* [U-Boot] [PATCH v2 0/3] LS1046A secure boot target addition
@ 2016-10-26 20:17 Sumit Garg
2016-10-26 16:16 ` Andreas Färber
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Sumit Garg @ 2016-10-26 20:17 UTC (permalink / raw)
To: u-boot
The patch-set does the following:
1. Add NOR secure boot target on ls1046aqds platform.
2. Add QSPI secure boot target on ls1046ardb platform.
Changes in v2:
Split patches logically from 2 to 3.
Sumit Garg (3):
SECURE_BOOT: Enable chain of trust on LS1046A platform
LS1046AQDS: Add NOR Secure Boot Target
LS1046ARDB: Add QSPI Secure Boot target
arch/arm/include/asm/arch-fsl-layerscape/config.h | 2 +-
arch/arm/include/asm/fsl_secure_boot.h | 37 ++++++++++++++++-------
board/freescale/ls1046aqds/MAINTAINERS | 4 +++
board/freescale/ls1046aqds/ls1046aqds.c | 18 +++++++++++
board/freescale/ls1046ardb/MAINTAINERS | 4 +++
board/freescale/ls1046ardb/ls1046ardb.c | 19 ++++++++++++
configs/ls1046aqds_SECURE_BOOT_defconfig | 29 ++++++++++++++++++
configs/ls1046ardb_qspi_SECURE_BOOT_defconfig | 27 +++++++++++++++++
include/configs/ls1046ardb.h | 2 ++
9 files changed, 130 insertions(+), 12 deletions(-)
create mode 100644 configs/ls1046aqds_SECURE_BOOT_defconfig
create mode 100644 configs/ls1046ardb_qspi_SECURE_BOOT_defconfig
--
1.8.1.4
^ permalink raw reply [flat|nested] 8+ messages in thread* [U-Boot] [PATCH v2 0/3] LS1046A secure boot target addition 2016-10-26 20:17 [U-Boot] [PATCH v2 0/3] LS1046A secure boot target addition Sumit Garg @ 2016-10-26 16:16 ` Andreas Färber 2016-10-26 20:17 ` [U-Boot] [PATCH v2 1/3] SECURE_BOOT: Enable chain of trust on LS1046A platform Sumit Garg 2016-10-26 20:17 ` [U-Boot] [PATCH v2 2/3] LS1046AQDS: Add NOR Secure Boot Target Sumit Garg 2 siblings, 0 replies; 8+ messages in thread From: Andreas Färber @ 2016-10-26 16:16 UTC (permalink / raw) To: u-boot Hi, Am 26.10.2016 um 22:17 schrieb Sumit Garg: > The patch-set does the following: > > 1. Add NOR secure boot target on ls1046aqds platform. > 2. Add QSPI secure boot target on ls1046ardb platform. Please double-check your clock, you are posting in the future. Regards, Andreas -- SUSE Linux GmbH, Maxfeldstr. 5, 90409 N?rnberg, Germany GF: Felix Imend?rffer, Jane Smithard, Graham Norton HRB 21284 (AG N?rnberg) ^ permalink raw reply [flat|nested] 8+ messages in thread
* [U-Boot] [PATCH v2 1/3] SECURE_BOOT: Enable chain of trust on LS1046A platform 2016-10-26 20:17 [U-Boot] [PATCH v2 0/3] LS1046A secure boot target addition Sumit Garg 2016-10-26 16:16 ` Andreas Färber @ 2016-10-26 20:17 ` Sumit Garg 2016-11-14 17:51 ` york sun 2016-10-26 20:17 ` [U-Boot] [PATCH v2 2/3] LS1046AQDS: Add NOR Secure Boot Target Sumit Garg 2 siblings, 1 reply; 8+ messages in thread From: Sumit Garg @ 2016-10-26 20:17 UTC (permalink / raw) To: u-boot Define bootscript and its header addresses for QSPI target. Also define PPA header address to enable PPA validation. Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> --- Changes in v2: Split patches logically from 2 to 3. arch/arm/include/asm/arch-fsl-layerscape/config.h | 2 +- arch/arm/include/asm/fsl_secure_boot.h | 37 ++++++++++++++++------- 2 files changed, 27 insertions(+), 12 deletions(-) diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h b/arch/arm/include/asm/arch-fsl-layerscape/config.h index 4201e0f..11a62e8 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/config.