From patchwork Thu Jan 28 00:15:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joel Stanley X-Patchwork-Id: 1432411 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DR1HJ2zP8z9sVv for ; Thu, 28 Jan 2021 11:16:44 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=GyHywsoA; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4DR1HH71YJzDr5b for ; Thu, 28 Jan 2021 11:16:43 +1100 (AEDT) X-Original-To: openbmc@lists.ozlabs.org Delivered-To: openbmc@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gmail.com (client-ip=2607:f8b0:4864:20::52f; helo=mail-pg1-x52f.google.com; envelope-from=joel.stan@gmail.com; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=GyHywsoA; dkim-atps=neutral Received: from mail-pg1-x52f.google.com (mail-pg1-x52f.google.com [IPv6:2607:f8b0:4864:20::52f]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4DR1G01WY1zDqS6 for ; Thu, 28 Jan 2021 11:15:35 +1100 (AEDT) Received: by mail-pg1-x52f.google.com with SMTP id n10so2966192pgl.10 for ; Wed, 27 Jan 2021 16:15:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=uJkBPPW/Yt3A3EOC8SeWrFhIFaCcTbW01/j3TO1HL4k=; b=GyHywsoA2kQP7ftcHtIj7ITmMYXJCOafN/Rr2NpmtTCLPHieIVCcUbCLrniQY9kbZ3 QETbnagSyM4QkWbt6tLwBtjP6TnvYr8QB9xuoGbxfi1xEdhCc346ut5A5Bgwl+V9o0mb Dn3UAca4yVX1Ib2kRoORHZ2bYEsRf2bHWcYCRcTfWK5ecX31v5Gr9gkwXzfLDe4Epqup Sqjq/yWo8IwWjFTOyxw3hESDjpZ2F6fuUpT0eeqFjdPmpVgvaFqKpg15uhc4D7o3t8ax o0fZwPHVOvQr1SxDG7OQhtm0rX108aXInSVNPlaAn1iIBn2m/K2uWPxSakzNIFKkKHCQ zxMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=uJkBPPW/Yt3A3EOC8SeWrFhIFaCcTbW01/j3TO1HL4k=; b=KbftstGxtX4UsHSbh6ipdeumB/OiK0kWzEvwhyG+FP0I6SKiK2GjJv4Wj3DuUsrNTX 2e+0m+a30L0p5t60YnCnPu+qWlRGhlbtoRPCY3oDu/2Nmr631V4liSuHTEuYHjc0JjfV GCmzh1ImV+O+8NPbYU6lKII+i5CUTsAu4Mi9Hii+UGkkJInxBxFS5LT2JyHWaG1IIe8y +LF0XfAknAwkizie0ALAma6mVgl/62yIY1MKBVEpgp/vcpJ5asJfxTXSEN0qT+xM2/or gvA/Jb4Vh7R6jGorfiQd9uNoMeQQGb6xUBZL/VutZpfQSBh1fLHZxUdTxco8k545pLE7 kNmQ== X-Gm-Message-State: AOAM532TF/LlonUZgrxYmI6X+bFGGBgzMqERf2QlrgWlm4OzUW2IeWVZ VCMlfQuhdtxzABPe2dKQgH8= X-Google-Smtp-Source: ABdhPJzRnTKAPVdh2PKiTt4qZ/LBQzgHl6BGEaMONmqw3QzS/CFrHU9RK+u9+wbuFNxSNTlfJ/PEJQ== X-Received: by 2002:a63:454e:: with SMTP id u14mr11291548pgk.113.1611792932995; Wed, 27 Jan 2021 16:15:32 -0800 (PST) Received: from localhost.localdomain ([45.124.203.14]) by smtp.gmail.com with ESMTPSA id x19sm3529239pff.192.2021.01.27.16.15.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Jan 2021 16:15:31 -0800 (PST) From: Joel Stanley To: Andrew Jeffery , Klaus Heinrich Kiwi , Ryan Chen , openbmc@lists.ozlabs.org Subject: [PATCH u-boot v2019.04-aspeed-openbmc v3 1/4] ast2600: Allow selection of SPL boot devices Date: Thu, 28 Jan 2021 10:45:17 +1030 Message-Id: <20210128001521.266883-2-joel@jms.id.au> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210128001521.266883-1-joel@jms.id.au> References: <20210128001521.266883-1-joel@jms.id.au> MIME-Version: 1.0 X-BeenThere: openbmc@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development list for OpenBMC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openbmc-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "openbmc" The AST2600 SPL can boot from a number of sources, with or without the AST2600 secure boot feature. It may be desirable to disable some of these, so put them behind the defines for the drivers that are used. Reviewed-by: Klaus Heinrich Kiwi Signed-off-by: Joel Stanley Reviewed-by: Andrew Jeffery --- arch/arm/mach-aspeed/ast2600/Kconfig | 12 ++++++++++++ arch/arm/mach-aspeed/ast2600/spl_boot.c | 9 +++++++++ 2 files changed, 21 insertions(+) diff --git a/arch/arm/mach-aspeed/ast2600/Kconfig b/arch/arm/mach-aspeed/ast2600/Kconfig index dd991e87c795..518f41b558d3 100644 --- a/arch/arm/mach-aspeed/ast2600/Kconfig +++ b/arch/arm/mach-aspeed/ast2600/Kconfig @@ -53,6 +53,18 @@ config TARGET_SLT_AST2600 endchoice +config ASPEED_SECBOOT_BL2 + bool "ASPEED secure boot BL2 support" + depends on ASPEED_AST2600 + help + Enable ASPEED's "secboot" secure boot support for verifying + the SPL's playload ("BL2"). + + Enable this is if you're using secure boot support in the AST2600 (or similar) + to verify your u-boot proper. + + Disable this is if you are using u-boot's vboot to verify u-boot. + source "board/aspeed/evb_ast2600a0/Kconfig" source "board/aspeed/evb_ast2600a1/Kconfig" source "board/aspeed/ncsi_ast2600a0/Kconfig" diff --git a/arch/arm/mach-aspeed/ast2600/spl_boot.c b/arch/arm/mach-aspeed/ast2600/spl_boot.c index 58a22f646e08..98cf72bf440d 100644 --- a/arch/arm/mach-aspeed/ast2600/spl_boot.c +++ b/arch/arm/mach-aspeed/ast2600/spl_boot.c @@ -42,6 +42,7 @@ static int aspeed_secboot_spl_ram_load_image(struct spl_image_info *spl_image, } SPL_LOAD_IMAGE_METHOD("RAM with Aspeed Secure Boot", 0, ASPEED_SECBOOT_DEVICE_RAM, aspeed_secboot_spl_ram_load_image); +#if IS_ENABLED(CONFIG_SPL_MMC_SUPPORT) static int aspeed_spl_mmc_load_image(struct spl_image_info *spl_image, struct spl_boot_device *bootdev) { @@ -101,6 +102,7 @@ static int aspeed_spl_mmc_load_image(struct spl_image_info *spl_image, } SPL_LOAD_IMAGE_METHOD("MMC", 0, ASPEED_BOOT_DEVICE_MMC, aspeed_spl_mmc_load_image); +#if IS_ENABLED(ASPEED_SECBOOT_BL2) static int aspeed_secboot_spl_mmc_load_image(struct spl_image_info *spl_image, struct spl_boot_device *bootdev) { @@ -161,7 +163,10 @@ static int aspeed_secboot_spl_mmc_load_image(struct spl_image_info *spl_image, return 0; } SPL_LOAD_IMAGE_METHOD("MMC with Aspeed Secure Boot", 0, ASPEED_SECBOOT_DEVICE_MMC, aspeed_secboot_spl_mmc_load_image); +#endif /* ASPEED_SECBOOT_BL2 */ +#endif +#if IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) static int