[U-Boot] [PATCH 1/2] SECURE BOOT: add version info for ISBC

aneesh.bansal at freescale.com aneesh.bansal at freescale.com
Tue Jan 28 06:40:20 CET 2014


> -----Original Message-----
> From: Wolfgang Denk [mailto:wd at denx.de]
> Sent: Monday, January 27, 2014 7:42 PM
> To: Bansal Aneesh-B39320
> Cc: u-boot at lists.denx.de; Gupta Ruchika-R66431
> Subject: Re: [U-Boot] [PATCH 1/2] SECURE BOOT: add version info for ISBC
> 
> Dear Aneesh,
> 
> In message
> <caf0224e47434bdba2623faeea12bd9a at DM2PR03MB415.namprd03.prod.outlook.com>
> you wrote:
> >
> > > But this is what I had in mind.  It appears to be a simple 1:1
> > > mapping from SoC to ISBC version to me, or am I wrong here?
> ...
> > Yes, it is a 1:1 mapping from SoC to ISBC version but we have multiple
> > SoC's having the same ISBC version. So using the SoC names would
> > result in having a long list of SoC's wherever we are doing some stuff
> > specific to the ISBC version.
> > Also in future, we might have new versions of ISBC with more features.
> > SO having multiple SoC specific checks inside the code would lead to
> confusion.
> 
> So don't use code, and instead make this data-driven.  Use a lookup-
> table.
> 
> Best regards,
> 
> Wolfgang Denk
> 
> --
> DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
> Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
> "The algorithm to do that is extremely nasty. You might want  to  mug
> someone with it."                   - M. Devine, Computer Science 340
> 
ISBC is a platform IP and as usually I see that platform specific information like IP versions are maintained in the file arch/powerpc/include/asm/config_mpc85xx.h. Also based on this IP, we need some compile time information as stated below. 

CONFIG_SYS_ISBC_VERSION is further used to define a macro CONFIG_SECURE_HKAREA_CPC in a follow-on patch.

The ISBC code on some SoC's with a specific ISBC VERSION configures the platform cache as SRAM to be used as house keeping area for the SEC Block.
In U-boot in normal sequence of code platform cache is enabled. Before enabling the platform cache, we need to disable this setting of cache as SRAM and invalidate it.
For this purpose we need to define the macro CONFIG_SECURE_HKAREA_CPC only for platforms where this cache is being used as SRAM. WE identify these platforms based on the ISBC Version.

So currently we have this piece of code:


#if CONFIG_SYS_FSL_ISBC_VER > 1
#define CONFIG_SECURE_HKAREA_CPC
#undef CONFIG_SYS_INIT_L3_ADDR
#define CONFIG_SYS_INIT_L3_ADDR                        0xbff00000
#endif
.
.
.
.
#if defined(CONFIG_SECURE_HKAREA_CPC)
       disable_cpc_sram();

Regards,
Aneesh Bansal


More information about the U-Boot mailing list