diff mbox

[U-Boot,3/3,v4] arm: ls1046ardb: Add SD secure boot target

Message ID 1491345778-6890-2-git-send-email-ruchika.gupta@nxp.com
State Superseded
Delegated to: York Sun
Headers show

Commit Message

Ruchika Gupta April 4, 2017, 10:42 p.m. UTC 
- Add SD secure boot target for ls1046ardb.
- Change the u-boot size defined by a macro for copying the main U-Boot by SPL
  to also include the u-boot Secure Boot header size as header is appended to
  u-boot image. So header will also be copied from SD to DDR.
- CONFIG_MAX_SPL_SIZE is limited to 90K.SPL is copied to OCRAM (128K) where 32K
  are reserved for use by boot ROM and 6K for the header
- Reduce the size of CAAM driver for SPL Blobification functions and descriptors,
  that are not required at the time of SPL are disabled. Further error code
  conversion to strings is disabled for SPL build.

Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
---
Changes in v4:
Removed spl_board_init from board specific file.

Changes in v3:
Resend

Changes in v2:
- Rebased patches to latest dependent patch set
- With the dependent path set , spl imag size increased to 94K. So
- additionally  reduce the spl image size by removing the functions from
- CAAM driver that are not required in SPL flow

Dependent patch set:
SECURE boot target addition for NOR on LS1043, LS1046
https://patchwork.ozlabs.org/patch/742548/
https://patchwork.ozlabs.org/patch/742552/
https://patchwork.ozlabs.org/patch/742549/
https://patchwork.ozlabs.org/patch/742551/
https://patchwork.ozlabs.org/patch/742550/
https://patchwork.ozlabs.org/patch/742553/
https://patchwork.ozlabs.org/patch/742554/

and
SPL size reduction patches
https://patchwork.ozlabs.org/patch/744755/
https://patchwork.ozlabs.org/patch/744756/

 arch/arm/include/asm/fsl_secure_boot.h          |  2 +-
 configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig | 45 +++++++++++++++++++++++++
 drivers/crypto/fsl/jobdesc.c                    |  4 +--
 drivers/crypto/fsl/jr.c                         | 19 ++++++-----
 include/configs/ls1046a_common.h                | 17 ++++++++--
 5 files changed, 72 insertions(+), 15 deletions(-)
 create mode 100644 configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig
diff mbox

Patch

diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index 9ca7abe..97eab64 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -88,7 +88,7 @@ 
 /* For SD boot address and size are assigned in terms of sector
  * offset and no. of sectors respectively.
  */
-#if defined(CONFIG_LS1043A)
+#if defined(CONFIG_LS1043A) || defined(CONFIG_ARCH_LS1046A)
 #define CONFIG_BS_HDR_ADDR_DEVICE	0x00000920
 #else
 #define CONFIG_BS_HDR_ADDR_DEVICE       0x00000900
diff --git a/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig b/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig
new file mode 100644
index 0000000..a41ec80
--- /dev/null
+++ b/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig
@@ -0,0 +1,45 @@ 
+CONFIG_ARM=y
+CONFIG_TARGET_LS1046ARDB=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1046a-rdb"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_SYS_EXTRA_OPTIONS="RAMBOOT_PBL,SPL_FSL_PBL"
+CONFIG_SECURE_BOOT=y
+CONFIG_SD_BOOT=y
+CONFIG_BOOTDELAY=10
+CONFIG_SPL=y
+CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
+CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x110
+CONFIG_HUSH_PARSER=y
+# CONFIG_CMD_IMLS is not set
+CONFIG_CMD_GPT=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_MII=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_CACHE=y
+CONFIG_CMD_EXT2=y
+CONFIG_CMD_FAT=y
+# CONFIG_SPL_EFI_PARTITION is not set
+CONFIG_OF_CONTROL=y
+CONFIG_DM=y
+CONFIG_SPL_DM=y
+CONFIG_SPI_FLASH=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_PCIE_LAYERSCAPE=y
+CONFIG_SYS_NS16550=y
+CONFIG_DM_SPI=y
+CONFIG_FSL_QSPI=y
+CONFIG_USB=y
+CONFIG_DM_USB=y
+CONFIG_RSA=y
+CONFIG_SPL_RSA=y
+CONFIG_SPL_CRYPTO_SUPPORT=y
+CONFIG_SPL_HASH_SUPPORT=y
diff --git a/drivers/crypto/fsl/jobdesc.c b/drivers/crypto/fsl/jobdesc.c
index 6125bbb..375ff9d 100644
--- a/drivers/crypto/fsl/jobdesc.c
+++ b/drivers/crypto/fsl/jobdesc.c
@@ -204,7 +204,7 @@  void inline_cnstr_jobdesc_hash(uint32_t *desc,
 	append_store(desc, dma_addr_out, storelen,
 		     LDST_CLASS_2_CCB | LDST_SRCDST_BYTE_CONTEXT);
 }
-
+#ifndef CONFIG_SPL_BUILD
 void inline_cnstr_jobdesc_blob_encap(uint32_t *desc, uint8_t *key_idnfr,
 				     uint8_t *plain_txt, uint8_t *enc_blob,
 				     uint32_t in_sz)
@@ -252,7 +252,7 @@  void inline_cnstr_jobdesc_blob_decap(uint32_t *desc, uint8_t *key_idnfr,
 
