diff mbox

[U-Boot] powerpc/mpc85xx: SECURE BOOT- NAND secure boot target for P3041

Message ID 1421925053-28612-1-git-send-email-aneesh.bansal@freescale.com
State Superseded
Delegated to: York Sun
Headers show

Commit Message

Aneesh Bansal Jan. 22, 2015, 11:10 a.m. UTC 
Secure Boot Target is added for NAND for P3041
Changes:
In PowerPC, the core begins execution from address 0xFFFFFFFC.
In case of secure boot, this default address maps to Boot ROM.
The Boot ROM code requires that the bootloader(U-boot) must lie
in 0 to 3.5G address space i.e 0x0 - 0xDFFFFFFF

In case of NAND Secure Boot, CONFIG_SYS_RAMBOOT is enabled and CPC is
configured as SRAM. U-Boot binary will be located on this SRAM at
location 0xBFF40000 with entry point as 0xBFFFFFFC.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
---
 Makefile                                   |  4 ++++
 arch/powerpc/cpu/mpc85xx/cpu_init.c        | 15 +++++++++++++++
 board/freescale/common/p_corenet/tlb.c     | 18 +++++++++++++++++-
 configs/P3041DS_NAND_SECURE_BOOT_defconfig |  4 ++++
 include/configs/corenet_ds.h               |  6 ++++++
 5 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 configs/P3041DS_NAND_SECURE_BOOT_defconfig

Comments

Scott Wood Feb. 25, 2015, 1:24 a.m. UTC | #1 
On Thu, 2015-01-22 at 16:40 +0530, Aneesh Bansal wrote:
> diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init.c b/arch/powerpc/cpu/mpc85xx/cpu_init.c
> index 85d32fc..2da99a1 100644
> --- a/arch/powerpc/cpu/mpc85xx/cpu_init.c
> +++ b/arch/powerpc/cpu/mpc85xx/cpu_init.c
> @@ -851,6 +851,21 @@ int cpu_init_r(void)
>  	setup_mp();
>  #endif
>  
> +#ifdef CONFIG_SECURE_BOOT
> +	/* Disable the TLB Created for L3 and create the TLB required for
> +	 * PCIE (CONFIG_SYS_PCIE1_MEM_VIRT) which was not created earlier.
> +	 */
> +	int tlb_index;
> +	tlb_index = find_tlb_idx((void *)CONFIG_BPTR_VIRT_ADDR, 1);
> +	if (tlb_index != -1)
> +		disable_tlb(tlb_index);
> +
> +	set_tlb(1, CONFIG_SYS_PCIE1_MEM_VIRT,
> +		CONFIG_SYS_PCIE1_MEM_PHYS,
> +		MAS3_SW|MAS3_SR, MAS2_I|MAS2_G,
> +		0, tlb_index, BOOKE_PAGESZ_1G, 1);
> +#endif

Why are you assuming in generic 85xx code that the TLB for PCIE1 needs
to be created?  e500mc should have enough TLB1 entries that you don't
need to share (or if it's due to address conflicts, a board may have PCI
at a different address), and PCI may not exist at all on some boards.

-Scott
diff mbox

Patch

diff --git a/Makefile b/Makefile
index 36a9a28..ca98b3e 100644
--- a/Makefile
+++ b/Makefile
@@ -714,8 +714,12 @@  ALL-$(CONFIG_ONENAND_U_BOOT) += u-boot-onenand.bin
 ifeq ($(CONFIG_SPL_FSL_PBL),y)
 ALL-$(CONFIG_RAMBOOT_PBL) += u-boot-with-spl-pbl.bin
 else
+ifneq ($(CONFIG_SECURE_BOOT), y)
+# For Secure Boot The Image needs to be signed and Header must also
+# be included. So The image has to be built explicitly
 ALL-$(CONFIG_RAMBOOT_PBL) += u-boot.pbl
 endif
+endif
 ALL-$(CONFIG_SPL) += spl/u-boot-spl.bin
 ALL-$(CONFIG_SPL_FRAMEWORK) += u-boot.img
 ALL-$(CONFIG_TPL) += tpl/u-boot-tpl.bin
diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init.c b/arch/powerpc/cpu/mpc85xx/cpu_init.c
index 85d32fc..2da99a1 100644
--- a/arch/powerpc/cpu/mpc85xx/cpu_init.c
+++ b/arch/powerpc/cpu/mpc85xx/cpu_init.c
@@ -851,6 +851,21 @@  int cpu_init_r(void)
 	setup_mp();
 #endif
 
