[U-Boot] [PATCH 0/4] Add default secure boot env for K2x
Hello all,
This series adds the default environment variables needed to boot K2x family secure devices.
Thanks, Andrew
Andrew F. Davis (2): configs: k2x_evm: Adds FIT loading environment variables configs: k2x_evm: Reorder default boot command
Madan Srinivas (2): configs: k2x_evm: Adds environment variables for secure devices arm: mach-keystone: Updates mon_install for K2G HS
arch/arm/mach-keystone/cmd_mon.c | 8 ++++++-- arch/arm/mach-keystone/include/mach/mon.h | 2 +- arch/arm/mach-keystone/mon.c | 7 ++++--- include/configs/k2e_evm.h | 9 +++++++++ include/configs/k2g_evm.h | 23 ++++++++++++++++++++--- include/configs/k2hk_evm.h | 9 +++++++++ include/configs/ti_armv7_keystone2.h | 30 +++++++++++++++++++++++++++--- 7 files changed, 76 insertions(+), 12 deletions(-)
Updates the default u-boot environment variables to support FIT image loading.
Signed-off-by: Andrew F. Davis afd@ti.com --- include/configs/k2e_evm.h | 9 +++++++++ include/configs/k2g_evm.h | 1 + include/configs/k2hk_evm.h | 9 +++++++++ include/configs/ti_armv7_keystone2.h | 10 +++++++++- 4 files changed, 28 insertions(+), 1 deletion(-)
diff --git a/include/configs/k2e_evm.h b/include/configs/k2e_evm.h index b186bfc891..edbc48301e 100644 --- a/include/configs/k2e_evm.h +++ b/include/configs/k2e_evm.h @@ -15,9 +15,18 @@ /* Platform type */ #define CONFIG_SOC_K2E
+#ifdef CONFIG_TI_SECURE_DEVICE +#define DEFAULT_SEC_BOOT_ENV \ + DEFAULT_FIT_TI_ARGS \ + "findfdt=setenv fdtfile ${name_fdt}\0" +#else +#define DEFAULT_SEC_BOOT_ENV +#endif + /* U-Boot general configuration */ #define CONFIG_EXTRA_ENV_KS2_BOARD_SETTINGS \ DEFAULT_FW_INITRAMFS_BOOT_ENV \ + DEFAULT_SEC_BOOT_ENV \ "boot=ubi\0" \ "args_ubi=setenv bootargs ${bootargs} rootfstype=ubifs " \ "root=ubi0:rootfs rootflags=sync rw ubi.mtd=ubifs,2048\0" \ diff --git a/include/configs/k2g_evm.h b/include/configs/k2g_evm.h index 5bf630e7f2..95317bb001 100644 --- a/include/configs/k2g_evm.h +++ b/include/configs/k2g_evm.h @@ -23,6 +23,7 @@ DEFAULT_MMC_TI_ARGS \ DEFAULT_PMMC_BOOT_ENV \ DEFAULT_FW_INITRAMFS_BOOT_ENV \ + DEFAULT_FIT_TI_ARGS \ "boot=mmc\0" \ "console=ttyS0,115200n8\0" \ "bootpart=0:2\0" \ diff --git a/include/configs/k2hk_evm.h b/include/configs/k2hk_evm.h index 9598bc6976..22587fc4c5 100644 --- a/include/configs/k2hk_evm.h +++ b/include/configs/k2hk_evm.h @@ -15,9 +15,18 @@ /* Platform type */ #define CONFIG_SOC_K2HK
