[U-Boot] [PATCH 4/4][v3] SECURE_BOOT : enable esbc_validate command for powerpc and arm platforms.
Gaurav Rana
gaurav.rana at freescale.com
Fri Feb 27 05:16:17 CET 2015
esbc_validate command uses various IP Blocks: Security Monitor, CAAM block
and SFP registers. Hence the respective CONFIG's are enabled.
Apart from these CONFIG_SHA_PROG_HW_ACCEL and CONFIG_RSA are also enabled.
Signed-off-by: Gaurav Rana <gaurav.rana at freescale.com>
---
Changes in v3:
No change. Change in other patches of the patch set.
Changes in v2:
Merge patches of enablement for powerpc and enablement for arm.
arch/arm/include/asm/arch-ls102xa/config.h | 20 +++++++++++++++++
arch/powerpc/include/asm/config_mpc85xx.h | 1 +
arch/powerpc/include/asm/fsl_secure_boot.h | 35 ++++++++++++++++++++++++++++++
arch/powerpc/include/asm/immap_85xx.h | 6 ++++-
board/freescale/common/Makefile | 6 +++++
5 files changed, 67 insertions(+), 1 deletion(-)
diff --git a/arch/arm/include/asm/arch-ls102xa/config.h b/arch/arm/include/asm/arch-ls102xa/config.h
index 7915518..5d81280 100644
--- a/arch/arm/include/asm/arch-ls102xa/config.h
+++ b/arch/arm/include/asm/arch-ls102xa/config.h
@@ -27,6 +27,8 @@
#define CONFIG_SYS_FSL_SCFG_ADDR (CONFIG_SYS_IMMR + 0x00570000)
#define CONFIG_SYS_FSL_SEC_ADDR (CONFIG_SYS_IMMR + 0x700000)
#define CONFIG_SYS_FSL_JR0_ADDR (CONFIG_SYS_IMMR + 0x710000)
+#define CONFIG_SYS_SEC_MON_ADDR (CONFIG_SYS_IMMR + 0x00e90000)
+#define CONFIG_SYS_SFP_ADDR (CONFIG_SYS_IMMR + 0x00e80200)
#define CONFIG_SYS_FSL_SERDES_ADDR (CONFIG_SYS_IMMR + 0x00ea0000)
#define CONFIG_SYS_FSL_GUTS_ADDR (CONFIG_SYS_IMMR + 0x00ee0000)
#define CONFIG_SYS_FSL_LS1_CLK_ADDR (CONFIG_SYS_IMMR + 0x00ee1000)
@@ -80,7 +82,25 @@
#define CONFIG_SYS_FSL_DSPI_BE
#define CONFIG_SYS_FSL_QSPI_BE
#define CONFIG_SYS_FSL_DCU_BE
+#define CONFIG_SYS_FSL_SEC_MON_LE
#define CONFIG_SYS_FSL_SEC_LE
+#define CONFIG_SYS_FSL_SFP_VER_3_2
+#define CONFIG_SYS_FSL_SFP_BE
+#define CONFIG_SYS_FSL_SRK_LE
+#define CONFIG_KEY_REVOCATION
+#define CONFIG_FSL_ISBC_KEY_EXT
+
+#ifdef CONFIG_SECURE_BOOT
+#define CONFIG_CMD_ESBC_VALIDATE
+#define CONFIG_FSL_SEC_MON
+#define CONFIG_SHA_PROG_HW_ACCEL
+#define CONFIG_DM
+#define CONFIG_RSA
+#define CONFIG_RSA_FREESCALE_EXP
+#ifndef CONFIG_FSL_CAAM
+#define CONFIG_FSL_CAAM
+#endif
+#endif
#define DCU_LAYER_MAX_NUM 16
diff --git a/arch/powerpc/include/asm/config_mpc85xx.h b/arch/powerpc/include/asm/config_mpc85xx.h
index 7fc352e..f93c19c 100644
--- a/arch/powerpc/include/asm/config_mpc85xx.h
+++ b/arch/powerpc/include/asm/config_mpc85xx.h
@@ -26,6 +26,7 @@
#define CONFIG_SYS_FSL_IFC_BE
#define CONFIG_SYS_FSL_SEC_BE
#define CONFIG_SYS_FSL_SFP_BE
+#define CONFIG_SYS_FSL_SEC_MON_BE
/* Number of TLB CAM entries we have on FSL Book-E chips */
#if defined(CONFIG_E500MC)
diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h
index b4c0c99..49f6814 100644
--- a/arch/powerpc/include/asm/fsl_secure_boot.h
+++ b/arch/powerpc/include/asm/fsl_secure_boot.h
@@ -6,6 +6,19 @@
