[U-Boot] [PATCH 3/3][v3] [RESEND] arm: ls1046ardb: Add SD secure boot target
From: Vinitha Pillai-B57223 vinitha.pillai@nxp.com
- Add SD secure boot target for ls1046ardb. - Implement board specific spl_board_init() to setup CAAM stream ID and corresponding stream ID in SMMU. - Change the u-boot size defined by a macro for copying the main U-Boot by SPL to also include the u-boot Secure Boot header size as header is appended to u-boot image. So header will also be copied from SD to DDR. - CONFIG_MAX_SPL_SIZE is limited to 90K.SPL is copied to OCRAM (128K) where 32K are reserved for use by boot ROM and 6K for the header - Reduce the size of CAAM driver for SPL. Since the size of spl image was about 94K, Blobification functions and descriptors, that are not required at the time of SPL are disabled. Further error code conversion to strings is disabled for SPL build. This reduces the spl image size to 92K.
Signed-off-by: Vinitha Pillai vinitha.pillai@nxp.com Signed-off-by: Sumit Garg sumit.garg@nxp.com Signed-off-by: Ruchika Gupta ruchika.gupta@nxp.com --- Changes from v1: - Rebased patches to latest dependent patch set - With the dependent path set , spl imag size increased to 94K. So - additionally reduce the spl image size by removing the functions from - CAAM driver that are not required in SPL flow
Dependent patch set: SECURE boot target addition for NOR on LS1043, LS1046 https://patchwork.ozlabs.org/patch/742548/ https://patchwork.ozlabs.org/patch/742552/ https://patchwork.ozlabs.org/patch/742549/ https://patchwork.ozlabs.org/patch/742551/ https://patchwork.ozlabs.org/patch/742550/ https://patchwork.ozlabs.org/patch/742553/ https://patchwork.ozlabs.org/patch/742554/
and SPL size reduction patches https://patchwork.ozlabs.org/patch/744755/ https://patchwork.ozlabs.org/patch/744756/
arch/arm/include/asm/fsl_secure_boot.h | 2 +- board/freescale/ls1046ardb/ls1046ardb.c | 19 +++++++++++ configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig | 45 +++++++++++++++++++++++++ drivers/crypto/fsl/jobdesc.c | 4 +-- drivers/crypto/fsl/jr.c | 19 ++++++----- include/configs/ls1046a_common.h | 17 ++++++++-- 6 files changed, 91 insertions(+), 15 deletions(-) create mode 100644 configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index 2cefd1f..9155e29 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -88,7 +88,7 @@ /* For SD boot address and size are assigned in terms of sector * offset and no. of sectors respectively. */ -#if defined(CONFIG_LS1043A) +#if defined(CONFIG_LS1043A) || defined(CONFIG_ARCH_LS1046A) #define CONFIG_BS_HDR_ADDR_DEVICE 0x00000920 #else #define CONFIG_BS_HDR_ADDR_DEVICE 0x00000900 diff --git a/board/freescale/ls1046ardb/ls1046ardb.c b/board/freescale/ls1046ardb/ls1046ardb.c index 1dd5e69..f050163 100644 --- a/board/freescale/ls1046ardb/ls1046ardb.c +++ b/board/freescale/ls1046ardb/ls1046ardb.c @@ -32,6 +32,25 @@ int board_early_init_f(void) return 0; }
+#if defined(CONFIG_SPL_BUILD) +void spl_board_init(void) +{ +#ifdef CONFIG_SECURE_BOOT + /* + * In case of Secure Boot, the IBR configures the SMMU + * to allow only Secure transactions. + * SMMU must be reset in bypass mode. + * Set the ClientPD bit and Clear the USFCFG Bit + */ + u32 val; + val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK); + out_le32(SMMU_SCR0, val); + val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK); + out_le32(SMMU_NSCR0, val); +#endif +} +#endif + #ifndef CONFIG_SPL_BUILD int checkboard(void) { diff --git a/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig b/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig new file mode 100644 index 0000000..a41ec80 --- /dev/null +++ b/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig @@ -0,0 +1,45 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS1046ARDB=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1046a-rdb" +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_SYS_EXTRA_OPTIONS="RAMBOOT_PBL,SPL_FSL_PBL" +CONFIG_SECURE_BOOT=y +CONFIG_SD_BOOT=y +CONFIG_BOOTDELAY=10 +CONFIG_SPL=y +CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y +CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x110 +CONFIG_HUSH_PARSER=y +# CONFIG_CMD_IMLS is not set +CONFIG_CMD_GPT=y +CONFIG_CMD_MMC=y +CONFIG_CMD_SF=y +CONFIG_CMD_I2C=y +CONFIG_CMD_DHCP=y +CONFIG_CMD_MII=y +CONFIG_CMD_PING=y +CONFIG_CMD_CACHE=y +CONFIG_CMD_EXT2=y +CONFIG_CMD_FAT=y +# CONFIG_SPL_EFI_PARTITION is not set +CONFIG_OF_CONTROL=y +CONFIG_DM=y +CONFIG_SPL_DM=y +CONFIG_SPI_FLASH=y +CONFIG_NETDEVICES=y +CONFIG_E1000=y +CONFIG_PCI=y +CONFIG_DM_PCI=y +CONFIG_DM_PCI_COMPAT=y +CONFIG_PCIE_LAYERSCAPE=y +CONFIG_SYS_NS16550=y +CONFIG_DM_SPI=y +CONFIG_FSL_QSPI=y +CONFIG_USB=y +CONFIG_DM_USB=y +CONFIG_RSA=y +CONFIG_SPL_RSA=y +CONFIG_SPL_CRYPTO_SUPPORT=y +CONFIG_SPL_HASH_SUPPORT=y diff --git a/drivers/crypto/fsl/jobdesc.c b/drivers/crypto/fsl/jobdesc.c index 6125bbb..375ff9d 100644 --- a/drivers/crypto/fsl/jobdesc.c +++ b/drivers/crypto/fsl/jobdesc.c @@ -204,7 +204,7 @@ void inline_cnstr_jobdesc_hash(uint32_t *desc, append_store(desc, dma_addr_out, storelen, LDST_CLASS_2_CCB | LDST_SRCDST_BYTE_CONTEXT); } - +#ifndef CONFIG_SPL_BUILD void inline_cnstr_jobdesc_blob_encap(uint32_t *desc, uint8_t *key_idnfr, uint8_t *plain_txt, uint8_t *enc_blob, uint32_t in_sz) @@ -252,7 +252,7 @@ void inline_cnstr_jobdesc_blob_decap(uint32_t *desc, uint8_t *key_idnfr,
append_operation(desc, OP_TYPE_DECAP_PROTOCOL | OP_PCLID_BLOB); } - +#endif /* * Descriptor to instantiate RNG State Handle 0 in normal mode and * load the JDKEK, TDKEK and TDSK registers diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index 1b88229..163e729 100644 --- a/drivers/crypto/fsl/jr.c +++ b/drivers/crypto/fsl/jr.c @@ -342,7 +342,9 @@ static void desc_done(uint32_t status, void *arg) { struct result *x = arg; x->status = status; +#ifndef CONFIG_SPL_BUILD caam_jr_strstatus(status); +#endif x->done = 1; }
@@ -436,7 +438,11 @@ static inline int sec_reset_idx(uint8_t sec_idx)
return 0; } - +int sec_reset(void) +{ + return sec_reset_idx(0); +} +#ifndef CONFIG_SPL_BUILD static int instantiate_rng(uint8_t sec_idx) { struct result op; @@ -472,11 +478,6 @@ static int instantiate_rng(uint8_t sec_idx) return ret; }
-int sec_reset(void) -{ - return sec_reset_idx(0); -} - static u8 get_rng_vid(uint8_t sec_idx) { ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx); @@ -561,7 +562,7 @@ static int rng_init(uint8_t sec_idx)
return ret; } - +#endif int sec_init_idx(uint8_t sec_idx) { ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx); @@ -634,7 +635,7 @@ int sec_init_idx(uint8_t sec_idx)
pamu_enable(); #endif - +#ifndef CONFIG_SPL_BUILD if (get_rng_vid(sec_idx) >= 4) { if (rng_init(sec_idx) < 0) { printf("SEC%u: RNG instantiation failed\n", sec_idx); @@ -642,7 +643,7 @@ int sec_init_idx(uint8_t sec_idx) } printf("SEC%u: RNG instantiated\n", sec_idx); } - +#endif return ret; }
diff --git a/include/configs/ls1046a_common.h b/include/configs/ls1046a_common.h index 4c25433..3f90988 100644 --- a/include/configs/ls1046a_common.h +++ b/include/configs/ls1046a_common.h @@ -24,7 +24,6 @@ #define CONFIG_GICV2
#include <asm/arch/config.h> - /* Link Definitions */ #define CONFIG_SYS_INIT_SP_ADDR (CONFIG_SYS_FSL_OCRAM_BASE + 0xfff0)
@@ -78,7 +77,19 @@ #define CONFIG_SYS_SPL_MALLOC_START (CONFIG_SPL_BSS_START_ADDR + \ CONFIG_SPL_BSS_MAX_SIZE) #define CONFIG_SYS_SPL_MALLOC_SIZE 0x100000 -#define CONFIG_SYS_MONITOR_LEN 0xa0000 + +#ifdef CONFIG_SECURE_BOOT +#define CONFIG_U_BOOT_HDR_SIZE (16 << 10) +/* + * HDR would be appended at end of image and copied to DDR along + * with U-Boot image. Here u-boot max. size is 512K. So if binary + * size increases then increase this size in case of secure boot as + * it uses raw u-boot image instead of fit image. + */ +#define CONFIG_SYS_MONITOR_LEN (0x100000 + CONFIG_U_BOOT_HDR_SIZE) +#else +#define CONFIG_SYS_MONITOR_LEN 0x100000 +#endif /* ifdef CONFIG_SECURE_BOOT */ #endif
/* NAND SPL */ @@ -98,7 +109,7 @@ #define CONFIG_SPL_NAND_SUPPORT #define CONFIG_SPL_DRIVERS_MISC_SUPPORT #define CONFIG_SPL_TEXT_BASE 0x10000000 -#define CONFIG_SPL_MAX_SIZE 0x1d000 /* 116 KiB */ +#define CONFIG_SPL_MAX_SIZE 0x17000 /* 90 KiB */ #define CONFIG_SPL_STACK 0x1001f000 #define CONFIG_SYS_NAND_U_BOOT_DST CONFIG_SYS_TEXT_BASE #define CONFIG_SYS_NAND_U_BOOT_START CONFIG_SYS_TEXT_BASE
On 03/29/2017 07:21 AM, Ruchika Gupta wrote:
From: Vinitha Pillai-B57223 vinitha.pillai@nxp.com
- Add SD secure boot target for ls1046ardb.
- Implement board specific spl_board_init() to setup CAAM stream ID and corresponding stream ID in SMMU.
