Message ID | 1491345668-6770-1-git-send-email-ruchika.gupta@nxp.com |
---|---|
State | Superseded |
Delegated to: | York Sun |
Headers | show |
On 04/04/2017 10:36 AM, Ruchika Gupta wrote: > - Add SD secure boot target for ls1043ardb. > - Implement FSL_LSCH2 specific spl_board_init() to setup CAAM stream ID and > corresponding stream ID in SMMU. > - Change the u-boot size defined by a macro for copying the main U-Boot by SPL > to also include the u-boot Secure Boot header size as header is appended to > u-boot image. So header will also be copied from SD to DDR. > - CONFIG_MAX_SPL_SIZE is limited to 90K.SPL is copied to OCRAM (128K) where 32K > are reserved for use by boot ROM and 6K for secure boto header > - Error messages during SPL boot are limited to error code numbers instead of strings > to reduce the size of SPL image > > Signed-off-by: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com> > Signed-off-by: Sumit Garg <sumit.garg@nxp.com> > Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com> > --- > Changes in v3: > Moved spl_board_init function to arch/arm/cpu/armv8/fsl-layerscape/spl.c > > Changes in v2: > Rebased to latest dependent patches: - No change > > Dependent patch set: > SECURE boot target addition for NOR on LS1043, LS1046 > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatchwork.ozlabs.org%2Fpatch%2F742548%2F&data=01%7C01%7Cyork.sun%40nxp.com%7Cf396ee2809844110a67208d47b811229%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0&sdata=TREZk2QQagpnbnEhKaW3XRWqIkFUMZSpP7o%2FBRsZWzw%3D&reserved=0 > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatchwork.ozlabs.org%2Fpatch%2F742552%2F&data=01%7C01%7Cyork.sun%40nxp.com%7Cf396ee2809844110a67208d47b811229%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0&sdata=bBUdA%2FzXtcqmDujeuwzCBEttEsuiWRhX5Neliw7bCb8%3D&reserved=0 > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatchwork.ozlabs.org%2Fpatch%2F742549%2F&data=01%7C01%7Cyork.sun%40nxp.com%7Cf396ee2809844110a67208d47b811229%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0&sdata=jxL2qZrSQsz2ABZWXSoxBu9CRcE0to%2FVeUZhatcRIqw%3D&reserved=0 > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatchwork.ozlabs.org%2Fpatch%2F742551%2F&data=01%7C01%7Cyork.sun%40nxp.com%7Cf396ee2809844110a67208d47b811229%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0&sdata=RGdT6UfnwGmmTs%2Boq5hXQVpLKoMrySlEQnUV6moXeZo%3D&reserved=0 > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatchwork.ozlabs.org%2Fpatch%2F742550%2F&data=01%7C01%7Cyork.sun%40nxp.com%7Cf396ee2809844110a67208d47b811229%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0&sdata=RyfAhL%2Fx65BdUorLVM63Uq0TyL%2B9mhLD16npVY5ZvEw%3D&reserved=0 > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatchwork.ozlabs.org%2Fpatch%2F742553%2F&data=01%7C01%7Cyork.sun%40nxp.com%7Cf396ee2809844110a67208d47b811229%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0&sdata=cpegSJ%2F6R5hooE%2BUfKxtaNRoi97BPvpsTXbQKY3vDsA%3D&reserved=0 > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatchwork.ozlabs.org%2Fpatch%2F742554%2F&data=01%7C01%7Cyork.sun%40nxp.com%7Cf396ee2809844110a67208d47b811229%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0&sdata=oHsnTFilBpdmpQ5rroTH5Rf8auUe4PzN6rQDPEhsGRM%3D&reserved=0 > > and > SPL size reduction patches > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatchwork.ozlabs.org%2Fpatch%2F744755%2F&data=01%7C01%7Cyork.sun%40nxp.com%7Cf396ee2809844110a67208d47b811229%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0&sdata=HWmVUuGfRXsOt%2B6ld6NpzreZouBQETLOWFYNoZO3ri4%3D&reserved=0 > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatchwork.ozlabs.org%2Fpatch%2F744756%2F&data=01%7C01%7Cyork.sun%40nxp.com%7Cf396ee2809844110a67208d47b811229%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0&sdata=e%2BlipO5SmoKq5dNc3%2FjlTqmLwwMvFCyFC3s40GLAvR0%3D&reserved=0 > > arch/arm/cpu/armv8/fsl-layerscape/spl.c | 18 ++++++++ > arch/arm/include/asm/fsl_secure_boot.h | 9 +++- > board/freescale/common/fsl_validate.c | 4 ++ > configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig | 57 +++++++++++++++++++++++++ > include/configs/ls1043a_common.h | 16 ++++++- > 5 files changed, 100 insertions(+), 4 deletions(-) > create mode 100644 configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig Please update MAINTAINERS files. York
> -----Original Message----- > From: York Sun [mailto:york.sun@nxp.com] > Sent: Wednesday, April 12, 2017 9:10 PM > To: Ruchika Gupta <ruchika.gupta@nxp.com>; u-boot@lists.denx.de > Cc: Vini Pillai <vinitha.pillai@nxp.com>; Sumit Garg <sumit.garg@nxp.com> > Subject: Re: [PATCH 1/3][v3] arm: ls1043ardb: Add SD secure boot target > > On 04/04/2017 10:36 AM, Ruchika Gupta wrote: > > - Add SD secure boot target for ls1043ardb. > > - Implement FSL_LSCH2 specific spl_board_init() to setup CAAM stream ID and > > corresponding stream ID in SMMU. > > - Change the u-boot size defined by a macro for copying the main U-Boot by > SPL > > to also include the u-boot Secure Boot header size as header is appended to > > u-boot image. So header will also be copied from SD to DDR. > > - CONFIG_MAX_SPL_SIZE is limited to 90K.SPL is copied to OCRAM (128K) > where 32K > > are reserved for use by boot ROM and 6K for secure boto header > > - Error messages during SPL boot are limited to error code numbers instead of > strings > > to reduce the size of SPL image > > > > Signed-off-by: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com> > > Signed-off-by: Sumit Garg <sumit.garg@nxp.com> > > Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com> > > --- > > Changes in v3: > > Moved spl_board_init function to > > arch/arm/cpu/armv8/fsl-layerscape/spl.c > > > > Changes in v2: > > Rebased to latest dependent patches: - No change > > > > Dependent patch set: > > SECURE boot target addition for NOR on LS1043, LS1046 > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpat > > > chwork.ozlabs.org%2Fpatch%2F742548%2F&data=01%7C01%7Cyork.sun%40nx > p.co > > > m%7Cf396ee2809844110a67208d47b811229%7C686ea1d3bc2b4c6fa92cd99c5 > c30163 > > > 5%7C0&sdata=TREZk2QQagpnbnEhKaW3XRWqIkFUMZSpP7o%2FBRsZWzw%3D > &reserved= > > 0 > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpat > > > chwork.ozlabs.org%2Fpatch%2F742552%2F&data=01%7C01%7Cyork.sun%40nx > p.co > > > m%7Cf396ee2809844110a67208d47b811229%7C686ea1d3bc2b4c6fa92cd99c5 > c30163 > > > 5%7C0&sdata=bBUdA%2FzXtcqmDujeuwzCBEttEsuiWRhX5Neliw7bCb8%3D&res > erved= > > 0 > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpat > > > chwork.ozlabs.org%2Fpatch%2F742549%2F&data=01%7C01%7Cyork.sun%40nx > p.co > > > m%7Cf396ee2809844110a67208d47b811229%7C686ea1d3bc2b4c6fa92cd99c5 > c30163 > > > 5%7C0&sdata=jxL2qZrSQsz2ABZWXSoxBu9CRcE0to%2FVeUZhatcRIqw%3D&res > erved= > > 0 > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpat > > > chwork.ozlabs.org%2Fpatch%2F742551%2F&data=01%7C01%7Cyork.sun%40nx > p.co > > > m%7Cf396ee2809844110a67208d47b811229%7C686ea1d3bc2b4c6fa92cd99c5 > c30163 > > > 5%7C0&sdata=RGdT6UfnwGmmTs%2Boq5hXQVpLKoMrySlEQnUV6moXeZo%3D > &reserved= > > 0 > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpat > > > chwork.ozlabs.org%2Fpatch%2F742550%2F&data=01%7C01%7Cyork.sun%40nx > p.co > > > m%7Cf396ee2809844110a67208d47b811229%7C686ea1d3bc2b4c6fa92cd99c5 > c30163 > > > 5%7C0&sdata=RyfAhL%2Fx65BdUorLVM63Uq0TyL%2B9mhLD16npVY5ZvEw%3 > D&reserve > > d=0 > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpat > > > chwork.ozlabs.org%2Fpatch%2F742553%2F&data=01%7C01%7Cyork.sun%40nx > p.co > > > m%7Cf396ee2809844110a67208d47b811229%7C686ea1d3bc2b4c6fa92cd99c5 > c30163 > > > 5%7C0&sdata=cpegSJ%2F6R5hooE%2BUfKxtaNRoi97BPvpsTXbQKY3vDsA%3D&r > eserve > > d=0 > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpat > > > chwork.ozlabs.org%2Fpatch%2F742554%2F&data=01%7C01%7Cyork.sun%40nx > p.co > > > m%7Cf396ee2809844110a67208d47b811229%7C686ea1d3bc2b4c6fa92cd99c5 > c30163 > > > 5%7C0&sdata=oHsnTFilBpdmpQ5rroTH5Rf8auUe4PzN6rQDPEhsGRM%3D&reser > ved=0 > > > > and > > SPL size reduction patches > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpat > > > chwork.ozlabs.org%2Fpatch%2F744755%2F&data=01%7C01%7Cyork.sun%40nx > p.co > > > m%7Cf396ee2809844110a67208d47b811229%7C686ea1d3bc2b4c6fa92cd99c5 > c30163 > > > 5%7C0&sdata=HWmVUuGfRXsOt%2B6ld6NpzreZouBQETLOWFYNoZO3ri4%3D& > reserved= > > 0 > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpat > > > chwork.ozlabs.org%2Fpatch%2F744756%2F&data=01%7C01%7Cyork.sun%40nx > p.co > > > m%7Cf396ee2809844110a67208d47b811229%7C686ea1d3bc2b4c6fa92cd99c5 > c30163 > > > 5%7C0&sdata=e%2BlipO5SmoKq5dNc3%2FjlTqmLwwMvFCyFC3s40GLAvR0%3D > &reserve > > d=0 > > > > arch/arm/cpu/armv8/fsl-layerscape/spl.c | 18 ++++++++ > > arch/arm/include/asm/fsl_secure_boot.h | 9 +++- > > board/freescale/common/fsl_validate.c | 4 ++ > > configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig | 57 > +++++++++++++++++++++++++ > > include/configs/ls1043a_common.h | 16 ++++++- > > 5 files changed, 100 insertions(+), 4 deletions(-) create mode > > 100644 configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig > > Please update MAINTAINERS files. > > York Next version of patch-set has been sent with updated MAINTAINERS files. Ruchika
diff --git a/arch/arm/cpu/armv8/fsl-layerscape/spl.c b/arch/arm/cpu/armv8/fsl-layerscape/spl.c index 73a8680..dfacf98 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/spl.c +++ b/arch/arm/cpu/armv8/fsl-layerscape/spl.c @@ -41,6 +41,24 @@ u32 spl_boot_mode(const u32 boot_device) } #ifdef CONFIG_SPL_BUILD + +void spl_board_init(void) +{ +#if defined(CONFIG_SECURE_BOOT) && defined(CONFIG_FSL_LSCH2) + /* + * In case of Secure Boot, the IBR configures the SMMU + * to allow only Secure transactions. + * SMMU must be reset in bypass mode. + * Set the ClientPD bit and Clear the USFCFG Bit + */ + u32 val; + val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK); + out_le32(SMMU_SCR0, val); + val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK); + out_le32(SMMU_NSCR0, val); +#endif +} + void board_init_f(ulong dummy) { /* Clear global data */ diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index 423c2c4..56a6ba0 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -27,10 +27,11 @@ #define CONFIG_SPL_UBOOT_KEY_HASH NULL #endif /* ifdef CONFIG_SPL_BUILD */ +#define CONFIG_KEY_REVOCATION + #ifndef CONFIG_SPL_BUILD #define CONFIG_CMD_BLOB #define CONFIG_CMD_HASH -#define CONFIG_KEY_REVOCATION #ifndef CONFIG_SYS_RAMBOOT /* The key used for verification of next level images * is picked up from an Extension Table which has @@ -87,7 +88,11 @@ /* For SD boot address and size are assigned in terms of sector * offset and no. of sectors respectively. */ -#define CONFIG_BS_HDR_ADDR_DEVICE 0x00000900 +#if defined(CONFIG_LS1043A) +#define CONFIG_BS_HDR_ADDR_DEVICE 0x00000920 +#else +#define CONFIG_BS_HDR_ADDR_DEVICE 0x00000900 +#endif #define CONFIG_BS_ADDR_DEVICE 0x00000940 #define CONFIG_BS_HDR_SIZE 0x00000010 #define CONFIG_BS_SIZE 0x00000008 diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c index 2b723a4..235c6ab 100644 --- a/board/freescale/common/fsl_validate.c +++ b/board/freescale/common/fsl_validate.c @@ -356,6 +356,7 @@ static void fsl_secboot_bootscript_parse_failure(void) */ void fsl_secboot_handle_error(int error) { +#ifndef CONFIG_SPL_BUILD const struct fsl_secboot_errcode *e; for (e = fsl_secboot_errcodes; e->errcode != ERROR_ESBC_CLIENT_MAX; @@ -363,6 +364,9 @@ void fsl_secboot_handle_error(int error) if (e->errcode == error) printf("ERROR :: %x :: %s\n", error, e->name); } +#else + printf("ERROR :: %x\n", error); +#endif /* If Boot Mode is secure, transition the SNVS state and issue * reset based on type of failure and ITS setting. diff --git a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig new file mode 100644 index 0000000..3f35d64 --- /dev/null +++ b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig @@ -0,0 +1,57 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS1043ARDB=y +CONFIG_SPL_LIBCOMMON_SUPPORT=y +CONFIG_SPL_LIBGENERIC_SUPPORT=y +CONFIG_SPL_MMC_SUPPORT=y +CONFIG_SPL_SERIAL_SUPPORT=y +CONFIG_SPL_ENV_SUPPORT=y +CONFIG_SPL_DRIVERS_MISC_SUPPORT=y +CONFIG_SPL_WATCHDOG_SUPPORT=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1043a-rdb" +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_SYS_EXTRA_OPTIONS="RAMBOOT_PBL,SPL_FSL_PBL,SD_BOOT" +CONFIG_SECURE_BOOT=y +CONFIG_SD_BOOT=y +CONFIG_BOOTDELAY=10 +CONFIG_SPL=y +CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y +CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x110 +CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y +CONFIG_HUSH_PARSER=y +CONFIG_CMD_GPT=y +CONFIG_CMD_MMC=y +CONFIG_CMD_SF=y +CONFIG_CMD_I2C=y +CONFIG_CMD_USB=y +CONFIG_CMD_DHCP=y +CONFIG_CMD_PXE=y +CONFIG_CMD_MII=y +CONFIG_CMD_PING=y +CONFIG_CMD_CACHE=y +CONFIG_CMD_EXT2=y +CONFIG_CMD_FAT=y +# CONFIG_SPL_EFI_PARTITION is not set +CONFIG_OF_CONTROL=y +CONFIG_DM=y +CONFIG_SPL_DM=y +CONFIG_MTD_NOR_FLASH=y +CONFIG_SPI_FLASH=y +CONFIG_NETDEVICES=y +CONFIG_E1000=y +CONFIG_PCI=y +CONFIG_DM_PCI=y +CONFIG_DM_PCI_COMPAT=y +CONFIG_PCIE_LAYERSCAPE=y +CONFIG_SYS_NS16550=y +CONFIG_DM_SPI=y +CONFIG_USB=y +CONFIG_DM_USB=y +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_XHCI_DWC3=y +CONFIG_USB_STORAGE=y +CONFIG_RSA=y +CONFIG_SPL_RSA=y +CONFIG_SPL_CRYPTO_SUPPORT=y +CONFIG_SPL_HASH_SUPPORT=y diff --git a/include/configs/ls1043a_common.h b/include/configs/ls1043a_common.h index 3fb8740..b71456e 100644 --- a/include/configs/ls1043a_common.h +++ b/include/configs/ls1043a_common.h @@ -66,7 +66,7 @@ #define CONFIG_SPL_TARGET "u-boot-with-spl.bin" #define CONFIG_SPL_TEXT_BASE 0x10000000 -#define CONFIG_SPL_MAX_SIZE 0x1d000 +#define CONFIG_SPL_MAX_SIZE 0x17000 #define CONFIG_SPL_STACK 0x1001e000 #define CONFIG_SPL_PAD_TO 0x1d000 @@ -75,7 +75,19 @@ #define CONFIG_SYS_SPL_MALLOC_SIZE 0x100000 #define CONFIG_SPL_BSS_START_ADDR 0x80100000 #define CONFIG_SPL_BSS_MAX_SIZE 0x80000 -#define CONFIG_SYS_MONITOR_LEN 0xa0000 + +#ifdef CONFIG_SECURE_BOOT +#define CONFIG_U_BOOT_HDR_SIZE (16 << 10) +/* + * HDR would be appended at end of image and copied to DDR along + * with U-Boot image. Here u-boot max. size is 512K. So if binary + * size increases then increase this size in case of secure boot as + * it uses raw u-boot image instead of fit image. + */ +#define CONFIG_SYS_MONITOR_LEN (0x100000 + CONFIG_U_BOOT_HDR_SIZE) +#else +#define CONFIG_SYS_MONITOR_LEN 0x100000 +#endif /* ifdef CONFIG_SECURE_BOOT */ #endif /* NAND SPL */