+#ifdef CONFIG_SECURE_BOOT
+	/* Disable the TLB Created for L3 and create the TLB required for
+	 * PCIE (CONFIG_SYS_PCIE1_MEM_VIRT) which was not created earlier.
+	 */
+	int tlb_index;
+	tlb_index = find_tlb_idx((void *)CONFIG_BPTR_VIRT_ADDR, 1);
+	if (tlb_index != -1)
+		disable_tlb(tlb_index);
+
+	set_tlb(1, CONFIG_SYS_PCIE1_MEM_VIRT,
+		CONFIG_SYS_PCIE1_MEM_PHYS,
+		MAS3_SW|MAS3_SR, MAS2_I|MAS2_G,
+		0, tlb_index, BOOKE_PAGESZ_1G, 1);
+#endif
+
 #ifdef CONFIG_SYS_FSL_ERRATUM_ESDHC13
 	{
 		if (SVR_MAJ(svr) < 3) {
diff --git a/board/freescale/common/p_corenet/tlb.c b/board/freescale/common/p_corenet/tlb.c
index 8148e46..1b60cfb 100644
--- a/board/freescale/common/p_corenet/tlb.c
+++ b/board/freescale/common/p_corenet/tlb.c
@@ -42,7 +42,9 @@  struct fsl_e_tlb_entry tlb_table[] = {
 
 	/* TLB 1 */
 	/* *I*** - Covers boot page */
-#if defined(CONFIG_SYS_RAMBOOT) && defined(CONFIG_SYS_INIT_L3_ADDR)
+	/* In Case of Secure RAM Boot L3 address is defined at 0xbff00000 */
+#if defined(CONFIG_SYS_RAMBOOT) && defined(CONFIG_SYS_INIT_L3_ADDR) && \
+	!defined(CONFIG_SECURE_BOOT)
 	/*
 	 * *I*G - L3SRAM. When L3 is used as 1M SRAM, the address of the
 	 * SRAM is at 0xfff00000, it covered the 0xfffff000.
@@ -76,11 +78,25 @@  struct fsl_e_tlb_entry tlb_table[] = {
 		      MAS3_SX|MAS3_SR, MAS2_W|MAS2_G,
 		      0, 2, BOOKE_PAGESZ_256M, 1),
 
+#if defined(CONFIG_SYS_RAMBOOT) && defined(CONFIG_SYS_INIT_L3_ADDR) && \
+	defined(CONFIG_SECURE_BOOT)
+	/* In case of Secure Boot, L3 is used as 1M SRAM
+	 * and the address of the SRAM is at 0xbff00000.
+	 * The PCIE TLB entry conflicts with the above entry.
+	 * So, the entry for PCIE is not created at this point of time.
+	 * It will be created later on in cpu_init_r()
+	 * when U-Boot has relocated to DDR
+	 */
+	SET_TLB_ENTRY(1, CONFIG_SYS_INIT_L3_ADDR, CONFIG_SYS_INIT_L3_ADDR,
+		      MAS3_SX|MAS3_SW|MAS3_SR, MAS2_I|MAS2_G,
+		      0, 3, BOOKE_PAGESZ_1M, 1),
+#else
 	/* *I*G* - PCI */
 	SET_TLB_ENTRY(1, CONFIG_SYS_PCIE1_MEM_VIRT, CONFIG_SYS_PCIE1_MEM_PHYS,
 		      MAS3_SW|MAS3_SR, MAS2_I|MAS2_G,
 		      0, 3, BOOKE_PAGESZ_1G, 1),
 
+#endif
 	/* *I*G* - PCI */
 	SET_TLB_ENTRY(1, CONFIG_SYS_PCIE1_MEM_VIRT + 0x40000000,
 		      CONFIG_SYS_PCIE1_MEM_PHYS + 0x40000000,
diff --git a/configs/P3041DS_NAND_SECURE_BOOT_defconfig b/configs/P3041DS_NAND_SECURE_BOOT_defconfig
new file mode 100644
index 0000000..e810b1c
--- /dev/null
+++ b/configs/P3041DS_NAND_SECURE_BOOT_defconfig
@@ -0,0 +1,4 @@ 
+CONFIG_SYS_EXTRA_OPTIONS="RAMBOOT_PBL,NAND,SECURE_BOOT,SYS_TEXT_BASE=0xBFF40000"
+CONFIG_PPC=y
+CONFIG_MPC85xx=y
+CONFIG_TARGET_P3041DS=y
diff --git a/include/configs/corenet_ds.h b/include/configs/corenet_ds.h
index 225ffdd..8fba5ec 100644
--- a/include/configs/corenet_ds.h
+++ b/include/configs/corenet_ds.h
@@ -16,6 +16,11 @@ 
 #include "../board/freescale/common/ics307_clk.h"
 
 #ifdef CONFIG_RAMBOOT_PBL
+#ifdef CONFIG_SECURE_BOOT
+#define CONFIG_RAMBOOT_TEXT_BASE	CONFIG_SYS_TEXT_BASE
+#define CONFIG_RESET_VECTOR_ADDRESS	0xbffffffc
+#define CONFIG_BPTR_VIRT_ADDR		0xbffff000
+#else
 #define CONFIG_RAMBOOT_TEXT_BASE	CONFIG_SYS_TEXT_BASE
 #define CONFIG_RESET_VECTOR_ADDRESS	0xfffffffc
 #define CONFIG_SYS_FSL_PBL_PBI board/freescale/corenet_ds/pbi.cfg
@@ -29,6 +34,7 @@ 
 #define CONFIG_SYS_FSL_PBL_RCW board/freescale/corenet_ds/rcw_p5040ds.cfg
 #endif
 #endif
+#endif
 
 #ifdef CONFIG_SRIO_PCIE_BOOT_SLAVE
 /* Set 1M boot space */