diff mbox

[U-Boot,1/3,v4] arm: ls1043ardb: Add SD secure boot target

Message ID 1492432639-32589-1-git-send-email-ruchika.gupta@nxp.com
State Accepted
Commit 70f9661ca9130c446c146f582046024eddaaee31
Delegated to: York Sun
Headers show

Commit Message

Ruchika Gupta April 17, 2017, 12:37 p.m. UTC 
- Add SD secure boot target for ls1043ardb.
- Implement FSL_LSCH2 specific spl_board_init() to setup CAAM stream ID and
  corresponding stream ID in SMMU.
- Change the u-boot size defined by a macro for copying the main U-Boot by SPL
  to also include the u-boot Secure Boot header size as header is appended to
  u-boot image. So header will also be copied from SD to DDR.
- CONFIG_MAX_SPL_SIZE is limited to 90K.SPL is copied to OCRAM (128K) where 32K
  are reserved for use by boot ROM and 6K for secure boto header
- Error messages during SPL boot are limited to error code numbers instead of strings
  to reduce the size of SPL image

Signed-off-by: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
---
Changes in v4:
Updated Maintainers file

Changes in v3:
Moved spl_board_init function to arch/arm/cpu/armv8/fsl-layerscape/spl.c

Changes in v2:
Rebased to latest dependent patches: - No change

Dependent patch set:
SECURE boot target addition for NOR on LS1043, LS1046
https://patchwork.ozlabs.org/patch/742548/
https://patchwork.ozlabs.org/patch/742552/
https://patchwork.ozlabs.org/patch/742549/
https://patchwork.ozlabs.org/patch/742551/
https://patchwork.ozlabs.org/patch/742550/
https://patchwork.ozlabs.org/patch/742553/
https://patchwork.ozlabs.org/patch/742554/

and
SPL size reduction patches
https://patchwork.ozlabs.org/patch/744755/
https://patchwork.ozlabs.org/patch/744756/
 arch/arm/cpu/armv8/fsl-layerscape/spl.c         | 18 ++++++++
 arch/arm/include/asm/fsl_secure_boot.h          |  9 +++-
 board/freescale/common/fsl_validate.c           |  4 ++
 board/freescale/ls1043ardb/MAINTAINERS          |  1 +
 configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig | 57 +++++++++++++++++++++++++
 include/configs/ls1043a_common.h                | 16 ++++++-
 6 files changed, 101 insertions(+), 4 deletions(-)
 create mode 100644 configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig

Comments

York Sun April 18, 2017, 3:38 p.m. UTC | #1 
On 04/17/2017 12:32 AM, Ruchika Gupta wrote:
> - Add SD secure boot target for ls1043ardb.
> - Implement FSL_LSCH2 specific spl_board_init() to setup CAAM stream ID and
>   corresponding stream ID in SMMU.
> - Change the u-boot size defined by a macro for copying the main U-Boot by SPL
>   to also include the u-boot Secure Boot header size as header is appended to
>   u-boot image. So header will also be copied from SD to DDR.
> - CONFIG_MAX_SPL_SIZE is limited to 90K.SPL is copied to OCRAM (128K) where 32K
>   are reserved for use by boot ROM and 6K for secure boto header
> - Error messages during SPL boot are limited to error code numbers instead of strings
>   to reduce the size of SPL image
>
> Signed-off-by: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
> Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
> Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
> ---
> Changes in v4:
> Updated Maintainers file
>
> Changes in v3:
> Moved spl_board_init function to arch/arm/cpu/armv8/fsl-layerscape/spl.c
>
> Changes in v2:
> Rebased to latest dependent patches: - No change
>

Reformatted commit message to wrap back at or before 70 characters. 
Please do the same on your future patches.

Applied to u-boot-fsl-qoriq master, awaiting upstream. Thanks.

York
diff mbox

Patch

diff --git a/arch/arm/cpu/armv8/fsl-layerscape/spl.c b/arch/arm/cpu/armv8/fsl-layerscape/spl.c
index 73a8680..dfacf98 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/spl.c
+++ b/arch/arm/cpu/armv8/fsl-layerscape/spl.c
@@ -41,6 +41,24 @@  u32 spl_boot_mode(const u32 boot_device)
 }
 
 #ifdef CONFIG_SPL_BUILD
+
+void spl_board_init(void)
+{
+#if defined(CONFIG_SECURE_BOOT) && defined(CONFIG_FSL_LSCH2)
+	/*
+	 * In case of Secure Boot, the IBR configures the SMMU
+	 * to allow only Secure transactions.
+	 * SMMU must be reset in bypass mode.
+	 * Set the ClientPD bit and Clear the USFCFG Bit
+	*/
+	u32 val;
+	val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK);
+	out_le32(SMMU_SCR0, val);
+	val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK);
+	out_le32(SMMU_NSCR0, val);
+#endif
+}
+
 void board_init_f(ulong dummy)
 {
 	/* Clear global data */
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index 423c2c4..56a6ba0 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -27,10 +27,11 @@ 
 #define CONFIG_SPL_UBOOT_KEY_HASH	NULL
 #endif /* ifdef CONFIG_SPL_BUILD */
 
