From patchwork Thu Nov 19 05:41:52 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aneesh Bansal X-Patchwork-Id: 546320 X-Patchwork-Delegate: yorksun@freescale.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from theia.denx.de (theia.denx.de [85.214.87.163]) by ozlabs.org (Postfix) with ESMTP id 866D6140281 for ; Thu, 19 Nov 2015 16:43:46 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id B1BF24B664; Thu, 19 Nov 2015 06:43:40 +0100 (CET) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UZwiIqNST95f; Thu, 19 Nov 2015 06:43:40 +0100 (CET) Received: from theia.denx.de (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 7E3A64B6B4; Thu, 19 Nov 2015 06:43:19 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 372694B65A for ; Thu, 19 Nov 2015 06:42:58 +0100 (CET) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8TMrBuXg6H_O for ; Thu, 19 Nov 2015 06:42:58 +0100 (CET) X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested) Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0116.outbound.protection.outlook.com [65.55.169.116]) by theia.denx.de (Postfix) with ESMTPS id 1C1954B652 for ; Thu, 19 Nov 2015 06:42:54 +0100 (CET) Received: from BLUPR03CA001.namprd03.prod.outlook.com (10.255.124.18) by CY1PR03MB1472.namprd03.prod.outlook.com (10.163.17.157) with Microsoft SMTP Server (TLS) id 15.1.325.17; Thu, 19 Nov 2015 05:42:50 +0000 Received: from BY2FFO11FD041.protection.gbl (207.46.163.240) by BLUPR03CA001.outlook.office365.com (10.255.124.18) with Microsoft SMTP Server (TLS) id 15.1.331.20 via Frontend Transport; Thu, 19 Nov 2015 05:42:50 +0000 Authentication-Results: spf=permerror (sender IP is 192.88.158.2) smtp.mailfrom=freescale.com; freescale.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none; freescale.mail.onmicrosoft.com; dmarc=none action=none header.from=freescale.com; Received-SPF: PermError (protection.outlook.com: domain of freescale.com used an invalid SPF mechanism) Received: from az84smr01.freescale.net (192.88.158.2) by BY2FFO11FD041.mail.protection.outlook.com (10.1.14.226) with Microsoft SMTP Server (TLS) id 15.1.325.5 via Frontend Transport; Thu, 19 Nov 2015 05:42:50 +0000 Received: from perf-idc04.ap.freescale.net (perf-idc04.ap.freescale.net [10.232.14.49]) by az84smr01.freescale.net (8.14.3/8.14.0) with ESMTP id tAJ5gUlG024770; Wed, 18 Nov 2015 22:42:47 -0700 From: Aneesh Bansal To: Date: Thu, 19 Nov 2015 11:11:52 +0530 Message-ID: <1447911713-28639-4-git-send-email-aneesh.bansal@freescale.com> X-Mailer: git-send-email 1.8.1.4 In-Reply-To: <1447911713-28639-1-git-send-email-aneesh.bansal@freescale.com> References: <1447911713-28639-1-git-send-email-aneesh.bansal@freescale.com> X-EOPAttributedMessage: 0 X-Microsoft-Exchange-Diagnostics: 1; BY2FFO11FD041; 1:pbsQvrOZu0nfKW6DF982t0W4nRoHwE7NaFsCQjwzSskkrto9liP7j9iPRQsd3uwPSW2mTlZd+OY0md8S9/W6gi+4h6OsPmg4LM0dsG5CWe2kL32tHF3kYGpVbVA+n5bf1aVE5Nu+Y9n8K4l/S1uTZ9Mdbcj7g2tkzmkPYBIa93PRk+LhwvvgqlvmptgeLCmQGy9KiSj0gY6Lf8HUwrCrcxjjj6MM5v2O5tShoTh8l2SwEDn2rDWnEBlpiLcUthCyNeAk895SWfSTKruO5Mqz1hrbc6A+nkBsWs3ZqsAgFDnVee/DYAMdx3spAiPx/IPBQV2cWstpiHuy/fNB+UTjLhk69Vrkh/IloSDBvLE7AIf6+k7PoLkaIoLtGwLHmVysm9DezxuDLnpBBaGJXdmuI8b3+dWMi/OPWDtt9XpFmz6ep0MTaAhvEuHV40PY0Xy6OipQ2kxJR85mvS7cKvueTw== X-Forefront-Antispam-Report: CIP:192.88.158.2; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(2980300002)(448002)(3190300001)(199003)(189002)(33646002)(50466002)(104016004)(92566002)(69596002)(85326001)(36756003)(5008740100001)(11100500001)(586003)(5007970100001)(4001430100002)(6806005)(86362001)(21840400001)(2950100001)(5003940100001)(97736004)(77096005)(107886002)(47776003)(5001960100002)(189998001)(76176999)(5001920100001)(110136002)(106466001)(2351001)(229853001)(450100001)(50226001)(50986999)(81156007)(48376002)(19580395003)(19580405001)(87936001)(217873001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR03MB1472; H:az84smr01.freescale.net; FPR:; SPF:PermError; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en; MIME-Version: 1.0 X-Microsoft-Exchange-Diagnostics: 1; CY1PR03MB1472; 2:8NL8JL57IAbCeq3+wC25WFNuG7OS8iPUcK3f9Z2H+oWfsJwXgRn3eigppn2WGcAjrN7u2gMeSYj04V6IJ8NORwhsq4oQbK3lMcH6IjU+H/gV+B5Ayxb9p/WwgEVdiYZ9OaImptI4sqh0boWnNrfE1n+iSWsLhv/c99Sfmtd0PZI=; 3:qwkl6RSK3cMi3wAy9S5XWvmvl/japw/1BUrY/Ihg08XAmCVZXFjQpxKkYsf5Jms+apmNy/TIXYS3dWj/qrFQ597HiJB2juqq6dILVFD+xC3FaVrIobczvhdVxEdRydi4VSfFAAYgDa7fIwYzSzL/iIH09paOMK5D/Ip7wfvUQRZE7v3r8VQWSJrDyFu8ae/EU/VgtqkIpLyniNqdgiRW05Ol6dVDCnAMRUiX3poNPfs=; 25:fz9fWwO3VfOqUGtFhDydvO0JTun8FgEWDZH0lLTJ95dj5pvJF5O08nf4IOBJ4zWyqqmWZ9TRvC1QrF3AcBTuRaw4zikB5uAQ/dB0mty9sE8xXOz/Adin4O2oA9y+wBN7jx+YF+tqLf1F0bI/ooryi+rQb/gcUCCc9OmJaH5pdwvYO15JlGmFR95kzhbmtySoBeJygzxCsxlX7DgXRS2PnEze4nyMcii2FuMGTj7AgljYtoE3rNCXekEYtB+70xStfLXq7HAiz6xca3RU+Gvfiw== X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR03MB1472; X-Microsoft-Exchange-Diagnostics: 1; CY1PR03MB1472; 20:MwDydHpcZazWRZmDUsVxZoJA/qBLW9h2hhBOURJKUSrZ56gQoHf8W5SdpnkrHUzxyr9dWT24N2IunSZKv/4lUErc6fNsLCaSanVcbK9QQHyjsE+DPD7ZAjS1lctYZreQ6TualVExeD5gzyP2RbLmypPncHrBIUGRhOaVEx+8yXQ4767WmlcXJZwX71aEGb8vM1Bnm1Ggth6oY0bSuwfq7kUG2nwHnqCaxBc0hNlF+6UEXU1vs1Hb0vTDHeLX+Kwl/TNEmRlA7tRsHhLb7I5QKOolY7+9c1XHurHuy3ZCO86iMyRKjBiIZO1NpOX5UdLUNYFveOujEWy7VexvoU5DraIYPuS6ibiyOo08Q7Ui+TQ=; 