc/mpc85xx: SECURE BOOT- Enable chain of
> trust in SPL
>
> Hi,
>
> On 14 June 2016 at 11:21, Sumit Garg <sumit.garg@nxp.com> wrote:
> > As part of Chain of Trust for Secure boot, the SPL U-Boot will
> > validate the next level U-boot image. Add a new function
> > spl_validate_uboot to perform the validation.
> >
> > Enable hardware crypto operations in SPL using SEC block.
> > In case of Secure Boot, PAMU is not bypassed. For allowing SEC block
> > access to CPC configured as SRAM, configure PAMU.
> >
> > Reviewed-by: Ruchika Gupta <ruchika.gupta@nxp.com>
> > Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
> > Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
> > ---
> > Changes in v2:
> > Patches rebased
> >
> > Changes in v3:
> > Patches rebased
> >
> > Changes in v4:
> > Generic changes in lib, drivers, common Makefiles removed from this
> > patchset. Rebased this patchset on top of patch [1], so this patchset
> > is dependent on patch [1].
> >
> > [1]https://patchwork.ozlabs.org/patch/627664/
> >
> > Changes in v5:
> > Check for def CONFIG_SPL_DM and ndef CONFIG_SPL_FRAMEWORK instead
> of
> > def CONFIG_DM macro to include call to dm_init_and_scan().
> > As dm_init_and_scan() is called as part of common SPL framework, so no
> > need to call it again but in case of powerpc platforms which currently
> > do not use common SPL framework, so need to include this function call
> > here.
> >
> > arch/powerpc/cpu/mpc8xxx/fsl_pamu.c | 8 +++++
> > arch/powerpc/cpu/mpc8xxx/pamu_table.c | 8 +++++
> > arch/powerpc/include/asm/fsl_secure_boot.h | 28 +++++++++++++++
> > board/freescale/common/fsl_chain_of_trust.c | 54
> +++++++++++++++++++++++++++++
> > drivers/crypto/fsl/jr.c | 16 +++++++++
> > drivers/mtd/nand/fsl_ifc_spl.c | 24 +++++++++++++
> > include/fsl_validate.h | 1 +
> > 7 files changed, 139 insertions(+)
>
> This looks OK to me, but please can you add a small README explaining how to
> use these feature?
>
> >
> > diff --git a/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c
> > b/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c
> > index 9421f1e..ede8e66 100644
> > --- a/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c
> > +++ b/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c
> > @@ -239,15 +239,23 @@ int pamu_init(void)
> > spaact_size = sizeof(struct paace) * NUM_SPAACT_ENTRIES;
> >
> > /* Allocate space for Primary PAACT Table */
> > +#if (defined(CONFIG_SPL_BUILD) &&
> defined(CONFIG_SPL_PPAACT_ADDR))
> > + ppaact = (void *)CONFIG_SPL_PPAACT_ADDR; #else
> > ppaact = memalign(PAMU_TABLE_ALIGNMENT, ppaact_size);
> > if (!ppaact)
> > return -1;
> > +#endif
> > memset(ppaact, 0, ppaact_size);
> >
> > /* Allocate space for Secondary PAACT Table */
