[U-Boot] [PATCH 2/2] LS1088A: SECURE_BOOT: Images validation
Udit Agarwal
udit.agarwal at nxp.com
Fri Apr 28 12:55:00 UTC 2017
Validates PPA, MC, DPC, Bootscript, DPL and Kernel images in ESBC phase
using esbc_validate command. Add images validation in default environment
under mcinitcmd prior to MC initialization.
Add header address for PPA to be validated during ESBC phase for LS1088A
platform based on LAyerscape Chasis 3.
Defines address for Bootscript image and its header for QSPI and adds
command to copy these images from QSPI to RAM using sf read command.
Signed-off-by: Udit Agarwal <udit.agarwal at nxp.com>
---
Dependent patch set:
https://patchwork.ozlabs.org/patch/756260/
arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 3 ++-
arch/arm/include/asm/fsl_secure_boot.h | 5 +++++
board/freescale/ls1088a/Kconfig | 1 +
board/freescale/ls1088a/ls1088a.c | 6 +++---
include/config_fsl_chain_trust.h | 7 ++++++-
include/configs/ls1088a_common.h | 2 ++
include/configs/ls1088aqds.h | 21 +++++++++++++++++++++
include/configs/ls1088ardb.h | 21 +++++++++++++++++++++
8 files changed, 61 insertions(+), 5 deletions(-)
diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
index 1f23698..8c3c966 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
+++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
@@ -214,7 +214,8 @@ config SYS_LS_PPA_ESBC_ADDR
default 0x60680000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1043A
default 0x40680000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1046A
default 0x40680000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A
- default 0x580680000 if SYS_LS_PPA_FW_IN_XIP && FSL_LSCH3
+ default 0x20680000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1088A
+ default 0x580680000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS2080A
default 0x680000 if SYS_LS_PPA_FW_IN_MMC
default 0x680000 if SYS_LS_PPA_FW_IN_NAND
help
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index 42ae4e2..2e45275 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -78,8 +78,13 @@
* DDR memory map
*/
#ifdef CONFIG_FSL_LSCH3
+#ifdef CONFIG_QSPI_BOOT
+#define CONFIG_BS_ADDR_DEVICE 0x20600000
+#define CONFIG_BS_HDR_ADDR_DEVICE 0x20640000
+#else /* NOR BOOT */
#define CONFIG_BS_ADDR_DEVICE 0x580600000
#define CONFIG_BS_HDR_ADDR_DEVICE 0x580640000
+#endif /*ifdef CONFIG_QSPI_BOOT */
#define CONFIG_BS_SIZE 0x00001000
#define CONFIG_BS_HDR_SIZE 0x00004000
#define CONFIG_BS_ADDR_RAM 0xa0600000
diff --git a/board/freescale/ls1088a/Kconfig b/board/freescale/ls1088a/Kconfig
index 1ada661..c8555d5 100644
--- a/board/freescale/ls1088a/Kconfig
+++ b/board/freescale/ls1088a/Kconfig
@@ -28,4 +28,5 @@ config SYS_SOC
config SYS_CONFIG_NAME
default "ls1088ardb"
+source "board/freescale/common/Kconfig"
endif
diff --git a/board/freescale/ls1088a/ls1088a.c b/board/freescale/ls1088a/ls1088a.c
index dcd919d..b094319 100644
--- a/board/freescale/ls1088a/ls1088a.c
+++ b/board/freescale/ls1088a/ls1088a.c
@@ -857,6 +857,9 @@ int board_init(void)
if (adjust_vdd(0) < 0)
printf("core voltage not adjusted\n");
+#ifdef CONFIG_FSL_CAAM
+ sec_init();
+#endif
#ifdef CONFIG_FSL_LS_PPA
ppa_init();
#endif
@@ -879,9 +882,6 @@ void detail_board_ddr_info(void)
#if defined(CONFIG_ARCH_MISC_INIT)
int arch_misc_init(void)
{
-#ifdef CONFIG_FSL_CAAM
- sec_init();
-#endif
return 0;
}
#endif
diff --git a/include/config_fsl_chain_trust.h b/include/config_fsl_chain_trust.h
index 40d323e..2105b05 100644
--- a/include/config_fsl_chain_trust.h
+++ b/include/config_fsl_chain_trust.h
@@ -80,7 +80,12 @@
"setenv bs_device " __stringify(CONFIG_BS_ADDR_DEVICE)";" \
"setenv bs_size " __stringify(CONFIG_BS_SIZE)";"
-/* For secure boot flow, default environment used will be used */
+/* Define BS_COPY_COMMAND to copy bootscript for different types of BOOT
