| Message ID | 1464194453-5829-1-git-send-email-sumit.garg@nxp.com |
|---|---|
| State | Superseded |
| Delegated to: | York Sun |
| Headers | show |
The build/config changes to common/drivers/lib are more general than the powerpc/mpc85xx board support and IMO should be represented in a separate patch. Check out: https://www.mail-archive.com/u-boot@lists.denx.de/msg211374.html for an example set of needed changes. I mentioned before that I'm happy to resubmit that patch to generically support an SPL-based verified boot. :) I haven't seen any requested changes, and it is almost 100% mimicking Simon's, so that gives me a bit of assurance. ;) On Wed, May 25, 2016 at 9:40 AM, Sumit Garg <sumit.garg@nxp.com> wrote: > As part of Chain of Trust for Secure boot, the SPL U-Boot will validate > the next level U-boot image. Add a new function spl_validate_uboot to > perform the validation. > > Enable hardware crypto operations in SPL using SEC block. > In case of Secure Boot, PAMU is not bypassed. For allowing SEC block > access to CPC configured as SRAM, configure PAMU. > > Reviewed-by: Ruchika Gupta <ruchika.gupta@nxp.com> > Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> > Signed-off-by: Sumit Garg <sumit.garg@nxp.com> > --- > Changes in v2: > Patches rebased > > arch/powerpc/cpu/mpc8xxx/fsl_pamu.c | 8 +++++ > arch/powerpc/cpu/mpc8xxx/pamu_table.c | 8 +++++ > arch/powerpc/include/asm/fsl_secure_boot.h | 26 +++++++++++++++ > board/freescale/common/fsl_chain_of_trust.c | 50 +++++++++++++++++++++++++++++ > common/Makefile | 2 ++ > drivers/Makefile | 1 + > drivers/crypto/fsl/jr.c | 16 +++++++++ > drivers/mtd/nand/fsl_ifc_spl.c | 24 ++++++++++++++ > include/fsl_validate.h | 1 + > lib/Makefile | 3 ++ > 10 files changed, 139 insertions(+) > > diff --git a/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c b/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c > index 9421f1e..ede8e66 100644 > --- a/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c > +++ b/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c > @@ -239,15 +239,23 @@ int pamu_init(void) > spaact_size = sizeof(struct paace) * NUM_SPAACT_ENTRIES; > > /* Allocate space for Primary PAACT Table */ > +#if (defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_PPAACT_ADDR)) > + ppaact = (void *)CONFIG_SPL_PPAACT_ADDR; > +#else > ppaact = memalign(PAMU_TABLE_ALIGNMENT, ppaact_size); > if (!ppaact) > return -1; > +#endif > memset(ppaact, 0, ppaact_size); > > /* Allocate space for Secondary PAACT Table */ > +#if (defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_SPAACT_ADDR)) > + sec = (void *)CONFIG_SPL_SPAACT_ADDR; > +#else > sec = memalign(PAMU_TABLE_ALIGNMENT, spaact_size); > if (!sec) > return -1; > +#endif > memset(sec, 0, spaact_size); > > ppaact_phys = virt_to_phys((void *)ppaact); > diff --git a/arch/powerpc/cpu/mpc8xxx/pamu_table.c b/arch/powerpc/cpu/mpc8xxx/pamu_table.c > index 26c5ea4..a8e6f51 100644 > --- a/arch/powerpc/cpu/mpc8xxx/pamu_table.c > +++ b/arch/powerpc/cpu/mpc8xxx/pamu_table.c > @@ -28,6 +28,14 @@ void construct_pamu_addr_table(struct pamu_addr_tbl *tbl, int *num_entries) > > i++; > #endif > +#if (defined(CONFIG_SPL_BUILD) && (CONFIG_SYS_INIT_L3_VADDR)) > + tbl->start_addr[i] = > + (uint64_t)virt_to_phys((void *)CONFIG_SYS_INIT_L3_VADDR); > + tbl->size[i] = 256 * 1024; /* 256K CPC flash */ > + tbl->end_addr[i] = tbl->start_addr[i] + tbl->size[i] - 1; > + > + i++; > +#endif > debug("PAMU address\t\t\tsize\n"); > for (j = 0; j < i ; j++) > debug("%llx \t\t\t%llx\n", tbl->start_addr[j], tbl->size[j]); > diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h > index 826f9c9..2a29277 100644 > --- a/arch/powerpc/include/asm/fsl_secure_boot.h > +++ b/arch/powerpc/include/asm/fsl_secure_boot.h > @@ -72,6 +72,30 @@ > > #ifdef CONFIG_CHAIN_OF_TRUST > > +#ifdef CONFIG_SPL_BUILD > +#define CONFIG_SPL_DM 1 > +#define CONFIG_SPL_CRYPTO_SUPPORT > +#define CONFIG_SPL_DRIVERS_MISC_SUPPORT > +/* > + * PPAACT and SPAACT table for PAMU must be placed on DDR after DDR init > + * due to space crunch on CPC and thus