From: Ruchika Gupta ruchika.gupta@freescale.com

1. Create a temp mapping in AS=1 of CONFIG_SYS_MONITOR_BASE to the 1M CONFIG_SYS_PBI_FLASH_WINDOW (The CONFIG_SYS_PBI_FLASH_WINDOW is the address map for the flash created by PBL within 0 - 3.5G memory range. The u-boot image at this address has been validated by ISBC code) 2. Remove TLB entries for 0 - 3.5G created by ISBC code 3. Remove the LAW entry for the CONFIG_SYS_PBI_FLASH_WINDOW created by PBL after switch to AS = 1

Flow for secure-boot for which the changes have been made is given below: 1. User loads the u-boot image in flash 2. PBL creates LAW for Flash at 0xc0000000 (Please note that ISBC expects all these addresses, images to be validated, entry point etc within 0 - 3.5G range) 3. ISBC validates the u-boot image, and passes control to u-boot at 0xcffffffc.

Signed-off-by: Ruchika Gupta ruchika.gupta@freescale.com Acked-by: Scott Wood scottwood@freescale.com --- arch/powerpc/cpu/mpc85xx/cpu_init.c | 7 ++++ arch/powerpc/cpu/mpc85xx/cpu_init_early.c | 10 +++++- arch/powerpc/cpu/mpc85xx/start.S | 53 +++++++++++++++++++++++++++- arch/powerpc/include/asm/fsl_secure_boot.h | 40 +++++++++++++++++++++ boards.cfg | 1 + include/configs/corenet_ds.h | 4 ++ 6 files changed, 113 insertions(+), 2 deletions(-) create mode 100644 arch/powerpc/include/asm/fsl_secure_boot.h

diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init.c b/arch/powerpc/cpu/mpc85xx/cpu_init.c index 6f256cf..aafb007 100644 --- a/arch/powerpc/cpu/mpc85xx/cpu_init.c +++ b/arch/powerpc/cpu/mpc85xx/cpu_init.c @@ -239,6 +239,13 @@ void cpu_init_f (void) disable_tlb(14); disable_tlb(15);

+#ifdef CONFIG_SYS_ESBC_FLASH + /* Disable the LAW created for NOR flash by the PBI commands */ + struct law_entry law = find_law(CONFIG_SYS_PBI_FLASH_BASE); + if (law.index != -1) + disable_law(law.index); +#endif + #ifdef CONFIG_CPM2 config_8560_ioports((ccsr_cpm_t *)CONFIG_SYS_MPC85xx_CPM_ADDR); #endif diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init_early.c b/arch/powerpc/cpu/mpc85xx/cpu_init_early.c index 32aa94b..58397ec 100644 --- a/arch/powerpc/cpu/mpc85xx/cpu_init_early.c +++ b/arch/powerpc/cpu/mpc85xx/cpu_init_early.c @@ -1,5 +1,5 @@ /* - * Copyright 2009 Freescale Semiconductor, Inc + * Copyright 2009-2011 Freescale Semiconductor, Inc * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as @@ -108,5 +108,13 @@ void cpu_init_early_f(void)

init_laws(); invalidate_tlb(0); + +#if defined(CONFIG_SECURE_BOOT) +/* Disable the TLBs created by ISBC */ + for (i = CONFIG_SYS_ISBC_START_TLB; + i < CONFIG_SYS_ISBC_START_TLB + CONFIG_SYS_ISBC_NUM_TLBS; i++) + disable_tlb(i); +#endif + init_tlbs(); } diff --git a/arch/powerpc/cpu/mpc85xx/start.S b/arch/powerpc/cpu/mpc85xx/start.S index 5777493..0caa336 100644 --- a/arch/powerpc/cpu/mpc85xx/start.S +++ b/arch/powerpc/cpu/mpc85xx/start.S @@ -88,6 +88,45 @@

_start_e500:

+#ifdef CONFIG_SECURE_BOOT + /* ISBC uses L2 as stack. + Disable L2 cache here so that u-boot can enable it later + as part of it's normal flow + */ + + /* Check if L2 is enabled */ + mfspr r3, SPRN_L2CSR0 + lis r2, L2CSR0_L2E@h + ori r2, r2, L2CSR0_L2E@l + and. r4, r3, r2 + beq l2_disabled + + mfspr r3, SPRN_L2CSR0 + /* Flush L2 cache */ + lis r2,(L2CSR0_L2FL)@h + ori r2, r2, (L2CSR0_L2FL)@l + or r3, r2, r3 + sync + isync + mtspr SPRN_L2CSR0,r3 + isync +1: + mfspr r3, SPRN_L2CSR0 + and. r1, r3, r2 + bne 1b + + mfspr r3, SPRN_L2CSR0 + lis r2, L2CSR0_L2E@h + ori r2, r2, L2CSR0_L2E@l + andc r4, r3, r2 + sync + isync + mtspr SPRN_L2CSR0,r4 + isync + +l2_disabled: +#endif + /* clear registers/arrays not reset by hardware */

