Validates the images in the ESBC phase for LS2088ARDB platform and QSPI boot using esbc_validate command. Add images validation in default environment under mcinitcmd prior to MC initialization.

Adds header address for PPA to be validated during ESBC phase for ARCH_LS2088 and QSPI_BOOT.

Moves sec_init prior to ppa_init as for validation of PPA sec must be initialised before the PPA is initialised.

Signed-off-by: Udit Agarwal udit.agarwal@nxp.com --- https://patchwork.ozlabs.org/patch/756222/ https://patchwork.ozlabs.org/patch/756221/ https://patchwork.ozlabs.org/patch/756250/

arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 1 + board/freescale/ls2080aqds/ls2080aqds.c | 2 +- board/freescale/ls2080ardb/ls2080ardb.c | 7 ++++--- include/configs/ls2080ardb.h | 22 ++++++++++++++++++++++ 4 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig index 57660e8..8b39e00 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig @@ -216,6 +216,7 @@ config SYS_LS_PPA_ESBC_ADDR default 0x40680000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1046A default 0x40680000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A default 0x20680000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1088A + default 0x20680000 if SYS_LS_PPA_FW_IN_XIP && QSPI_BOOT && ARCH_LS2080A default 0x580680000 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS2080A default 0x680000 if SYS_LS_PPA_FW_IN_MMC default 0x680000 if SYS_LS_PPA_FW_IN_NAND diff --git a/board/freescale/ls2080aqds/ls2080aqds.c b/board/freescale/ls2080aqds/ls2080aqds.c index ba3347b..00f4bb1 100644 --- a/board/freescale/ls2080aqds/ls2080aqds.c +++ b/board/freescale/ls2080aqds/ls2080aqds.c @@ -229,7 +229,7 @@ int board_init(void) select_i2c_ch_pca9547(I2C_MUX_CH_DEFAULT); rtc_enable_32khz_output(); #ifdef CONFIG_FSL_CAAM - sec_init(); + sec_init(); #endif

#ifdef CONFIG_FSL_LS_PPA diff --git a/board/freescale/ls2080ardb/ls2080ardb.c b/board/freescale/ls2080ardb/ls2080ardb.c index edb6b33..c25f8ab 100644 --- a/board/freescale/ls2080ardb/ls2080ardb.c +++ b/board/freescale/ls2080ardb/ls2080ardb.c @@ -233,6 +233,10 @@ int board_init(void) #ifdef CONFIG_FSL_QIXIS QIXIS_WRITE(rst_ctl, QIXIS_RST_CTL_RESET_EN); #endif + +#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif #ifdef CONFIG_FSL_LS_PPA ppa_init(); #endif @@ -241,9 +245,6 @@ int board_init(void) /* invert AQR405 IRQ pins polarity */ out_le32(irq_ccsr + IRQCR_OFFSET / 4, AQR405_IRQ_MASK); #endif -#ifdef CONFIG_FSL_CAAM - sec_init(); -#endif

return 0; } diff --git a/include/configs/ls2080ardb.h b/include/configs/ls2080ardb.h index 711241a..5a1d516 100644 --- a/include/configs/ls2080ardb.h +++ b/include/configs/ls2080ardb.h @@ -366,6 +366,27 @@ unsigned long get_board_sys_clk(void); /* Initial environment variables */ #undef CONFIG_EXTRA_ENV_SETTINGS #ifdef CONFIG_SECURE_BOOT +#ifdef CONFIG_QSPI_BOOT +#define CONFIG_EXTRA_ENV_SETTINGS \ + "hwconfig=fsl_ddr:bank_intlv=auto\0" \ + "scriptaddr=0x80800000\0" \ + "kernel_addr_r=0x81000000\0" \ + "pxefile_addr_r=0x81000000\0" \ + "fdt_addr_r=0x88000000\0" \ + "ramdisk_addr_r=0x89000000\0" \ + "loadaddr=0x80100000\0" \ + "kernel_addr=0x100000\0" \ + "ramdisk_size=0x2000000\0" \ + "fdt_high=0xa0000000\0" \ + "initrd_high=0xffffffffffffffff\0" \ + "kernel_start=0x21000000\0" \ + "mcmemsize=0x40000000\0" \ + "mcinitcmd=esbc_validate 0x20700000;" \ + "esbc_validate 0x20740000;" \ + "fsl_mc start mc 0x20a00000" \ + " 0x20e00000 \0" \ + BOOTENV +#else /* !(CONFIG_QSPI_BOOT) */ #define CONFIG_EXTRA_ENV_SETTINGS \ "hwconfig=fsl_ddr:bank_intlv=auto\0" \ "scriptaddr=0x80800000\0" \ @@ -389,6 +410,7 @@ unsigned long get_board_sys_clk(void); "fsl_mc start mc 0x580300000" \ " 0x580800000 \0" \ BOOTENV +#endif #else #ifdef CONFIG_QSPI_BOOT #define CONFIG_EXTRA_ENV_SETTINGS \

This patch adjusts memory map for secure boot headers on LS2080AQDS and LS2080ARDB platforms.

Secure boot headers are placed on NOR flash at offset 0x00600000.

