From patchwork Tue Jan 9 17:33:42 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sumit Garg X-Patchwork-Id: 857209 X-Patchwork-Delegate: yorksun@freescale.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zG1gT05Fzz9sRW for ; Tue, 9 Jan 2018 16:59:32 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 60AABC22065; Tue, 9 Jan 2018 05:59:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAD_ENC_HEADER, DATE_IN_FUTURE_06_12, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 5B0F1C21EFB; Tue, 9 Jan 2018 05:59:25 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 4F83CC21EFB; Tue, 9 Jan 2018 05:59:24 +0000 (UTC) Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-bn3nam01on0044.outbound.protection.outlook.com [104.47.33.44]) by lists.denx.de (Postfix) with ESMTPS id 8C249C21EEB for ; Tue, 9 Jan 2018 05:59:23 +0000 (UTC) Received: from BN6PR03CA0093.namprd03.prod.outlook.com (10.164.122.159) by CY1PR03MB2362.namprd03.prod.outlook.com (10.166.207.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.366.8; Tue, 9 Jan 2018 05:59:21 +0000 Received: from BL2FFO11FD056.protection.gbl (2a01:111:f400:7c09::171) by BN6PR03CA0093.outlook.office365.com (2603:10b6:405:6f::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.386.5 via Frontend Transport; Tue, 9 Jan 2018 05:59:20 +0000 Authentication-Results: spf=fail (sender IP is 192.88.168.50) smtp.mailfrom=nxp.com; nxp.com; dkim=none (message not signed) header.d=none;nxp.com; dmarc=fail action=none header.from=nxp.com; Received-SPF: Fail (protection.outlook.com: domain of nxp.com does not designate 192.88.168.50 as permitted sender) receiver=protection.outlook.com; client-ip=192.88.168.50; helo=tx30smr01.am.freescale.net; Received: from tx30smr01.am.freescale.net (192.88.168.50) by BL2FFO11FD056.mail.protection.outlook.com (10.173.161.184) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.20.345.12 via Frontend Transport; Tue, 9 Jan 2018 05:58:50 +0000 Received: from b49020-OptiPlex-790.ap.freescale.net (b49020-OptiPlex-790.ap.freescale.net [10.232.132.83]) by tx30smr01.am.freescale.net (8.14.3/8.14.0) with ESMTP id w095xHfI011148; Mon, 8 Jan 2018 22:59:18 -0700 From: Sumit Garg To: Date: Tue, 9 Jan 2018 23:03:42 +0530 Message-ID: <1515519222-3507-1-git-send-email-sumit.garg@nxp.com> X-Mailer: git-send-email 1.9.1 X-EOPAttributedMessage: 0 X-Matching-Connectors: 131599511309115769; (91ab9b29-cfa4-454e-5278-08d120cd25b8); () X-Forefront-Antispam-Report: CIP:192.88.168.50; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(346002)(376002)(396003)(39380400002)(39860400002)(2980300002)(1110001)(1109001)(339900001)(189003)(199004)(8676002)(16586007)(81166006)(36756003)(81156014)(68736007)(8936002)(50226002)(305945005)(47776003)(54906003)(356003)(85426001)(4326008)(8656006)(498600001)(59450400001)(51416003)(53936002)(2906002)(77096006)(104016004)(6666003)(316002)(97736004)(48376002)(106466001)(50466002)(105606002)(86362001)(6916009)(2351001)(5660300001)(139555002); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR03MB2362; H:tx30smr01.am.freescale.net; FPR:; SPF:Fail; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BL2FFO11FD056; 