From: Scott Wood <scottwood@freescale.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [U-Boot, 1/2, v4] powerpc/mpc85xx: SECURE BOOT- NAND secure boot target for P3041
Date: Tue, 10 Mar 2015 13:33:57 -0500 [thread overview]
Message-ID: <1426012437.30327.25.camel@freescale.com> (raw)
In-Reply-To: <DM2PR0301MB1312893A710ADAE066FF1C16F0180@DM2PR0301MB1312.namprd03.prod.outlook.com>
On Tue, 2015-03-10 at 13:27 -0500, Bansal Aneesh-B39320 wrote:
>
>
> > -----Original Message-----
> > From: Wood Scott-B07421
> > Sent: Tuesday, March 10, 2015 11:29 PM
> > To: Bansal Aneesh-B39320
> > Cc: u-boot at lists.denx.de; Sun York-R58495; Gupta Ruchika-R66431;
> > Kushwaha Prabhakar-B32579
> > Subject: Re: [U-Boot, 1/2, v4] powerpc/mpc85xx: SECURE BOOT- NAND
> > secure boot target for P3041
> >
> > On Tue, 2015-03-10 at 12:52 -0500, Bansal Aneesh-B39320 wrote:
> > >
> > >
> > > > -----Original Message-----
> > > > From: Wood Scott-B07421
> > > > Sent: Tuesday, March 10, 2015 10:34 PM
> > > > To: Bansal Aneesh-B39320
> > > > Cc: u-boot at lists.denx.de; Sun York-R58495; Gupta Ruchika-R66431;
> > > > Kushwaha Prabhakar-B32579
> > > > Subject: Re: [U-Boot, 1/2, v4] powerpc/mpc85xx: SECURE BOOT- NAND
> > > > secure boot target for P3041
> > > >
> > > > On Tue, 2015-03-10 at 03:50 -0500, Bansal Aneesh-B39320 wrote:
> > > > > > -----Original Message-----
> > > > > > From: Wood Scott-B07421
> > > > > > Sent: Thursday, March 05, 2015 10:38 PM
> > > > > > To: Bansal Aneesh-B39320
> > > > > > Cc: u-boot at lists.denx.de; Sun York-R58495; Gupta Ruchika-R66431
> > > > > > Subject: Re: [U-Boot, 1/2, v4] powerpc/mpc85xx: SECURE BOOT-
> > > > > > NAND secure boot target for P3041
> > > > > >
> > > > > > On Thu, 2015-03-05 at 01:26 -0600, Bansal Aneesh-B39320 wrote:
> > > > > > > > -----Original Message-----
> > > > > > > > From: Wood Scott-B07421
> > > > > > > > Sent: Thursday, March 05, 2015 2:41 AM
> > > > > > > > To: Bansal Aneesh-B39320
> > > > > > > > Cc: u-boot at lists.denx.de; Sun York-R58495; Gupta
> > > > > > > > Ruchika-R66431
> > > > > > > > Subject: Re: [U-Boot, 1/2, v4] powerpc/mpc85xx: SECURE BOOT-
> > > > > > > > NAND secure boot target for P3041
> > > > > > > >
> > > > > > > > Where does the 3.5G limitation come from? Even if the
> > > > > > > > physical address needs to be elsewhere due to bootrom
> > > > > > > > constraints, we should be able to map it wherever we want in
> > > > > > > > the TLB once U-Boot takes
> > > > > > control.
> > > > > > > >
> > > > > > > The 3.5G limitation comes from BootROM in case of secure Boot.
> > > > > > > Initially U-Boot has to run from CPC configured as SRAM with
> > > > > > > address Within 3.5G. Once U-boot has relocated to DDR, we have
> > > > > > > removed the Corresponding TLB entry.
> > > > > >
> > > > > > Again, you could relocate the virtual address of L3 much earlier.
> > > > > >
> > > > > > -Scott
> > > > > >
> > > > > Are you suggesting the following:
> > > > > 1. PBI Commands to configure CPC as SRAM with address 0xBFF0_0000.
> > > > > 2. Compile U-boot with TEXT BASE as 0xFFF40000.
> > > > > 3. Copy the U-boot from NAND via PBI commands to CPC (SRAM) on
> > > > > address 0xBFF4_0000 4. The BootROM will validate the U-boot and
> > > > > transfer
> > > > the control to 0xBFFF_FFFC.
> > > > > 5. When U-boot is executing, then in the last 4K code, when
> > > > > shifting from
> > > > AS=0 to AS=1,
> > > > > we change the address of SRAM from 0xBFF0_0000 to 0xFFF0_0000.
> > > > > (Similar to what is done for NOR Boot)
> > > >
> > > > Something like that, except in step 5 it would only be changing the
> > > > virtual address, not the physical address (unless you can do a
> > > > similar trick as NOR does, to have the L3 cache repeat and cover both
> > addresses at once).
> > > >
> > > > -Scott
> > > >
> > > The problems that I see here are:
> > > 1. Can SRAM address be changed without disabling and re-configuring CPC
> > as SRAM ?
> >
> > Again, I'm only talking about changing the virtual address.
> >
> If we just change the virtual address to 0xFFF0_0000, how will it work?
> The SRAM address configured in CPC controller is 0xBFF0_0000.
> So, won't the CPC controller reject fetches with address 0xFFFx_xxxx.
It's a virtual address. The CPC will never see it.
> > Why is there a race condition? You can have two virtual addresses pointing at
> > the same physical address.
> >
> We can have two virtual addresses pointing to same physical address but we can't have
> two addresses for SRAM in CPC controller.
And you don't need to.
-Scott
prev parent reply other threads:[~2015-03-10 18:33 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-25 8:47 [U-Boot] [PATCH 1/2][v4] powerpc/mpc85xx: SECURE BOOT- NAND secure boot target for P3041 Aneesh Bansal
2015-02-25 22:13 ` [U-Boot] [U-Boot, 1/2, v4] " Scott Wood
2015-02-27 4:35 ` aneesh.bansal at freescale.com
2015-02-27 4:51 ` Scott Wood
2015-02-27 5:50 ` aneesh.bansal at freescale.com
[not found] ` <DM2PR0301MB1312F158483C1E890256AF58F0150@DM2PR0301MB1312.namprd03.prod.outlook.com>
2015-03-04 21:10 ` Scott Wood
2015-03-05 7:26 ` aneesh.bansal at freescale.com
2015-03-05 17:08 ` Scott Wood
2015-03-10 8:50 ` aneesh.bansal at freescale.com
2015-03-10 17:03 ` Scott Wood
2015-03-10 17:52 ` aneesh.bansal at freescale.com
2015-03-10 17:59 ` Scott Wood
2015-03-10 18:27 ` aneesh.bansal at freescale.com
2015-03-10 18:33 ` Scott Wood [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1426012437.30327.25.camel@freescale.com \
--to=scottwood@freescale.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox