[U-Boot] [PATCH v3 04/15] SECURE BOOT: Add Secure Boot support on ls2080aqds/rdb
Saksham Jain
saksham.jain at nxp.com
Mon Feb 1 12:43:43 CET 2016
Following changes have been made to enable secure boot:
1) Sec_init has been called in starting to initialize SEC Block (CAAM)
which will be used for Secure Boot validation later for both ls2080a qds
and rdb
2) 64Bit address in ESBC Header has been enabled as this SoC is based on
armv8
3) Secure Boot defconfigs created for boards (NOR Boot).
Signed-off-by: Aneesh Bansal <aneesh.bansal at nxp.com>
Signed-off-by: Saksham Jain <saksham.jain at nxp.com>
---
Changes for v2:
- No changes
Changes for v3:
- No changes
arch/arm/include/asm/fsl_secure_boot.h | 9 +++++++--
board/freescale/ls2080aqds/ls2080aqds.c | 5 ++++-
board/freescale/ls2080ardb/ls2080ardb.c | 5 ++++-
configs/ls2080aqds_SECURE_BOOT_defconfig | 15 +++++++++++++++
configs/ls2080ardb_SECURE_BOOT_defconfig | 15 +++++++++++++++
configs/ls2085aqds_SECURE_BOOT_defconfig | 15 +++++++++++++++
configs/ls2085ardb_SECURE_BOOT_defconfig | 15 +++++++++++++++
include/configs/ls2080aqds.h | 2 ++
include/configs/ls2080ardb.h | 2 ++
9 files changed, 79 insertions(+), 4 deletions(-)
create mode 100644 configs/ls2080aqds_SECURE_BOOT_defconfig
create mode 100644 configs/ls2080ardb_SECURE_BOOT_defconfig
create mode 100644 configs/ls2085aqds_SECURE_BOOT_defconfig
create mode 100644 configs/ls2085ardb_SECURE_BOOT_defconfig
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index 3e46c63..e65caed 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -18,7 +18,9 @@
#ifdef CONFIG_CHAIN_OF_TRUST
#define CONFIG_CMD_ESBC_VALIDATE
#define CONFIG_CMD_BLOB
+#define CONFIG_CMD_HASH
#define CONFIG_FSL_SEC_MON
+#define CONFIG_SHA_HW_ACCEL
#define CONFIG_SHA_PROG_HW_ACCEL
#define CONFIG_RSA
#define CONFIG_RSA_FREESCALE_EXP
@@ -47,8 +49,11 @@
#endif
-#ifdef CONFIG_LS1043A
-/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit */
+#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A) ||\
+ defined(CONFIG_LS2085A)
+/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit
+ * Similiarly for LS2080 and LS2085
+ */
#define CONFIG_ESBC_ADDR_64BIT
#endif
diff --git a/board/freescale/ls2080aqds/ls2080aqds.c b/board/freescale/ls2080aqds/ls2080aqds.c
index aa256a2..ab101a4 100644
--- a/board/freescale/ls2080aqds/ls2080aqds.c
+++ b/board/freescale/ls2080aqds/ls2080aqds.c
@@ -19,6 +19,7 @@
#include <rtc.h>
#include <asm/arch/soc.h>
#include <hwconfig.h>
+#include <fsl_sec.h>
#include "../common/qixis.h"
#include "ls2080aqds_qixis.h"
@@ -248,7 +249,9 @@ int arch_misc_init(void)
#ifdef CONFIG_FSL_DEBUG_SERVER
debug_server_init();
#endif
-
+#ifdef CONFIG_FSL_CAAM
+ sec_init();
+#endif
return 0;
}
#endif
diff --git a/board/freescale/ls2080ardb/ls2080ardb.c b/board/freescale/ls2080ardb/ls2080ardb.c
index c63b639..0c78a41 100644
--- a/board/freescale/ls2080ardb/ls2080ardb.c
+++ b/board/freescale/ls2080ardb/ls2080ardb.c
@@ -18,6 +18,7 @@
#include <environment.h>
#include <i2c.h>
#include <asm/arch/soc.h>
+#include <fsl_sec.h>
#include "../common/qixis.h"
#include "ls2080ardb_qixis.h"
@@ -214,7 +215,9 @@ int arch_misc_init(void)
#ifdef CONFIG_FSL_DEBUG_SERVER
debug_server_init();
#endif
-
+#ifdef CONFIG_FSL_CAAM
+ sec_init();
+#endif
return 0;
}
#endif
diff --git a/configs/ls2080aqds_SECURE_BOOT_defconfig b/configs/ls2080aqds_SECURE_BOOT_defconfig
new file mode 100644
index 0000000..5c50894
--- /dev/null
+++ b/configs/ls2080aqds_SECURE_BOOT_defconfig
@@ -0,0 +1,15 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS2080AQDS=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-qds"
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2080A, SECURE_BOOT"
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_OF_CONTROL=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_SYS_NS16550=y
+CONFIG_FSL_DSPI=y
diff --git a/configs/ls2080ardb_SECURE_BOOT_defconfig b/configs/ls2080ardb_SECURE_BOOT_defconfig
new file mode 100644
index 0000000..9456e04
--- /dev/null
+++ b/configs/ls2080ardb_SECURE_BOOT_defconfig
@@ -0,0 +1,15 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS2080ARDB=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-rdb"
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2080A, SECURE_BOOT"
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_OF_CONTROL=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_SYS_NS16550=y
+CONFIG_FSL_DSPI=y
diff --git a/configs/ls2085aqds_SECURE_BOOT_defconfig b/configs/ls2085aqds_SECURE_BOOT_defconfig
new file mode 100644
index 0000000..8f96fc0
--- /dev/null
+++ b/configs/ls2085aqds_SECURE_BOOT_defconfig
@@ -0,0 +1,15 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS2080AQDS=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-qds"
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2085A, SECURE_BOOT"
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_OF_CONTROL=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_SYS_NS16550=y
+CONFIG_FSL_DSPI=y
diff --git a/configs/ls2085ardb_SECURE_BOOT_defconfig b/configs/ls2085ardb_SECURE_BOOT_defconfig
new file mode 100644
index 0000000..429d558
--- /dev/null
+++ b/configs/ls2085ardb_SECURE_BOOT_defconfig
@@ -0,0 +1,15 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS2080ARDB=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-rdb"
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2085A, SECURE_BOOT"
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_OF_CONTROL=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_SYS_NS16550=y
+CONFIG_FSL_DSPI=y
diff --git a/include/configs/ls2080aqds.h b/include/configs/ls2080aqds.h
index ba84248..77e5ab2 100644
--- a/include/configs/ls2080aqds.h
+++ b/include/configs/ls2080aqds.h
@@ -397,4 +397,6 @@ unsigned long get_board_ddr_clk(void);
#define CONFIG_USB_STORAGE
#define CONFIG_CMD_EXT2
+#include <asm/fsl_secure_boot.h>
+
#endif /* __LS2_QDS_H */
diff --git a/include/configs/ls2080ardb.h b/include/configs/ls2080ardb.h
index 116dbcd..8c65764 100644
--- a/include/configs/ls2080ardb.h
+++ b/include/configs/ls2080ardb.h
@@ -360,4 +360,6 @@ unsigned long get_board_sys_clk(void);
#define CONFIG_PHY_AQUANTIA
#endif
+#include <asm/fsl_secure_boot.h>
+
#endif /* __LS2_RDB_H */
--
1.8.1.4
More information about the U-Boot
mailing list