> > +#if (defined(CONFIG_SPL_BUILD) &&
> defined(CONFIG_SPL_SPAACT_ADDR))
> > + sec = (void *)CONFIG_SPL_SPAACT_ADDR; #else
> > sec = memalign(PAMU_TABLE_ALIGNMENT, spaact_size);
> > if (!sec)
> > return -1;
> > +#endif
> > memset(sec, 0, spaact_size);
> >
> > ppaact_phys = virt_to_phys((void *)ppaact); diff --git
> > a/arch/powerpc/cpu/mpc8xxx/pamu_table.c
> > b/arch/powerpc/cpu/mpc8xxx/pamu_table.c
> > index 26c5ea4..a8e6f51 100644
> > --- a/arch/powerpc/cpu/mpc8xxx/pamu_table.c
> > +++ b/arch/powerpc/cpu/mpc8xxx/pamu_table.c
> > @@ -28,6 +28,14 @@ void construct_pamu_addr_table(struct
> pamu_addr_tbl
> > *tbl, int *num_entries)
> >
> > i++;
> > #endif
> > +#if (defined(CONFIG_SPL_BUILD) && (CONFIG_SYS_INIT_L3_VADDR))
> > + tbl->start_addr[i] =
> > + (uint64_t)virt_to_phys((void *)CONFIG_SYS_INIT_L3_VADDR);
> > + tbl->size[i] = 256 * 1024; /* 256K CPC flash */
> > + tbl->end_addr[i] = tbl->start_addr[i] + tbl->size[i] - 1;
> > +
> > + i++;
> > +#endif
> > debug("PAMU address\t\t\tsize\n");
> > for (j = 0; j < i ; j++)
> > debug("%llx \t\t\t%llx\n", tbl->start_addr[j],
> > tbl->size[j]); diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h
> > b/arch/powerpc/include/asm/fsl_secure_boot.h
> > index 826f9c9..99eec7f 100644
> > --- a/arch/powerpc/include/asm/fsl_secure_boot.h
> > +++ b/arch/powerpc/include/asm/fsl_secure_boot.h
> > @@ -72,6 +72,32 @@
> >
> > #ifdef CONFIG_CHAIN_OF_TRUST
> >
> > +#ifdef CONFIG_SPL_BUILD
> > +#define CONFIG_SPL_DM 1
> > +#define CONFIG_SPL_CRYPTO_SUPPORT
> > +#define CONFIG_SPL_HASH_SUPPORT
> > +#define CONFIG_SPL_RSA
> > +#define CONFIG_SPL_DRIVERS_MISC_SUPPORT
> > +/*
> > + * PPAACT and SPAACT table for PAMU must be placed on DDR after DDR
> > +init
> > + * due to space crunch on CPC and thus malloc will not work.
> > + */
> > +#define CONFIG_SPL_PPAACT_ADDR 0x2e000000
> > +#define CONFIG_SPL_SPAACT_ADDR 0x2f000000
> > +#define CONFIG_SPL_JR0_LIODN_S 454
> > +#define CONFIG_SPL_JR0_LIODN_NS 458
> > +/*
> > + * Define the key hash for U-Boot here if public/private key pair
> > +used to
> > + * sign U-boot are different from the SRK hash put in the fuse
> > + * Example of defining KEY_HASH is
> > + * #define CONFIG_SPL_UBOOT_KEY_HASH \
> > + *
> "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
> > + * else leave it defined as NULL
> > + */
> > +
> > +#define CONFIG_SPL_UBOOT_KEY_HASH NULL
> > +#endif /* ifdef CONFIG_SPL_BUILD */
> > +
> > #define CONFIG_CMD_ESBC_VALIDATE
> > #define CONFIG_CMD_BLOB
> > #define CONFIG_FSL_SEC_MON
> > @@ -82,6 +108,7 @@
> > #define CONFIG_FSL_CAAM
> > #endif
> >
> > +#ifndef CONFIG_SPL_BUILD
> > /* fsl_setenv_chain_of_trust() must be called from
> > * board_late_init()
> > */
>
> First line should be empty:
>
> /*
> * fsl_setenv...
