From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-11.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 96072C433F5 for ; Thu, 16 Sep 2021 08:53:01 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 7DCE660F25 for ; Thu, 16 Sep 2021 08:53:00 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 7DCE660F25 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=aspeedtech.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id CA499831E6; Thu, 16 Sep 2021 10:52:58 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=aspeedtech.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 9E0AC8310F; Thu, 16 Sep 2021 10:52:53 +0200 (CEST) Received: from twspam01.aspeedtech.com (twspam01.aspeedtech.com [211.20.114.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id D6A288310F for ; Thu, 16 Sep 2021 10:52:37 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=aspeedtech.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=chiawei_wang@aspeedtech.com Received: from mail.aspeedtech.com ([192.168.0.24]) by twspam01.aspeedtech.com with ESMTP id 18G8WMts006326; Thu, 16 Sep 2021 16:32:22 +0800 (GMT-8) (envelope-from chiawei_wang@aspeedtech.com) Received: from ChiaWeiWang-PC.aspeed.com (192.168.2.66) by TWMBX02.aspeed.com (192.168.0.24) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 16 Sep 2021 16:52:19 +0800 From: Chia-Wei Wang To: , , , CC: , , Subject: [PATCH next v4 00/11] aspeed: Support secure boot chain with FIT image verification Date: Thu, 16 Sep 2021 16:52:10 +0800 Message-ID: <20210916085221.6388-1-chiawei_wang@aspeedtech.com> X-Mailer: git-send-email 2.17.1 MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [192.168.2.66] X-ClientProxiedBy: TWMBX02.aspeed.com (192.168.0.24) To TWMBX02.aspeed.com (192.168.0.24) X-DNSRBL: X-MAIL: twspam01.aspeedtech.com 18G8WMts006326 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean This patch series intends to provide a secure boot chain from SPL to Linux kernel based on the hash and signature verification of FIT image paradigm. To improve the performance and save code size (SPL is limited to 64KB due to HW-RoT), the drviers of two HW crypto engine HACE and ACRY are also added for AST26xx SoCs. As HACE and ACRY can only access to DRAM space, additional configuration and boot command are also updated according to move each FIT image before its booting. In addition, the common code of FIT image hash algorithm lookup is also revised to leverage the HW accelerated calculation. v4: - add new DM_HASH based driver for Aspeed HACE - remove SPL board init, which was originally used to probe non-DM HACE driver - fix typo of ARCY to ACRY - refactor defconfig based on the new Kconfig of U-Boot next branch v3: - add SW work around for HACE HW DMA issue by resetting HACE - add reset control for HACE device tree node - sync all of the HACE error message to use debug() v2: - update commit authors Chia-Wei Wang (8): aspeed: ast2600: Enlarge SRAM size clk: ast2600: Add RSACLK control for ACRY crypto: aspeed: Add AST2600 ACRY support ARM: dts: ast2600: Add ACRY to device tree ast2600: spl: Locate load buffer in DRAM space configs: ast2600-evb: Enable SPL FIT support configs: aspeed: Make EXTRA_ENV_SETTINGS board specific configs: ast2600: Boot kernel FIT in DRAM Joel Stanley (2): clk: ast2600: Add YCLK control for HACE ARM: dts: ast2600: Add HACE to device tree Johnny Huang (1): crypto: aspeed: Add AST2600 HACE support arch/arm/dts/ast2600-evb.dts | 10 + arch/arm/dts/ast2600.dtsi | 17 + arch/arm/include/asm/arch-aspeed/platform.h | 2 +- .../arm/include/asm/arch-aspeed/scu_ast2600.h | 6 +- arch/arm/mach-aspeed/ast2600/spl.c | 9 +- configs/evb-ast2600_defconfig | 22 +- drivers/clk/aspeed/clk_ast2600.c | 38 ++ drivers/crypto/Kconfig | 2 + drivers/crypto/Makefile | 1 + drivers/crypto/aspeed/Kconfig | 20 + drivers/crypto/aspeed/Makefile | 2 + drivers/crypto/aspeed/aspeed_acry.c | 182 +++++++++ drivers/crypto/aspeed/aspeed_hace.c | 381 ++++++++++++++++++ drivers/crypto/hash/Kconfig | 8 + include/configs/aspeed-common.h | 9 - include/configs/evb_ast2500.h | 9 + include/configs/evb_ast2600.h | 16 + lib/rsa/Kconfig | 10 +- 18 files changed, 719 insertions(+), 25 deletions(-) create mode 100644 drivers/crypto/aspeed/Kconfig create mode 100644 drivers/crypto/aspeed/Makefile create mode 100644 drivers/crypto/aspeed/aspeed_acry.c create mode 100644 drivers/crypto/aspeed/aspeed_hace.c -- 2.17.1