[U-Boot] [PATCH] powerpc/p4080: Add support for secure boot flow on CoreNet Based QorIQ chips
Kumar Gala
galak at kernel.crashing.org
Sat Apr 9 20:28:45 CEST 2011
From: Ruchika Gupta <ruchika.gupta at freescale.com>
1. Create a temp mapping in AS=1 of CONFIG_SYS_MONITOR_BASE to
the 1M CONFIG_SYS_PBI_FLASH_WINDOW
(The CONFIG_SYS_PBI_FLASH_WINDOW is the address map for the flash
created by PBL within 0 - 3.5G memory range. The u-boot image at
this address has been validated by ISBC code)
2. Remove TLB entries for 0 - 3.5G created by ISBC code
3. Remove the LAW entry for the CONFIG_SYS_PBI_FLASH_WINDOW created by PBL
after switch to AS = 1
Flow for secure-boot for which the changes have been made is given below:
1. User loads the u-boot image in flash
2. PBL creates LAW for Flash at 0xc0000000
(Please note that ISBC expects all these addresses, images to be
validated, entry point etc within 0 - 3.5G range)
3. ISBC validates the u-boot image, and passes control to u-boot
at 0xcffffffc.
Signed-off-by: Ruchika Gupta <ruchika.gupta at freescale.com>
Acked-by: Scott Wood <scottwood at freescale.com>
---
arch/powerpc/cpu/mpc85xx/cpu_init.c | 7 ++++
arch/powerpc/cpu/mpc85xx/cpu_init_early.c | 10 +++++-
arch/powerpc/cpu/mpc85xx/start.S | 53 +++++++++++++++++++++++++++-
arch/powerpc/include/asm/fsl_secure_boot.h | 40 +++++++++++++++++++++
boards.cfg | 1 +
include/configs/corenet_ds.h | 4 ++
6 files changed, 113 insertions(+), 2 deletions(-)
create mode 100644 arch/powerpc/include/asm/fsl_secure_boot.h
diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init.c b/arch/powerpc/cpu/mpc85xx/cpu_init.c
index 6f256cf..aafb007 100644
--- a/arch/powerpc/cpu/mpc85xx/cpu_init.c
+++ b/arch/powerpc/cpu/mpc85xx/cpu_init.c
@@ -239,6 +239,13 @@ void cpu_init_f (void)
disable_tlb(14);
disable_tlb(15);
+#ifdef CONFIG_SYS_ESBC_FLASH
+ /* Disable the LAW created for NOR flash by the PBI commands */
+ struct law_entry law = find_law(CONFIG_SYS_PBI_FLASH_BASE);
+ if (law.index != -1)
+ disable_law(law.index);
+#endif
+
#ifdef CONFIG_CPM2
config_8560_ioports((ccsr_cpm_t *)CONFIG_SYS_MPC85xx_CPM_ADDR);
#endif
diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init_early.c b/arch/powerpc/cpu/mpc85xx/cpu_init_early.c
index 32aa94b..58397ec 100644
--- a/arch/powerpc/cpu/mpc85xx/cpu_init_early.c
+++ b/arch/powerpc/cpu/mpc85xx/cpu_init_early.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2009 Freescale Semiconductor, Inc
+ * Copyright 2009-2011 Freescale Semiconductor, Inc
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
@@ -108,5 +108,13 @@ void cpu_init_early_f(void)
init_laws();
invalidate_tlb(0);
+
+#if defined(CONFIG_SECURE_BOOT)
+/* Disable the TLBs created by ISBC */
+ for (i = CONFIG_SYS_ISBC_START_TLB;
+ i < CONFIG_SYS_ISBC_START_TLB + CONFIG_SYS_ISBC_NUM_TLBS; i++)
+ disable_tlb(i);
+#endif
+
init_tlbs();
}
diff --git a/arch/powerpc/cpu/mpc85xx/start.S b/arch/powerpc/cpu/mpc85xx/start.S
index 5777493..0caa336 100644
--- a/arch/powerpc/cpu/mpc85xx/start.S
+++ b/arch/powerpc/cpu/mpc85xx/start.S
@@ -88,6 +88,45 @@
_start_e500:
+#ifdef CONFIG_SECURE_BOOT
+ /* ISBC uses L2 as stack.
