[04/31] rockchip: rk3399: Enable ARMv8 crypto and FIT checksum validation

The RK3399 SoC support the ARMv8 Cryptography Extensions, use of ARMv8
crypto can speed up FIT checksum validation in SPL.

Imply ARMV8_SET_SMPEN and ARMV8_CRYPTO to take advantage of the crypto
extensions for SHA256 when validating checksum of FIT images.

Imply SPL_FIT_SIGNATURE and LEGACY_IMAGE_FORMAT to enable FIT checksum
validation to almost all RK3399 boards.

The following boards have been excluded:
- chromebook_bob: SPL max size limitation of 120 KiB
- chromebook_kevin: SPL max size limitation of 120 KiB
- puma-rk3399: SPL stack in SRAM and TPL+SPL combined max size
               limitation of 224 KiB

Also imply OF_LIVE to help speed up init of U-Boot proper and disable
CONFIG_SPL_RAW_IMAGE_SUPPORT on leez-rk3399 to ensure SPL does not try
to jump to code that failed checksum validation.

Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
---
 arch/arm/mach-rockchip/Kconfig     | 5 +++++
 configs/chromebook_bob_defconfig   | 1 +
 configs/chromebook_kevin_defconfig | 1 +
 configs/leez-rk3399_defconfig      | 1 +
 configs/puma-rk3399_defconfig      | 2 +-
 configs/rock-4se-rk3399_defconfig  | 2 --
 configs/rock-pi-4-rk3399_defconfig | 1 -
 configs/rockpro64-rk3399_defconfig | 2 --
 8 files changed, 9 insertions(+), 6 deletions(-)

Hi Jonas,

On 3/31/24 22:28, Jonas Karlman wrote:
> The RK3399 SoC support the ARMv8 Cryptography Extensions, use of ARMv8
> crypto can speed up FIT checksum validation in SPL.
> 
> Imply ARMV8_SET_SMPEN and ARMV8_CRYPTO to take advantage of the crypto
> extensions for SHA256 when validating checksum of FIT images.
> 
> Imply SPL_FIT_SIGNATURE and LEGACY_IMAGE_FORMAT to enable FIT checksum
> validation to almost all RK3399 boards.
> 
> The following boards have been excluded:
> - chromebook_bob: SPL max size limitation of 120 KiB
> - chromebook_kevin: SPL max size limitation of 120 KiB
> - puma-rk3399: SPL stack in SRAM and TPL+SPL combined max size
>                 limitation of 224 KiB
> 

I think we should move the SPL stack out of SRAM, thanks for hinting at 
this. This is clearly something I missed when migrating Puma to TPL+SPL 
as all other devices were migrated way earlier than this board, c.f. 
https://source.denx.de/u-boot/u-boot/-/commit/f113d7d3034672de7d074506a05a7055f1f0dcae 
for the default address.

Considering that SPL_MAX_SIZE is set to 0x2e000 (184K) right now, we 
should fail if we reach that size. But I couldn't with applying the same 
changes as in this patch, is there something I'm missing that prevents 
this from happening on Puma? Just trying to figure out what we need to 
do to not stay too far from most RK3399 devices :)

"""
diff --git a/configs/puma-rk3399_defconfig b/configs/puma-rk3399_defconfig
index c2aa02ec74b..f3d23fa3f11 100644
--- a/configs/puma-rk3399_defconfig
+++ b/configs/puma-rk3399_defconfig
@@ -21,8 +21,12 @@ CONFIG_DEBUG_UART_BASE=0xFF180000
  CONFIG_DEBUG_UART_CLOCK=24000000
  CONFIG_SPL_SPI_FLASH_SUPPORT=y
  CONFIG_SPL_SPI=y
+CONFIG_ARMV8_SET_SMPEN=y
+CONFIG_ARMV8_CRYPTO=y
  CONFIG_SYS_LOAD_ADDR=0x800800
  CONFIG_DEBUG_UART=y
+CONFIG_SPL_FIT_SIGNATURE=y
+CONFIG_LEGACY_IMAGE_FORMAT=y
  CONFIG_DEFAULT_FDT_FILE="rockchip/rk3399-puma-haikou.dtb"
  CONFIG_DISPLAY_BOARDINFO_LATE=y
  CONFIG_MISC_INIT_R=y
@@ -115,4 +119,5 @@ CONFIG_DISPLAY_ROCKCHIP_HDMI=y
  CONFIG_BMP_16BPP=y
  CONFIG_BMP_24BPP=y
  CONFIG_BMP_32BPP=y
+# CONFIG_RSA is not set
  CONFIG_ERRNO_STR=y
"""

(not booted).

Additionally, I think I should be able to bump SPL_MAX_SIZE to 0x30000 
(224K offset for U-Boot proper on MMC - 32K offset for TPL+SPL on MMC), 
don't you think?

