[U-Boot] [PATCH v3 0/3] LS1046A secure boot target addition
The patch-set does the following:
1. Add NOR secure boot target on ls1046aqds platform. 2. Add QSPI secure boot target on ls1046ardb platform.
Changes in v3: Changes in comment style.
Changes in v2: Split patches logically from 2 to 3.
Sumit Garg (3): SECURE_BOOT: Enable chain of trust on LS1046A platform LS1046AQDS: Add NOR Secure Boot Target LS1046ARDB: Add QSPI Secure Boot target
arch/arm/include/asm/arch-fsl-layerscape/config.h | 2 +- arch/arm/include/asm/fsl_secure_boot.h | 20 ++++++++++++---- board/freescale/ls1046aqds/MAINTAINERS | 4 ++++ board/freescale/ls1046aqds/ls1046aqds.c | 19 +++++++++++++++ board/freescale/ls1046ardb/MAINTAINERS | 4 ++++ board/freescale/ls1046ardb/ls1046ardb.c | 19 +++++++++++++++ configs/ls1046aqds_SECURE_BOOT_defconfig | 29 +++++++++++++++++++++++ configs/ls1046ardb_qspi_SECURE_BOOT_defconfig | 28 ++++++++++++++++++++++ include/configs/ls1046ardb.h | 2 ++ 9 files changed, 121 insertions(+), 6 deletions(-) create mode 100644 configs/ls1046aqds_SECURE_BOOT_defconfig create mode 100644 configs/ls1046ardb_qspi_SECURE_BOOT_defconfig
Define bootscript and its header addresses for QSPI target. Also define PPA header address to enable PPA validation.
Signed-off-by: Vinitha Pillai vinitha.pillai@nxp.com Signed-off-by: Sumit Garg sumit.garg@nxp.com ---
Changes in v3: Changes in comment style.
Changes in v2: Split patches logically from 2 to 3.
arch/arm/include/asm/arch-fsl-layerscape/config.h | 2 +- arch/arm/include/asm/fsl_secure_boot.h | 20 +++++++++++++++----- 2 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h b/arch/arm/include/asm/arch-fsl-layerscape/config.h index 6073d44..dd5ce9d 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/config.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h @@ -175,7 +175,7 @@
#define CONFIG_SYS_FSL_IFC_BE #define CONFIG_SYS_FSL_SFP_VER_3_2 -#define CONFIG_SYS_FSL_SNVS_LE +#define CONFIG_SYS_FSL_SEC_MON_BE #define CONFIG_SYS_FSL_SFP_BE #define CONFIG_SYS_FSL_SRK_LE #define CONFIG_KEY_REVOCATION diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index 4525287..b270c96 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -59,9 +59,10 @@
#endif
-#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A) -/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit - * Similiarly for LS2080 +#if defined(CONFIG_FSL_LAYERSCAPE) +/* + * For fsl layerscape based platforms, ESBC image Address in Header + * is 64 bit. */ #define CONFIG_ESBC_ADDR_64BIT #endif @@ -103,12 +104,19 @@ #define CONFIG_BS_ADDR_DEVICE 0x00000840 #define CONFIG_BS_HDR_SIZE 0x00000010 #define CONFIG_BS_SIZE 0x00000008 -#else +#elif defined(CONFIG_QSPI_BOOT) +#ifdef CONFIG_ARCH_LS1046A +#define CONFIG_BS_HDR_ADDR_DEVICE 0x40780000 +#define CONFIG_BS_ADDR_DEVICE 0x40800000 +#endif +#define CONFIG_BS_HDR_SIZE 0x00002000 +#define CONFIG_BS_SIZE 0x00001000 +#else /* Default NOR Boot */ #define CONFIG_BS_HDR_ADDR_DEVICE 0x600a0000 #define CONFIG_BS_ADDR_DEVICE 0x60060000 #define CONFIG_BS_HDR_SIZE 0x00002000 #define CONFIG_BS_SIZE 0x00001000 -#endif /* #ifdef CONFIG_SD_BOOT */ +#endif #define CONFIG_BS_HDR_ADDR_RAM 0x81000000 #define CONFIG_BS_ADDR_RAM 0x81020000 #endif @@ -125,6 +133,8 @@ #ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP #ifdef CONFIG_LS1043A #define CONFIG_SYS_LS_PPA_ESBC_ADDR 0x600c0000 +#elif defined(CONFIG_ARCH_LS1046A) +#define CONFIG_SYS_LS_PPA_ESBC_ADDR 0x40740000 #endif #else #error "No CONFIG_SYS_LS_PPA_FW_IN_xxx defined"
On 01/05/2017 10:32 PM, Sumit Garg wrote:
Define bootscript and its header addresses for QSPI target. Also define PPA header address to enable PPA validation.