1:IGi6mDNeTPe5LT8Enbe2rrXIVwlLgiI60rGQvd26/sJiM006OcS7H9gWVuoHUf+2nHPLhbbQSv+Wo8kL4MN+kLPXmA2XGz+YWYXcCXa9qbtxh3ou6quNULnDs5r6JLyi MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: fad17e1d-5c0e-487b-e179-08d557260ea8 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4628075)(201703131517081)(5600026)(4604075)(2017052603307); SRVR:CY1PR03MB2362; X-Microsoft-Exchange-Diagnostics: 1; CY1PR03MB2362; 3:uz7gsPIJj/pnRKWwxEq0YGqoCYl8PmgdMB/IeGXVT4EgRa10/w1kKqhq2fT+BQ76j/dQN3ItfMRvRGv42Hrahh5X9RH+h8RJ6QdwDEhZupTJLL4MfBUepsuV7IyGI121rAULz+VVfrekhTMrwdut/CIBUNU8AGBGuJXdm0FRcpOirXzOSYJeUkQaRqsyHs04erCVtUU2UiG/Amd13XLUZOmLcjPe5S1Dupr59xeqlfbrESo38SPiYfVHHaLaPhZC0hZoCWsxq8FS37kSjC4sEM5nYRcokBiRKY+LhG9LtjyTxhXi1PCvcRgdK0GDOULZEp2eKfW+qakqgFR4qNZPzkdMeCEfOJpEHV9fDiCLAVQ=; 25:WfufORwVcNx0rlpbhnK4kR7jfSIuFT18A0OWG92uyO7BFrJ+AgKNXx5wHjcAJQhbgz3DY1b11dK+p1/W8BhO9yN2khKvv6TSugJq3Q/dlXXA2yjCU3b02g6sMHVDgBhwxeMMr/DcsSYT64ovQ67/jqpL0bLS3czhw6bO15D2yFQ36GAUGahOZYomvRmAGI5wsl2v8O6YFAdPTjmKhpaP2ExDRbP5in2gIc7MsOZDVnJ7Ro4PBYKrE2oaSkOVngMkatPvCXC84z2eDd1aqhdDzJgExkFceps3pRyt7t/LyeW1NqLmGHhU1kMJcBXM8WWGNWXymomRTRKbFyEFkS6Mtg== X-MS-TrafficTypeDiagnostic: CY1PR03MB2362: X-Microsoft-Exchange-Diagnostics: 1; CY1PR03MB2362; 31:gMdAW2j92nR7yM6itcflq/lqcPIID5FbTVNYak4+mIzBAz3JfoJwKyt3XyiYcvaOA7ANYD0+ZuhnRXml4EiDus8IeOACSevSpcJgBrx2q7BqIp7EZ7N4QSuDKsvJC8Crq/b+kIrGSaiNGcrps3R1S+bykruH/Cm926nE8ptw9XDxZyLrJwlqqYNNPTHMz6PZR+Dkm/QN+qu/3tuAIRQmKjFqyb3/TbPlkA3bF04U8tc=; 4:VGVeoJkCKuKIcya0Eu0KcivEVVTGvlUTARWrcIsMiriiYMKygOHAI8dgaMx/ACx3lncDCVed7A1e7hQ3AWZ5+CxTwO8ZWg2DGu2XNqUTbbLT52z5ZAdgw371TfqaVt1c1fkogOBezQkKJjgFC1gOFyVA43EqWdMDePuEueJxiYg2AWEgpww/p3ggz73wAjRLDS7B+/J5B8yn2T/4ps5jollNyBVtt4oOdu4pQwQefT8kIlyp+oqvzxQTBPh/g4RIg9g6JmHyeXClj8uZsrbstYK92oOwW7kBXnA9KaptzIg9jjuZ4MvaQ++DlOMKzKL2 X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(185117386973197); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6095135)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(3231023)(944510075)(944921075)(946801075)(946901075)(10201501046)(6055026)(6096035)(201703131430075)(201703131448075)(201703131433075)(201703161259150)(201703151042153)(20161123563025)(20161123556025)(20161123559100)(20161123561025)(20161123565025)(201708071742011); SRVR:CY1PR03MB2362; BCL:0; PCL:0; RULEID:(100000803101)(100110400095)(400006); SRVR:CY1PR03MB2362; X-Forefront-PRVS: 0547116B72 X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; CY1PR03MB2362; 23:pLrWbCIEBSjOaAL3v3Et2HKpSOULQAM33o0qwaUEO?