Commit graph

195 commits

Author SHA1 Message Date
Vincent Siles
c4f97b1f53 board: ls102xa: Fix ICID setup
LS102A ref manual dictates that ICID have to be written to the MSB
of the ICID register, not to the LSB.

Signed-off-by: Vincent Siles <vincent.siles@provenrun.com>
2016-06-03 14:12:06 -07:00
Vincent Siles
12cbf20d78 arm: uniform usage of u32 in ls102x caam config
Mix usage of uint32_t and u32 fixed in favor of u32.

Signed-off-by: Vincent Siles <vincent.siles@provenrun.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-05-18 08:51:44 -07:00
Vincent Siles
15b96ad831 arm: Fix SCFG ICID reg addresses
On the LS102x boards, in order to initialize the ICID values of
masters, the dev_stream_id array holds absolute offsets from the
base of SCFG.

In ls102xa_config_ssmu_stream_id, the base pointer is cast to
uint32_t * before adding the offset, leading to an invalid address.
Casting it to void * solves the issue.

Signed-off-by: Vincent Siles <vincent.siles@provenrun.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-05-18 08:51:44 -07:00
Robert P. J. Day
1cc0a9f496 Fix various typos, scattered over the code.
Spelling corrections for (among other things):

* environment
* override
* variable
* ftd (should be "fdt", for flattened device tree)
* embedded
* FTDI
* emulation
* controller
2016-05-05 21:39:26 -04:00
Rai Harninder
ed2530d096 armv8/ls2080ardb: Enable VID support
This patch enable VID support for ls2080ardb platform.
It uses the common VID driver.

Signed-off-by: Rai Harninder <harninder.rai@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-29 08:46:24 -07:00
Saksham Jain
85bb389654 SECURE BOOT: Change fsl_secboot_validate func to pass image addr
Use a pointer to pass image address to fsl_secboot_validate(),
instead of using environmental variable "img_addr".

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-29 08:46:23 -07:00
Saksham Jain
c4666cf695 SECURE BOOT: Halt execution when secure boot fail
In case of fatal failure during secure boot execution (e.g. header
not found), reset is asserted to stop execution. If the RESET_REQ
is not tied to HRESET, this allows the execution to continue.

Add esbh_halt() after the reset to make sure execution stops.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-29 08:46:23 -07:00
Saksham Jain
fd6dbc98a7 armv8: fsl-lsch3: Add new header for secure boot
For secure boot, a header is used to identify key table, signature
and image address. A new header structure is added for lsch3.

Currently key extension (IE) feature is not supported. Single key
feature is not supported. Keys must be in table format. Hence, SRK
(key table) must be present. Max key number has increase from 4 to
8. The 8th key is irrevocable. A new barker Code is used.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-29 08:46:20 -07:00
Wenbin Song
1be8d10be4 freescale: vid: Return i2c mux to default channel
IR chip is on one of the channels on multiplexed I2C-bus.
Reset to default channel after accessing.

Signed-off-by: Wenbin Song <wenbin.song@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-21 12:42:15 -07:00
Qianyu Gong
2459afb1a7 qe: move drivers/qe/qe.h to include/fsl_qe.h
As the QE firmware struct is shared with Fman, move the header file
out of drivers/qe/.

Signed-off-by: Gong Qianyu <Qianyu.Gong@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-02-24 08:51:13 -08:00
Tom Rini
cd85bec36d Merge branch 'master' of git://git.denx.de/u-boot-fsl-qoriq 2016-01-27 15:05:36 -05:00
Aneesh Bansal
856b284617 secure_boot: change error handler for esbc_validate
In case of error while executing esbc_validate command, SNVS
transition and issue of reset is required only for secure-boot.
If boot mode is non-secure, this is not required.