Signed-off-by: Vinitha Pillai vinitha.pillai@nxp.com Signed-off-by: Sumit Garg sumit.garg@nxp.com
Changes in v3: Changes in comment style.
Changes in v2: Split patches logically from 2 to 3.
arch/arm/include/asm/arch-fsl-layerscape/config.h | 2 +- arch/arm/include/asm/fsl_secure_boot.h | 20 +++++++++++++++----- 2 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h b/arch/arm/include/asm/arch-fsl-layerscape/config.h index 6073d44..dd5ce9d 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/config.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h @@ -175,7 +175,7 @@
#define CONFIG_SYS_FSL_IFC_BE #define CONFIG_SYS_FSL_SFP_VER_3_2 -#define CONFIG_SYS_FSL_SNVS_LE +#define CONFIG_SYS_FSL_SEC_MON_BE #define CONFIG_SYS_FSL_SFP_BE #define CONFIG_SYS_FSL_SRK_LE #define CONFIG_KEY_REVOCATION diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index 4525287..b270c96 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -59,9 +59,10 @@
#endif
-#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A) -/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit
- Similiarly for LS2080
+#if defined(CONFIG_FSL_LAYERSCAPE) +/*
- For fsl layerscape based platforms, ESBC image Address in Header
*/
- is 64 bit.
#define CONFIG_ESBC_ADDR_64BIT #endif @@ -103,12 +104,19 @@ #define CONFIG_BS_ADDR_DEVICE 0x00000840 #define CONFIG_BS_HDR_SIZE 0x00000010 #define CONFIG_BS_SIZE 0x00000008 -#else +#elif defined(CONFIG_QSPI_BOOT) +#ifdef CONFIG_ARCH_LS1046A +#define CONFIG_BS_HDR_ADDR_DEVICE 0x40780000 +#define CONFIG_BS_ADDR_DEVICE 0x40800000 +#endif
How about #else? If you don't expect #else here, please put an error. You may have other than LS1046A in the future.
York
-----Original Message----- From: york sun Sent: Tuesday, January 17, 2017 3:29 AM To: Sumit Garg sumit.garg@nxp.com; u-boot@lists.denx.de Cc: Ruchika Gupta ruchika.gupta@nxp.com; Prabhakar Kushwaha prabhakar.kushwaha@nxp.com; Vini Pillai vinitha.pillai@nxp.com Subject: Re: [PATCH v3 1/3] SECURE_BOOT: Enable chain of trust on LS1046A platform
On 01/05/2017 10:32 PM, Sumit Garg wrote:
Define bootscript and its header addresses for QSPI target. Also define PPA header address to enable PPA validation.
Signed-off-by: Vinitha Pillai vinitha.pillai@nxp.com Signed-off-by: Sumit Garg sumit.garg@nxp.com
Changes in v3: Changes in comment style.
Changes in v2: Split patches logically from 2 to 3.
arch/arm/include/asm/arch-fsl-layerscape/config.h | 2 +- arch/arm/include/asm/fsl_secure_boot.h | 20 +++++++++++++++----- 2 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h b/arch/arm/include/asm/arch-fsl-layerscape/config.h index 6073d44..dd5ce9d 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/config.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h @@ -175,7 +175,7 @@
#define CONFIG_SYS_FSL_IFC_BE #define CONFIG_SYS_FSL_SFP_VER_3_2 -#define CONFIG_SYS_FSL_SNVS_LE +#define CONFIG_SYS_FSL_SEC_MON_BE #define CONFIG_SYS_FSL_SFP_BE #define CONFIG_SYS_FSL_SRK_LE #define CONFIG_KEY_REVOCATION diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index 4525287..b270c96 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -59,9 +59,10 @@
#endif
-#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A) -/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit
- Similiarly for LS2080
+#if defined(CONFIG_FSL_LAYERSCAPE) +/*
- For fsl layerscape based platforms, ESBC image Address in Header
*/
- is 64 bit.