> */
>
> > @@ -119,5 +146,6 @@
> > #endif /* #ifdef CONFIG_BOOTSCRIPT_COPY_RAM */
> >
> > #include <config_fsl_chain_trust.h>
> > +#endif /* #ifndef CONFIG_SPL_BUILD */
> > #endif /* #ifdef CONFIG_CHAIN_OF_TRUST */ #endif diff --git
> > a/board/freescale/common/fsl_chain_of_trust.c
> > b/board/freescale/common/fsl_chain_of_trust.c
> > index ecfcc82..7bf9827 100644
> > --- a/board/freescale/common/fsl_chain_of_trust.c
> > +++ b/board/freescale/common/fsl_chain_of_trust.c
> > @@ -6,7 +6,17 @@
> >
> > #include <common.h>
> > #include <fsl_validate.h>
> > +#include <fsl_secboot_err.h>
> > #include <fsl_sfp.h>
> > +#include <dm/root.h>
> > +
> > +#ifdef CONFIG_ADDR_MAP
> > +#include <asm/mmu.h>
> > +#endif
> > +
> > +#ifdef CONFIG_FSL_CORENET
> > +#include <asm/fsl_pamu.h>
> > +#endif
> >
> > #ifdef CONFIG_LS102XA
> > #include <asm/arch/immap_ls102xa.h>
> > @@ -52,6 +62,7 @@ int fsl_check_boot_mode_secure(void)
> > return 0;
> > }
> >
> > +#ifndef CONFIG_SPL_BUILD
> > int fsl_setenv_chain_of_trust(void)
> > {
> > /* Check Boot Mode
> > @@ -68,3 +79,46 @@ int fsl_setenv_chain_of_trust(void)
> > setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD);
> > return 0;
> > }
> > +#endif
> > +
> > +#ifdef CONFIG_SPL_BUILD
> > +void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr) {
> > + int res;
> > +
> > + /* Check Boot Mode
>
> Here too
>
> > + * If Boot Mode is Non-Secure, skip validation
> > + */
> > + if (fsl_check_boot_mode_secure() == 0)
> > + return;
> > +
> > + printf("SPL: Validating U-Boot image\n");
> > +
> > +#ifdef CONFIG_ADDR_MAP
> > + init_addr_map();
> > +#endif
> > +
> > +#ifdef CONFIG_FSL_CORENET
> > + if (pamu_init() < 0)
> > + fsl_secboot_handle_error(ERROR_ESBC_PAMU_INIT);
> > +#endif
> > +
> > +#ifdef CONFIG_FSL_CAAM
> > + if (sec_init() < 0)
> > + fsl_secboot_handle_error(ERROR_ESBC_SEC_INIT);
> > +#endif
> > +
> > +/* dm_init_and_scan is called as part of common SPL framework, so no
>
> and here
>
> dm_init_and_scan()
>
> > + * need to call it again but in case of powerpc platforms which
> > +currently
> > + * do not use common SPL framework, so need to call this function here.
> > + */
> > +#if defined(CONFIG_SPL_DM) && (!defined(CONFIG_SPL_FRAMEWORK))
> > + dm_init_and_scan(false);
> > +#endif
> > + res = fsl_secboot_validate(hdr_addr, CONFIG_SPL_UBOOT_KEY_HASH,
> > + &img_addr);
> > +
> > + if (res == 0)
> > + printf("SPL: Validation of U-boot successful\n"); }
> > +#endif /* ifdef CONFIG_SPL_BUILD */
> > diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index
> > 510fa4e..1d4dd32 100644
> > --- a/drivers/crypto/fsl/jr.c
> > +++ b/drivers/crypto/fsl/jr.c
> > @@ -599,10 +599,26 @@ int sec_init_idx(uint8_t sec_idx)
> > sec_out32(&sec->mcfgr, mcr);
> >
> > #ifdef CONFIG_FSL_CORENET
> > +#ifdef CONFIG_SPL_BUILD
> > + /* For SPL Build, Set the Liodns in SEC JR0 for
> > + * creating PAMU entries corresponding to these.
> > + * For normal build, these are set in set_liodns().
