[U-Boot] [PATCH 04/11] spl: imx: Add optional lds to keep SPL entirely in on-chip RAM

Sat Jul 14 00:11:48 UTC 2018

From: Henry Beberman <henry.beberman at microsoft.com>

This patch is part of the i.MX Windows 10 IoT Core boot flow.

It adds a modified linker script for SPL to keep all segments in
on-chip ram. This is to harden the device against potential leaks of
device secrets by keeping them out of DRAM.

Additionally if CONFIG_SYS_SPL_MALLOC_START is defined, it will
override the CONFIG_SPL_SYS_MALLOC_SIMPLE and allocate space in DRAM
instead of on-chip ram. This patch prevents the definition of those
values for i.MX6 and i.MX7 SPL if CONFIG_OPTEE_SPL_BOOT is selected.

Signed-off-by: Henry Beberman <henry.beberman at microsoft.com>
Cc: Stefano Babic <sbabic at denx.de>
Cc: Fabio Estevam <fabio.estevam at nxp.com>
---
 arch/arm/mach-imx/u-boot-spl-sram.lds | 59 +++++++++++++++++++++++++++++++++++
 include/configs/imx6_spl.h            |  2 ++
 include/configs/imx7_spl.h            |  2 ++
 3 files changed, 63 insertions(+)
 create mode 100644 arch/arm/mach-imx/u-boot-spl-sram.lds

diff --git a/arch/arm/mach-imx/u-boot-spl-sram.lds b/arch/arm/mach-imx/u-boot-spl-sram.lds
new file mode 100644
index 0000000000..dfbb4aef5d
--- /dev/null
+++ b/arch/arm/mach-imx/u-boot-spl-sram.lds
@@ -0,0 +1,59 @@
+/*
+ * (C) Copyright 2002
+ * Gary Jennejohn, DENX Software Engineering, <garyj at denx.de>
+ *
+ * (C) Copyright 2010
+ * Texas Instruments, <www.ti.com>
+ *	Aneesh V <aneesh at ti.com>
+ *
+ * (C) Copyright 2018 Microsoft Corporation
+ *
+ * SPDX-License-Identifier:	GPL-2.0+
+ */
+
+MEMORY { .sram : ORIGIN = CONFIG_SPL_TEXT_BASE,\
+		LENGTH = CONFIG_SPL_MAX_SIZE }
+
+OUTPUT_FORMAT("elf32-littlearm", "elf32-littlearm", "elf32-littlearm")
+OUTPUT_ARCH(arm)
+ENTRY(_start)
+SECTIONS
+{
+	.text      :
+	{
+		__start = .;
+		*(.vectors)
+		arch/arm/cpu/armv7/start.o	(.text*)
+		*(.text*)
+	} >.sram
+
+	. = ALIGN(4);
+	.rodata : { *(SORT_BY_ALIGNMENT(.rodata*)) } >.sram
+
+	. = ALIGN(4);
+	.data : { *(SORT_BY_ALIGNMENT(.data*)) } >.sram
+
+	. = ALIGN(4);
+	.u_boot_list : {
+		KEEP(*(SORT(.u_boot_list*)));
+	} >.sram
+
+	. = ALIGN(4);
+	__image_copy_end = .;
+
+	.end :
+	{
+		*(.__end)
+	}
+
+	_image_binary_end = .;
+
+	.bss :
+	{
+		. = ALIGN(4);
+		__bss_start = .;
+		*(.bss*)
+		. = ALIGN(4);
+		__bss_end = .;
+	} >.sram
+}
diff --git a/include/configs/imx6_spl.h b/include/configs/imx6_spl.h
index 720ff045a7..4088e8a936 100644
--- a/include/configs/imx6_spl.h
+++ b/include/configs/imx6_spl.h
@@ -51,6 +51,7 @@
 # endif
 #endif
 
+#ifndef CONFIG_OPTEE_SPL_BOOT
 #if defined(CONFIG_MX6SX) || defined(CONFIG_MX6SL) || \
 	defined(CONFIG_MX6UL) || defined(CONFIG_MX6ULL)
 #define CONFIG_SPL_BSS_START_ADDR      0x88200000
@@ -63,6 +64,7 @@
 #define CONFIG_SYS_SPL_MALLOC_START	0x18300000
 #define CONFIG_SYS_SPL_MALLOC_SIZE	0x100000	/* 1 MB */
 #endif
+#endif /* !CONFIG_OPTEE_SPL_BOOT */
 #endif
 
 #endif
diff --git a/include/configs/imx7_spl.h b/include/configs/imx7_spl.h
index 1eb6cd894d..5dd4aed652 100644
--- a/include/configs/imx7_spl.h
+++ b/include/configs/imx7_spl.h
@@ -46,10 +46,12 @@
 # endif
 #endif
 
+#ifndef CONFIG_OPTEE_SPL_BOOT
 #define CONFIG_SPL_BSS_START_ADDR      0x88200000
 #define CONFIG_SPL_BSS_MAX_SIZE        0x100000		/* 1 MB */
 #define CONFIG_SYS_SPL_MALLOC_START    0x88300000
 #define CONFIG_SYS_SPL_MALLOC_SIZE     0x100000		/* 1 MB */
+#endif /* !CONFIG_OPTEE_SPL_BOOT */
 
 #endif /* CONFIG_SPL */
 
-- 
2.16.2.gvfs.1.33.gf5370f1

