[U-Boot] [PATCH 4/4][v3] SECURE_BOOT : enable esbc_validate command for powerpc and arm platforms.

Gaurav Rana gaurav.rana at freescale.com
Fri Feb 27 05:16:17 CET 2015


esbc_validate command uses various IP Blocks: Security Monitor, CAAM block
and SFP registers. Hence the respective CONFIG's are enabled.

Apart from these CONFIG_SHA_PROG_HW_ACCEL and CONFIG_RSA are also enabled.

Signed-off-by: Gaurav Rana <gaurav.rana at freescale.com>
---
Changes in v3:
No change. Change in other patches of the patch set.

Changes in v2:
Merge patches of enablement for powerpc and enablement for arm.

 arch/arm/include/asm/arch-ls102xa/config.h | 20 +++++++++++++++++
 arch/powerpc/include/asm/config_mpc85xx.h  |  1 +
 arch/powerpc/include/asm/fsl_secure_boot.h | 35 ++++++++++++++++++++++++++++++
 arch/powerpc/include/asm/immap_85xx.h      |  6 ++++-
 board/freescale/common/Makefile            |  6 +++++
 5 files changed, 67 insertions(+), 1 deletion(-)

diff --git a/arch/arm/include/asm/arch-ls102xa/config.h b/arch/arm/include/asm/arch-ls102xa/config.h
index 7915518..5d81280 100644
--- a/arch/arm/include/asm/arch-ls102xa/config.h
+++ b/arch/arm/include/asm/arch-ls102xa/config.h
@@ -27,6 +27,8 @@
 #define CONFIG_SYS_FSL_SCFG_ADDR		(CONFIG_SYS_IMMR + 0x00570000)
 #define CONFIG_SYS_FSL_SEC_ADDR			(CONFIG_SYS_IMMR + 0x700000)
 #define CONFIG_SYS_FSL_JR0_ADDR			(CONFIG_SYS_IMMR + 0x710000)
+#define CONFIG_SYS_SEC_MON_ADDR			(CONFIG_SYS_IMMR + 0x00e90000)
+#define CONFIG_SYS_SFP_ADDR			(CONFIG_SYS_IMMR + 0x00e80200)
 #define CONFIG_SYS_FSL_SERDES_ADDR		(CONFIG_SYS_IMMR + 0x00ea0000)
 #define CONFIG_SYS_FSL_GUTS_ADDR		(CONFIG_SYS_IMMR + 0x00ee0000)
 #define CONFIG_SYS_FSL_LS1_CLK_ADDR		(CONFIG_SYS_IMMR + 0x00ee1000)
@@ -80,7 +82,25 @@
 #define CONFIG_SYS_FSL_DSPI_BE
 #define CONFIG_SYS_FSL_QSPI_BE
 #define CONFIG_SYS_FSL_DCU_BE
+#define CONFIG_SYS_FSL_SEC_MON_LE
 #define CONFIG_SYS_FSL_SEC_LE
+#define CONFIG_SYS_FSL_SFP_VER_3_2
+#define CONFIG_SYS_FSL_SFP_BE
+#define CONFIG_SYS_FSL_SRK_LE
+#define CONFIG_KEY_REVOCATION
+#define CONFIG_FSL_ISBC_KEY_EXT
+
+#ifdef CONFIG_SECURE_BOOT
+#define CONFIG_CMD_ESBC_VALIDATE
+#define CONFIG_FSL_SEC_MON
+#define CONFIG_SHA_PROG_HW_ACCEL
+#define CONFIG_DM
+#define CONFIG_RSA
+#define CONFIG_RSA_FREESCALE_EXP
+#ifndef CONFIG_FSL_CAAM
+#define CONFIG_FSL_CAAM
+#endif
+#endif
 
 #define DCU_LAYER_MAX_NUM			16
 
diff --git a/arch/powerpc/include/asm/config_mpc85xx.h b/arch/powerpc/include/asm/config_mpc85xx.h
index 7fc352e..f93c19c 100644
--- a/arch/powerpc/include/asm/config_mpc85xx.h
+++ b/arch/powerpc/include/asm/config_mpc85xx.h
@@ -26,6 +26,7 @@
 #define CONFIG_SYS_FSL_IFC_BE
 #define CONFIG_SYS_FSL_SEC_BE
 #define CONFIG_SYS_FSL_SFP_BE
+#define CONFIG_SYS_FSL_SEC_MON_BE
 
 /* Number of TLB CAM entries we have on FSL Book-E chips */
 #if defined(CONFIG_E500MC)
diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h
index b4c0c99..49f6814 100644
--- a/arch/powerpc/include/asm/fsl_secure_boot.h
+++ b/arch/powerpc/include/asm/fsl_secure_boot.h
@@ -6,6 +6,19 @@
 
