[U-Boot] [PATCH 2/2] LS1046ARDB : Add QSPI Secure Boot target

Sumit Garg sumit.garg at nxp.com
Mon Oct 24 20:37:18 CEST 2016 

Add QSPI Secure Boot target to enable chain of trust and enable
sec init. Also define bootscript and its header addresses for QSPI
target.

Signed-off-by: Vinitha Pillai <vinitha.pillai at nxp.com>
Signed-off-by: Sumit Garg <sumit.garg at nxp.com>
---
 arch/arm/include/asm/arch-fsl-layerscape/config.h |  2 +-
 arch/arm/include/asm/fsl_secure_boot.h            | 37 ++++++++++++++++-------
 board/freescale/ls1046ardb/MAINTAINERS            |  4 +++
 board/freescale/ls1046ardb/ls1046ardb.c           | 19 ++++++++++++
 configs/ls1046ardb_qspi_SECURE_BOOT_defconfig     | 27 +++++++++++++++++
 include/configs/ls1046ardb.h                      |  2 ++
 6 files changed, 79 insertions(+), 12 deletions(-)
 create mode 100644 configs/ls1046ardb_qspi_SECURE_BOOT_defconfig

diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h b/arch/arm/include/asm/arch-fsl-layerscape/config.h
index 4201e0f..11a62e8 100644
--- a/arch/arm/include/asm/arch-fsl-layerscape/config.h
+++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h
@@ -196,7 +196,7 @@
 
 #define CONFIG_SYS_FSL_IFC_BE
 #define CONFIG_SYS_FSL_SFP_VER_3_2
-#define CONFIG_SYS_FSL_SNVS_LE
+#define CONFIG_SYS_FSL_SEC_MON_BE
 #define CONFIG_SYS_FSL_SFP_BE
 #define CONFIG_SYS_FSL_SRK_LE
 #define CONFIG_KEY_REVOCATION
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index 4525287..933e09c 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -45,7 +45,8 @@
 #define CONFIG_CMD_HASH
 #define CONFIG_KEY_REVOCATION
 #ifndef CONFIG_SYS_RAMBOOT
-/* The key used for verification of next level images
+/*
+ * The key used for verification of next level images
  * is picked up from an Extension Table which has
  * been verified by the ISBC (Internal Secure boot Code)
  * in boot ROM of the SoC.
@@ -59,9 +60,10 @@
 
 #endif
 
-#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A)
-/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit
- * Similiarly for LS2080
+#if defined(CONFIG_FSL_LAYERSCAPE)
+/*
+ * For fsl layerscape based platforms, ESBC image Address in Header
+ * is 64 bit.
  */
 #define CONFIG_ESBC_ADDR_64BIT
 #endif
@@ -78,13 +80,16 @@
 	"setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';"
 #endif
 
-/* Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from
- * Non-XIP Memory (Nand/SD)*/
+/*
+ * Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from
+ * Non-XIP Memory (Nand/SD)
+ */
 #if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_LS2080A) || \
 	defined(CONFIG_SD_BOOT)
 #define CONFIG_BOOTSCRIPT_COPY_RAM
 #endif
-/* The address needs to be modified according to NOR, NAND, SD and
+/*
+ * The address needs to be modified according to NOR, NAND, SD and
  * DDR memory map
  */
 #ifdef CONFIG_LS2080A
@@ -96,19 +101,26 @@
 #define CONFIG_BS_SIZE			0x00001000
 #else
 #ifdef CONFIG_SD_BOOT
-/* For SD boot address and size are assigned in terms of sector
+/*
+ * For SD boot address and size are assigned in terms of sector
  * offset and no. of sectors respectively.
  */
 #define CONFIG_BS_HDR_ADDR_DEVICE	0x00000800
 #define CONFIG_BS_ADDR_DEVICE		0x00000840
 #define CONFIG_BS_HDR_SIZE		0x00000010
 #define CONFIG_BS_SIZE			0x00000008
-#else
+/* ifdef CONFIG_SD_BOOT */
+#elif defined(CONFIG_QSPI_BOOT)
+#define CONFIG_BS_HDR_ADDR_DEVICE	0x40780000
+#define CONFIG_BS_ADDR_DEVICE		0x40800000
+#define CONFIG_BS_HDR_SIZE		0x00002000
+#define CONFIG_BS_SIZE			0x00001000
+#else /* elif defined(CONFIG_QSPI_BOOT) */
 #define CONFIG_BS_HDR_ADDR_DEVICE	0x600a0000
 #define CONFIG_BS_ADDR_DEVICE		0x60060000
 #define CONFIG_BS_HDR_SIZE		0x00002000
 #define CONFIG_BS_SIZE			0x00001000
-#endif /* #ifdef CONFIG_SD_BOOT */
+#endif /* Default NOR Boot */
 #define CONFIG_BS_HDR_ADDR_RAM		0x81000000
 #define CONFIG_BS_ADDR_RAM		0x81020000
 #endif
@@ -125,12 +137,15 @@
 #ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP
 #ifdef CONFIG_LS1043A
 #define CONFIG_SYS_LS_PPA_ESBC_ADDR	0x600c0000
+#elif defined(CONFIG_LS1046A)
+#define CONFIG_SYS_LS_PPA_ESBC_ADDR     0x40740000
 #endif
 #else
 #error "No CONFIG_SYS_LS_PPA_FW_IN_xxx defined"
 #endif /* ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP */
 
