[U-Boot] [PATCH 1/2] LS1046AQDS : Add NOR Secure Boot Target
Add NOR secure boot target. Also enable sec init.
Signed-off-by: Vinitha Pillai vinitha.pillai@nxp.com Signed-off-by: Sumit Garg sumit.garg@nxp.com --- board/freescale/ls1046aqds/MAINTAINERS | 4 ++++ board/freescale/ls1046aqds/ls1046aqds.c | 18 ++++++++++++++++++ configs/ls1046aqds_SECURE_BOOT_defconfig | 29 +++++++++++++++++++++++++++++ 3 files changed, 51 insertions(+) create mode 100644 configs/ls1046aqds_SECURE_BOOT_defconfig
diff --git a/board/freescale/ls1046aqds/MAINTAINERS b/board/freescale/ls1046aqds/MAINTAINERS index b4549ae..6737d55 100644 --- a/board/freescale/ls1046aqds/MAINTAINERS +++ b/board/freescale/ls1046aqds/MAINTAINERS @@ -8,3 +8,7 @@ F: configs/ls1046aqds_nand_defconfig F: configs/ls1046aqds_sdcard_ifc_defconfig F: configs/ls1046aqds_sdcard_qspi_defconfig F: configs/ls1046aqds_qspi_defconfig + +M: Sumit Garg sumit.garg@nxp.com +S: Maintained +F: configs/ls1046aqds_SECURE_BOOT_defconfig diff --git a/board/freescale/ls1046aqds/ls1046aqds.c b/board/freescale/ls1046aqds/ls1046aqds.c index 8c18538..a418590 100644 --- a/board/freescale/ls1046aqds/ls1046aqds.c +++ b/board/freescale/ls1046aqds/ls1046aqds.c @@ -20,6 +20,7 @@ #include <fsl_csu.h> #include <fsl_esdhc.h> #include <fsl_ifc.h> +#include <fsl_sec.h> #include <spl.h>
#include "../common/vid.h" @@ -242,6 +243,23 @@ int board_init(void) if (adjust_vdd(0)) printf("Warning: Adjusting core voltage failed.\n");
+#ifdef CONFIG_SECURE_BOOT + /* In case of Secure Boot, the IBR configures the SMMU + * to allow only Secure transactions. + * SMMU must be reset in bypass mode. + * Set the ClientPD bit and Clear the USFCFG Bit + */ + u32 val; + val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK); + out_le32(SMMU_SCR0, val); + val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK); + out_le32(SMMU_NSCR0, val); +#endif + +#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif + return 0; }
diff --git a/configs/ls1046aqds_SECURE_BOOT_defconfig b/configs/ls1046aqds_SECURE_BOOT_defconfig new file mode 100644 index 0000000..2640dc8 --- /dev/null +++ b/configs/ls1046aqds_SECURE_BOOT_defconfig @@ -0,0 +1,29 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS1046AQDS=y +CONFIG_DM_SPI=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1046a-qds-duart" +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, SECURE_BOOT" +CONFIG_BOOTDELAY=10 +CONFIG_HUSH_PARSER=y +CONFIG_CMD_BOOTZ=y +CONFIG_CMD_GREPENV=y +CONFIG_CMD_MEMTEST=y +CONFIG_CMD_MEMINFO=y +CONFIG_CMD_MMC=y +CONFIG_CMD_SF=y +CONFIG_CMD_I2C=y +CONFIG_CMD_DHCP=y +CONFIG_CMD_MII=y +CONFIG_CMD_PING=y +CONFIG_CMD_CACHE=y +CONFIG_CMD_EXT2=y +CONFIG_CMD_FAT=y +CONFIG_OF_CONTROL=y +CONFIG_DM=y +CONFIG_SPI_FLASH=y +CONFIG_SYS_NS16550=y +CONFIG_FSL_DSPI=y +CONFIG_RSA=y
Add QSPI Secure Boot target to enable chain of trust and enable sec init. Also define bootscript and its header addresses for QSPI target.