+#ifdef CONFIG_TI_SECURE_DEVICE +#define DEFAULT_SEC_BOOT_ENV \ + DEFAULT_FIT_TI_ARGS \ + "findfdt=setenv fdtfile ${name_fdt}\0" +#else +#define DEFAULT_SEC_BOOT_ENV +#endif + /* U-Boot general configuration */ #define CONFIG_EXTRA_ENV_KS2_BOARD_SETTINGS \ DEFAULT_FW_INITRAMFS_BOOT_ENV \ + DEFAULT_SEC_BOOT_ENV \ "boot=ubi\0" \ "args_ubi=setenv bootargs ${bootargs} rootfstype=ubifs " \ "root=ubi0:rootfs rootflags=sync rw ubi.mtd=ubifs,2048\0" \ diff --git a/include/configs/ti_armv7_keystone2.h b/include/configs/ti_armv7_keystone2.h index ac8dabd9ca..e7706c4818 100644 --- a/include/configs/ti_armv7_keystone2.h +++ b/include/configs/ti_armv7_keystone2.h @@ -266,7 +266,13 @@ "get_kern_ubi=ubifsload ${loadaddr} ${bootdir}/${name_kern}\0" \ "get_mon_net=dhcp ${addr_mon} ${tftp_root}/${name_mon}\0" \ "get_mon_nfs=nfs ${addr_mon} ${nfs_root}/boot/${name_mon}\0" \ - "get_mon_ubi=ubifsload ${addr_mon} ${bootdir}/${name_mon}\0" \ + "get_mon_ubi=ubifsload ${addr_mon} ${bootdir}/${name_mon}\0" \ + "get_fit_net=dhcp ${fit_loadaddr} ${tftp_root}" \ + "/${fit_bootfile}\0" \ + "get_fit_nfs=nfs ${fit_loadaddr} ${nfs_root}/boot/${fit_bootfile}\0"\ + "get_fit_ubi=ubifsload ${fit_loadaddr} ${bootdir}/${fit_bootfile}\0"\ + "get_fit_mmc=load mmc ${bootpart} ${fit_loadaddr} " \ + "${bootdir}/${fit_bootfile}\0" \ "get_uboot_net=dhcp ${loadaddr} ${tftp_root}/${name_uboot}\0" \ "get_uboot_nfs=nfs ${loadaddr} ${nfs_root}/boot/${name_uboot}\0" \ "burn_uboot_spi=sf probe; sf erase 0 0x80000; " \ @@ -282,6 +288,8 @@ "get_fdt_ramfs=dhcp ${fdtaddr} ${tftp_root}/${name_fdt}\0" \ "get_kern_ramfs=dhcp ${loadaddr} ${tftp_root}/${name_kern}\0" \ "get_mon_ramfs=dhcp ${addr_mon} ${tftp_root}/${name_mon}\0" \ + "get_fit_ramfs=dhcp ${fit_loadaddr} ${tftp_root}" \ + "/${fit_bootfile}\0" \ "get_fs_ramfs=dhcp ${rdaddr} ${tftp_root}/${name_fs}\0" \ "get_ubi_net=dhcp ${addr_ubi} ${tftp_root}/${name_ubi}\0" \ "get_ubi_nfs=nfs ${addr_ubi} ${nfs_root}/boot/${name_ubi}\0" \
On Mon, Jul 17, 2017 at 12:59:12PM -0500, Andrew F. Davis wrote:
Updates the default u-boot environment variables to support FIT image loading.
Signed-off-by: Andrew F. Davis afd@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
On Mon, Jul 17, 2017 at 12:59:12PM -0500, Andrew F. Davis wrote:
Updates the default u-boot environment variables to support FIT image loading.
Signed-off-by: Andrew F. Davis afd@ti.com Reviewed-by: Tom Rini trini@konsulko.com
Applied to u-boot/master, thanks!
From: Madan Srinivas madans@ti.com
Updates the default u-boot environment variables to support secure boot. On secure devices, a secure boot monitor (sec-bm) needs to be installed by u-boot.
