========
If Secure Boot is executed, a separate U-Boot target is required which
must be compiled with a diffrent Text Base as compared to Non-Secure Boot.
There are some LAW and TLB settings which are required specifically for
Secure Boot scenario.
ARM:
====
ARM based SoC's have a fixed memory map and exit conditions from BootROM
are same irrespective of boot mode (Secure or Non-Secure). Thus there is
no seperate requirement for a separate Compile time target.
Thus the current Secure Boot functionlity has been split into two parts:
CONFIG_SECURE_BOOT
=====================
This is defined only for PowerPC SoC's for creating a different compile time
target for secure boot.
CONFIG_CHAIN_OF_TRUST
========================
This is defined for both ARM and PowerPC SoC's. It will have the following
functionality as part of U-Boot:
1. Enable commands like esbc_validate, esbc_halt
2. Change the environment settings based on bootmode (determined at run time):
- If bootmode is non-secure, no change
- If bootmode is secure, set the following:
- bootdelay = 0 (Don't give boot prompt)
- bootcmd = Validate and execute the bootscript.
Traditionally, both these functionalities were defined under
CONFIG_SECURE_BOOT and thus a new target had to be added for Secure boot.
After this change, for all ARM based SoC's, no separate target will be required
for Secure Boot. CONFIG_CHAIN_OF_TRUST will be defined and boot mode will be
determine at run time.
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
---
arch/arm/include/asm/fsl_secure_boot.h | 6 +-
arch/powerpc/include/asm/fsl_secure_boot.h | 35 +++++----
board/freescale/common/Makefile | 2 -
include/config_fsl_chain_trust.h | 89 ++++++++++++++++++++++
include/config_fsl_secboot.h | 116 -----------------------------
include/configs/ls1021aqds.h | 3 +
include/configs/ls1021atwr.h | 3 +
include/configs/ls1043aqds.h | 10 +++
include/configs/ls1043ardb.h | 3 +
9 files changed, 131 insertions(+), 136 deletions(-)
create mode 100644 include/config_fsl_chain_trust.h
delete mode 100644 include/config_fsl_secboot.h
@@ -7,7 +7,7 @@
#ifndef __FSL_SECURE_BOOT_H
#define __FSL_SECURE_BOOT_H
-#ifdef CONFIG_SECURE_BOOT
+#ifdef CONFIG_CHAIN_OF_TRUST
#define CONFIG_CMD_ESBC_VALIDATE
#define CONFIG_CMD_BLOB
#define CONFIG_FSL_SEC_MON
@@ -45,8 +45,8 @@
/* The address needs to be modified according to NOR memory map */
#define CONFIG_BOOTSCRIPT_HDR_ADDR 0x600a0000
-#include <config_fsl_secboot.h>
-#endif
+#include <config_fsl_chain_trust.h>
#endif
+#endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
#endif
@@ -9,19 +9,10 @@
#include <asm/config_mpc85xx.h>
#ifdef CONFIG_SECURE_BOOT
-#define CONFIG_CMD_ESBC_VALIDATE
-#define CONFIG_CMD_BLOB
-#define CONFIG_FSL_SEC_MON
-#define CONFIG_SHA_PROG_HW_ACCEL
-#define CONFIG_DM
-#define CONFIG_RSA
-#define CONFIG_RSA_FREESCALE_EXP
-#ifndef CONFIG_FSL_CAAM
-#define CONFIG_FSL_CAAM
-#endif
+#ifndef CONFIG_CHAIN_OF_TRUST
+#define CONFIG_CHAIN_OF_TRUST
#endif
-#ifdef CONFIG_SECURE_BOOT
#if defined(CONFIG_FSL_CORENET)
#define CONFIG_SYS_PBI_FLASH_BASE 0xc0000000
#elif defined(CONFIG_BSC9132QDS)
@@ -76,6 +67,20 @@
*/
#define CONFIG_FSL_ISBC_KEY_EXT
#endif
+#endif /* #ifdef CONFIG_SECURE_BOOT */
+
+#ifdef CONFIG_CHAIN_OF_TRUST
+
+#define CONFIG_CMD_ESBC_VALIDATE
+#define CONFIG_CMD_BLOB
+#define CONFIG_FSL_SEC_MON
+#define CONFIG_SHA_PROG_HW_ACCEL
+#define CONFIG_DM
+#define CONFIG_RSA
+#define CONFIG_RSA_FREESCALE_EXP
+#ifndef CONFIG_FSL_CAAM
+#define CONFIG_FSL_CAAM
+#endif
#ifndef CONFIG_FIT_SIGNATURE
/* If Boot Script is not on NOR and is required to be copied on RAM */
@@ -105,10 +110,10 @@
#define CONFIG_BOOTSCRIPT_HDR_ADDR 0xee020000
#endif
-#endif
+#endif /* #ifdef CONFIG_BOOTSCRIPT_COPY_RAM */
-#include <config_fsl_secboot.h>
-#endif
+#include <config_fsl_chain_trust.h>
+#endif /* #ifndef CONFIG_FIT_SIGNATURE */
-#endif
+#endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
#endif
@@ -73,8 +73,6 @@ obj-$(CONFIG_P5040DS) += p_corenet/
obj-$(CONFIG_LAYERSCAPE_NS_ACCESS) += ns_access.o
-ifdef CONFIG_SECURE_BOOT
obj-$(CONFIG_CMD_ESBC_VALIDATE) += fsl_validate.o cmd_esbc_validate.o
-endif
endif
new file mode 100644
@@ -0,0 +1,89 @@
+/*
+ * Copyright 2015 Freescale Semiconductor, Inc.
