[U-Boot] [PATCH v2 1/2] configs: fsl-layerscape: secure_boot: Enable setexpr command.
setexpr command is used while running secure boot (chain of trust with confidentiality) feature.
So, Enable CONFIG_CMD_SETEXPR to enable setexpr command.
Signed-off-by: Udit Agarwal udit.agarwal@nxp.com --- Changes in V2: Corrects commit message.
configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1012aqds_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1012ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1028aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1028ardb_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1043aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1043ardb_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1046aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1046ardb_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1088ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls2088ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/lx2160aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/lx2160ardb_tfa_SECURE_BOOT_defconfig | 1 + 14 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig b/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig index 02f5dedfa2..bf68873466 100644 --- a/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig @@ -50,4 +50,5 @@ CONFIG_DM_USB=y CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_RSA=y +CONFIG_CMD_SETEXPR=y CONFIG_RSA_SOFTWARE_EXP=y diff --git a/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig b/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig index 9a6139e58c..80fb0c473c 100644 --- a/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig @@ -30,7 +30,7 @@ CONFIG_CMD_SF=y CONFIG_CMD_SPI=y CONFIG_DEFAULT_SPI_BUS=1 CONFIG_CMD_USB=y -# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_SETEXPR=y CONFIG_CMD_CACHE=y CONFIG_CMD_DATE=y CONFIG_OF_CONTROL=y diff --git a/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig index 5e524e74c1..f8b7585802 100644 --- a/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig @@ -27,7 +27,7 @@ CONFIG_CMD_MMC=y CONFIG_CMD_PCI=y CONFIG_CMD_SF=y CONFIG_CMD_USB=y -# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_SETEXPR=y CONFIG_CMD_CACHE=y CONFIG_OF_CONTROL=y CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1012a-rdb" diff --git a/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig b/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig index 7cd2f59d7b..b1d2c6bb3e 100644 --- a/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig @@ -59,4 +59,5 @@ CONFIG_USB_XHCI_DWC3=y CONFIG_WDT=y CONFIG_WDT_SP805=y CONFIG_RSA=y +CONFIG_CMD_SETEXPR=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y diff --git a/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig index 3432f90087..3cd6cb56bf 100644 --- a/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig @@ -59,4 +59,5 @@ CONFIG_USB_XHCI_DWC3=y CONFIG_WDT=y CONFIG_WDT_SP805=y CONFIG_RSA=y +CONFIG_CMD_SETEXPR=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y diff --git a/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig b/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig index 8964042fcc..919d8b0e0f 100644 --- a/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig @@ -58,4 +58,5 @@ CONFIG_USB_XHCI_DWC3=y CONFIG_RSA=y CONFIG_SPL_RSA=y CONFIG_RSA_SOFTWARE_EXP=y +CONFIG_CMD_SETEXPR=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y diff --git a/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig index a481cb104d..637febf9a5 100644 --- a/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig @@ -52,3 +52,4 @@ CONFIG_RSA=y CONFIG_SPL_RSA=y CONFIG_RSA_SOFTWARE_EXP=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_CMD_SETEXPR=y diff --git a/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig index e5522d8629..116c9a26c7 100644 --- a/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig @@ -53,3 +53,4 @@ CONFIG_DM_USB=y CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_RSA=y +CONFIG_CMD_SETEXPR=y diff --git a/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig b/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig index 715d07934c..69e39e7207 100644 --- a/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig @@ -59,3 +59,4 @@ CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_RSA=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_CMD_SETEXPR=y diff --git a/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig index 3244d5659a..8cd246a63e 100644 --- a/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig @@ -52,3 +52,4 @@ CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_RSA=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_CMD_SETEXPR=y diff --git a/configs/ls1088ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1088ardb_tfa_SECURE_BOOT_defconfig index d2c9c59b77..5ba353e60e 100644 --- a/configs/ls1088ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1088ardb_tfa_SECURE_BOOT_defconfig @@ -27,7 +27,7 @@ CONFIG_CMD_I2C=y CONFIG_CMD_MMC=y CONFIG_CMD_SF=y CONFIG_CMD_USB=y -# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_SETEXPR=y CONFIG_MP=y CONFIG_OF_CONTROL=y CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1088a-rdb" diff --git a/configs/ls2088ardb_tfa_SECURE_BOOT_defconfig b/configs/ls2088ardb_tfa_SECURE_BOOT_defconfig index ee3a83a075..360dadff09 100644 --- a/configs/ls2088ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls2088ardb_tfa_SECURE_BOOT_defconfig @@ -28,7 +28,7 @@ CONFIG_CMD_NAND=y CONFIG_CMD_PCI=y CONFIG_CMD_SF=y CONFIG_CMD_USB=y -# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_SETEXPR=y CONFIG_CMD_CACHE=y CONFIG_CMD_DATE=y CONFIG_MP=y diff --git a/configs/lx2160aqds_tfa_SECURE_BOOT_defconfig b/configs/lx2160aqds_tfa_SECURE_BOOT_defconfig index 6a6188384f..c0d5faa11c 100644 --- a/configs/lx2160aqds_tfa_SECURE_BOOT_defconfig +++ b/configs/lx2160aqds_tfa_SECURE_BOOT_defconfig @@ -61,3 +61,4 @@ CONFIG_RSA=y CONFIG_SPL_RSA=y CONFIG_RSA_SOFTWARE_EXP=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_CMD_SETEXPR=y diff --git a/configs/lx2160ardb_tfa_SECURE_BOOT_defconfig b/configs/lx2160ardb_tfa_SECURE_BOOT_defconfig index 643995d82b..7229262c96 100644 --- a/configs/lx2160ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/lx2160ardb_tfa_SECURE_BOOT_defconfig @@ -58,3 +58,4 @@ CONFIG_RSA=y CONFIG_SPL_RSA=y CONFIG_RSA_SOFTWARE_EXP=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_CMD_SETEXPR=y
Maximum size of secure boot header to be read from MMC is 12KB which spans across 0x20 blocks.
Hence increase the mmc read size for secure boot headers from MMC to 0x20 blocks.
Signed-off-by: Udit Agarwal udit.agarwal@nxp.com --- Changes in V2: Modifications in the subject line and commit message.
