From patchwork Sat Apr 9 18:28:45 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kumar Gala X-Patchwork-Id: 90482 X-Patchwork-Delegate: galak@kernel.crashing.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from theia.denx.de (theia.denx.de [85.214.87.163]) by ozlabs.org (Postfix) with ESMTP id 0A4741007D1 for ; Sun, 10 Apr 2011 04:29:01 +1000 (EST) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 37964280C5; Sat, 9 Apr 2011 20:28:59 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at theia.denx.de Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zjmW3jLI83LH; Sat, 9 Apr 2011 20:28:59 +0200 (CEST) Received: from theia.denx.de (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 435F6280BE; Sat, 9 Apr 2011 20:28:56 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 2BF5A280BE for ; Sat, 9 Apr 2011 20:28:54 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at theia.denx.de Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SjSG9Eqzo7TW for ; Sat, 9 Apr 2011 20:28:52 +0200 (CEST) X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested) Received: from gate.crashing.org (gate.crashing.org [63.228.1.57]) by theia.denx.de (Postfix) with ESMTPS id 07699280BC for ; Sat, 9 Apr 2011 20:28:50 +0200 (CEST) Received: from localhost (localhost.localdomain [127.0.0.1]) by gate.crashing.org (8.14.1/8.13.8) with ESMTP id p39ISjWf014614; Sat, 9 Apr 2011 13:28:46 -0500 From: Kumar Gala To: u-boot@lists.denx.de Date: Sat, 9 Apr 2011 13:28:45 -0500 Message-Id: <1302373725-21799-1-git-send-email-galak@kernel.crashing.org> X-Mailer: git-send-email 1.5.6.5 Cc: Ruchika Gupta Subject: [U-Boot] [PATCH] powerpc/p4080: Add support for secure boot flow on CoreNet Based QorIQ chips X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.9 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: u-boot-bounces@lists.denx.de Errors-To: u-boot-bounces@lists.denx.de From: Ruchika Gupta 1. Create a temp mapping in AS=1 of CONFIG_SYS_MONITOR_BASE to the 1M CONFIG_SYS_PBI_FLASH_WINDOW (The CONFIG_SYS_PBI_FLASH_WINDOW is the address map for the flash created by PBL within 0 - 3.5G memory range. The u-boot image at this address has been validated by ISBC code) 2. Remove TLB entries for 0 - 3.5G created by ISBC code 3. Remove the LAW entry for the CONFIG_SYS_PBI_FLASH_WINDOW created by PBL after switch to AS = 1 Flow for secure-boot for which the changes have been made is given below: 1. User loads the u-boot image in flash 2. PBL creates LAW for Flash at 0xc0000000 (Please note that ISBC expects all these addresses, images to be validated, entry point etc within 0 - 3.5G range) 3. ISBC validates the u-boot image, and passes control to u-boot at 0xcffffffc. Signed-off-by: Ruchika Gupta Acked-by: Scott Wood --- arch/powerpc/cpu/mpc85xx/cpu_init.c | 7 ++++ arch/powerpc/cpu/mpc85xx/cpu_init_early.c | 10 +++++- arch/powerpc/cpu/mpc85xx/start.S | 53 +++++++++++++++++++++++++++- arch/powerpc/include/asm/fsl_secure_boot.h | 40 +++++++++++++++++++++ boards.cfg | 1 + include/configs/corenet_ds.h | 4 ++ 6 files changed, 113 insertions(+), 2 deletions(-) create mode 100644 arch/powerpc/include/asm/fsl_secure_boot.h diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init.c b/arch/powerpc/cpu/mpc85xx/cpu_init.c index 6f256cf..aafb007 100644 --- a/arch/powerpc/cpu/mpc85xx/cpu_init.c +++ b/arch/powerpc/cpu/mpc85xx/cpu_init.c @@ -239,6 +239,13 @@ void cpu_init_f (void) disable_tlb(14); disable_tlb(15); +#ifdef CONFIG_SYS_ESBC_FLASH + /* Disable the LAW created for NOR flash by the PBI commands */ + struct law_entry law = find_law(CONFIG_SYS_PBI_FLASH_BASE); + if (law.index != -1) + disable_law(law.index); +#endif + #ifdef CONFIG_CPM2 config_8560_ioports((ccsr_cpm_t *)CONFIG_SYS_MPC85xx_CPM_ADDR); #endif diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init_early.c b/arch/powerpc/cpu/mpc85xx/cpu_init_early.c index 32aa94b..58397ec 100644 --- a/arch/powerpc/cpu/mpc85xx/cpu_init_early.c +++ b/arch/powerpc/cpu/mpc85xx/cpu_init_early.c @@ -1,5 +1,5 @@ /* - * Copyright 2009 Freescale Semiconductor, Inc + * Copyright 2009-2011 Freescale Semiconductor, Inc * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as @@ -108,5 +108,13 @@ void cpu_init_early_f(void) init_laws(); invalidate_tlb(0); + +#if defined(CONFIG_SECURE_BOOT) +/* Disable the TLBs created by ISBC */ + for (i = CONFIG_SYS_ISBC_START_TLB; + i < CONFIG_SYS_ISBC_START_TLB + CONFIG_SYS_ISBC_NUM_TLBS; i++) + disable_tlb(i); +#endif + init_tlbs(); } diff --git a/arch/powerpc/cpu/mpc85xx/start.S b/arch/powerpc/cpu/mpc85xx/start.S index 5777493..0caa336 100644 --- a/arch/powerpc/cpu/mpc85xx/start.S +++ b/arch/powerpc/cpu/mpc85xx/start.S @@ -88,6 +88,45 @@ _start_e500: +#ifdef CONFIG_SECURE_BOOT + /* ISBC uses L2 as stack. + Disable L2 cache here so that u-boot can enable it later + as part of it's normal flow + */ + + /* Check if L2 is enabled */ + mfspr r3, SPRN_L2CSR0 + lis r2, L2CSR0_L2E@h + ori r2, r2, L2CSR0_L2E@l + and. r4, r3, r2 + beq l2_disabled + + mfspr r3, SPRN_L2CSR0 + /* Flush L2 cache */ + lis r2,(L2CSR0_L2FL)@h + ori r2, r2, (L2CSR0_L2FL)@l + or r3, r2, r3 + sync + isync + mtspr SPRN_L2CSR0,r3 + isync +1: + mfspr r3, SPRN_L2CSR0 + and. r1, r3, r2 + bne 1b + + mfspr r3, SPRN_L2CSR0 + lis r2, L2CSR0_L2E@h + ori r2, r2, L2CSR0_L2E@l + andc r4, r3, r2 + sync + isync + mtspr SPRN_L2CSR0,r4 + isync + +l2_disabled: +#endif + /* clear registers/arrays not reset by hardware */ /* L1 */ @@ -287,7 +326,7 @@ _start_e500: lis r6,FSL_BOOKE_MAS0(1, 15, 0)@h ori r6,r6,FSL_BOOKE_MAS0(1, 15, 0)@l -#ifndef CONFIG_SYS_RAMBOOT +#if !defined(CONFIG_SYS_RAMBOOT) && !defined(CONFIG_SECURE_BOOT) /* create a temp mapping in AS=1 to the 4M boot window */ lis r7,FSL_BOOKE_MAS1(1, 1, 0, 1, BOOKE_PAGESZ_4M)@h