 #ifndef __FSL_SECURE_BOOT_H
 #define __FSL_SECURE_BOOT_H
+#include <asm/config_mpc85xx.h>
+
+#ifdef CONFIG_SECURE_BOOT
+#define CONFIG_CMD_ESBC_VALIDATE
+#define CONFIG_FSL_SEC_MON
+#define CONFIG_SHA_PROG_HW_ACCEL
+#define CONFIG_DM
+#define CONFIG_RSA
+#define CONFIG_RSA_FREESCALE_EXP
+#ifndef CONFIG_FSL_CAAM
+#define CONFIG_FSL_CAAM
+#endif
+#endif
 
 #ifdef CONFIG_SECURE_BOOT
 #if defined(CONFIG_FSL_CORENET)
@@ -28,9 +41,31 @@
 	defined(CONFIG_PPC_T1023) || \
 	defined(CONFIG_PPC_T1024)
 #define CONFIG_SYS_CPC_REINIT_F
+#define CONFIG_KEY_REVOCATION
 #undef CONFIG_SYS_INIT_L3_ADDR
 #define CONFIG_SYS_INIT_L3_ADDR			0xbff00000
 #endif
 
+#if defined(CONFIG_C29XPCIE)
+#define CONFIG_KEY_REVOCATION
+#endif
+
+#if defined(CONFIG_PPC_P3041)	||	\
+	defined(CONFIG_PPC_P4080) ||	\
+	defined(CONFIG_PPC_P5020) ||	\
+	defined(CONFIG_PPC_P5040) ||	\
+	defined(CONFIG_PPC_P2041)
+	#define	CONFIG_FSL_TRUST_ARCH_v1
+#endif
+
+#if defined(CONFIG_FSL_CORENET)
+/* The key used for verification of next level images
+ * is picked up from an Extension Table which has
+ * been verified by the ISBC (Internal Secure boot Code)
+ * in boot ROM of the SoC
+ */
+#define CONFIG_FSL_ISBC_KEY_EXT
+#endif
+
 #endif
 #endif
diff --git a/arch/powerpc/include/asm/immap_85xx.h b/arch/powerpc/include/asm/immap_85xx.h
index f89b90b..0c9d85e 100644
--- a/arch/powerpc/include/asm/immap_85xx.h
+++ b/arch/powerpc/include/asm/immap_85xx.h
@@ -2883,6 +2883,7 @@ struct ccsr_pman {
 #define CONFIG_SYS_MPC85xx_SATA2_OFFSET		0x221000
 #define CONFIG_SYS_FSL_SEC_OFFSET		0x300000
 #define CONFIG_SYS_FSL_JR0_OFFSET		0x301000
+#define CONFIG_SYS_SEC_MON_OFFSET		0x314000
 #define CONFIG_SYS_FSL_CORENET_PME_OFFSET	0x316000
 #define CONFIG_SYS_FSL_QMAN_OFFSET		0x318000
 #define CONFIG_SYS_FSL_BMAN_OFFSET		0x31a000
@@ -2950,7 +2951,7 @@ struct ccsr_pman {
 #endif
 #define CONFIG_SYS_MPC85xx_SERDES2_OFFSET	0xE3100
 #define CONFIG_SYS_MPC85xx_SERDES1_OFFSET	0xE3000
-#define CONFIG_SYS_SNVS_OFFSET			0xE6000
+#define CONFIG_SYS_SEC_MON_OFFSET		0xE6000
 #define CONFIG_SYS_SFP_OFFSET			0xE7000
 #define CONFIG_SYS_MPC85xx_CPM_OFFSET		0x80000
 #define CONFIG_SYS_FSL_QMAN_OFFSET		0x88000
@@ -3080,6 +3081,9 @@ struct ccsr_pman {
 #define CONFIG_SYS_SFP_ADDR  \
 	(CONFIG_SYS_IMMR + CONFIG_SYS_SFP_OFFSET)
 
+#define CONFIG_SYS_SEC_MON_ADDR  \
+	(CONFIG_SYS_IMMR + CONFIG_SYS_SEC_MON_OFFSET)
+
 #define TSEC_BASE_ADDR		(CONFIG_SYS_IMMR + CONFIG_SYS_TSEC1_OFFSET)
 #define MDIO_BASE_ADDR		(CONFIG_SYS_IMMR + CONFIG_SYS_MDIO1_OFFSET)
 
diff --git a/board/freescale/common/Makefile b/board/freescale/common/Makefile
index 14af660..7181cac 100644
--- a/board/freescale/common/Makefile
+++ b/board/freescale/common/Makefile
@@ -72,4 +72,10 @@ obj-$(CONFIG_P5020DS)	+= p_corenet/
 obj-$(CONFIG_P5040DS)	+= p_corenet/
 
 obj-$(CONFIG_LS102XA_NS_ACCESS)	+= ns_access.o
+
+ifdef CONFIG_SECURE_BOOT
+obj-y += fsl_validate.o
+obj-$(CONFIG_CMD_ESBC_VALIDATE) += cmd_esbc_validate.o
+endif
+
 endif
-- 
1.8.1.4



More information about the U-Boot mailing list