From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-11.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D118CC07E95 for ; Tue, 13 Jul 2021 09:00:07 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D6CEC61260 for ; Tue, 13 Jul 2021 09:00:06 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D6CEC61260 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=aspeedtech.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 43E2A829EF; Tue, 13 Jul 2021 11:00:01 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=aspeedtech.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 76A20829EF; Tue, 13 Jul 2021 10:59:59 +0200 (CEST) Received: from twspam01.aspeedtech.com (twspam01.aspeedtech.com [211.20.114.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 8450D829C7 for ; Tue, 13 Jul 2021 10:59:56 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=aspeedtech.com Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=chiawei_wang@aspeedtech.com Received: from mail.aspeedtech.com ([192.168.0.24]) by twspam01.aspeedtech.com with ESMTP id 16D8hc59026652; Tue, 13 Jul 2021 16:43:38 +0800 (GMT-8) (envelope-from chiawei_wang@aspeedtech.com) Received: from ChiaWeiWang-PC.aspeed.com (192.168.2.66) by TWMBX02.aspeed.com (192.168.0.24) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 13 Jul 2021 16:59:36 +0800 From: Chia-Wei Wang To: , , , CC: Subject: [PATCH 00/14] aspeed: Support secure boot chain with FIT image verification Date: Tue, 13 Jul 2021 17:00:02 +0800 Message-ID: <20210713090016.2729-1-chiawei_wang@aspeedtech.com> X-Mailer: git-send-email 2.17.1 MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [192.168.2.66] X-ClientProxiedBy: TWMBX02.aspeed.com (192.168.0.24) To TWMBX02.aspeed.com (192.168.0.24) X-DNSRBL: X-MAIL: twspam01.aspeedtech.com 16D8hc59026652 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean This patch series intends to provide a secure boot chain from SPL to Linux kernel based on the hash and signature verification of FIT image paradigm. To improve the performance and save code size (SPL is limited to 64KB due to HW-RoT), the drviers of two HW crypto engine HACE and ARCY are also added for AST26xx SoCs. As HACE and ARCY can only access to DRAM space, additional configuration and boot command are also updated according to move each FIT image before its booting. In addition, the common code of FIT image hash algorithm lookup is also revised to leverage the HW accelerated calculation. Chia-Wei Wang (14): aspeed: ast2600: Enlarge SRAM size clk: ast2600: Add YCLK control for HACE crypto: aspeed: Add AST2600 HACE support ast2600: spl: Add HACE probing ARM: dts: ast2600: Add HACE to device tree common: fit: Use hash.c to call CRC/SHA function clk: ast2600: Add RSACLK control for ARCY crypto: aspeed: Add AST2600 ARCY support ast2600: spl: Add ARCY probing ARM: dts: ast2600: Add ARCY to device tree ast2600: spl: Locate load buffer in DRAM space configs: ast2600-evb: Enable SPL FIT support configs: aspeed: Make EXTRA_ENV_SETTINGS board specific configs: ast2600: Boot kernel FIT in DRAM arch/arm/dts/ast2600-evb.dts | 10 + arch/arm/dts/ast2600.dtsi | 17 ++ arch/arm/include/asm/arch-aspeed/platform.h | 2 +- .../arm/include/asm/arch-aspeed/scu_ast2600.h | 6 +- arch/arm/mach-aspeed/ast2600/spl.c | 29 +- common/image-fit.c | 35 +-- configs/evb-ast2600_defconfig | 26 +- drivers/clk/aspeed/clk_ast2600.c | 35 +++ drivers/crypto/Kconfig | 2 + drivers/crypto/Makefile | 1 + drivers/crypto/aspeed/Kconfig | 22 ++ drivers/crypto/aspeed/Makefile | 2 + drivers/crypto/aspeed/aspeed_arcy.c | 182 +++++++++++ drivers/crypto/aspeed/aspeed_hace.c | 288 ++++++++++++++++++ include/configs/aspeed-common.h | 9 - include/configs/evb_ast2500.h | 6 + include/configs/evb_ast2600.h | 13 + lib/rsa/Kconfig | 10 +- 18 files changed, 645 insertions(+), 50 deletions(-) create mode 100644 drivers/crypto/aspeed/Kconfig create mode 100644 drivers/crypto/aspeed/Makefile create mode 100644 drivers/crypto/aspeed/aspeed_arcy.c create mode 100644 drivers/crypto/aspeed/aspeed_hace.c -- 2.17.1