[U-Boot] [PATCH v5 04/14] ls2080: Add Secure Boot support
Saksham Jain
saksham.jain at nxp.com
Wed Mar 23 11:54:35 CET 2016
Sec_init has been called in the starting to initialize SEC Block (CAAM)
which will be used for Secure Boot validation later for both ls2080a
qds and rdb. 64-bit address in ESBC Header has been enabled as this SoC
is based on armv8. Secure Boot defconfigs created for boards (NOR Boot).
Signed-off-by: Saksham Jain <saksham.jain at nxp.com>
---
Changes for v2:
- No changes
Changes for v3:
- No changes
Changes for v4:
- Cleaned up commit message
Changes for v5:
- Cleaned up commit message
- Added new configs in defconfigs as per new intermediate patches
arch/arm/include/asm/fsl_secure_boot.h | 9 +++++++--
board/freescale/ls2080aqds/MAINTAINERS | 6 ++++++
board/freescale/ls2080aqds/ls2080aqds.c | 5 ++++-
board/freescale/ls2080ardb/MAINTAINERS | 6 ++++++
board/freescale/ls2080ardb/ls2080ardb.c | 5 ++++-
configs/ls2080aqds_SECURE_BOOT_defconfig | 20 ++++++++++++++++++++
configs/ls2080ardb_SECURE_BOOT_defconfig | 20 ++++++++++++++++++++
configs/ls2085aqds_SECURE_BOOT_defconfig | 20 ++++++++++++++++++++
configs/ls2085ardb_SECURE_BOOT_defconfig | 20 ++++++++++++++++++++
include/configs/ls2080aqds.h | 2 ++
include/configs/ls2080ardb.h | 2 ++
11 files changed, 111 insertions(+), 4 deletions(-)
create mode 100644 configs/ls2080aqds_SECURE_BOOT_defconfig
create mode 100644 configs/ls2080ardb_SECURE_BOOT_defconfig
create mode 100644 configs/ls2085aqds_SECURE_BOOT_defconfig
create mode 100644 configs/ls2085ardb_SECURE_BOOT_defconfig
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index 4eb3b15..b745194 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -18,7 +18,9 @@
#ifdef CONFIG_CHAIN_OF_TRUST
#define CONFIG_CMD_ESBC_VALIDATE
#define CONFIG_CMD_BLOB
+#define CONFIG_CMD_HASH
#define CONFIG_FSL_SEC_MON
+#define CONFIG_SHA_HW_ACCEL
#define CONFIG_SHA_PROG_HW_ACCEL
#define CONFIG_RSA_FREESCALE_EXP
@@ -42,8 +44,11 @@
#endif
-#ifdef CONFIG_LS1043A
-/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit */
+#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A) ||\
+ defined(CONFIG_LS2085A)
+/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit
+ * Similiarly for LS2080 and LS2085
+ */
#define CONFIG_ESBC_ADDR_64BIT
#endif
diff --git a/board/freescale/ls2080aqds/MAINTAINERS b/board/freescale/ls2080aqds/MAINTAINERS
index 6f99ad0..558cef1 100644
--- a/board/freescale/ls2080aqds/MAINTAINERS
+++ b/board/freescale/ls2080aqds/MAINTAINERS
@@ -8,3 +8,9 @@ F: configs/ls2080aqds_defconfig
F: configs/ls2080aqds_nand_defconfig
F: configs/ls2085aqds_defconfig
F: configs/ls2085aqds_nand_defconfig
+
+LS2080A_SECURE_BOOT BOARD
+M: Saksham Jain <saksham.jain at nxp.freescale.com>
+S: Maintained
+F: configs/ls2080aqds_SECURE_BOOT_defconfig
+F: configs/ls2085aqds_SECURE_BOOT_defconfig
diff --git a/board/freescale/ls2080aqds/ls2080aqds.c b/board/freescale/ls2080aqds/ls2080aqds.c
index aa256a2..ab101a4 100644
--- a/board/freescale/ls2080aqds/ls2080aqds.c
+++ b/board/freescale/ls2080aqds/ls2080aqds.c
@@ -19,6 +19,7 @@
#include <rtc.h>
#include <asm/arch/soc.h>
#include <hwconfig.h>
+#include <fsl_sec.h>
#include "../common/qixis.h"
#include "ls2080aqds_qixis.h"
@@ -248,7 +249,9 @@ int arch_misc_init(void)
#ifdef CONFIG_FSL_DEBUG_SERVER
debug_server_init();
#endif
-
+#ifdef CONFIG_FSL_CAAM
+ sec_init();
+#endif
return 0;
}
#endif
diff --git a/board/freescale/ls2080ardb/MAINTAINERS b/board/freescale/ls2080ardb/MAINTAINERS
index c9f3459..0817711d 100644
--- a/board/freescale/ls2080ardb/MAINTAINERS
+++ b/board/freescale/ls2080ardb/MAINTAINERS
@@ -8,3 +8,9 @@ F: configs/ls2080ardb_defconfig
F: configs/ls2080ardb_nand_defconfig
F: configs/ls2085ardb_defconfig
F: configs/ls2085ardb_nand_defconfig
+