#define CONFIG_ESBC_ADDR_64BIT #endif @@ -103,12 +104,19 @@ #define CONFIG_BS_ADDR_DEVICE 0x00000840 #define CONFIG_BS_HDR_SIZE 0x00000010 #define CONFIG_BS_SIZE 0x00000008 -#else +#elif defined(CONFIG_QSPI_BOOT) +#ifdef CONFIG_ARCH_LS1046A +#define CONFIG_BS_HDR_ADDR_DEVICE 0x40780000 +#define CONFIG_BS_ADDR_DEVICE 0x40800000 +#endif
How about #else? If you don't expect #else here, please put an error. You may have other than LS1046A in the future.
York
We do expect LS1012A, LS1088A platforms with QSPI secure boot. Patch [1] is for LS1012A is in sequence with this patch which provides #elif part for this #ifdef.
On 01/17/2017 03:10 AM, Sumit Garg wrote:
-----Original Message----- From: york sun Sent: Tuesday, January 17, 2017 3:29 AM To: Sumit Garg sumit.garg@nxp.com; u-boot@lists.denx.de Cc: Ruchika Gupta ruchika.gupta@nxp.com; Prabhakar Kushwaha prabhakar.kushwaha@nxp.com; Vini Pillai vinitha.pillai@nxp.com Subject: Re: [PATCH v3 1/3] SECURE_BOOT: Enable chain of trust on LS1046A platform
On 01/05/2017 10:32 PM, Sumit Garg wrote:
Define bootscript and its header addresses for QSPI target. Also define PPA header address to enable PPA validation.
Signed-off-by: Vinitha Pillai vinitha.pillai@nxp.com Signed-off-by: Sumit Garg sumit.garg@nxp.com
Changes in v3: Changes in comment style.
Changes in v2: Split patches logically from 2 to 3.
arch/arm/include/asm/arch-fsl-layerscape/config.h | 2 +- arch/arm/include/asm/fsl_secure_boot.h | 20 +++++++++++++++----- 2 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h b/arch/arm/include/asm/arch-fsl-layerscape/config.h index 6073d44..dd5ce9d 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/config.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h @@ -175,7 +175,7 @@
#define CONFIG_SYS_FSL_IFC_BE #define CONFIG_SYS_FSL_SFP_VER_3_2 -#define CONFIG_SYS_FSL_SNVS_LE +#define CONFIG_SYS_FSL_SEC_MON_BE #define CONFIG_SYS_FSL_SFP_BE #define CONFIG_SYS_FSL_SRK_LE #define CONFIG_KEY_REVOCATION diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index 4525287..b270c96 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -59,9 +59,10 @@
#endif
-#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A) -/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit
- Similiarly for LS2080
+#if defined(CONFIG_FSL_LAYERSCAPE) +/*
- For fsl layerscape based platforms, ESBC image Address in Header
*/
- is 64 bit.
#define CONFIG_ESBC_ADDR_64BIT #endif @@ -103,12 +104,19 @@ #define CONFIG_BS_ADDR_DEVICE 0x00000840 #define CONFIG_BS_HDR_SIZE 0x00000010 #define CONFIG_BS_SIZE 0x00000008 -#else +#elif defined(CONFIG_QSPI_BOOT) +#ifdef CONFIG_ARCH_LS1046A +#define CONFIG_BS_HDR_ADDR_DEVICE 0x40780000 +#define CONFIG_BS_ADDR_DEVICE 0x40800000 +#endif
How about #else? If you don't expect #else here, please put an error. You may have other than LS1046A in the future.