- Change the u-boot size defined by a macro for copying the main U-Boot by SPL to also include the u-boot Secure Boot header size as header is appended to u-boot image. So header will also be copied from SD to DDR.
- CONFIG_MAX_SPL_SIZE is limited to 90K.SPL is copied to OCRAM (128K) where 32K are reserved for use by boot ROM and 6K for the header
- Reduce the size of CAAM driver for SPL. Since the size of spl image was about 94K, Blobification functions and descriptors, that are not required at the time of SPL are disabled. Further error code conversion to strings is disabled for SPL build. This reduces the spl image size to 92K.
Signed-off-by: Vinitha Pillai vinitha.pillai@nxp.com Signed-off-by: Sumit Garg sumit.garg@nxp.com Signed-off-by: Ruchika Gupta ruchika.gupta@nxp.com
Changes from v1:
- Rebased patches to latest dependent patch set
- With the dependent path set , spl imag size increased to 94K. So
- additionally reduce the spl image size by removing the functions from
- CAAM driver that are not required in SPL flow
Dependent patch set: SECURE boot target addition for NOR on LS1043, LS1046 https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatchwork... https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatchwork... https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatchwork... https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatchwork... https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatchwork... https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatchwork... https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatchwork...
and SPL size reduction patches https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatchwork... https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatchwork...
arch/arm/include/asm/fsl_secure_boot.h | 2 +- board/freescale/ls1046ardb/ls1046ardb.c | 19 +++++++++++ configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig | 45 +++++++++++++++++++++++++ drivers/crypto/fsl/jobdesc.c | 4 +-- drivers/crypto/fsl/jr.c | 19 ++++++----- include/configs/ls1046a_common.h | 17 ++++++++-- 6 files changed, 91 insertions(+), 15 deletions(-) create mode 100644 configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig
This patch causes compiling error for T1042RDB_PI_NAND_SECURE_BOOT. Please check.
drivers/crypto/fsl/fsl_blob.c:28: undefined reference to `inline_cnstr_jobdesc_blob_decap'
York
-----Original Message----- From: york sun Sent: Friday, March 31, 2017 6:16 AM To: Ruchika Gupta ruchika.gupta@nxp.com; u-boot@lists.denx.de Cc: Vini Pillai vinitha.pillai@nxp.com; Sumit Garg sumit.garg@nxp.com Subject: Re: [PATCH 3/3][v3] [RESEND] arm: ls1046ardb: Add SD secure boot target
On 03/29/2017 07:21 AM, Ruchika Gupta wrote:
From: Vinitha Pillai-B57223 vinitha.pillai@nxp.com
- Add SD secure boot target for ls1046ardb.
- Implement board specific spl_board_init() to setup CAAM stream ID and corresponding stream ID in SMMU.
- Change the u-boot size defined by a macro for copying the main U-Boot by
SPL
to also include the u-boot Secure Boot header size as header is appended to u-boot image. So header will also be copied from SD to DDR.
- CONFIG_MAX_SPL_SIZE is limited to 90K.SPL is copied to OCRAM (128K)
where 32K
are reserved for use by boot ROM and 6K for the header
- Reduce the size of CAAM driver for SPL. Since the size of spl image was about 94K, Blobification functions and descriptors, that are not required at the time of SPL are disabled. Further error code conversion to strings is disabled for SPL build. This reduces the spl image size to 92K.
Signed-off-by: Vinitha Pillai vinitha.pillai@nxp.com Signed-off-by: Sumit Garg sumit.garg@nxp.com Signed-off-by: Ruchika Gupta ruchika.gupta@nxp.com
Changes from v1:
- Rebased patches to latest dependent patch set
- With the dependent path set , spl imag size increased to 94K. So
- additionally reduce the spl image size by removing the functions
from
- CAAM driver that are not required in SPL flow
Dependent patch set: SECURE boot target addition for NOR on LS1043, LS1046 https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpat
chwork.ozlabs.org%2Fpatch%2F742548%2F&data=01%7C01%7Cyork.sun%40nx p.co
m%7C9ac07c8775234e16d80308d476aedabb%7C686ea1d3bc2b4c6fa92cd99c5c3 0163
5%7C0&sdata=fe9EEogXl1g%2B%2BTITuTSqQfl9RysiRwi1SStWOebmidU%3D&r eserve
d=0 https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpat
chwork.ozlabs.org%2Fpatch%2F742552%2F&data=01%7C01%7Cyork.sun%40nx p.co
m%7C9ac07c8775234e16d80308d476aedabb%7C686ea1d3bc2b4c6fa92cd99c5c3 0163
5%7C0&sdata=eujlNAJ5%2BixRVB8z0DBFVUg0xN%2BkZT63E7rbvZQud5w%3D& reserve
d=0 https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpat
chwork.ozlabs.org%2Fpatch%2F742549%2F&data=01%7C01%7Cyork.sun%40nx p.co
m%7C9ac07c8775234e16d80308d476aedabb%7C686ea1d3bc2b4c6fa92cd99c5c3 0163
5%7C0&sdata=ANaXQxRKJAEjl3fSePjTUGDEy3%2F4CmU%2F3f%2B0qc8YB4A% 3D&reser
ved=0 https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpat
chwork.ozlabs.org%2Fpatch%2F742551%2F&data=01%7C01%7Cyork.sun%40nx p.co
m%7C9ac07c8775234e16d80308d476aedabb%7C686ea1d3bc2b4c6fa92cd99c5c3 0163
5%7C0&sdata=dKX1JhIHPq3RHHXOwHeoQcht%2BiHDJTEzDSSbctgiXGE%3D&re served=
0 https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpat
chwork.ozlabs.org%2Fpatch%2F742550%2F&data=01%7C01%7Cyork.sun%40nx p.co
m%7C9ac07c8775234e16d80308d476aedabb%7C686ea1d3bc2b4c6fa92cd99c5c3 0163
5%7C0&sdata=aZvIbu32SBljIcR8DP4afhwsBrfSCWOqgx61wf3JBZk%3D&reserve d=0
https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpat
chwork.ozlabs.org%2Fpatch%2F742553%2F&data=01%7C01%7Cyork.sun%40nx p.co
m%7C9ac07c8775234e16d80308d476aedabb%7C686ea1d3bc2b4c6fa92cd99c5c3 0163
5%7C0&sdata=fVKS2M58picc3ky05%2FTL9fd2NvZ7KDGPUy1D5TGsm20%3D&re served=
0 https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpat
chwork.ozlabs.org%2Fpatch%2F742554%2F&data=01%7C01%7Cyork.sun%40nx p.co
m%7C9ac07c8775234e16d80308d476aedabb%7C686ea1d3bc2b4c6fa92cd99c5c3 0163
5%7C0&sdata=CcKSSyrYvAJJG1fGPZI3lt6huuD995X8vCuidwmG0fc%3D&reserve d=0
and SPL size reduction patches https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpat
chwork.ozlabs.org%2Fpatch%2F744755%2F&data=01%7C01%7Cyork.sun%40nx p.co
m%7C9ac07c8775234e16d80308d476aedabb%7C686ea1d3bc2b4c6fa92cd99c5c3 0163
5%7C0&sdata=%2FAP98FyGhu04QqKAOAM0Oxeq3ZnT1rYDuUNw%2F4W9KlU %3D&reserve
d=0 https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpat
chwork.ozlabs.org%2Fpatch%2F744756%2F&data=01%7C01%7Cyork.sun%40nx p.co
m%7C9ac07c8775234e16d80308d476aedabb%7C686ea1d3bc2b4c6fa92cd99c5c3 0163
5%7C0&sdata=mxS6n30GD7iPNStd8ieHeFjcEdXhKc9S33iLZbCJfMo%3D&reserv ed=0
arch/arm/include/asm/fsl_secure_boot.h | 2 +- board/freescale/ls1046ardb/ls1046ardb.c | 19 +++++++++++ configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig | 45
+++++++++++++++++++++++++
drivers/crypto/fsl/jobdesc.c | 4 +-- drivers/crypto/fsl/jr.c | 19 ++++++----- include/configs/ls1046a_common.h | 17 ++++++++-- 6 files changed, 91 insertions(+), 15 deletions(-) create mode 100644 configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig
This patch causes compiling error for T1042RDB_PI_NAND_SECURE_BOOT. Please check.
drivers/crypto/fsl/fsl_blob.c:28: undefined reference to `inline_cnstr_jobdesc_blob_decap'
York
We have already sent a patch upstream to fix this compilation error.
Link: https://patchwork.ozlabs.org/patch/738682/
Sumit
On 03/29/2017 07:21 AM, Ruchika Gupta wrote:
From: Vinitha Pillai-B57223 vinitha.pillai@nxp.com
- Add SD secure boot target for ls1046ardb.
- Implement board specific spl_board_init() to setup CAAM stream ID and corresponding stream ID in SMMU.
- Change the u-boot size defined by a macro for copying the main U-Boot by SPL to also include the u-boot Secure Boot header size as header is appended to u-boot image. So header will also be copied from SD to DDR.
- CONFIG_MAX_SPL_SIZE is limited to 90K.SPL is copied to OCRAM (128K) where 32K are reserved for use by boot ROM and 6K for the header
- Reduce the size of CAAM driver for SPL. Since the size of spl image was about 94K, Blobification functions and descriptors, that are not required at the time of SPL are disabled. Further error code conversion to strings is disabled for SPL build. This reduces the spl image size to 92K.
Signed-off-by: Vinitha Pillai vinitha.pillai@nxp.com Signed-off-by: Sumit Garg sumit.garg@nxp.com Signed-off-by: Ruchika Gupta ruchika.gupta@nxp.com
Changes from v1:
- Rebased patches to latest dependent patch set
- With the dependent path set , spl imag size increased to 94K. So
- additionally reduce the spl image size by removing the functions from
- CAAM driver that are not required in SPL flow
<snip>
arch/arm/include/asm/fsl_secure_boot.h | 2 +- board/freescale/ls1046ardb/ls1046ardb.c | 19 +++++++++++ configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig | 45 +++++++++++++++++++++++++ drivers/crypto/fsl/jobdesc.c | 4 +-- drivers/crypto/fsl/jr.c | 19 ++++++----- include/configs/ls1046a_common.h | 17 ++++++++-- 6 files changed, 91 insertions(+), 15 deletions(-) create mode 100644 configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig
<snip>
diff --git a/drivers/crypto/fsl/jobdesc.c b/drivers/crypto/fsl/jobdesc.c index 6125bbb..375ff9d 100644 --- a/drivers/crypto/fsl/jobdesc.c +++ b/drivers/crypto/fsl/jobdesc.c @@ -204,7 +204,7 @@ void inline_cnstr_jobdesc_hash(uint32_t *desc, append_store(desc, dma_addr_out, storelen, LDST_CLASS_2_CCB | LDST_SRCDST_BYTE_CONTEXT); }
+#ifndef CONFIG_SPL_BUILD void inline_cnstr_jobdesc_blob_encap(uint32_t *desc, uint8_t *key_idnfr, uint8_t *plain_txt, uint8_t *enc_blob, uint32_t in_sz) @@ -252,7 +252,7 @@ void inline_cnstr_jobdesc_blob_decap(uint32_t *desc, uint8_t *key_idnfr,
append_operation(desc, OP_TYPE_DECAP_PROTOCOL | OP_PCLID_BLOB); }
+#endif
Why do you have this change in _this_ patch?
/*
- Descriptor to instantiate RNG State Handle 0 in normal mode and
- load the JDKEK, TDKEK and TDSK registers
diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index 1b88229..163e729 100644 --- a/drivers/crypto/fsl/jr.c +++ b/drivers/crypto/fsl/jr.c @@ -342,7 +342,9 @@ static void desc_done(uint32_t status, void *arg) { struct result *x = arg; x->status = status; +#ifndef CONFIG_SPL_BUILD caam_jr_strstatus(status); +#endif
Same question here.
x->done = 1; }
@@ -436,7 +438,11 @@ static inline int sec_reset_idx(uint8_t sec_idx)
return 0; }
+int sec_reset(void) +{
- return sec_reset_idx(0);
+} +#ifndef CONFIG_SPL_BUILD static int instantiate_rng(uint8_t sec_idx) { struct result op; @@ -472,11 +478,6 @@ static int instantiate_rng(uint8_t sec_idx) return ret; }
-int sec_reset(void) -{
- return sec_reset_idx(0);
-}
static u8 get_rng_vid(uint8_t sec_idx) { ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx); @@ -561,7 +562,7 @@ static int rng_init(uint8_t sec_idx)
return ret; }
+#endif int sec_init_idx(uint8_t sec_idx) { ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx); @@ -634,7 +635,7 @@ int sec_init_idx(uint8_t sec_idx)
pamu_enable(); #endif
+#ifndef CONFIG_SPL_BUILD if (get_rng_vid(sec_idx) >= 4) { if (rng_init(sec_idx) < 0) { printf("SEC%u: RNG instantiation failed\n", sec_idx); @@ -642,7 +643,7 @@ int sec_init_idx(uint8_t sec_idx) } printf("SEC%u: RNG instantiated\n", sec_idx); }
+#endif return ret; }
You seem to have some non-LS1046ARDB specific change in this patch. I can understand if you need to make some change to support SPL validation. But don't you need these changes to get LS1043ARDB work as your patch #1? Maybe you can reorganize your change set to have one patch before your #1 patch (including the change you made to fsl_validate.c) in the first patch). The bottom of line is every single commit should serve one purpose and it should work after each commit.
York
On 03/29/2017 07:21 AM, Ruchika Gupta wrote:
From: Vinitha Pillai-B57223 vinitha.pillai@nxp.com
- Add SD secure boot target for ls1046ardb.
- Implement board specific spl_board_init() to setup CAAM stream ID and corresponding stream ID in SMMU.
- Change the u-boot size defined by a macro for copying the main U-Boot by SPL to also include the u-boot Secure Boot header size as header is appended to u-boot image. So header will also be copied from SD to DDR.
- CONFIG_MAX_SPL_SIZE is limited to 90K.SPL is copied to OCRAM (128K) where 32K are reserved for use by boot ROM and 6K for the header
- Reduce the size of CAAM driver for SPL. Since the size of spl image was about 94K, Blobification functions and descriptors, that are not required at the time of SPL are disabled. Further error code conversion to strings is disabled for SPL build. This reduces the spl image size to 92K.
Signed-off-by: Vinitha Pillai vinitha.pillai@nxp.com Signed-off-by: Sumit Garg sumit.garg@nxp.com Signed-off-by: Ruchika Gupta ruchika.gupta@nxp.com
Changes from v1:
- Rebased patches to latest dependent patch set
- With the dependent path set , spl imag size increased to 94K. So
- additionally reduce the spl image size by removing the functions from
- CAAM driver that are not required in SPL flow
<snip>
+#if defined(CONFIG_SPL_BUILD) +void spl_board_init(void) +{ +#ifdef CONFIG_SECURE_BOOT
- /*
* In case of Secure Boot, the IBR configures the SMMU* to allow only Secure transactions.* SMMU must be reset in bypass mode.* Set the ClientPD bit and Clear the USFCFG Bit- */
- u32 val;
- val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK);
- out_le32(SMMU_SCR0, val);
- val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK);
- out_le32(SMMU_NSCR0, val);
+#endif +}
Is this the same as LS1043A? Can we move this function to arch/arm/cpu/armv8/fsl-layerscape/spl.c?
York
-----Original Message----- From: york sun Sent: Saturday, April 01, 2017 1:44 AM To: Ruchika Gupta ruchika.gupta@nxp.com; u-boot@lists.denx.de Cc: Vini Pillai vinitha.pillai@nxp.com; Sumit Garg sumit.garg@nxp.com Subject: Re: [PATCH 3/3][v3] [RESEND] arm: ls1046ardb: Add SD secure boot target
On 03/29/2017 07:21 AM, Ruchika Gupta wrote:
From: Vinitha Pillai-B57223 vinitha.pillai@nxp.com
- Add SD secure boot target for ls1046ardb.
- Implement board specific spl_board_init() to setup CAAM stream ID and corresponding stream ID in SMMU.
- Change the u-boot size defined by a macro for copying the main U-Boot
by SPL
to also include the u-boot Secure Boot header size as header is appended
to
u-boot image. So header will also be copied from SD to DDR.