Signed-off-by: Madan Srinivas madans@ti.com --- include/configs/k2g_evm.h | 7 +++++++ include/configs/ti_armv7_keystone2.h | 10 ++++++++++ 2 files changed, 17 insertions(+)
diff --git a/include/configs/k2g_evm.h b/include/configs/k2g_evm.h index 95317bb001..3c999df350 100644 --- a/include/configs/k2g_evm.h +++ b/include/configs/k2g_evm.h @@ -52,11 +52,18 @@ "get_mon_mmc=load mmc ${bootpart} ${addr_mon} ${bootdir}/${name_mon}\0"\ "name_fs=arago-base-tisdk-image-k2g-evm.cpio\0"
+#ifndef CONFIG_TI_SECURE_DEVICE #define CONFIG_BOOTCOMMAND \ "run envboot; " \ "run set_name_pmmc init_${boot} init_fw_rd_${boot} " \ "get_pmmc_${boot} run_pmmc get_mon_${boot} run_mon " \ "findfdt get_fdt_${boot} get_kern_${boot} run_kern" +#else +#define CONFIG_BOOTCOMMAND \ + "run envboot; run run_mon_hs set_name_pmmc init_${boot} " \ + "get_pmmc_${boot} run_pmmc findfdt get_fit_${boot};" \ + "bootm ${fit_loadaddr}#${name_fdt} " +#endif
/* SPL SPI Loader Configuration */ #define CONFIG_SPL_TEXT_BASE 0x0c080000 diff --git a/include/configs/ti_armv7_keystone2.h b/include/configs/ti_armv7_keystone2.h index e7706c4818..e7dc522da2 100644 --- a/include/configs/ti_armv7_keystone2.h +++ b/include/configs/ti_armv7_keystone2.h @@ -252,7 +252,11 @@ "addr_secdb_key=0xc000000\0" \ "name_kern=zImage\0" \ "addr_mon=0x87000000\0" \ + "addr_non_sec_mon=0x0c087fc0\0" \ + "addr_load_sec_bm=0x0c08c000\0" \ "run_mon=mon_install ${addr_mon}\0" \ + "run_mon_hs=mon_install ${addr_non_sec_mon} " \ + "${addr_load_sec_bm}\0" \ "run_kern=bootz ${loadaddr} ${rd_spec} ${fdtaddr}\0" \ "init_net=run args_all args_net\0" \ "init_nfs=setenv autoload no; dhcp; run args_all args_net\0" \ @@ -304,9 +308,15 @@ "1024k(bootloader)ro,512k(params)ro,-(ubifs)\0"
#ifndef CONFIG_BOOTCOMMAND +#ifndef CONFIG_TI_SECURE_DEVICE #define CONFIG_BOOTCOMMAND \ "run init_${boot} get_mon_${boot} run_mon init_fw_rd_${boot} " \ "get_fdt_${boot} get_kern_${boot} run_kern" +#else +#define CONFIG_BOOTCOMMAND \ + "run run_mon_hs init_${boot} init_fw_rd_${boot} " \ + "get_fit_${boot}; bootm ${fit_loadaddr}#${name_fdt}" +#endif #endif
#define CONFIG_BOOTARGS \
On Mon, Jul 17, 2017 at 12:59:13PM -0500, Andrew F. Davis wrote:
From: Madan Srinivas madans@ti.com
Updates the default u-boot environment variables to support secure boot. On secure devices, a secure boot monitor (sec-bm) needs to be installed by u-boot.
Signed-off-by: Madan Srinivas madans@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
On Mon, Jul 17, 2017 at 12:59:13PM -0500, Andrew F. Davis wrote:
From: Madan Srinivas madans@ti.com
Updates the default u-boot environment variables to support secure boot. On secure devices, a secure boot monitor (sec-bm) needs to be installed by u-boot.
Signed-off-by: Madan Srinivas madans@ti.com Reviewed-by: Tom Rini trini@konsulko.com
Applied to u-boot/master, thanks!
