[U-Boot] [PATCH v2 06/15] SECURE BOOT: Copy Bootscript and header from NOR to DDR for LS2080/5

Saksham Jain saksham.jain at nxp.com
Thu Jan 28 14:20:07 CET 2016


During Secure Boot, a bootscript is validated using its header.
This patch copies both these images to DDR from NOR and then validates and
executed them from DDR. (If NOR is the boot source for LS2080 and LS2085).

This copy step is done to make this step common across booting sources.
Because in case of non-xip memories (e.g. NAND, SD) it is neccessary to copy
both these images to DDR.

For other ARM Platforms (ls1043 and ls1020), header is not copied from NOR
to DDR (otherwise customers will need to modify the existing headers).
Signed-off-by: Aneesh Bansal <aneesh.bansal at nxp.com>
Signed-off-by: Saksham Jain <saksham.jain at nxp.com>
---
Changes for v2:
	- for platform such as ls1043 and ls1021, boot header in NOR.
		Not copied to NOR. For them, fixed CONFIG_BOOTSCRIPT_HDR_ADDR
		to CONFIG_BS_HDR_ADDR_FLASH.

 arch/arm/include/asm/fsl_secure_boot.h | 28 +++++++++++++++++++++++++---
 include/config_fsl_chain_trust.h       | 11 +++++++----
 2 files changed, 32 insertions(+), 7 deletions(-)

diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index 7c55ea1..7ab9623 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -62,11 +62,33 @@
 	"setenv initrd_high 0xcfffffff;"	\
 	"setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';"
 
-/* The address needs to be modified according to NOR memory map */
+/* Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from
+ * Non-XIP Memory (Nand/SD)*/
+#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_LS2080A) ||\
+	defined(CONFIG_LS2085A)
+#define CONFIG_BOOTSCRIPT_COPY_RAM
+#endif
+/* The address needs to be modified according to NOR and DDR memory map */
 #if defined(CONFIG_LS2080A) || defined(CONFIG_LS2085A)
-#define CONFIG_BOOTSCRIPT_HDR_ADDR	0x583920000
+#define CONFIG_BS_HDR_ADDR_FLASH	0x583920000
+#define CONFIG_BS_ADDR_FLASH		0x583900000
+#define CONFIG_BS_HDR_ADDR_RAM		0xa3920000
+#define CONFIG_BS_ADDR_RAM		0xa3900000
+#else
+#define CONFIG_BS_HDR_ADDR_FLASH	0x600a0000
+#define CONFIG_BS_ADDR_FLASH		0x60060000
+#define CONFIG_BS_HDR_ADDR_RAM		0xa0060000
+#define CONFIG_BS_ADDR_RAM		0xa0060000
+#endif
+
+#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
+#define CONFIG_BOOTSCRIPT_HDR_ADDR	CONFIG_BS_HDR_ADDR_RAM
+#define CONFIG_BS_HDR_SIZE		0x00002000
+#define CONFIG_BOOTSCRIPT_ADDR		CONFIG_BS_ADDR_RAM
+#define CONFIG_BS_SIZE			0x00001000
 #else
-#define CONFIG_BOOTSCRIPT_HDR_ADDR	0x600a0000
+#define CONFIG_BOOTSCRIPT_HDR_ADDR	CONFIG_BS_HDR_ADDR_FLASH
+/* BS_HDR_SIZE, BOOTSCRIPT_ADDR and BS_SIZE are not required */
 #endif
 
 #include <config_fsl_chain_trust.h>
diff --git a/include/config_fsl_chain_trust.h b/include/config_fsl_chain_trust.h
index 45dda56..aa222bb 100644
--- a/include/config_fsl_chain_trust.h
+++ b/include/config_fsl_chain_trust.h
@@ -65,8 +65,6 @@
 	"esbc_halt\0"
 #endif
 
-/* For secure boot flow, default environment used will be used */
-#if defined(CONFIG_SYS_RAMBOOT)
 #ifdef CONFIG_BOOTSCRIPT_COPY_RAM
 #define CONFIG_BS_COPY_ENV \
 	"setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \
@@ -76,14 +74,19 @@
 	"setenv bs_flash " __stringify(CONFIG_BS_ADDR_FLASH)";" \
 	"setenv bs_size " __stringify(CONFIG_BS_SIZE)";"
 
+/* For secure boot flow, default environment used will be used */
+#if defined(CONFIG_SYS_RAMBOOT)
 #if defined(CONFIG_RAMBOOT_NAND)
 #define CONFIG_BS_COPY_CMD \
 	"nand read $bs_hdr_ram $bs_hdr_flash $bs_hdr_size ;" \
 	"nand read $bs_ram $bs_flash $bs_size ;"
 #endif /* CONFIG_RAMBOOT_NAND */
-#endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
-
+#else
+#define CONFIG_BS_COPY_CMD \
+	"cp.b $bs_hdr_flash $bs_hdr_ram  $bs_hdr_size ;" \
+	"cp.b $bs_flash $bs_ram  $bs_size ;"
 #endif
+#endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
 
 #ifndef CONFIG_BS_COPY_ENV
 #define CONFIG_BS_COPY_ENV
-- 
1.8.1.4



More information about the U-Boot mailing list