Secure Boot Target is added for NAND for P3041. Changes: In PowerPC, the core begins execution from address 0xFFFFFFFC. In case of secure boot, this default address maps to Boot ROM. The Boot ROM code requires that the bootloader(U-boot) must lie in 0 to 3.5G address space i.e. 0x0 - 0xDFFFFFFF.
In case of NAND Secure Boot, CONFIG_SYS_RAMBOOT is enabled and CPC is configured as SRAM. U-Boot binary will be located on SRAM configured at address 0xBFF00000. In the U-Boot code, TLB entries are created to map the virtual address 0xFFF00000 to physical address 0xBFF00000 of CPC configured as SRAM.
Signed-off-by: Saksham Jain saksham@freescale.com Signed-off-by: Ruchika Gupta ruchika.gupta@freescale.com Signed-off-by: Aneesh Bansal aneesh.bansal@freescale.com --- Changes in v7: Created TLB entry to map virtual address 0xFFF00000 to physical address 0xBFF00000 as per discussion.
Makefile | 4 ++++ arch/powerpc/cpu/mpc85xx/start.S | 11 +++++++++++ arch/powerpc/include/asm/fsl_secure_boot.h | 5 +++++ board/freescale/common/p_corenet/tlb.c | 15 +++++++++++++++ board/freescale/corenet_ds/MAINTAINERS | 5 +++++ configs/P3041DS_NAND_SECURE_BOOT_defconfig | 4 ++++ include/configs/corenet_ds.h | 8 ++++++++ 7 files changed, 52 insertions(+) create mode 100644 configs/P3041DS_NAND_SECURE_BOOT_defconfig
diff --git a/Makefile b/Makefile index 0a674bf..1753709 100644 --- a/Makefile +++ b/Makefile @@ -737,8 +737,12 @@ ALL-$(CONFIG_ONENAND_U_BOOT) += u-boot-onenand.bin ifeq ($(CONFIG_SPL_FSL_PBL),y) ALL-$(CONFIG_RAMBOOT_PBL) += u-boot-with-spl-pbl.bin else +ifneq ($(CONFIG_SECURE_BOOT), y) +# For Secure Boot The Image needs to be signed and Header must also +# be included. So The image has to be built explicitly ALL-$(CONFIG_RAMBOOT_PBL) += u-boot.pbl endif +endif ALL-$(CONFIG_SPL) += spl/u-boot-spl.bin ALL-$(CONFIG_SPL_FRAMEWORK) += u-boot.img ALL-$(CONFIG_TPL) += tpl/u-boot-tpl.bin diff --git a/arch/powerpc/cpu/mpc85xx/start.S b/arch/powerpc/cpu/mpc85xx/start.S index e61d8e0..a70fb71 100644 --- a/arch/powerpc/cpu/mpc85xx/start.S +++ b/arch/powerpc/cpu/mpc85xx/start.S @@ -1052,6 +1052,17 @@ create_init_ram_area: CONFIG_SYS_MONITOR_BASE & 0xfff00000, MAS2_I|MAS2_G, \ CONFIG_SYS_PBI_FLASH_WINDOW & 0xfff00000, MAS3_SX|MAS3_SW|MAS3_SR, \ 0, r6 + +#elif defined(CONFIG_RAMBOOT_PBL) && defined(CONFIG_SECURE_BOOT) + /* create a temp mapping in AS = 1 for mapping CONFIG_SYS_MONITOR_BASE + * to L3 Address configured by PBL for ISBC code + */ + create_tlb1_entry 15, \ + 1, BOOKE_PAGESZ_1M, \ + CONFIG_SYS_MONITOR_BASE & 0xfff00000, MAS2_I|MAS2_G, \ + CONFIG_SYS_INIT_L3_ADDR & 0xfff00000, MAS3_SX|MAS3_SW|MAS3_SR, \ + 0, r6 + #else /* * create a temp mapping in AS=1 to the 1M CONFIG_SYS_MONITOR_BASE space, the main diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h index 8f794ef..cc33466 100644 --- a/arch/powerpc/include/asm/fsl_secure_boot.h +++ b/arch/powerpc/include/asm/fsl_secure_boot.h @@ -46,6 +46,11 @@ #define CONFIG_SYS_INIT_L3_ADDR 0xbff00000 #endif