We first split the CONFIG_BOOTCOMMAND into its components to improve readability. We then make the following order changes:
- Run findfdt first so the fdt name can be used in envboot like OMAP - Install the boot monitor before running the PMMC so we can make any needed secure changes before PMMC, do this on both HS and non-HS - Move set_name_pmmc to just before get_pmmc_${boot}
Signed-off-by: Andrew F. Davis afd@ti.com --- include/configs/k2g_evm.h | 21 +++++++++++++++------ include/configs/ti_armv7_keystone2.h | 14 ++++++++++---- 2 files changed, 25 insertions(+), 10 deletions(-)
diff --git a/include/configs/k2g_evm.h b/include/configs/k2g_evm.h index 3c999df350..e9d3334f9f 100644 --- a/include/configs/k2g_evm.h +++ b/include/configs/k2g_evm.h @@ -54,15 +54,24 @@
#ifndef CONFIG_TI_SECURE_DEVICE #define CONFIG_BOOTCOMMAND \ + "run findfdt; " \ "run envboot; " \ - "run set_name_pmmc init_${boot} init_fw_rd_${boot} " \ - "get_pmmc_${boot} run_pmmc get_mon_${boot} run_mon " \ - "findfdt get_fdt_${boot} get_kern_${boot} run_kern" + "run init_${boot}; " \ + "run get_mon_${boot} run_mon; " \ + "run set_name_pmmc get_pmmc_${boot} run_pmmc; " \ + "run get_kern_${boot}; " \ + "run init_fw_rd_${boot}; " \ + "run get_fdt_${boot}; " \ + "run run_kern" #else #define CONFIG_BOOTCOMMAND \ - "run envboot; run run_mon_hs set_name_pmmc init_${boot} " \ - "get_pmmc_${boot} run_pmmc findfdt get_fit_${boot};" \ - "bootm ${fit_loadaddr}#${name_fdt} " + "run findfdt; " \ + "run envboot; " \ + "run run_mon_hs; " \ + "run init_${boot}; " \ + "run set_name_pmmc get_pmmc_${boot} run_pmmc; " \ + "run get_fit_${boot}; " \ + "bootm ${fit_loadaddr}#${name_fdt}" #endif
/* SPL SPI Loader Configuration */ diff --git a/include/configs/ti_armv7_keystone2.h b/include/configs/ti_armv7_keystone2.h index e7dc522da2..e9c51636b0 100644 --- a/include/configs/ti_armv7_keystone2.h +++ b/include/configs/ti_armv7_keystone2.h @@ -310,12 +310,18 @@ #ifndef CONFIG_BOOTCOMMAND #ifndef CONFIG_TI_SECURE_DEVICE #define CONFIG_BOOTCOMMAND \ - "run init_${boot} get_mon_${boot} run_mon init_fw_rd_${boot} " \ - "get_fdt_${boot} get_kern_${boot} run_kern" + "run init_${boot}; " \ + "run get_mon_${boot} run_mon; " \ + "run get_kern_${boot}; " \ + "run init_fw_rd_${boot}; " \ + "run get_fdt_${boot}; " \ + "run run_kern" #else #define CONFIG_BOOTCOMMAND \ - "run run_mon_hs init_${boot} init_fw_rd_${boot} " \ - "get_fit_${boot}; bootm ${fit_loadaddr}#${name_fdt}" + "run run_mon_hs; " \ + "run init_${boot}; " \ + "run get_fit_${boot}; " \ + "bootm ${fit_loadaddr}#${name_fdt}" #endif #endif
On Mon, Jul 17, 2017 at 12:59:14PM -0500, Andrew F. Davis wrote:
We first split the CONFIG_BOOTCOMMAND into its components to improve readability. We then make the following order changes:
- Run findfdt first so the fdt name can be used in envboot like OMAP
- Install the boot monitor before running the PMMC so we can make any needed secure changes before PMMC, do this on both HS and non-HS
- Move set_name_pmmc to just before get_pmmc_${boot}
Signed-off-by: Andrew F. Davis afd@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
On Mon, Jul 17, 2017 at 12:59:14PM -0500, Andrew F. Davis wrote:
We first split the CONFIG_BOOTCOMMAND into its components to improve readability. We then make the following order changes:
- Run findfdt first so the fdt name can be used in envboot like OMAP
- Install the boot monitor before running the PMMC so we can make any needed secure changes before PMMC, do this on both HS and non-HS
- Move set_name_pmmc to just before get_pmmc_${boot}
Signed-off-by: Andrew F. Davis afd@ti.com Reviewed-by: Tom Rini trini@konsulko.com
Applied to u-boot/master, thanks!