include/configs/ls1088ardb.h | 18 +++++++++--------- include/configs/ls2080ardb.h | 8 ++++---- include/configs/lx2160a_common.h | 8 ++++---- 3 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/include/configs/ls1088ardb.h b/include/configs/ls1088ardb.h index 322adb530a..7500c3d3c6 100644 --- a/include/configs/ls1088ardb.h +++ b/include/configs/ls1088ardb.h @@ -320,8 +320,8 @@ "mmcinfo;mmc read 0x80000000 0x5000 0x800;" \ "mmc read 0x80100000 0x7000 0x800;" \ "env exists secureboot && " \ - "mmc read 0x80700000 0x3800 0x10 && " \ - "mmc read 0x80740000 0x3A00 0x10 && " \ + "mmc read 0x80700000 0x3800 0x20 && " \ + "mmc read 0x80740000 0x3A00 0x20 && " \ "esbc_validate 0x80700000 && " \ "esbc_validate 0x80740000 ;" \ "fsl_mc start mc 0x80000000 0x80100000\0" @@ -342,8 +342,8 @@ "mcinitcmd=mmcinfo;mmc read 0x80000000 0x5000 0x800;" \ "mmc read 0x80100000 0x7000 0x800;" \ "env exists secureboot && " \ - "mmc read 0x80700000 0x3800 0x10 && " \ - "mmc read 0x80740000 0x3A00 0x10 && " \ + "mmc read 0x80700000 0x3800 0x20 && " \ + "mmc read 0x80740000 0x3A00 0x20 && " \ "esbc_validate 0x80700000 && " \ "esbc_validate 0x80740000 ;" \ "fsl_mc start mc 0x80000000 0x80100000\0" \ @@ -377,7 +377,7 @@ "load_addr=0xa0000000\0" \ "kernel_size=0x2800000\0" \ "kernel_size_sd=0x14000\0" \ - "kernelhdr_size_sd=0x10\0" \ + "kernelhdr_size_sd=0x20\0" \ QSPI_MC_INIT_CMD \ "mcmemsize=0x70000000\0" \ BOOTENV \ @@ -446,7 +446,7 @@ "load_addr=0xa0000000\0" \ "kernel_size=0x2800000\0" \ "kernel_size_sd=0x14000\0" \ - "kernelhdr_size_sd=0x10\0" \ + "kernelhdr_size_sd=0x20\0" \ MC_INIT_CMD \ BOOTENV \ "boot_scripts=ls1088ardb_boot.scr\0" \ @@ -493,7 +493,7 @@ #undef CONFIG_BOOTCOMMAND #ifdef CONFIG_TFABOOT #define QSPI_NOR_BOOTCOMMAND \ - "sf read 0x80001000 0xd00000 0x100000;" \ + "sf read 0x80001000 0xd00000 0x100000;" \ "env exists mcinitcmd && env exists secureboot " \ " && sf read 0x80780000 0x780000 0x100000 " \ "&& esbc_validate 0x80780000;env exists mcinitcmd " \ @@ -504,7 +504,7 @@ "env exists mcinitcmd && mmcinfo; " \ "mmc read 0x80001000 0x6800 0x800; " \ "env exists mcinitcmd && env exists secureboot " \ - " && mmc read 0x80780000 0x3C00 0x10 " \ + " && mmc read 0x80780000 0x3C00 0x20 " \ "&& esbc_validate 0x80780000;env exists mcinitcmd " \ "&& fsl_mc lazyapply dpl 0x80001000;" \ "run distro_bootcmd;run sd_bootcmd;" \ @@ -527,7 +527,7 @@ "env exists mcinitcmd && mmcinfo; " \ "mmc read 0x80001000 0x6800 0x800; " \ "env exists mcinitcmd && env exists secureboot " \ - " && mmc read 0x80780000 0x3C00 0x10 " \ + " && mmc read 0x80780000 0x3C00 0x20 " \ "&& esbc_validate 0x80780000;env exists mcinitcmd " \ "&& fsl_mc lazyapply dpl 0x80001000;" \ "run distro_bootcmd;run sd_bootcmd;" \ diff --git a/include/configs/ls2080ardb.h b/include/configs/ls2080ardb.h index 2e8a8bbdb7..cb80f12c32 100644 --- a/include/configs/ls2080ardb.h +++ b/include/configs/ls2080ardb.h @@ -345,8 +345,8 @@ unsigned long get_board_sys_clk(void); "mmcinfo;mmc read 0x80000000 0x5000 0x800;" \ "mmc read 0x80100000 0x7000 0x800;" \ "env exists secureboot && " \ - "mmc read 0x80700000 0x3800 0x10 && " \ - "mmc read 0x80740000 0x3A00 0x10 && " \ + "mmc read 0x80700000 0x3800 0x20 && " \ + "mmc read 0x80740000 0x3A00 0x20 && " \ "esbc_validate 0x80700000 && " \ "esbc_validate 0x80740000 ;" \ "fsl_mc start mc 0x80000000 0x80100000\0" @@ -367,8 +367,8 @@ unsigned long get_board_sys_clk(void); "mcinitcmd=mmcinfo;mmc read 0x80000000 0x5000 0x800;" \ "mmc read 0x80100000 0x7000 0x800;" \ "env exists secureboot && " \ - "mmc read 0x80700000 0x3800 0x10 && " \ - "mmc read 0x80740000 0x3A00 0x10 && " \ + "mmc read 0x80700000 0x3800 0x20 && " \ + "mmc read 0x80740000 0x3A00 0x20 && " \ "esbc_validate 0x80700000 && " \ "esbc_validate 0x80740000 ;" \ "fsl_mc start mc 0x80000000 0x80100000\0" \ diff --git a/include/configs/lx2160a_common.h b/include/configs/lx2160a_common.h index 02534b365e..e18c8dfd57 100644 --- a/include/configs/lx2160a_common.h +++ b/include/configs/lx2160a_common.h @@ -216,8 +216,8 @@ int select_i2c_ch_pca9547_sec(unsigned char ch); "mmc read 0x80a00000 0x5000 0x1200;" \ "mmc read 0x80e00000 0x7000 0x800;" \ "env exists secureboot && " \ - "mmc read 0x80700000 0x3800 0x10 && " \ - "mmc read 0x80740000 0x3A00 0x10 && " \ + "mmc read 0x80700000 0x3800 0x20 && " \ + "mmc read 0x80740000 0x3A00 0x20 && " \ "esbc_validate 0x80700000 && " \ "esbc_validate 0x80740000 ;" \ "fsl_mc start mc 0x80a00000 0x80e00000\0" @@ -243,7 +243,7 @@ int select_i2c_ch_pca9547_sec(unsigned char ch); "kernel_addr_sd=0x8000\0" \ "kernelhdr_addr_sd=0x3E00\0" \ "kernel_size_sd=0x1d000\0" \ - "kernelhdr_size_sd=0x10\0" \ + "kernelhdr_size_sd=0x20\0" \ "console=ttyAMA0,38400n8\0" \ BOOTENV \ "mcmemsize=0x70000000\0" \ @@ -281,7 +281,7 @@ int select_i2c_ch_pca9547_sec(unsigned char ch); "env exists mcinitcmd && mmcinfo; " \ "mmc read 0x80d00000 0x6800 0x800; " \ "env exists mcinitcmd && env exists secureboot " \ - " && mmc read 0x80780000 0x3C00 0x10 " \ + " && mmc read 0x80780000 0x3C00 0x20 " \ "&& esbc_validate 0x80780000;env exists mcinitcmd " \ "&& fsl_mc lazyapply dpl 0x80d00000;" \ "run distro_bootcmd;run sd_bootcmd;" \
-----Original Message----- From: Udit Agarwal Sent: Thursday, June 13, 2019 1:39 PM To: u-boot@lists.denx.de Cc: Ruchika Gupta ruchika.gupta@nxp.com; Arun Pathak arun.pathak@nxp.com; Prabhakar Kushwaha prabhakar.kushwaha@nxp.com; Jagdish Gediya jagdish.gediya@nxp.com; Udit Agarwal udit.agarwal@nxp.com Subject: [PATCH v2 2/2] armv8: fsl-layerscape: Increase mmc read size for secure-boot headers
Maximum size of secure boot header to be read from MMC is 12KB which spans across 0x20 blocks.
Hence increase the mmc read size for secure boot headers from MMC to 0x20 blocks.
Signed-off-by: Udit Agarwal udit.agarwal@nxp.com
Please resend this patch as first patch of this patch series having review comments
--pk
Dear Udit,
-----Original Message----- From: Udit Agarwal Sent: Thursday, June 13, 2019 1:39 PM To: u-boot@lists.denx.de Cc: Ruchika Gupta ruchika.gupta@nxp.com; Arun Pathak arun.pathak@nxp.com; Prabhakar Kushwaha prabhakar.kushwaha@nxp.com; Jagdish Gediya jagdish.gediya@nxp.com; Udit Agarwal udit.agarwal@nxp.com Subject: [PATCH v2 1/2] configs: fsl-layerscape: secure_boot: Enable setexpr command.
setexpr command is used while running secure boot (chain of trust with confidentiality) feature.
So, Enable CONFIG_CMD_SETEXPR to enable setexpr command.
Signed-off-by: Udit Agarwal udit.agarwal@nxp.com
Changes in V2: Corrects commit message.
configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1012aqds_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1012ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1028aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1028ardb_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1043aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1043ardb_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1046aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1046ardb_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1088ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls2088ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/lx2160aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/lx2160ardb_tfa_SECURE_BOOT_defconfig | 1 + 14 files changed, 14 insertions(+), 4 deletions(-)
Have you run savedefconfig before sending this patch.
Note: savedefconfig removing your changes (as it may be enabled in-directly)
--pk
participants (2)
-
Prabhakar Kushwaha -
Udit Agarwal