Similarly, esbc_halt command which puts the core in Spin Loop
is applicable only for Secure Boot.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-27 08:13:03 -08:00
Aneesh Bansal
d041288586 secure_boot: enable chain of trust for ARM platforms
Chain of Trust is enabled for ARM platforms (LS1021 and LS1043).
In board_late_init(), fsl_setenv_chain_of_trust() is called which
will perform the following:
- If boot mode is non-secure, return (No Change)
- If boot mode is secure, set the following environmet variables:
   bootdelay = 0 (To disable Boot Prompt)
   bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-27 08:12:49 -08:00
Aneesh Bansal
0a6b2714ad secure_boot: create function to determine boot mode
A function is created to detrmine if the boot mode is secure
or non-secure for differnt SoC's.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-27 08:12:42 -08:00
Ying Zhang
2f66a828f7 powerpc/board/t4240rdb: Enable VID support
The fuse status register provides the values from on-chip
voltage ID efuses programmed at the factory. These values
define the voltage requirements for the chip. u-boot reads
FUSESR and translates the values into the appropriate
commands to set the voltage output value of an external
voltage regulator.

Signed-off-by: Ying Zhang <b40530@freescale.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-25 12:38:05 -08:00
Ying Zhang
cabe4d2f19 board/freescale/common: Check IR chip mode for VID support
IR chip on all the boards are required to be used in Intel mode
to support VID. VDD will not be adjusted if IR chip is used in
other modes.

Signed-off-by: Ying Zhang <b40530@freescale.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-25 12:37:03 -08:00
Aneesh Bansal
b055a0fd86 SECURE BOOT: support for validation of dynamic image
Some images to be validated are relocated to a dynamic
address at run time. So, these addresses cannot be known
befor hand while signing the images and creating the header
offline.
So, support is required to pass the image address to the
validate function as an argument.
If an address is provided to the function, the address
field in Header is not read and is treated as a reserved
field.

Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-25 08:24:16 -08:00
Aneesh Bansal
6629261ddd SECURE BOOT: separate function created for signature
The code for image hash calculation, hash calculation from
RSA signature and comparison of hashes has been mobed to a
separate function.

Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-25 08:24:16 -08:00
Aneesh Bansal
94ba5e4140 SECURE BOOT: separate functions for reading keys
Separate functions are created for reading and checking the
sanity of Public keys:
- read_validate_single_key
- read_validate_ie_tbl
- read_validate_srk_table

Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-25 08:24:16 -08:00
Aneesh Bansal
bc71f926e3 SECURE BOOT: change prototype of fsl_secboot_validate function
The prototype and defination of function fsl_secboot_validate
has been changed to support calling this function from another
function within u-boot.
Only two aruments needed:
1) header address - Mandatory
2) SHA256 string - optional

Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-25 08:24:16 -08:00
Gong Qianyu
98d9aa4013 freescale/qixis: Add support for booting from SD/QSPI
1.Use "qixis_reset sd" to boot from SD
2.Use "qixis_reset sd_qspi" to boot from SD with QSPI support
3.Use "qixis_reset qspi" to boot from QSPI flash

On some SoCs such as LS1021A and LS1043A, IFC and QSPI could be
pin-multiplexed. So the switches are different between SD boot with
IFC support and SD boot with QSPI support. The default booting from
SD is with IFC support.

Once QSPI is enabled(IFC disabled), only use I2C to access QIXIS.

Signed-off-by: Gong Qianyu <Qianyu.Gong@freescale.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-25 08:24:15 -08:00
Stephen Warren
7c4213f6a5 block: pass block dev not num to read/write/erase()
This will allow the implementation to make use of data in the block_dev
structure beyond the base device number. This will be useful so that eMMC
block devices can encompass the HW partition ID rather than treating this
out-of-band. Equally, the existence of the priv field is crying out for
this patch to exist.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-01-13 21:05:18 -05:00
Ye.Li
7ea191aa10 pfuze: Fix unsigned variable for less-than-zero comparison
According to the Coverity result, a unsigned int variable is used fo less-
than-zero comparison, the result is never true. Need to fix the variable
type to signed int.

Signed-off-by: Ye.Li <B37916@freescale.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Cc: Przemyslaw Marczak <p.marczak@samsung.com>
Cc: Stefano Babic <sbabic@denx.de>
Reviewed-by: Stefano Babic <sbabic@denx.de>
2016-01-07 17:48:25 +01:00
Aneesh Bansal
9711f52806 armv8/ls1043ardb: add SECURE BOOT target for NOR
LS1043ARDB Secure Boot Target from NOR has been added.
- Configs defined to enable esbc_validate.
- ESBC Address in header is made 64 bit.
- SMMU is re-configured in Bypass mode.

Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-12-15 08:57:35 +08:00
Shaohui Xie
1aaf3f9ae4 freescale: fman: make sure phy-handle property is big endian
When creating phy-handle property, an unsigned int value is created by
fdt_create_phandle, and memcpy is used to get the value, since DTS is
big endian, the value cannot be used directly on little endian SoCs,
it should be converted by cpu_to_fdt32.

Signed-off-by: Shaohui Xie <Shaohui.Xie@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-12-13 18:27:28 -08:00
Shaohui Xie
02b5d2ed86 armv8/ls1043aqds: add LS1043AQDS board support
LS1043AQDS Specification:
-------------------------
Memory subsystem:
 * 2GByte DDR4 DIMM
 * 128 Mbyte NOR flash single-chip memory
 * 512 Mbyte NAND flash
 * 16 Mbyte high-speed SPI flash
 * SD connector to interface with the SD memory card

Ethernet:
 * Two RGMII ports
 * XFI 10G port
 * SGMII
 * QSGMII with 4x 1G ports

PCIe: supports Gen 1 and Gen 2

SATA 3.0: one SATA 3.0 port

USB 3.0: two micro AB connector and one type A connector

UART: supports two UARTs up to 115200 bps for console

Signed-off-by: Shaohui Xie <Shaohui.Xie@freescale.com>
Signed-off-by: Mingkai Hu <Mingkai.Hu@freescale.com>
Signed-off-by: Hou Zhiqiang <B48286@freescale.com>
Signed-off-by: Gong Qianyu <Qianyu.Gong@freescale.com>
[York Sun: Add CONFIG_SYS_NS16550=y in defconfig]
Reviewed-by: York Sun <yorksun@freescale.com>
2015-11-30 09:11:10 -08:00
Yangbo Lu
bf50be835e mmc: fsl_esdhc: enable EVDD automatic control for SD/MMC Legacy Adapter Card
When detecting SDHC Adapter Card Type 2(SD/MMC Legacy Adapter Card),
enable EVDD automatic control via SDHC_VS. This could support SD card
IO voltage switching for UHS-1 speed mode.

Signed-off-by: Yangbo Lu <yangbo.lu@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-11-02 08:50:29 -08:00
Yangbo Lu
cdc69550d2 mmc: fsl_esdhc: enable dat[4:7] for eMMC4.5 Adapter Card
If adapter card type identification is supported for platform, we would
enable dat[4:7] for eMMC4.5 Adapter Card.

Signed-off-by: Yangbo Lu <yangbo.lu@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-11-02 08:49:51 -08:00
tang yuantian
0210a36988 arm: ls1021atwr: optimize the deep sleep latency
It will take more than 1s when wake up from deep sleep. Most of the
time is spent on outputing information. This patch reduced the deep
sleep latency by:
1. avoid outputing system informaton
2. remove flush cache after DDR restore
3. skip reloading second stage uboot binary when SD boot

Signed-off-by: Tang Yuantian <Yuantian.Tang@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-10-30 09:19:48 -07:00
Aneesh Bansal
6ec9aef2ce SECURE_BOOT: Correct reading of ITS bit
The ITS bit was being read incorrectly beacause of operator
precedence. The same ahs been corrected.

Signed-off-by: Lawish Deshmukh <lawish.deshmukh@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-10-30 09:19:47 -07:00
Shaohui Xie
e82973414d armv8/ls1043a: Add Fman support
Signed-off-by: Hou Zhiqiang <B48286@freescale.com>
Signed-off-by: Shaohui Xie <Shaohui.Xie@freescale.com>
Signed-off-by: Mingkai Hu <Mingkai.Hu@freescale.com>
Signed-off-by: Gong Qianyu <Qianyu.Gong@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-10-29 10:34:01 -07:00
Mingkai Hu
435acd83b2 armv7/ls1021a: move ns_access to common file
Config Security Level Register is different between different SoCs,
so put the CSL register definition into the arch specific directory.

Signed-off-by: Mingkai Hu <Mingkai.Hu@freescale.com>
Signed-off-by: Hou Zhiqiang <B48286@freescale.com>
Signed-off-by: Gong Qianyu <Qianyu.Gong@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-10-29 10:33:58 -07:00
Aneesh Bansal
7bcb0eb285 Pointers in ESBC header made 32 bit
For the Chain of Trust, the esbc_validate command supports
32 bit fields for location of the image. In the header structure
definition, these were declared as pointers which made them
64 bit on a 64 bit core.

Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-10-29 10:33:57 -07:00
Peng Fan
125914d4be fsl: common: pfuze: no use original pfuze code if DM_PMIC
If enable DM PMIC and REGULATOR, we should not use original power
framework. So need to comment out the pfuze code for original power
framework, when CONFIG_DM_PMIC_PFUZE100 defined.

Signed-off-by: Peng Fan <Peng.Fan@freescale.com>
Cc: Przemyslaw Marczak <p.marczak@samsung.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Stefano Babic <sbabic@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2015-08-12 11:05:11 +02:00
Aneesh Bansal
467a40dfe3 powerpc/mpc85xx: SECURE BOOT- NAND secure boot target for P3041
Secure Boot Target is added for NAND for P3041.
For mpc85xx SoCs, the core begins execution from address 0xFFFFFFFC.
In case of secure boot, this default address maps to Boot ROM.
The Boot ROM code requires that the bootloader(U-boot) must lie
in 0 to 3.5G address space i.e. 0x0 - 0xDFFFFFFF.

In case of NAND Secure Boot, CONFIG_SYS_RAMBOOT is enabled and CPC is
configured as SRAM. U-Boot binary will be located on SRAM configured
at address 0xBFF00000.
In the U-Boot code, TLB entries are created to map the virtual address
0xFFF00000 to physical address 0xBFF00000 of CPC configured as SRAM.

Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-07-31 08:50:18 -07:00
Jaiprakash Singh
b8baf460ee board/fsl/common: Fix eeprom system version endianness
SYSTEM ID EPPROM always store SYSTEM version info in big endian format.
SoC with ARM or PowerPC core should read/write version info from eeprom
in BIG endian format.

So use cpu-specific APIs to read SYSTEM version.

Signed-off-by: Jaiprakash Singh <b44839 at freescale.com>
Signed-off-by: Prabhakar Kushwaha <prabhakar at freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-07-20 11:44:34 -07:00
Peng Fan
3fd10f3e25 pmic: pfuze100 fix typo
Change PUZE_100_SW1ABCONF to PFUZE100_SW1ABCONF

Signed-off-by: Peng Fan <Peng.Fan@freescale.com>
2015-05-19 15:13:38 +02:00
Jan Kiszka
104d6fb6cd ARM: Clean up CONFIG_ARMV7_NONSEC/VIRT/PSCI conditions
CONFIG_ARMV7_VIRT depends on CONFIG_ARMV7_NONSEC, thus doesn't need to
be taken into account additionally. CONFIG_ARMV7_PSCI is only set on
boards that support CONFIG_ARMV7_NONSEC, and it only works on those.

CC: Tang Yuantian <Yuantian.Tang@freescale.com>
CC: York Sun <yorksun@freescale.com>
CC: Steve Rae <srae@broadcom.com>
CC: Andre Przywara <andre.przywara@linaro.org>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Tested-by: Alison Wang <alison.wang@freescale.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2015-05-13 09:24:13 -07:00
Yangbo Lu
5a8dbdc6b4 mmc: fsl_esdhc: Add adapter card type identification support
Add adapter card type identification support by reading
FPGA STAT_PRES1 register SDHC Card ID[0:2] bits. To use this function,
define CONFIG_FSL_ESDHC_ADAPTER_IDENT.

Signed-off-by: Yangbo Lu <yangbo.lu@freescale.com>
Cc: York Sun <yorksun@freescale.com>
Cc: Pantelis Antoniou <panto@antoniou-consulting.com>
[York Sun: resolve conflicts in README.fsl-esdhc]
Reviewed-by: York Sun <yorksun@freescale.com>
2015-05-04 09:25:19 -07:00
Tang Yuantian
1a56fcea9f fsl/deepsleep: avoid the DDR restore from being optimized out
Function dp_ddr_restore is to restore the first 128-byte space
of DDR. However those codes may be optimized out by compiler
since the destination address is at 0x0. In order to avoid
compiler optimization, we restore the space from high address,
which is not at 0x0, to low address.