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#ifndef __CONFIG_FSL_CHAIN_TRUST_H
+#define __CONFIG_FSL_CHAIN_TRUST_H
+
+#ifdef CONFIG_CHAIN_OF_TRUST
+
+#ifndef CONFIG_CMD_ESBC_VALIDATE
+#define CONFIG_CMD_ESBC_VALIDATE
+#endif
+
+#ifndef CONFIG_EXTRA_ENV
+#define CONFIG_EXTRA_ENV ""
+#endif
+
+/*
+ * Control should not reach back to uboot after validation of images
+ * for secure boot flow and therefore bootscript should have
+ * the bootm command. If control reaches back to uboot anyhow
+ * after validating images, core should just spin.
+ */
+
+/*
+ * Define the key hash for boot script here if public/private key pair used to
+ * sign bootscript are different from the SRK hash put in the fuse
+ * Example of defining KEY_HASH is
+ * #define CONFIG_BOOTSCRIPT_KEY_HASH \
+ * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
+ */
+
+#ifdef CONFIG_BOOTSCRIPT_KEY_HASH
+#define CONFIG_SECBOOT \
+ "setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
+ "setenv bootargs \'root=/dev/ram rw console=ttyS0,115200 " \
+ "ramdisk_size=600000\';" \
+ CONFIG_EXTRA_ENV \
+ "esbc_validate $bs_hdraddr " \
+ __stringify(CONFIG_BOOTSCRIPT_KEY_HASH)";" \
+ "source $img_addr;" \
+ "esbc_halt\0"
+#else
+#define CONFIG_SECBOOT \
+ "setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
+ "setenv bootargs \'root=/dev/ram rw console=ttyS0,115200 " \
+ "ramdisk_size=600000\';" \
+ CONFIG_EXTRA_ENV \
+ "esbc_validate $bs_hdraddr;" \
+ "source $img_addr;" \
+ "esbc_halt\0"
+#endif
+
+/* For secure boot flow, default environment used will be used */
+#if defined(CONFIG_SYS_RAMBOOT)
+#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
+#define CONFIG_BS_COPY_ENV \
+ "setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \
+ "setenv bs_hdr_flash " __stringify(CONFIG_BS_HDR_ADDR_FLASH)";" \
+ "setenv bs_hdr_size " __stringify(CONFIG_BS_HDR_SIZE)";" \
+ "setenv bs_ram " __stringify(CONFIG_BS_ADDR_RAM)";" \
+ "setenv bs_flash " __stringify(CONFIG_BS_ADDR_FLASH)";" \
+ "setenv bs_size " __stringify(CONFIG_BS_SIZE)";"
+
+#if defined(CONFIG_RAMBOOT_NAND)
+#define CONFIG_BS_COPY_CMD \
+ "nand read $bs_hdr_ram $bs_hdr_flash $bs_hdr_size ;" \
+ "nand read $bs_ram $bs_flash $bs_size ;"
+#endif /* CONFIG_RAMBOOT_NAND */
+#endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
+
+#endif
+
+#ifndef CONFIG_BS_COPY_ENV
+#define CONFIG_BS_COPY_ENV
+#endif
+
+#ifndef CONFIG_BS_COPY_CMD
+#define CONFIG_BS_COPY_CMD
+#endif
+
+#define CONFIG_CHAIN_BOOT_CMD CONFIG_BS_COPY_ENV \
+ CONFIG_BS_COPY_CMD \
+ CONFIG_SECBOOT
+
+#endif
+#endif
deleted file mode 100644
@@ -1,116 +0,0 @@
-/*
- * Copyright 2015 Freescale Semiconductor, Inc.
- *
- * SPDX-License-Identifier: GPL-2.0+
- */
-
-#ifndef __CONFIG_FSL_SECBOOT_H
-#define __CONFIG_FSL_SECBOOT_H
-
-#ifdef CONFIG_SECURE_BOOT
-
-#ifndef CONFIG_CMD_ESBC_VALIDATE
-#define CONFIG_CMD_ESBC_VALIDATE
-#endif
-
-#ifndef CONFIG_EXTRA_ENV
-#define CONFIG_EXTRA_ENV ""
-#endif
-
-/*
- * Control should not reach back to uboot after validation of images
- * for secure boot flow and therefore bootscript should have
- * the bootm command. If control reaches back to uboot anyhow
- * after validating images, core should just spin.
