mirror of
https://github.com/AsahiLinux/u-boot
synced 2025-02-17 22:49:02 +00:00
armv8/ls1043ardb: add SECURE BOOT target for NOR
LS1043ARDB Secure Boot Target from NOR has been added. - Configs defined to enable esbc_validate. - ESBC Address in header is made 64 bit. - SMMU is re-configured in Bypass mode. Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
This commit is contained in:
Aneesh Bansal
York Sun
parent
e8f954a756
commit
9711f52806
10 changed files with 82 additions and 21 deletions
|
|
@ -153,8 +153,8 @@
|
|||
#define CONFIG_SYS_FSL_PCIE_COMPAT "fsl,qoriq-pcie-v2.4"
|
||||
|
||||
#define CONFIG_SYS_FSL_SFP_VER_3_2
|
||||
#define CONFIG_SYS_FSL_SNVS_LE
|
||||
#define CONFIG_SYS_FSL_SEC_LE
|
||||
#define CONFIG_SYS_FSL_SEC_MON_BE
|
||||
#define CONFIG_SYS_FSL_SEC_BE
|
||||
#define CONFIG_SYS_FSL_SFP_BE
|
||||
#define CONFIG_SYS_FSL_SRK_LE
|
||||
#define CONFIG_KEY_REVOCATION
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@
|
|||
#define CONFIG_SYS_PCIE3_ADDR (CONFIG_SYS_IMMR + 0x2600000)
|
||||
#define CONFIG_SYS_FSL_SEC_ADDR (CONFIG_SYS_IMMR + 0x700000)
|
||||
#define CONFIG_SYS_FSL_JR0_ADDR (CONFIG_SYS_IMMR + 0x710000)
|
||||
#define CONFIG_SYS_SNVS_ADDR (CONFIG_SYS_IMMR + 0xe90000)
|
||||
#define CONFIG_SYS_SEC_MON_ADDR (CONFIG_SYS_IMMR + 0xe90000)
|
||||
#define CONFIG_SYS_SFP_ADDR (CONFIG_SYS_IMMR + 0xe80200)
|
||||
|
||||
#define CONFIG_SYS_FSL_TIMER_ADDR 0x02b00000
|
||||
|
|
|
|||
|
|
@ -11,13 +11,17 @@
|
|||
#define CONFIG_CMD_ESBC_VALIDATE
|
||||
#define CONFIG_FSL_SEC_MON
|
||||
#define CONFIG_SHA_PROG_HW_ACCEL
|
||||
#define CONFIG_DM
|
||||
#define CONFIG_RSA
|
||||
#define CONFIG_RSA_FREESCALE_EXP
|
||||
|
||||
#ifndef CONFIG_FSL_CAAM
|
||||
#define CONFIG_FSL_CAAM
|
||||
#endif
|
||||
|
||||
#ifndef CONFIG_DM
|
||||
#define CONFIG_DM
|
||||
#endif
|
||||
|
||||
#define CONFIG_KEY_REVOCATION
|
||||
#ifndef CONFIG_SYS_RAMBOOT
|
||||
/* The key used for verification of next level images
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
#include <u-boot/rsa-mod-exp.h>
|
||||
#include <hash.h>
|
||||
#include <fsl_secboot_err.h>
|
||||
#ifndef CONFIG_MPC85xx
|
||||
#ifdef CONFIG_LS102XA
|
||||
#include <asm/arch/immap_ls102xa.h>
|
||||
#endif
|
||||
|
||||
|
|
@ -99,7 +99,8 @@ int get_csf_base_addr(u32 *csf_addr, u32 *flash_base_addr)
|
|||
struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR);
|
||||
u32 csf_hdr_addr = in_be32(&gur->scratchrw[0]);
|
||||
|
||||
if (memcmp((u8 *)csf_hdr_addr, barker_code, ESBC_BARKER_LEN))
|
||||
if (memcmp((u8 *)(uintptr_t)csf_hdr_addr,
|
||||
barker_code, ESBC_BARKER_LEN))
|
||||
return -1;
|
||||
|
||||
*csf_addr = csf_hdr_addr;
|
||||
|
|
@ -117,7 +118,7 @@ static int get_ie_info_addr(u32 *ie_addr)
|
|||
if (get_csf_base_addr(&csf_addr, &flash_base_addr))
|
||||
return -1;
|
||||
|
||||
hdr = (struct fsl_secboot_img_hdr *)csf_addr;
|
||||
hdr = (struct fsl_secboot_img_hdr *)(uintptr_t)csf_addr;
|
||||
|
||||
/* For SoC's with Trust Architecture v1 with corenet bus
|
||||
* the sg table field in CSF header has absolute address
|
||||
|
|
@ -130,7 +131,7 @@ static int get_ie_info_addr(u32 *ie_addr)
|
|||
(((u32)hdr->psgtable & ~(CONFIG_SYS_PBI_FLASH_BASE)) +
|
||||
flash_base_addr);
|
||||
#else
|
||||
sg_tbl = (struct fsl_secboot_sg_table *)(csf_addr +
|
||||
sg_tbl = (struct fsl_secboot_sg_table *)(uintptr_t)(csf_addr +
|
||||
(u32)hdr->psgtable);
|
||||
#endif
|
||||
|
||||
|
|
@ -379,8 +380,8 @@ static int calc_img_key_hash(struct fsl_secboot_img_priv *img)
|
|||
#ifdef CONFIG_KEY_REVOCATION
|
||||
if (check_srk(img)) {
|
||||
ret = algo->hash_update(algo, ctx,
|
||||
(u8 *)(img->ehdrloc + img->hdr.srk_tbl_off),