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h @@ -196,7 +196,7 @@ #define CONFIG_SYS_FSL_IFC_BE #define CONFIG_SYS_FSL_SFP_VER_3_2 -#define CONFIG_SYS_FSL_SNVS_LE +#define CONFIG_SYS_FSL_SEC_MON_BE #define CONFIG_SYS_FSL_SFP_BE #define CONFIG_SYS_FSL_SRK_LE #define CONFIG_KEY_REVOCATION diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index 4525287..933e09c 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -45,7 +45,8 @@ #define CONFIG_CMD_HASH #define CONFIG_KEY_REVOCATION #ifndef CONFIG_SYS_RAMBOOT -/* The key used for verification of next level images +/* + * The key used for verification of next level images * is picked up from an Extension Table which has * been verified by the ISBC (Internal Secure boot Code) * in boot ROM of the SoC. @@ -59,9 +60,10 @@ #endif -#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A) -/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit - * Similiarly for LS2080 +#if defined(CONFIG_FSL_LAYERSCAPE) +/* + * For fsl layerscape based platforms, ESBC image Address in Header + * is 64 bit. */ #define CONFIG_ESBC_ADDR_64BIT #endif @@ -78,13 +80,16 @@ "setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';" #endif -/* Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from - * Non-XIP Memory (Nand/SD)*/ +/* + * Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from + * Non-XIP Memory (Nand/SD) + */ #if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_LS2080A) || \ defined(CONFIG_SD_BOOT) #define CONFIG_BOOTSCRIPT_COPY_RAM #endif -/* The address needs to be modified according to NOR, NAND, SD and +/* + * The address needs to be modified according to NOR, NAND, SD and * DDR memory map */ #ifdef CONFIG_LS2080A @@ -96,19 +101,26 @@ #define CONFIG_BS_SIZE 0x00001000 #else #ifdef CONFIG_SD_BOOT -/* For SD boot address and size are assigned in terms of sector +/* + * For SD boot address and size are assigned in terms of sector * offset and no. of sectors respectively. */ #define CONFIG_BS_HDR_ADDR_DEVICE 0x00000800 #define CONFIG_BS_ADDR_DEVICE 0x00000840 #define CONFIG_BS_HDR_SIZE 0x00000010 #define CONFIG_BS_SIZE 0x00000008 -#else +/* ifdef CONFIG_SD_BOOT */ +#elif defined(CONFIG_QSPI_BOOT) +#define CONFIG_BS_HDR_ADDR_DEVICE 0x40780000 +#define CONFIG_BS_ADDR_DEVICE 0x40800000 +#define CONFIG_BS_HDR_SIZE 0x00002000 +#define CONFIG_BS_SIZE 0x00001000 +#else /* elif defined(CONFIG_QSPI_BOOT) */ #define CONFIG_BS_HDR_ADDR_DEVICE 0x600a0000 #define CONFIG_BS_ADDR_DEVICE 0x60060000 #define CONFIG_BS_HDR_SIZE 0x00002000 #define CONFIG_BS_SIZE 0x00001000 -#endif /* #ifdef CONFIG_SD_BOOT */ +#endif /* Default NOR Boot */ #define CONFIG_BS_HDR_ADDR_RAM 0x81000000 #define CONFIG_BS_ADDR_RAM 0x81020000 #endif @@ -125,12 +137,15 @@ #ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP #ifdef CONFIG_LS1043A #define CONFIG_SYS_LS_PPA_ESBC_ADDR 0x600c0000 +#elif defined(CONFIG_LS1046A) +#define CONFIG_SYS_LS_PPA_ESBC_ADDR 0x40740000 #endif #else #error "No CONFIG_SYS_LS_PPA_FW_IN_xxx defined" #endif /* ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP */ -/* Define the key hash here if SRK used for signing PPA image is +/* + * Define the key hash here if SRK used for signing PPA image is * different from SRK hash put in SFP used for U-Boot. * Example * #define CONFIG_PPA_KEY_HASH \ -- 1.8.1.4 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* [U-Boot] [PATCH v2 1/3] SECURE_BOOT: Enable chain of trust on LS1046A platform 2016-10-26 20:17 ` [U-Boot] [PATCH v2 1/3] SECURE_BOOT: Enable chain of trust on LS1046A platform Sumit Garg @ 2016-11-14 17:51 ` york sun 2016-11-15 4:49 ` Sumit Garg 0 siblings, 1 reply; 8+ messages in thread From: york sun @ 2016-11-14 17:51 UTC (permalink / raw) To: u-boot On 10/26/2016 03:47 AM, Sumit Garg wrote: > Define bootscript and its header addresses for QSPI target. Also > define PPA header address to enable PPA validation. > > Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> > Signed-off-by: Sumit Garg <sumit.garg@nxp.com> > --- > > Changes in v2: > Split patches logically from 2 to 3. > > arch/arm/include/asm/arch-fsl-layerscape/config.h | 2 +- > arch/arm/include/asm/fsl_secure_boot.h | 37 ++++++++++++++++------- > 2 files changed, 27 insertions(+), 12 deletions(-) > > diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h b/arch/arm/include/asm/arch-fsl-layerscape/config.h > index 4201e0f..11a62e8 100644 > --- a/arch/arm/include/asm/arch-fsl-layerscape/config.h > +++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h > @@ -196,7 +196,7 @@ > > #define CONFIG_SYS_FSL_IFC_BE > #define CONFIG_SYS_FSL_SFP_VER_3_2 > -#define CONFIG_SYS_FSL_SNVS_LE > +#define CONFIG_SYS_FSL_SEC_MON_BE > #define CONFIG_SYS_FSL_SFP_BE > #define CONFIG_SYS_FSL_SRK_LE > #define CONFIG_KEY_REVOCATION > diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h > index 4525287..933e09c 100644 > --- a/arch/arm/include/asm/fsl_secure_boot.h > +++ b/arch/arm/include/asm/fsl_secure_boot.h > @@ -45,7 +45,8 @@ > #define CONFIG_CMD_HASH > #define CONFIG_KEY_REVOCATION > #ifndef CONFIG_SYS_RAMBOOT > -/* The key used for verification of next level images > +/* > + * The key used for verification of next level images > * is picked up from an Extension Table which has > * been verified by the ISBC (Internal Secure boot Code) > * in boot ROM of the SoC. > @@ -59,9 +60,10 @@ > > #endif > > -#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A) > -/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit > - * Similiarly for LS2080 > +#if defined(CONFIG_FSL_LAYERSCAPE) > +/* > + * For fsl layerscape based platforms, ESBC image Address in Header > + * is 64 bit. > */ > #define CONFIG_ESBC_ADDR_64BIT > #endif > @@ -78,13 +80,16 @@ > "setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';" > #endif > > -/* Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from > - * Non-XIP Memory (Nand/SD)*/ > +/* > + * Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from > + * Non-XIP Memory (Nand/SD) > + */ > #if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_LS2080A) || \ > defined(CONFIG_SD_BOOT) > #define CONFIG_BOOTSCRIPT_COPY_RAM > #endif > -/* The address needs to be modified according to NOR, NAND, SD and > +/* > + * The address needs to be modified according to NOR, NAND, SD and > * DDR memory map > */ > #ifdef CONFIG_LS2080A > @@ -96,19 +101,26 @@ > #define CONFIG_BS_SIZE 0x00001000 > #else > #ifdef CONFIG_SD_BOOT > -/* For SD boot address and size are assigned in terms of sector > +/* > + * For SD boot address and size are assigned in terms of sector > * offset and no. of sectors respectively. > */ > #define CONFIG_BS_HDR_ADDR_DEVICE 0x00000800 > #define CONFIG_BS_ADDR_DEVICE 0x00000840 > #define CONFIG_BS_HDR_SIZE 0x00000010 > #define CONFIG_BS_SIZE 0x00000008 > -#else > +/* ifdef CONFIG_SD_BOOT */ This comment confuses me. The code below is for QSPI_BOOT obviously. > +#elif defined(CONFIG_QSPI_BOOT) > +#define CONFIG_BS_HDR_ADDR_DEVICE 0x40780000 > +#define CONFIG_BS_ADDR_DEVICE 0x40800000 > +#define CONFIG_BS_HDR_SIZE 0x00002000 > +#define CONFIG_BS_SIZE 0x00001000 > +#else /* elif defined(CONFIG_QSPI_BOOT) */ The code below is not for QSPI_BOOT. Confusing comment. > #define CONFIG_BS_HDR_ADDR_DEVICE 0x600a0000 > #define CONFIG_BS_ADDR_DEVICE 0x60060000 > #define CONFIG_BS_HDR_SIZE 0x00002000 > #define CONFIG_BS_SIZE 0x00001000 > -#endif /* #ifdef CONFIG_SD_BOOT */ > +#endif /* Default NOR Boot */ I guess the above is for normal NOR boot. The comment should be moved above the block. > #define CONFIG_BS_HDR_ADDR_RAM 0x81000000 > #define CONFIG_BS_ADDR_RAM 0x81020000 > #endif > @@ -125,12 +137,15 @@ > #ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP > #ifdef CONFIG_LS1043A > #define CONFIG_SYS_LS_PPA_ESBC_ADDR 0x600c0000 > +#elif defined(CONFIG_LS1046A) > +#define CONFIG_SYS_LS_PPA_ESBC_ADDR 0x40740000 > #endif > #else > #error "No CONFIG_SYS_LS_PPA_FW_IN_xxx defined" > #endif /* ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP */ > > -/* Define the key hash here if SRK used for signing PPA image is > +/* > + * Define the key hash here if SRK used for signing PPA image is > * different from SRK hash put in SFP used for U-Boot. > * Example > * #define CONFIG_PPA_KEY_HASH \ > It would be better to separate the cosmetic change from the code change. York ^ permalink raw reply [flat|nested] 8+ messages in thread
* [U-Boot] [PATCH v2 1/3] SECURE_BOOT: Enable chain of trust on LS1046A platform 2016-11-14 17:51 ` york sun @ 2016-11-15 4:49 ` Sumit Garg 0 siblings, 0 replies; 8+ messages in thread From: Sumit Garg @ 2016-11-15 4:49 UTC (permalink / raw) To: u-boot > -----Original Message----- > From: york sun > Sent: Monday, November 14, 2016 11:22 PM > To: Sumit Garg <sumit.garg@nxp.com>; u-boot at lists.denx.de > Cc: Ruchika Gupta <ruchika.gupta@nxp.com>; Prabhakar Kushwaha > <prabhakar.kushwaha@nxp.com>; Vini Pillai <vinitha.pillai@nxp.com> > Subject: Re: [PATCH v2 1/3] SECURE_BOOT: Enable chain of trust on LS1046A > platform > > On 10/26/2016 03:47 AM, Sumit Garg wrote: > > Define bootscript and its header addresses for QSPI target. Also > > define PPA header address to enable PPA validation. > > > > Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> > > Signed-off-by: Sumit Garg <sumit.garg@nxp.com> > > --- > > > > Changes in v2: > > Split patches logically from 2 to 3. > > > > arch/arm/include/asm/arch-fsl-layerscape/config.h | 2 +- > > arch/arm/include/asm/fsl_secure_boot.h | 37 ++++++++++++++++---- > --- > > 2 files changed, 27 insertions(+), 12 deletions(-) > > > > diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h > > b/arch/arm/include/asm/arch-fsl-layerscape/config.h > > index 4201e0f..11a62e8 100644 > > --- a/arch/arm/include/asm/arch-fsl-layerscape/config.h > > +++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h > > @@ -196,7 +196,7 @@ > > > > #define CONFIG_SYS_FSL_IFC_BE > > #define CONFIG_SYS_FSL_SFP_VER_3_2 > > -#define