York
We do expect LS1012A, LS1088A platforms with QSPI secure boot. Patch [1] is for LS1012A is in sequence with this patch which provides #elif part for this #ifdef.
But still you don't have #else clause. I expect a default setting, or an error or warning when you add a new SoC but forget to add proper setting here. Please keep #else in this patch.
York
-----Original Message----- From: york sun Sent: Tuesday, January 17, 2017 10:03 PM To: Sumit Garg sumit.garg@nxp.com; u-boot@lists.denx.de Cc: Ruchika Gupta ruchika.gupta@nxp.com; Prabhakar Kushwaha prabhakar.kushwaha@nxp.com; Vini Pillai vinitha.pillai@nxp.com Subject: Re: [PATCH v3 1/3] SECURE_BOOT: Enable chain of trust on LS1046A platform
On 01/17/2017 03:10 AM, Sumit Garg wrote:
-----Original Message----- From: york sun Sent: Tuesday, January 17, 2017 3:29 AM To: Sumit Garg sumit.garg@nxp.com; u-boot@lists.denx.de Cc: Ruchika Gupta ruchika.gupta@nxp.com; Prabhakar Kushwaha prabhakar.kushwaha@nxp.com; Vini Pillai vinitha.pillai@nxp.com Subject: Re: [PATCH v3 1/3] SECURE_BOOT: Enable chain of trust on LS1046A platform
On 01/05/2017 10:32 PM, Sumit Garg wrote:
Define bootscript and its header addresses for QSPI target. Also define PPA header address to enable PPA validation.
Signed-off-by: Vinitha Pillai vinitha.pillai@nxp.com Signed-off-by: Sumit Garg sumit.garg@nxp.com
Changes in v3: Changes in comment style.
Changes in v2: Split patches logically from 2 to 3.
arch/arm/include/asm/arch-fsl-layerscape/config.h | 2 +- arch/arm/include/asm/fsl_secure_boot.h | 20 +++++++++++++++---
--
2 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h b/arch/arm/include/asm/arch-fsl-layerscape/config.h index 6073d44..dd5ce9d 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/config.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h @@ -175,7 +175,7 @@
#define CONFIG_SYS_FSL_IFC_BE #define CONFIG_SYS_FSL_SFP_VER_3_2 -#define CONFIG_SYS_FSL_SNVS_LE +#define CONFIG_SYS_FSL_SEC_MON_BE #define CONFIG_SYS_FSL_SFP_BE #define CONFIG_SYS_FSL_SRK_LE #define CONFIG_KEY_REVOCATION diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index 4525287..b270c96 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -59,9 +59,10 @@
#endif
-#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A) -/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit
- Similiarly for LS2080
+#if defined(CONFIG_FSL_LAYERSCAPE) +/*
- For fsl layerscape based platforms, ESBC image Address in Header
*/
- is 64 bit.
#define CONFIG_ESBC_ADDR_64BIT #endif @@ -103,12 +104,19 @@ #define CONFIG_BS_ADDR_DEVICE 0x00000840 #define CONFIG_BS_HDR_SIZE 0x00000010 #define CONFIG_BS_SIZE 0x00000008 -#else +#elif defined(CONFIG_QSPI_BOOT) +#ifdef CONFIG_ARCH_LS1046A +#define CONFIG_BS_HDR_ADDR_DEVICE 0x40780000 +#define CONFIG_BS_ADDR_DEVICE 0x40800000 +#endif
How about #else? If you don't expect #else here, please put an error. You may have other than LS1046A in the future.
York
We do expect LS1012A, LS1088A platforms with QSPI secure boot. Patch [1] is
for LS1012A is in sequence with this patch which provides #elif part for this #ifdef.
But still you don't have #else clause. I expect a default setting, or an error or warning when you add a new SoC but forget to add proper setting here. Please keep #else in this patch.
York
Sure I will do changes in next patchset. Please let me know if you have any other comments in other patches too, so that I can incorporate changes in next patchset.
Sumit
Add NOR secure boot target. Also enable sec init.
Signed-off-by: Vinitha Pillai vinitha.pillai@nxp.com Signed-off-by: Sumit Garg sumit.garg@nxp.com ---
Changes in v3: Changes in comment style.
