From patchwork Wed Feb 25 08:47:56 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Aneesh Bansal <aneesh.bansal@freescale.com>
X-Patchwork-Id: 443340
X-Patchwork-Delegate: yorksun@freescale.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from theia.denx.de (theia.denx.de [85.214.87.163])
	by ozlabs.org (Postfix) with ESMTP id 0772E1400EA
	for <incoming@patchwork.ozlabs.org>;
	Wed, 25 Feb 2015 20:05:28 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id 67F314A02F;
	Wed, 25 Feb 2015 10:05:22 +0100 (CET)
Received: from theia.denx.de ([127.0.0.1])
	by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 0t4kDVlKPWE4; Wed, 25 Feb 2015 10:05:22 +0100 (CET)
Received: from theia.denx.de (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id 7C84E4A020;
	Wed, 25 Feb 2015 10:05:21 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id BC1594A020
	for <u-boot@lists.denx.de>; Wed, 25 Feb 2015 10:05:16 +0100 (CET)
Received: from theia.denx.de ([127.0.0.1])
	by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id ahqCoHIpBiR8 for <u-boot@lists.denx.de>;
	Wed, 25 Feb 2015 10:05:16 +0100 (CET)
X-Greylist: delayed 854 seconds by postgrey-1.34 at theia;
	Wed, 25 Feb 2015 10:05:12 CET
X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5
	NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested)
Received: from na01-bl2-obe.outbound.protection.outlook.com
	(mail-bl2on0142.outbound.protection.outlook.com [65.55.169.142])
	by theia.denx.de (Postfix) with ESMTPS id 5B03A4A01F
	for <u-boot@lists.denx.de>; Wed, 25 Feb 2015 10:05:12 +0100 (CET)
Received: from BY2PR03CA007.namprd03.prod.outlook.com (10.255.93.24) by
	BY2PR03MB157.namprd03.prod.outlook.com (10.242.36.12) with Microsoft
	SMTP Server (TLS) id 15.1.99.9; Wed, 25 Feb 2015 08:50:55 +0000
Received: from BL2FFO11FD010.protection.gbl (10.255.93.4) by
	BY2PR03CA007.outlook.office365.com (10.255.93.24) with Microsoft SMTP
	Server (TLS) id 15.1.93.16 via Frontend Transport;
	Wed, 25 Feb 2015 08:50:54 +0000
Received: from az84smr01.freescale.net (192.88.158.2) by
	BL2FFO11FD010.mail.protection.outlook.com (10.173.161.16) with
	Microsoft SMTP Server (TLS) id 15.1.99.6 via Frontend Transport;
	Wed, 25 Feb 2015 08:50:54 +0000
Received: from perf-idc04.ap.freescale.net (perf-idc04.ap.freescale.net
	[10.232.14.49])
	by az84smr01.freescale.net (8.14.3/8.14.0) with ESMTP id
	t1P8ooiQ014199; Wed, 25 Feb 2015 01:50:51 -0700
From: Aneesh Bansal <aneesh.bansal@freescale.com>
To: <u-boot@lists.denx.de>
Date: Wed, 25 Feb 2015 14:17:56 +0530
Message-ID: <1424854076-10387-1-git-send-email-aneesh.bansal@freescale.com>
X-Mailer: git-send-email 1.8.1.4
X-EOPAttributedMessage: 0
Received-SPF: Fail (protection.outlook.com: domain of freescale.com does not
	designate 192.88.158.2 as permitted sender)
	receiver=protection.outlook.com;
	client-ip=192.88.158.2; helo=az84smr01.freescale.net;
Authentication-Results: spf=fail (sender IP is 192.88.158.2)
	smtp.mailfrom=aneesh.bansal@freescale.com;
	freescale.mail.onmicrosoft.com;
	dkim=none (message not signed) header.d=none;
X-Forefront-Antispam-Report: CIP:192.88.158.2; CTRY:US; IPV:NLI; EFV:NLI;
	SFV:NSPM;
	SFS:(10019020)(6009001)(339900001)(189002)(199003)(450100001)(77156002)(62966003)(50226001)(47776003)(46102003)(64706001)(36756003)(110136001)(104016003)(87936001)(50986999)(6806004)(19580395003)(19580405001)(69596002)(85426001)(92566002)(97736003)(81156004)(106466001)(105606002)(2351001)(229853001)(86362001)(77096005)(68736005)(50466002)(33646002)(48376002);
	DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR03MB157; H:az84smr01.freescale.net;
	FPR:;
	SPF:Fail; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
MIME-Version: 1.0
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR03MB157;
X-Microsoft-Antispam-PRVS: 
 <BY2PR03MB1570F1DCC8A1B820EE330AFD3170@BY2PR03MB157.namprd03.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(5005004);
	SRVR:BY2PR03MB157; BCL:0; PCL:0; RULEID:;
	SRVR:BY2PR03MB157;
X-Forefront-PRVS: 049897979A
X-OriginatorOrg: freescale.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2015 08:50:54.5986
	(UTC)
X-MS-Exchange-CrossTenant-Id: 710a03f5-10f6-4d38-9ff4-a80b81da590d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=710a03f5-10f6-4d38-9ff4-a80b81da590d;
	Ip=[192.88.158.2]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR03MB157
Cc: scottwood@freescale.com, yorksun@freescale.com,
	ruchika.gupta@freescale.com
Subject: [U-Boot] [PATCH 1/2][v4] powerpc/mpc85xx: SECURE BOOT- NAND secure
	boot target for P3041
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <http://lists.denx.de/mailman/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <http://lists.denx.de/mailman/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

