[PATCH v8 00/12] aspeed: Support secure boot chain with FIT image verification
This patch series intends to provide a secure boot chain from SPL to Linux kernel based on the hash and signature verification of FIT image paradigm.
To improve the performance and save code size (SPL is limited to 64KB due to HW-RoT), the drviers of two HW crypto engine HACE and ACRY are also added for AST26xx SoCs.
As HACE and ACRY can only access to DRAM space, additional configuration and boot command are also updated according to move each FIT image before its booting.
In addition, the common code of FIT image hash algorithm lookup is also revised to leverage the HW accelerated calculation.
v8: - include reviewers' tag - address comments suggested by Joel - move this patch series back to the master branch as DM_HASH has been merged
v7: - fix missing interrupt status clear for ACRY RSA operation
v6: - fix parameter comment for v5 update
v5: - fix inconsistent parameter name due to parallel patch work
v4: - add new DM_HASH based driver for Aspeed HACE - remove SPL board init, which was originally used to probe non-DM HACE driver - fix typo of ARCY to ACRY - refactor defconfig based on the new Kconfig of U-Boot next branch
v3: - add SW work around for HACE HW DMA issue by resetting HACE - add reset control for HACE device tree node - sync all of the HACE error message to use debug()
v2: - update commit authors
Chia-Wei Wang (9): image: fit: Fix parameter name for hash algorithm aspeed: ast2600: Enlarge SRAM size clk: ast2600: Add RSACLK control for ACRY crypto: aspeed: Add AST2600 ACRY support ARM: dts: ast2600: Add ACRY to device tree ast2600: spl: Locate load buffer in DRAM space configs: ast2600-evb: Enable SPL FIT support configs: aspeed: Make EXTRA_ENV_SETTINGS board specific configs: ast2600: Boot kernel FIT in DRAM
Joel Stanley (2): clk: ast2600: Add YCLK control for HACE ARM: dts: ast2600: Add HACE to device tree
Johnny Huang (1): crypto: aspeed: Add AST2600 HACE support
arch/arm/dts/ast2600-evb.dts | 10 + arch/arm/dts/ast2600.dtsi | 17 + arch/arm/include/asm/arch-aspeed/platform.h | 2 +- .../arm/include/asm/arch-aspeed/scu_ast2600.h | 6 +- arch/arm/mach-aspeed/ast2600/spl.c | 9 +- common/image-fit.c | 4 +- configs/evb-ast2600_defconfig | 22 +- drivers/clk/aspeed/clk_ast2600.c | 46 +++ drivers/crypto/Kconfig | 2 + drivers/crypto/Makefile | 1 + drivers/crypto/aspeed/Kconfig | 20 + drivers/crypto/aspeed/Makefile | 2 + drivers/crypto/aspeed/aspeed_acry.c | 190 +++++++++ drivers/crypto/aspeed/aspeed_hace.c | 381 ++++++++++++++++++ drivers/crypto/hash/Kconfig | 8 + include/configs/aspeed-common.h | 9 - include/configs/evb_ast2500.h | 7 + include/configs/evb_ast2600.h | 14 + lib/rsa/Kconfig | 10 +- 19 files changed, 733 insertions(+), 27 deletions(-) create mode 100644 drivers/crypto/aspeed/Kconfig create mode 100644 drivers/crypto/aspeed/Makefile create mode 100644 drivers/crypto/aspeed/aspeed_acry.c create mode 100644 drivers/crypto/aspeed/aspeed_hace.c
Fix inconsistent function parameter name of the hash algorithm.
Signed-off-by: Chia-Wei Wang chiawei_wang@aspeedtech.com Fixes: 92055e138f2 ("image: Drop if/elseif hash selection in calculate_hash()") Reviewed-by: Joel Stanley joel@jms.id.au Reviewed-by: Simon Glass sjg@chromium.org --- common/image-fit.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/common/image-fit.c b/common/image-fit.c index 33b4a46028..b629339f4e 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -1202,7 +1202,7 @@ int fit_set_timestamp(void *fit, int noffset, time_t timestamp) * calculate_hash - calculate and return hash for provided input data * @data: pointer to the input data * @data_len: data length - * @algo: requested hash algorithm + * @name: requested hash algorithm name * @value: pointer to the char, will hold hash value data (caller must * allocate enough free space) * value_len: length of the calculated hash @@ -1230,7 +1230,7 @@ int calculate_hash(const void *data, int data_len, const char *name, return -1; }
- hash_algo = hash_algo_lookup_by_name(algo); + hash_algo = hash_algo_lookup_by_name(name); if (hash_algo == HASH_ALGO_INVALID) { debug("Unsupported hash algorithm\n"); return -1;
On Wed, Oct 27, 2021 at 02:17:24PM +0800, Chia-Wei Wang wrote:
Fix inconsistent function parameter name of the hash algorithm.
Signed-off-by: Chia-Wei Wang chiawei_wang@aspeedtech.com Fixes: 92055e138f2 ("image: Drop if/elseif hash selection in calculate_hash()") Reviewed-by: Joel Stanley joel@jms.id.au Reviewed-by: Simon Glass sjg@chromium.org
For the series, applied to u-boot/next, thanks!
The AST2600 SRAM has been extended to 88KB since A1 chip revision. This patch updates the SRAM size to offer more space for early stack/heap use.
Signed-off-by: Chia-Wei Wang chiawei_wang@aspeedtech.com Reviewed-by: Joel Stanley joel@jms.id.au --- arch/arm/include/asm/arch-aspeed/platform.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/include/asm/arch-aspeed/platform.h b/arch/arm/include/asm/arch-aspeed/platform.h index d50ec5f8a9..589abd4a3f 100644 --- a/arch/arm/include/asm/arch-aspeed/platform.h +++ b/arch/arm/include/asm/arch-aspeed/platform.h @@ -17,7 +17,7 @@ #define ASPEED_MAC_COUNT 4 #define ASPEED_DRAM_BASE 0x80000000 #define ASPEED_SRAM_BASE 0x10000000 -#define ASPEED_SRAM_SIZE 0x10000 +#define ASPEED_SRAM_SIZE 0x16000 #else #err "Unrecognized Aspeed platform." #endif
From: Joel Stanley joel@jms.id.au
Add YCLK enable for HACE, the HW hash engine of ASPEED AST2600 SoCs.
Signed-off-by: Joel Stanley joel@jms.id.au Signed-off-by: Chia-Wei Wang chiawei_wang@aspeedtech.com --- .../arm/include/asm/arch-aspeed/scu_ast2600.h | 5 +++-- drivers/clk/aspeed/clk_ast2600.c | 22 +++++++++++++++++++ 2 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h index a205fb1f76..d7b500f656 100644 --- a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h +++ b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h @@ -10,8 +10,9 @@ #define SCU_CLKGATE1_EMMC BIT(27) #define SCU_CLKGATE1_MAC2 BIT(21) #define SCU_CLKGATE1_MAC1 BIT(20) -#define SCU_CLKGATE1_USB_HUB BIT(14) -#define SCU_CLKGATE1_USB_HOST2 BIT(7) +#define SCU_CLKGATE1_USB_HUB BIT(14) +#define SCU_CLKGATE1_HACE BIT(13) +#define SCU_CLKGATE1_USB_HOST2 BIT(7)
#define SCU_CLKGATE2_FSI BIT(30) #define SCU_CLKGATE2_MAC4 BIT(21) diff --git a/drivers/clk/aspeed/clk_ast2600.c b/drivers/clk/aspeed/clk_ast2600.c index 3a92739f5c..9871a6bdbf 100644 --- a/drivers/clk/aspeed/clk_ast2600.c +++ b/drivers/clk/aspeed/clk_ast2600.c @@ -1013,6 +1013,25 @@ static ulong ast2600_enable_usbbhclk(struct ast2600_scu *scu) return 0; }
+static ulong ast2600_enable_haceclk(struct ast2600_scu *scu) +{ + uint32_t reset_bit; + uint32_t clkgate_bit; + + reset_bit = BIT(ASPEED_RESET_HACE); + clkgate_bit = SCU_CLKGATE1_HACE; + + /* + * we don't do reset assertion here as HACE + * shares the same reset control with ACRY + */ + writel(clkgate_bit, &scu->clkgate_clr1); + mdelay(20); + writel(reset_bit, &scu->modrst_clr1); + + return 0; +} + static int ast2600_clk_enable(struct clk *clk) { struct ast2600_clk_priv *priv = dev_get_priv(clk->dev); @@ -1051,6 +1070,9 @@ static int ast2600_clk_enable(struct clk *clk) case ASPEED_CLK_GATE_USBPORT2CLK: ast2600_enable_usbbhclk(priv->scu); break; + case ASPEED_CLK_GATE_YCLK: + ast2600_enable_haceclk(priv->scu); + break; default: pr_err("can't enable clk\n"); return -ENOENT;
From: Johnny Huang johnny_huang@aspeedtech.com
Hash and Crypto Engine (HACE) is designed to accelerate the throughput of hash data digest, and symmetric-key encryption.
Signed-off-by: Johnny Huang johnny_huang@aspeedtech.com Signed-off-by: Chia-Wei Wang chiawei_wang@aspeedtech.com --- drivers/crypto/Kconfig | 2 + drivers/crypto/Makefile | 1 + drivers/crypto/aspeed/Kconfig | 10 + drivers/crypto/aspeed/Makefile | 1 + drivers/crypto/aspeed/aspeed_hace.c | 381 ++++++++++++++++++++++++++++ drivers/crypto/hash/Kconfig | 8 + 6 files changed, 403 insertions(+) create mode 100644 drivers/crypto/aspeed/Kconfig create mode 100644 drivers/crypto/aspeed/Makefile create mode 100644 drivers/crypto/aspeed/aspeed_hace.c
diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index 0082177c21..675081ecd3 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -4,4 +4,6 @@ source drivers/crypto/hash/Kconfig
source drivers/crypto/fsl/Kconfig
+source drivers/crypto/aspeed/Kconfig + endmenu diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile index e8bae43e3f..6b762565a1 100644 --- a/drivers/crypto/Makefile +++ b/drivers/crypto/Makefile @@ -7,3 +7,4 @@ obj-$(CONFIG_EXYNOS_ACE_SHA) += ace_sha.o obj-y += rsa_mod_exp/ obj-y += fsl/ obj-y += hash/ +obj-y += aspeed/ diff --git a/drivers/crypto/aspeed/Kconfig b/drivers/crypto/aspeed/Kconfig new file mode 100644 index 0000000000..471c06f986 --- /dev/null +++ b/drivers/crypto/aspeed/Kconfig @@ -0,0 +1,10 @@ +config ASPEED_HACE + bool "ASPEED Hash and Crypto Engine" + depends on DM_HASH + help + Select this option to enable a driver for using the SHA engine in + the ASPEED BMC SoCs. + + Enabling this allows the use of SHA operations in hardware without + requiring the SHA software implementations. It also improves performance + and saves code size. diff --git a/drivers/crypto/aspeed/Makefile b/drivers/crypto/aspeed/Makefile new file mode 100644 index 0000000000..84e6bfe82a --- /dev/null +++ b/drivers/crypto/aspeed/Makefile @@ -0,0 +1 @@ +obj-$(CONFIG_ASPEED_HACE) += aspeed_hace.o diff --git a/drivers/crypto/aspeed/aspeed_hace.c b/drivers/crypto/aspeed/aspeed_hace.c new file mode 100644 index 0000000000..1178cc6a76 --- /dev/null +++ b/drivers/crypto/aspeed/aspeed_hace.c @@ -0,0 +1,381 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright 2021 ASPEED Technology Inc. + */ +#include <config.h> +#include <common.h> +#include <dm.h> +#include <clk.h> +#include <log.h> +#include <asm/io.h> +#include <malloc.h> +#include <watchdog.h> +#include <u-boot/hash.h> +#include <linux/bitops.h> +#include <linux/delay.h> +#include <linux/kernel.h> +#include <linux/iopoll.h> + +/* register offsets*/ +#define HACE_STS 0x1C +#define HACE_HASH_DATA_OVF BIT(23) +#define HACE_HASH_INT BIT(9) +#define HACE_HASH_BUSY BIT(0) +#define HACE_HASH_DATA 0x20 +#define HACE_HASH_DIGEST 0x24 +#define HACE_HASH_HMAC_KEY 0x28 +#define HACE_HASH_DATA_LEN 0x2C +#define HACE_HASH_CMD 0x30 +#define HACE_HASH_MODE_ACCUM BIT(8) +#define HACE_HASH_ALGO_SHA1 BIT(5) +#define HACE_HASH_ALGO_SHA256 (BIT(6) | BIT(4)) +#define HACE_HASH_ALGO_SHA384 (BIT(10) | BIT(6) | BIT(5)) +#define HACE_HASH_ALGO_SHA512 (BIT(6) | BIT(5)) +#define HACE_HASH_SHA_BE_EN BIT(3) + +/* buffer size based on SHA-512 need*/ +#define HASH_BLOCK_BUFSZ 128 +#define HASH_DIGEST_BUFSZ 64 + +struct aspeed_hace_ctx { + uint8_t digest[HASH_DIGEST_BUFSZ]; + + uint32_t cmd; + enum HASH_ALGO algo; + + uint32_t blk_size; + uint32_t pad_size; + uint64_t total[2]; + + uint8_t buf[HASH_BLOCK_BUFSZ]; + uint32_t buf_cnt; +} __aligned((8)); + +struct aspeed_hace { + phys_addr_t base; + struct clk clk; +}; + +static const uint32_t iv_sha1[8] = { + 0x01234567, 0x89abcdef, 0xfedcba98, 0x76543210, + 0xf0e1d2c3, 0, 0, 0 +}; + +static const uint32_t iv_sha256[8] = { + 0x67e6096a, 0x85ae67bb, 0x72f36e3c, 0x3af54fa5, + 0x7f520e51, 0x8c68059b, 0xabd9831f, 0x19cde05bUL +}; + +static const uint32_t iv_sha384[16] = { + 0x5d9dbbcb, 0xd89e05c1, 0x2a299a62, 0x07d57c36, + 0x5a015991, 0x17dd7030, 0xd8ec2f15, 0x39590ef7, + 0x67263367, 0x310bc0ff, 0x874ab48e, 0x11155868, + 0x0d2e0cdb, 0xa78ff964, 0x1d48b547, 0xa44ffabeUL +}; + +static const uint32_t iv_sha512[16] = { + 0x67e6096a, 0x08c9bcf3, 0x85ae67bb, 0x3ba7ca84, + 0x72f36e3c, 0x2bf894fe, 0x3af54fa5, 0xf1361d5f, + 0x7f520e51, 0xd182e6ad, 0x8c68059b, 0x1f6c3e2b, + 0xabd9831f, 0x6bbd41fb, 0x19cde05b, 0x79217e13UL +}; + +static int aspeed_hace_wait_completion(uint32_t reg, uint32_t flag, int timeout_us) +{ + uint32_t val; + + return readl_poll_timeout(reg, val, (val & flag) == flag, timeout_us); +} + +static int aspeed_hace_process(struct udevice *dev, void *ctx, const void *ibuf, uint32_t ilen) +{ + struct aspeed_hace *hace = dev_get_priv(dev); + struct aspeed_hace_ctx *hace_ctx = (struct aspeed_hace_ctx *)ctx; + uint32_t sts = readl(hace->base + HACE_STS); + + if (sts & HACE_HASH_BUSY) { + debug("HACE engine busy\n"); + return -EBUSY; + } + + writel(HACE_HASH_INT, hace->base + HACE_STS); + + writel((uint32_t)ibuf, hace->base + HACE_HASH_DATA); + writel((uint32_t)hace_ctx->digest, hace->base + HACE_HASH_DIGEST); + writel((uint32_t)hace_ctx->digest, hace->base + HACE_HASH_HMAC_KEY); + writel(ilen, hace->base + HACE_HASH_DATA_LEN); + writel(hace_ctx->cmd, hace->base + HACE_HASH_CMD); + + return aspeed_hace_wait_completion(hace->base + HACE_STS, + HACE_HASH_INT, + 1000 + (ilen >> 3)); +} + +static int aspeed_hace_init(struct udevice *dev, enum HASH_ALGO algo, void **ctxp) +{ + struct aspeed_hace_ctx *hace_ctx; + + hace_ctx = memalign(8, sizeof(struct aspeed_hace_ctx)); + if (!hace_ctx) + return -ENOMEM; + + memset(hace_ctx, 0, sizeof(struct aspeed_hace_ctx)); + + hace_ctx->algo = algo; + hace_ctx->cmd = HACE_HASH_MODE_ACCUM | HACE_HASH_SHA_BE_EN; + + switch (algo) { + case HASH_ALGO_SHA1: + hace_ctx->blk_size = 64; + hace_ctx->pad_size = 8; + hace_ctx->cmd |= HACE_HASH_ALGO_SHA1; + memcpy(hace_ctx->digest, iv_sha1, sizeof(iv_sha1)); + break; + case HASH_ALGO_SHA256: + hace_ctx->blk_size = 64; + hace_ctx->pad_size = 8; + hace_ctx->cmd |= HACE_HASH_ALGO_SHA256; + memcpy(hace_ctx->digest, iv_sha256, sizeof(iv_sha256)); + break; + case HASH_ALGO_SHA384: + hace_ctx->blk_size = 128; + hace_ctx->pad_size = 16; + hace_ctx->cmd |= HACE_HASH_ALGO_SHA384; + memcpy(hace_ctx->digest, iv_sha384, sizeof(iv_sha384)); + break; + case HASH_ALGO_SHA512: + hace_ctx->blk_size = 128; + hace_ctx->pad_size = 16; + hace_ctx->cmd |= HACE_HASH_ALGO_SHA512; + memcpy(hace_ctx->digest, iv_sha512, sizeof(iv_sha512)); + break; + default: + debug("Unsupported hash algorithm '%s'\n", hash_algo_name(algo)); + goto free_n_out; + }; + + *ctxp = hace_ctx; + + return 0; + +free_n_out: + free(hace_ctx); + + return -EINVAL; +} + +static int aspeed_hace_update(struct udevice *dev, void *ctx, const void *ibuf, uint32_t ilen) +{ + int rc; + uint32_t left, fill; + struct aspeed_hace_ctx *hace_ctx = ctx; + + left = hace_ctx->total[0] & (hace_ctx->blk_size - 1); + fill = hace_ctx->blk_size - left; + + hace_ctx->total[0] += ilen; + if (hace_ctx->total[0] < ilen) + hace_ctx->total[1]++; + + if (left && ilen >= fill) { + memcpy(hace_ctx->buf + left, ibuf, fill); + rc = aspeed_hace_process(dev, ctx, hace_ctx->buf, hace_ctx->blk_size); + if (rc) { + debug("failed to process hash, rc=%d\n", rc); + return rc; + } + ilen -= fill; + ibuf += fill; + left = 0; + } + + while (ilen >= hace_ctx->blk_size) { + rc = aspeed_hace_process(dev, ctx, ibuf, hace_ctx->blk_size); + if (rc) { + debug("failed to process hash, rc=%d\n", rc); + return rc; + } + + ibuf += hace_ctx->blk_size; + ilen -= hace_ctx->blk_size; + } + + if (ilen) + memcpy(hace_ctx->buf + left, ibuf, ilen); + + return 0; +} + +static int aspeed_hace_finish(struct udevice *dev, void *ctx, void *obuf) +{ + int rc = 0; + uint8_t pad[HASH_BLOCK_BUFSZ * 2]; + uint32_t last, padn; + uint64_t ibits_h, ibits_l; + uint64_t ibits_be_h, ibits_be_l; + struct aspeed_hace_ctx *hace_ctx = ctx; + + memset(pad, 0, sizeof(pad)); + pad[0] = 0x80; + + ibits_h = (hace_ctx->total[0] >> 61) | (hace_ctx->total[1] << 3); + ibits_be_h = cpu_to_be64(ibits_h); + + ibits_l = (hace_ctx->total[0] << 3); + ibits_be_l = cpu_to_be64(ibits_l); + + last = hace_ctx->total[0] & (hace_ctx->blk_size - 1); + + switch (hace_ctx->algo) { + case HASH_ALGO_SHA1: + case HASH_ALGO_SHA256: + padn = (last < 56) ? (56 - last) : (120 - last); + + rc = aspeed_hace_update(dev, ctx, pad, padn); + if (rc) { + debug("failed to append padding, rc=%d\n", rc); + goto free_n_out; + } + + rc = aspeed_hace_update(dev, ctx, &ibits_be_l, sizeof(ibits_be_l)); + if (rc) { + debug("failed to append message bits length, rc=%d\n", rc); + goto free_n_out; + } + + break; + case HASH_ALGO_SHA384: + case HASH_ALGO_SHA512: + padn = (last < 112) ? (112 - last) : (240 - last); + + rc = aspeed_hace_update(dev, ctx, pad, padn); + if (rc) { + debug("failed to append padding, rc=%d\n", rc); + goto free_n_out; + } + + rc = aspeed_hace_update(dev, ctx, &ibits_be_h, sizeof(ibits_be_h)) | + aspeed_hace_update(dev, ctx, &ibits_be_l, sizeof(ibits_be_l)); + if (rc) { + debug("failed to append message bits length, rc=%d\n", rc); + goto free_n_out; + } + + break; + default: + rc = -EINVAL; + break; + } + + memcpy(obuf, hace_ctx->digest, hash_algo_digest_size(hace_ctx->algo)); + +free_n_out: + free(ctx); + + return rc; +} + +static int aspeed_hace_digest_wd(struct udevice *dev, enum HASH_ALGO algo, + const void *ibuf, const uint32_t ilen, + void *obuf, uint32_t chunk_sz) +{ + int rc; + void *ctx; + const void *cur, *end; + uint32_t chunk; + + rc = aspeed_hace_init(dev, algo, &ctx); + if (rc) + return rc; + + if (CONFIG_IS_ENABLED(HW_WATCHDOG) || CONFIG_IS_ENABLED(WATCHDOG)) { + cur = ibuf; + end = ibuf + ilen; + + while (cur < end) { + chunk = end - cur; + if (chunk > chunk_sz) + chunk = chunk_sz; + + rc = aspeed_hace_update(dev, ctx, cur, chunk); + if (rc) + return rc; + + cur += chunk; + WATCHDOG_RESET(); + } + } else { + rc = aspeed_hace_update(dev, ctx, ibuf, ilen); + if (rc) + return rc; + } + + rc = aspeed_hace_finish(dev, ctx, obuf); + if (rc) + return rc; + + return 0; +} + +static int aspeed_hace_digest(struct udevice *dev, enum HASH_ALGO algo, + const void *ibuf, const uint32_t ilen, + void *obuf) +{ + /* re-use the watchdog version with input length as the chunk_sz */ + return aspeed_hace_digest_wd(dev, algo, ibuf, ilen, obuf, ilen); +} + +static int aspeed_hace_probe(struct udevice *dev) +{ + int rc; + struct aspeed_hace *hace = dev_get_priv(dev); + + rc = clk_get_by_index(dev, 0, &hace->clk); + if (rc < 0) { + debug("cannot get clock for %s: %d\n", dev->name, rc); + return rc; + } + + rc = clk_enable(&hace->clk); + if (rc) { + debug("cannot enable clock for %s: %d\n", dev->name, rc); + return rc; + } + + hace->base = devfdt_get_addr(dev); + + return rc; +} + +static int aspeed_hace_remove(struct udevice *dev) +{ + struct aspeed_hace *hace = dev_get_priv(dev); + + clk_disable(&hace->clk); + + return 0; +} + +static const struct hash_ops aspeed_hace_ops = { + .hash_init = aspeed_hace_init, + .hash_update = aspeed_hace_update, + .hash_finish = aspeed_hace_finish, + .hash_digest_wd = aspeed_hace_digest_wd, + .hash_digest = aspeed_hace_digest, +}; + +static const struct udevice_id aspeed_hace_ids[] = { + { .compatible = "aspeed,ast2600-hace" }, + { } +}; + +U_BOOT_DRIVER(aspeed_hace) = { + .name = "aspeed_hace", + .id = UCLASS_HASH, + .of_match = aspeed_hace_ids, + .ops = &aspeed_hace_ops, + .probe = aspeed_hace_probe, + .remove = aspeed_hace_remove, + .priv_auto = sizeof(struct aspeed_hace), + .flags = DM_FLAG_PRE_RELOC, +}; diff --git a/drivers/crypto/hash/Kconfig b/drivers/crypto/hash/Kconfig index cd29a5c6a4..bf9540eca6 100644 --- a/drivers/crypto/hash/Kconfig +++ b/drivers/crypto/hash/Kconfig @@ -14,3 +14,11 @@ config HASH_SOFTWARE help Enable driver for hashing operations in software. Currently it support multiple hash algorithm including CRC/MD5/SHA. + +config HASH_ASPEED + bool "Enable Hash with ASPEED hash accelerator" + depends on DM_HASH + select ASPEED_HACE + help + Enable this to support HW-assisted hashing operations using ASPEED Hash + and Crypto engine - HACE
On Wed, 27 Oct 2021 at 00:18, Chia-Wei Wang chiawei_wang@aspeedtech.com wrote:
From: Johnny Huang johnny_huang@aspeedtech.com
Hash and Crypto Engine (HACE) is designed to accelerate the throughput of hash data digest, and symmetric-key encryption.
Signed-off-by: Johnny Huang johnny_huang@aspeedtech.com Signed-off-by: Chia-Wei Wang chiawei_wang@aspeedtech.com
drivers/crypto/Kconfig | 2 + drivers/crypto/Makefile | 1 + drivers/crypto/aspeed/Kconfig | 10 + drivers/crypto/aspeed/Makefile | 1 + drivers/crypto/aspeed/aspeed_hace.c | 381 ++++++++++++++++++++++++++++ drivers/crypto/hash/Kconfig | 8 + 6 files changed, 403 insertions(+) create mode 100644 drivers/crypto/aspeed/Kconfig create mode 100644 drivers/crypto/aspeed/Makefile create mode 100644 drivers/crypto/aspeed/aspeed_hace.c
Reviewed-by: Simon Glass sjg@chromium.org
From: Joel Stanley joel@jms.id.au
Add HACE DTS node and enable it for AST2600 EVB.
Signed-off-by: Joel Stanley joel@jms.id.au Signed-off-by: Chia-Wei Wang chiawei_wang@aspeedtech.com --- arch/arm/dts/ast2600-evb.dts | 5 +++++ arch/arm/dts/ast2600.dtsi | 8 ++++++++ 2 files changed, 13 insertions(+)
diff --git a/arch/arm/dts/ast2600-evb.dts b/arch/arm/dts/ast2600-evb.dts index 2abd31341c..adb80a30ef 100644 --- a/arch/arm/dts/ast2600-evb.dts +++ b/arch/arm/dts/ast2600-evb.dts @@ -177,3 +177,8 @@ 0x08 0x04 0x08 0x04>; }; + +&hace { + u-boot,dm-pre-reloc; + status = "okay"; +}; diff --git a/arch/arm/dts/ast2600.dtsi b/arch/arm/dts/ast2600.dtsi index f121f547e6..b8fe966c7d 100644 --- a/arch/arm/dts/ast2600.dtsi +++ b/arch/arm/dts/ast2600.dtsi @@ -187,6 +187,14 @@ }; };
+ hace: hace@1e6d0000 { + compatible = "aspeed,ast2600-hace"; + reg = <0x1e6d0000 0x200>; + interrupts = <GIC_SPI 4 IRQ_TYPE_LEVEL_HIGH>; + clocks = <&scu ASPEED_CLK_GATE_YCLK>; + status = "disabled"; + }; + edac: sdram@1e6e0000 { compatible = "aspeed,ast2600-sdram-edac"; reg = <0x1e6e0000 0x174>;
Add RSACLK enable for ACRY, the HW RSA/ECC crypto engine of ASPEED AST2600 SoCs.
Signed-off-by: Chia-Wei Wang chiawei_wang@aspeedtech.com --- .../arm/include/asm/arch-aspeed/scu_ast2600.h | 1 + drivers/clk/aspeed/clk_ast2600.c | 24 +++++++++++++++++++ 2 files changed, 25 insertions(+)
diff --git a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h index d7b500f656..7c5aab98b6 100644 --- a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h +++ b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h @@ -8,6 +8,7 @@ #define SCU_UNLOCK_KEY 0x1688a8a8
#define SCU_CLKGATE1_EMMC BIT(27) +#define SCU_CLKGATE1_ACRY BIT(24) #define SCU_CLKGATE1_MAC2 BIT(21) #define SCU_CLKGATE1_MAC1 BIT(20) #define SCU_CLKGATE1_USB_HUB BIT(14) diff --git a/drivers/clk/aspeed/clk_ast2600.c b/drivers/clk/aspeed/clk_ast2600.c index 9871a6bdbf..42ca39421c 100644 --- a/drivers/clk/aspeed/clk_ast2600.c +++ b/drivers/clk/aspeed/clk_ast2600.c @@ -1018,6 +1018,7 @@ static ulong ast2600_enable_haceclk(struct ast2600_scu *scu) uint32_t reset_bit; uint32_t clkgate_bit;
+ /* share the same reset control bit with ACRY */ reset_bit = BIT(ASPEED_RESET_HACE); clkgate_bit = SCU_CLKGATE1_HACE;
@@ -1032,6 +1033,26 @@ static ulong ast2600_enable_haceclk(struct ast2600_scu *scu) return 0; }
+static ulong ast2600_enable_rsaclk(struct ast2600_scu *scu) +{ + uint32_t reset_bit; + uint32_t clkgate_bit; + + /* same reset control bit with HACE */ + reset_bit = BIT(ASPEED_RESET_HACE); + clkgate_bit = SCU_CLKGATE1_ACRY; + + /* + * we don't do reset assertion here as HACE + * shares the same reset control with ACRY + */ + writel(clkgate_bit, &scu->clkgate_clr1); + mdelay(20); + writel(reset_bit, &scu->modrst_clr1); + + return 0; +} + static int ast2600_clk_enable(struct clk *clk) { struct ast2600_clk_priv *priv = dev_get_priv(clk->dev); @@ -1073,6 +1094,9 @@ static int ast2600_clk_enable(struct clk *clk) case ASPEED_CLK_GATE_YCLK: ast2600_enable_haceclk(priv->scu); break; + case ASPEED_CLK_GATE_RSACLK: + ast2600_enable_rsaclk(priv->scu); + break; default: pr_err("can't enable clk\n"); return -ENOENT;
ACRY is designed to accelerate ECC/RSA digital signature generation and verification.
Signed-off-by: Chia-Wei Wang chiawei_wang@aspeedtech.com --- drivers/crypto/aspeed/Kconfig | 10 ++ drivers/crypto/aspeed/Makefile | 1 + drivers/crypto/aspeed/aspeed_acry.c | 190 ++++++++++++++++++++++++++++ lib/rsa/Kconfig | 10 +- 4 files changed, 210 insertions(+), 1 deletion(-) create mode 100644 drivers/crypto/aspeed/aspeed_acry.c
diff --git a/drivers/crypto/aspeed/Kconfig b/drivers/crypto/aspeed/Kconfig index 471c06f986..9bf317177a 100644 --- a/drivers/crypto/aspeed/Kconfig +++ b/drivers/crypto/aspeed/Kconfig @@ -8,3 +8,13 @@ config ASPEED_HACE Enabling this allows the use of SHA operations in hardware without requiring the SHA software implementations. It also improves performance and saves code size. + +config ASPEED_ACRY + bool "ASPEED RSA and ECC Engine" + depends on ASPEED_AST2600 + help + Select this option to enable a driver for using the RSA/ECC engine in + the ASPEED BMC SoCs. + + Enabling this allows the use of RSA/ECC operations in hardware without requiring the + software implementations. It also improves performance and saves code size. diff --git a/drivers/crypto/aspeed/Makefile b/drivers/crypto/aspeed/Makefile index 84e6bfe82a..58b55fc46e 100644 --- a/drivers/crypto/aspeed/Makefile +++ b/drivers/crypto/aspeed/Makefile @@ -1 +1,2 @@ obj-$(CONFIG_ASPEED_HACE) += aspeed_hace.o +obj-$(CONFIG_ASPEED_ACRY) += aspeed_acry.o diff --git a/drivers/crypto/aspeed/aspeed_acry.c b/drivers/crypto/aspeed/aspeed_acry.c new file mode 100644 index 0000000000..c28cdf374b --- /dev/null +++ b/drivers/crypto/aspeed/aspeed_acry.c @@ -0,0 +1,190 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright 2021 ASPEED Technology Inc. + */ +#include <config.h> +#include <common.h> +#include <clk.h> +#include <dm.h> +#include <asm/types.h> +#include <asm/io.h> +#include <dm/device.h> +#include <dm/fdtaddr.h> +#include <linux/delay.h> +#include <u-boot/rsa-mod-exp.h> + +/* ACRY register offsets */ +#define ACRY_CTRL1 0x00 +#define ACRY_CTRL1_RSA_DMA BIT(1) +#define ACRY_CTRL1_RSA_START BIT(0) +#define ACRY_CTRL2 0x44 +#define ACRY_CTRL3 0x48 +#define ACRY_CTRL3_SRAM_AHB_ACCESS BIT(8) +#define ACRY_CTRL3_ECC_RSA_MODE_MASK GENMASK(5, 4) +#define ACRY_CTRL3_ECC_RSA_MODE_SHIFT 4 +#define ACRY_DMA_DRAM_SADDR 0x4c +#define ACRY_DMA_DMEM_TADDR 0x50 +#define ACRY_DMA_DMEM_TADDR_LEN_MASK GENMASK(15, 0) +#define ACRY_DMA_DMEM_TADDR_LEN_SHIFT 0 +#define ACRY_RSA_PARAM 0x58 +#define ACRY_RSA_PARAM_EXP_MASK GENMASK(31, 16) +#define ACRY_RSA_PARAM_EXP_SHIFT 16 +#define ACRY_RSA_PARAM_MOD_MASK GENMASK(15, 0) +#define ACRY_RSA_PARAM_MOD_SHIFT 0 +#define ACRY_RSA_INT_EN 0x3f8 +#define ACRY_RSA_INT_EN_RSA_READY BIT(2) +#define ACRY_RSA_INT_EN_RSA_CMPLT BIT(1) +#define ACRY_RSA_INT_STS 0x3fc +#define ACRY_RSA_INT_STS_RSA_READY BIT(2) +#define ACRY_RSA_INT_STS_RSA_CMPLT BIT(1) + +/* misc. constant */ +#define ACRY_ECC_MODE 2 +#define ACRY_RSA_MODE 3 +#define ACRY_CTX_BUFSZ 0x600 + +struct aspeed_acry { + phys_addr_t base; + phys_addr_t sram_base; /* internal sram */ + struct clk clk; +}; + +static int aspeed_acry_mod_exp(struct udevice *dev, const uint8_t *sig, uint32_t sig_len, + struct key_prop *prop, uint8_t *out) +{ + int i, j; + u8 *ctx; + u8 *ptr; + u32 reg; + struct aspeed_acry *acry = dev_get_priv(dev); + + ctx = memalign(16, ACRY_CTX_BUFSZ); + if (!ctx) + return -ENOMEM; + + memset(ctx, 0, ACRY_CTX_BUFSZ); + + ptr = (u8 *)prop->public_exponent; + for (i = prop->exp_len - 1, j = 0; i >= 0; --i) { + ctx[j] = ptr[i]; + j++; + j = (j % 16) ? j : j + 32; + } + + ptr = (u8 *)prop->modulus; + for (i = (prop->num_bits >> 3) - 1, j = 0; i >= 0; --i) { + ctx[j + 16] = ptr[i]; + j++; + j = (j % 16) ? j : j + 32; + } + + ptr = (u8 *)sig; + for (i = sig_len - 1, j = 0; i >= 0; --i) { + ctx[j + 32] = ptr[i]; + j++; + j = (j % 16) ? j : j + 32; + } + + writel((u32)ctx, acry->base + ACRY_DMA_DRAM_SADDR); + + reg = (((prop->exp_len << 3) << ACRY_RSA_PARAM_EXP_SHIFT) & ACRY_RSA_PARAM_EXP_MASK) | + ((prop->num_bits << ACRY_RSA_PARAM_MOD_SHIFT) & ACRY_RSA_PARAM_MOD_MASK); + writel(reg, acry->base + ACRY_RSA_PARAM); + + reg = (ACRY_CTX_BUFSZ << ACRY_DMA_DMEM_TADDR_LEN_SHIFT) & ACRY_DMA_DMEM_TADDR_LEN_MASK; + writel(reg, acry->base + ACRY_DMA_DMEM_TADDR); + + reg = (ACRY_RSA_MODE << ACRY_CTRL3_ECC_RSA_MODE_SHIFT) & ACRY_CTRL3_ECC_RSA_MODE_MASK; + writel(reg, acry->base + ACRY_CTRL3); + + writel(ACRY_CTRL1_RSA_DMA | ACRY_CTRL1_RSA_START, acry->base + ACRY_CTRL1); + + /* polling RSA status */ + while (1) { + reg = readl(acry->base + ACRY_RSA_INT_STS); + if ((reg & ACRY_RSA_INT_STS_RSA_READY) && (reg & ACRY_RSA_INT_STS_RSA_CMPLT)) { + writel(reg, ACRY_RSA_INT_STS); + break; + } + udelay(20); + } + + /* grant SRAM access permission to CPU */ + writel(0x0, acry->base + ACRY_CTRL1); + writel(ACRY_CTRL3_SRAM_AHB_ACCESS, acry->base + ACRY_CTRL3); + udelay(20); + + for (i = (prop->num_bits / 8) - 1, j = 0; i >= 0; --i) { + out[i] = readb(acry->sram_base + (j + 32)); + j++; + j = (j % 16) ? j : j + 32; + } + + /* return SRAM access permission to ACRY */ + writel(0, acry->base + ACRY_CTRL3); + + free(ctx); + + return 0; +} + +static int aspeed_acry_probe(struct udevice *dev) +{ + struct aspeed_acry *acry = dev_get_priv(dev); + int ret; + + ret = clk_get_by_index(dev, 0, &acry->clk); + if (ret < 0) { + debug("Can't get clock for %s: %d\n", dev->name, ret); + return ret; + } + + ret = clk_enable(&acry->clk); + if (ret) { + debug("Failed to enable acry clock (%d)\n", ret); + return ret; + } + + acry->base = devfdt_get_addr_index(dev, 0); + if (acry->base == FDT_ADDR_T_NONE) { + debug("Failed to get acry base\n"); + return acry->base; + } + + acry->sram_base = devfdt_get_addr_index(dev, 1); + if (acry->sram_base == FDT_ADDR_T_NONE) { + debug("Failed to get acry SRAM base\n"); + return acry->sram_base; + } + + return ret; +} + +static int aspeed_acry_remove(struct udevice *dev) +{ + struct aspeed_acry *acry = dev_get_priv(dev); + + clk_disable(&acry->clk); + + return 0; +} + +static const struct mod_exp_ops aspeed_acry_ops = { + .mod_exp = aspeed_acry_mod_exp, +}; + +static const struct udevice_id aspeed_acry_ids[] = { + { .compatible = "aspeed,ast2600-acry" }, + { } +}; + +U_BOOT_DRIVER(aspeed_acry) = { + .name = "aspeed_acry", + .id = UCLASS_MOD_EXP, + .of_match = aspeed_acry_ids, + .probe = aspeed_acry_probe, + .remove = aspeed_acry_remove, + .priv_auto = sizeof(struct aspeed_acry), + .ops = &aspeed_acry_ops, + .flags = DM_FLAG_PRE_RELOC, +}; diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 469596abe7..be9775bcce 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -1,7 +1,8 @@ config RSA bool "Use RSA Library" select RSA_FREESCALE_EXP if FSL_CAAM && !ARCH_MX7 && !ARCH_MX7ULP && !ARCH_MX6 && !ARCH_MX5 - select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP + select RSA_ASPEED_EXP if ASPEED_ACRY + select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP && !RSA_ASPEED_EXP help RSA support. This enables the RSA algorithm used for FIT image verification in U-Boot. @@ -62,4 +63,11 @@ config RSA_FREESCALE_EXP Enables driver for RSA modular exponentiation using Freescale cryptographic accelerator - CAAM.
+config RSA_ASPEED_EXP + bool "Enable RSA Modular Exponentiation with ASPEED crypto accelerator" + depends on DM && ASPEED_ACRY + help + Enables driver for RSA modular exponentiation using ASPEED cryptographic + accelerator - ACRY + endif
Add ACRY DTS node and enable it for AST2600 EVB.
Signed-off-by: Chia-Wei Wang chiawei_wang@aspeedtech.com Reviewed-by: Joel Stanley joel@jms.id.au --- arch/arm/dts/ast2600-evb.dts | 5 +++++ arch/arm/dts/ast2600.dtsi | 9 +++++++++ 2 files changed, 14 insertions(+)
diff --git a/arch/arm/dts/ast2600-evb.dts b/arch/arm/dts/ast2600-evb.dts index adb80a30ef..05362d19bd 100644 --- a/arch/arm/dts/ast2600-evb.dts +++ b/arch/arm/dts/ast2600-evb.dts @@ -182,3 +182,8 @@ u-boot,dm-pre-reloc; status = "okay"; }; + +&acry { + u-boot,dm-pre-reloc; + status = "okay"; +}; diff --git a/arch/arm/dts/ast2600.dtsi b/arch/arm/dts/ast2600.dtsi index b8fe966c7d..31905fd208 100644 --- a/arch/arm/dts/ast2600.dtsi +++ b/arch/arm/dts/ast2600.dtsi @@ -195,6 +195,15 @@ status = "disabled"; };
+ acry: acry@1e6fa000 { + compatible = "aspeed,ast2600-acry"; + reg = <0x1e6fa000 0x1000>, + <0x1e710000 0x10000>; + interrupts = <GIC_SPI 160 IRQ_TYPE_LEVEL_HIGH>; + clocks = <&scu ASPEED_CLK_GATE_RSACLK>; + status = "disabled"; + }; + edac: sdram@1e6e0000 { compatible = "aspeed,ast2600-sdram-edac"; reg = <0x1e6e0000 0x174>;
Return CONFIG_SYS_LOAD_ADDR pointing to DRAM space for spl_get_load_buffer() to allow generic SPL image loading code (e.g. FIT and Ymodem) to store data in DRAM.
Signed-off-by: Chia-Wei Wang chiawei_wang@aspeedtech.com Reviewed-by: Joel Stanley joel@jms.id.au --- arch/arm/mach-aspeed/ast2600/spl.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/arch/arm/mach-aspeed/ast2600/spl.c b/arch/arm/mach-aspeed/ast2600/spl.c index 0d8cb29678..6c49d6aede 100644 --- a/arch/arm/mach-aspeed/ast2600/spl.c +++ b/arch/arm/mach-aspeed/ast2600/spl.c @@ -28,14 +28,7 @@ u32 spl_boot_device(void)
struct image_header *spl_get_load_buffer(ssize_t offset, size_t size) { - /* - * When boot from SPI, AST2600 already remap 0x00000000 ~ 0x0fffffff - * to BMC SPI memory space 0x20000000 ~ 0x2fffffff. The next stage BL - * has been located in SPI for XIP. In this case, the load buffer for - * SPL image loading will be set to the remapped address of the next - * BL instead of the DRAM space CONFIG_SYS_LOAD_ADDR - */ - return (struct image_header *)(CONFIG_SYS_TEXT_BASE); + return (struct image_header *)(CONFIG_SYS_LOAD_ADDR); }
#ifdef CONFIG_SPL_OS_BOOT
Enable SPL FIT image load and verification support. The HW accelerated SHA is also available with the newly added support of the HACE HW hash engine.
The SPL thumb build is also enabled to keep the binary less than 64KB to fit into the Aspeed secure boot design.
Signed-off-by: Chia-Wei Wang chiawei_wang@aspeedtech.com Reviewed-by: Joel Stanley joel@jms.id.au --- configs/evb-ast2600_defconfig | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-)
diff --git a/configs/evb-ast2600_defconfig b/configs/evb-ast2600_defconfig index 56ab885d9b..eba6940ec1 100644 --- a/configs/evb-ast2600_defconfig +++ b/configs/evb-ast2600_defconfig @@ -1,7 +1,8 @@ CONFIG_ARM=y CONFIG_SYS_DCACHE_OFF=y +CONFIG_SPL_SYS_THUMB_BUILD=y CONFIG_ARCH_ASPEED=y -CONFIG_SYS_TEXT_BASE=0x10000 +CONFIG_SYS_TEXT_BASE=0x80000000 CONFIG_ASPEED_AST2600=y CONFIG_TARGET_EVB_AST2600=y CONFIG_SPL_LIBCOMMON_SUPPORT=y @@ -12,13 +13,17 @@ CONFIG_ENV_SIZE=0x10000 CONFIG_SYS_MALLOC_LEN=0x2000000 CONFIG_DEFAULT_DEVICE_TREE="ast2600-evb" CONFIG_SPL_SERIAL=y +CONFIG_SPL_STACK_R_ADDR=0x83000000 CONFIG_SPL_SIZE_LIMIT=0x10000 CONFIG_SPL=y # CONFIG_ARMV7_NONSEC is not set # CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set CONFIG_SYS_LOAD_ADDR=0x83000000 CONFIG_FIT=y -# CONFIG_LEGACY_IMAGE_FORMAT is not set +CONFIG_SPL_FIT_SIGNATURE=y +CONFIG_SPL_LOAD_FIT=y +CONFIG_SPL_LOAD_FIT_ADDRESS=0x10000 +# CONFIG_USE_SPL_FIT_GENERATOR is not set CONFIG_USE_BOOTARGS=y CONFIG_BOOTARGS="console=ttyS4,115200n8 root=/dev/ram rw" CONFIG_USE_BOOTCOMMAND=y @@ -26,8 +31,10 @@ CONFIG_BOOTCOMMAND="bootm 20100000" # CONFIG_DISPLAY_CPUINFO is not set CONFIG_SPL_SIZE_LIMIT_SUBTRACT_GD=y CONFIG_SPL_SIZE_LIMIT_SUBTRACT_MALLOC=y -# CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set CONFIG_SPL_SYS_MALLOC_SIMPLE=y +CONFIG_SPL_STACK_R=y +CONFIG_SPL_STACK_R_MALLOC_SIMPLE_LEN=0x2000000 +CONFIG_SPL_FIT_IMAGE_TINY=y CONFIG_SPL_DM_RESET=y CONFIG_SPL_RAM_SUPPORT=y CONFIG_SPL_RAM_DEVICE=y @@ -47,6 +54,9 @@ CONFIG_REGMAP=y CONFIG_SPL_OF_TRANSLATE=y CONFIG_CLK=y CONFIG_SPL_CLK=y +CONFIG_DM_HASH=y +CONFIG_HASH_ASPEED=y +CONFIG_ASPEED_ACRY=y CONFIG_DM_I2C=y CONFIG_MISC=y CONFIG_SPL_MISC=y @@ -65,5 +75,9 @@ CONFIG_SYS_NS16550=y CONFIG_SYSRESET=y CONFIG_SPL_SYSRESET=y CONFIG_WDT=y +CONFIG_SHA512_ALGO=y +CONFIG_SHA512=y +CONFIG_SHA384=y CONFIG_HEXDUMP=y # CONFIG_EFI_LOADER is not set +CONFIG_PHANDLE_CHECK_SEQ=y
Move CONFIG_EXTRA_ENV_SETTINGS to board-specific configuration headers.
Signed-off-by: Chia-Wei Wang chiawei_wang@aspeedtech.com --- include/configs/aspeed-common.h | 9 --------- include/configs/evb_ast2500.h | 7 +++++++ include/configs/evb_ast2600.h | 7 +++++++ 3 files changed, 14 insertions(+), 9 deletions(-)
diff --git a/include/configs/aspeed-common.h b/include/configs/aspeed-common.h index 5177bf20fa..96526e1a75 100644 --- a/include/configs/aspeed-common.h +++ b/include/configs/aspeed-common.h @@ -38,13 +38,4 @@ */ #define CONFIG_BOOTP_BOOTFILESIZE
-/* - * Miscellaneous configurable options - */ - -#define CONFIG_EXTRA_ENV_SETTINGS \ - "verify=yes\0" \ - "spi_dma=yes\0" \ - "" - #endif /* __AST_COMMON_CONFIG_H */ diff --git a/include/configs/evb_ast2500.h b/include/configs/evb_ast2500.h index dc032c1a41..558d6f9452 100644 --- a/include/configs/evb_ast2500.h +++ b/include/configs/evb_ast2500.h @@ -13,4 +13,11 @@
#define CONFIG_SYS_UBOOT_BASE CONFIG_SYS_TEXT_BASE
+/* Memory Info */ +#define CONFIG_SYS_LOAD_ADDR 0x83000000 + +/* Misc */ +#define CONFIG_EXTRA_ENV_SETTINGS \ + "" + #endif /* __CONFIG_H */ diff --git a/include/configs/evb_ast2600.h b/include/configs/evb_ast2600.h index 177a52eb91..3805091d7c 100644 --- a/include/configs/evb_ast2600.h +++ b/include/configs/evb_ast2600.h @@ -10,4 +10,11 @@
#define CONFIG_SYS_UBOOT_BASE CONFIG_SYS_TEXT_BASE
+/* Memory Info */ +#define CONFIG_SYS_LOAD_ADDR 0x83000000 + +/* Misc */ +#define CONFIG_EXTRA_ENV_SETTINGS \ + "" + #endif /* __CONFIG_H */
AST2600 leverages the FIT hash/signature verification to fulfill secure boot trust chain. To improve the performance and save SW code size for those crypto operations, the two HW crypto engine, HACE and ACRY, are enabled.
However, both of the engines can only access to data stored in DRAM space. Therefore, we need to move the FIT image into DRAM before the booting.
This patch update the CONFIG_BOOTCOMMAND to execute the pre-defined ENV variable which consists of FIT image copy to memory and booting.
Signed-off-by: Chia-Wei Wang chiawei_wang@aspeedtech.com --- configs/evb-ast2600_defconfig | 2 +- include/configs/evb_ast2600.h | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/configs/evb-ast2600_defconfig b/configs/evb-ast2600_defconfig index eba6940ec1..abb156f13e 100644 --- a/configs/evb-ast2600_defconfig +++ b/configs/evb-ast2600_defconfig @@ -27,7 +27,7 @@ CONFIG_SPL_LOAD_FIT_ADDRESS=0x10000 CONFIG_USE_BOOTARGS=y CONFIG_BOOTARGS="console=ttyS4,115200n8 root=/dev/ram rw" CONFIG_USE_BOOTCOMMAND=y -CONFIG_BOOTCOMMAND="bootm 20100000" +CONFIG_BOOTCOMMAND="run bootspi" # CONFIG_DISPLAY_CPUINFO is not set CONFIG_SPL_SIZE_LIMIT_SUBTRACT_GD=y CONFIG_SPL_SIZE_LIMIT_SUBTRACT_MALLOC=y diff --git a/include/configs/evb_ast2600.h b/include/configs/evb_ast2600.h index 3805091d7c..9049a9fc10 100644 --- a/include/configs/evb_ast2600.h +++ b/include/configs/evb_ast2600.h @@ -14,7 +14,14 @@ #define CONFIG_SYS_LOAD_ADDR 0x83000000
/* Misc */ +#define STR_HELPER(s) #s +#define STR(s) STR_HELPER(s) + #define CONFIG_EXTRA_ENV_SETTINGS \ + "loadaddr=" STR(CONFIG_SYS_LOAD_ADDR) "\0" \ + "bootspi=fdt addr 20100000 && fdt header get fitsize totalsize && " \ + "cp.b 20100000 ${loadaddr} ${fitsize} && bootm; " \ + "echo Error loading kernel FIT image\0" \ ""
#endif /* __CONFIG_H */
participants (3)
-
Chia-Wei Wang -
Simon Glass -
Tom Rini