 	append_operation(desc, OP_TYPE_DECAP_PROTOCOL | OP_PCLID_BLOB);
 }
-
+#endif
 /*
  * Descriptor to instantiate RNG State Handle 0 in normal mode and
  * load the JDKEK, TDKEK and TDSK registers
diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c
index 1b88229..163e729 100644
--- a/drivers/crypto/fsl/jr.c
+++ b/drivers/crypto/fsl/jr.c
@@ -342,7 +342,9 @@  static void desc_done(uint32_t status, void *arg)
 {
 	struct result *x = arg;
 	x->status = status;
+#ifndef CONFIG_SPL_BUILD
 	caam_jr_strstatus(status);
+#endif
 	x->done = 1;
 }
 
@@ -436,7 +438,11 @@  static inline int sec_reset_idx(uint8_t sec_idx)
 
 	return 0;
 }
-
+int sec_reset(void)
+{
+	return sec_reset_idx(0);
+}
+#ifndef CONFIG_SPL_BUILD
 static int instantiate_rng(uint8_t sec_idx)
 {
 	struct result op;
@@ -472,11 +478,6 @@  static int instantiate_rng(uint8_t sec_idx)
 	return ret;
 }
 
-int sec_reset(void)
-{
-	return sec_reset_idx(0);
-}
-
 static u8 get_rng_vid(uint8_t sec_idx)
 {
 	ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx);
@@ -561,7 +562,7 @@  static int rng_init(uint8_t sec_idx)
 
 	return ret;
 }
-
+#endif
 int sec_init_idx(uint8_t sec_idx)
 {
 	ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx);
@@ -634,7 +635,7 @@  int sec_init_idx(uint8_t sec_idx)
 
 	pamu_enable();
 #endif
-
+#ifndef CONFIG_SPL_BUILD
 	if (get_rng_vid(sec_idx) >= 4) {
 		if (rng_init(sec_idx) < 0) {
 			printf("SEC%u: RNG instantiation failed\n", sec_idx);
@@ -642,7 +643,7 @@  int sec_init_idx(uint8_t sec_idx)
 		}
 		printf("SEC%u: RNG instantiated\n", sec_idx);
 	}
-
+#endif
 	return ret;
 }
 
diff --git a/include/configs/ls1046a_common.h b/include/configs/ls1046a_common.h
index b77edda..180cf92 100644
--- a/include/configs/ls1046a_common.h
+++ b/include/configs/ls1046a_common.h
@@ -24,7 +24,6 @@ 
 #define CONFIG_GICV2
 
 #include <asm/arch/config.h>
-
 /* Link Definitions */
 #define CONFIG_SYS_INIT_SP_ADDR		(CONFIG_SYS_FSL_OCRAM_BASE + 0xfff0)
 
@@ -78,7 +77,19 @@ 
 #define CONFIG_SYS_SPL_MALLOC_START	(CONFIG_SPL_BSS_START_ADDR + \
 					CONFIG_SPL_BSS_MAX_SIZE)
 #define CONFIG_SYS_SPL_MALLOC_SIZE	0x100000
-#define CONFIG_SYS_MONITOR_LEN		0xa0000
+
+#ifdef CONFIG_SECURE_BOOT
+#define CONFIG_U_BOOT_HDR_SIZE				(16 << 10)
+/*
+ * HDR would be appended at end of image and copied to DDR along
+ * with U-Boot image. Here u-boot max. size is 512K. So if binary
+ * size increases then increase this size in case of secure boot as
+ * it uses raw u-boot image instead of fit image.
+ */
+#define CONFIG_SYS_MONITOR_LEN		(0x100000 + CONFIG_U_BOOT_HDR_SIZE)
+#else
+#define CONFIG_SYS_MONITOR_LEN		0x100000
+#endif /* ifdef CONFIG_SECURE_BOOT */
 #endif
 
 /* NAND SPL */
@@ -98,7 +109,7 @@ 
 #define CONFIG_SPL_NAND_SUPPORT
 #define CONFIG_SPL_DRIVERS_MISC_SUPPORT
 #define CONFIG_SPL_TEXT_BASE		0x10000000
-#define CONFIG_SPL_MAX_SIZE		0x1d000		/* 116 KiB */
+#define CONFIG_SPL_MAX_SIZE		0x17000		/* 90 KiB */
 #define CONFIG_SPL_STACK		0x1001f000
 #define CONFIG_SYS_NAND_U_BOOT_DST	CONFIG_SYS_TEXT_BASE
 #define CONFIG_SYS_NAND_U_BOOT_START	CONFIG_SYS_TEXT_BASE