CONFIG_SYS_FSL_SNVS_LE > > +#define CONFIG_SYS_FSL_SEC_MON_BE > > #define CONFIG_SYS_FSL_SFP_BE > > #define CONFIG_SYS_FSL_SRK_LE > > #define CONFIG_KEY_REVOCATION > > diff --git a/arch/arm/include/asm/fsl_secure_boot.h > > b/arch/arm/include/asm/fsl_secure_boot.h > > index 4525287..933e09c 100644 > > --- a/arch/arm/include/asm/fsl_secure_boot.h > > +++ b/arch/arm/include/asm/fsl_secure_boot.h > > @@ -45,7 +45,8 @@ > > #define CONFIG_CMD_HASH > > #define CONFIG_KEY_REVOCATION > > #ifndef CONFIG_SYS_RAMBOOT > > -/* The key used for verification of next level images > > +/* > > + * The key used for verification of next level images > > * is picked up from an Extension Table which has > > * been verified by the ISBC (Internal Secure boot Code) > > * in boot ROM of the SoC. > > @@ -59,9 +60,10 @@ > > > > #endif > > > > -#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A) > > -/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit > > - * Similiarly for LS2080 > > +#if defined(CONFIG_FSL_LAYERSCAPE) > > +/* > > + * For fsl layerscape based platforms, ESBC image Address in Header > > + * is 64 bit. > > */ > > #define CONFIG_ESBC_ADDR_64BIT > > #endif > > @@ -78,13 +80,16 @@ > > "setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';" > > #endif > > > > -/* Copying Bootscript and Header to DDR from NOR for LS2 and for > > rest, from > > - * Non-XIP Memory (Nand/SD)*/ > > +/* > > + * Copying Bootscript and Header to DDR from NOR for LS2 and for > > +rest, from > > + * Non-XIP Memory (Nand/SD) > > + */ > > #if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_LS2080A) || \ > > defined(CONFIG_SD_BOOT) > > #define CONFIG_BOOTSCRIPT_COPY_RAM > > #endif > > -/* The address needs to be modified according to NOR, NAND, SD and > > +/* > > + * The address needs to be modified according to NOR, NAND, SD and > > * DDR memory map > > */ > > #ifdef CONFIG_LS2080A > > @@ -96,19 +101,26 @@ > > #define CONFIG_BS_SIZE 0x00001000 > > #else > > #ifdef CONFIG_SD_BOOT > > -/* For SD boot address and size are assigned in terms of sector > > +/* > > + * For SD boot address and size are assigned in terms of sector > > * offset and no. of sectors respectively. > > */ > > #define CONFIG_BS_HDR_ADDR_DEVICE 0x00000800 > > #define CONFIG_BS_ADDR_DEVICE 0x00000840 > > #define CONFIG_BS_HDR_SIZE 0x00000010 > > #define CONFIG_BS_SIZE 0x00000008 > > -#else > > +/* ifdef CONFIG_SD_BOOT */ > > This comment confuses me. The code below is for QSPI_BOOT obviously. I have put this comment to mark ending of SD_BOOT block as starting is marked by #ifdef CONFIG_SD_BOOT. > > > +#elif defined(CONFIG_QSPI_BOOT) > > +#define CONFIG_BS_HDR_ADDR_DEVICE 0x40780000 > > +#define CONFIG_BS_ADDR_DEVICE 0x40800000 > > +#define CONFIG_BS_HDR_SIZE 0x00002000 > > +#define CONFIG_BS_SIZE 0x00001000 > > +#else /* elif defined(CONFIG_QSPI_BOOT) */ > > The code below is not for QSPI_BOOT. Confusing comment. I have put this comment to mark ending of QSPI_BOOT block as starting is marked by "#elif defined(CONFIG_QSPI_BOOT)". > > > #define CONFIG_BS_HDR_ADDR_DEVICE 0x600a0000 > > #define CONFIG_BS_ADDR_DEVICE 0x60060000 > > #define CONFIG_BS_HDR_SIZE 0x00002000 > > #define CONFIG_BS_SIZE 0x00001000 > > -#endif /* #ifdef CONFIG_SD_BOOT */ > > +#endif /* Default NOR Boot */ > > I guess the above is for normal NOR