Re: [U-Boot] [PATCH v3 0/7] Determine Boot mode at run time

27 Jan 2016


      ...
-----Original Message-----
From: Tom Rini [mailto:trini@konsulko.com]
Sent: Monday, January 25, 2016 9:06 PM
To: Aneesh Bansal aneesh.bansal@nxp.com
Cc: u-boot@lists.denx.de; Ruchika Gupta ruchika.gupta@nxp.com
Subject: Re: [U-Boot] [PATCH v3 0/7] Determine Boot mode at run time
On Fri, Jan 22, 2016 at 04:37:21PM +0530, Aneesh Bansal wrote:
...
There are two phases in Secure Boot

ISBC: In BootROM, validate the BootLoader (U-Boot).
ESBC: In U-Boot, continuing the Chain of Trust by
      validating and booting LINUX.

For ESBC phase, there is no difference in SoC's based on ARM or
PowerPC cores.
But the exit conditions after ISBC phase i.e. entry conditions for
U-Boot are different for ARM and PowerPC.
PowerPC:
========
If Secure Boot is executed, a separate U-Boot target is required which
must be compiled with a diffrent Text Base as compared to Non-Secure Boot.
There are some LAW and TLB settings which are required specifically
for Secure Boot scenario.
ARM:
ARM based SoC's have a fixed memory map and exit conditions from
BootROM are same irrespective of boot mode (Secure or Non-Secure).
This patchset is aimed at removing the requirement for a separate
Secure Boot target for ARM based SoC's.
Another Security Requirement for running CHAIN_OF_TRUST is that U-Boot
environemnt must not be picked from flash/external memory. This cannot
be done based on bootmode at run time in current U-Boot architecture.
Once this dependency is resolved, no separate SECURE_BOOT target will be
required for ARM based SoC's.
...
Currently, the only code under CONFIG_SECURE_BOOT for ARM SoC's is
defining CONFIG_ENV_IS_NOWHERE
The patches have been tested on LS1043, LS1021, P3041 and T1024.
The patch set is dependent on following:
http://patchwork.ozlabs.org/patch/553826/
Aneesh Bansal (7):
  include/configs: make secure boot header file include uniform
  include/configs: move definition of CONFIG_CMD_BLOB
  SECURE_BOOT: split the secure boot functionality in two parts
  create function to determine boot mode
  enable chain of trust for ARM platforms
  enable chain of trust for PowerPC platforms
  SECURE_BOOT: change error handler for esbc_validate
arch/arm/cpu/armv8/fsl-layerscape/soc.c            |   6 ++
 .../include/asm/arch-fsl-layerscape/immap_lsch2.h  |   3 +
 arch/arm/include/asm/arch-ls102xa/immap_ls102xa.h  |   2 +
 arch/arm/include/asm/fsl_secure_boot.h             |  20 +++-
 arch/powerpc/cpu/mpc85xx/cpu_init.c                |  14 +++
 arch/powerpc/include/asm/fsl_secure_boot.h         |  47 ++++++---
 arch/powerpc/include/asm/immap_85xx.h              |   3 +
 board/freescale/common/Makefile                    |   1 +
 board/freescale/common/cmd_esbc_validate.c         |   7 +-
 board/freescale/common/fsl_chain_of_trust.c        |  70 +++++++++++++
 board/freescale/common/fsl_validate.c              |   7 ++
 board/freescale/ls1021aqds/ls1021aqds.c            |   4 +
 board/freescale/ls1021atwr/ls1021atwr.c            |   4 +
 include/config_fsl_chain_trust.h                   | 101 ++++++++++++++++++
 include/config_fsl_secboot.h                       | 116 ---------------------
 include/configs/B4860QDS.h                         |   4 -
 include/configs/BSC9132QDS.h                       |   4 -
 include/configs/P1010RDB.h                         |   4 -
 include/configs/P2041RDB.h                         |   4 -
 include/configs/T102xQDS.h                         |  10 +-
 include/configs/T102xRDB.h                         |  10 +-
 include/configs/T1040QDS.h                         |   3 -
 include/configs/T104xRDB.h                         |   3 -
 include/configs/T208xQDS.h                         |   4 -
 include/configs/T208xRDB.h                         |   4 -
 include/configs/T4240QDS.h                         |   4 -
 include/configs/T4240RDB.h                         |   9 --
 include/configs/corenet_ds.h                       |   4 -
 include/configs/ls1021aqds.h                       |   5 +-
 include/configs/ls1021atwr.h                       |   5 +-
 include/configs/ls1043a_common.h                   |   8 ++
 include/configs/ls1043aqds.h                       |   2 +
 include/configs/ls1043ardb.h                       |   8 --
 include/fsl_validate.h                             |   2 +
 34 files changed, 299 insertions(+), 203 deletions(-)  create mode
100644 board/freescale/common/fsl_chain_of_trust.c
 create mode 100644 include/config_fsl_chain_trust.h  delete mode
100644 include/config_fsl_secboot.h
Looking at the config file changes, I think we need to move a bunch of this stuff to
Kconfig so that we can get these consistent and correct each time.
--
Tom
The patches move the common configs/defines from platform specific files to a common file fsl_secure_boot.h.
This is also done with the intention of making it consistent and avoiding correction each time for a new platform.
I will later work on restructuring the code to use Kconfig on top of these patches.
Aneesh