[U-Boot] [PATCH 1/2][v6] powerpc/mpc85xx: SECURE BOOT- NAND secure boot target for P3041
Secure Boot Target is added for NAND for P3041. Changes: In PowerPC, the core begins execution from address 0xFFFFFFFC. In case of secure boot, this default address maps to Boot ROM. The Boot ROM code requires that the bootloader(U-boot) must lie in 0 to 3.5G address space i.e. 0x0 - 0xDFFFFFFF.
In case of NAND Secure Boot, CONFIG_SYS_RAMBOOT is enabled and CPC is configured as SRAM. U-Boot binary will be located on this SRAM at location 0xBFF40000 with entry point as 0xBFFFFFFC.
Signed-off-by: Ruchika Gupta ruchika.gupta@freescale.com Signed-off-by: Aneesh Bansal aneesh.bansal@freescale.com --- Changes in v6: Changed the version in Patchset.
Makefile | 4 ++++ arch/powerpc/cpu/mpc85xx/cpu_init.c | 17 +++++++++++++++++ board/freescale/common/p_corenet/tlb.c | 19 +++++++++++++++++-- board/freescale/corenet_ds/MAINTAINERS | 5 +++++ configs/P3041DS_NAND_SECURE_BOOT_defconfig | 4 ++++ include/configs/corenet_ds.h | 21 +++++++++++++++++++++ 6 files changed, 68 insertions(+), 2 deletions(-) create mode 100644 configs/P3041DS_NAND_SECURE_BOOT_defconfig
diff --git a/Makefile b/Makefile index bd4abab..acfaa23 100644 --- a/Makefile +++ b/Makefile @@ -719,8 +719,12 @@ ALL-$(CONFIG_ONENAND_U_BOOT) += u-boot-onenand.bin ifeq ($(CONFIG_SPL_FSL_PBL),y) ALL-$(CONFIG_RAMBOOT_PBL) += u-boot-with-spl-pbl.bin else +ifneq ($(CONFIG_SECURE_BOOT), y) +# For Secure Boot The Image needs to be signed and Header must also +# be included. So The image has to be built explicitly ALL-$(CONFIG_RAMBOOT_PBL) += u-boot.pbl endif +endif ALL-$(CONFIG_SPL) += spl/u-boot-spl.bin ALL-$(CONFIG_SPL_FRAMEWORK) += u-boot.img ALL-$(CONFIG_TPL) += tpl/u-boot-tpl.bin diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init.c b/arch/powerpc/cpu/mpc85xx/cpu_init.c index 4cf8853..1f520fe 100644 --- a/arch/powerpc/cpu/mpc85xx/cpu_init.c +++ b/arch/powerpc/cpu/mpc85xx/cpu_init.c @@ -843,6 +843,23 @@ int cpu_init_r(void) setup_mp(); #endif
+#if defined(CONFIG_SYS_RAMBOOT) && defined(CONFIG_SYS_INIT_L3_ADDR) && \ + defined(CONFIG_SECURE_BOOT) + /* Disable the TLB Created for L3 and create the TLB required for + * PCIE which was not created earlier. + */ + int tlb_index; + tlb_index = find_tlb_idx((void *)CONFIG_BPTR_VIRT_ADDR, 1); + if (tlb_index != -1) { + disable_tlb(tlb_index); + + set_tlb(1, CONFIG_SECBOOT_TLB_VIRT_ADDR, + CONFIG_SECBOOT_TLB_PHYS_ADDR, + CONFIG_SECBOOT_TLB_PERM, CONFIG_SECBOOT_TLB_ATTR, + 0, tlb_index, CONFIG_SECBOOT_TLB_PAGESZ, 1); + } +#endif + #ifdef CONFIG_SYS_FSL_ERRATUM_ESDHC13 { if (SVR_MAJ(svr) < 3) { diff --git a/board/freescale/common/p_corenet/tlb.c b/board/freescale/common/p_corenet/tlb.c index 8148e46..dcadba1 100644 --- a/board/freescale/common/p_corenet/tlb.c +++ b/board/freescale/common/p_corenet/tlb.c @@ -42,7 +42,9 @@ struct fsl_e_tlb_entry tlb_table[] = {
