mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-11-18 02:38:56 +00:00
0fcc1c76d1
This patch adds support for the SHA-256 Secure Hash Algorithm for CPUs that have support for the SHA-256 part of the ARM v8 Crypto Extensions. It greatly improves sha-256 based operations, about 17x faster on iMX8M evk board. ~12ms vs ~208ms for a 20MiB kernel sha-256 verification. asm implementation is a simplified version of the Linux version (from Ard Biesheuvel). Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
203 lines
7.1 KiB
Text
203 lines
7.1 KiB
Text
if ARM64
|
|
|
|
config ARMV8_SPL_EXCEPTION_VECTORS
|
|
bool "Install crash dump exception vectors"
|
|
depends on SPL
|
|
help
|
|
The default exception vector table is only used for the crash
|
|
dump, but still takes quite a lot of space in the image size.
|
|
|
|
Say N here if you are running out of code space in the image
|
|
and want to save some space at the cost of less debugging info.
|
|
|
|
config ARMV8_MULTIENTRY
|
|
bool "Enable multiple CPUs to enter into U-Boot"
|
|
|
|
config ARMV8_SET_SMPEN
|
|
bool "Enable data coherency with other cores in cluster"
|
|
help
|
|
Say Y here if there is not any trust firmware to set
|
|
CPUECTLR_EL1.SMPEN bit before U-Boot.
|
|
|
|
For A53, it enables data coherency with other cores in the
|
|
cluster, and for A57/A72, it enables receiving of instruction
|
|
cache and TLB maintenance operations.
|
|
Cortex A53/57/72 cores require CPUECTLR_EL1.SMPEN set even
|
|
for single core systems. Unfortunately write access to this
|
|
register may be controlled by EL3/EL2 firmware. To be more
|
|
precise, by default (if there is EL2/EL3 firmware running)
|
|
this register is RO for NS EL1.
|
|
This switch can be used to avoid writing to CPUECTLR_EL1,
|
|
it can be safely enabled when EL2/EL3 initialized SMPEN bit
|
|
or when CPU implementation doesn't include that register.
|
|
|
|
config ARMV8_SWITCH_TO_EL1
|
|
bool "Enable switching to running in EL1"
|
|
help
|
|
In some circumstances we need to switch to running in EL1.
|
|
Enable this option to have U-Boot switch to EL1.
|
|
|
|
config ARMV8_SPIN_TABLE
|
|
bool "Support spin-table enable method"
|
|
depends on ARMV8_MULTIENTRY && OF_LIBFDT
|
|
help
|
|
Say Y here to support "spin-table" enable method for booting Linux.
|
|
|
|
To use this feature, you must do:
|
|
- Specify enable-method = "spin-table" in each CPU node in the
|
|
Device Tree you are using to boot the kernel
|
|
- Bring secondary CPUs into U-Boot proper in a board specific
|
|
manner. This must be done *after* relocation. Otherwise, the
|
|
secondary CPUs will spin in unprotected memory area because the
|
|
master CPU protects the relocated spin code.
|
|
|
|
U-Boot automatically does:
|
|
- Set "cpu-release-addr" property of each CPU node
|
|
(overwrites it if already exists).
|
|
- Reserve the code for the spin-table and the release address
|
|
via a /memreserve/ region in the Device Tree.
|
|
|
|
menu "ARMv8 secure monitor firmware"
|
|
config ARMV8_SEC_FIRMWARE_SUPPORT
|
|
bool "Enable ARMv8 secure monitor firmware framework support"
|
|
select FIT
|
|
select OF_LIBFDT
|
|
help
|
|
This framework is aimed at making secure monitor firmware load
|
|
process brief.
|
|
Note: Only FIT format image is supported.
|
|
You should prepare and provide the below information:
|
|
- Address of secure firmware.
|
|
- Address to hold the return address from secure firmware.
|
|
- Secure firmware FIT image related information.
|
|
Such as: SEC_FIRMWARE_FIT_IMAGE and SEC_FIRMWARE_FIT_CNF_NAME
|
|
- The target exception level that secure monitor firmware will
|
|
return to.
|
|
|
|
config SPL_ARMV8_SEC_FIRMWARE_SUPPORT
|
|
bool "Enable ARMv8 secure monitor firmware framework support for SPL"
|
|
select SPL_FIT
|
|
select SPL_OF_LIBFDT
|
|
help
|
|
Say Y here to support this framework in SPL phase.
|
|
|
|
config SPL_RECOVER_DATA_SECTION
|
|
bool "save/restore SPL data section"
|
|
help
|
|
Say Y here to save SPL data section for cold boot, and restore
|
|
at warm boot in SPL phase.
|
|
|
|
config SEC_FIRMWARE_ARMV8_PSCI
|
|
bool "PSCI implementation in secure monitor firmware"
|
|
depends on ARMV8_SEC_FIRMWARE_SUPPORT || SPL_ARMV8_SEC_FIRMWARE_SUPPORT
|
|
depends on ARMV8_PSCI=n
|
|
help
|
|
This config enables the ARMv8 PSCI implementation in secure monitor
|
|
firmware. This is a private PSCI implementation and different from
|
|
those implemented under the common ARMv8 PSCI framework.