+#if defined(CONFIG_RAMBOOT_PBL) +#undef CONFIG_SYS_INIT_L3_ADDR +#define CONFIG_SYS_INIT_L3_ADDR 0xbff00000 +#endif + #if defined(CONFIG_C29XPCIE) #define CONFIG_KEY_REVOCATION #endif diff --git a/board/freescale/common/p_corenet/tlb.c b/board/freescale/common/p_corenet/tlb.c index 8148e46..56e4f63 100644 --- a/board/freescale/common/p_corenet/tlb.c +++ b/board/freescale/common/p_corenet/tlb.c @@ -43,6 +43,8 @@ struct fsl_e_tlb_entry tlb_table[] = { /* TLB 1 */ /* *I*** - Covers boot page */ #if defined(CONFIG_SYS_RAMBOOT) && defined(CONFIG_SYS_INIT_L3_ADDR) + +#if !defined(CONFIG_SECURE_BOOT) /* * *I*G - L3SRAM. When L3 is used as 1M SRAM, the address of the * SRAM is at 0xfff00000, it covered the 0xfffff000. @@ -50,6 +52,19 @@ struct fsl_e_tlb_entry tlb_table[] = { SET_TLB_ENTRY(1, CONFIG_SYS_INIT_L3_ADDR, CONFIG_SYS_INIT_L3_ADDR, MAS3_SX|MAS3_SW|MAS3_SR, MAS2_I|MAS2_G, 0, 0, BOOKE_PAGESZ_1M, 1), +#else + /* + * *I*G - L3SRAM. When L3 is used as 1M SRAM, in case of Secure Boot + * the physical address of the SRAM is at CONFIG_SYS_INIT_L3_ADDR, + * and virtual address is CONFIG_SYS_MONITOR_BASE + */ + + SET_TLB_ENTRY(1, CONFIG_SYS_MONITOR_BASE & 0xfff00000, + CONFIG_SYS_INIT_L3_ADDR & 0xfff00000, + MAS3_SX|MAS3_SW|MAS3_SR, MAS2_I|MAS2_G, + 0, 0, BOOKE_PAGESZ_1M, 1), +#endif + #elif defined(CONFIG_SRIO_PCIE_BOOT_SLAVE) /* * SRIO_PCIE_BOOT-SLAVE. When slave boot, the address of the diff --git a/board/freescale/corenet_ds/MAINTAINERS b/board/freescale/corenet_ds/MAINTAINERS index 745847c..6855446 100644 --- a/board/freescale/corenet_ds/MAINTAINERS +++ b/board/freescale/corenet_ds/MAINTAINERS @@ -28,3 +28,8 @@ F: configs/P5040DS_NAND_defconfig F: configs/P5040DS_SDCARD_defconfig F: configs/P5040DS_SPIFLASH_defconfig F: configs/P5040DS_SECURE_BOOT_defconfig + +CORENET_DS_SECURE_BOOT BOARD +M: Aneesh Bansal aneesh.bansal@freescale.com +S: Maintained +F: configs/P3041DS_NAND_SECURE_BOOT_defconfig diff --git a/configs/P3041DS_NAND_SECURE_BOOT_defconfig b/configs/P3041DS_NAND_SECURE_BOOT_defconfig new file mode 100644 index 0000000..757f326 --- /dev/null +++ b/configs/P3041DS_NAND_SECURE_BOOT_defconfig @@ -0,0 +1,4 @@ +CONFIG_SYS_EXTRA_OPTIONS="RAMBOOT_PBL,NAND,SECURE_BOOT,SYS_TEXT_BASE=0xFFF40000" +CONFIG_PPC=y +CONFIG_MPC85xx=y +CONFIG_TARGET_P3041DS=y diff --git a/include/configs/corenet_ds.h b/include/configs/corenet_ds.h index bf765af..2ec7fd4f 100644 --- a/include/configs/corenet_ds.h +++ b/include/configs/corenet_ds.h @@ -16,6 +16,13 @@ #include "../board/freescale/common/ics307_clk.h"
#ifdef CONFIG_RAMBOOT_PBL +#ifdef CONFIG_SECURE_BOOT +#define CONFIG_RAMBOOT_TEXT_BASE CONFIG_SYS_TEXT_BASE +#define CONFIG_RESET_VECTOR_ADDRESS 0xfffffffc +#ifdef CONFIG_NAND +#define CONFIG_RAMBOOT_NAND +#endif +#else #define CONFIG_RAMBOOT_TEXT_BASE CONFIG_SYS_TEXT_BASE #define CONFIG_RESET_VECTOR_ADDRESS 0xfffffffc #define CONFIG_SYS_FSL_PBL_PBI board/freescale/corenet_ds/pbi.cfg @@ -29,6 +36,7 @@ #define CONFIG_SYS_FSL_PBL_RCW board/freescale/corenet_ds/rcw_p5040ds.cfg #endif #endif +#endif
#ifdef CONFIG_SRIO_PCIE_BOOT_SLAVE /* Set 1M boot space */