> > + */
> > + liodn_ns = CONFIG_SPL_JR0_LIODN_NS & JRNSLIODN_MASK;
> > + liodn_s = CONFIG_SPL_JR0_LIODN_S & JRSLIODN_MASK;
> > +
> > + liodnr = sec_in32(&sec->jrliodnr[0].ls) &
> > + ~(JRNSLIODN_MASK | JRSLIODN_MASK);
> > + liodnr = liodnr |
> > + (liodn_ns << JRNSLIODN_SHIFT) |
> > + (liodn_s << JRSLIODN_SHIFT);
> > + sec_out32(&sec->jrliodnr[0].ls, liodnr); #else
> > liodnr = sec_in32(&sec->jrliodnr[0].ls);
> > liodn_ns = (liodnr & JRNSLIODN_MASK) >> JRNSLIODN_SHIFT;
> > liodn_s = (liodnr & JRSLIODN_MASK) >> JRSLIODN_SHIFT; #endif
> > +#endif
> >
> > ret = jr_init(sec_idx);
> > if (ret < 0) {
> > diff --git a/drivers/mtd/nand/fsl_ifc_spl.c b/drivers/mtd/nand/fsl_ifc_spl.c
> > index cbeb74a..30aa966 100644
> > --- a/drivers/mtd/nand/fsl_ifc_spl.c
> > +++ b/drivers/mtd/nand/fsl_ifc_spl.c
> > @@ -11,6 +11,9 @@
> > #include <asm/io.h>
> > #include <fsl_ifc.h>
> > #include <linux/mtd/nand.h>
> > +#ifdef CONFIG_CHAIN_OF_TRUST
> > +#include <fsl_validate.h>
> > +#endif
> >
> > static inline int is_blank(uchar *addr, int page_size)
> > {
> > @@ -268,6 +271,27 @@ void nand_boot(void)
> > */
> > flush_cache(CONFIG_SYS_NAND_U_BOOT_DST,
> CONFIG_SYS_NAND_U_BOOT_SIZE);
> > #endif
> > +
> > +#ifdef CONFIG_CHAIN_OF_TRUST
> > + /*
> > + * As U-Boot header is appended at end of U-boot image, so
> > + * calculate U-boot header address using U-boot header size.
>
> U-Boot
>
> > + */
> > +#define CONFIG_U_BOOT_HDR_ADDR \
> > + ((CONFIG_SYS_NAND_U_BOOT_START + \
> > + CONFIG_SYS_NAND_U_BOOT_SIZE) - \
> > + CONFIG_U_BOOT_HDR_SIZE)
> > + spl_validate_uboot(CONFIG_U_BOOT_HDR_ADDR,
> > + CONFIG_SYS_NAND_U_BOOT_START);
> > + /*
> > + * In case of failure in validation, spl_validate_uboot would
> > + * not return back in case of Production environment with ITS=1.
> > + * Thus U-Boot will not start.
> > + * In Development environment (ITS=0 and SB_EN=1), the function
> > + * may return back in case of non-fatal failures.
> > + */
> > +#endif
> > +
> > uboot = (void *)CONFIG_SYS_NAND_U_BOOT_START;
> > uboot();
> > }
> > diff --git a/include/fsl_validate.h b/include/fsl_validate.h
> > index a71e1ce..7695b30 100644
> > --- a/include/fsl_validate.h
> > +++ b/include/fsl_validate.h
> > @@ -254,4 +254,5 @@ int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int
> flag, int argc,
> >
> > int fsl_check_boot_mode_secure(void);
> > int fsl_setenv_chain_of_trust(void);
> > +void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr);
>
> Please add a function comment.
>
> > #endif
> > --
> > 1.8.1.4
> >
>
> Regards,
> Simon
Many thanks for your review, will take care of comments mentioned above.
Thanks and regards,
Sumit
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-06-20 4:07 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-14 17:21 [U-Boot] [PATCH v5 1/2] powerpc/mpc85xx: SECURE BOOT- Enable chain of trust in SPL Sumit Garg
2016-06-14 17:21 ` [U-Boot] [PATCH v5 2/2] powerpc/mpc85xx: T104x: Add nand secure boot target Sumit Garg
2016-06-17 3:52 ` Simon Glass
2016-06-17 3:52 ` [U-Boot] [PATCH v5 1/2] powerpc/mpc85xx: SECURE BOOT- Enable chain of trust in SPL Simon Glass
2016-06-20 4:07 ` Sumit Garg
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.