The patch set adds support for next level image validation (linux, rootfs, dtb) in secure boot scenarios.
The patch set adds the following functaionality : 1. In secure boot, PAMU is not in bypassed mode. For validating next level images, CAAM block needs to be accessed. In order to access the CAAM block, first PAMU needs to be configured to allow access to CAAM block from core. This patch set adds the basic driver for PAMU.
2. Support has been added for using job ring interface of SEC block to do cryptographic operations. Descriptors for the following crypto operations have been added a) RSA modular exponentiation b) SHA-256 c) cryptographic blob encryption/decryption
3. esbc_validate command added which uses the SEC block and verifies the images. esbc_validate command is meant for validating header and signature of images (Boot Script and ESBC uboot client). SHA-256 and RSA operations are performed using SEC block in HW. This command works on both high-end (P4080) and low-end (P1010) platforms.
Ruchika Gupta (5): arch/powerpc/cpu/mpc8xxx: PAMU driver support powerpc/pamu : PAMU configuration for accessing SEC block drivers/sec : Freescale SEC driver FSL SEC Driver : Add support for descriptor creation Added command for validation of images in case of secure boot
Makefile | 1 + arch/powerpc/cpu/mpc85xx/Makefile | 2 + arch/powerpc/cpu/mpc85xx/cmd_esbc_validate.c | 54 + arch/powerpc/cpu/mpc85xx/cpu_init.c | 17 + arch/powerpc/cpu/mpc85xx/fsl_sfp_snvs.c | 163 +++ arch/powerpc/cpu/mpc85xx/fsl_validate.c | 543 +++++++++ arch/powerpc/cpu/mpc8xxx/Makefile | 3 +- arch/powerpc/cpu/mpc8xxx/fsl_pamu.c | 488 ++++++++ arch/powerpc/cpu/mpc8xxx/fsl_pamu_table.c | 68 ++ arch/powerpc/include/asm/fsl_pamu.h | 194 ++++ arch/powerpc/include/asm/fsl_secure_boot.h | 68 ++- arch/powerpc/include/asm/fsl_sfp_snvs.h | 42 + arch/powerpc/include/asm/immap_85xx.h | 121 ++- arch/powerpc/include/asm/types.h | 5 +- drivers/sec/Makefile | 46 + drivers/sec/error.c | 259 +++++ drivers/sec/jobdesc.c | 157 +++ drivers/sec/jr.c | 319 +++++ drivers/sec/rsa_sec.c | 95 ++ drivers/sec/sha.c | 111 ++ include/desc.h | 1605 ++++++++++++++++++++++++++ include/desc_constr.h | 200 ++++ include/jobdesc.h | 55 + include/jr.h | 129 ++ include/rsa_sec.h | 59 + include/sha.h | 100 ++ 26 files changed, 4900 insertions(+), 4 deletions(-) create mode 100644 arch/powerpc/cpu/mpc85xx/cmd_esbc_validate.c create mode 100644 arch/powerpc/cpu/mpc85xx/fsl_sfp_snvs.c create mode 100644 arch/powerpc/cpu/mpc85xx/fsl_validate.c create mode 100644 arch/powerpc/cpu/mpc8xxx/fsl_pamu.c create mode 100644 arch/powerpc/cpu/mpc8xxx/fsl_pamu_table.c create mode 100644 arch/powerpc/include/asm/fsl_pamu.h create mode 100644 arch/powerpc/include/asm/fsl_sfp_snvs.h create mode 100644 drivers/sec/Makefile create mode 100644 drivers/sec/error.c create mode 100644 drivers/sec/jobdesc.c create mode 100644 drivers/sec/jr.c create mode 100644 drivers/sec/rsa_sec.c create mode 100644 drivers/sec/sha.c create mode 100644 include/desc.h create mode 100644 include/desc_constr.h create mode 100644 include/jobdesc.h create mode 100644 include/jr.h create mode 100644 include/rsa_sec.h create mode 100644 include/sha.h