Secure Boot Target is added for NAND for P3041.
Changes:
In PowerPC, the core begins execution from address 0xFFFFFFFC.
In case of secure boot, this default address maps to Boot ROM.
The Boot ROM code requires that the bootloader(U-boot) must lie
in 0 to 3.5G address space i.e. 0x0 - 0xDFFFFFFF.

In case of NAND Secure Boot, CONFIG_SYS_RAMBOOT is enabled and CPC is
configured as SRAM. U-Boot binary will be located on this SRAM at
location 0xBFF40000 with entry point as 0xBFFFFFFC.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
---
Changes in v4:
- Created a patch set.

 Makefile                                   |  4 ++++
 arch/powerpc/cpu/mpc85xx/cpu_init.c        | 17 +++++++++++++++++
 board/freescale/common/p_corenet/tlb.c     | 18 +++++++++++++++++-
 board/freescale/corenet_ds/MAINTAINERS     |  5 +++++
 configs/P3041DS_NAND_SECURE_BOOT_defconfig |  4 ++++
 include/configs/corenet_ds.h               |  9 +++++++++
 6 files changed, 56 insertions(+), 1 deletion(-)
 create mode 100644 configs/P3041DS_NAND_SECURE_BOOT_defconfig

diff --git a/Makefile b/Makefile
index bd4abab..acfaa23 100644
--- a/Makefile
+++ b/Makefile
@@ -719,8 +719,12 @@ ALL-$(CONFIG_ONENAND_U_BOOT) += u-boot-onenand.bin
 ifeq ($(CONFIG_SPL_FSL_PBL),y)
 ALL-$(CONFIG_RAMBOOT_PBL) += u-boot-with-spl-pbl.bin
 else
+ifneq ($(CONFIG_SECURE_BOOT), y)
+# For Secure Boot The Image needs to be signed and Header must also
+# be included. So The image has to be built explicitly
 ALL-$(CONFIG_RAMBOOT_PBL) += u-boot.pbl
 endif
+endif
 ALL-$(CONFIG_SPL) += spl/u-boot-spl.bin
 ALL-$(CONFIG_SPL_FRAMEWORK) += u-boot.img
 ALL-$(CONFIG_TPL) += tpl/u-boot-tpl.bin
diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init.c b/arch/powerpc/cpu/mpc85xx/cpu_init.c
index 4cf8853..ef56cc0 100644
--- a/arch/powerpc/cpu/mpc85xx/cpu_init.c
+++ b/arch/powerpc/cpu/mpc85xx/cpu_init.c
@@ -843,6 +843,23 @@ int cpu_init_r(void)
 	setup_mp();
 #endif
 
+#if defined(CONFIG_SYS_RAMBOOT) && defined(CONFIG_SYS_INIT_L3_ADDR) && \
+	defined(CONFIG_SECURE_BOOT)
+	/* Disable the TLB Created for L3 and create the TLB required for
+	 * PCIE (CONFIG_SYS_PCIE1_MEM_VIRT) which was not created earlier.
+	 */
+	int tlb_index;
+	tlb_index = find_tlb_idx((void *)CONFIG_BPTR_VIRT_ADDR, 1);
+	if (tlb_index != -1) {
+		disable_tlb(tlb_index);
+
+		set_tlb(1, CONFIG_SYS_PCIE1_MEM_VIRT,
+			CONFIG_SYS_PCIE1_MEM_PHYS,
+			MAS3_SW|MAS3_SR, MAS2_I|MAS2_G,
+			0, tlb_index, BOOKE_PAGESZ_1G, 1);
+	}
+#endif
+
 #ifdef CONFIG_SYS_FSL_ERRATUM_ESDHC13
 	{
 		if (SVR_MAJ(svr) < 3) {
diff --git a/board/freescale/common/p_corenet/tlb.c b/board/freescale/common/p_corenet/tlb.c
index 8148e46..1b60cfb 100644
--- a/board/freescale/common/p_corenet/tlb.c
+++ b/board/freescale/common/p_corenet/tlb.c
@@ -42,7 +42,9 @@ struct fsl_e_tlb_entry tlb_table[] = {
 
 	/* TLB 1 */
 	/* *I*** - Covers boot page */
-#if defined(CONFIG_SYS_RAMBOOT) && defined(CONFIG_SYS_INIT_L3_ADDR)
+	/* In Case of Secure RAM Boot L3 address is defined at 0xbff00000 */
+#if defined(CONFIG_SYS_RAMBOOT) && defined(CONFIG_SYS_INIT_L3_ADDR) && \
+	!defined(CONFIG_SECURE_BOOT)
 	/*
 	 * *I*G - L3SRAM. When L3 is used as 1M SRAM, the address of the
 	 * SRAM is at 0xfff00000, it covered the 0xfffff000.
@@ -76,11 +78,25 @@ struct fsl_e_tlb_entry tlb_table[] = {
 		      MAS3_SX|MAS3_SR, MAS2_W|MAS2_G,
 		      0, 2, BOOKE_PAGESZ_256M, 1),
 
+#if defined(CONFIG_SYS_RAMBOOT) && defined(CONFIG_SYS_INIT_L3_ADDR) && \
+	defined(CONFIG_SECURE_BOOT)
+	/* In case of Secure Boot, L3 is used as 1M SRAM
+	 * and the address of the SRAM is at 0xbff00000.
+	 * The PCIE TLB entry conflicts with the above entry.
+	 * So, the entry for PCIE is not created at this point of time.
+	 * It will be created later on in cpu_init_r()
+	 * when U-Boot has relocated to DDR
+	 */
+	SET_TLB_ENTRY(1, CONFIG_SYS_INIT_L3_ADDR, CONFIG_SYS_INIT_L3_ADDR,
+		      MAS3_SX|MAS3_SW|MAS3_SR, MAS2_I|MAS2_G,
+		      0, 3, BOOKE_PAGESZ_1M, 1),
+#else
 	/* *I*G* - PCI */
 	SET_TLB_ENTRY(1, CONFIG_SYS_PCIE1_MEM_VIRT, CONFIG_SYS_PCIE1_MEM_PHYS,
 		      MAS3_SW|MAS3_SR, MAS2_I|MAS2_G,
 		      0, 3, BOOKE_PAGESZ_1G, 1),
 
+#endif
 	/* *I*G* - PCI */
 	SET_TLB_ENTRY(1, CONFIG_SYS_PCIE1_MEM_VIRT + 0x40000000,
 		      CONFIG_SYS_PCIE1_MEM_PHYS + 0x40000000,
diff --git a/board/freescale/corenet_ds/MAINTAINERS b/board/freescale/corenet_ds/MAINTAINERS
index 745847c..6855446 100644
--- a/board/freescale/corenet_ds/MAINTAINERS
+++ b/board/freescale/corenet_ds/MAINTAINERS
@@ -28,3 +28,8 @@ F:	configs/P5040DS_NAND_defconfig
 F:	configs/P5040DS_SDCARD_defconfig
 F:	configs/P5040DS_SPIFLASH_defconfig
 F:	configs/P5040DS_SECURE_BOOT_defconfig
+
+CORENET_DS_SECURE_BOOT BOARD
+M:	Aneesh Bansal <aneesh.bansal@freescale.com>
+S:	Maintained
+F:	configs/P3041DS_NAND_SECURE_BOOT_defconfig
diff --git a/configs/P3041DS_NAND_SECURE_BOOT_defconfig b/configs/P3041DS_NAND_SECURE_BOOT_defconfig
new file mode 100644
index 0000000..e810b1c
--- /dev/null
+++ b/configs/P3041DS_NAND_SECURE_BOOT_defconfig
@@ -0,0 +1,4 @@
+CONFIG_SYS_EXTRA_OPTIONS="RAMBOOT_PBL,NAND,SECURE_BOOT,SYS_TEXT_BASE=0xBFF40000"
+CONFIG_PPC=y
+CONFIG_MPC85xx=y
+CONFIG_TARGET_P3041DS=y
diff --git a/include/configs/corenet_ds.h b/include/configs/corenet_ds.h
index 225ffdd..64c6890 100644
--- a/include/configs/corenet_ds.h
+++ b/include/configs/corenet_ds.h
@@ -16,6 +16,14 @@
 #include "../board/freescale/common/ics307_clk.h"
 
 #ifdef CONFIG_RAMBOOT_PBL
+#ifdef CONFIG_SECURE_BOOT
+#define CONFIG_RAMBOOT_TEXT_BASE	CONFIG_SYS_TEXT_BASE
+#define CONFIG_RESET_VECTOR_ADDRESS	0xbffffffc
+#define CONFIG_BPTR_VIRT_ADDR		0xbffff000
+#ifdef CONFIG_NAND
+#define CONFIG_RAMBOOT_NAND
+#endif
+#else
 #define CONFIG_RAMBOOT_TEXT_BASE	CONFIG_SYS_TEXT_BASE
 #define CONFIG_RESET_VECTOR_ADDRESS	0xfffffffc
 #define CONFIG_SYS_FSL_PBL_PBI board/freescale/corenet_ds/pbi.cfg
@@ -29,6 +37,7 @@
 #define CONFIG_SYS_FSL_PBL_RCW board/freescale/corenet_ds/rcw_p5040ds.cfg
 #endif
 #endif
+#endif
 
 #ifdef CONFIG_SRIO_PCIE_BOOT_SLAVE
 /* Set 1M boot space */