- Add SD secure boot target for ls1046ardb. - Implement board specific spl_board_init() to setup CAAM stream ID and corresponding stream ID in SMMU. - Change the u-boot size defined by a macro for copying the main U-Boot by SPL to also include the u-boot Secure Boot header size as header is appended to u-boot image. So header will also be copied from SD to DDR. - CONFIG_MAX_SPL_SIZE is limited to 90K.SPL is copied to OCRAM (128K) where 32K are reserved for use by boot ROM and 6K for the header
Signed-off-by: Vinitha Pillai-B57223 vinitha.pillai@nxp.com Signed-off-by: Sumit Garg sumit.garg@nxp.com Signed-off-by: Ruchika Gupta ruchika.gupta@nxp.com --- The patchset is dependent on the following patches: https://patchwork.ozlabs.org/patch/717614/ http://patchwork.ozlabs.org/patch/724332/ http://patchwork.ozlabs.org/patch/729932/ http://patchwork.ozlabs.org/patch/729980/
arch/arm/include/asm/fsl_secure_boot.h | 2 +- board/freescale/ls1046ardb/ls1046ardb.c | 19 +++++++++++ configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig | 45 +++++++++++++++++++++++++ include/configs/ls1046a_common.h | 17 ++++++++-- include/configs/ls1046ardb.h | 1 - 5 files changed, 79 insertions(+), 5 deletions(-) create mode 100644 configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index 2f719c0..f612088 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -92,7 +92,7 @@ /* For SD boot address and size are assigned in terms of sector * offset and no. of sectors respectively. */ -#if defined(CONFIG_LS1043A) +#if defined(CONFIG_LS1043A) || defined(CONFIG_LS1046A) #define CONFIG_BS_HDR_ADDR_DEVICE 0x00000920 #else #define CONFIG_BS_HDR_ADDR_DEVICE 0x00000900 diff --git a/board/freescale/ls1046ardb/ls1046ardb.c b/board/freescale/ls1046ardb/ls1046ardb.c index bb03479..0087c73 100644 --- a/board/freescale/ls1046ardb/ls1046ardb.c +++ b/board/freescale/ls1046ardb/ls1046ardb.c @@ -38,6 +38,25 @@ int board_early_init_f(void) return 0; }
+#if defined(CONFIG_SPL_BUILD) +void spl_board_init(void) +{ +#ifdef CONFIG_SECURE_BOOT + /* + * In case of Secure Boot, the IBR configures the SMMU + * to allow only Secure transactions. + * SMMU must be reset in bypass mode. + * Set the ClientPD bit and Clear the USFCFG Bit + */ + u32 val; + val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK); + out_le32(SMMU_SCR0, val); + val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK); + out_le32(SMMU_NSCR0, val); +#endif +} +#endif + #ifndef CONFIG_SPL_BUILD int checkboard(void) { diff --git a/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig b/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig new file mode 100644 index 0000000..a41ec80 --- /dev/null +++ b/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig @@ -0,0 +1,45 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS1046ARDB=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1046a-rdb" +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_SYS_EXTRA_OPTIONS="RAMBOOT_PBL,SPL_FSL_PBL" +CONFIG_SECURE_BOOT=y +CONFIG_SD_BOOT=y +CONFIG_BOOTDELAY=10 +CONFIG_SPL=y +CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y +CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x110 +CONFIG_HUSH_PARSER=y +# CONFIG_CMD_IMLS is not set +CONFIG_CMD_GPT=y +CONFIG_CMD_MMC=y +CONFIG_CMD_SF=y +CONFIG_CMD_I2C=y +CONFIG_CMD_DHCP=y +CONFIG_CMD_MII=y +CONFIG_CMD_PING=y +CONFIG_CMD_CACHE=y +CONFIG_CMD_EXT2=y +CONFIG_CMD_FAT=y +# CONFIG_SPL_EFI_PARTITION is not set +CONFIG_OF_CONTROL=y +CONFIG_DM=y +CONFIG_SPL_DM=y +CONFIG_SPI_FLASH=y +CONFIG_NETDEVICES=y +CONFIG_E1000=y +CONFIG_PCI=y +CONFIG_DM_PCI=y +CONFIG_DM_PCI_COMPAT=y +CONFIG_PCIE_LAYERSCAPE=y +CONFIG_SYS_NS16550=y +CONFIG_DM_SPI=y +CONFIG_FSL_QSPI=y +CONFIG_USB=y +CONFIG_DM_USB=y +CONFIG_RSA=y +CONFIG_SPL_RSA=y +CONFIG_SPL_CRYPTO_SUPPORT=y +CONFIG_SPL_HASH_SUPPORT=y diff --git a/include/configs/ls1046a_common.h b/include/configs/ls1046a_common.h index c884b95..241e679 100644 --- a/include/configs/ls1046a_common.h +++ b/include/configs/ls1046a_common.h @@ -13,7 +13,6 @@ #define CONFIG_GICV2
#include <asm/arch/config.h> - /* Link Definitions */ #define CONFIG_SYS_INIT_SP_ADDR (CONFIG_SYS_FSL_OCRAM_BASE + 0xfff0)
@@ -68,7 +67,19 @@ #define CONFIG_SYS_SPL_MALLOC_START (CONFIG_SPL_BSS_START_ADDR + \ CONFIG_SPL_BSS_MAX_SIZE) #define CONFIG_SYS_SPL_MALLOC_SIZE 0x100000 -#define CONFIG_SYS_MONITOR_LEN 0xa0000 + +#ifdef CONFIG_SECURE_BOOT +#define CONFIG_U_BOOT_HDR_SIZE (16 << 10) +/* + * HDR would be appended at end of image and copied to DDR along + * with U-Boot image. Here u-boot max. size is 512K. So if binary + * size increases then increase this size in case of secure boot as + * it uses raw u-boot image instead of fit image. + */ +#define CONFIG_SYS_MONITOR_LEN (0x100000 + CONFIG_U_BOOT_HDR_SIZE) +#else +#define CONFIG_SYS_MONITOR_LEN 0x100000 +#endif /* ifdef CONFIG_SECURE_BOOT */ #endif
/* NAND SPL */ @@ -88,7 +99,7 @@ #define CONFIG_SPL_NAND_SUPPORT #define CONFIG_SPL_DRIVERS_MISC_SUPPORT #define CONFIG_SPL_TEXT_BASE 0x10000000 -#define CONFIG_SPL_MAX_SIZE 0x1d000 /* 116 KiB */ +#define CONFIG_SPL_MAX_SIZE 0x17000 /* 90 KiB */ #define CONFIG_SPL_STACK 0x1001f000 #define CONFIG_SYS_NAND_U_BOOT_DST CONFIG_SYS_TEXT_BASE #define CONFIG_SYS_NAND_U_BOOT_START CONFIG_SYS_TEXT_BASE diff --git a/include/configs/ls1046ardb.h b/include/configs/ls1046ardb.h index 7eaa69e..e4236cf 100644 --- a/include/configs/ls1046ardb.h +++ b/include/configs/ls1046ardb.h @@ -8,7 +8,6 @@ #define __LS1046ARDB_H__
#include "ls1046a_common.h" - #ifdef CONFIG_SD_BOOT #define CONFIG_SYS_TEXT_BASE 0x82000000 #else