- */
-
-/*
- * Define the key hash for boot script here if public/private key pair used to
- * sign bootscript are different from the SRK hash put in the fuse
- * Example of defining KEY_HASH is
- * #define CONFIG_BOOTSCRIPT_KEY_HASH \
- * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
- */
-
-#ifdef CONFIG_BOOTSCRIPT_KEY_HASH
-#define CONFIG_SECBOOT \
- "setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
- "setenv bootargs \'root=/dev/ram rw console=ttyS0,115200 " \
- "ramdisk_size=600000\';" \
- CONFIG_EXTRA_ENV \
- "esbc_validate $bs_hdraddr " \
- __stringify(CONFIG_BOOTSCRIPT_KEY_HASH)";" \
- "source $img_addr;" \
- "esbc_halt\0"
-#else
-#define CONFIG_SECBOOT \
- "setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
- "setenv bootargs \'root=/dev/ram rw console=ttyS0,115200 " \
- "ramdisk_size=600000\';" \
- CONFIG_EXTRA_ENV \
- "esbc_validate $bs_hdraddr;" \
- "source $img_addr;" \
- "esbc_halt\0"
-#endif
-
-/* For secure boot flow, default environment used will be used */
-#if defined(CONFIG_SYS_RAMBOOT)
-#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
-#define CONFIG_BS_COPY_ENV \
- "setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \
- "setenv bs_hdr_flash " __stringify(CONFIG_BS_HDR_ADDR_FLASH)";" \
- "setenv bs_hdr_size " __stringify(CONFIG_BS_HDR_SIZE)";" \
- "setenv bs_ram " __stringify(CONFIG_BS_ADDR_RAM)";" \
- "setenv bs_flash " __stringify(CONFIG_BS_ADDR_FLASH)";" \
- "setenv bs_size " __stringify(CONFIG_BS_SIZE)";"
-
-#if defined(CONFIG_RAMBOOT_NAND)
-#define CONFIG_BS_COPY_CMD \
- "nand read $bs_hdr_ram $bs_hdr_flash $bs_hdr_size ;" \
- "nand read $bs_ram $bs_flash $bs_size ;"
-#endif /* CONFIG_RAMBOOT_NAND */
-#endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
-
-#if defined(CONFIG_RAMBOOT_SPIFLASH)
-#undef CONFIG_ENV_IS_IN_SPI_FLASH
-#elif defined(CONFIG_RAMBOOT_NAND)
-#undef CONFIG_ENV_IS_IN_NAND
-#elif defined(CONFIG_RAMBOOT_SDCARD)
-#undef CONFIG_ENV_IS_IN_MMC
-#endif
-#else /*CONFIG_SYS_RAMBOOT*/
-#undef CONFIG_ENV_IS_IN_FLASH
-#endif
-
-#define CONFIG_ENV_IS_NOWHERE
-
-#ifndef CONFIG_BS_COPY_ENV
-#define CONFIG_BS_COPY_ENV
-#endif
-
-#ifndef CONFIG_BS_COPY_CMD
-#define CONFIG_BS_COPY_CMD
-#endif
-
-#define CONFIG_SECBOOT_CMD CONFIG_BS_COPY_ENV \
- CONFIG_BS_COPY_CMD \
- CONFIG_SECBOOT
-/*
- * We don't want boot delay for secure boot flow
- * before autoboot starts
- */
-#undef CONFIG_BOOTDELAY
-#define CONFIG_BOOTDELAY 0
-#undef CONFIG_BOOTCOMMAND
-#define CONFIG_BOOTCOMMAND CONFIG_SECBOOT_CMD
-
-/*
- * CONFIG_ZERO_BOOTDELAY_CHECK should not be defined for
- * secure boot flow as defining this would enable a user to
- * reach uboot prompt by pressing some key before start of
- * autoboot
- */
-#undef CONFIG_ZERO_BOOTDELAY_CHECK
-
-#endif
-#endif
@@ -665,6 +665,9 @@ unsigned long get_board_ddr_clk(void);
#define CONFIG_SHA_HW_ACCEL
#endif
+#ifndef CONFIG_SPL_BUILD
+#define CONFIG_CHAIN_OF_TRUST
+#endif
#include <asm/fsl_secure_boot.h>
#endif
@@ -521,6 +521,9 @@
#define CONFIG_SHA_HW_ACCEL
#endif
+#ifndef CONFIG_SPL_BUILD
+#define CONFIG_CHAIN_OF_TRUST
+#endif
#include <asm/fsl_secure_boot.h>
#endif
@@ -401,4 +401,14 @@ unsigned long get_board_ddr_clk(void);
#define CONFIG_CMD_MII
#define CONFIG_CMDLINE_TAG
+#ifndef CONFIG_SPL_BUILD
+#define CONFIG_CHAIN_OF_TRUST
+#endif
+#include <asm/fsl_secure_boot.h>
+
+#ifdef CONFIG_CHAIN_OF_TRUST
+/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit */
+#define CONFIG_ESBC_ADDR_64BIT
+#endif
+
#endif /* __LS1043AQDS_H__ */
@@ -291,6 +291,9 @@
#define CONFIG_CMD_EXT2
#endif
+#ifndef CONFIG_SPL_BUILD
+#define CONFIG_CHAIN_OF_TRUST
+#endif
#include <asm/fsl_secure_boot.h>
#ifdef CONFIG_CHAIN_OF_TRUST