boot. The comment should be moved > above the block. Here also comment marks ending of NOR boot block. I have just added these comments to avoid confusion. > > > #define CONFIG_BS_HDR_ADDR_RAM 0x81000000 > > #define CONFIG_BS_ADDR_RAM 0x81020000 > > #endif > > @@ -125,12 +137,15 @@ > > #ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP > > #ifdef CONFIG_LS1043A > > #define CONFIG_SYS_LS_PPA_ESBC_ADDR 0x600c0000 > > +#elif defined(CONFIG_LS1046A) > > +#define CONFIG_SYS_LS_PPA_ESBC_ADDR 0x40740000 > > #endif > > #else > > #error "No CONFIG_SYS_LS_PPA_FW_IN_xxx defined" > > #endif /* ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP */ > > > > -/* Define the key hash here if SRK used for signing PPA image is > > +/* > > + * Define the key hash here if SRK used for signing PPA image is > > * different from SRK hash put in SFP used for U-Boot. > > * Example > > * #define CONFIG_PPA_KEY_HASH \ > > > > It would be better to separate the cosmetic change from the code change. > > York Sure, I will remove these changes from this patch. -Sumit ^ permalink raw reply [flat|nested] 8+ messages in thread
* [U-Boot] [PATCH v2 2/3] LS1046AQDS: Add NOR Secure Boot Target 2016-10-26 20:17 [U-Boot] [PATCH v2 0/3] LS1046A secure boot target addition Sumit Garg 2016-10-26 16:16 ` Andreas Färber 2016-10-26 20:17 ` [U-Boot] [PATCH v2 1/3] SECURE_BOOT: Enable chain of trust on LS1046A platform Sumit Garg @ 2016-10-26 20:17 ` Sumit Garg 2016-11-14 17:53 ` york sun 2 siblings, 1 reply; 8+ messages in thread From: Sumit Garg @ 2016-10-26 20:17 UTC (permalink / raw) To: u-boot Add NOR secure boot target. Also enable sec init. Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> --- Changes in v2: Split patches logically from 2 to 3. board/freescale/ls1046aqds/MAINTAINERS | 4 ++++ board/freescale/ls1046aqds/ls1046aqds.c | 18 ++++++++++++++++++ configs/ls1046aqds_SECURE_BOOT_defconfig | 29 +++++++++++++++++++++++++++++ 3 files changed, 51 insertions(+) create mode 100644 configs/ls1046aqds_SECURE_BOOT_defconfig diff --git a/board/freescale/ls1046aqds/MAINTAINERS b/board/freescale/ls1046aqds/MAINTAINERS index b4549ae..6737d55 100644 --- a/board/freescale/ls1046aqds/MAINTAINERS +++ b/board/freescale/ls1046aqds/MAINTAINERS @@ -8,3 +8,7 @@ F: configs/ls1046aqds_nand_defconfig F: configs/ls1046aqds_sdcard_ifc_defconfig F: configs/ls1046aqds_sdcard_qspi_defconfig F: configs/ls1046aqds_qspi_defconfig + +M: Sumit Garg <sumit.garg@nxp.com> +S: Maintained +F: configs/ls1046aqds_SECURE_BOOT_defconfig diff --git a/board/freescale/ls1046aqds/ls1046aqds.c b/board/freescale/ls1046aqds/ls1046aqds.c index 8c18538..a418590 100644 --- a/board/freescale/ls1046aqds/ls1046aqds.c +++ b/board/freescale/ls1046aqds/ls1046aqds.c @@ -20,6 +20,7 @@ #include <fsl_csu.h> #include <fsl_esdhc.h> #include <fsl_ifc.h> +#include <fsl_sec.h> #include <spl.h> #include "../common/vid.h" @@ -242,6 +243,23 @@ int board_init(void) if (adjust_vdd(0)) printf("Warning: Adjusting core voltage failed.