Commit graph

16 commits

Author SHA1 Message Date
Sumit Garg
69d4b48c84 SECURE_BOOT: Enable SD as a source for bootscript
Add support for reading bootscript and bootscript header from SD. Also
renamed macros *_FLASH to *_DEVICE to represent SD alongwith NAND and
NOR flash.

Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-07-26 09:01:43 -07:00
Sumit Garg
028ac8c733 SECURE_BOOT: Enable chain of trust in SPL framework
Override jump_to_image_no_args function to include validation of
u-boot image using spl_validate_uboot before jumping to u-boot image.
Also define macros in SPL framework to enable crypto operations.

Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-07-26 09:01:35 -07:00
York Sun
3c1d218a1d armv8: LS2080A: Consolidate LS2080A and LS2085A
LS2080A is the primary SoC, and LS2085A is a personality with AIOP
and DPAA DDR. The RDB and QDS boards support both personality. By
detecting the SVR at runtime, a single image per board can support
both SoCs. It gives users flexibility to swtich SoC without the need
to reprogram the board.

Signed-off-by: York Sun <york.sun@nxp.com>
CC: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>
Reviewed-by: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>
2016-04-06 10:26:46 -07:00
Saksham Jain
bef238cb1e armv8: ls2080: Change env variable "fdt_high"
"fdt_high" env variable was set to 0xcfffffff for secure boot.
Change it to 0xa0000000 for LS2080 to be consistent with non-secure
boot targets.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-29 08:46:21 -07:00
Saksham Jain
3f701cc50a armv8: fsl-lsch3: Copy Bootscript and header from NOR to DDR
To unify steps for secure boot for xip (eg. NOR) and non-xip memories
(eg. NAND, SD), bootscipts and its header are copied to main memory.
Validation and execution are performed from there.

For other ARM Platforms (ls1043 and ls1020), to avoid disruption of
existing users, this copy step is not used for NOR boot.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-29 08:46:21 -07:00
Saksham Jain
216e93a185 armv8: ls2080: Add bootscript header addr for secure boot
During secure boot, Linux image along with other images are validated
using bootscript. This bootscript also needs to be validated before
it executes. This requires a header for bootscript.

When secure boot is enabled, default bootcmd is changed to first
validate bootscript using the header and then execute the script.

For ls2080, NOR memory map is different from other ARM SoCs. So a new
address on NOR is used for this bootscript header (0x583920000). The
Bootscript address is mentioned in this header along with addresses of
other images.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-29 08:46:21 -07:00
Saksham Jain
fcfdb6d580 armv8: ls2080rdb: ls2080qds: Add secure boot support
Sec_init has been called at the beginning to initialize SEC Block
(CAAM) which is used by secure boot validation later for both ls2080a
qds and rdb. 64-bit address in ESBC Header has been enabled. Secure
boot defconfigs are created for boards (NOR boot).

Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-29 08:46:20 -07:00
Saksham Jain
fd6dbc98a7 armv8: fsl-lsch3: Add new header for secure boot
For secure boot, a header is used to identify key table, signature
and image address. A new header structure is added for lsch3.

Currently key extension (IE) feature is not supported. Single key
feature is not supported. Keys must be in table format. Hence, SRK
(key table) must be present. Max key number has increase from 4 to
8. The 8th key is irrevocable. A new barker Code is used.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-29 08:46:20 -07:00
Simon Glass
73223f0e1b Kconfig: Move CONFIG_FIT and related options to Kconfig
There are already two FIT options in Kconfig but the CONFIG options are
still in the header files. We need to do a proper move to fix this.

Move these options to Kconfig and tidy up board configuration:

   CONFIG_FIT
   CONFIG_OF_BOARD_SETUP
   CONFIG_OF_SYSTEM_SETUP
   CONFIG_FIT_SIGNATURE
   CONFIG_FIT_BEST_MATCH
   CONFIG_FIT_VERBOSE
   CONFIG_OF_STDOUT_VIA_ALIAS
   CONFIG_RSA

Unfortunately the first one is a little complicated. We need to make sure
this option is not enabled in SPL by this change. Also this option is
enabled automatically in the host builds by defining CONFIG_FIT in the
image.h file. To solve this, add a new IMAGE_USE_FIT #define which can
be used in files that are built on the host but must also build for U-Boot
and SPL.