#ifndef __FSL_SECURE_BOOT_H
#define __FSL_SECURE_BOOT_H
+#include <asm/config_mpc85xx.h>
+
+#ifdef CONFIG_SECURE_BOOT
+#define CONFIG_CMD_ESBC_VALIDATE
+#define CONFIG_FSL_SEC_MON
+#define CONFIG_SHA_PROG_HW_ACCEL
+#define CONFIG_DM
+#define CONFIG_RSA
+#define CONFIG_RSA_FREESCALE_EXP
+#ifndef CONFIG_FSL_CAAM
+#define CONFIG_FSL_CAAM
+#endif
+#endif
#ifdef CONFIG_SECURE_BOOT
#if defined(CONFIG_FSL_CORENET)
@@ -28,9 +41,31 @@
defined(CONFIG_PPC_T1023) || \
defined(CONFIG_PPC_T1024)
#define CONFIG_SYS_CPC_REINIT_F
+#define CONFIG_KEY_REVOCATION
#undef CONFIG_SYS_INIT_L3_ADDR
#define CONFIG_SYS_INIT_L3_ADDR 0xbff00000
#endif
+#if defined(CONFIG_C29XPCIE)
+#define CONFIG_KEY_REVOCATION
+#endif
+
+#if defined(CONFIG_PPC_P3041) || \
+ defined(CONFIG_PPC_P4080) || \
+ defined(CONFIG_PPC_P5020) || \
+ defined(CONFIG_PPC_P5040) || \
+ defined(CONFIG_PPC_P2041)
+ #define CONFIG_FSL_TRUST_ARCH_v1
+#endif
+
+#if defined(CONFIG_FSL_CORENET)
+/* The key used for verification of next level images
+ * is picked up from an Extension Table which has
+ * been verified by the ISBC (Internal Secure boot Code)
+ * in boot ROM of the SoC
+ */
+#define CONFIG_FSL_ISBC_KEY_EXT
+#endif
+
#endif
#endif
diff --git a/arch/powerpc/include/asm/immap_85xx.h b/arch/powerpc/include/asm/immap_85xx.h
index f89b90b..0c9d85e 100644
--- a/arch/powerpc/include/asm/immap_85xx.h
+++ b/arch/powerpc/include/asm/immap_85xx.h
@@ -2883,6 +2883,7 @@ struct ccsr_pman {
#define CONFIG_SYS_MPC85xx_SATA2_OFFSET 0x221000
#define CONFIG_SYS_FSL_SEC_OFFSET 0x300000
#define CONFIG_SYS_FSL_JR0_OFFSET 0x301000
+#define CONFIG_SYS_SEC_MON_OFFSET 0x314000
#define CONFIG_SYS_FSL_CORENET_PME_OFFSET 0x316000
#define CONFIG_SYS_FSL_QMAN_OFFSET 0x318000
#define CONFIG_SYS_FSL_BMAN_OFFSET 0x31a000
@@ -2950,7 +2951,7 @@ struct ccsr_pman {
#endif
#define CONFIG_SYS_MPC85xx_SERDES2_OFFSET 0xE3100
#define CONFIG_SYS_MPC85xx_SERDES1_OFFSET 0xE3000
-#define CONFIG_SYS_SNVS_OFFSET 0xE6000
+#define CONFIG_SYS_SEC_MON_OFFSET 0xE6000
#define CONFIG_SYS_SFP_OFFSET 0xE7000
#define CONFIG_SYS_MPC85xx_CPM_OFFSET 0x80000
#define CONFIG_SYS_FSL_QMAN_OFFSET 0x88000
@@ -3080,6 +3081,9 @@ struct ccsr_pman {
#define CONFIG_SYS_SFP_ADDR \
(CONFIG_SYS_IMMR + CONFIG_SYS_SFP_OFFSET)
+#define CONFIG_SYS_SEC_MON_ADDR \
+ (CONFIG_SYS_IMMR + CONFIG_SYS_SEC_MON_OFFSET)
+
#define TSEC_BASE_ADDR (CONFIG_SYS_IMMR + CONFIG_SYS_TSEC1_OFFSET)
#define MDIO_BASE_ADDR (CONFIG_SYS_IMMR + CONFIG_SYS_MDIO1_OFFSET)
diff --git a/board/freescale/common/Makefile b/board/freescale/common/Makefile
index 14af660..7181cac 100644
--- a/board/freescale/common/Makefile
+++ b/board/freescale/common/Makefile
@@ -72,4 +72,10 @@ obj-$(CONFIG_P5020DS) += p_corenet/
obj-$(CONFIG_P5040DS) += p_corenet/
obj-$(CONFIG_LS102XA_NS_ACCESS) += ns_access.o
+
+ifdef CONFIG_SECURE_BOOT
+obj-y += fsl_validate.o
+obj-$(CONFIG_CMD_ESBC_VALIDATE) += cmd_esbc_validate.o
+endif
+
endif
--
1.8.1.4
More information about the U-Boot
mailing list