From patchwork Wed Feb 25 11:29:05 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: gaurav rana <gaurav.rana@freescale.com>
X-Patchwork-Id: 443364
X-Patchwork-Delegate: yorksun@freescale.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from theia.denx.de (theia.denx.de [85.214.87.163])
	by ozlabs.org (Postfix) with ESMTP id 0EA491400B6
	for <incoming@patchwork.ozlabs.org>;
	Wed, 25 Feb 2015 22:32:18 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id 9E5994A041;
	Wed, 25 Feb 2015 12:32:16 +0100 (CET)
Received: from theia.denx.de ([127.0.0.1])
	by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id JJ6gnFaK8NDQ; Wed, 25 Feb 2015 12:32:16 +0100 (CET)
Received: from theia.denx.de (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id 38C034A01C;
	Wed, 25 Feb 2015 12:32:16 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id A0FE04A033
	for <u-boot@lists.denx.de>; Wed, 25 Feb 2015 12:32:12 +0100 (CET)
Received: from theia.denx.de ([127.0.0.1])
	by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 9YvC_m7ReIv3 for <u-boot@lists.denx.de>;
	Wed, 25 Feb 2015 12:32:12 +0100 (CET)
X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5
	NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested)
Received: from na01-bn1-obe.outbound.protection.outlook.com
	(mail-bn1bbn0106.outbound.protection.outlook.com [157.56.111.106])
	by theia.denx.de (Postfix) with ESMTPS id 389574A03B
	for <u-boot@lists.denx.de>; Wed, 25 Feb 2015 12:32:09 +0100 (CET)
Received: from CH1PR03CA005.namprd03.prod.outlook.com (10.255.156.150) by
	BLUPR03MB149.namprd03.prod.outlook.com (10.255.212.17) with Microsoft
	SMTP Server (TLS) id 15.1.99.9; Wed, 25 Feb 2015 11:32:07 +0000
Received: from BY2FFO11FD021.protection.gbl (10.255.156.132) by
	CH1PR03CA005.outlook.office365.com (10.255.156.150) with Microsoft
	SMTP Server (TLS) id 15.1.93.16 via Frontend Transport;
	Wed, 25 Feb 2015 11:32:07 +0000
Received: from az84smr01.freescale.net (192.88.158.2) by
	BY2FFO11FD021.mail.protection.outlook.com (10.1.15.210) with
	Microsoft SMTP Server (TLS) id 15.1.99.6 via Frontend Transport;
	Wed, 25 Feb 2015 11:32:07 +0000
Received: from perf-idc04.ap.freescale.net (perf-idc04.ap.freescale.net
	[10.232.14.49])
	by az84smr01.freescale.net (8.14.3/8.14.0) with ESMTP id
	t1PBW3ge028041; Wed, 25 Feb 2015 04:32:04 -0700
From: Gaurav Rana <gaurav.rana@freescale.com>
To: <u-boot@lists.denx.de>
Date: Wed, 25 Feb 2015 16:59:05 +0530
Message-ID: <1424863745-18407-1-git-send-email-gaurav.rana@freescale.com>
X-Mailer: git-send-email 1.8.1.4
X-EOPAttributedMessage: 0
Received-SPF: Fail (protection.outlook.com: domain of freescale.com does not
	designate 192.88.158.2 as permitted sender)
	receiver=protection.outlook.com;
	client-ip=192.88.158.2; helo=az84smr01.freescale.net;
Authentication-Results: spf=fail (sender IP is 192.88.158.2)
	smtp.mailfrom=gaurav.rana@freescale.com;
	freescale.mail.onmicrosoft.com;
	dkim=none (message not signed) header.d=none;
X-Forefront-Antispam-Report: CIP:192.88.158.2; CTRY:US; IPV:NLI; EFV:NLI;
	SFV:NSPM;
	SFS:(10019020)(6009001)(339900001)(189002)(199003)(85426001)(106466001)(81156004)(105606002)(48376002)(62966003)(19580405001)(69596002)(46102003)(50986999)(575784001)(86362001)(450100001)(87936001)(97736003)(33646002)(64706001)(47776003)(19580395003)(36756003)(229853001)(6806004)(50466002)(77156002)(2351001)(50226001)(77096005)(104016003)(68736005)(110136001)(92566002);
	DIR:OUT; SFP:1102; SCL:1; SRVR:BLUPR03MB149; H:az84smr01.freescale.net;
	FPR:;
	SPF:Fail; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
MIME-Version: 1.0
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR03MB149;
X-Microsoft-Antispam-PRVS: 
 <BLUPR03MB1495D4DC183E1C8906BC08FD3170@BLUPR03MB149.namprd03.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(5005004);
	SRVR:BLUPR03MB149; BCL:0; PCL:0; RULEID:;
	SRVR:BLUPR03MB149;
X-Forefront-PRVS: 049897979A
X-OriginatorOrg: freescale.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2015 11:32:07.3110
	(UTC)
X-MS-Exchange-CrossTenant-Id: 710a03f5-10f6-4d38-9ff4-a80b81da590d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=710a03f5-10f6-4d38-9ff4-a80b81da590d;
	Ip=[192.88.158.2]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR03MB149
Cc: scottwood@freescale.com, yorksun@freescale.com,
	ruchika.gupta@freescale.com
Subject: [U-Boot] [PATCH 4/4] SECURE_BOOT : enable esbc_validate command for
	powerpc and arm platforms.
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <http://lists.denx.de/mailman/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <http://lists.denx.de/mailman/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

esbc_validate command uses various IP Blocks: Security Monitor, CAAM block
and SFP registers. Hence the respective CONFIG's are enabled.