|
||||
img->hdr.len_kr.num_srk * sizeof(struct srk_table), 1);
|
||||
(u8 *)(uintptr_t)(img->ehdrloc + img->hdr.srk_tbl_off),
|
||||
img->hdr.len_kr.num_srk * sizeof(struct srk_table), 1);
|
||||
srk = 1;
|
||||
}
|
||||
#endif
|
||||
|
|
@ -438,8 +439,8 @@ static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img)
|
|||
#ifdef CONFIG_KEY_REVOCATION
|
||||
if (check_srk(img)) {
|
||||
ret = algo->hash_update(algo, ctx,
|
||||
(u8 *)(img->ehdrloc + img->hdr.srk_tbl_off),
|
||||
img->hdr.len_kr.num_srk * sizeof(struct srk_table), 0);
|
||||
(u8 *)(uintptr_t)(img->ehdrloc + img->hdr.srk_tbl_off),
|
||||
img->hdr.len_kr.num_srk * sizeof(struct srk_table), 0);
|
||||
key_hash = 1;
|
||||
}
|
||||
#endif
|
||||
|
|
@ -454,8 +455,13 @@ static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img)
|
|||
return ret;
|
||||
|
||||
/* Update hash for actual Image */
|
||||
#ifdef CONFIG_ESBC_ADDR_64BIT
|
||||
ret = algo->hash_update(algo, ctx,
|
||||
(u8 *)img->hdr.pimg, img->hdr.img_size, 1);
|
||||
(u8 *)(uintptr_t)img->hdr.pimg64, img->hdr.img_size, 1);
|
||||
#else
|
||||
ret = algo->hash_update(algo, ctx,
|
||||
(u8 *)(uintptr_t)img->hdr.pimg, img->hdr.img_size, 1);
|
||||
#endif
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
|
|
@ -533,7 +539,7 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img)
|
|||
{
|
||||
char buf[20];
|
||||
struct fsl_secboot_img_hdr *hdr = &img->hdr;
|
||||
void *esbc = (u8 *)img->ehdrloc;
|
||||
void *esbc = (u8 *)(uintptr_t)img->ehdrloc;
|
||||
u8 *k, *s;
|
||||
#ifdef CONFIG_KEY_REVOCATION
|
||||
u32 ret;
|
||||
|
|
@ -549,7 +555,11 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img)
|
|||
if (memcmp(hdr->barker, barker_code, ESBC_BARKER_LEN))
|
||||
return ERROR_ESBC_CLIENT_HEADER_BARKER;
|
||||
|
||||
#ifdef CONFIG_ESBC_ADDR_64BIT
|
||||
sprintf(buf, "%llx", hdr->pimg64);
|
||||
#else
|
||||
sprintf(buf, "%x", hdr->pimg);
|
||||
#endif
|
||||
setenv("img_addr", buf);
|
||||
|
||||
if (!hdr->img_size)
|
||||
|
|
@ -594,7 +604,7 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img)
|
|||
if (!key_found && check_ie(img)) {
|
||||
if (get_ie_info_addr(&img->ie_addr))
|
||||
return ERROR_IE_TABLE_NOT_FOUND;
|
||||
ie_info = (struct ie_key_info *)img->ie_addr;
|
||||
ie_info = (struct ie_key_info *)(uintptr_t)img->ie_addr;
|
||||
if (ie_info->num_keys == 0 || ie_info->num_keys > 32)
|
||||
return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY;
|
||||
|
||||
|
|
@ -748,7 +758,7 @@ int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc,
|
|||
|
||||
hdr = &img->hdr;
|
||||
img->ehdrloc = addr;
|
||||
esbc = (u8 *)img->ehdrloc;
|
||||
esbc = (u8 *)(uintptr_t)img->ehdrloc;
|
||||
|
||||
memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr));
|
||||
|
||||
|
|
|
|||
|
|
@ -7,3 +7,8 @@ F: include/configs/ls1043ardb.h
|
|||
F: configs/ls1043ardb_defconfig
|
||||
F: configs/ls1043ardb_nand_defconfig
|
||||
F: configs/ls1043ardb_sdcard_defconfig
|
||||
|
||||
LS1043A_SECURE_BOOT BOARD
|
||||
M: Aneesh Bansal <aneesh.bansal@freescale.com>
|
||||
S: Maintained
|
||||
F: configs/ls1043ardb_SECURE_BOOT_defconfig
|
||||
|
|
|
|||
|
|
@ -18,6 +18,8 @@
|
|||
#include <fsl_csu.h>
|
||||
#include <fsl_esdhc.h>
|
||||
#include <fsl_ifc.h>
|
||||
#include <environment.h>
|
||||
#include <fsl_sec.h>
|
||||
#include "cpld.h"
|
||||
|
||||
DECLARE_GLOBAL_DATA_PTR;
|
||||
|
|
@ -123,7 +125,21 @@ int config_board_mux(void)
|
|||
int misc_init_r(void)
|
||||
{
|
||||
config_board_mux();
|
||||
|
||||
#ifdef CONFIG_SECURE_BOOT
|
||||
/* In case of Secure Boot, the IBR configures the SMMU
|
||||
* to allow only Secure transactions.