Note: Masahiro's moveconfig.py script is amazing.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Add microblaze change, various configs/ re-applies]
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-03-14 19:18:07 -04:00
Simon Glass
9e971632cd freescale: Remove CONFIG_DM from header files
Kconfig options must defined in the defconfig files. Since RSA_SOFTWARE_EXP
relies on CONFIG_DM, unless it is set in kconfig we cannot enable RSA.
Remove the hacks which enable CONFIG_DM in header files and update the
defconfig.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-03-14 14:21:27 -04:00
Aneesh Bansal
bdc22074c5 secure_boot: split the secure boot functionality in two parts
There are two phases in Secure Boot
1. ISBC: In BootROM, validate the BootLoader (U-Boot).
2. ESBC: In U-Boot, continuing the Chain of Trust by
         validating and booting LINUX.

For ESBC phase, there is no difference in SoC's based on ARM or
PowerPC cores.

But the exit conditions after ISBC phase i.e. entry conditions for
U-Boot are different for ARM and PowerPC.
PowerPC:

If Secure Boot is executed, a separate U-Boot target is required
which must be compiled with a diffrent Text Base as compared to
Non-Secure Boot. There are some LAW and TLB settings which are
required specifically for Secure Boot scenario.

ARM:
ARM based SoC's have a fixed memory map and exit conditions from
BootROM are same irrespective of boot mode (Secure or Non-Secure).

Thus the current Secure Boot functionlity has been split into
two parts:
CONFIG_CHAIN_OF_TRUST
This will have the following functionality as part of U-Boot:
1. Enable commands like esbc_validate, esbc_halt
2. Change the environment settings based on bootmode, determined
   at run time:
     - If bootmode is non-secure, no change
     - If bootmode is secure, set the following:
         - bootdelay = 0 (Don't give boot prompt)
         - bootcmd = Validate and execute the bootscript.

CONFIG_SECURE_BOOT
This is defined only for creating a different compile time target
for secure boot.

Traditionally, both these functionalities were defined under
CONFIG_SECURE_BOOT. This patch is aimed at removing the requirement
for a separate Secure Boot target for ARM based SoC's.
CONFIG_CHAIN_OF_TRUST will be defined and boot mode will be
determine at run time.

Another Security Requirement for running CHAIN_OF_TRUST is that
U-Boot environemnt must not be picked from flash/external memory.
This cannot be done based on bootmode at run time in current U-Boot
architecture. Once this dependency is resolved, no separate
SECURE_BOOT target will be required for ARM based SoC's.

Currently, the only code under CONFIG_SECURE_BOOT for ARM SoC's is
defining CONFIG_ENV_IS_NOWHERE

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-27 08:12:32 -08:00
Aneesh Bansal
74eecd820f secure_boot: include/configs: move definition of CONFIG_CMD_BLOB
CONFIG_CMD_BLOB must be defined in case of Secure Boot. It was
earlier defined in all config files. The definition has been
moved to a common file which is included by all configs.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-27 08:12:26 -08:00
Aneesh Bansal
ef6c55a240 secure_boot: include/configs: make secure boot header file uniform
The file fsl_secure_boot.h must be included in config file for
Secure Boot. This is not required to be protected by any macro.
CONFIG_FSL_CAAM must be defined and CONFIG_CMD_HASH should be
turned on.

The above was missing in some config files and all files have been
made uniform in this respect.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-27 08:12:08 -08:00
Aneesh Bansal
9711f52806 armv8/ls1043ardb: add SECURE BOOT target for NOR
LS1043ARDB Secure Boot Target from NOR has been added.
- Configs defined to enable esbc_validate.
- ESBC Address in header is made 64 bit.
- SMMU is re-configured in Bypass mode.

Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-12-15 08:57:35 +08:00
Aneesh Bansal
2ed948f466 SECURE_BOOT: Disable IE Key feature for RAMBOOT
ISBC Key Extension feature is not applicable for RAMBOOT
as there is no way to retrieve the CSF Header and validated
IE Key table from SRAM once CPC has been disabled.
The feature is only applicable in case of NOR SECURE BOOT.
Code Cleanup:
The SECURE_BOOT specific defines have been moved from
arch-ls102xa/config.h to
arm/include/asm/fsl_secure_boot.h

Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-09-01 21:38:02 -05:00
gaurav rana
98cb0efde8 Add bootscript support to esbc_validate.
1. Default environment will be used for secure boot flow
 which can't be edited or saved.
2. Command for secure boot is predefined in the default
 environment which will run on autoboot (and autoboot is
 the only option allowed in case of secure boot) and it
 looks like this:
 #define CONFIG_SECBOOT \
 "setenv bs_hdraddr 0xe8e00000;"                 \
 "esbc_validate $bs_hdraddr;"                    \
 "source $img_addr;"                             \
 "esbc_halt;"
 #endif
3. Boot Script can contain esbc_validate commands and bootm command.
 Uboot source command used in default secure boot command will
 run the bootscript.
4. Command esbc_halt added to ensure either bootm executes
 after validation of images or core should just spin.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-04-21 10:19:19 -07:00