From: Madan Srinivas madans@ti.com
On early K2 devices (eg. K2HK) the secure ROM code does not support loading secure code to firewall protected memory, before decrypting, authenticating and executing it.
To load the boot monitor on these devices, it is necessary to first authenticate and run a copy loop from non-secure memory that copies the boot monitor behind firewall protected memory, before decrypting and executing it.
On K2G, the secure ROM does not allow secure code executing from unprotected memory. Further, ROM first copies the signed and encrypted image into firewall protected memory, then decrypts, authenticates and executes it.
As a result of this, we cannot use the copy loop for K2G. The mon_install has to be modified to pass the address the signed and encrypted secure boot monitor image to the authentication API.
For backward compatibility with other K2 devices and K2G GP, the mon_install API still supports a single argument. In this case the second argument is set to 0 by u-boot and is ignored by ROM
Signed-off-by: Thanh Tran thanh-tran@ti.com Signed-off-by: Madan Srinivas madans@ti.com --- arch/arm/mach-keystone/cmd_mon.c | 8 ++++++-- arch/arm/mach-keystone/include/mach/mon.h | 2 +- arch/arm/mach-keystone/mon.c | 7 ++++--- 3 files changed, 11 insertions(+), 6 deletions(-)
diff --git a/arch/arm/mach-keystone/cmd_mon.c b/arch/arm/mach-keystone/cmd_mon.c index 591e75826b..c2525bd756 100644 --- a/arch/arm/mach-keystone/cmd_mon.c +++ b/arch/arm/mach-keystone/cmd_mon.c @@ -19,6 +19,7 @@ static int do_mon_install(cmd_tbl_t *cmdtp, int flag, int argc, u32 addr, dpsc_base = 0x1E80000, freq, load_addr, size; int rcode = 0; struct image_header *header; + u32 ecrypt_bm_addr = 0;
if (argc < 2) return CMD_RET_USAGE; @@ -39,14 +40,17 @@ static int do_mon_install(cmd_tbl_t *cmdtp, int flag, int argc, memcpy((void *)load_addr, (void *)(addr + sizeof(struct image_header)), size);
- rcode = mon_install(load_addr, dpsc_base, freq); + if (argc >= 3) + ecrypt_bm_addr = simple_strtoul(argv[2], NULL, 16); + + rcode = mon_install(load_addr, dpsc_base, freq, ecrypt_bm_addr); printf("## installed monitor @ 0x%x, freq [%d], status %d\n", load_addr, freq, rcode);
return 0; }
-U_BOOT_CMD(mon_install, 2, 0, do_mon_install, +U_BOOT_CMD(mon_install, 3, 0, do_mon_install, "Install boot kernel at 'addr'", "" ); diff --git a/arch/arm/mach-keystone/include/mach/mon.h b/arch/arm/mach-keystone/include/mach/mon.h index eb7aa938af..30c57e0f8f 100644 --- a/arch/arm/mach-keystone/include/mach/mon.h +++ b/arch/arm/mach-keystone/include/mach/mon.h @@ -10,7 +10,7 @@ #ifndef _MACH_MON_H_ #define _MACH_MON_H_
-int mon_install(u32 addr, u32 dpsc, u32 freq); +int mon_install(u32 addr, u32 dpsc, u32 freq, u32 bm_addr); int mon_power_on(int core_id, void *ep); int mon_power_off(int core_id);
diff --git a/arch/arm/mach-keystone/mon.c b/arch/arm/mach-keystone/mon.c index ebfb483a1b..7076a2a67b 100644 --- a/arch/arm/mach-keystone/mon.c +++ b/arch/arm/mach-keystone/mon.c @@ -13,7 +13,7 @@ #include <spl.h> asm(".arch_extension sec\n\t");
-int mon_install(u32 addr, u32 dpsc, u32 freq) +int mon_install(u32 addr, u32 dpsc, u32 freq, u32 bm_addr) { int result;
@@ -22,11 +22,12 @@ int mon_install(u32 addr, u32 dpsc, u32 freq) "mov r0, %1\n" "mov r1, %2\n" "mov r2, %3\n" + "mov r3, %4\n" "blx r0\n" "ldmfd r13!, {lr}\n" : "=&r" (result) - : "r" (addr), "r" (dpsc), "r" (freq) - : "cc", "r0", "r1", "r2", "memory"); + : "r" (addr), "r" (dpsc), "r" (freq), "r" (bm_addr) + : "cc", "r0", "r1", "r2", "r3", "memory"); return result; }
On Mon, Jul 17, 2017 at 12:59:15PM -0500, Andrew F. Davis wrote:
From: Madan Srinivas madans@ti.com
On early K2 devices (eg. K2HK) the secure ROM code does not support loading secure code to firewall protected memory, before decrypting, authenticating and executing it.