- CONFIG_MAX_SPL_SIZE is limited to 90K.SPL is copied to OCRAM (128K)
where 32K
are reserved for use by boot ROM and 6K for the header
- Reduce the size of CAAM driver for SPL. Since the size of spl image was about 94K, Blobification functions and descriptors, that are not
required
at the time of SPL are disabled. Further error code conversion to strings is disabled for SPL build. This reduces the spl image size to 92K.
Signed-off-by: Vinitha Pillai vinitha.pillai@nxp.com Signed-off-by: Sumit Garg sumit.garg@nxp.com Signed-off-by: Ruchika Gupta ruchika.gupta@nxp.com
Changes from v1:
- Rebased patches to latest dependent patch set
- With the dependent path set , spl imag size increased to 94K. So
- additionally reduce the spl image size by removing the functions
from
- CAAM driver that are not required in SPL flow
<snip>
+#if defined(CONFIG_SPL_BUILD) +void spl_board_init(void) +{ +#ifdef CONFIG_SECURE_BOOT
- /*
* In case of Secure Boot, the IBR configures the SMMU* to allow only Secure transactions.* SMMU must be reset in bypass mode.* Set the ClientPD bit and Clear the USFCFG Bit- */
- u32 val;
- val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) &
~(SCR0_USFCFG_MASK);
- out_le32(SMMU_SCR0, val);
- val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) &
~(SCR0_USFCFG_MASK);
- out_le32(SMMU_NSCR0, val);
+#endif +}
Is this the same as LS1043A? Can we move this function to arch/arm/cpu/armv8/fsl-layerscape/spl.c?
This is true for LS1043, LS1046, however wouldn't hold good for Chassis gen3 SoC's like LS2088 , LS1088 etc. Is this file arch/arm/cpu/armv8/fsl-layerscape/spl.c common for the Chassis Gen 3 SoC's also ?
Ruchika
York
On 04/03/2017 12:00 AM, Ruchika Gupta wrote:
-----Original Message----- From: york sun Sent: Saturday, April 01, 2017 1:44 AM To: Ruchika Gupta ruchika.gupta@nxp.com; u-boot@lists.denx.de Cc: Vini Pillai vinitha.pillai@nxp.com; Sumit Garg sumit.garg@nxp.com Subject: Re: [PATCH 3/3][v3] [RESEND] arm: ls1046ardb: Add SD secure boot target
On 03/29/2017 07:21 AM, Ruchika Gupta wrote:
From: Vinitha Pillai-B57223 vinitha.pillai@nxp.com
- Add SD secure boot target for ls1046ardb.
- Implement board specific spl_board_init() to setup CAAM stream ID and corresponding stream ID in SMMU.
- Change the u-boot size defined by a macro for copying the main U-Boot
by SPL
to also include the u-boot Secure Boot header size as header is appended
to
u-boot image. So header will also be copied from SD to DDR.
- CONFIG_MAX_SPL_SIZE is limited to 90K.SPL is copied to OCRAM (128K)
where 32K
are reserved for use by boot ROM and 6K for the header
- Reduce the size of CAAM driver for SPL. Since the size of spl image was about 94K, Blobification functions and descriptors, that are not
required
at the time of SPL are disabled. Further error code conversion to strings is disabled for SPL build. This reduces the spl image size to 92K.
Signed-off-by: Vinitha Pillai vinitha.pillai@nxp.com Signed-off-by: Sumit Garg sumit.garg@nxp.com Signed-off-by: Ruchika Gupta ruchika.gupta@nxp.com
Changes from v1:
- Rebased patches to latest dependent patch set
- With the dependent path set , spl imag size increased to 94K. So
- additionally reduce the spl image size by removing the functions
from
- CAAM driver that are not required in SPL flow
<snip>
+#if defined(CONFIG_SPL_BUILD) +void spl_board_init(void) +{ +#ifdef CONFIG_SECURE_BOOT
- /*
* In case of Secure Boot, the IBR configures the SMMU* to allow only Secure transactions.* SMMU must be reset in bypass mode.* Set the ClientPD bit and Clear the USFCFG Bit- */
- u32 val;
- val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) &
~(SCR0_USFCFG_MASK);
- out_le32(SMMU_SCR0, val);
- val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) &
~(SCR0_USFCFG_MASK);
- out_le32(SMMU_NSCR0, val);
+#endif +}
Is this the same as LS1043A? Can we move this function to arch/arm/cpu/armv8/fsl-layerscape/spl.c?
This is true for LS1043, LS1046, however wouldn't hold good for Chassis gen3 SoC's like LS2088 , LS1088 etc. Is this file arch/arm/cpu/armv8/fsl-layerscape/spl.c common for the Chassis Gen 3 SoC's also ?
Yes, it is common for lsch3.
York
-----Original Message----- From: york sun Sent: Monday, April 03, 2017 9:01 PM To: Ruchika Gupta ruchika.gupta@nxp.com; u-boot@lists.denx.de Cc: Vini Pillai vinitha.pillai@nxp.com; Sumit Garg sumit.garg@nxp.com Subject: Re: [PATCH 3/3][v3] [RESEND] arm: ls1046ardb: Add SD secure boot target
On 04/03/2017 12:00 AM, Ruchika Gupta wrote:
-----Original Message----- From: york sun Sent: Saturday, April 01, 2017 1:44 AM To: Ruchika Gupta ruchika.gupta@nxp.com; u-boot@lists.denx.de Cc: Vini Pillai vinitha.pillai@nxp.com; Sumit Garg sumit.garg@nxp.com Subject: Re: [PATCH 3/3][v3] [RESEND] arm: ls1046ardb: Add SD secure boot target
On 03/29/2017 07:21 AM, Ruchika Gupta wrote:
From: Vinitha Pillai-B57223 vinitha.pillai@nxp.com
- Add SD secure boot target for ls1046ardb.