ori r7,r7,FSL_BOOKE_MAS1(1, 1, 0, 1, BOOKE_PAGESZ_4M)@l @@ -298,6 +337,18 @@ _start_e500: /* The 85xx has the default boot window 0xff800000 - 0xffffffff */ lis r9,FSL_BOOKE_MAS3(0xffc00000, 0, (MAS3_SX|MAS3_SW|MAS3_SR))@h ori r9,r9,FSL_BOOKE_MAS3(0xffc00000, 0, (MAS3_SX|MAS3_SW|MAS3_SR))@l +#elif defined(CONFIG_SECURE_BOOT) + /* create a temp mapping in AS = 1 for Flash mapping + * created by PBL for ISBC code + */ + lis r7,FSL_BOOKE_MAS1(1, 1, 0, 1, BOOKE_PAGESZ_1M)@h + ori r7,r7,FSL_BOOKE_MAS1(1, 1, 0, 1, BOOKE_PAGESZ_1M)@l + + lis r8,FSL_BOOKE_MAS2(CONFIG_SYS_MONITOR_BASE, (MAS2_I|MAS2_G))@h + ori r8,r8,FSL_BOOKE_MAS2(CONFIG_SYS_MONITOR_BASE, (MAS2_I|MAS2_G))@l + + lis r9,FSL_BOOKE_MAS3(CONFIG_SYS_PBI_FLASH_WINDOW, 0, (MAS3_SX|MAS3_SW|MAS3_SR))@h + ori r9,r9,FSL_BOOKE_MAS3(CONFIG_SYS_PBI_FLASH_WINDOW, 0, (MAS3_SX|MAS3_SW|MAS3_SR))@l #else /* * create a temp mapping in AS=1 to the 1M CONFIG_SYS_MONITOR_BASE space, the main diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h new file mode 100644 index 0000000..786a98e --- /dev/null +++ b/arch/powerpc/include/asm/fsl_secure_boot.h @@ -0,0 +1,40 @@ +/* + * Copyright 2010-2011 Freescale Semiconductor, Inc. + * + * See file CREDITS for list of people who contributed to this + * project. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of + * the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, + * MA 02111-1307 USA + */ + +#ifndef __FSL_SECURE_BOOT_H +#define __FSL_SECURE_BOOT_H + +/* This define indicates that u-boot's code is executing from flash + * after ISBC Validation */ +#define CONFIG_SYS_ESBC_FLASH + +/*Starting TLB number for the TLB entried for 3.5 G space created by ISBC */ +#define CONFIG_SYS_ISBC_START_TLB 3 + +/* Number fo TLB's created by ISBC */ +#define CONFIG_SYS_ISBC_NUM_TLBS 5 + +/* Address map where flash lies as done by PBI commands */ +#define CONFIG_SYS_PBI_FLASH_BASE 0xc0000000 +#define CONFIG_SYS_PBI_FLASH_WINDOW 0xcff80000 + +#endif diff --git a/boards.cfg b/boards.cfg index cc1ae6c..6ffcd96 100644 --- a/boards.cfg +++ b/boards.cfg @@ -545,6 +545,7 @@ P2020RDB_SDCARD powerpc mpc85xx p1_p2_rdb freesca P2020RDB_SPIFLASH powerpc mpc85xx p1_p2_rdb freescale - P1_P2_RDB:P2020RDB,SPIFLASH P4080DS powerpc mpc85xx corenet_ds freescale P4080DS_RAMBOOT_PBL powerpc mpc85xx corenet_ds freescale - P4080DS:RAMBOOT_PBL,SYS_TEXT_BASE=0xFFF80000 +P4080DS_SECURE_BOOT powerpc mpc85xx corenet_ds freescale - P4080DS:SECURE_BOOT mpq101 powerpc mpc85xx mpq101 mercury - mpq101 stxgp3 powerpc mpc85xx stxgp3 stx stxssa powerpc mpc85xx stxssa stx - stxssa diff --git a/include/configs/corenet_ds.h b/include/configs/corenet_ds.h index 2bd2553..9bc9017 100644 --- a/include/configs/corenet_ds.h +++ b/include/configs/corenet_ds.h @@ -607,4 +607,8 @@ #define CONFIG_BOOTCOMMAND CONFIG_HDBOOT +#ifdef CONFIG_SECURE_BOOT +#include +#endif + #endif /* __CONFIG_H */