Signed-off-by: Vinitha Pillai vinitha.pillai@nxp.com Signed-off-by: Sumit Garg sumit.garg@nxp.com --- arch/arm/include/asm/arch-fsl-layerscape/config.h | 2 +- arch/arm/include/asm/fsl_secure_boot.h | 37 ++++++++++++++++------- board/freescale/ls1046ardb/MAINTAINERS | 4 +++ board/freescale/ls1046ardb/ls1046ardb.c | 19 ++++++++++++ configs/ls1046ardb_qspi_SECURE_BOOT_defconfig | 27 +++++++++++++++++ include/configs/ls1046ardb.h | 2 ++ 6 files changed, 79 insertions(+), 12 deletions(-) create mode 100644 configs/ls1046ardb_qspi_SECURE_BOOT_defconfig
diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h b/arch/arm/include/asm/arch-fsl-layerscape/config.h index 4201e0f..11a62e8 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/config.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h @@ -196,7 +196,7 @@
#define CONFIG_SYS_FSL_IFC_BE #define CONFIG_SYS_FSL_SFP_VER_3_2 -#define CONFIG_SYS_FSL_SNVS_LE +#define CONFIG_SYS_FSL_SEC_MON_BE #define CONFIG_SYS_FSL_SFP_BE #define CONFIG_SYS_FSL_SRK_LE #define CONFIG_KEY_REVOCATION diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index 4525287..933e09c 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -45,7 +45,8 @@ #define CONFIG_CMD_HASH #define CONFIG_KEY_REVOCATION #ifndef CONFIG_SYS_RAMBOOT -/* The key used for verification of next level images +/* + * The key used for verification of next level images * is picked up from an Extension Table which has * been verified by the ISBC (Internal Secure boot Code) * in boot ROM of the SoC. @@ -59,9 +60,10 @@
#endif
-#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A) -/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit - * Similiarly for LS2080 +#if defined(CONFIG_FSL_LAYERSCAPE) +/* + * For fsl layerscape based platforms, ESBC image Address in Header + * is 64 bit. */ #define CONFIG_ESBC_ADDR_64BIT #endif @@ -78,13 +80,16 @@ "setenv hwconfig 'fsl_ddr:ctlr_intlv=null,bank_intlv=null';" #endif
-/* Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from - * Non-XIP Memory (Nand/SD)*/ +/* + * Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from + * Non-XIP Memory (Nand/SD) + */ #if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_LS2080A) || \ defined(CONFIG_SD_BOOT) #define CONFIG_BOOTSCRIPT_COPY_RAM #endif -/* The address needs to be modified according to NOR, NAND, SD and +/* + * The address needs to be modified according to NOR, NAND, SD and * DDR memory map */ #ifdef CONFIG_LS2080A @@ -96,19 +101,26 @@ #define CONFIG_BS_SIZE 0x00001000 #else #ifdef CONFIG_SD_BOOT -/* For SD boot address and size are assigned in terms of sector +/* + * For SD boot address and size are assigned in terms of sector * offset and no. of sectors respectively. */ #define CONFIG_BS_HDR_ADDR_DEVICE 0x00000800 #define CONFIG_BS_ADDR_DEVICE 0x00000840 #define CONFIG_BS_HDR_SIZE 0x00000010 #define CONFIG_BS_SIZE 0x00000008 -#else +/* ifdef CONFIG_SD_BOOT */ +#elif defined(CONFIG_QSPI_BOOT) +#define CONFIG_BS_HDR_ADDR_DEVICE 0x40780000 +#define CONFIG_BS_ADDR_DEVICE 0x40800000 +#define CONFIG_BS_HDR_SIZE 0x00002000 +#define CONFIG_BS_SIZE 0x00001000 +#else /* elif defined(CONFIG_QSPI_BOOT) */ #define CONFIG_BS_HDR_ADDR_DEVICE 0x600a0000 #define CONFIG_BS_ADDR_DEVICE 0x60060000 #define CONFIG_BS_HDR_SIZE 0x00002000 #define CONFIG_BS_SIZE 0x00001000 -#endif /* #ifdef CONFIG_SD_BOOT */ +#endif /* Default NOR Boot */ #define CONFIG_BS_HDR_ADDR_RAM 0x81000000 #define CONFIG_BS_ADDR_RAM 0x81020000 #endif @@ -125,12 +137,15 @@ #ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP #ifdef CONFIG_LS1043A #define CONFIG_SYS_LS_PPA_ESBC_ADDR 0x600c0000 +#elif defined(CONFIG_LS1046A) +#define CONFIG_SYS_LS_PPA_ESBC_ADDR 0x40740000 #endif #else #error "No CONFIG_SYS_LS_PPA_FW_IN_xxx defined" #endif /* ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP */
-/* Define the key hash here if SRK used for signing PPA image is +/* + * Define the key hash here if SRK used for signing PPA image is * different from SRK hash put in SFP used for U-Boot. * Example * #define CONFIG_PPA_KEY_HASH \ diff --git a/board/freescale/ls1046ardb/MAINTAINERS b/board/freescale/ls1046ardb/MAINTAINERS index ff42bef..758ff9d 100644 --- a/board/freescale/ls1046ardb/MAINTAINERS +++ b/board/freescale/ls1046ardb/MAINTAINERS @@ -7,3 +7,7 @@ F: include/configs/ls1046ardb.h F: configs/ls1046ardb_qspi_defconfig F: configs/ls1046ardb_sdcard_defconfig F: configs/ls1046ardb_emmc_defconfig + +M: Sumit Garg sumit.garg@nxp.com +S: Maintained +F: configs/ls1046ardb_qspi_SECURE_BOOT_defconfig diff --git a/board/freescale/ls1046ardb/ls1046ardb.c b/board/freescale/ls1046ardb/ls1046ardb.c index 585c807..6fadea1 100644 --- a/board/freescale/ls1046ardb/ls1046ardb.c +++ b/board/freescale/ls1046ardb/ls1046ardb.c @@ -20,6 +20,7 @@ #include <fsl_csu.h> #include <fsl_esdhc.h> #include "cpld.h" +#include <fsl_sec.h>
DECLARE_GLOBAL_DATA_PTR;
@@ -77,6 +78,24 @@ int board_init(void) enable_layerscape_ns_access(); #endif
+#ifdef CONFIG_SECURE_BOOT + /* + * In case of Secure Boot, the IBR configures the SMMU + * to allow only Secure transactions. + * SMMU must be reset in bypass mode. + * Set the ClientPD bit and Clear the USFCFG Bit + */ + u32 val; + val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK); + out_le32(SMMU_SCR0, val); + val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK); + out_le32(SMMU_NSCR0, val); +#endif + +#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif + #ifdef CONFIG_FSL_LS_PPA ppa_init(); #endif diff --git a/configs/ls1046ardb_qspi_SECURE_BOOT_defconfig b/configs/ls1046ardb_qspi_SECURE_BOOT_defconfig new file mode 100644 index 0000000..c79c875 --- /dev/null +++ b/configs/ls1046ardb_qspi_SECURE_BOOT_defconfig @@ -0,0 +1,27 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS1046ARDB=y +CONFIG_DM_SPI=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1046a-rdb" +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4,SECURE_BOOT" +CONFIG_QSPI_BOOT=y +CONFIG_BOOTDELAY=10 +CONFIG_HUSH_PARSER=y +# CONFIG_CMD_IMLS is not set +CONFIG_CMD_MMC=y +CONFIG_CMD_SF=y +CONFIG_CMD_I2C=y +CONFIG_CMD_DHCP=y +CONFIG_CMD_MII=y +CONFIG_CMD_PING=y +CONFIG_CMD_CACHE=y +CONFIG_CMD_EXT2=y +CONFIG_CMD_FAT=y +CONFIG_OF_CONTROL=y +CONFIG_DM=y +CONFIG_SPI_FLASH=y +CONFIG_SYS_NS16550=y +CONFIG_FSL_QSPI=y +CONFIG_RSA=y diff --git a/include/configs/ls1046ardb.h b/include/configs/ls1046ardb.h index 2fe8fc1..afa580e 100644 --- a/include/configs/ls1046ardb.h +++ b/include/configs/ls1046ardb.h @@ -234,4 +234,6 @@ "7e800000.flash:16m(nand_uboot)," \ "48m(nand_kernel),448m(nand_free)"
+#include <asm/fsl_secure_boot.h> + #endif /* __LS1046ARDB_H__ */
participants (1)
-
Sumit Garg