|
|
|
|
config ARMV8_SEC_FIRMWARE_ERET_ADDR_REVERT
|
|
bool "ARMv8 secure monitor firmware ERET address byteorder swap"
|
|
depends on ARMV8_SEC_FIRMWARE_SUPPORT || SPL_ARMV8_SEC_FIRMWARE_SUPPORT
|
|
help
|
|
Say Y here when the endianness of the register or memory holding the
|
|
Secure firmware exception return address is different with core's.
|
|
|
|
endmenu
|
|
|
|
config PSCI_RESET
|
|
bool "Use PSCI for reset and shutdown"
|
|
default y
|
|
select ARM_SMCCC if OF_CONTROL
|
|
depends on !ARCH_APPLE && !ARCH_BCM283X && !ARCH_EXYNOS7 && \
|
|
!TARGET_LS2080AQDS && \
|
|
!TARGET_LS2080ARDB && !TARGET_LS2080A_EMU && \
|
|
!TARGET_LS1088ARDB && !TARGET_LS1088AQDS && \
|
|
!TARGET_LS1012ARDB && !TARGET_LS1012AFRDM && \
|
|
!TARGET_LS1012A2G5RDB && !TARGET_LS1012AQDS && \
|
|
!TARGET_LS1012AFRWY && \
|
|
!TARGET_LS1028ARDB && !TARGET_LS1028AQDS && \
|
|
!TARGET_LS1043ARDB && !TARGET_LS1043AQDS && \
|
|
!TARGET_LS1046ARDB && !TARGET_LS1046AQDS && \
|
|
!TARGET_LS1046AFRWY && \
|
|
!TARGET_LS2081ARDB && !TARGET_LX2160ARDB && \
|
|
!TARGET_LX2160AQDS && !TARGET_LX2162AQDS && \
|
|
!ARCH_UNIPHIER
|
|
help
|
|
Most armv8 systems have PSCI support enabled in EL3, either through
|
|
ARM Trusted Firmware or other firmware.
|
|
|
|
On these systems, we do not need to implement system reset manually,
|
|
but can instead rely on higher level firmware to deal with it.
|
|
|
|
Select Y here to make use of PSCI calls for system reset
|
|
|
|
config SYS_HAS_ARMV8_SECURE_BASE
|
|
bool
|
|
|
|
config ARMV8_PSCI
|
|
bool "Enable PSCI support" if EXPERT
|
|
help
|
|
PSCI is Power State Coordination Interface defined by ARM.
|
|
The PSCI in U-boot provides a general framework and each platform
|
|
can implement their own specific PSCI functions.
|
|
Say Y here to enable PSCI support on ARMv8 platform.
|
|
|
|
config ARMV8_PSCI_NR_CPUS
|
|
int "Maximum supported CPUs for PSCI"
|
|
depends on ARMV8_PSCI
|
|
default 4
|
|
help
|
|
The maximum number of CPUs supported in the PSCI firmware.
|
|
It is no problem to set a larger value than the number of CPUs in
|
|
the actual hardware implementation.
|
|
|
|
config ARMV8_PSCI_CPUS_PER_CLUSTER
|
|
int "Number of CPUs per cluster"
|
|
depends on ARMV8_PSCI
|
|
default 0
|
|
help
|
|
The number of CPUs per cluster, suppose each cluster has same number
|
|
of CPU cores, platforms with asymmetric clusters don't apply here.
|
|
A value 0 or no definition of it works for single cluster system.
|
|
System with multi-cluster should difine their own exact value.
|
|
|
|
config ARMV8_PSCI_RELOCATE
|
|
bool "Relocate PSCI code"
|
|
depends on ARMV8_PSCI
|
|
depends on SYS_HAS_ARMV8_SECURE_BASE
|
|
help
|
|
Relocate PSCI code, for example to a secure memory on the SoC. If not
|
|
set, the PSCI sections are placed together with the u-boot and the
|
|
regions will be marked as reserved before linux is started.
|
|
|
|
config ARMV8_SECURE_BASE
|
|
hex "Secure address for PSCI image"
|
|
depends on ARMV8_PSCI_RELOCATE
|
|
default 0x18000000 if ARCH_LS1028A
|
|
help
|
|
Address for placing the PSCI text, data and stack sections.
|
|
|
|
|
|
config ARMV8_EA_EL3_FIRST
|
|
bool "External aborts and SError interrupt exception are taken in EL3"
|
|
help
|
|
Exception handling at all exception levels for External Abort and
|
|
SError interrupt exception are taken in EL3.
|
|
|
|
menuconfig ARMV8_CRYPTO
|
|
bool "ARM64 Accelerated Cryptographic Algorithms"
|
|
|
|
if ARMV8_CRYPTO
|
|
|
|
config ARMV8_CE_SHA1
|
|
bool "SHA-1 digest algorithm (ARMv8 Crypto Extensions)"
|
|
default y if SHA1
|
|
|
|
config ARMV8_CE_SHA256
|
|
bool "SHA-256 digest algorithm (ARMv8 Crypto Extensions)"
|
|
default y if SHA256
|
|
|
|
endif
|
|
|
|
endif
|