4:AksymOKYxFCYU8+quj5iW7Y120rlsiwM0bxCh5WPMH/pjS0y+/oNcqLs2SRYhy/Nf79zaNqOmkKGbbxze4+zI73A0aE12aRIETGdx7u5kRmWCdIC+W19Fvog3ukc+guAFXxCWl3zZnD73Ic6NHL8AqW1Mc+afnPAJW6Wc7om0WeA3z/o5x0RcFmELY/C6vDHf4umjVHKwnARyf2wymYDFLECBWtlczKn+z4TXsgUPRqHWi/r+0Wn8tRq6CewRph7xmbDd+Vl5NM8L1qoL2SeOcd4VpEiF2jf4O0Z1MxrUvYHowNdlwn+lK95dYwGzVLPuFoEFkS+HYjb36Asn+8xwvcYvX0jxEpAJSS8FsjLNjmMTBWrQyQcYK/cqTt/FYQT X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(101931422205132); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(520078)(5005006)(8121501046)(10201501046)(3002001); SRVR:CY1PR03MB1472; BCL:0; PCL:0; RULEID:; SRVR:CY1PR03MB1472; X-Forefront-PRVS: 07658B8EA3 X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; CY1PR03MB1472; 23:v0LtUUPUAoPvOoOzI22I3WCH8DLwZ7u021wjUmGxJ?= =?us-ascii?Q?i1MJ/J0iZdtKY6M2JT92/Y3xVUoXG/0cHoe78vgN7v8ydkNOsdHRg6yBNCpf?= =?us-ascii?Q?JwUz5gMafiAC56l/4VoFrBveX5NDlV7pZsECAlLKZqjUkU+fJxe0i4WbD2V+?= =?us-ascii?Q?xNP52jxRsrheq/OjW3HmBYrs+ofbIkvdVfrnrZ2WS5v1e+1PhNhWqtMF19B8?= =?us-ascii?Q?YwTukJB9YyUrjXv3xvE+KLa3ToL6FKn31xD6o40XEU/hJOr9yK6LRKdNB1DE?= =?us-ascii?Q?ILoegtXYlbb1rtQYKR82yqRru2cEAZWWpKXIvR39O66AadBuIUx+3buzKcAl?= =?us-ascii?Q?obtgFvzSqVAFKymcbsomnzNpq7b2scsW7spjX/QJW2wXcw9pZfqnx59Qjtb2?= =?us-ascii?Q?yCkgleL+e08bCuAIaqfXR/r5NwO+uLTDArc9oZ6n7Vac4OHd56Y+rnE+KGth?= =?us-ascii?Q?g3xmgtRoZrY6h4HwSPIWW/Yc7Gu+1TU3a3sZ60XJtnVzGh7iBmy0tGNpDVxF?= =?us-ascii?Q?2DbSmuT6esmcqiQmxalIRqZwnQLYoVTLkofh2wCFcwph2B4gf/Ap+raFHiaW?= =?us-ascii?Q?kp1NSDpWMYiquoS0+0HlDYG1jhJigOBDSJ0IrEpjaa8EdR8NdXmwsY6tKxfJ?= =?us-ascii?Q?5MNlk8J42JBNn4IBw3+BpRjo6iK7bIv8IH00Y1wrcpt9jXj3C67rbXMBnUSU?= =?us-ascii?Q?Ml63H7aSUmBIiqPgJagrczYQZnWAFcT8atJ5tiSwogyz70qROVEnXg/eMAXP?= =?us-ascii?Q?G9gAyteJVrJSrs02QP+EUP3BSKgi6lWYy1mJpHCB5gnrmpGCLT1IpDV/dwRG?= =?us-ascii?Q?32G9IwnZpxkea5BCOEGopGflH2LhrhbaAocXN6hu6mBJJLwZjQWbYb3ax//6?= =?us-ascii?Q?63w/H0X+IwkNyKRbWXsacNa4VJwkKnKA4J1o5w+jrgBHc2cl6BdbEOMW5Gp+?= =?us-ascii?Q?Y89q4kKw10He5CkSvyXPa1NrxOSce3ISKwANRCMKvtYXw2rig+j8MCeV33Bg?= =?us-ascii?Q?2O65SPOqFlfNpfN7OsuKf82p5ktha6bdtEHLA03hLBbUzAfW/PBoIB10HbUm?= =?us-ascii?Q?Z5WU/s4Uu5sNl8RhBn7OVbNKuBQGY8xQR5cUoZYU9Gg4cm3cu80B+x61UCHH?= =?us-ascii?Q?ARNQ91WN8r00G4ZAijTEJMWsCMeQTnHVKy4CmevdB3yyBC9ABW3/+2qEfJm4?= =?us-ascii?Q?5nK+01WjPrTcAg=3D?= X-Microsoft-Exchange-Diagnostics: 1; CY1PR03MB1472; 5:D62dt8ezAJM5XsuONdHCdCpwAM7wxQwuR0jACvShXrrSD9rylfL5/fhwqTBOvrIoZ8Vef1DzhDojKnRhdFnmyDe/jX0zwPApxhH+Ax2itbX3GLI7kY3ETSTb3ATCEfJRVCfOipPyUZpxxKEy/a41Hg==; 24:tcNhnvFoMLm+aTf7c0VwMKR6neiMN6J+VGVnqwOMfAt6aVI9BluRLRUF+E7cmWBjpK4ZJXeeIELsRHovAufUPz7u1Yl2prihD5VJcBAkToQ=; 20:Y9idwKzScVUJcZYhWDeWJ4sSJSOcCZoySDjlBLfHt3hz65n7abR3s97fkdZRL2CCT7tvej7msiRSUG+3BbkolA== X-OriginatorOrg: freescale.