+LS2080A_SECURE_BOOT BOARD
+M: Saksham Jain <saksham.jain at nxp.freescale.com>
+S: Maintained
+F: configs/ls2080ardb_SECURE_BOOT_defconfig
+F: configs/ls2085ardb_SECURE_BOOT_defconfig
diff --git a/board/freescale/ls2080ardb/ls2080ardb.c b/board/freescale/ls2080ardb/ls2080ardb.c
index c63b639..0c78a41 100644
--- a/board/freescale/ls2080ardb/ls2080ardb.c
+++ b/board/freescale/ls2080ardb/ls2080ardb.c
@@ -18,6 +18,7 @@
#include <environment.h>
#include <i2c.h>
#include <asm/arch/soc.h>
+#include <fsl_sec.h>
#include "../common/qixis.h"
#include "ls2080ardb_qixis.h"
@@ -214,7 +215,9 @@ int arch_misc_init(void)
#ifdef CONFIG_FSL_DEBUG_SERVER
debug_server_init();
#endif
-
+#ifdef CONFIG_FSL_CAAM
+ sec_init();
+#endif
return 0;
}
#endif
diff --git a/configs/ls2080aqds_SECURE_BOOT_defconfig b/configs/ls2080aqds_SECURE_BOOT_defconfig
new file mode 100644
index 0000000..408d1ee
--- /dev/null
+++ b/configs/ls2080aqds_SECURE_BOOT_defconfig
@@ -0,0 +1,20 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS2080AQDS=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-qds"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2080A, SECURE_BOOT"
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_OF_CONTROL=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_SYS_NS16550=y
+CONFIG_FSL_DSPI=y
+CONFIG_RSA=y
diff --git a/configs/ls2080ardb_SECURE_BOOT_defconfig b/configs/ls2080ardb_SECURE_BOOT_defconfig
new file mode 100644
index 0000000..dde3311
--- /dev/null
+++ b/configs/ls2080ardb_SECURE_BOOT_defconfig
@@ -0,0 +1,20 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS2080ARDB=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-rdb"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2080A, SECURE_BOOT"
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_OF_CONTROL=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_SYS_NS16550=y
+CONFIG_FSL_DSPI=y
+CONFIG_RSA=y
diff --git a/configs/ls2085aqds_SECURE_BOOT_defconfig b/configs/ls2085aqds_SECURE_BOOT_defconfig
new file mode 100644
index 0000000..f13ee41
--- /dev/null
+++ b/configs/ls2085aqds_SECURE_BOOT_defconfig
@@ -0,0 +1,20 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS2080AQDS=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-qds"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2085A, SECURE_BOOT"
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_OF_CONTROL=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_SYS_NS16550=y
+CONFIG_FSL_DSPI=y
+CONFIG_RSA=y
diff --git a/configs/ls2085ardb_SECURE_BOOT_defconfig b/configs/ls2085ardb_SECURE_BOOT_defconfig
new file mode 100644
index 0000000..aa66508
--- /dev/null
+++ b/configs/ls2085ardb_SECURE_BOOT_defconfig
@@ -0,0 +1,20 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS2080ARDB=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-rdb"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2085A, SECURE_BOOT"
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_OF_CONTROL=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_SYS_NS16550=y
+CONFIG_FSL_DSPI=y
+CONFIG_RSA=y
diff --git a/include/configs/ls2080aqds.h b/include/configs/ls2080aqds.h
index dab3820..91fad0a 100644
--- a/include/configs/ls2080aqds.h
+++ b/include/configs/ls2080aqds.h
@@ -399,4 +399,6 @@ unsigned long get_board_ddr_clk(void);
#define CONFIG_USB_STORAGE
#define CONFIG_CMD_EXT2
+#include <asm/fsl_secure_boot.h>
+
#endif /* __LS2_QDS_H */
diff --git a/include/configs/ls2080ardb.h b/include/configs/ls2080ardb.h
index b2c0181..81b9b8d 100644
--- a/include/configs/ls2080ardb.h
+++ b/include/configs/ls2080ardb.h
@@ -362,4 +362,6 @@ unsigned long get_board_sys_clk(void);
#define CONFIG_PHY_AQUANTIA
#endif
+#include <asm/fsl_secure_boot.h>
+
#endif /* __LS2_RDB_H */
--
1.8.1.4
More information about the U-Boot
mailing list