Apart from these CONFIG_SHA_PROG_HW_ACCEL and CONFIG_RSA are also enabled.

Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
---
Changes in v2:
Merge patches of enablement for powerpc and enablement for arm.

 arch/arm/include/asm/arch-ls102xa/config.h | 20 +++++++++++++++++
 arch/powerpc/include/asm/config_mpc85xx.h  |  1 +
 arch/powerpc/include/asm/fsl_secure_boot.h | 35 ++++++++++++++++++++++++++++++
 arch/powerpc/include/asm/immap_85xx.h      |  6 ++++-
 board/freescale/common/Makefile            |  6 +++++
 5 files changed, 67 insertions(+), 1 deletion(-)

diff --git a/arch/arm/include/asm/arch-ls102xa/config.h b/arch/arm/include/asm/arch-ls102xa/config.h
index 7915518..5d81280 100644
--- a/arch/arm/include/asm/arch-ls102xa/config.h
+++ b/arch/arm/include/asm/arch-ls102xa/config.h
@@ -27,6 +27,8 @@
 #define CONFIG_SYS_FSL_SCFG_ADDR		(CONFIG_SYS_IMMR + 0x00570000)
 #define CONFIG_SYS_FSL_SEC_ADDR			(CONFIG_SYS_IMMR + 0x700000)
 #define CONFIG_SYS_FSL_JR0_ADDR			(CONFIG_SYS_IMMR + 0x710000)
+#define CONFIG_SYS_SEC_MON_ADDR			(CONFIG_SYS_IMMR + 0x00e90000)
+#define CONFIG_SYS_SFP_ADDR			(CONFIG_SYS_IMMR + 0x00e80200)
 #define CONFIG_SYS_FSL_SERDES_ADDR		(CONFIG_SYS_IMMR + 0x00ea0000)
 #define CONFIG_SYS_FSL_GUTS_ADDR		(CONFIG_SYS_IMMR + 0x00ee0000)
 #define CONFIG_SYS_FSL_LS1_CLK_ADDR		(CONFIG_SYS_IMMR + 0x00ee1000)
@@ -80,7 +82,25 @@
 #define CONFIG_SYS_FSL_DSPI_BE
 #define CONFIG_SYS_FSL_QSPI_BE
 #define CONFIG_SYS_FSL_DCU_BE
+#define CONFIG_SYS_FSL_SEC_MON_LE
 #define CONFIG_SYS_FSL_SEC_LE
+#define CONFIG_SYS_FSL_SFP_VER_3_2
+#define CONFIG_SYS_FSL_SFP_BE
+#define CONFIG_SYS_FSL_SRK_LE
+#define CONFIG_KEY_REVOCATION
+#define CONFIG_FSL_ISBC_KEY_EXT
+
+#ifdef CONFIG_SECURE_BOOT
+#define CONFIG_CMD_ESBC_VALIDATE
+#define CONFIG_FSL_SEC_MON
+#define CONFIG_SHA_PROG_HW_ACCEL
+#define CONFIG_DM
+#define CONFIG_RSA
+#define CONFIG_RSA_FREESCALE_EXP
+#ifndef CONFIG_FSL_CAAM
+#define CONFIG_FSL_CAAM
+#endif
+#endif
 
 #define DCU_LAYER_MAX_NUM			16
 
diff --git a/arch/powerpc/include/asm/config_mpc85xx.h b/arch/powerpc/include/asm/config_mpc85xx.h
index 7fc352e..f93c19c 100644
--- a/arch/powerpc/include/asm/config_mpc85xx.h
+++ b/arch/powerpc/include/asm/config_mpc85xx.h
@@ -26,6 +26,7 @@
 #define CONFIG_SYS_FSL_IFC_BE
 #define CONFIG_SYS_FSL_SEC_BE
 #define CONFIG_SYS_FSL_SFP_BE
+#define CONFIG_SYS_FSL_SEC_MON_BE
 
 /* Number of TLB CAM entries we have on FSL Book-E chips */
 #if defined(CONFIG_E500MC)
diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h
index b4c0c99..49f6814 100644
--- a/arch/powerpc/include/asm/fsl_secure_boot.h
+++ b/arch/powerpc/include/asm/fsl_secure_boot.h
@@ -6,6 +6,19 @@
 