malloc will not work. > + */ > +#define CONFIG_SPL_PPAACT_ADDR 0x2e000000 > +#define CONFIG_SPL_SPAACT_ADDR 0x2f000000 > +#define CONFIG_SPL_JR0_LIODN_S 454 > +#define CONFIG_SPL_JR0_LIODN_NS 458 > +/* > + * Define the key hash for U-Boot here if public/private key pair used to > + * sign U-boot are different from the SRK hash put in the fuse > + * Example of defining KEY_HASH is > + * #define CONFIG_SPL_UBOOT_KEY_HASH \ > + * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b" > + * else leave it defined as NULL > + */ > + > +#define CONFIG_SPL_UBOOT_KEY_HASH NULL > +#endif /* ifdef CONFIG_SPL_BUILD */ > + > #define CONFIG_CMD_ESBC_VALIDATE > #define CONFIG_CMD_BLOB > #define CONFIG_FSL_SEC_MON > @@ -82,6 +106,7 @@ > #define CONFIG_FSL_CAAM > #endif > > +#ifndef CONFIG_SPL_BUILD > /* fsl_setenv_chain_of_trust() must be called from > * board_late_init() > */ > @@ -119,5 +144,6 @@ > #endif /* #ifdef CONFIG_BOOTSCRIPT_COPY_RAM */ > > #include <config_fsl_chain_trust.h> > +#endif /* #ifndef CONFIG_SPL_BUILD */ > #endif /* #ifdef CONFIG_CHAIN_OF_TRUST */ > #endif > diff --git a/board/freescale/common/fsl_chain_of_trust.c b/board/freescale/common/fsl_chain_of_trust.c > index ecfcc82..992babf 100644 > --- a/board/freescale/common/fsl_chain_of_trust.c > +++ b/board/freescale/common/fsl_chain_of_trust.c > @@ -6,7 +6,17 @@ > > #include <common.h> > #include <fsl_validate.h> > +#include <fsl_secboot_err.h> > #include <fsl_sfp.h> > +#include <dm/root.h> > + > +#ifdef CONFIG_ADDR_MAP > +#include <asm/mmu.h> > +#endif > + > +#ifdef CONFIG_FSL_CORENET > +#include <asm/fsl_pamu.h> > +#endif > > #ifdef CONFIG_LS102XA > #include <asm/arch/immap_ls102xa.h> > @@ -52,6 +62,7 @@ int fsl_check_boot_mode_secure(void) > return 0; > } > > +#ifndef CONFIG_SPL_BUILD > int fsl_setenv_chain_of_trust(void) > { > /* Check Boot Mode > @@ -68,3 +79,42 @@ int fsl_setenv_chain_of_trust(void) > setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD); > return 0; > } > +#endif > + > +#ifdef CONFIG_SPL_BUILD > +void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr) > +{ > + int res; > + > + /* Check Boot Mode > + * If Boot Mode is Non-Secure, skip validation > + */ > + if (fsl_check_boot_mode_secure() == 0) > + return; > + > + printf("SPL: Validating U-Boot image\n"); > + > +#ifdef CONFIG_ADDR_MAP > + init_addr_map(); > +#endif > + > +#ifdef CONFIG_FSL_CORENET > + if (pamu_init() < 0) > + fsl_secboot_handle_error(ERROR_ESBC_PAMU_INIT); > +#endif > + > +#ifdef CONFIG_FSL_CAAM > + if (sec_init() < 0) > + fsl_secboot_handle_error(ERROR_ESBC_SEC_INIT); > +#endif > + > +#if defined(CONFIG_DM) > + dm_init_and_scan(false); > +#endif > + res = fsl_secboot_validate(hdr_addr, CONFIG_SPL_UBOOT_KEY_HASH, > + &img_addr); > + > + if (res == 0) > + printf("SPL: Validation of U-boot successful\n"); > +} > +#endif > diff --git a/common/Makefile b/common/Makefile > index f9b26b7..402835b 100644 > --- a/common/Makefile > +++ b/common/Makefile > @@ -93,6 +93,8 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o > endif # !CONFIG_SPL_BUILD > > ifdef CONFIG_SPL_BUILD > +# core > +obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += hash.o Maybe use: CONFIG_SPL_HASH_SUPPORT > obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o > obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o > obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o > diff --git a/drivers/Makefile b/drivers/Makefile > index 99dd07f..d125b42 100644 > --- a/drivers/Makefile > +++ b/drivers/Makefile > @@ -38,6 +38,7 @@ obj-$(CONFIG_OMAP_USB_PHY) += usb/phy/ > obj-$(CONFIG_SPL_SATA_SUPPORT) += block/ > obj-$(CONFIG_SPL_USB_HOST_SUPPORT) += block/ > obj-$(CONFIG_SPL_MMC_SUPPORT) += block/ > +obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/ > > else > > diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c > index 8bc517d..2309b23 100644 > --- a/drivers/crypto/fsl/jr.c > +++ b/drivers/crypto/fsl/jr.c > @@ -563,10 +563,26 @@ int sec_init(void) > sec_out32(&sec->mcfgr, mcr); > > #ifdef CONFIG_FSL_CORENET > +#ifdef CONFIG_SPL_BUILD > + /* For