Changes in v2: Split patches logically from 2 to 3.
board/freescale/ls1046aqds/MAINTAINERS | 4 ++++ board/freescale/ls1046aqds/ls1046aqds.c | 19 +++++++++++++++++++ configs/ls1046aqds_SECURE_BOOT_defconfig | 29 +++++++++++++++++++++++++++++ 3 files changed, 52 insertions(+) create mode 100644 configs/ls1046aqds_SECURE_BOOT_defconfig
diff --git a/board/freescale/ls1046aqds/MAINTAINERS b/board/freescale/ls1046aqds/MAINTAINERS index b4549ae..6737d55 100644 --- a/board/freescale/ls1046aqds/MAINTAINERS +++ b/board/freescale/ls1046aqds/MAINTAINERS @@ -8,3 +8,7 @@ F: configs/ls1046aqds_nand_defconfig F: configs/ls1046aqds_sdcard_ifc_defconfig F: configs/ls1046aqds_sdcard_qspi_defconfig F: configs/ls1046aqds_qspi_defconfig + +M: Sumit Garg sumit.garg@nxp.com +S: Maintained +F: configs/ls1046aqds_SECURE_BOOT_defconfig diff --git a/board/freescale/ls1046aqds/ls1046aqds.c b/board/freescale/ls1046aqds/ls1046aqds.c index 552365b..405b20a 100644 --- a/board/freescale/ls1046aqds/ls1046aqds.c +++ b/board/freescale/ls1046aqds/ls1046aqds.c @@ -20,6 +20,7 @@ #include <fsl_csu.h> #include <fsl_esdhc.h> #include <fsl_ifc.h> +#include <fsl_sec.h> #include <spl.h>
#include "../common/vid.h" @@ -260,6 +261,24 @@ int board_init(void) if (adjust_vdd(0)) printf("Warning: Adjusting core voltage failed.\n");
+#ifdef CONFIG_SECURE_BOOT + /* + * In case of Secure Boot, the IBR configures the SMMU + * to allow only Secure transactions. + * SMMU must be reset in bypass mode. + * Set the ClientPD bit and Clear the USFCFG Bit + */ + u32 val; + val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK); + out_le32(SMMU_SCR0, val); + val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK); + out_le32(SMMU_NSCR0, val); +#endif + +#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif + return 0; }
diff --git a/configs/ls1046aqds_SECURE_BOOT_defconfig b/configs/ls1046aqds_SECURE_BOOT_defconfig new file mode 100644 index 0000000..9831f75 --- /dev/null +++ b/configs/ls1046aqds_SECURE_BOOT_defconfig @@ -0,0 +1,29 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS1046AQDS=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1046a-qds-duart" +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_SYS_EXTRA_OPTIONS="SECURE_BOOT" +CONFIG_BOOTDELAY=10 +CONFIG_HUSH_PARSER=y +CONFIG_CMD_BOOTZ=y +CONFIG_CMD_GREPENV=y +CONFIG_CMD_MEMTEST=y +CONFIG_CMD_MEMINFO=y +CONFIG_CMD_MMC=y +CONFIG_CMD_SF=y +CONFIG_CMD_I2C=y +CONFIG_CMD_DHCP=y +CONFIG_CMD_MII=y +CONFIG_CMD_PING=y +CONFIG_CMD_CACHE=y +CONFIG_CMD_EXT2=y +CONFIG_CMD_FAT=y +CONFIG_OF_CONTROL=y +CONFIG_DM=y +CONFIG_SPI_FLASH=y +CONFIG_SYS_NS16550=y +CONFIG_DM_SPI=y +CONFIG_FSL_DSPI=y +CONFIG_RSA=y
Add QSPI Secure Boot target. Also enable sec init.
Signed-off-by: Vinitha Pillai vinitha.pillai@nxp.com Signed-off-by: Sumit Garg sumit.garg@nxp.com ---
Changes in v3: Changes in comment style.