\n"); +#ifdef CONFIG_SECURE_BOOT + /* In case of Secure Boot, the IBR configures the SMMU + * to allow only Secure transactions. + * SMMU must be reset in bypass mode. + * Set the ClientPD bit and Clear the USFCFG Bit + */ + u32 val; + val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK); + out_le32(SMMU_SCR0, val); + val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK); + out_le32(SMMU_NSCR0, val); +#endif + +#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif + return 0; } diff --git a/configs/ls1046aqds_SECURE_BOOT_defconfig b/configs/ls1046aqds_SECURE_BOOT_defconfig new file mode 100644 index 0000000..2640dc8 --- /dev/null +++ b/configs/ls1046aqds_SECURE_BOOT_defconfig @@ -0,0 +1,29 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS1046AQDS=y +CONFIG_DM_SPI=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1046a-qds-duart" +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, SECURE_BOOT" +CONFIG_BOOTDELAY=10 +CONFIG_HUSH_PARSER=y +CONFIG_CMD_BOOTZ=y +CONFIG_CMD_GREPENV=y +CONFIG_CMD_MEMTEST=y +CONFIG_CMD_MEMINFO=y +CONFIG_CMD_MMC=y +CONFIG_CMD_SF=y +CONFIG_CMD_I2C=y +CONFIG_CMD_DHCP=y +CONFIG_CMD_MII=y +CONFIG_CMD_PING=y +CONFIG_CMD_CACHE=y +CONFIG_CMD_EXT2=y +CONFIG_CMD_FAT=y +CONFIG_OF_CONTROL=y +CONFIG_DM=y +CONFIG_SPI_FLASH=y +CONFIG_SYS_NS16550=y +CONFIG_FSL_DSPI=y +CONFIG_RSA=y -- 1.8.1.4 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* [U-Boot] [PATCH v2 2/3] LS1046AQDS: Add NOR Secure Boot Target 2016-10-26 20:17 ` [U-Boot] [PATCH v2 2/3] LS1046AQDS: Add NOR Secure Boot Target Sumit Garg @ 2016-11-14 17:53 ` york sun 2016-11-15 4:50 ` Sumit Garg 0 siblings, 1 reply; 8+ messages in thread From: york sun @ 2016-11-14 17:53 UTC (permalink / raw) To: u-boot On 10/26/2016 03:47 AM, Sumit Garg wrote: > Add NOR secure boot target. Also enable sec init. > > Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> > Signed-off-by: Sumit Garg <sumit.garg@nxp.com> > --- > > Changes in v2: > Split patches logically from 2 to 3. > > board/freescale/ls1046aqds/MAINTAINERS | 4 ++++ > board/freescale/ls1046aqds/ls1046aqds.c | 18 ++++++++++++++++++ > configs/ls1046aqds_SECURE_BOOT_defconfig | 29 +++++++++++++++++++++++++++++ > 3 files changed, 51 insertions(+) > create mode 100644 configs/ls1046aqds_SECURE_BOOT_defconfig > > diff --git a/board/freescale/ls1046aqds/MAINTAINERS b/board/freescale/ls1046aqds/MAINTAINERS > index b4549ae..6737d55 100644 > --- a/board/freescale/ls1046aqds/MAINTAINERS > +++ b/board/freescale/ls1046aqds/MAINTAINERS > @@ -8,3 +8,7 @@ F: configs/ls1046aqds_nand_defconfig > F: configs/ls1046aqds_sdcard_ifc_defconfig > F: configs/ls1046aqds_sdcard_qspi_defconfig > F: configs/ls1046aqds_qspi_defconfig > + > +M: Sumit Garg <sumit.garg@nxp.com> > +S: Maintained > +F: configs/ls1046aqds_SECURE_BOOT_defconfig > diff --git a/board/freescale/ls1046aqds/ls1046aqds.c b/board/freescale/ls1046aqds/ls1046aqds.c > index 8c18538..a418590 100644 > --- a/board/freescale/ls1046aqds/ls1046aqds.c > +++ b/board/freescale/ls1046aqds/ls1046aqds.c > @@ -20,6 +20,7 @@ > #include <fsl_csu.h> > #include <fsl_esdhc.h> > #include <fsl_ifc.h> > +#include <fsl_sec.h> > #include <spl.h> > > #include "../common/vid.h" > @@ -242,6 +243,23 @@ int board_init(void) > if (adjust_vdd(0)) > printf("Warning: Adjusting core voltage failed.\n"); > > +#ifdef CONFIG_SECURE_BOOT > + /* In case of Secure Boot, the IBR configures the SMMU > + * to allow only Secure transactions. > + * SMMU must be reset in bypass mode. > + * Set the ClientPD bit and Clear the USFCFG Bit > + */ Multiple-line comment in wrong format. You just fixed some in your first patch. York ^ permalink raw reply [flat|nested] 8+ messages in thread