SPL Build, Set the Liodns in SEC JR0 for > + * creating PAMU entries corresponding to these. > + * For normal build, these are set in set_liodns(). > + */ > + liodn_ns = CONFIG_SPL_JR0_LIODN_NS & JRNSLIODN_MASK; > + liodn_s = CONFIG_SPL_JR0_LIODN_S & JRSLIODN_MASK; > + > + liodnr = sec_in32(&sec->jrliodnr[0].ls) & > + ~(JRNSLIODN_MASK | JRSLIODN_MASK); > + liodnr = liodnr | > + (liodn_ns << JRNSLIODN_SHIFT) | > + (liodn_s << JRSLIODN_SHIFT); > + sec_out32(&sec->jrliodnr[0].ls, liodnr); > +#else > liodnr = sec_in32(&sec->jrliodnr[0].ls); > liodn_ns = (liodnr & JRNSLIODN_MASK) >> JRNSLIODN_SHIFT; > liodn_s = (liodnr & JRSLIODN_MASK) >> JRSLIODN_SHIFT; > #endif > +#endif > > ret = jr_init(); > if (ret < 0) { > diff --git a/drivers/mtd/nand/fsl_ifc_spl.c b/drivers/mtd/nand/fsl_ifc_spl.c > index cbeb74a..30aa966 100644 > --- a/drivers/mtd/nand/fsl_ifc_spl.c > +++ b/drivers/mtd/nand/fsl_ifc_spl.c > @@ -11,6 +11,9 @@ > #include <asm/io.h> > #include <fsl_ifc.h> > #include <linux/mtd/nand.h> > +#ifdef CONFIG_CHAIN_OF_TRUST > +#include <fsl_validate.h> > +#endif > > static inline int is_blank(uchar *addr, int page_size) > { > @@ -268,6 +271,27 @@ void nand_boot(void) > */ > flush_cache(CONFIG_SYS_NAND_U_BOOT_DST, CONFIG_SYS_NAND_U_BOOT_SIZE); > #endif > + > +#ifdef CONFIG_CHAIN_OF_TRUST > + /* > + * As U-Boot header is appended at end of U-boot image, so > + * calculate U-boot header address using U-boot header size. > + */ > +#define CONFIG_U_BOOT_HDR_ADDR \ > + ((CONFIG_SYS_NAND_U_BOOT_START + \ > + CONFIG_SYS_NAND_U_BOOT_SIZE) - \ > + CONFIG_U_BOOT_HDR_SIZE) > + spl_validate_uboot(CONFIG_U_BOOT_HDR_ADDR, > + CONFIG_SYS_NAND_U_BOOT_START); > + /* > + * In case of failure in validation, spl_validate_uboot would > + * not return back in case of Production environment with ITS=1. > + * Thus U-Boot will not start. > + * In Development environment (ITS=0 and SB_EN=1), the function > + * may return back in case of non-fatal failures. > + */ > +#endif > + > uboot = (void *)CONFIG_SYS_NAND_U_BOOT_START; > uboot(); > } > diff --git a/include/fsl_validate.h b/include/fsl_validate.h > index a71e1ce..7695b30 100644 > --- a/include/fsl_validate.h > +++ b/include/fsl_validate.h > @@ -254,4 +254,5 @@ int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc, > > int fsl_check_boot_mode_secure(void); > int fsl_setenv_chain_of_trust(void); > +void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr); > #endif > diff --git a/lib/Makefile b/lib/Makefile > index 02dfa29..2cdb436 100644 > --- a/lib/Makefile > +++ b/lib/Makefile > @@ -59,6 +59,9 @@ obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o > ifdef CONFIG_SPL_BUILD > obj-$(CONFIG_SPL_YMODEM_SUPPORT) += crc16.o > obj-$(CONFIG_SPL_NET_SUPPORT) += net_utils.o > +ifdef CONFIG_SPL_CRYPTO_SUPPORT > +obj-$(CONFIG_RSA) += rsa/ > +endif > endif > obj-$(CONFIG_ADDR_MAP) += addr_map.o > obj-y += hashtable.o I think you'll need a bit more here, perhaps sha256? Also, to follow with the rest of lib's config feature selection, use CONFIG_SPL_RSA. > -- > 1.8.1.4 > > _______________________________________________ > U-Boot mailing list > U-Boot@lists.denx.de > http://lists.denx.de/mailman/listinfo/u-boot
> -----Original Message----- > From: Teddy Reed [mailto:teddy.reed@gmail.com] > Sent: Friday, May 27, 2016 3:46 AM > To: Sumit Garg <sumit.garg@nxp.com> > Cc: U-Boot Mailing List <u-boot@lists.denx.de>; Ruchika Gupta > <ruchika.gupta@nxp.com> > Subject: Re: [U-Boot] [PATCH v2 1/2] powerpc/mpc85xx: SECURE BOOT- Enable > chain of trust in SPL > > The build/config changes to common/drivers/lib are more general than the > powerpc/mpc85xx board support and IMO should be represented in a > separate patch. I will split this patch to separate out the build/config changes from powerpc/mpc85xx board specific changes. > > Check out: https://www.mail-archive.com/u- > boot@lists.denx.de/msg211374.html > for an example set of needed changes. > > I mentioned before that I'm happy to resubmit that patch to generically > support an SPL-based verified boot. :) I haven't seen any