getcymodem(void) { if (tstc()) @@ -204,6 +209,8 @@ end_stream: } SPL_LOAD_IMAGE_METHOD("UART", 0, ASPEED_BOOT_DEVICE_UART, aspeed_spl_ymodem_load_image); + +#if IS_ENABLED(ASPEED_SECBOOT_BL2) static int aspeed_secboot_spl_ymodem_load_image(struct spl_image_info *spl_image, struct spl_boot_device *bootdev) { @@ -245,3 +252,5 @@ end_stream: return ret; } SPL_LOAD_IMAGE_METHOD("UART with Aspeed Secure Boot", 0, ASPEED_SECBOOT_DEVICE_UART, aspeed_secboot_spl_ymodem_load_image); +#endif /* ASPEED_SECBOOT_BL2 */ +#endif From patchwork Thu Jan 28 00:15:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joel Stanley X-Patchwork-Id: 1432414 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DR1LX1dClz9sVv for ; Thu, 28 Jan 2021 11:19:32 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=Ubq+F+dO; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4DR1LW5CDpzDr4h for ; Thu, 28 Jan 2021 11:19:31 +1100 (AEDT) X-Original-To: openbmc@lists.ozlabs.org Delivered-To: openbmc@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gmail.com (client-ip=2607:f8b0:4864:20::1031; helo=mail-pj1-x1031.google.com; envelope-from=joel.stan@gmail.com; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=Ubq+F+dO; dkim-atps=neutral Received: from mail-pj1-x1031.google.com (mail-pj1-x1031.google.com [IPv6:2607:f8b0:4864:20::1031]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4DR1G41xMfzDr4M for ; Thu, 28 Jan 2021 11:15:40 +1100 (AEDT) Received: by mail-pj1-x1031.google.com with SMTP id jx18so2930130pjb.5 for ; Wed, 27 Jan 2021 16:15:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=2gZ56LZHqiWJBgyVH2pBnk15oUCJAzMTqjxEWSJOmNo=; b=Ubq+F+dOFn3cF8KRwnUWp+rRsxJPyWknGNbuCsuYJeyP6kNCjAWF8KLvmfB6mkOHgL HVRtEqJ8snCWgfyBZo8BH7OIkBRzYS6vjWnljKqNKXrrq3/iG9oMvpcANZvpfneZmD5U DTiTHnC/YK6gnreVYeXM8bcqazgn4T1xVMaFp8byqvrt4XD1aTKa0Me5ErpZgj5uzOp+ vBQ9muj7s8oHtsbsbEZP999Rch4Hmzqlk4D74CUew9oP3Gsf1eGPoBph9QGSL+3pW2JZ YN3yl4H+aagM09rpoU3X0JHVinPd3Zlapz+XyzpYs11AuHVXIreGuUz4ZHIGmTQ60F6n lPyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=2gZ56LZHqiWJBgyVH2pBnk15oUCJAzMTqjxEWSJOmNo=; b=n0qc7tQsKNx3AF4UcBtvGESBoW5WUkt8zU1I3P2d7xDrZADZt9bxY4z8RmrPFnvAdV 566+yanVIrBgYrRYosM+xyC0xq/CBbO2NgUbaA0C6v+FH+4Qz19YZNqjQ3zg8HFk8kN3 KS9yjXsVEIX4dTJpvS1hgBk8J7BEMih4euS9nGRVUOJF7Cu6L2X5XH08bPGLmS/9Jgdd 753KY4CkCZzDFUTmh4UD9mOZRdFQK8UFUH96cHT86JUGB/qFICcpNOwwSE4x6GSWcJmQ DmgCDD/GASQHLsC3ky8e04leL2pqXROCsFKsSGliV30wGN4GnrkU50PJ0BtC2Nea62d0 yxOw== X-Gm-Message-State: AOAM5315DT3OdCqIg0jKzbvrRM7y8+5U4+f0RgnMKyIZOG1tC882my7b q8Fr4qKL2Mb78e4oUtEhJcM= X-Google-Smtp-Source: ABdhPJy5WUPDmaFb8ZnF287el9cK1l/k+i1GuMspEx64iL9AHIWR7MxuXGGBbWmz4DceIyq4ic87yQ== X-Received: by 2002:a17:90a:df84:: with SMTP id p4mr8208729pjv.81.1611792936889; Wed, 27 Jan 2021 16:15:36 -0800 (PST) Received: from localhost.localdomain ([45.124.203.14]) by smtp.gmail.com with ESMTPSA id x19sm3529239pff.192.2021.01.27.16.15.