/* TLB 1 */ /* *I*** - Covers boot page */ -#if defined(CONFIG_SYS_RAMBOOT) && defined(CONFIG_SYS_INIT_L3_ADDR) + /* In Case of Secure RAM Boot L3 address is defined at 0xbff00000 */ +#if defined(CONFIG_SYS_RAMBOOT) && defined(CONFIG_SYS_INIT_L3_ADDR) && \ + !defined(CONFIG_SECURE_BOOT) /* * *I*G - L3SRAM. When L3 is used as 1M SRAM, the address of the * SRAM is at 0xfff00000, it covered the 0xfffff000. @@ -76,11 +78,24 @@ struct fsl_e_tlb_entry tlb_table[] = { MAS3_SX|MAS3_SR, MAS2_W|MAS2_G, 0, 2, BOOKE_PAGESZ_256M, 1),
+#if defined(CONFIG_SYS_RAMBOOT) && defined(CONFIG_SYS_INIT_L3_ADDR) && \ + defined(CONFIG_SECURE_BOOT) + /* In case of Secure Boot, L3 is used as 1M SRAM + * and the address of the SRAM is at 0xbff00000. + * The PCIE TLB entry conflicts with the above entry. + * So, the entry for PCIE is not created at this point of time. + * It will be created later on in cpu_init_r() + * when U-Boot has relocated to DDR + */ + SET_TLB_ENTRY(1, CONFIG_SYS_INIT_L3_ADDR, CONFIG_SYS_INIT_L3_ADDR, + MAS3_SX|MAS3_SW|MAS3_SR, MAS2_I|MAS2_G, + 0, 3, BOOKE_PAGESZ_1M, 1), +#else /* *I*G* - PCI */ SET_TLB_ENTRY(1, CONFIG_SYS_PCIE1_MEM_VIRT, CONFIG_SYS_PCIE1_MEM_PHYS, MAS3_SW|MAS3_SR, MAS2_I|MAS2_G, 0, 3, BOOKE_PAGESZ_1G, 1), - +#endif /* *I*G* - PCI */ SET_TLB_ENTRY(1, CONFIG_SYS_PCIE1_MEM_VIRT + 0x40000000, CONFIG_SYS_PCIE1_MEM_PHYS + 0x40000000, diff --git a/board/freescale/corenet_ds/MAINTAINERS b/board/freescale/corenet_ds/MAINTAINERS index 745847c..6855446 100644 --- a/board/freescale/corenet_ds/MAINTAINERS +++ b/board/freescale/corenet_ds/MAINTAINERS @@ -28,3 +28,8 @@ F: configs/P5040DS_NAND_defconfig F: configs/P5040DS_SDCARD_defconfig F: configs/P5040DS_SPIFLASH_defconfig F: configs/P5040DS_SECURE_BOOT_defconfig + +CORENET_DS_SECURE_BOOT BOARD +M: Aneesh Bansal aneesh.bansal@freescale.com +S: Maintained +F: configs/P3041DS_NAND_SECURE_BOOT_defconfig diff --git a/configs/P3041DS_NAND_SECURE_BOOT_defconfig b/configs/P3041DS_NAND_SECURE_BOOT_defconfig new file mode 100644 index 0000000..e810b1c --- /dev/null +++ b/configs/P3041DS_NAND_SECURE_BOOT_defconfig @@ -0,0 +1,4 @@ +CONFIG_SYS_EXTRA_OPTIONS="RAMBOOT_PBL,NAND,SECURE_BOOT,SYS_TEXT_BASE=0xBFF40000" +CONFIG_PPC=y +CONFIG_MPC85xx=y +CONFIG_TARGET_P3041DS=y diff --git a/include/configs/corenet_ds.h b/include/configs/corenet_ds.h index 225ffdd..4d09133 100644 --- a/include/configs/corenet_ds.h +++ b/include/configs/corenet_ds.h @@ -16,6 +16,26 @@ #include "../board/freescale/common/ics307_clk.h"