requested changes, > and it is almost 100% mimicking Simon's, so that gives me a bit of assurance. ;) > I have seen your patch. Shall I do similar changes as per your patch or you will send that patch to support generic SPL-based verified boot? > On Wed, May 25, 2016 at 9:40 AM, Sumit Garg <sumit.garg@nxp.com> wrote: > > As part of Chain of Trust for Secure boot, the SPL U-Boot will > > validate the next level U-boot image. Add a new function > > spl_validate_uboot to perform the validation. > > > > Enable hardware crypto operations in SPL using SEC block. > > In case of Secure Boot, PAMU is not bypassed. For allowing SEC block > > access to CPC configured as SRAM, configure PAMU. > > > > Reviewed-by: Ruchika Gupta <ruchika.gupta@nxp.com> > > Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> > > Signed-off-by: Sumit Garg <sumit.garg@nxp.com> > > --- > > Changes in v2: > > Patches rebased > > > > arch/powerpc/cpu/mpc8xxx/fsl_pamu.c | 8 +++++ > > arch/powerpc/cpu/mpc8xxx/pamu_table.c | 8 +++++ > > arch/powerpc/include/asm/fsl_secure_boot.h | 26 +++++++++++++++ > > board/freescale/common/fsl_chain_of_trust.c | 50 > +++++++++++++++++++++++++++++ > > common/Makefile | 2 ++ > > drivers/Makefile | 1 + > > drivers/crypto/fsl/jr.c | 16 +++++++++ > > drivers/mtd/nand/fsl_ifc_spl.c | 24 ++++++++++++++ > > include/fsl_validate.h | 1 + > > lib/Makefile | 3 ++ > > 10 files changed, 139 insertions(+) > > > > diff --git a/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c > > b/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c > > index 9421f1e..ede8e66 100644 > > --- a/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c > > +++ b/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c > > @@ -239,15 +239,23 @@ int pamu_init(void) > > spaact_size = sizeof(struct paace) * NUM_SPAACT_ENTRIES; > > > > /* Allocate space for Primary PAACT Table */ > > +#if (defined(CONFIG_SPL_BUILD) && > defined(CONFIG_SPL_PPAACT_ADDR)) > > + ppaact = (void *)CONFIG_SPL_PPAACT_ADDR; #else > > ppaact = memalign(PAMU_TABLE_ALIGNMENT, ppaact_size); > > if (!ppaact) > > return -1; > > +#endif > > memset(ppaact, 0, ppaact_size); > > > > /* Allocate space for Secondary PAACT Table */ > > +#if (defined(CONFIG_SPL_BUILD) && > defined(CONFIG_SPL_SPAACT_ADDR)) > > + sec = (void *)CONFIG_SPL_SPAACT_ADDR; #else > > sec = memalign(PAMU_TABLE_ALIGNMENT, spaact_size); > > if (!sec) > > return -1; > > +#endif > > memset(sec, 0, spaact_size); > > > > ppaact_phys = virt_to_phys((void *)ppaact); diff --git > > a/arch/powerpc/cpu/mpc8xxx/pamu_table.c > > b/arch/powerpc/cpu/mpc8xxx/pamu_table.c > > index 26c5ea4..a8e6f51 100644 > > --- a/arch/powerpc/cpu/mpc8xxx/pamu_table.c > > +++ b/arch/powerpc/cpu/mpc8xxx/pamu_table.c > > @@ -28,6 +28,14 @@ void construct_pamu_addr_table(struct > pamu_addr_tbl > > *tbl, int *num_entries) > > > > i++; > > #endif > > +#if (defined(CONFIG_SPL_BUILD) && (CONFIG_SYS_INIT_L3_VADDR)) > > + tbl->start_addr[i] = > > + (uint64_t)virt_to_phys((void *)CONFIG_SYS_INIT_L3_VADDR); > > + tbl->size[i] = 256 * 1024; /* 256K CPC flash */ > > + tbl->end_addr[i] = tbl->start_addr[i] + tbl->size[i] - 1; > > + > > + i++; > > +#endif > > debug("PAMU address\t\t\tsize\n"); > > for (j = 0; j < i ; j++) > > debug("%llx \t\t\t%llx\n", tbl->start_addr[j], > > tbl->size[j]); diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h > > b/arch/powerpc/include/asm/fsl_secure_boot.h > > index 826f9c9..2a29277 100644 > > --- a/arch/powerpc/include/asm/fsl_secure_boot.h > > +++ b/arch/powerpc/include/asm/fsl_secure_boot.h > > @@ -72,6 +72,30 @@ > > > > #ifdef CONFIG_CHAIN_OF_TRUST > > > > +#ifdef CONFIG_SPL_BUILD > > +#define CONFIG_SPL_DM 1 > > +#define CONFIG_SPL_CRYPTO_SUPPORT > > +#define CONFIG_SPL_DRIVERS_MISC_SUPPORT > > +/* > > + * PPAACT and SPAACT table for PAMU must be placed on DDR after DDR > > +init > > + * due to space crunch on CPC and thus malloc will not work. > > + */ > > +#define CONFIG_SPL_PPAACT_ADDR 0x2e000000 > > +#define CONFIG_SPL_SPAACT_ADDR 0x2f000000 > > +#define CONFIG_SPL_JR0_LIODN_S 454 > > +#define