 #ifndef __FSL_SECURE_BOOT_H
 #define __FSL_SECURE_BOOT_H
+#include <asm/config_mpc85xx.h>
+
+#ifdef CONFIG_SECURE_BOOT
+#define CONFIG_CMD_ESBC_VALIDATE
+#define CONFIG_FSL_SEC_MON
+#define CONFIG_SHA_PROG_HW_ACCEL
+#define CONFIG_DM
+#define CONFIG_RSA
+#define CONFIG_RSA_FREESCALE_EXP
+#ifndef CONFIG_FSL_CAAM
+#define CONFIG_FSL_CAAM
+#endif
+#endif
 
 #ifdef CONFIG_SECURE_BOOT
 #if defined(CONFIG_FSL_CORENET)
@@ -28,9 +41,31 @@
 	defined(CONFIG_PPC_T1023) || \
 	defined(CONFIG_PPC_T1024)
 #define CONFIG_SYS_CPC_REINIT_F
+#define CONFIG_KEY_REVOCATION
 #undef CONFIG_SYS_INIT_L3_ADDR
 #define CONFIG_SYS_INIT_L3_ADDR			0xbff00000
 #endif
 
+#if defined(CONFIG_C29XPCIE)
+#define CONFIG_KEY_REVOCATION
+#endif
+
+#if defined(CONFIG_PPC_P3041)	||	\
+	defined(CONFIG_PPC_P4080) ||	\
+	defined(CONFIG_PPC_P5020) ||	\
+	defined(CONFIG_PPC_P5040) ||	\
+	defined(CONFIG_PPC_P2041)
+	#define	CONFIG_FSL_TRUST_ARCH_v1
+#endif
+
+#if defined(CONFIG_FSL_CORENET)
+/* The key used for verification of next level images
+ * is picked up from an Extension Table which has
+ * been verified by the ISBC (Internal Secure boot Code)
+ * in boot ROM of the SoC
+ */
+#define CONFIG_FSL_ISBC_KEY_EXT
+#endif
+
 #endif
 #endif
diff --git a/arch/powerpc/include/asm/immap_85xx.h b/arch/powerpc/include/asm/immap_85xx.h
index f89b90b..0c9d85e 100644
--- a/arch/powerpc/include/asm/immap_85xx.h
+++ b/arch/powerpc/include/asm/immap_85xx.h
@@ -2883,6 +2883,7 @@ struct ccsr_pman {
 #define CONFIG_SYS_MPC85xx_SATA2_OFFSET		0x221000
 #define CONFIG_SYS_FSL_SEC_OFFSET		0x300000
 #define CONFIG_SYS_FSL_JR0_OFFSET		0x301000
+#define CONFIG_SYS_SEC_MON_OFFSET		0x314000
 #define CONFIG_SYS_FSL_CORENET_PME_OFFSET	0x316000
 #define CONFIG_SYS_FSL_QMAN_OFFSET		0x318000
 #define CONFIG_SYS_FSL_BMAN_OFFSET		0x31a000
@@ -2950,7 +2951,7 @@ struct ccsr_pman {
 #endif
 #define CONFIG_SYS_MPC85xx_SERDES2_OFFSET	0xE3100
 #define CONFIG_SYS_MPC85xx_SERDES1_OFFSET	0xE3000
-#define CONFIG_SYS_SNVS_OFFSET			0xE6000
+#define CONFIG_SYS_SEC_MON_OFFSET		0xE6000
 #define CONFIG_SYS_SFP_OFFSET			0xE7000
 #define CONFIG_SYS_MPC85xx_CPM_OFFSET		0x80000
 #define CONFIG_SYS_FSL_QMAN_OFFSET		0x88000
@@ -3080,6 +3081,9 @@ struct ccsr_pman {
 #define CONFIG_SYS_SFP_ADDR  \
 	(CONFIG_SYS_IMMR + CONFIG_SYS_SFP_OFFSET)
 
+#define CONFIG_SYS_SEC_MON_ADDR  \
+	(CONFIG_SYS_IMMR + CONFIG_SYS_SEC_MON_OFFSET)
+
 #define TSEC_BASE_ADDR		(CONFIG_SYS_IMMR + CONFIG_SYS_TSEC1_OFFSET)
 #define MDIO_BASE_ADDR		(CONFIG_SYS_IMMR + CONFIG_SYS_MDIO1_OFFSET)
 
diff --git a/board/freescale/common/Makefile b/board/freescale/common/Makefile
index 14af660..7181cac 100644
--- a/board/freescale/common/Makefile
+++ b/board/freescale/common/Makefile
@@ -72,4 +72,10 @@ obj-$(CONFIG_P5020DS)	+= p_corenet/
 obj-$(CONFIG_P5040DS)	+= p_corenet/
 
 obj-$(CONFIG_LS102XA_NS_ACCESS)	+= ns_access.o
+
+ifdef CONFIG_SECURE_BOOT
+obj-y += fsl_validate.o
+obj-$(CONFIG_CMD_ESBC_VALIDATE) += cmd_esbc_validate.o
+endif
+
 endif