#ifdef CONFIG_RAMBOOT_PBL +#ifdef CONFIG_SECURE_BOOT +#define CONFIG_RAMBOOT_TEXT_BASE CONFIG_SYS_TEXT_BASE +#define CONFIG_RESET_VECTOR_ADDRESS 0xbffffffc +#define CONFIG_BPTR_VIRT_ADDR 0xbffff000 + +/* In case of Secure Boot, L3 is used as 1M SRAM + * and the address of the SRAM is at 0xbff00000. + * The PCIE TLB entry conflicts with L3 TLB entry. + * The creation of PCIE TLB entry will be delayed + * till the time L3 entry is not required. + */ +#define CONFIG_SECBOOT_TLB_VIRT_ADDR CONFIG_SYS_PCIE1_MEM_VIRT +#define CONFIG_SECBOOT_TLB_PHYS_ADDR CONFIG_SYS_PCIE1_MEM_PHYS +#define CONFIG_SECBOOT_TLB_PERM MAS3_SW|MAS3_SR +#define CONFIG_SECBOOT_TLB_ATTR MAS2_I|MAS2_G +#define CONFIG_SECBOOT_TLB_PAGESZ BOOKE_PAGESZ_1G +#ifdef CONFIG_NAND +#define CONFIG_RAMBOOT_NAND +#endif +#else #define CONFIG_RAMBOOT_TEXT_BASE CONFIG_SYS_TEXT_BASE #define CONFIG_RESET_VECTOR_ADDRESS 0xfffffffc #define CONFIG_SYS_FSL_PBL_PBI board/freescale/corenet_ds/pbi.cfg @@ -29,6 +49,7 @@ #define CONFIG_SYS_FSL_PBL_RCW board/freescale/corenet_ds/rcw_p5040ds.cfg #endif #endif +#endif
#ifdef CONFIG_SRIO_PCIE_BOOT_SLAVE /* Set 1M boot space */
Aneesh,
On 03/04/2015 11:38 PM, Aneesh Bansal wrote:
Secure Boot Target is added for NAND for P3041. Changes: In PowerPC, the core begins execution from address 0xFFFFFFFC. In case of secure boot, this default address maps to Boot ROM. The Boot ROM code requires that the bootloader(U-boot) must lie in 0 to 3.5G address space i.e. 0x0 - 0xDFFFFFFF.
In case of NAND Secure Boot, CONFIG_SYS_RAMBOOT is enabled and CPC is configured as SRAM. U-Boot binary will be located on this SRAM at location 0xBFF40000 with entry point as 0xBFFFFFFC.
Signed-off-by: Ruchika Gupta ruchika.gupta@freescale.com Signed-off-by: Aneesh Bansal aneesh.bansal@freescale.com
Changes in v6: Changed the version in Patchset.
Are we closed on this patch discussion? I see open discussion for v4 patch after you posted v6.
York
We have understood what Scott was suggesting but still need to try the changes suggested by him. We haven't started on it yet.
Regards, Aneesh Bansal
-----Original Message----- From: Sun York-R58495 Sent: Monday, April 13, 2015 10:03 PM To: Bansal Aneesh-B39320; u-boot@lists.denx.de Cc: Wood Scott-B07421; Gupta Ruchika-R66431 Subject: Re: [PATCH 1/2][v6] powerpc/mpc85xx: SECURE BOOT- NAND secure boot target for P3041
Aneesh,
On 03/04/2015 11:38 PM, Aneesh Bansal wrote:
Secure Boot Target is added for NAND for P3041. Changes: In PowerPC, the core begins execution from address 0xFFFFFFFC. In case of secure boot, this default address maps to Boot ROM. The Boot ROM code requires that the bootloader(U-boot) must lie in 0 to 3.5G address space i.e. 0x0 - 0xDFFFFFFF.
In case of NAND Secure Boot, CONFIG_SYS_RAMBOOT is enabled and CPC is configured as SRAM. U-Boot binary will be located on this SRAM at location 0xBFF40000 with entry point as 0xBFFFFFFC.
Signed-off-by: Ruchika Gupta ruchika.gupta@freescale.com Signed-off-by: Aneesh Bansal aneesh.bansal@freescale.com
Changes in v6: Changed the version in Patchset.
Are we closed on this patch discussion? I see open discussion for v4 patch after you posted v6.
York
participants (3)
-
Aneesh Bansal -
aneesh.bansal@freescale.com
-
York Sun