CONFIG_SPL_JR0_LIODN_NS 458 > > +/* > > + * Define the key hash for U-Boot here if public/private key pair > > +used to > > + * sign U-boot are different from the SRK hash put in the fuse > > + * Example of defining KEY_HASH is > > + * #define CONFIG_SPL_UBOOT_KEY_HASH \ > > + * > "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b" > > + * else leave it defined as NULL > > + */ > > + > > +#define CONFIG_SPL_UBOOT_KEY_HASH NULL > > +#endif /* ifdef CONFIG_SPL_BUILD */ > > + > > #define CONFIG_CMD_ESBC_VALIDATE > > #define CONFIG_CMD_BLOB > > #define CONFIG_FSL_SEC_MON > > @@ -82,6 +106,7 @@ > > #define CONFIG_FSL_CAAM > > #endif > > > > +#ifndef CONFIG_SPL_BUILD > > /* fsl_setenv_chain_of_trust() must be called from > > * board_late_init() > > */ > > @@ -119,5 +144,6 @@ > > #endif /* #ifdef CONFIG_BOOTSCRIPT_COPY_RAM */ > > > > #include <config_fsl_chain_trust.h> > > +#endif /* #ifndef CONFIG_SPL_BUILD */ > > #endif /* #ifdef CONFIG_CHAIN_OF_TRUST */ #endif diff --git > > a/board/freescale/common/fsl_chain_of_trust.c > > b/board/freescale/common/fsl_chain_of_trust.c > > index ecfcc82..992babf 100644 > > --- a/board/freescale/common/fsl_chain_of_trust.c > > +++ b/board/freescale/common/fsl_chain_of_trust.c > > @@ -6,7 +6,17 @@ > > > > #include <common.h> > > #include <fsl_validate.h> > > +#include <fsl_secboot_err.h> > > #include <fsl_sfp.h> > > +#include <dm/root.h> > > + > > +#ifdef CONFIG_ADDR_MAP > > +#include <asm/mmu.h> > > +#endif > > + > > +#ifdef CONFIG_FSL_CORENET > > +#include <asm/fsl_pamu.h> > > +#endif > > > > #ifdef CONFIG_LS102XA > > #include <asm/arch/immap_ls102xa.h> > > @@ -52,6 +62,7 @@ int fsl_check_boot_mode_secure(void) > > return 0; > > } > > > > +#ifndef CONFIG_SPL_BUILD > > int fsl_setenv_chain_of_trust(void) > > { > > /* Check Boot Mode > > @@ -68,3 +79,42 @@ int fsl_setenv_chain_of_trust(void) > > setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD); > > return 0; > > } > > +#endif > > + > > +#ifdef CONFIG_SPL_BUILD > > +void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr) { > > + int res; > > + > > + /* Check Boot Mode > > + * If Boot Mode is Non-Secure, skip validation > > + */ > > + if (fsl_check_boot_mode_secure() == 0) > > + return; > > + > > + printf("SPL: Validating U-Boot image\n"); > > + > > +#ifdef CONFIG_ADDR_MAP > > + init_addr_map(); > > +#endif > > + > > +#ifdef CONFIG_FSL_CORENET > > + if (pamu_init() < 0) > > + fsl_secboot_handle_error(ERROR_ESBC_PAMU_INIT); > > +#endif > > + > > +#ifdef CONFIG_FSL_CAAM > > + if (sec_init() < 0) > > + fsl_secboot_handle_error(ERROR_ESBC_SEC_INIT); > > +#endif > > + > > +#if defined(CONFIG_DM) > > + dm_init_and_scan(false); > > +#endif > > + res = fsl_secboot_validate(hdr_addr, CONFIG_SPL_UBOOT_KEY_HASH, > > + &img_addr); > > + > > + if (res == 0) > > + printf("SPL: Validation of U-boot successful\n"); } > > +#endif > > diff --git a/common/Makefile b/common/Makefile index f9b26b7..402835b > > 100644 > > --- a/common/Makefile > > +++ b/common/Makefile > > @@ -93,6 +93,8 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o endif # > > !CONFIG_SPL_BUILD > > > > ifdef CONFIG_SPL_BUILD > > +# core > > +obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += hash.o > > Maybe use: CONFIG_SPL_HASH_SUPPORT Ok, will use this macro. > > > obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o > > obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o > > obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git > > a/drivers/Makefile b/drivers/Makefile index 99dd07f..d125b42 100644 > > --- a/drivers/Makefile > > +++ b/drivers/Makefile > > @@ -38,6 +38,7 @@ obj-$(CONFIG_OMAP_USB_PHY) += usb/phy/ > > obj-$(CONFIG_SPL_SATA_SUPPORT) += block/ > > obj-$(CONFIG_SPL_USB_HOST_SUPPORT) += block/ > > obj-$(CONFIG_SPL_MMC_SUPPORT) += block/ > > +obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/ > > > > else > > > > diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index > > 8bc517d..2309b23 100644 > > --- a/drivers/crypto/fsl/jr.c > > +++ b/drivers/crypto/fsl/jr.c > > @@ -563,10 +563,26 @@ int