- Implement board specific spl_board_init() to setup CAAM stream ID
and
corresponding stream ID in SMMU.
- Change the u-boot size defined by a macro for copying the main
U-Boot
by SPL
to also include the u-boot Secure Boot header size as header is appended
to
u-boot image. So header will also be copied from SD to DDR.
- CONFIG_MAX_SPL_SIZE is limited to 90K.SPL is copied to OCRAM
(128K)
where 32K
are reserved for use by boot ROM and 6K for the header
- Reduce the size of CAAM driver for SPL. Since the size of spl image was about 94K, Blobification functions and descriptors, that are
not
required
at the time of SPL are disabled. Further error code conversion to strings is disabled for SPL build. This reduces the spl image size to 92K.
Signed-off-by: Vinitha Pillai vinitha.pillai@nxp.com Signed-off-by: Sumit Garg sumit.garg@nxp.com Signed-off-by: Ruchika Gupta ruchika.gupta@nxp.com
Changes from v1:
- Rebased patches to latest dependent patch set
- With the dependent path set , spl imag size increased to 94K. So
- additionally reduce the spl image size by removing the functions
from
- CAAM driver that are not required in SPL flow
<snip>
+#if defined(CONFIG_SPL_BUILD) +void spl_board_init(void) +{ +#ifdef CONFIG_SECURE_BOOT
- /*
* In case of Secure Boot, the IBR configures the SMMU* to allow only Secure transactions.* SMMU must be reset in bypass mode.* Set the ClientPD bit and Clear the USFCFG Bit- */
- u32 val;
- val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) &
~(SCR0_USFCFG_MASK);
- out_le32(SMMU_SCR0, val);
- val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) &
~(SCR0_USFCFG_MASK);
- out_le32(SMMU_NSCR0, val);
+#endif +}
Is this the same as LS1043A? Can we move this function to arch/arm/cpu/armv8/fsl-layerscape/spl.c?
This is true for LS1043, LS1046, however wouldn't hold good for Chassis
gen3 SoC's like LS2088 , LS1088 etc. Is this file arch/arm/cpu/armv8/fsl- layerscape/spl.c common for the Chassis Gen 3 SoC's also ?
Yes, it is common for lsch3.
Since it is common for lsh3, please suggest if we should move this configuration under if defined(CONGIF_LS1043) || defined(CONFIG_LS1046) in arch/arm/cpu/armv8/fsl-layerscape/spl.c or leave it in this file.
Ruchika
On 04/04/2017 12:06 AM, Ruchika Gupta wrote:
-----Original Message----- From: york sun Sent: Monday, April 03, 2017 9:01 PM To: Ruchika Gupta ruchika.gupta@nxp.com; u-boot@lists.denx.de Cc: Vini Pillai vinitha.pillai@nxp.com; Sumit Garg sumit.garg@nxp.com Subject: Re: [PATCH 3/3][v3] [RESEND] arm: ls1046ardb: Add SD secure boot target
On 04/03/2017 12:00 AM, Ruchika Gupta wrote:
-----Original Message----- From: york sun Sent: Saturday, April 01, 2017 1:44 AM To: Ruchika Gupta ruchika.gupta@nxp.com; u-boot@lists.denx.de Cc: Vini Pillai vinitha.pillai@nxp.com; Sumit Garg sumit.garg@nxp.com Subject: Re: [PATCH 3/3][v3] [RESEND] arm: ls1046ardb: Add SD secure boot target
On 03/29/2017 07:21 AM, Ruchika Gupta wrote:
From: Vinitha Pillai-B57223 vinitha.pillai@nxp.com
- Add SD secure boot target for ls1046ardb.
- Implement board specific spl_board_init() to setup CAAM stream ID
and
corresponding stream ID in SMMU.
- Change the u-boot size defined by a macro for copying the main
U-Boot
by SPL
to also include the u-boot Secure Boot header size as header is appended
to
u-boot image. So header will also be copied from SD to DDR.
- CONFIG_MAX_SPL_SIZE is limited to 90K.SPL is copied to OCRAM
(128K)
where 32K
are reserved for use by boot ROM and 6K for the header
- Reduce the size of CAAM driver for SPL. Since the size of spl image was about 94K, Blobification functions and descriptors, that are
not
required
at the time of SPL are disabled. Further error code conversion to strings is disabled for SPL build. This reduces the spl image size to 92K.
Signed-off-by: Vinitha Pillai vinitha.pillai@nxp.com Signed-off-by: Sumit Garg sumit.garg@nxp.com Signed-off-by: Ruchika Gupta ruchika.gupta@nxp.com
Changes from v1:
- Rebased patches to latest dependent patch set
- With the dependent path set , spl imag size increased to 94K. So
- additionally reduce the spl image size by removing the functions
from
- CAAM driver that are not required in SPL flow
<snip>
+#if defined(CONFIG_SPL_BUILD) +void spl_board_init(void) +{ +#ifdef CONFIG_SECURE_BOOT
- /*
* In case of Secure Boot, the IBR configures the SMMU* to allow only Secure transactions.* SMMU must be reset in bypass mode.* Set the ClientPD bit and Clear the USFCFG Bit- */
- u32 val;
- val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) &
~(SCR0_USFCFG_MASK);
- out_le32(SMMU_SCR0, val);
- val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) &
~(SCR0_USFCFG_MASK);
- out_le32(SMMU_NSCR0, val);
+#endif +}
Is this the same as LS1043A? Can we move this function to arch/arm/cpu/armv8/fsl-layerscape/spl.c?