* [U-Boot] [PATCH v2 2/3] LS1046AQDS: Add NOR Secure Boot Target 2016-11-14 17:53 ` york sun @ 2016-11-15 4:50 ` Sumit Garg 0 siblings, 0 replies; 8+ messages in thread From: Sumit Garg @ 2016-11-15 4:50 UTC (permalink / raw) To: u-boot > -----Original Message----- > From: york sun > Sent: Monday, November 14, 2016 11:23 PM > To: Sumit Garg <sumit.garg@nxp.com>; u-boot at lists.denx.de > Cc: Ruchika Gupta <ruchika.gupta@nxp.com>; Prabhakar Kushwaha > <prabhakar.kushwaha@nxp.com>; Vini Pillai <vinitha.pillai@nxp.com> > Subject: Re: [PATCH v2 2/3] LS1046AQDS: Add NOR Secure Boot Target > > On 10/26/2016 03:47 AM, Sumit Garg wrote: > > Add NOR secure boot target. Also enable sec init. > > > > Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> > > Signed-off-by: Sumit Garg <sumit.garg@nxp.com> > > --- > > > > Changes in v2: > > Split patches logically from 2 to 3. > > > > board/freescale/ls1046aqds/MAINTAINERS | 4 ++++ > > board/freescale/ls1046aqds/ls1046aqds.c | 18 ++++++++++++++++++ > > configs/ls1046aqds_SECURE_BOOT_defconfig | 29 > > +++++++++++++++++++++++++++++ > > 3 files changed, 51 insertions(+) > > create mode 100644 configs/ls1046aqds_SECURE_BOOT_defconfig > > > > diff --git a/board/freescale/ls1046aqds/MAINTAINERS > > b/board/freescale/ls1046aqds/MAINTAINERS > > index b4549ae..6737d55 100644 > > --- a/board/freescale/ls1046aqds/MAINTAINERS > > +++ b/board/freescale/ls1046aqds/MAINTAINERS > > @@ -8,3 +8,7 @@ F: configs/ls1046aqds_nand_defconfig > > F: configs/ls1046aqds_sdcard_ifc_defconfig > > F: configs/ls1046aqds_sdcard_qspi_defconfig > > F: configs/ls1046aqds_qspi_defconfig > > + > > +M: Sumit Garg <sumit.garg@nxp.com> > > +S: Maintained > > +F: configs/ls1046aqds_SECURE_BOOT_defconfig > > diff --git a/board/freescale/ls1046aqds/ls1046aqds.c > > b/board/freescale/ls1046aqds/ls1046aqds.c > > index 8c18538..a418590 100644 > > --- a/board/freescale/ls1046aqds/ls1046aqds.c > > +++ b/board/freescale/ls1046aqds/ls1046aqds.c > > @@ -20,6 +20,7 @@ > > #include <fsl_csu.h> > > #include <fsl_esdhc.h> > > #include <fsl_ifc.h> > > +#include <fsl_sec.h> > > #include <spl.h> > > > > #include "../common/vid.h" > > @@ -242,6 +243,23 @@ int board_init(void) > > if (adjust_vdd(0)) > > printf("Warning: Adjusting core voltage failed.\n"); > > > > +#ifdef CONFIG_SECURE_BOOT > > + /* In case of Secure Boot, the IBR configures the SMMU > > + * to allow only Secure transactions. > > + * SMMU must be reset in bypass mode. > > + * Set the ClientPD bit and Clear the USFCFG Bit > > + */ > > Multiple-line comment in wrong format. You just fixed some in your first patch. > > York Sure I will fix this multi-line comment in next patch-set. -Sumit ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2016-11-15 4:50 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-10-26 20:17 [U-Boot] [PATCH v2 0/3] LS1046A secure boot target addition Sumit Garg 2016-10-26 16:16 ` Andreas Färber 2016-10-26 20:17 ` [U-Boot] [PATCH v2 1/3] SECURE_BOOT: Enable chain of trust on LS1046A platform Sumit Garg 2016-11-14 17:51 ` york sun 2016-11-15 4:49 ` Sumit Garg 2016-10-26 20:17 ` [U-Boot] [PATCH v2 2/3] LS1046AQDS: Add NOR Secure Boot Target Sumit Garg 2016-11-14 17:53 ` york sun 2016-11-15 4:50 ` Sumit Garg
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.