= Y+4tUw+HwCJcVvNmLGYm3iKa+0Umw9VpC/Jn+fO8+pWGUFHmv7kJ+6k2mTJ4VZzi7OUupNlxLM9IBOfnmHIv/PwF1ntSo+fEnI6XtGD/BQ+qpLcA/Dc5Gcgp4z8cItDtydXjo1wPl/VTyRXyg0zdrsFj2z5upakG5iRvoSP9bqF+x6ECIplDaXxLK/l9Xr3A7zKAEc7J18QriDAZVnNzcXU0Q/TkN9YH9ldoL7IBX+ZiyinOKdOVGRvCKxWZqtHQ+2s+yaBL9bzjPmUkYXRQ1EpYAvrogZ45gRH6mHhQZJYZ+ahKzKswjg38kz/MhYNOCttffpb8bNMJw+yntgLSksLcbQU14XX2BRuu4bksVonRllXXIScmWbkA7hwDGIHrdThhvg+/FOaldIFU9nilocpABAX7YlpemBfqAjxvPWT1OmqU6nDYIzCPJNA6AUIqqR4eXTPO4LGzgI7gwSTKTKXM/cqMhrooI0VxlJZGn6Wh2DVGU/W5s7OfFLykoTafQYbU3V/yrnhXlodFkJScmHWtLJ1qWZlED31PjoevozITf8msgqutKkcUx5T79SqdPrTk9HhaWrpfF9296mQRK9ypQBdsobHcwfJF1fdCl7+QeCXuYdMxGUDw90bo8Fwn8NYQpKWOzWy6SHxf+EXxjQQnHNJ01VroiRod/EE5Nq0yHo0X9zZNC4gsOY+moUFFstspgpDxjPqbXEEqT1mq/hjJrGdNyXPpT/o3OlegG1ae5lefaP+jmi6r0MJmVlKlYVBezAji02es2zoBvAlCTOuIUengQ58/DhgDma+3EXqDE89ty+qgXmULDRcWglL95V7lnsCO/zr/1SAZpk3aN0/CjfYpyQD/8EASqjnmY7aeCjAJ1mux/MWByLa9iNDzPwfE32Zb6Zov42az6ahoMbH2g2FLzhVHoTk7+qJIUq+k1Qy+QGSln6vAHOS928rgRjN5XuHxkfnEMLuh3PyRPPbeQsfz4NS8O2m1awWrWsRJrJPW0/OXeavrxLSFLc+biLqFJpa7BeZJqDG9OSFIpUF X-Microsoft-Exchange-Diagnostics: 1; CY1PR03MB2362; 6:6x6axNyY8U7iyNXPxzQl3zqFhjC1wg1ebYO79RppX3dBcb8mese7QLxnclIZaPm7VHQgp/EcObEIyee8cIV6+eoCWM8UcTcfZk0sml5Cwu+A4KuhdidOhZNTnWOUPInRhRglwMoKKvLNCim2MCLg9eOGy9Az1j/J7JhSZyIOD/Ou2o4tVV+6HoNdkjLeYcXF3MDZXsBe/ukMtTWEM1xpz04F/3yNeP8hF4Sk1rBkJVi8dKcKiReSVaXHk5MszB4ErjlTgGDG15aOAIBTGGI0cH/sav9ky4Dq82fZyAV2gfjEud4Qo6W472S+zRFbpsa+bxmBem6gm3whkyYhTpy1RBgsuvM36grrYmdPGvuvfgs=; 5:cMth4/LHVPHviSHg1k3ok1IXQ6TDV3CsS8VzXjzvzM4jQcPXSeIKPQJjpRLWNjK7+66q0+loodU9mrLTgQKHg0AhXYaYuvFl5kN9fxpU7LF0XiOTb7vqeUt6S1z//KbXAdfY/08P7Cz1JoXy0vRUwsjO+oCCQ8JIjYxOaT5Ta4A=; 24:A1E0F8Ger6oGG7SCUu45dp1XGhHT4KmBa+MqS8LOanHB5wOjgwJNx/S6MDPNV3H0XCr0ZE1cRtOmNB1wxQWzN4stnt9DVb4HxaOJQYh8btU=; 7:TEK3AFQC+Y5XwRw5PO1zysEHOWlGJtxyVsSwtwqztMsD1hyMGaX/IEx0IzOcfiuYlQtW0dCKJudaK73w6PwQptggL5SAc0NT+Pn38JzHi8MH0+OLBjW8gNa9PXo4KcBRCBDD6cpCjZ/XsWk71dHYZKMut6D836r6qVSQCEjZz9FjMecIB/myIJ/DjNzbDuRsXunKH21KVjJcmE4Ur3ns1iSCyqYYPzX+pum669a8M1zyXbFJ+cY/Pcgm+PXtvj5P SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jan 2018 05:58:50.7243 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: fad17e1d-5c0e-487b-e179-08d557260ea8 X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e; Ip=[192.88.168.50]; Helo=[tx30smr01.am.freescale.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR03MB2362 Cc: ruchika.gupta@nxp.com, Vinitha Pillai-B57223 Subject: [U-Boot] [PATCH v2] arm64: ls1012ardb: Add distro secure boot support X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" From: Vinitha Pillai-B57223 Enable validation of boot.scr script prior to its execution dependent on "secureboot" flag in environment. Enable fall back option to qspi boot in case of secure boot. Signed-off-by: Sumit Garg Signed-off-by: Vinitha Pillai --- Changes in v2: Rebased to top of master configs/ls1012ardb_qspi_SECURE_BOOT_defconfig | 14 +++++++------- include/configs/ls1012ardb.h | 20 ++++++++++++++++++-- 2 files changed, 25 insertions(+), 9 deletions(-) diff --git a/configs/ls1012ardb_qspi_SECURE_BOOT_defconfig b/configs/ls1012ardb_qspi_SECURE_BOOT_defconfig index b6930be..2d5d9ad 100644 --- a/configs/ls1012ardb_qspi_SECURE_BOOT_defconfig +++ b/configs/ls1012ardb_qspi_SECURE_BOOT_defconfig @@ -2,7 +2,9 @@ CONFIG_ARM=y CONFIG_TARGET_LS1012ARDB=y CONFIG_SECURE_BOOT=y CONFIG_FSL_LS_PPA=y +CONFIG_QSPI_AHB_INIT=y CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1012a-rdb" +CONFIG_DISTRO_DEFAULTS=y # CONFIG_SYS_MALLOC_F is not set CONFIG_FIT_VERBOSE=y CONFIG_OF_BOARD_SETUP=y @@ -12,7 +14,7 @@ CONFIG_QSPI_BOOT=y CONFIG_BOOTDELAY=10 CONFIG_USE_BOOTARGS=y CONFIG_BOOTARGS="console=ttyS0,115200 root=/dev/ram0 earlycon=uart8250,mmio,0x21c0500 quiet lpj=250000" -CONFIG_HUSH_PARSER=y +# CONFIG_DISPLAY_BOARDINFO is not set CONFIG_CMD_GREPENV=y CONFIG_CMD_GPT=y CONFIG_CMD_I2C=y @@ -20,16 +22,13 @@ CONFIG_CMD_MMC=y CONFIG_CMD_PCI=y CONFIG_CMD_SF=y CONFIG_CMD_USB=y -# CONFIG_CMD_SETEXPR is not set -CONFIG_CMD_DHCP=y -CONFIG_CMD_MII=y -CONFIG_CMD_PING=y CONFIG_CMD_CACHE=y -CONFIG_CMD_EXT2=y -CONFIG_CMD_FAT=y CONFIG_OF_CONTROL=y +CONFIG_ENV_IS_IN_SPI_FLASH=y CONFIG_NET_RANDOM_ETHADDR=y CONFIG_DM=y +# CONFIG_BLK is not set +CONFIG_DM_MMC=y CONFIG_DM_SPI_FLASH=y CONFIG_SPI_FLASH=y CONFIG_NETDEVICES=y @@ -42,6 +41,7 @@ CONFIG_SYS_NS16550=y CONFIG_DM_SPI=y CONFIG_FSL_DSPI=y CONFIG_USB=y +CONFIG_DM_USB=y CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_USB_STORAGE=y diff --git a/include/configs/ls1012ardb.h b/include/configs/ls1012ardb.h index ab139b0..d161bb8 100644 --- a/include/configs/ls1012ardb.h +++ b/include/configs/ls1012ardb.h @@ -72,16 +72,20 @@ "initrd_high=0xffffffffffffffff\0" \ "fdt_addr=0x00f00000\0" \ "kernel_addr=0x01000000\0" \ + "kernelheader_addr=0x800000\0" \ "scriptaddr=0x80000000\0" \ + "scripthdraddr=0x80080000\0" \ "fdtheader_addr_r=0x80100000\0" \ "kernelheader_addr_r=0x80200000\0" \ "kernel_addr_r=0x81000000\0" \ "fdt_addr_r=0x90000000\0" \ "load_addr=0xa0000000\0" \ "kernel_size=0x2800000\0" \ + "kernelheader_size=0x40000\0" \ "console=ttyS0,115200\0" \ BOOTENV \ "boot_scripts=ls1012ardb_boot.scr\0" \ + "boot_script_hdr=hdr_ls1012ardb_bs.out\0" \ "scan_dev_for_boot_part=" \ "part list ${devtype} ${devnum} devplist; " \ "env exists devplist || setenv devplist 1; " \ @@ -99,15 +103,27 @@ "run scan_dev_for_scripts; " \ "done;" \ "\0" \ + "boot_a_script=" \ + "load ${devtype} ${devnum}:${distro_bootpart} " \ + "${scriptaddr} ${prefix}${script}; " \ + "env exists secureboot && load ${devtype} " \ + "${devnum}:${distro_bootpart} " \ + "${scripthdraddr} ${prefix}${boot_script_hdr} " \ + "&& esbc_validate ${scripthdraddr};" \ + "source ${scriptaddr}\0" \ "installer=load mmc 0:2 $load_addr " \ "/flex_installer_arm64.itb; " \ "bootm $load_addr#$board\0" \ "qspi_bootcmd=echo Trying load from qspi..;" \ "sf probe && sf read $load_addr " \ - "$kernel_addr $kernel_size && bootm $load_addr#$board\0" + "$kernel_addr $kernel_size; env exists secureboot " \ + "&& sf read $kernelheader_addr_r $kernelheader_addr " \ + "$kernelheader_size && esbc_validate ${kernelheader_addr_r}; " \ + "bootm $load_addr#$board\0" #undef CONFIG_BOOTCOMMAND -#define CONFIG_BOOTCOMMAND "run distro_bootcmd;run qspi_bootcmd" +#define CONFIG_BOOTCOMMAND "run distro_bootcmd; run qspi_bootcmd; " \ + "env exists secureboot && esbc_halt;" #include