Backward compatibility is a PITA :)

Cheers,
Quentin

On 2024/4/1 04:28, Jonas Karlman wrote:
> The RK3399 SoC support the ARMv8 Cryptography Extensions, use of ARMv8
> crypto can speed up FIT checksum validation in SPL.
>
> Imply ARMV8_SET_SMPEN and ARMV8_CRYPTO to take advantage of the crypto
> extensions for SHA256 when validating checksum of FIT images.
>
> Imply SPL_FIT_SIGNATURE and LEGACY_IMAGE_FORMAT to enable FIT checksum
> validation to almost all RK3399 boards.
>
> The following boards have been excluded:
> - chromebook_bob: SPL max size limitation of 120 KiB
> - chromebook_kevin: SPL max size limitation of 120 KiB
> - puma-rk3399: SPL stack in SRAM and TPL+SPL combined max size
>                 limitation of 224 KiB
>
> Also imply OF_LIVE to help speed up init of U-Boot proper and disable
> CONFIG_SPL_RAW_IMAGE_SUPPORT on leez-rk3399 to ensure SPL does not try
> to jump to code that failed checksum validation.
>
> Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>

Thanks,
- Kever
> ---
>   arch/arm/mach-rockchip/Kconfig     | 5 +++++
>   configs/chromebook_bob_defconfig   | 1 +
>   configs/chromebook_kevin_defconfig | 1 +
>   configs/leez-rk3399_defconfig      | 1 +
>   configs/puma-rk3399_defconfig      | 2 +-
>   configs/rock-4se-rk3399_defconfig  | 2 --
>   configs/rock-pi-4-rk3399_defconfig | 1 -
>   configs/rockpro64-rk3399_defconfig | 2 --
>   8 files changed, 9 insertions(+), 6 deletions(-)
>
> diff --git a/arch/arm/mach-rockchip/Kconfig b/arch/arm/mach-rockchip/Kconfig
> index c0010fbb6887..eb74cd850409 100644
> --- a/arch/arm/mach-rockchip/Kconfig
> +++ b/arch/arm/mach-rockchip/Kconfig
> @@ -260,15 +260,20 @@ config ROCKCHIP_RK3399
>   	select DM_PMIC
>   	select DM_REGULATOR_FIXED
>   	select BOARD_LATE_INIT
> +	imply ARMV8_CRYPTO
> +	imply ARMV8_SET_SMPEN
>   	imply BOOTSTD_FULL
>   	imply CMD_BOOTCOUNT if BOOTCOUNT_LIMIT
> +	imply LEGACY_IMAGE_FORMAT
>   	imply MISC
>   	imply MISC_INIT_R
> +	imply OF_LIVE
>   	imply PARTITION_TYPE_GUID
>   	imply PRE_CONSOLE_BUFFER
>   	imply ROCKCHIP_COMMON_BOARD
>   	imply ROCKCHIP_EFUSE
>   	imply ROCKCHIP_SDRAM_COMMON
> +	imply SPL_FIT_SIGNATURE
>   	imply SPL_ROCKCHIP_COMMON_BOARD
>   	imply SYS_BOOTCOUNT_SINGLEWORD if BOOTCOUNT_LIMIT
>   	imply TPL_CLK
> diff --git a/configs/chromebook_bob_defconfig b/configs/chromebook_bob_defconfig
> index 58e76f11472c..5d8037d31422 100644
> --- a/configs/chromebook_bob_defconfig
> +++ b/configs/chromebook_bob_defconfig
> @@ -23,6 +23,7 @@ CONFIG_SPL_SPI_FLASH_SUPPORT=y
>   CONFIG_SPL_SPI=y
>   CONFIG_SYS_LOAD_ADDR=0x800800
>   CONFIG_DEBUG_UART=y
> +# CONFIG_SPL_FIT_SIGNATURE is not set
>   CONFIG_DEFAULT_FDT_FILE="rockchip/rk3399-gru-bob.dtb"
>   # CONFIG_DISPLAY_CPUINFO is not set
>   CONFIG_DISPLAY_BOARDINFO_LATE=y
> diff --git a/configs/chromebook_kevin_defconfig b/configs/chromebook_kevin_defconfig
> index 5adc276a746a..54ba2fdd136f 100644
> --- a/configs/chromebook_kevin_defconfig
> +++ b/configs/chromebook_kevin_defconfig
> @@ -24,6 +24,7 @@ CONFIG_SPL_SPI_FLASH_SUPPORT=y