|
||||
* SMMU must be reset in bypass mode.
|
||||
* Set the ClientPD bit and Clear the USFCFG Bit
|
||||
*/
|
||||
u32 val;
|
||||
val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK);
|
||||
out_le32(SMMU_SCR0, val);
|
||||
val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK);
|
||||
out_le32(SMMU_NSCR0, val);
|
||||
#endif
|
||||
#ifdef CONFIG_FSL_CAAM
|
||||
return sec_init();
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -73,9 +73,9 @@ static int do_blob(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
|
|||
len = simple_strtoul(argv[4], NULL, 16);
|
||||
key_addr = simple_strtoul(argv[5], NULL, 16);
|
||||
|
||||
km_ptr = (uint8_t *)key_addr;
|
||||
src_ptr = (uint8_t *)src_addr;
|
||||
dst_ptr = (uint8_t *)dst_addr;
|
||||
km_ptr = (uint8_t *)(uintptr_t)key_addr;
|
||||
src_ptr = (uint8_t *)(uintptr_t)src_addr;
|
||||
dst_ptr = (uint8_t *)(uintptr_t)dst_addr;
|
||||
|
||||
if (enc)
|
||||
ret = blob_encap(km_ptr, src_ptr, dst_ptr, len);
|
||||
|
|
|
|||
9
configs/ls1043ardb_SECURE_BOOT_defconfig
Normal file
9
configs/ls1043ardb_SECURE_BOOT_defconfig
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
CONFIG_ARM=y
|
||||
CONFIG_TARGET_LS1043ARDB=y
|
||||
CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, SECURE_BOOT"
|
||||
CONFIG_SYS_NS16550=y
|
||||
CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1043a-rdb"
|
||||
CONFIG_OF_CONTROL=y
|
||||
CONFIG_DM=y
|
||||
CONFIG_SPI_FLASH=y
|
||||
CONFIG_DM_SPI=y
|
||||
|
|
@ -291,4 +291,14 @@
|
|||
#define CONFIG_CMD_EXT2
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_SECURE_BOOT
|
||||
#define CONFIG_CMD_HASH
|
||||
#define CONFIG_SHA_HW_ACCEL
|
||||
#define CONFIG_CMD_BLOB
|
||||
/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit */
|
||||
#define CONFIG_ESBC_ADDR_64BIT
|
||||
#endif
|
||||
|
||||
#include <asm/fsl_secure_boot.h>
|
||||
|
||||
#endif /* __LS1043ARDB_H__ */
|
||||
|
|
|
|||
|
|
@ -83,7 +83,9 @@ struct fsl_secboot_img_hdr {
|
|||
u32 sign_len; /* length of the signature in bytes */
|
||||
union {
|
||||
u32 psgtable; /* ptr to SG table */
|
||||
#ifndef CONFIG_ESBC_ADDR_64BIT
|
||||
u32 pimg; /* ptr to ESBC client image */
|
||||
#endif
|
||||
};
|
||||
union {
|
||||
u32 sg_entries; /* no of entries in SG table */
|
||||
|
|
@ -97,7 +99,12 @@ struct fsl_secboot_img_hdr {
|
|||
u32 reserved1[2];
|
||||
u32 fsl_uid_1;
|
||||
u32 oem_uid_1;
|
||||
u32 reserved2[2];
|
||||
union {
|
||||
u32 reserved2[2];
|
||||
#ifdef CONFIG_ESBC_ADDR_64BIT
|
||||
u64 pimg64; /* 64 bit pointer to ESBC Image */
|
||||
#endif
|
||||
};
|
||||
u32 ie_flag;
|
||||
u32 ie_key_sel;
|
||||
};
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue