[U-Boot] [PATCH v2 1/2] LS2080ARDB: QSPI boot: Secure Boot image validation
Validates the images in the ESBC phase for (QSPI boot) using esbc_validate command. Add images validation in default environment under mcinitcmd prior to MC initialization.
Adds header address for PPA to be validated during ESBC phase for ARCH_LS2088 and QSPI_BOOT.
Moves sec_init prior to ppa_init as for validation of PPA, sec must be initialised before the PPA is initialised.
Signed-off-by: Udit Agarwal udit.agarwal@nxp.com --- Dependent Patch Set: https://patchwork.ozlabs.org/patch/756260/ Changes in v2: Updates the MAINTAINERS file and reverses the order of secure boot patches for LS2080 QSPI Boot.
arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 3 ++- arch/arm/include/asm/fsl_secure_boot.h | 5 +++++ board/freescale/ls2080aqds/ls2080aqds.c | 7 +++---- board/freescale/ls2080ardb/MAINTAINERS | 5 +++++ board/freescale/ls2080ardb/ls2080ardb.c | 4 ++++ include/configs/ls2080ardb.h | 22 ++++++++++++++++++++++ 6 files changed, 41 insertions(+), 5 deletions(-)
diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig index 312c54d..18c3b2a 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig @@ -182,7 +182,8 @@ config SYS_LS_PPA_ESBC_ADDR default 0x60680000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1043A default 0x40680000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1046A default 0x40680000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A - default 0x580680000 if SYS_LS_PPA_FW_IN_XIP && FSL_LSCH3 + default 0x20680000 if SYS_LS_PPA_FW_IN_XIP && QSPI_BOOT && ARCH_LS2080A + default 0x580680000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS2080A default 0x680000 if SYS_LS_PPA_FW_IN_MMC default 0x680000 if SYS_LS_PPA_FW_IN_NAND help diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index 6d53708..b6f63a3 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -72,8 +72,13 @@ * DDR memory map */ #ifdef CONFIG_FSL_LSCH3 +#ifdef CONFIG_QSPI_BOOT +#define CONFIG_BS_ADDR_DEVICE 0x20600000 +#define CONFIG_BS_HDR_ADDR_DEVICE 0x20640000 +#else /* NOR BOOT */ #define CONFIG_BS_ADDR_DEVICE 0x580600000 #define CONFIG_BS_HDR_ADDR_DEVICE 0x580640000 +#endif /*ifdef CONFIG_QSPI_BOOT */ #define CONFIG_BS_SIZE 0x00001000 #define CONFIG_BS_HDR_SIZE 0x00004000 #define CONFIG_BS_ADDR_RAM 0xa0600000 diff --git a/board/freescale/ls2080aqds/ls2080aqds.c b/board/freescale/ls2080aqds/ls2080aqds.c index 6da9c6c..b9eb549 100644 --- a/board/freescale/ls2080aqds/ls2080aqds.c +++ b/board/freescale/ls2080aqds/ls2080aqds.c @@ -226,15 +226,14 @@ int board_init(void) #endif select_i2c_ch_pca9547(I2C_MUX_CH_DEFAULT); rtc_enable_32khz_output(); +#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif
#ifdef CONFIG_FSL_LS_PPA ppa_init(); #endif
-#ifdef CONFIG_FSL_CAAM - sec_init(); -#endif - return 0; }
diff --git a/board/freescale/ls2080ardb/MAINTAINERS b/board/freescale/ls2080ardb/MAINTAINERS index 91f13ea..8da1c6d 100644 --- a/board/freescale/ls2080ardb/MAINTAINERS +++ b/board/freescale/ls2080ardb/MAINTAINERS @@ -21,3 +21,8 @@ LS2080A_SECURE_BOOT BOARD M: Saksham Jain saksham.jain@nxp.freescale.com S: Maintained F: configs/ls2080ardb_SECURE_BOOT_defconfig + +LS2088A_QSPI_SECURE_BOOT BOARD +M: Udit Agarwal udit.agarwal@nxp.com +S: Maintained +F: configs/ls2088ardb_qspi_SECURE_BOOT_defconfig diff --git a/board/freescale/ls2080ardb/ls2080ardb.c b/board/freescale/ls2080ardb/ls2080ardb.c index df2d768..4c42c73 100644 --- a/board/freescale/ls2080ardb/ls2080ardb.c +++ b/board/freescale/ls2080ardb/ls2080ardb.c @@ -231,6 +231,10 @@ int board_init(void) #ifdef CONFIG_FSL_QIXIS QIXIS_WRITE(rst_ctl, QIXIS_RST_CTL_RESET_EN); #endif + +#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif #ifdef CONFIG_FSL_LS_PPA ppa_init(); #endif diff --git a/include/configs/ls2080ardb.h b/include/configs/ls2080ardb.h index 2dab065..f04a343 100644 --- a/include/configs/ls2080ardb.h +++ b/include/configs/ls2080ardb.h @@ -364,6 +364,27 @@ unsigned long get_board_sys_clk(void); /* Initial environment variables */ #undef CONFIG_EXTRA_ENV_SETTINGS #ifdef CONFIG_SECURE_BOOT +#ifdef CONFIG_QSPI_BOOT +#define CONFIG_EXTRA_ENV_SETTINGS \ + "hwconfig=fsl_ddr:bank_intlv=auto\0" \ + "scriptaddr=0x80800000\0" \ + "kernel_addr_r=0x81000000\0" \ + "pxefile_addr_r=0x81000000\0" \ + "fdt_addr_r=0x88000000\0" \ + "ramdisk_addr_r=0x89000000\0" \ + "loadaddr=0x80100000\0" \ + "kernel_addr=0x100000\0" \ + "ramdisk_size=0x2000000\0" \ + "fdt_high=0xa0000000\0" \ + "initrd_high=0xffffffffffffffff\0" \ + "kernel_start=0x21000000\0" \ + "mcmemsize=0x40000000\0" \ + "mcinitcmd=esbc_validate 0x20700000;" \ + "esbc_validate 0x20740000;" \ + "fsl_mc start mc 0x20a00000" \ + " 0x20e00000 \0" \ + BOOTENV +#else /* !(CONFIG_QSPI_BOOT) */ #define CONFIG_EXTRA_ENV_SETTINGS \ "hwconfig=fsl_ddr:bank_intlv=auto\0" \ "scriptaddr=0x80800000\0" \ @@ -387,6 +408,7 @@ unsigned long get_board_sys_clk(void); "fsl_mc start mc 0x580a00000" \ " 0x580e00000 \0" \ BOOTENV +#endif #else #ifdef CONFIG_QSPI_BOOT #define CONFIG_EXTRA_ENV_SETTINGS \
Add the secure boot defconfig for QSPI boot on LS2088ARDB platform.
Signed-off-by: Udit Agarwal udit.agarwal@nxp.com --- Dependent Patch Set: https://patchwork.ozlabs.org/patch/756260/ Changes in v2: Updates the MAINTAINERS file and reverses the order of secure boot patches for LS2080 QSPI Boot.
configs/ls2088ardb_qspi_SECURE_BOOT_defconfig | 49 +++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 configs/ls2088ardb_qspi_SECURE_BOOT_defconfig
diff --git a/configs/ls2088ardb_qspi_SECURE_BOOT_defconfig b/configs/ls2088ardb_qspi_SECURE_BOOT_defconfig new file mode 100644 index 0000000..360d8c4 --- /dev/null +++ b/configs/ls2088ardb_qspi_SECURE_BOOT_defconfig @@ -0,0 +1,49 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS2080ARDB=y +CONFIG_SECURE_BOOT=y +CONFIG_FSL_LS_PPA=y +CONFIG_QSPI_AHB_INIT=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2088a-rdb-qspi" +# CONFIG_SYS_MALLOC_F is not set +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_QSPI_BOOT=y +CONFIG_BOOTDELAY=10 +CONFIG_CMD_GREPENV=y +# CONFIG_CMD_IMLS is not set +CONFIG_CMD_GPT=y +CONFIG_CMD_MMC=y +CONFIG_CMD_SF=y +CONFIG_CMD_I2C=y +CONFIG_CMD_DHCP=y +CONFIG_CMD_MII=y +CONFIG_CMD_PING=y +CONFIG_CMD_CACHE=y +CONFIG_CMD_EXT2=y +CONFIG_CMD_FAT=y +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_FSL_CAAM=y +CONFIG_DM_SPI_FLASH=y +CONFIG_NETDEVICES=y +CONFIG_E1000=y +CONFIG_PCI=y +CONFIG_DM_PCI=y +CONFIG_DM_PCI_COMPAT=y +CONFIG_PCIE_LAYERSCAPE=y +CONFIG_SYS_NS16550=y +CONFIG_DM_SPI=y +CONFIG_FSL_QSPI=y +CONFIG_FSL_DSPI=y +CONFIG_CMD_USB=y +CONFIG_RSA=y +CONFIG_RSA_SOFTWARE_EXP=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_USB=y +CONFIG_DM_USB=y +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_XHCI_DWC3=y +CONFIG_USB_STORAGE=y +CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
On 05/27/2017 01:33 AM, Udit Agarwal wrote:
Validates the images in the ESBC phase for (QSPI boot) using esbc_validate command. Add images validation in default environment under mcinitcmd prior to MC initialization.
Adds header address for PPA to be validated during ESBC phase for ARCH_LS2088 and QSPI_BOOT.
Moves sec_init prior to ppa_init as for validation of PPA, sec must be initialised before the PPA is initialised.
Signed-off-by: Udit Agarwal udit.agarwal@nxp.com
Dependent Patch Set: https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatchwork... Changes in v2: Updates the MAINTAINERS file and reverses the order of secure boot patches for LS2080 QSPI Boot.
Please rebase your patch. It has conflict on the CONFIG_EXTRA_ENV_SETTINGS. Please note, your dependency patch needs a rework. You may want to work together with Sumit Garg to sync your code base.
York
participants (2)
-
Udit Agarwal -
York Sun