sec_init(void) > > sec_out32(&sec->mcfgr, mcr); > > > > #ifdef CONFIG_FSL_CORENET > > +#ifdef CONFIG_SPL_BUILD > > + /* For SPL Build, Set the Liodns in SEC JR0 for > > + * creating PAMU entries corresponding to these. > > + * For normal build, these are set in set_liodns(). > > + */ > > + liodn_ns = CONFIG_SPL_JR0_LIODN_NS & JRNSLIODN_MASK; > > + liodn_s = CONFIG_SPL_JR0_LIODN_S & JRSLIODN_MASK; > > + > > + liodnr = sec_in32(&sec->jrliodnr[0].ls) & > > + ~(JRNSLIODN_MASK | JRSLIODN_MASK); > > + liodnr = liodnr | > > + (liodn_ns << JRNSLIODN_SHIFT) | > > + (liodn_s << JRSLIODN_SHIFT); > > + sec_out32(&sec->jrliodnr[0].ls, liodnr); #else > > liodnr = sec_in32(&sec->jrliodnr[0].ls); > > liodn_ns = (liodnr & JRNSLIODN_MASK) >> JRNSLIODN_SHIFT; > > liodn_s = (liodnr & JRSLIODN_MASK) >> JRSLIODN_SHIFT; #endif > > +#endif > > > > ret = jr_init(); > > if (ret < 0) { > > diff --git a/drivers/mtd/nand/fsl_ifc_spl.c b/drivers/mtd/nand/fsl_ifc_spl.c > > index cbeb74a..30aa966 100644 > > --- a/drivers/mtd/nand/fsl_ifc_spl.c > > +++ b/drivers/mtd/nand/fsl_ifc_spl.c > > @@ -11,6 +11,9 @@ > > #include <asm/io.h> > > #include <fsl_ifc.h> > > #include <linux/mtd/nand.h> > > +#ifdef CONFIG_CHAIN_OF_TRUST > > +#include <fsl_validate.h> > > +#endif > > > > static inline int is_blank(uchar *addr, int page_size) > > { > > @@ -268,6 +271,27 @@ void nand_boot(void) > > */ > > flush_cache(CONFIG_SYS_NAND_U_BOOT_DST, > CONFIG_SYS_NAND_U_BOOT_SIZE); > > #endif > > + > > +#ifdef CONFIG_CHAIN_OF_TRUST > > + /* > > + * As U-Boot header is appended at end of U-boot image, so > > + * calculate U-boot header address using U-boot header size. > > + */ > > +#define CONFIG_U_BOOT_HDR_ADDR \ > > + ((CONFIG_SYS_NAND_U_BOOT_START + \ > > + CONFIG_SYS_NAND_U_BOOT_SIZE) - \ > > + CONFIG_U_BOOT_HDR_SIZE) > > + spl_validate_uboot(CONFIG_U_BOOT_HDR_ADDR, > > + CONFIG_SYS_NAND_U_BOOT_START); > > + /* > > + * In case of failure in validation, spl_validate_uboot would > > + * not return back in case of Production environment with ITS=1. > > + * Thus U-Boot will not start. > > + * In Development environment (ITS=0 and SB_EN=1), the function > > + * may return back in case of non-fatal failures. > > + */ > > +#endif > > + > > uboot = (void *)CONFIG_SYS_NAND_U_BOOT_START; > > uboot(); > > } > > diff --git a/include/fsl_validate.h b/include/fsl_validate.h > > index a71e1ce..7695b30 100644 > > --- a/include/fsl_validate.h > > +++ b/include/fsl_validate.h > > @@ -254,4 +254,5 @@ int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int > flag, int argc, > > > > int fsl_check_boot_mode_secure(void); > > int fsl_setenv_chain_of_trust(void); > > +void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr); > > #endif > > diff --git a/lib/Makefile b/lib/Makefile > > index 02dfa29..2cdb436 100644 > > --- a/lib/Makefile > > +++ b/lib/Makefile > > @@ -59,6 +59,9 @@ obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o > > ifdef CONFIG_SPL_BUILD > > obj-$(CONFIG_SPL_YMODEM_SUPPORT) += crc16.o > > obj-$(CONFIG_SPL_NET_SUPPORT) += net_utils.o > > +ifdef CONFIG_SPL_CRYPTO_SUPPORT > > +obj-$(CONFIG_RSA) += rsa/ > > +endif > > endif > > obj-$(CONFIG_ADDR_MAP) += addr_map.o > > obj-y += hashtable.o > > I think you'll need a bit more here, perhaps sha256? Also, to follow > with the rest of lib's config feature selection, use CONFIG_SPL_RSA. > Our platform uses CONFIG_SHA_HW_ACCEL instead of CONFIG_SHA256, so we don't use software sha256 library. For RSA I will use CONFIG_SPL_RSA. > > -- > > 1.8.1.4 > > > > _______________________________________________ > > U-Boot mailing list > > U-Boot@lists.denx.de > > http://lists.denx.de/mailman/listinfo/u-boot > > > > -- > Teddy Reed V