Signed-off-by: Tang Yuantian <Yuantian.Tang@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-05-04 09:25:06 -07:00
Tom Rini
e536ab8849 Merge branch 'master' of git://www.denx.de/git/u-boot-imx 2015-04-28 12:15:13 -04:00
Scott Wood
548cf52fd5 freescale/qixis: Add support for booting from NAND
Use "qixis_reset nand" to reset the board to boot from NAND.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: York Sun <yorksun@freescale.com>
2015-04-23 16:46:51 -07:00
gaurav rana
1c29ad7bc0 iMX: Fix compilation error when enabling SECURE_BOOT
Move the compilation of file fsl_validate.c in MACRO CONFIG_CMD_ESBC_VALIDATE.
This file should be compiled only when the above MACRO is defined

This caused a break in compilation of iMX platforms when compiling for SECURE_BOOT

Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
2015-04-22 16:02:46 +02:00
Zhao Qiang
1fb5ff9ae7 QE/DeepSleep: add QE deepsleep support for arm
Muram will power off during deepsleep, and the microcode of qe
in muram will be lost, it should be reload when resume.

Signed-off-by: Zhao Qiang <B45475@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-04-21 10:19:20 -07:00
Zhao Qiang
ae42eb035e QE/DeepSleep: add QE deepsleep support for mpc85xx
Muram will power off during deepsleep, and the microcode of qe
in muram will be lost, it should be reload when resume.

Signed-off-by: Zhao Qiang <B45475@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-04-21 10:19:19 -07:00
gaurav rana
98cb0efde8 Add bootscript support to esbc_validate.
1. Default environment will be used for secure boot flow
 which can't be edited or saved.
2. Command for secure boot is predefined in the default
 environment which will run on autoboot (and autoboot is
 the only option allowed in case of secure boot) and it
 looks like this:
 #define CONFIG_SECBOOT \
 "setenv bs_hdraddr 0xe8e00000;"                 \
 "esbc_validate $bs_hdraddr;"                    \
 "source $img_addr;"                             \
 "esbc_halt;"
 #endif
3. Boot Script can contain esbc_validate commands and bootm command.
 Uboot source command used in default secure boot command will
 run the bootscript.
4. Command esbc_halt added to ensure either bootm executes
 after validation of images or core should just spin.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-04-21 10:19:19 -07:00
Tom Rini
1c6f6a6ef9 Merge branch 'master' of git://git.denx.de/u-boot-mpc85xx 2015-03-05 20:50:30 -05:00
gaurav rana
e04916a721 SECURE_BOOT : enable esbc_validate command for powerpc and arm platforms.
esbc_validate command uses various IP Blocks: Security Monitor, CAAM block
and SFP registers. Hence the respective CONFIG's are enabled.

Apart from these CONFIG_SHA_PROG_HW_ACCEL and CONFIG_RSA are also enabled.

Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-03-05 12:04:59 -08:00
gaurav rana
47151e4bcc SECURE BOOT: Add command for validation of images
1. esbc_validate command is meant for validating header and
   signature of images (Boot Script and ESBC uboot client).
   SHA-256 and RSA operations are performed using SEC block in HW.
   This command works on both PBL based and Non PBL based Freescale
   platforms.
   Command usage:
   esbc_validate img_hdr_addr [pub_key_hash]
2. ESBC uboot client can be linux. Additionally, rootfs and device
   tree blob can also be signed.
3. In the event of header or signature failure in validation,
   ITS and ITF bits determine further course of action.
4. In case of soft failure, appropriate error is dumped on console.
5. In case of hard failure, SoC is issued RESET REQUEST after
   dumping error on the console.
6. KEY REVOCATION Feature:
   QorIQ platforms like B4/T4 have support of srk key table and key
   revocation in ISBC code in Silicon.
   The srk key table allows the user to have a key table with multiple
   keys and revoke any key in case of particular key gets compromised.
   In case the ISBC code uses the key revocation and srk key table to
   verify the u-boot code, the subsequent chain of trust should also
   use the same.
6. ISBC KEY EXTENSION Feature:
   This feature allows large number of keys to be used for esbc validation
   of images. A set of public keys is being signed and validated by ISBC
   which can be further used for esbc validation of images.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-03-05 12:04:59 -08:00
Stefano Babic
b9cb64825b Merge branch 'master' of git://git.denx.de/u-boot 2015-03-02 09:42:53 +01:00