From: Scott Wood <scottwood@freescale.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [U-Boot, 1/2, v4] powerpc/mpc85xx: SECURE BOOT- NAND secure boot target for P3041
Date: Tue, 10 Mar 2015 13:33:57 -0500 [thread overview]
Message-ID: <1426012437.30327.25.camel@freescale.com> (raw)
In-Reply-To: <DM2PR0301MB1312893A710ADAE066FF1C16F0180@DM2PR0301MB1312.namprd03.prod.outlook.com>
On Tue, 2015-03-10 at 13:27 -0500, Bansal Aneesh-B39320 wrote:
>
>
> > -----Original Message-----
> > From: Wood Scott-B07421
> > Sent: Tuesday, March 10, 2015 11:29 PM
> > To: Bansal Aneesh-B39320
> > Cc: u-boot at lists.denx.de; Sun York-R58495; Gupta Ruchika-R66431;
> > Kushwaha Prabhakar-B32579
> > Subject: Re: [U-Boot, 1/2, v4] powerpc/mpc85xx: SECURE BOOT- NAND
> > secure boot target for P3041
> >
> > On Tue, 2015-03-10 at 12:52 -0500, Bansal Aneesh-B39320 wrote:
> > >
> > >
> > > > -----Original Message-----
> > > > From: Wood Scott-B07421
> > > > Sent: Tuesday, March 10, 2015 10:34 PM
> > > > To: Bansal Aneesh-B39320
> > > > Cc: u-boot at lists.denx.de; Sun York-R58495; Gupta Ruchika-R66431;
> > > > Kushwaha Prabhakar-B32579
> > > > Subject: Re: [U-Boot, 1/2, v4] powerpc/mpc85xx: SECURE BOOT- NAND
> > > > secure boot target for P3041
> > > >
> > > > On Tue, 2015-03-10 at 03:50 -0500, Bansal Aneesh-B39320 wrote:
> > > > > > -----Original Message-----
> > > > > > From: Wood Scott-B07421
> > > > > > Sent: Thursday, March 05, 2015 10:38 PM
> > > > > > To: Bansal Aneesh-B39320
> > > > > > Cc: u-boot at lists.denx.de; Sun York-R58495; Gupta Ruchika-R66431
> > > > > > Subject: Re: [U-Boot, 1/2, v4] powerpc/mpc85xx: SECURE BOOT-
> > > > > > NAND secure boot target for P3041
> > > > > >
> > > > > > On Thu, 2015-03-05 at 01:26 -0600, Bansal Aneesh-B39320 wrote:
> > > > > > > > -----Original Message-----
> > > > > > > > From: Wood Scott-B07421
> > > > > > > > Sent: Thursday, March 05, 2015 2:41 AM
> > > > > > > > To: Bansal Aneesh-B39320
> > > > > > > > Cc: u-boot at lists.denx.de; Sun York-R58495; Gupta
> > > > > > > > Ruchika-R66431
> > > > > > > > Subject: Re: [U-Boot, 1/2, v4] powerpc/mpc85xx: SECURE BOOT-
> > > > > > > > NAND secure boot target for P3041
> > > > > > > >
> > > > > > > > Where does the 3.5G limitation come from? Even if the
> > > > > > > > physical address needs to be elsewhere due to bootrom
> > > > > > > > constraints, we should be able to map it wherever we want in
> > > > > > > > the TLB once U-Boot takes
> > > > > > control.
> > > > > > > >
> > > > > > > The 3.5G limitation comes from BootROM in case of secure Boot.
> > > > > > > Initially U-Boot has to run from CPC configured as SRAM with
> > > > > > > address Within 3.5G. Once U-boot has relocated to DDR, we have
> > > > > > > removed the Corresponding TLB entry.
> > > > > >
> > > > > > Again, you could relocate the virtual address of L3 much earlier.
> > > > > >
> > > > > > -Scott
> > > > > >
> > > > > Are you suggesting the following:
> > > > > 1. PBI Commands to configure CPC as SRAM with address 0xBFF0_0000.
> > > > > 2. Compile U-boot with TEXT BASE as 0xFFF40000.
> > > > > 3. Copy the U-boot from NAND via PBI commands to CPC (SRAM) on
> > > > > address 0xBFF4_0000 4. The BootROM will validate the U-boot and
> > > > > transfer
> > > > the control to 0xBFFF_FFFC.
> > > > > 5. When U-boot is executing, then in the last 4K code, when
> > > > > shifting from
> > > > AS=0 to AS=1,
> > > > > we change the address of SRAM from 0xBFF0_0000 to 0xFFF0_0000.
> > > > > (Similar to what is done for NOR Boot)
> > > >
> > > > Something like that, except in step 5 it would only be changing the
> > > > virtual address, not the physical address (unless you can do a
> > > > similar trick as NOR does, to have the L3 cache repeat and cover both
> > addresses at once).
> > > >
> > > > -Scott
> > > >
> > > The problems that I see here are:
> > > 1. Can SRAM address be changed without disabling and re-configuring CPC
> > as SRAM ?
> >
> > Again, I'm only talking about changing the virtual address.
> >
> If we just change the virtual address to 0xFFF0_0000, how will it work?
> The SRAM address configured in CPC controller is 0xBFF0_0000.
> So, won't the CPC controller reject fetches with address 0xFFFx_xxxx.
It's a virtual address. The CPC will never see it.
> > Why is there a race condition? You can have two virtual addresses pointing at
> > the same physical address.
> >
> We can have two virtual addresses pointing to same physical address but we can't have
> two addresses for SRAM in CPC controller.
And you don't need to.
-Scott
prev parent reply other threads:[~2015-03-10 18:33 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-25 8:47 [U-Boot] [PATCH 1/2][v4] powerpc/mpc85xx: SECURE BOOT- NAND secure boot target for P3041 Aneesh Bansal
2015-02-25 22:13 ` [U-Boot] [U-Boot, 1/2, v4] " Scott Wood
2015-02-27 4:35 ` aneesh.bansal at freescale.com
2015-02-27 4:51 ` Scott Wood
2015-02-27 5:50 ` aneesh.bansal at freescale.com
[not found] ` <DM2PR0301MB1312F158483C1E890256AF58F0150@DM2PR0301MB1312.namprd03.prod.outlook.com>
2015-03-04 21:10 ` Scott Wood
2015-03-05 7:26 ` aneesh.bansal at freescale.com
2015-03-05 17:08 ` Scott Wood
2015-03-10 8:50 ` aneesh.bansal at freescale.com
2015-03-10 17:03 ` Scott Wood
2015-03-10 17:52 ` aneesh.bansal at freescale.com
2015-03-10 17:59 ` Scott Wood
2015-03-10 18:27 ` aneesh.bansal at freescale.com
2015-03-10 18:33 ` Scott Wood [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1426012437.30327.25.camel@freescale.com \
--to=scottwood@freescale.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.