diff --git a/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c b/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c index 9421f1e..ede8e66 100644 --- a/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c +++ b/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c @@ -239,15 +239,23 @@ int pamu_init(void) spaact_size = sizeof(struct paace) * NUM_SPAACT_ENTRIES; /* Allocate space for Primary PAACT Table */ +#if (defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_PPAACT_ADDR)) + ppaact = (void *)CONFIG_SPL_PPAACT_ADDR; +#else ppaact = memalign(PAMU_TABLE_ALIGNMENT, ppaact_size); if (!ppaact) return -1; +#endif memset(ppaact, 0, ppaact_size); /* Allocate space for Secondary PAACT Table */ +#if (defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_SPAACT_ADDR)) + sec = (void *)CONFIG_SPL_SPAACT_ADDR; +#else sec = memalign(PAMU_TABLE_ALIGNMENT, spaact_size); if (!sec) return -1; +#endif memset(sec, 0, spaact_size); ppaact_phys = virt_to_phys((void *)ppaact); diff --git a/arch/powerpc/cpu/mpc8xxx/pamu_table.c b/arch/powerpc/cpu/mpc8xxx/pamu_table.c index 26c5ea4..a8e6f51 100644 --- a/arch/powerpc/cpu/mpc8xxx/pamu_table.c +++ b/arch/powerpc/cpu/mpc8xxx/pamu_table.c @@ -28,6 +28,14 @@ void construct_pamu_addr_table(struct pamu_addr_tbl *tbl, int *num_entries) i++; #endif +#if (defined(CONFIG_SPL_BUILD) && (CONFIG_SYS_INIT_L3_VADDR)) + tbl->start_addr[i] = + (uint64_t)virt_to_phys((void *)CONFIG_SYS_INIT_L3_VADDR); + tbl->size[i] = 256 * 1024; /* 256K CPC flash */ + tbl->end_addr[i] = tbl->start_addr[i] + tbl->size[i] - 1; + + i++; +#endif debug("PAMU address\t\t\tsize\n"); for (j = 0; j < i ; j++) debug("%llx \t\t\t%llx\n", tbl->start_addr[j], tbl->size[j]); diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h index 826f9c9..2a29277 100644 --- a/arch/powerpc/include/asm/fsl_secure_boot.h +++ b/arch/powerpc/include/asm/fsl_secure_boot.h @@ -72,6 +72,30 @@ #ifdef CONFIG_CHAIN_OF_TRUST +#ifdef CONFIG_SPL_BUILD +#define CONFIG_SPL_DM 1 +#define CONFIG_SPL_CRYPTO_SUPPORT +#define CONFIG_SPL_DRIVERS_MISC_SUPPORT +/* + * PPAACT and SPAACT table for PAMU must be placed on DDR after DDR init + * due to space crunch on CPC and thus malloc will not work. + */ +#define CONFIG_SPL_PPAACT_ADDR 0x2e000000 +#define CONFIG_SPL_SPAACT_ADDR 0x2f000000 +#define CONFIG_SPL_JR0_LIODN_S 454 +#define CONFIG_SPL_JR0_LIODN_NS 458 +/* + * Define the key hash for U-Boot here if public/private key pair used to + * sign U-boot are different from the SRK hash put in the fuse + * Example of defining KEY_HASH is + * #define CONFIG_SPL_UBOOT_KEY_HASH \ + * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b" + * else leave it defined as NULL + */ + +#define CONFIG_SPL_UBOOT_KEY_HASH NULL +#endif /* ifdef CONFIG_SPL_BUILD */ + #define CONFIG_CMD_ESBC_VALIDATE #define CONFIG_CMD_BLOB #define CONFIG_FSL_SEC_MON @@ -82,6 +106,7 @@ #define CONFIG_FSL_CAAM #endif +#ifndef CONFIG_SPL_BUILD /* fsl_setenv_chain_of_trust() must be called from * board_late_init() */ @@ -119,5 +144,6 @@ #endif /* #ifdef CONFIG_BOOTSCRIPT_COPY_RAM */ #include <config_fsl_chain_trust.h> +#endif /* #ifndef CONFIG_SPL_BUILD */ #endif /* #ifdef CONFIG_CHAIN_OF_TRUST */ #endif diff --git a/board/freescale/common/fsl_chain_of_trust.c b/board/freescale/common/fsl_chain_of_trust.c index ecfcc82..992babf 100644 --- a/board/freescale/common/fsl_chain_of_trust.c +++ b/board/freescale/common/fsl_chain_of_trust.c @@ -6,7 +6,17 @@ #include <common.h> #include <fsl_validate.h> +#include <fsl_secboot_err.h> #include <fsl_sfp.h> +#include <dm/root.h> + +#ifdef CONFIG_ADDR_MAP +#include <asm/mmu.h> +#endif + +#ifdef CONFIG_FSL_CORENET +#include <asm/fsl_pamu.h> +#endif #ifdef CONFIG_LS102XA #include <asm/arch/immap_ls102xa.h> @@ -52,6 +62,7 @@ int fsl_check_boot_mode_secure(void) return 0; } +#ifndef CONFIG_SPL_BUILD int fsl_setenv_chain_of_trust(void) { /* Check Boot Mode @@ -68,3 +79,42 @@ int fsl_setenv_chain_of_trust(void) setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD); return 0; } +#endif + +#ifdef CONFIG_SPL_BUILD +void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr) +{ + int res; + + /* Check Boot Mode + * If Boot Mode is Non-Secure, skip validation + */ + if (fsl_check_boot_mode_secure() == 0) + return; + + printf("SPL: Validating U-Boot image\n"); + +#ifdef CONFIG_ADDR_MAP + init_addr_map(); +#endif + +#ifdef CONFIG_FSL_CORENET + if (pamu_init() < 0) + fsl_secboot_handle_error(ERROR_ESBC_PAMU_INIT); +#endif + +#ifdef CONFIG_FSL_CAAM + if (sec_init() < 0) + fsl_secboot_handle_error(ERROR_ESBC_SEC_INIT); +#endif + +#if defined(CONFIG_DM) + dm_init_and_scan(false); +#endif + res = fsl_secboot_validate(hdr_addr, CONFIG_SPL_UBOOT_KEY_HASH, + &img_addr); + + if (res == 0) + printf("SPL: Validation of U-boot successful\n"); +} +#endif diff --git a/common/Makefile b/common/Makefile index f9b26b7..402835b 100644 --- a/common/Makefile +++ b/common/Makefile @@ -93,6 +93,8 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o endif # !CONFIG_SPL_BUILD ifdef CONFIG_SPL_BUILD +# core +obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += hash.o obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git a/drivers/Makefile b/drivers/Makefile index 99dd07f..d125b42 100644 --- a/drivers/Makefile +++ b/drivers/Makefile @@ -38,6 +38,7 @@ obj-$(CONFIG_OMAP_USB_PHY) += usb/phy/ obj-$(CONFIG_SPL_SATA_SUPPORT) += block/ obj-$(CONFIG_SPL_USB_HOST_SUPPORT) += block/ obj-$(CONFIG_SPL_MMC_SUPPORT) += block/ +obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/ else diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index 8bc517d..2309b23 100644 --- a/drivers/crypto/fsl/jr.c +++ b/drivers/crypto/fsl/jr.c @@ -563,10 +563,26 @@ int sec_init(void) sec_out32(&sec->mcfgr, mcr); #ifdef CONFIG_FSL_CORENET +#ifdef CONFIG_SPL_BUILD + /* For SPL Build, Set the Liodns in SEC JR0 for + * creating PAMU entries corresponding to these. + * For normal build, these are set in set_liodns(). + */ + liodn_ns = CONFIG_SPL_JR0_LIODN_NS & JRNSLIODN_MASK; + liodn_s = CONFIG_SPL_JR0_LIODN_S & JRSLIODN_MASK; + + liodnr = sec_in32(&sec->jrliodnr[0].ls) & + ~(JRNSLIODN_MASK | JRSLIODN_MASK); + liodnr = liodnr | + (liodn_ns << JRNSLIODN_SHIFT) | + (liodn_s << JRSLIODN_SHIFT); + sec_out32(&sec->jrliodnr[0].ls, liodnr); +#else liodnr = sec_in32(&sec->jrliodnr[0].ls); liodn_ns = (liodnr & JRNSLIODN_MASK) >> JRNSLIODN_SHIFT; liodn_s = (liodnr & JRSLIODN_MASK) >> JRSLIODN_SHIFT; #endif +#endif ret = jr_init(); if (ret < 0) { diff --git a/drivers/mtd/nand/fsl_ifc_spl.c b/drivers/mtd/nand/fsl_ifc_spl.c index cbeb74a..30aa966 100644 --- a/drivers/mtd/nand/fsl_ifc_spl.c +++ b/drivers/mtd/nand/fsl_ifc_spl.c @@ -11,6 +11,9 @@ #include <asm/io.h> #include <fsl_ifc.h> #include <linux/mtd/nand.h> +#ifdef CONFIG_CHAIN_OF_TRUST +#include <fsl_validate.h> +#endif static inline int is_blank(uchar *addr, int page_size) { @@ -268,6 +271,27 @@ void nand_boot(void) */ flush_cache(CONFIG_SYS_NAND_U_BOOT_DST, CONFIG_SYS_NAND_U_BOOT_SIZE); #endif + +#ifdef CONFIG_CHAIN_OF_TRUST + /* + * As U-Boot header is appended at end of U-boot image, so + * calculate U-boot header address using U-boot header size. + */ +#define CONFIG_U_BOOT_HDR_ADDR \ + ((CONFIG_SYS_NAND_U_BOOT_START + \ + CONFIG_SYS_NAND_U_BOOT_SIZE) - \ + CONFIG_U_BOOT_HDR_SIZE) + spl_validate_uboot(CONFIG_U_BOOT_HDR_ADDR, + CONFIG_SYS_NAND_U_BOOT_START); + /* + * In case of failure in validation, spl_validate_uboot would + * not return back in case of Production environment with ITS=1. + * Thus U-Boot will not start. + * In Development environment (ITS=0 and SB_EN=1), the function + * may return back in case of non-fatal failures. + */ +#endif + uboot = (void *)CONFIG_SYS_NAND_U_BOOT_START; uboot(); } diff --git a/include/fsl_validate.h b/include/fsl_validate.h index a71e1ce..7695b30 100644 --- a/include/fsl_validate.h +++ b/include/fsl_validate.h @@ -254,4 +254,5 @@ int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc, int fsl_check_boot_mode_secure(void); int fsl_setenv_chain_of_trust(void); +void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr); #endif diff --git a/lib/Makefile b/lib/Makefile index 02dfa29..2cdb436 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -59,6 +59,9 @@ obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o ifdef CONFIG_SPL_BUILD obj-$(CONFIG_SPL_YMODEM_SUPPORT) += crc16.o obj-$(CONFIG_SPL_NET_SUPPORT) += net_utils.o +ifdef CONFIG_SPL_CRYPTO_SUPPORT +obj-$(CONFIG_RSA) += rsa/ +endif endif obj-$(CONFIG_ADDR_MAP) += addr_map.o obj-y += hashtable.o