-/* Define the key hash here if SRK used for signing PPA image is
+/*
+ * Define the key hash here if SRK used for signing PPA image is
  * different from SRK hash put in SFP used for U-Boot.
  * Example
  * #define CONFIG_PPA_KEY_HASH \
diff --git a/board/freescale/ls1046ardb/MAINTAINERS b/board/freescale/ls1046ardb/MAINTAINERS
index ff42bef..758ff9d 100644
--- a/board/freescale/ls1046ardb/MAINTAINERS
+++ b/board/freescale/ls1046ardb/MAINTAINERS
@@ -7,3 +7,7 @@ F:	include/configs/ls1046ardb.h
 F:	configs/ls1046ardb_qspi_defconfig
 F:	configs/ls1046ardb_sdcard_defconfig
 F:	configs/ls1046ardb_emmc_defconfig
+
+M:	Sumit Garg <sumit.garg at nxp.com>
+S:	Maintained
+F:	configs/ls1046ardb_qspi_SECURE_BOOT_defconfig
diff --git a/board/freescale/ls1046ardb/ls1046ardb.c b/board/freescale/ls1046ardb/ls1046ardb.c
index 585c807..6fadea1 100644
--- a/board/freescale/ls1046ardb/ls1046ardb.c
+++ b/board/freescale/ls1046ardb/ls1046ardb.c
@@ -20,6 +20,7 @@
 #include <fsl_csu.h>
 #include <fsl_esdhc.h>
 #include "cpld.h"
+#include <fsl_sec.h>
 
 DECLARE_GLOBAL_DATA_PTR;
 
@@ -77,6 +78,24 @@ int board_init(void)
 	enable_layerscape_ns_access();
 #endif
 
+#ifdef CONFIG_SECURE_BOOT
+	/*
+	 * In case of Secure Boot, the IBR configures the SMMU
+	 * to allow only Secure transactions.
+	 * SMMU must be reset in bypass mode.
+	 * Set the ClientPD bit and Clear the USFCFG Bit
+	 */
+	u32 val;
+	val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK);
+	out_le32(SMMU_SCR0, val);
+	val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK);
+	out_le32(SMMU_NSCR0, val);
+#endif
+
+#ifdef CONFIG_FSL_CAAM
+	sec_init();
+#endif
+
 #ifdef CONFIG_FSL_LS_PPA
 	ppa_init();
 #endif
diff --git a/configs/ls1046ardb_qspi_SECURE_BOOT_defconfig b/configs/ls1046ardb_qspi_SECURE_BOOT_defconfig
new file mode 100644
index 0000000..c79c875
--- /dev/null
+++ b/configs/ls1046ardb_qspi_SECURE_BOOT_defconfig
@@ -0,0 +1,27 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS1046ARDB=y
+CONFIG_DM_SPI=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1046a-rdb"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4,SECURE_BOOT"
+CONFIG_QSPI_BOOT=y
+CONFIG_BOOTDELAY=10
+CONFIG_HUSH_PARSER=y
+# CONFIG_CMD_IMLS is not set
+CONFIG_CMD_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_MII=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_CACHE=y
+CONFIG_CMD_EXT2=y
+CONFIG_CMD_FAT=y
+CONFIG_OF_CONTROL=y
+CONFIG_DM=y
+CONFIG_SPI_FLASH=y
+CONFIG_SYS_NS16550=y
+CONFIG_FSL_QSPI=y
+CONFIG_RSA=y
diff --git a/include/configs/ls1046ardb.h b/include/configs/ls1046ardb.h
index 2fe8fc1..afa580e 100644
--- a/include/configs/ls1046ardb.h
+++ b/include/configs/ls1046ardb.h
@@ -234,4 +234,6 @@
 			"7e800000.flash:16m(nand_uboot)," \
 			"48m(nand_kernel),448m(nand_free)"
 
+#include <asm/fsl_secure_boot.h>
+
 #endif /* __LS1046ARDB_H__ */
-- 
1.8.1.4

More information about the U-Boot mailing list