To load the boot monitor on these devices, it is necessary to first authenticate and run a copy loop from non-secure memory that copies the boot monitor behind firewall protected memory, before decrypting and executing it.
On K2G, the secure ROM does not allow secure code executing from unprotected memory. Further, ROM first copies the signed and encrypted image into firewall protected memory, then decrypts, authenticates and executes it.
As a result of this, we cannot use the copy loop for K2G. The mon_install has to be modified to pass the address the signed and encrypted secure boot monitor image to the authentication API.
For backward compatibility with other K2 devices and K2G GP, the mon_install API still supports a single argument. In this case the second argument is set to 0 by u-boot and is ignored by ROM
Signed-off-by: Thanh Tran thanh-tran@ti.com Signed-off-by: Madan Srinivas madans@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
On Mon, Jul 17, 2017 at 12:59:15PM -0500, Andrew F. Davis wrote:
From: Madan Srinivas madans@ti.com
On early K2 devices (eg. K2HK) the secure ROM code does not support loading secure code to firewall protected memory, before decrypting, authenticating and executing it.
To load the boot monitor on these devices, it is necessary to first authenticate and run a copy loop from non-secure memory that copies the boot monitor behind firewall protected memory, before decrypting and executing it.
On K2G, the secure ROM does not allow secure code executing from unprotected memory. Further, ROM first copies the signed and encrypted image into firewall protected memory, then decrypts, authenticates and executes it.
As a result of this, we cannot use the copy loop for K2G. The mon_install has to be modified to pass the address the signed and encrypted secure boot monitor image to the authentication API.
For backward compatibility with other K2 devices and K2G GP, the mon_install API still supports a single argument. In this case the second argument is set to 0 by u-boot and is ignored by ROM
Signed-off-by: Thanh Tran thanh-tran@ti.com Signed-off-by: Madan Srinivas madans@ti.com Reviewed-by: Tom Rini trini@konsulko.com
Applied to u-boot/master, thanks!
On Mon, Jul 17, 2017 at 12:59:11PM -0500, Andrew F. Davis wrote:
Hello all,
This series adds the default environment variables needed to boot K2x family secure devices.
Thanks, Andrew
Andrew F. Davis (2): configs: k2x_evm: Adds FIT loading environment variables configs: k2x_evm: Reorder default boot command
Madan Srinivas (2): configs: k2x_evm: Adds environment variables for secure devices arm: mach-keystone: Updates mon_install for K2G HS
arch/arm/mach-keystone/cmd_mon.c | 8 ++++++-- arch/arm/mach-keystone/include/mach/mon.h | 2 +- arch/arm/mach-keystone/mon.c | 7 ++++--- include/configs/k2e_evm.h | 9 +++++++++ include/configs/k2g_evm.h | 23 ++++++++++++++++++++--- include/configs/k2hk_evm.h | 9 +++++++++ include/configs/ti_armv7_keystone2.h | 30 +++++++++++++++++++++++++++--- 7 files changed, 76 insertions(+), 12 deletions(-)
Overall, we need to look at, as a follow up, moving things into include/environment/ti/, thanks!
participants (2)
-
Andrew F. Davis -
Tom Rini