[v8,12/12] configs: ast2600: Boot kernel FIT in DRAM

Message ID	20211027061735.2298498-13-chiawei_wang@aspeedtech.com
State	Accepted
Commit	e3cdc2cbb1b1a773b98bd39885c9be6b809375fb
Delegated to:	Tom Rini
Headers	show Return-Path: <u-boot-bounces@lists.denx.de> From: Chia-Wei Wang <chiawei_wang@aspeedtech.com> To: <lukma@denx.de>, <sjg@chromium.org>, <trini@konsulko.com>, <mr.nuke.me@gmail.com>, <u-boot@lists.denx.de> CC: <joel@jms.id.au>, <ryan_chen@aspeedtech.com>, <johnny_huang@aspeedtech.com> Subject: [PATCH v8 12/12] configs: ast2600: Boot kernel FIT in DRAM Date: Wed, 27 Oct 2021 14:17:35 +0800 Message-ID: <20211027061735.2298498-13-chiawei_wang@aspeedtech.com> In-Reply-To: <20211027061735.2298498-1-chiawei_wang@aspeedtech.com> References: <20211027061735.2298498-1-chiawei_wang@aspeedtech.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: list Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
Series	aspeed: Support secure boot chain with FIT image verification \| expand [v8,00/12] aspeed: Support secure boot chain with FIT image verification [v8,01/12] image: fit: Fix parameter name for hash algorithm [v8,02/12] aspeed: ast2600: Enlarge SRAM size [v8,03/12] clk: ast2600: Add YCLK control for HACE [v8,04/12] crypto: aspeed: Add AST2600 HACE support [v8,05/12] ARM: dts: ast2600: Add HACE to device tree [v8,06/12] clk: ast2600: Add RSACLK control for ACRY [v8,07/12] crypto: aspeed: Add AST2600 ACRY support [v8,08/12] ARM: dts: ast2600: Add ACRY to device tree [v8,09/12] ast2600: spl: Locate load buffer in DRAM space [v8,10/12] configs: ast2600-evb: Enable SPL FIT support [v8,11/12] configs: aspeed: Make EXTRA_ENV_SETTINGS board specific [v8,12/12] configs: ast2600: Boot kernel FIT in DRAM

Message ID

20211027061735.2298498-13-chiawei_wang@aspeedtech.com

State

Accepted

Commit

e3cdc2cbb1b1a773b98bd39885c9be6b809375fb

Delegated to:

Tom Rini

Headers

show

Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
Received: from phobos.denx.de (phobos.denx.de
 [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HfJTN2HkSz9sXS
	for <incoming@patchwork.ozlabs.org>; Wed, 27 Oct 2021 17:20:24 +1100 (AEDT)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 1E939835A2;
	Wed, 27 Oct 2021 08:19:15 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=none (p=none dis=none) header.from=aspeedtech.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Received: by phobos.denx.de (Postfix, from userid 109)
 id 0AF448328D; Wed, 27 Oct 2021 08:18:43 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE,
 SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2
Received: from twspam01.aspeedtech.com (twspam01.aspeedtech.com
 [211.20.114.71])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 529A98357F
 for <u-boot@lists.denx.de>; Wed, 27 Oct 2021 08:18:31 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none)
 header.from=aspeedtech.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=chiawei_wang@aspeedtech.com
Received: from mail.aspeedtech.com ([192.168.0.24])
 by twspam01.aspeedtech.com with ESMTP id 19R5tF5r046004;
 Wed, 27 Oct 2021 13:55:15 +0800 (GMT-8)
 (envelope-from chiawei_wang@aspeedtech.com)
Received: from localhost.localdomain (192.168.10.10) by TWMBX02.aspeed.com
 (192.168.0.24) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 27 Oct
 2021 14:17:41 +0800
From: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
To: <lukma@denx.de>, <sjg@chromium.org>, <trini@konsulko.com>,
 <mr.nuke.me@gmail.com>, <u-boot@lists.denx.de>
CC: <joel@jms.id.au>, <ryan_chen@aspeedtech.com>,
 <johnny_huang@aspeedtech.com>
Subject: [PATCH v8 12/12] configs: ast2600: Boot kernel FIT in DRAM
Date: Wed, 27 Oct 2021 14:17:35 +0800
Message-ID: <20211027061735.2298498-13-chiawei_wang@aspeedtech.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20211027061735.2298498-1-chiawei_wang@aspeedtech.com>
References: <20211027061735.2298498-1-chiawei_wang@aspeedtech.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-Originating-IP: [192.168.10.10]
X-ClientProxiedBy: TWMBX02.aspeed.com (192.168.0.24) To TWMBX02.aspeed.com
 (192.168.0.24)
X-DNSRBL: 
X-MAIL: twspam01.aspeedtech.com 19R5tF5r046004
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de
X-Virus-Status: Clean

Series

aspeed: Support secure boot chain with FIT image verification | expand

Commit Message

ChiaWei Wang Oct. 27, 2021, 6:17 a.m. UTC

AST2600 leverages the FIT hash/signature verification to fulfill
secure boot trust chain. To improve the performance and save SW
code size for those crypto operations, the two HW crypto engine,
HACE and ACRY, are enabled.

However, both of the engines can only access to data stored in
DRAM space. Therefore, we need to move the FIT image into DRAM
before the booting.

This patch update the CONFIG_BOOTCOMMAND to execute the pre-defined
ENV variable which consists of FIT image copy to memory and booting.

Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
---
 configs/evb-ast2600_defconfig | 2 +-
 include/configs/evb_ast2600.h | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/configs/evb-ast2600_defconfig b/configs/evb-ast2600_defconfig
index eba6940ec1..abb156f13e 100644
--- a/configs/evb-ast2600_defconfig
+++ b/configs/evb-ast2600_defconfig
@@ -27,7 +27,7 @@  CONFIG_SPL_LOAD_FIT_ADDRESS=0x10000
 CONFIG_USE_BOOTARGS=y
 CONFIG_BOOTARGS="console=ttyS4,115200n8 root=/dev/ram rw"
 CONFIG_USE_BOOTCOMMAND=y
-CONFIG_BOOTCOMMAND="bootm 20100000"
+CONFIG_BOOTCOMMAND="run bootspi"
 # CONFIG_DISPLAY_CPUINFO is not set
 CONFIG_SPL_SIZE_LIMIT_SUBTRACT_GD=y
 CONFIG_SPL_SIZE_LIMIT_SUBTRACT_MALLOC=y
diff --git a/include/configs/evb_ast2600.h b/include/configs/evb_ast2600.h
index 3805091d7c..9049a9fc10 100644
--- a/include/configs/evb_ast2600.h
+++ b/include/configs/evb_ast2600.h
@@ -14,7 +14,14 @@ 
 #define CONFIG_SYS_LOAD_ADDR		0x83000000
 
 /* Misc */
+#define STR_HELPER(s)	#s
+#define STR(s)		STR_HELPER(s)
+
 #define CONFIG_EXTRA_ENV_SETTINGS \
+	"loadaddr=" STR(CONFIG_SYS_LOAD_ADDR) "\0" \
+	"bootspi=fdt addr 20100000 && fdt header get fitsize totalsize && " \
+	"cp.b 20100000 ${loadaddr} ${fitsize} && bootm; " \
+	"echo Error loading kernel FIT image\0" \
 	""
 
 #endif	/* __CONFIG_H */

[v8,12/12] configs: ast2600: Boot kernel FIT in DRAM

Commit Message

Patch