Changes in v2: Split patches logically from 2 to 3.
board/freescale/ls1046ardb/MAINTAINERS | 4 ++++ board/freescale/ls1046ardb/ls1046ardb.c | 19 ++++++++++++++++++ configs/ls1046ardb_qspi_SECURE_BOOT_defconfig | 28 +++++++++++++++++++++++++++ include/configs/ls1046ardb.h | 2 ++ 4 files changed, 53 insertions(+) create mode 100644 configs/ls1046ardb_qspi_SECURE_BOOT_defconfig
diff --git a/board/freescale/ls1046ardb/MAINTAINERS b/board/freescale/ls1046ardb/MAINTAINERS index ff42bef..758ff9d 100644 --- a/board/freescale/ls1046ardb/MAINTAINERS +++ b/board/freescale/ls1046ardb/MAINTAINERS @@ -7,3 +7,7 @@ F: include/configs/ls1046ardb.h F: configs/ls1046ardb_qspi_defconfig F: configs/ls1046ardb_sdcard_defconfig F: configs/ls1046ardb_emmc_defconfig + +M: Sumit Garg sumit.garg@nxp.com +S: Maintained +F: configs/ls1046ardb_qspi_SECURE_BOOT_defconfig diff --git a/board/freescale/ls1046ardb/ls1046ardb.c b/board/freescale/ls1046ardb/ls1046ardb.c index 585c807..6fadea1 100644 --- a/board/freescale/ls1046ardb/ls1046ardb.c +++ b/board/freescale/ls1046ardb/ls1046ardb.c @@ -20,6 +20,7 @@ #include <fsl_csu.h> #include <fsl_esdhc.h> #include "cpld.h" +#include <fsl_sec.h>
DECLARE_GLOBAL_DATA_PTR;
@@ -77,6 +78,24 @@ int board_init(void) enable_layerscape_ns_access(); #endif
+#ifdef CONFIG_SECURE_BOOT + /* + * In case of Secure Boot, the IBR configures the SMMU + * to allow only Secure transactions. + * SMMU must be reset in bypass mode. + * Set the ClientPD bit and Clear the USFCFG Bit + */ + u32 val; + val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK); + out_le32(SMMU_SCR0, val); + val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK); + out_le32(SMMU_NSCR0, val); +#endif + +#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif + #ifdef CONFIG_FSL_LS_PPA ppa_init(); #endif diff --git a/configs/ls1046ardb_qspi_SECURE_BOOT_defconfig b/configs/ls1046ardb_qspi_SECURE_BOOT_defconfig new file mode 100644 index 0000000..a28c98b --- /dev/null +++ b/configs/ls1046ardb_qspi_SECURE_BOOT_defconfig @@ -0,0 +1,28 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS1046ARDB=y +CONFIG_QSPI_AHB_INIT=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1046a-rdb" +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_SYS_EXTRA_OPTIONS="SECURE_BOOT" +CONFIG_QSPI_BOOT=y +CONFIG_BOOTDELAY=10 +CONFIG_HUSH_PARSER=y +# CONFIG_CMD_IMLS is not set +CONFIG_CMD_MMC=y +CONFIG_CMD_SF=y +CONFIG_CMD_I2C=y +CONFIG_CMD_DHCP=y +CONFIG_CMD_MII=y +CONFIG_CMD_PING=y +CONFIG_CMD_CACHE=y +CONFIG_CMD_EXT2=y +CONFIG_CMD_FAT=y +CONFIG_OF_CONTROL=y +CONFIG_DM=y +CONFIG_SPI_FLASH=y +CONFIG_SYS_NS16550=y +CONFIG_DM_SPI=y +CONFIG_FSL_QSPI=y +CONFIG_RSA=y diff --git a/include/configs/ls1046ardb.h b/include/configs/ls1046ardb.h index 2fe8fc1..afa580e 100644 --- a/include/configs/ls1046ardb.h +++ b/include/configs/ls1046ardb.h @@ -234,4 +234,6 @@ "7e800000.flash:16m(nand_uboot)," \ "48m(nand_kernel),448m(nand_free)"
+#include <asm/fsl_secure_boot.h> + #endif /* __LS1046ARDB_H__ */
participants (2)
-
Sumit Garg -
york sun