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Nov 2015 05:42:50.3254 (UTC) X-MS-Exchange-CrossTenant-Id: 710a03f5-10f6-4d38-9ff4-a80b81da590d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=710a03f5-10f6-4d38-9ff4-a80b81da590d; Ip=[192.88.158.2]; Helo=[az84smr01.freescale.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR03MB1472 Cc: yorksun@freescale.com, ruchika.gupta@freescale.com Subject: [U-Boot] [PATCH 4/5][v2] armv8/ls1043ardb: SECURE BOOT target added for NOR X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.15 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" LS1043ARDB Secure Boot Target from NOR has been added. - Configs defined to enable esbc_validate. - ESBC Address in header is made 64 bit. - SMMU is re-configured in Bypass mode. Signed-off-by: Aneesh Bansal --- Changes in v2: New Patch Set created with an additional patch. Pointers typecasted to uintptr_t to remove compiler warnings arch/arm/include/asm/arch-fsl-layerscape/config.h | 16 ++++++++-- .../include/asm/arch-fsl-layerscape/immap_lsch2.h | 2 +- board/freescale/common/fsl_validate.c | 35 +++++++++++++--------- board/freescale/ls1043ardb/MAINTAINERS | 5 ++++ board/freescale/ls1043ardb/ls1043ardb.c | 18 ++++++++++- common/cmd_blob.c | 6 ++-- configs/ls1043ardb_SECURE_BOOT_defconfig | 4 +++ include/configs/ls1043ardb.h | 12 ++++++++ include/fsl_validate.h | 9 +++++- 9 files changed, 85 insertions(+), 22 deletions(-) create mode 100644 configs/ls1043ardb_SECURE_BOOT_defconfig diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h b/arch/arm/include/asm/arch-fsl-layerscape/config.h index 87bb937..d6729a0 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/config.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h @@ -122,9 +122,21 @@ #define CONFIG_SYS_FSL_SRDS_1 #define CONFIG_SYS_FSL_PCIE_COMPAT "fsl,qoriq-pcie-v2.4" +#ifdef CONFIG_SECURE_BOOT +#define CONFIG_CMD_ESBC_VALIDATE +#define CONFIG_FSL_SEC_MON +#define CONFIG_SHA_PROG_HW_ACCEL +#define CONFIG_DM +#define CONFIG_RSA +#define CONFIG_RSA_FREESCALE_EXP +#ifndef CONFIG_FSL_CAAM +#define CONFIG_FSL_CAAM +#endif +#endif + #define CONFIG_SYS_FSL_SFP_VER_3_2 -#define CONFIG_SYS_FSL_SNVS_LE -#define CONFIG_SYS_FSL_SEC_LE +#define CONFIG_SYS_FSL_SEC_MON_BE +#define CONFIG_SYS_FSL_SEC_BE #define CONFIG_SYS_FSL_SFP_BE #define CONFIG_SYS_FSL_SRK_LE #define CONFIG_KEY_REVOCATION diff --git a/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch2.h b/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch2.h index d941437..2a3a7da 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch2.