/* L1 */ @@ -287,7 +326,7 @@ _start_e500: lis r6,FSL_BOOKE_MAS0(1, 15, 0)@h ori r6,r6,FSL_BOOKE_MAS0(1, 15, 0)@l

-#ifndef CONFIG_SYS_RAMBOOT +#if !defined(CONFIG_SYS_RAMBOOT) && !defined(CONFIG_SECURE_BOOT) /* create a temp mapping in AS=1 to the 4M boot window */ lis r7,FSL_BOOKE_MAS1(1, 1, 0, 1, BOOKE_PAGESZ_4M)@h ori r7,r7,FSL_BOOKE_MAS1(1, 1, 0, 1, BOOKE_PAGESZ_4M)@l @@ -298,6 +337,18 @@ _start_e500: /* The 85xx has the default boot window 0xff800000 - 0xffffffff */ lis r9,FSL_BOOKE_MAS3(0xffc00000, 0, (MAS3_SX|MAS3_SW|MAS3_SR))@h ori r9,r9,FSL_BOOKE_MAS3(0xffc00000, 0, (MAS3_SX|MAS3_SW|MAS3_SR))@l +#elif defined(CONFIG_SECURE_BOOT) + /* create a temp mapping in AS = 1 for Flash mapping + * created by PBL for ISBC code + */ + lis r7,FSL_BOOKE_MAS1(1, 1, 0, 1, BOOKE_PAGESZ_1M)@h + ori r7,r7,FSL_BOOKE_MAS1(1, 1, 0, 1, BOOKE_PAGESZ_1M)@l + + lis r8,FSL_BOOKE_MAS2(CONFIG_SYS_MONITOR_BASE, (MAS2_I|MAS2_G))@h + ori r8,r8,FSL_BOOKE_MAS2(CONFIG_SYS_MONITOR_BASE, (MAS2_I|MAS2_G))@l + + lis r9,FSL_BOOKE_MAS3(CONFIG_SYS_PBI_FLASH_WINDOW, 0, (MAS3_SX|MAS3_SW|MAS3_SR))@h + ori r9,r9,FSL_BOOKE_MAS3(CONFIG_SYS_PBI_FLASH_WINDOW, 0, (MAS3_SX|MAS3_SW|MAS3_SR))@l #else /* * create a temp mapping in AS=1 to the 1M CONFIG_SYS_MONITOR_BASE space, the main diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h new file mode 100644 index 0000000..786a98e --- /dev/null +++ b/arch/powerpc/include/asm/fsl_secure_boot.h @@ -0,0 +1,40 @@ +/* + * Copyright 2010-2011 Freescale Semiconductor, Inc. + * + * See file CREDITS for list of people who contributed to this + * project. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of + * the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, + * MA 02111-1307 USA + */ + +#ifndef __FSL_SECURE_BOOT_H +#define __FSL_SECURE_BOOT_H + +/* This define indicates that u-boot's code is executing from flash + * after ISBC Validation */ +#define CONFIG_SYS_ESBC_FLASH + +/*Starting TLB number for the TLB entried for 3.5 G space created by ISBC */ +#define CONFIG_SYS_ISBC_START_TLB 3 + +/* Number fo TLB's created by ISBC */ +#define CONFIG_SYS_ISBC_NUM_TLBS 5 + +/* Address map where flash lies as done by PBI commands */ +#define CONFIG_SYS_PBI_FLASH_BASE 0xc0000000 +#define CONFIG_SYS_PBI_FLASH_WINDOW 0xcff80000 + +#endif diff --git a/boards.cfg b/boards.cfg index cc1ae6c..6ffcd96 100644 --- a/boards.cfg +++ b/boards.cfg @@ -545,6 +545,7 @@ P2020RDB_SDCARD powerpc mpc85xx p1_p2_rdb freesca P2020RDB_SPIFLASH powerpc mpc85xx p1_p2_rdb freescale - P1_P2_RDB:P2020RDB,SPIFLASH P4080DS powerpc mpc85xx corenet_ds freescale P4080DS_RAMBOOT_PBL powerpc mpc85xx corenet_ds freescale - P4080DS:RAMBOOT_PBL,SYS_TEXT_BASE=0xFFF80000 +P4080DS_SECURE_BOOT powerpc mpc85xx corenet_ds freescale - P4080DS:SECURE_BOOT mpq101 powerpc mpc85xx mpq101 mercury - mpq101 stxgp3 powerpc mpc85xx stxgp3 stx stxssa powerpc mpc85xx stxssa stx - stxssa diff --git a/include/configs/corenet_ds.h b/include/configs/corenet_ds.h index 2bd2553..9bc9017 100644 --- a/include/configs/corenet_ds.h +++ b/include/configs/corenet_ds.h @@ -607,4 +607,8 @@

#define CONFIG_BOOTCOMMAND CONFIG_HDBOOT

+#ifdef CONFIG_SECURE_BOOT +#include <asm/fsl_secure_boot.h> +#endif + #endif /* __CONFIG_H */