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Jan 2021 16:15:35 -0800 (PST) From: Joel Stanley To: Andrew Jeffery , Klaus Heinrich Kiwi , Ryan Chen , openbmc@lists.ozlabs.org Subject: [PATCH u-boot v2019.04-aspeed-openbmc v3 2/4] config: ast2600: Reduce SPL image size Date: Thu, 28 Jan 2021 10:45:18 +1030 Message-Id: <20210128001521.266883-3-joel@jms.id.au> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210128001521.266883-1-joel@jms.id.au> References: <20210128001521.266883-1-joel@jms.id.au> MIME-Version: 1.0 X-BeenThere: openbmc@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development list for OpenBMC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openbmc-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "openbmc" This modifies some features of the SPL to ensure it fits in the 64KB payload size once we enable FIT signature verification in the SPL. We still build with thumb, as this is selected SYS_THUMB_BUILD (ie, the SPL defaults to thumb if u-boot proper is built with thumb). The not using the arch memcpy/memset changes save 668 bytes. The tiny memset saves 52 bytes. (Anyone who wants to test the runtime impact of these changes should do so!) The DOS_PARTITION change saves 229 bytes. In total, this set of options reduces the binary size by 1105 bytes with GCC 10. Signed-off-by: Joel Stanley Acked-by: Andrew Jeffery --- v3: - Drop unnecessary TPL banner change - Clarify thumb build - Add data on size impact of each change - Add DOS_PARTITION change to this patch - Move FIT_TINY to a different patch; with the reordering of patches FIT verification is not yet turned on when applying this patch --- configs/ast2600_openbmc_spl_emmc_defconfig | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/configs/ast2600_openbmc_spl_emmc_defconfig b/configs/ast2600_openbmc_spl_emmc_defconfig index 68d18652c980..26e8790cef87 100644 --- a/configs/ast2600_openbmc_spl_emmc_defconfig +++ b/configs/ast2600_openbmc_spl_emmc_defconfig @@ -2,8 +2,9 @@ CONFIG_ARM=y CONFIG_SYS_CONFIG_NAME="evb_ast2600a1_spl" CONFIG_SYS_DCACHE_OFF=y CONFIG_POSITION_INDEPENDENT=y -CONFIG_SPL_SYS_THUMB_BUILD=y CONFIG_SYS_THUMB_BUILD=y +# CONFIG_SPL_USE_ARCH_MEMCPY is not set +# CONFIG_SPL_USE_ARCH_MEMSET is not set CONFIG_SPL_LDSCRIPT="arch/$(ARCH)/mach-aspeed/ast2600/u-boot-spl.lds" CONFIG_ARCH_ASPEED=y CONFIG_SYS_TEXT_BASE=0x10000 @@ -80,6 +81,7 @@ CONFIG_CMD_EXT4_WRITE=y CONFIG_CMD_FAT=y CONFIG_CMD_FS_GENERIC=y CONFIG_CMD_MTDPARTS=y +# CONFIG_SPL_DOS_PARTITION is not set # CONFIG_SPL_EFI_PARTITION is not set CONFIG_SPL_OF_CONTROL=y CONFIG_ENV_IS_IN_MMC=y @@ -125,6 +127,7 @@ CONFIG_DM_SPI=y CONFIG_SYSRESET=y CONFIG_WDT=y CONFIG_USE_TINY_PRINTF=y +CONFIG_SPL_TINY_MEMSET=y CONFIG_TPM=y CONFIG_SPL_TPM=y # CONFIG_EFI_LOADER is not set From patchwork Thu Jan 28 00:15:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joel Stanley X-Patchwork-Id: 1432415 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DR1NB2j03z9sVs for ; Thu, 28 Jan 2021 11:20:58 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=XuT4eE27; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4DR1N95brpzDqMr for ; Thu, 28 Jan 2021 11:20:57 +1100 (AEDT) X-Original-To: openbmc@lists.ozlabs.org Delivered-To: openbmc@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gmail.com (client-ip=2607:f8b0:4864:20::635; helo=mail-pl1-x635.google.com; envelope-from=joel.stan@gmail.com; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=XuT4eE27; dkim-atps=neutral Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4DR1G76ksHzDr5k for ; Thu, 28 Jan 2021 11:15:43 +1100 (AEDT) Received: by mail-pl1-x635.google.com with SMTP id 31so2179729plb.10 for ; Wed, 27 Jan 2021 16:15:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=B/QjVUdX1qO2B7Vwm7OOOX/e+4j7K/R5/brlUz2N3fE=; b=XuT4eE27CECCRIPzOeb+eCIrPcwfrn2yUuLwc4N4XT8gDvo7uT2ZVxS42+mbao4xpZ bJioFWgDRSVuykDhSqPLi6LUEmrlcixJRtkOhTIXnwh5AKYEODCFTeFeVvYxrRNGJxng vusxRK076uWUqPSbno2LU9xYswU2ZbDFDhXRiMfsCUzBwMA0zNu5ez0WxTRXYJmP8fDz 01h4wBtXLwc4fM4nJyIfCavvxnue+Qt77QsjvclnjNvPzX1dlcwrtLv1SGAmnXNVIz3T RIpMWpvEno998L9aqCQNpnAWJYGpiYPNhvM1aljR9Os5r1/aceCLaoKfCDNf10ncsR0W /KaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=B/QjVUdX1qO2B7Vwm7OOOX/e+4j7K/R5/brlUz2N3fE=; b=GaosiUINs2LSIWswBRTv3Kbau1/niq0CBmJdoUCrL3A/4UpnDG44ioqoAMKvvIFpSU LPAqb6Vl68gVGv0ebfLpwezW3uTXiI2+1iXuQe3f7flJn3DpRSmVjTMLbMAI59jm6SaZ 1pBYYbRct5Fh9j/oy/E6gfzlsWBO9/X1vD4AhNFspNhqQpVsJ34C//H4Cnb9nzuC3M3v 6QDzxoMQDKFls7r6IM4qQHP0DSgTeOYKBs0z7oy9OUNQ9kvIoMczvuDflGCRlv3RWPUy ZZW+l7mqhTa9hNxT7b592X6Qhd0BA4Lp+PfXq5jo4RBLXU8Srod+82BRhbx4pgkwKpBx vkvg== X-Gm-Message-State: AOAM5316H0xkcAJhTeR3dzEO8/QwAcAAJc8Pk/U7nM4AoVCBVIst9wTW WXzgO9zHaXgcUm4D0PiSW+E= X-Google-Smtp-Source: ABdhPJy0nTdtZFQI2VeWxd/MO3nlkane+N3s0C/cSig5Fyp4gyqjWjkRoMJA42goRiwJcHNC64ckJA== X-Received: by 2002:a17:90b:4ad2:: with SMTP id mh18mr8197236pjb.137.1611792940588; Wed, 27 Jan 2021 16:15:40 -0800 (PST) Received: from localhost.localdomain ([45.124.203.14]) by smtp.gmail.com with ESMTPSA id x19sm3529239pff.192.2021.01.27.16.15.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Jan 2021 16:15:39 -0800 (PST) From: Joel Stanley To: Andrew Jeffery , Klaus Heinrich Kiwi , Ryan Chen , openbmc@lists.ozlabs.org Subject: [PATCH u-boot v2019.04-aspeed-openbmc v3 3/4] ast2600: Modify SPL SRAM layout Date: Thu, 28 Jan 2021 10:45:19 +1030 Message-Id: <20210128001521.266883-4-joel@jms.id.au> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210128001521.266883-1-joel@jms.id.au> References: <20210128001521.266883-1-joel@jms.id.au> MIME-Version: 