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch2.h @@ -38,7 +38,7 @@ #define CONFIG_SYS_PCIE3_ADDR (CONFIG_SYS_IMMR + 0x2600000) #define CONFIG_SYS_FSL_SEC_ADDR (CONFIG_SYS_IMMR + 0x700000) #define CONFIG_SYS_FSL_JR0_ADDR (CONFIG_SYS_IMMR + 0x710000) -#define CONFIG_SYS_SNVS_ADDR (CONFIG_SYS_IMMR + 0xe90000) +#define CONFIG_SYS_SEC_MON_ADDR (CONFIG_SYS_IMMR + 0xe90000) #define CONFIG_SYS_SFP_ADDR (CONFIG_SYS_IMMR + 0xe80200) #define CONFIG_SYS_FSL_TIMER_ADDR 0x02b00000 diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c index 73b6718..733aa48 100644 --- a/board/freescale/common/fsl_validate.c +++ b/board/freescale/common/fsl_validate.c @@ -15,9 +15,6 @@ #include #include #include -#ifndef CONFIG_MPC85xx -#include -#endif #define SHA256_BITS 256 #define SHA256_BYTES (256/8) @@ -99,7 +96,8 @@ int get_csf_base_addr(u32 *csf_addr, u32 *flash_base_addr) struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR); u32 csf_hdr_addr = in_be32(&gur->scratchrw[0]); - if (memcmp((u8 *)csf_hdr_addr, barker_code, ESBC_BARKER_LEN)) + if (memcmp((u8 *)(uintptr_t)csf_hdr_addr, + barker_code, ESBC_BARKER_LEN)) return -1; *csf_addr = csf_hdr_addr; @@ -117,7 +115,7 @@ static int get_ie_info_addr(u32 *ie_addr) if (get_csf_base_addr(&csf_addr, &flash_base_addr)) return -1; - hdr = (struct fsl_secboot_img_hdr *)csf_addr; + hdr = (struct fsl_secboot_img_hdr *)(uintptr_t)csf_addr; /* For SoC's with Trust Architecture v1 with corenet bus * the sg table field in CSF header has absolute address @@ -130,7 +128,7 @@ static int get_ie_info_addr(u32 *ie_addr) (((u32)hdr->psgtable & ~(CONFIG_SYS_PBI_FLASH_BASE)) + flash_base_addr); #else - sg_tbl = (struct fsl_secboot_sg_table *)(csf_addr + + sg_tbl = (struct fsl_secboot_sg_table *)(uintptr_t)(csf_addr + (u32)hdr->psgtable); #endif @@ -379,8 +377,8 @@ static int calc_img_key_hash(struct fsl_secboot_img_priv *img) #ifdef CONFIG_KEY_REVOCATION if (check_srk(img)) { ret = algo->hash_update(algo, ctx, - (u8 *)(img->ehdrloc + img->hdr.srk_tbl_off), - img->hdr.len_kr.num_srk * sizeof(struct srk_table), 1); + (u8 *)(uintptr_t)(img->ehdrloc + img->hdr.srk_tbl_off), + img->hdr.len_kr.num_srk * sizeof(struct srk_table), 1); srk = 1; } #endif @@ -438,8 +436,8 @@ static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img) #ifdef CONFIG_KEY_REVOCATION if (check_srk(img)) { ret = algo->hash_update(algo, ctx, - (u8 *)(img->ehdrloc + img->hdr.srk_tbl_off), - img->hdr.len_kr.num_srk * sizeof(struct srk_table), 0); + (u8 *)(uintptr_t)(img->ehdrloc + img->hdr.srk_tbl_off), + img->hdr.len_kr.num_srk * sizeof(struct srk_table), 0); key_hash = 1; } #endif @@ -454,8 +452,13 @@ static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img) return ret; /* Update hash for actual Image */ +#ifdef CONFIG_ESBC_ADDR_64BIT + ret = algo->hash_update(algo, ctx, + (u8 *)(uintptr_t)img->hdr.pimg64, img->hdr.img_size, 1); +#else ret = algo->hash_update(algo, ctx, - (u8 *)img->hdr.pimg, img->hdr.img_size, 1); + (u8 *)(uintptr_t)img->hdr.pimg, img->hdr.img_size, 1); +#endif if (ret) return ret; @@ -533,7 +536,7 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) { char buf[20]; struct fsl_secboot_img_hdr *hdr = &img->hdr; - void *esbc = (u8 *)img->ehdrloc; + void *esbc = (u8 *)(uintptr_t)img->ehdrloc; u8 *k, *s; #ifdef CONFIG_KEY_REVOCATION u32 ret; @@ -549,7 +552,11 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) if (memcmp(hdr->barker, barker_code, ESBC_BARKER_LEN)) return ERROR_ESBC_CLIENT_HEADER_BARKER; +#ifdef CONFIG_ESBC_ADDR_64BIT + sprintf(buf, "%llx", hdr->pimg64); +#else sprintf(buf, "%x", hdr->pimg); +#endif setenv("img_addr", buf); if (!hdr->img_size) @@ -594,7 +601,7 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) if (!key_found && check_ie(img)) { if (get_ie_info_addr(&img->ie_addr)) return ERROR_IE_TABLE_NOT_FOUND; - ie_info = (struct ie_key_info *)img->ie_addr; + ie_info = (struct ie_key_info *)(uintptr_t)img->ie_addr; if (ie_info->num_keys == 0 || ie_info->num_keys > 32) return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY; @@ -748,7 +755,7 @@ int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc, hdr = &img->hdr; img->ehdrloc = addr; - esbc = (u8 *)img->ehdrloc; + esbc = (u8 *)(uintptr_t)img->ehdrloc; memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr)); diff --git a/board/freescale/ls1043ardb/MAINTAINERS b/board/freescale/ls1043ardb/MAINTAINERS index efca5bf..84ffb63 100644 --- a/board/freescale/ls1043ardb/MAINTAINERS +++ b/board/freescale/ls1043ardb/MAINTAINERS @@ -7,3 +7,8 @@ F: include/configs/ls1043ardb.h F: configs/ls1043ardb_defconfig F: configs/ls1043ardb_nand_defconfig F: configs/ls1043ardb_sdcard_defconfig + +LS1043A_SECURE_BOOT BOARD +M: Aneesh Bansal +S: Maintained +F: configs/ls1043ardb_SECURE_BOOT_defconfig diff --git a/board/freescale/ls1043ardb/ls1043ardb.c b/board/freescale/ls1043ardb/ls1043ardb.c index 9032ed3..ef8a1e2 100644 --- a/board/freescale/ls1043ardb/ls1043ardb.c +++ b/board/freescale/ls1043ardb/ls1043ardb.c @@ -18,6 +18,8 @@ #include #include #include +#include +#include #include "cpld.h" DECLARE_GLOBAL_DATA_PTR; @@ -107,7 +109,21 @@ int config_board_mux(void) int misc_init_r(void) { config_board_mux(); - +#ifdef CONFIG_SECURE_BOOT +#ifdef CONFIG_LS1043A + /* In case of Secure