+#define CONFIG_KEY_REVOCATION
+
 #ifndef CONFIG_SPL_BUILD
 #define CONFIG_CMD_BLOB
 #define CONFIG_CMD_HASH
-#define CONFIG_KEY_REVOCATION
 #ifndef CONFIG_SYS_RAMBOOT
 /* The key used for verification of next level images
  * is picked up from an Extension Table which has
@@ -87,7 +88,11 @@ 
 /* For SD boot address and size are assigned in terms of sector
  * offset and no. of sectors respectively.
  */
-#define CONFIG_BS_HDR_ADDR_DEVICE	0x00000900
+#if defined(CONFIG_LS1043A)
+#define CONFIG_BS_HDR_ADDR_DEVICE	0x00000920
+#else
+#define CONFIG_BS_HDR_ADDR_DEVICE       0x00000900
+#endif
 #define CONFIG_BS_ADDR_DEVICE		0x00000940
 #define CONFIG_BS_HDR_SIZE		0x00000010
 #define CONFIG_BS_SIZE			0x00000008
diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c
index 2b723a4..235c6ab 100644
--- a/board/freescale/common/fsl_validate.c
+++ b/board/freescale/common/fsl_validate.c
@@ -356,6 +356,7 @@  static void fsl_secboot_bootscript_parse_failure(void)
  */
 void fsl_secboot_handle_error(int error)
 {
+#ifndef CONFIG_SPL_BUILD
 	const struct fsl_secboot_errcode *e;
 
 	for (e = fsl_secboot_errcodes; e->errcode != ERROR_ESBC_CLIENT_MAX;
@@ -363,6 +364,9 @@  void fsl_secboot_handle_error(int error)
 		if (e->errcode == error)
 			printf("ERROR :: %x :: %s\n", error, e->name);
 	}
+#else
+	printf("ERROR :: %x\n", error);
+#endif
 
 	/* If Boot Mode is secure, transition the SNVS state and issue
 	 * reset based on type of failure and ITS setting.
diff --git a/board/freescale/ls1043ardb/MAINTAINERS b/board/freescale/ls1043ardb/MAINTAINERS
index 0503a3f..8b69892 100644
--- a/board/freescale/ls1043ardb/MAINTAINERS
+++ b/board/freescale/ls1043ardb/MAINTAINERS
@@ -12,3 +12,4 @@  LS1043A_SECURE_BOOT BOARD
 M:	Ruchika Gupta <ruchika.gupta@nxp.com>
 S:	Maintained
 F:	configs/ls1043ardb_SECURE_BOOT_defconfig
+F:	configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
diff --git a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
new file mode 100644
index 0000000..3f35d64
--- /dev/null
+++ b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
@@ -0,0 +1,57 @@ 
+CONFIG_ARM=y
+CONFIG_TARGET_LS1043ARDB=y
+CONFIG_SPL_LIBCOMMON_SUPPORT=y
+CONFIG_SPL_LIBGENERIC_SUPPORT=y
+CONFIG_SPL_MMC_SUPPORT=y
+CONFIG_SPL_SERIAL_SUPPORT=y
+CONFIG_SPL_ENV_SUPPORT=y
+CONFIG_SPL_DRIVERS_MISC_SUPPORT=y
+CONFIG_SPL_WATCHDOG_SUPPORT=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1043a-rdb"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_SYS_EXTRA_OPTIONS="RAMBOOT_PBL,SPL_FSL_PBL,SD_BOOT"
+CONFIG_SECURE_BOOT=y
+CONFIG_SD_BOOT=y
+CONFIG_BOOTDELAY=10
+CONFIG_SPL=y
+CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
+CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x110
+CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y
+CONFIG_HUSH_PARSER=y
+CONFIG_CMD_GPT=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_USB=y
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_PXE=y
+CONFIG_CMD_MII=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_CACHE=y
+CONFIG_CMD_EXT2=y
+CONFIG_CMD_FAT=y
+# CONFIG_SPL_EFI_PARTITION is not set
+CONFIG_OF_CONTROL=y
+CONFIG_DM=y
+CONFIG_SPL_DM=y
+CONFIG_MTD_NOR_FLASH=y
+CONFIG_SPI_FLASH=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_PCIE_LAYERSCAPE=y
+CONFIG_SYS_NS16550=y
+CONFIG_DM_SPI=y
+CONFIG_USB=y
+CONFIG_DM_USB=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_USB_STORAGE=y
+CONFIG_RSA=y
+CONFIG_SPL_RSA=y
+CONFIG_SPL_CRYPTO_SUPPORT=y
+CONFIG_SPL_HASH_SUPPORT=y
diff --git a/include/configs/ls1043a_common.h b/include/configs/ls1043a_common.h
index 3fb8740..b71456e 100644
--- a/include/configs/ls1043a_common.h
+++ b/include/configs/ls1043a_common.h
@@ -66,7 +66,7 @@ 
 #define CONFIG_SPL_TARGET		"u-boot-with-spl.bin"
 
 #define CONFIG_SPL_TEXT_BASE		0x10000000
-#define CONFIG_SPL_MAX_SIZE		0x1d000
+#define CONFIG_SPL_MAX_SIZE		0x17000
 #define CONFIG_SPL_STACK		0x1001e000
 #define CONFIG_SPL_PAD_TO		0x1d000
 
@@ -75,7 +75,19 @@ 
 #define CONFIG_SYS_SPL_MALLOC_SIZE	0x100000
 #define CONFIG_SPL_BSS_START_ADDR	0x80100000
 #define CONFIG_SPL_BSS_MAX_SIZE		0x80000
-#define CONFIG_SYS_MONITOR_LEN		0xa0000
+
+#ifdef CONFIG_SECURE_BOOT
+#define CONFIG_U_BOOT_HDR_SIZE				(16 << 10)
+/*
+ * HDR would be appended at end of image and copied to DDR along
+ * with U-Boot image. Here u-boot max. size is 512K. So if binary
+ * size increases then increase this size in case of secure boot as
+ * it uses raw u-boot image instead of fit image.
+ */
+#define CONFIG_SYS_MONITOR_LEN		(0x100000 + CONFIG_U_BOOT_HDR_SIZE)
+#else
+#define CONFIG_SYS_MONITOR_LEN		0x100000
+#endif /* ifdef CONFIG_SECURE_BOOT */
 #endif
 
 /* NAND SPL */