[U-Boot] [PATCH 0/5] FSL SECURE BOOT: Add support for next level image validation

Ruchika Gupta ruchika.gupta at freescale.com
Thu Mar 28 11:46:30 CET 2013


The patch set adds support for next level image validation (linux,
rootfs, dtb) in secure boot scenarios.

The patch set adds the following functaionality :
1. In secure boot, PAMU is not in bypassed mode. For validating next level images,
CAAM block needs to be accessed. In order to access the CAAM block, first PAMU
needs to be configured to allow access to CAAM block from core. This patch set
adds the basic driver for PAMU.

2. Support has been added for using job ring interface of SEC block to do
cryptographic operations. Descriptors for the following crypto operations
have been added
a) RSA modular exponentiation
b) SHA-256
c) cryptographic blob encryption/decryption

3. esbc_validate command added which uses the SEC block and verifies the images.
esbc_validate command is meant for validating header and
signature of images (Boot Script and ESBC uboot client).
SHA-256 and RSA operations are performed using SEC block in HW.
This command works on both high-end (P4080) and low-end (P1010) platforms.


Ruchika Gupta (5):
  arch/powerpc/cpu/mpc8xxx: PAMU driver support
  powerpc/pamu : PAMU configuration for accessing SEC block
  drivers/sec : Freescale SEC driver
  FSL SEC Driver : Add support for descriptor creation
  Added command for validation of images in case of secure boot

 Makefile                                     |    1 +
 arch/powerpc/cpu/mpc85xx/Makefile            |    2 +
 arch/powerpc/cpu/mpc85xx/cmd_esbc_validate.c |   54 +
 arch/powerpc/cpu/mpc85xx/cpu_init.c          |   17 +
 arch/powerpc/cpu/mpc85xx/fsl_sfp_snvs.c      |  163 +++
 arch/powerpc/cpu/mpc85xx/fsl_validate.c      |  543 +++++++++
 arch/powerpc/cpu/mpc8xxx/Makefile            |    3 +-
 arch/powerpc/cpu/mpc8xxx/fsl_pamu.c          |  488 ++++++++
 arch/powerpc/cpu/mpc8xxx/fsl_pamu_table.c    |   68 ++
 arch/powerpc/include/asm/fsl_pamu.h          |  194 ++++
 arch/powerpc/include/asm/fsl_secure_boot.h   |   68 ++-
 arch/powerpc/include/asm/fsl_sfp_snvs.h      |   42 +
 arch/powerpc/include/asm/immap_85xx.h        |  121 ++-
 arch/powerpc/include/asm/types.h             |    5 +-
 drivers/sec/Makefile                         |   46 +
 drivers/sec/error.c                          |  259 +++++
 drivers/sec/jobdesc.c                        |  157 +++
 drivers/sec/jr.c                             |  319 +++++
 drivers/sec/rsa_sec.c                        |   95 ++
 drivers/sec/sha.c                            |  111 ++
 include/desc.h                               | 1605 ++++++++++++++++++++++++++
 include/desc_constr.h                        |  200 ++++
 include/jobdesc.h                            |   55 +
 include/jr.h                                 |  129 ++
 include/rsa_sec.h                            |   59 +
 include/sha.h                                |  100 ++
 26 files changed, 4900 insertions(+), 4 deletions(-)
 create mode 100644 arch/powerpc/cpu/mpc85xx/cmd_esbc_validate.c
 create mode 100644 arch/powerpc/cpu/mpc85xx/fsl_sfp_snvs.c
 create mode 100644 arch/powerpc/cpu/mpc85xx/fsl_validate.c
 create mode 100644 arch/powerpc/cpu/mpc8xxx/fsl_pamu.c
 create mode 100644 arch/powerpc/cpu/mpc8xxx/fsl_pamu_table.c
 create mode 100644 arch/powerpc/include/asm/fsl_pamu.h
 create mode 100644 arch/powerpc/include/asm/fsl_sfp_snvs.h
 create mode 100644 drivers/sec/Makefile
 create mode 100644 drivers/sec/error.c
 create mode 100644 drivers/sec/jobdesc.c
 create mode 100644 drivers/sec/jr.c
 create mode 100644 drivers/sec/rsa_sec.c
 create mode 100644 drivers/sec/sha.c
 create mode 100644 include/desc.h
 create mode 100644 include/desc_constr.h
 create mode 100644 include/jobdesc.h
 create mode 100644 include/jr.h
 create mode 100644 include/rsa_sec.h
 create mode 100644 include/sha.h

-- 
1.7.7.6




More information about the U-Boot mailing list