Boot, the IBR configures the SMMU + * to allow only Secure transactions. + * SMMU must be reset in bypass mode. + * Set the ClientPD bit and Clear the USFCFG Bit + */ + u32 val; + val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK); + out_le32(SMMU_SCR0, val); + val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK); + out_le32(SMMU_NSCR0, val); +#endif + return sec_init(); +#endif return 0; } #endif diff --git a/common/cmd_blob.c b/common/cmd_blob.c index d3f22a1..ac8b268 100644 --- a/common/cmd_blob.c +++ b/common/cmd_blob.c @@ -73,9 +73,9 @@ static int do_blob(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) len = simple_strtoul(argv[4], NULL, 16); key_addr = simple_strtoul(argv[5], NULL, 16); - km_ptr = (uint8_t *)key_addr; - src_ptr = (uint8_t *)src_addr; - dst_ptr = (uint8_t *)dst_addr; + km_ptr = (uint8_t *)(uintptr_t)key_addr; + src_ptr = (uint8_t *)(uintptr_t)src_addr; + dst_ptr = (uint8_t *)(uintptr_t)dst_addr; if (enc) ret = blob_encap(km_ptr, src_ptr, dst_ptr, len); diff --git a/configs/ls1043ardb_SECURE_BOOT_defconfig b/configs/ls1043ardb_SECURE_BOOT_defconfig new file mode 100644 index 0000000..9ceee6d --- /dev/null +++ b/configs/ls1043ardb_SECURE_BOOT_defconfig @@ -0,0 +1,4 @@ +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, SECURE_BOOT" +CONFIG_ARM=y +CONFIG_TARGET_LS1043ARDB=y +CONFIG_FSL_LAYERSCAPE=y diff --git a/include/configs/ls1043ardb.h b/include/configs/ls1043ardb.h index 307d947..bf3a1a0 100644 --- a/include/configs/ls1043ardb.h +++ b/include/configs/ls1043ardb.h @@ -268,4 +268,16 @@ #define CONFIG_ETHPRIME "FM1@DTSEC3" #endif +#ifdef CONFIG_SECURE_BOOT +/* Hash command with SHA acceleration supported in hardware */ +#define CONFIG_CMD_HASH +#define CONFIG_SHA_HW_ACCEL +#define CONFIG_CMD_BLOB + +/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit */ +#define CONFIG_ESBC_ADDR_64BIT + +#include +#endif + #endif /* __LS1043ARDB_H__ */ diff --git a/include/fsl_validate.h b/include/fsl_validate.h index 92dd98b..a62dc74 100644 --- a/include/fsl_validate.h +++ b/include/fsl_validate.h @@ -83,7 +83,9 @@ struct fsl_secboot_img_hdr { u32 sign_len; /* length of the signature in bytes */ union { u32 psgtable; /* ptr to SG table */ +#ifndef CONFIG_ESBC_ADDR_64BIT u32 pimg; /* ptr to ESBC client image */ +#endif }; union { u32 sg_entries; /* no of entries in SG table */ @@ -97,7 +99,12 @@ struct fsl_secboot_img_hdr { u32 reserved1[2]; u32 fsl_uid_1; u32 oem_uid_1; - u32 reserved2[2]; + union { + u32 reserved2[2]; +#ifdef CONFIG_ESBC_ADDR_64BIT + u64 pimg64; /* 64 bit pointer to ESBC Image */ +#endif + }; u32 ie_flag; u32 ie_key_sel; };