This is true for LS1043, LS1046, however wouldn't hold good for Chassis
gen3 SoC's like LS2088 , LS1088 etc. Is this file arch/arm/cpu/armv8/fsl- layerscape/spl.c common for the Chassis Gen 3 SoC's also ?
Yes, it is common for lsch3.
Since it is common for lsh3, please suggest if we should move this configuration under if defined(CONGIF_LS1043) || defined(CONFIG_LS1046) in arch/arm/cpu/armv8/fsl-layerscape/spl.c or leave it in this file.
I prefer to have it in a common file. It is easier to maintain. Can we use CONFIG_FSL_LSCH2 to gate these code? If you have to use SoC name, please use CONFIG_ARCH_LS1043A and CONFIG_ARCH_LS1046A.
York
-----Original Message----- From: york sun Sent: Tuesday, April 04, 2017 9:29 PM To: Ruchika Gupta ruchika.gupta@nxp.com; u-boot@lists.denx.de Cc: Vini Pillai vinitha.pillai@nxp.com; Sumit Garg sumit.garg@nxp.com Subject: Re: [PATCH 3/3][v3] [RESEND] arm: ls1046ardb: Add SD secure boot target
On 04/04/2017 12:06 AM, Ruchika Gupta wrote:
-----Original Message----- From: york sun Sent: Monday, April 03, 2017 9:01 PM To: Ruchika Gupta ruchika.gupta@nxp.com; u-boot@lists.denx.de Cc: Vini Pillai vinitha.pillai@nxp.com; Sumit Garg sumit.garg@nxp.com Subject: Re: [PATCH 3/3][v3] [RESEND] arm: ls1046ardb: Add SD secure boot target
On 04/03/2017 12:00 AM, Ruchika Gupta wrote:
-----Original Message----- From: york sun Sent: Saturday, April 01, 2017 1:44 AM To: Ruchika Gupta ruchika.gupta@nxp.com; u-boot@lists.denx.de Cc: Vini Pillai vinitha.pillai@nxp.com; Sumit Garg sumit.garg@nxp.com Subject: Re: [PATCH 3/3][v3] [RESEND] arm: ls1046ardb: Add SD secure boot target
On 03/29/2017 07:21 AM, Ruchika Gupta wrote:
From: Vinitha Pillai-B57223 vinitha.pillai@nxp.com
- Add SD secure boot target for ls1046ardb.
- Implement board specific spl_board_init() to setup CAAM stream
ID
and
corresponding stream ID in SMMU.
- Change the u-boot size defined by a macro for copying the main
U-Boot
by SPL
to also include the u-boot Secure Boot header size as header is appended
to
u-boot image. So header will also be copied from SD to DDR.
- CONFIG_MAX_SPL_SIZE is limited to 90K.SPL is copied to OCRAM
(128K)
where 32K
are reserved for use by boot ROM and 6K for the header
- Reduce the size of CAAM driver for SPL. Since the size of spl image was about 94K, Blobification functions and descriptors, that are
not
required
at the time of SPL are disabled. Further error code conversion to strings is disabled for SPL build. This reduces the spl image size to 92K.
Signed-off-by: Vinitha Pillai vinitha.pillai@nxp.com Signed-off-by: Sumit Garg sumit.garg@nxp.com Signed-off-by: Ruchika Gupta ruchika.gupta@nxp.com
Changes from v1:
- Rebased patches to latest dependent patch set
- With the dependent path set , spl imag size increased to 94K. So
- additionally reduce the spl image size by removing the
functions from
- CAAM driver that are not required in SPL flow
<snip>
+#if defined(CONFIG_SPL_BUILD) +void spl_board_init(void) +{ +#ifdef CONFIG_SECURE_BOOT
- /*
* In case of Secure Boot, the IBR configures the SMMU* to allow only Secure transactions.* SMMU must be reset in bypass mode.* Set the ClientPD bit and Clear the USFCFG Bit- */
- u32 val;
- val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) &
~(SCR0_USFCFG_MASK);
- out_le32(SMMU_SCR0, val);
- val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) &
~(SCR0_USFCFG_MASK);
- out_le32(SMMU_NSCR0, val);
+#endif +}
Is this the same as LS1043A? Can we move this function to arch/arm/cpu/armv8/fsl-layerscape/spl.c?
This is true for LS1043, LS1046, however wouldn't hold good for Chassis
gen3 SoC's like LS2088 , LS1088 etc. Is this file arch/arm/cpu/armv8/fsl- layerscape/spl.c common for the Chassis Gen 3
SoC's also ?
Yes, it is common for lsch3.
Since it is common for lsh3, please suggest if we should move this configuration under if defined(CONGIF_LS1043) || defined(CONFIG_LS1046) in
arch/arm/cpu/armv8/fsl-layerscape/spl.c or leave it in this file.
I prefer to have it in a common file. It is easier to maintain. Can we use CONFIG_FSL_LSCH2 to gate these code? If you have to use SoC name, please use CONFIG_ARCH_LS1043A and CONFIG_ARCH_LS1046A.
Next version of patch-set sent with this change. CONFIG_FSL_LSCH2 used to gate this code.
Ruchika
participants (3)
-
Ruchika Gupta -
Sumit Garg -
york sun