+ * For RAMBOOT, check the type of RAMBOOT to define copy command
+ * For SoC's where QSPI XIP mode doesnot work - CONFIG_BS_COPY_QSPI_IP is used
+ * and for rest it is just a copy command
+ */
+
#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_NAND_BOOT) || \
defined(CONFIG_SD_BOOT)
#if defined(CONFIG_RAMBOOT_NAND) || defined(CONFIG_NAND_BOOT)
diff --git a/include/configs/ls1088a_common.h b/include/configs/ls1088a_common.h
index fbf81f0..ee79470 100644
--- a/include/configs/ls1088a_common.h
+++ b/include/configs/ls1088a_common.h
@@ -142,7 +142,9 @@ unsigned long long get_qixis_addr(void);
#define CONFIG_SYS_LS_MC_DRAM_BLOCK_MIN_SIZE (512UL * 1024 * 1024)
#endif
+#if !defined(CONFIG_FSL_CAAM)
#define CONFIG_FSL_CAAM /* Enable SEC/CAAM */
+#endif
/* Command line configuration */
#define CONFIG_CMD_ENV
diff --git a/include/configs/ls1088aqds.h b/include/configs/ls1088aqds.h
index b075c15..3b7cd8a 100644
--- a/include/configs/ls1088aqds.h
+++ b/include/configs/ls1088aqds.h
@@ -358,6 +358,26 @@ unsigned long get_board_ddr_clk(void);
/* Initial environment variables */
#if defined(CONFIG_QSPI_BOOT)
+#ifdef CONFIG_SECURE_BOOT
+#undef CONFIG_EXTRA_ENV_SETTINGS
+#define CONFIG_EXTRA_ENV_SETTINGS \
+ "hwconfig=fsl_ddr:bank_intlv=auto\0" \
+ "loadaddr=0x90100000\0" \
+ "kernel_addr=0x100000\0" \
+ "ramdisk_addr=0x800000\0" \
+ "ramdisk_size=0x2000000\0" \
+ "fdt_high=0xa0000000\0" \
+ "initrd_high=0xffffffffffffffff\0" \
+ "kernel_start=0x1100000\0" \
+ "kernel_load=0xa0000000\0" \
+ "kernel_size=0x2800000\0" \
+ "mcinitcmd=sf probe 0:0;sf read 0xa0300000 0x300000 0x100000;" \
+ "sf read 0xa0c80000 0xc80000 0x100000; esbc_validate 0xa0c80000;" \
+ "sf read 0xa0800000 0x800000 0x100000;" \
+ "sf read 0xa0cc0000 0xcc0000 0x100000;esbc_validate 0xa0cc0000;" \
+ "fsl_mc start mc 0xa0300000 0xa0800000\0" \
+ "mcmemsize=0x70000000 \0"
+#else /* if !(CONFIG_SECURE_BOOT) */
#undef CONFIG_EXTRA_ENV_SETTINGS
#define CONFIG_EXTRA_ENV_SETTINGS \
"hwconfig=fsl_ddr:bank_intlv=auto\0" \
@@ -374,6 +394,7 @@ unsigned long get_board_ddr_clk(void);
"sf read 0x80100000 0x800000 0x100000;" \
"fsl_mc start mc 0x80000000 0x80100000\0" \
"mcmemsize=0x70000000 \0"
+#endif /* CONFIG_SECURE_BOOT */
#elif defined(CONFIG_SD_BOOT)
#undef CONFIG_EXTRA_ENV_SETTINGS
#define CONFIG_EXTRA_ENV_SETTINGS \
diff --git a/include/configs/ls1088ardb.h b/include/configs/ls1088ardb.h
index 78808bc..e6bbfb8 100644
--- a/include/configs/ls1088ardb.h
+++ b/include/configs/ls1088ardb.h
@@ -289,6 +289,26 @@
/* Initial environment variables */
#if defined(CONFIG_QSPI_BOOT)
+#ifdef CONFIG_SECURE_BOOT
+#undef CONFIG_EXTRA_ENV_SETTINGS
+#define CONFIG_EXTRA_ENV_SETTINGS \
+ "hwconfig=fsl_ddr:bank_intlv=auto\0" \
+ "loadaddr=0x90100000\0" \
+ "kernel_addr=0x100000\0" \
+ "ramdisk_addr=0x800000\0" \
+ "ramdisk_size=0x2000000\0" \
+ "fdt_high=0xa0000000\0" \
+ "initrd_high=0xffffffffffffffff\0" \
+ "kernel_start=0x1100000\0" \
+ "kernel_load=0xa0000000\0" \
+ "kernel_size=0x2800000\0" \
+ "mcinitcmd=sf probe 0:0;sf read 0xa0300000 0x300000 0x100000;" \
+ "sf read 0xa0c80000 0xc80000 0x100000; esbc_validate 0xa0c80000;" \
+ "sf read 0xa0800000 0x800000 0x100000;" \
+ "sf read 0xa0cc0000 0xcc0000 0x100000;esbc_validate 0xa0cc0000;" \
+ "fsl_mc start mc 0xa0300000 0xa0800000\0" \
+ "mcmemsize=0x70000000 \0"
+#else /* if !(CONFIG_SECURE_BOOT) */
#undef CONFIG_EXTRA_ENV_SETTINGS
#define CONFIG_EXTRA_ENV_SETTINGS \
"hwconfig=fsl_ddr:bank_intlv=auto\0" \
@@ -305,6 +325,7 @@
"sf read 0x80100000 0x800000 0x100000;" \
"fsl_mc start mc 0x80000000 0x80100000\0" \
"mcmemsize=0x70000000 \0"
+#endif /* CONFIG_SECURE_BOOT */
#elif defined(CONFIG_SD_BOOT)
#undef CONFIG_EXTRA_ENV_SETTINGS
#define CONFIG_EXTRA_ENV_SETTINGS \
--
1.9.1
More information about the U-Boot
mailing list