+ Disable L2 cache here so that u-boot can enable it later
+ as part of it's normal flow
+ */
+
+ /* Check if L2 is enabled */
+ mfspr r3, SPRN_L2CSR0
+ lis r2, L2CSR0_L2E at h
+ ori r2, r2, L2CSR0_L2E at l
+ and. r4, r3, r2
+ beq l2_disabled
+
+ mfspr r3, SPRN_L2CSR0
+ /* Flush L2 cache */
+ lis r2,(L2CSR0_L2FL)@h
+ ori r2, r2, (L2CSR0_L2FL)@l
+ or r3, r2, r3
+ sync
+ isync
+ mtspr SPRN_L2CSR0,r3
+ isync
+1:
+ mfspr r3, SPRN_L2CSR0
+ and. r1, r3, r2
+ bne 1b
+
+ mfspr r3, SPRN_L2CSR0
+ lis r2, L2CSR0_L2E at h
+ ori r2, r2, L2CSR0_L2E at l
+ andc r4, r3, r2
+ sync
+ isync
+ mtspr SPRN_L2CSR0,r4
+ isync
+
+l2_disabled:
+#endif
+
/* clear registers/arrays not reset by hardware */
/* L1 */
@@ -287,7 +326,7 @@ _start_e500:
lis r6,FSL_BOOKE_MAS0(1, 15, 0)@h
ori r6,r6,FSL_BOOKE_MAS0(1, 15, 0)@l
-#ifndef CONFIG_SYS_RAMBOOT
+#if !defined(CONFIG_SYS_RAMBOOT) && !defined(CONFIG_SECURE_BOOT)
/* create a temp mapping in AS=1 to the 4M boot window */
lis r7,FSL_BOOKE_MAS1(1, 1, 0, 1, BOOKE_PAGESZ_4M)@h
ori r7,r7,FSL_BOOKE_MAS1(1, 1, 0, 1, BOOKE_PAGESZ_4M)@l
@@ -298,6 +337,18 @@ _start_e500:
/* The 85xx has the default boot window 0xff800000 - 0xffffffff */
lis r9,FSL_BOOKE_MAS3(0xffc00000, 0, (MAS3_SX|MAS3_SW|MAS3_SR))@h
ori r9,r9,FSL_BOOKE_MAS3(0xffc00000, 0, (MAS3_SX|MAS3_SW|MAS3_SR))@l
+#elif defined(CONFIG_SECURE_BOOT)
+ /* create a temp mapping in AS = 1 for Flash mapping
+ * created by PBL for ISBC code
+ */
+ lis r7,FSL_BOOKE_MAS1(1, 1, 0, 1, BOOKE_PAGESZ_1M)@h
+ ori r7,r7,FSL_BOOKE_MAS1(1, 1, 0, 1, BOOKE_PAGESZ_1M)@l
+
+ lis r8,FSL_BOOKE_MAS2(CONFIG_SYS_MONITOR_BASE, (MAS2_I|MAS2_G))@h
+ ori r8,r8,FSL_BOOKE_MAS2(CONFIG_SYS_MONITOR_BASE, (MAS2_I|MAS2_G))@l
+
+ lis r9,FSL_BOOKE_MAS3(CONFIG_SYS_PBI_FLASH_WINDOW, 0, (MAS3_SX|MAS3_SW|MAS3_SR))@h
+ ori r9,r9,FSL_BOOKE_MAS3(CONFIG_SYS_PBI_FLASH_WINDOW, 0, (MAS3_SX|MAS3_SW|MAS3_SR))@l
#else
/*
* create a temp mapping in AS=1 to the 1M CONFIG_SYS_MONITOR_BASE space, the main
diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h
new file mode 100644
index 0000000..786a98e
--- /dev/null
+++ b/arch/powerpc/include/asm/fsl_secure_boot.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2010-2011 Freescale Semiconductor, Inc.
+ *
+ * See file CREDITS for list of people who contributed to this
+ * project.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston,
+ * MA 02111-1307 USA
+ */
+
+#ifndef __FSL_SECURE_BOOT_H
+#define __FSL_SECURE_BOOT_H
+
+/* This define indicates that u-boot's code is executing from flash
+ * after ISBC Validation */
+#define CONFIG_SYS_ESBC_FLASH
+
+/*Starting TLB number for the TLB entried for 3.5 G space created by ISBC */
+#define CONFIG_SYS_ISBC_START_TLB 3
+
+/* Number fo TLB's created by ISBC */
+#define CONFIG_SYS_ISBC_NUM_TLBS 5
+
+/* Address map where flash lies as done by PBI commands */
+#define CONFIG_SYS_PBI_FLASH_BASE 0xc0000000
+#define CONFIG_SYS_PBI_FLASH_WINDOW 0xcff80000
+
+#endif
diff --git a/boards.cfg b/boards.cfg
index cc1ae6c..6ffcd96 100644
--- a/boards.cfg
+++ b/boards.cfg
@@ -545,6 +545,7 @@ P2020RDB_SDCARD powerpc mpc85xx p1_p2_rdb freesca
P2020RDB_SPIFLASH powerpc mpc85xx p1_p2_rdb freescale - P1_P2_RDB:P2020RDB,SPIFLASH
P4080DS powerpc mpc85xx corenet_ds freescale
P4080DS_RAMBOOT_PBL powerpc mpc85xx corenet_ds freescale - P4080DS:RAMBOOT_PBL,SYS_TEXT_BASE=0xFFF80000
+P4080DS_SECURE_BOOT powerpc mpc85xx corenet_ds freescale - P4080DS:SECURE_BOOT
mpq101 powerpc mpc85xx mpq101 mercury - mpq101
stxgp3 powerpc mpc85xx stxgp3 stx
stxssa powerpc mpc85xx stxssa stx - stxssa
diff --git a/include/configs/corenet_ds.h b/include/configs/corenet_ds.h
index 2bd2553..9bc9017 100644
--- a/include/configs/corenet_ds.h
+++ b/include/configs/corenet_ds.h
@@ -607,4 +607,8 @@
#define CONFIG_BOOTCOMMAND CONFIG_HDBOOT
+#ifdef CONFIG_SECURE_BOOT
+#include <asm/fsl_secure_boot.h>
+#endif
+
#endif /* __CONFIG_H */
--
1.7.3.4
More information about the U-Boot
mailing list