Signed-off-by: Udit Agarwal udit.agarwal@nxp.com --- https://patchwork.ozlabs.org/patch/756222/ https://patchwork.ozlabs.org/patch/756221/ https://patchwork.ozlabs.org/patch/756250/

board/freescale/ls2080aqds/README | 1 + board/freescale/ls2080ardb/README | 1 + include/configs/ls2080aqds.h | 10 +++++----- include/configs/ls2080ardb.h | 10 +++++----- 4 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/board/freescale/ls2080aqds/README b/board/freescale/ls2080aqds/README index fd0e25a..cad860e 100644 --- a/board/freescale/ls2080aqds/README +++ b/board/freescale/ls2080aqds/README @@ -96,6 +96,7 @@ RCW+PBI 0x00000000 Boot firmware (U-Boot) 0x00100000 Boot firmware Environment 0x00300000 PPA firmware 0x00400000 +Secure Headers 0x00600000 DPAA2 MC 0x00A00000 DPAA2 DPL 0x00D00000 DPAA2 DPC 0x00E00000 diff --git a/board/freescale/ls2080ardb/README b/board/freescale/ls2080ardb/README index f228d80..205c45c 100644 --- a/board/freescale/ls2080ardb/README +++ b/board/freescale/ls2080ardb/README @@ -92,6 +92,7 @@ RCW+PBI 0x00000000 Boot firmware (U-Boot) 0x00100000 Boot firmware Environment 0x00300000 PPA firmware 0x00400000 +Secure Headers 0x00600000 Cortina PHY firmware 0x00980000 DPAA2 MC 0x00A00000 DPAA2 DPL 0x00D00000 diff --git a/include/configs/ls2080aqds.h b/include/configs/ls2080aqds.h index d646197..efc3d5b 100644 --- a/include/configs/ls2080aqds.h +++ b/include/configs/ls2080aqds.h @@ -369,14 +369,14 @@ unsigned long get_board_ddr_clk(void); "ramdisk_size=0x2000000\0" \ "fdt_high=0xa0000000\0" \ "initrd_high=0xffffffffffffffff\0" \ - "kernel_start=0x581100000\0" \ + "kernel_start=0x581000000\0" \ "kernel_load=0xa0000000\0" \ "kernel_size=0x2800000\0" \ "mcmemsize=0x40000000\0" \ - "mcinitcmd=esbc_validate 0x580c80000;" \ - "esbc_validate 0x580cc0000;" \ - "fsl_mc start mc 0x580300000" \ - " 0x580800000 \0" + "mcinitcmd=esbc_validate 0x580700000;" \ + "esbc_validate 0x580740000;" \ + "fsl_mc start mc 0x580a00000" \ + " 0x580e00000 \0" #else #define CONFIG_EXTRA_ENV_SETTINGS \ "hwconfig=fsl_ddr:bank_intlv=auto\0" \ diff --git a/include/configs/ls2080ardb.h b/include/configs/ls2080ardb.h index 5a1d516..6abf54b 100644 --- a/include/configs/ls2080ardb.h +++ b/include/configs/ls2080ardb.h @@ -400,15 +400,15 @@ unsigned long get_board_sys_clk(void); "ramdisk_size=0x2000000\0" \ "fdt_high=0xa0000000\0" \ "initrd_high=0xffffffffffffffff\0" \ - "kernel_start=0x581100000\0" \ + "kernel_start=0x581000000\0" \ "kernel_load=0xa0000000\0" \ "kernel_size=0x2800000\0" \ "mcmemsize=0x40000000\0" \ "fdtfile=fsl-ls2080a-rdb.dtb\0" \ - "mcinitcmd=esbc_validate 0x580c80000;" \ - "esbc_validate 0x580cc0000;" \ - "fsl_mc start mc 0x580300000" \ - " 0x580800000 \0" \ + "mcinitcmd=esbc_validate 0x580700000;" \ + "esbc_validate 0x580740000;" \ + "fsl_mc start mc 0x580a00000" \ + " 0x580e00000 \0" \ BOOTENV #endif #else

On 05/02/2017 05:15 AM, Udit Agarwal wrote:

Add the secure boot defconfig for QSPI boot on LS2088ARDB platform.

Signed-off-by: Udit Agarwal udit.agarwal@nxp.com

https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatchwork... https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatchwork... https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatchwork...

configs/ls2088ardb_qspi_SECURE_BOOT_defconfig | 50 +++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 configs/ls2088ardb_qspi_SECURE_BOOT_defconfig

diff --git a/configs/ls2088ardb_qspi_SECURE_BOOT_defconfig b/configs/ls2088ardb_qspi_SECURE_BOOT_defconfig new file mode 100644 index 0000000..749ad1d --- /dev/null +++ b/configs/ls2088ardb_qspi_SECURE_BOOT_defconfig @@ -0,0 +1,50 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS2080ARDB=y +CONFIG_SECURE_BOOT=y +CONFIG_FSL_LS_PPA=y +CONFIG_QSPI_AHB_INIT=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2088a-rdb-qspi" +# CONFIG_SYS_MALLOC_F is not set +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_SYS_EXTRA_OPTIONS="LS2080A"

This is not needed, and not allowed. Please fix. Make sure you test your patches on the top of latest upstream master branch.

York