Commit graph

3 commits

Author SHA1 Message Date
Pali Rohár
8b3d7ecdfe arm: mvebu: Add support for reading LD0 and LD1 eFuse
Armada 385 contains 64 lines of HD eFuse and 2 lines of LD eFuse. HD eFuse
is used for secure boot and each line is 64 bits long + 1 lock bit. LD
eFuse lines are 256 bits long + 1 lock bit. LD 0 line is reserved for
Marvell Internal Use and LD 1 line is for General Purpose Data. U-Boot
already contains HD eFuse reading and programming support.

This patch implements LD eFuse reading support. LD 0 line is mapped to
U-Boot fuse bank 64 and LD 1 line to fuse bank 65.

LD 0 Marvell Internal Use line seems that was burned in factory with some
data and can be read by U-Boot fuse command:

  => fuse read 64 0 9

LD 1 General Purpose Data line is by default empty and can be read by
U-Boot fuse command:

  => fuse read 65 0 9

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
2022-04-21 12:31:36 +02:00
Tom Rini
83d290c56f SPDX: Convert all of our single license tags to Linux Kernel style
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from.  So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry.  Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents.  There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-07 09:34:12 -04:00
Mario Six
a1b6b0a9c1 arm: mvebu: Implement secure boot
The patch implements secure booting for the mvebu architecture.

This includes:
- The addition of secure headers and all needed signatures and keys in
  mkimage
- Commands capable of writing the board's efuses to both write the
  needed cryptographic data and enable the secure booting mechanism
- The creation of convenience text files containing the necessary
  commands to write the efuses

The KAK and CSK keys are expected to reside in the files kwb_kak.key and
kwb_csk.key (OpenSSL 2048 bit private keys) in the top-level directory.

Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01 09:04:18 +01:00