>   CONFIG_SPL_SPI=y
>   CONFIG_SYS_LOAD_ADDR=0x800800
>   CONFIG_DEBUG_UART=y
> +# CONFIG_SPL_FIT_SIGNATURE is not set
>   CONFIG_DEFAULT_FDT_FILE="rockchip/rk3399-gru-kevin.dtb"
>   # CONFIG_DISPLAY_CPUINFO is not set
>   CONFIG_DISPLAY_BOARDINFO_LATE=y
> diff --git a/configs/leez-rk3399_defconfig b/configs/leez-rk3399_defconfig
> index e5088341389a..2831cfb36689 100644
> --- a/configs/leez-rk3399_defconfig
> +++ b/configs/leez-rk3399_defconfig
> @@ -15,6 +15,7 @@ CONFIG_DEFAULT_FDT_FILE="rockchip/rk3399-leez-p710.dtb"
>   CONFIG_DISPLAY_BOARDINFO_LATE=y
>   CONFIG_SPL_MAX_SIZE=0x2e000
>   CONFIG_SPL_PAD_TO=0x7f8000
> +# CONFIG_SPL_RAW_IMAGE_SUPPORT is not set
>   CONFIG_SPL_ATF_NO_PLATFORM_PARAM=y
>   CONFIG_TPL=y
>   CONFIG_CMD_BOOTZ=y
> diff --git a/configs/puma-rk3399_defconfig b/configs/puma-rk3399_defconfig
> index c2759e1a9520..fe7aac791271 100644
> --- a/configs/puma-rk3399_defconfig
> +++ b/configs/puma-rk3399_defconfig
> @@ -23,6 +23,7 @@ CONFIG_SPL_SPI_FLASH_SUPPORT=y
>   CONFIG_SPL_SPI=y
>   CONFIG_SYS_LOAD_ADDR=0x800800
>   CONFIG_DEBUG_UART=y
> +# CONFIG_SPL_FIT_SIGNATURE is not set
>   CONFIG_DEFAULT_FDT_FILE="rockchip/rk3399-puma-haikou.dtb"
>   CONFIG_DISPLAY_BOARDINFO_LATE=y
>   CONFIG_SPL_MAX_SIZE=0x2e000
> @@ -52,7 +53,6 @@ CONFIG_CMD_TIME=y
>   CONFIG_CMD_PMIC=y
>   CONFIG_CMD_REGULATOR=y
>   CONFIG_SPL_OF_CONTROL=y
> -CONFIG_OF_LIVE=y
>   CONFIG_OF_SPL_REMOVE_PROPS="interrupt-parent assigned-clocks assigned-clock-rates assigned-clock-parents"
>   CONFIG_ENV_OVERWRITE=y
>   CONFIG_ENV_IS_IN_MMC=y
> diff --git a/configs/rock-4se-rk3399_defconfig b/configs/rock-4se-rk3399_defconfig
> index 712502517eb2..04622df3c0a0 100644
> --- a/configs/rock-4se-rk3399_defconfig
> +++ b/configs/rock-4se-rk3399_defconfig
> @@ -15,8 +15,6 @@ CONFIG_SYS_LOAD_ADDR=0x800800
>   CONFIG_PCI=y
>   CONFIG_DEBUG_UART=y
>   # CONFIG_ANDROID_BOOT_IMAGE is not set
> -CONFIG_SPL_FIT_SIGNATURE=y
> -CONFIG_LEGACY_IMAGE_FORMAT=y
>   CONFIG_DEFAULT_FDT_FILE="rockchip/rk3399-rock-4se.dtb"
>   CONFIG_DISPLAY_BOARDINFO_LATE=y
>   CONFIG_SPL_MAX_SIZE=0x2e000
> diff --git a/configs/rock-pi-4-rk3399_defconfig b/configs/rock-pi-4-rk3399_defconfig
> index 315b8b853fc3..9036c51de421 100644
> --- a/configs/rock-pi-4-rk3399_defconfig
> +++ b/configs/rock-pi-4-rk3399_defconfig
> @@ -19,7 +19,6 @@ CONFIG_SYS_LOAD_ADDR=0x800800
>   CONFIG_PCI=y
>   CONFIG_DEBUG_UART=y
>   # CONFIG_ANDROID_BOOT_IMAGE is not set
> -CONFIG_SPL_FIT_SIGNATURE=y
>   CONFIG_DEFAULT_FDT_FILE="rockchip/rk3399-rock-pi-4a.dtb"
>   CONFIG_DISPLAY_BOARDINFO_LATE=y
>   CONFIG_SPL_MAX_SIZE=0x40000
> diff --git a/configs/rockpro64-rk3399_defconfig b/configs/rockpro64-rk3399_defconfig
> index d66b4a9d8900..062477286708 100644
> --- a/configs/rockpro64-rk3399_defconfig
> +++ b/configs/rockpro64-rk3399_defconfig
> @@ -17,8 +17,6 @@ CONFIG_SPL_SPI=y
>   CONFIG_SYS_LOAD_ADDR=0x800800
>   CONFIG_PCI=y
>   CONFIG_DEBUG_UART=y
> -CONFIG_SPL_FIT_SIGNATURE=y
> -CONFIG_LEGACY_IMAGE_FORMAT=y
>   CONFIG_BOOTSTAGE=y
>   CONFIG_BOOTSTAGE_REPORT=y
>   CONFIG_USE_PREBOOT=y