1.0 X-BeenThere: openbmc@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development list for OpenBMC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openbmc-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "openbmc" The SRAM is 89KB on the A1 and beyond: 0x1000_0000 to 0x1000_ffff: 64KB, with parity check 0x1001_0000 to 0x1001_5fff: 24KB, w/o parity check 0x1001_6000 to 0x1001_63ff: 1KB, w/o parity check, each byte write once Allow the image to fill the full 64KB payload size (max that secure boot supports) and place the stack at the top of the 24KB of SRAM. Acked-by: Andrew Jeffery Signed-off-by: Joel Stanley --- v3: reoorder patch include/configs/evb_ast2600a1_spl.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/configs/evb_ast2600a1_spl.h b/include/configs/evb_ast2600a1_spl.h index 69f3c32ce1d5..a39988820add 100644 --- a/include/configs/evb_ast2600a1_spl.h +++ b/include/configs/evb_ast2600a1_spl.h @@ -25,8 +25,8 @@ /* SPL */ #define CONFIG_SPL_TEXT_BASE 0x00000000 -#define CONFIG_SPL_MAX_SIZE 0x0000E800 -#define CONFIG_SPL_STACK 0x10010000 +#define CONFIG_SPL_MAX_SIZE 0x00010000 +#define CONFIG_SPL_STACK 0x10016000 #define CONFIG_SPL_BSS_START_ADDR 0x90000000 #define CONFIG_SPL_BSS_MAX_SIZE 0x00100000 From patchwork Thu Jan 28 00:15:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joel Stanley X-Patchwork-Id: 1432416 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DR1Pk1S7Dz9sVv for ; Thu, 28 Jan 2021 11:22:18 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=gbf6TJrg; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4DR1Pj6bVFzDqBW for ; Thu, 28 Jan 2021 11:22:17 +1100 (AEDT) X-Original-To: openbmc@lists.ozlabs.org Delivered-To: openbmc@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gmail.com (client-ip=2607:f8b0:4864:20::1035; helo=mail-pj1-x1035.google.com; envelope-from=joel.stan@gmail.com; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=gbf6TJrg; dkim-atps=neutral Received: from mail-pj1-x1035.google.com (mail-pj1-x1035.google.com [IPv6:2607:f8b0:4864:20::1035]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4DR1GC5xhmzDr43 for ; Thu, 28 Jan 2021 11:15:47 +1100 (AEDT) Received: by mail-pj1-x1035.google.com with SMTP id l18so2934516pji.3 for ; Wed, 27 Jan 2021 16:15:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=k5FxfkQgJxX+Y+Mv01I55bzM0/UvvDUSkJ505ezrpIc=; b=gbf6TJrg7Uus6t01DAGNhqY0PnsrQTsnFsdJwPJY38LEf1SfXZB5fFEPYy/dDXAEt1 0lt31tv8AYp0SGbyOvEYlfivaJDGvUSr6qLUgI3lkOJssxuPrElHQzKRGFttcmtEnV9G 839gvzU1x8TEZj+szi+JnlYJFrYoSLfXyF+bQO8Z4JPigro2TtfLNK1HIAHPWSZjsmkk 39cK3CPZzt63IpoKs96/BjFfjMgDiwLHFfFkUrvHCd1seFc307eBTsyt/LgLySgA7Cwy VEpDGBwj1cwmkR/fwwdFm4HqXli3r6T3PuE8w2Dr1d+q/2mq5WYSDzXioI9ZGftJlBDE QbYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=k5FxfkQgJxX+Y+Mv01I55bzM0/UvvDUSkJ505ezrpIc=; b=EuUvUEWN/YOBBCcZe0d1ZGzpFmX3e2XCB2GpaG32r0iz9haTq+zIBssTa06PXsJqxg hfCKEZ3ZhAh4qVl2qKiwt7bCdcI8EegmFhFGQisWmmjoyplJSQL8d5fPYlGZwgfSe4+N VGk/2oACxTBFYrhcSRi74Z829bjUR+gf16gBgVoZKAt6NDEX5fkMVWiEouC6XwMJlRer KibvuS3lTE92fkMB2v5DsrXZpsrKhBs7u28OoJEAe/nTebl9deW08TutlMK9syIkB7p/ zhJj8dRnAHOWgmbaFOXAwNiLhcRgNzi2IkeSy+Ez8MHRd+YD8vu8CfL971jVuARWsExf bnaw== X-Gm-Message-State: AOAM532IyNsAp/lSRCBu0A35se5qhxfvoF3RGOM7G2ilLZb5Xq3UzLLK l4jNoHf3SPjW0pvj9r72oIy9G0/PCP0= X-Google-Smtp-Source: ABdhPJy9NpAC6aiZEQ6InZb1WxocRtmSk3R6tniajjQ+ZvvGT98+BtICQOCqW9U2LAIv3j0weY8Ujg== X-Received: by 2002:a17:90a:c82:: with SMTP id v2mr8303842pja.171.1611792944304; Wed, 27 Jan 2021 16:15:44 -0800 (PST) Received: from localhost.localdomain ([45.124.203.14]) by smtp.gmail.com with ESMTPSA id x19sm3529239pff.192.2021.01.27.16.15.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Jan 2021 16:15:43 -0800 (PST) From: Joel Stanley To: Andrew Jeffery , Klaus Heinrich Kiwi , Ryan Chen , openbmc@lists.ozlabs.org Subject: [PATCH u-boot v2019.04-aspeed-openbmc v3 4/4] config: ast2600: Enable FIT signature verification Date: Thu, 28 Jan 2021 10:45:20 +1030 Message-Id: <20210128001521.266883-5-joel@jms.id.au> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210128001521.266883-1-joel@jms.id.au> References: <20210128001521.266883-1-joel@jms.id.au> MIME-Version: 1.0 X-BeenThere: openbmc@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development list for OpenBMC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openbmc-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "openbmc" This turns on FIT signature verification for the OpenBMC SPL configuration, for both the SPL and u-boot. This enables rsa and sha algorithms for verifying the signature of the u-boot FIT when loading it. FIT_IMAGE_TINY is selected to save approx 3KB from the image size. Signed-off-by: Joel Stanley Acked-by: Andrew Jeffery --- v3: Move SPL_FIT_IMAGE_TINY to this patch --- configs/ast2600_openbmc_spl_emmc_defconfig | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/configs/ast2600_openbmc_spl_emmc_defconfig b/configs/ast2600_openbmc_spl_emmc_defconfig index 26e8790cef87..6daf6343478b 100644 --- a/configs/ast2600_openbmc_spl_emmc_defconfig +++ b/configs/ast2600_openbmc_spl_emmc_defconfig @@ -36,6 +36,9 @@ CONFIG_ARMV7_BOOT_SEC_DEFAULT=y CONFIG_ARMV7_PSCI_NR_CPUS=2 CONFIG_NR_DRAM_BANKS=1 CONFIG_FIT=y +CONFIG_FIT_SIGNATURE=y +CONFIG_SPL_FIT_SIGNATURE=y +CONFIG_SPL_LOAD_FIT=y CONFIG_USE_BOOTARGS=y CONFIG_BOOTARGS="console=ttyS4,115200n8 root=/dev/ram rw" CONFIG_USE_BOOTCOMMAND=y @@ -49,6 +52,7 @@ CONFIG_BOARD_EARLY_INIT_F=y CONFIG_SPL_SYS_MALLOC_SIMPLE=y CONFIG_SPL_STACK_R=y CONFIG_SPL_SEPARATE_BSS=y +CONFIG_SPL_FIT_IMAGE_TINY=y CONFIG_SPL_DM_RESET=y CONFIG_SPL_RAM_SUPPORT=y CONFIG_SPL_RAM_DEVICE=y