[PATCH] ast2600: spl: Add boot mode detection
AST2600 supports boot from SPI(mmap), eMMC, and UART. This patch adds the boot mode detection and return the corresponding boot device type. Signed-off-by: Chia-Wei Wang --- .../arm/include/asm/arch-aspeed/scu_ast2600.h | 3 ++ arch/arm/mach-aspeed/ast2600/spl.c| 30 +++ 2 files changed, 33 insertions(+) diff --git a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h index 7c5aab98b6..251bfa269b 100644 --- a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h +++ b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h @@ -87,6 +87,9 @@ #define SCU_HWSTRAP1_CPU_FREQ_SHIFT8 #define SCU_HWSTRAP1_MAC2_INTF BIT(7) #define SCU_HWSTRAP1_MAC1_INTF BIT(6) +#define SCU_HWSTRAP1_BOOT_EMMC BIT(2) + +#define SCU_HWSTRAP2_BOOT_UART BIT(8) #define SCU_EFUSE_DIS_DP BIT(17) #define SCU_EFUSE_DIS_VGA BIT(14) diff --git a/arch/arm/mach-aspeed/ast2600/spl.c b/arch/arm/mach-aspeed/ast2600/spl.c index 6c49d6aede..53c8a15bf9 100644 --- a/arch/arm/mach-aspeed/ast2600/spl.c +++ b/arch/arm/mach-aspeed/ast2600/spl.c @@ -7,6 +7,7 @@ #include #include #include +#include #include #include #include @@ -21,8 +22,37 @@ void board_init_f(ulong dummy) dram_init(); } +/* + * Try to detect the boot mode. Fallback to the default, + * memory mapped SPI XIP booting if detection failed. + */ u32 spl_boot_device(void) { + int rc; + struct udevice *scu_dev; + struct ast2600_scu *scu; + + rc = uclass_get_device_by_driver(UCLASS_CLK, +DM_DRIVER_GET(aspeed_ast2600_scu), _dev); + if (rc) { + debug("%s: failed to get SCU driver\n", __func__); + goto out; + } + + scu = devfdt_get_addr_ptr(scu_dev); + if (IS_ERR_OR_NULL(scu)) { + debug("%s: failed to get SCU base\n", __func__); + goto out; + } + + /* boot from UART has higher priority */ + if (scu->hwstrap2 & SCU_HWSTRAP2_BOOT_UART) + return BOOT_DEVICE_UART; + + if (scu->hwstrap1 & SCU_HWSTRAP1_BOOT_EMMC) + return BOOT_DEVICE_MMC1; + +out: return BOOT_DEVICE_RAM; } -- 2.25.1
[PATCH] configs: ast2600: Move SPL bss section to DRAM space
The commit b583348ca8c8 ("image: fit: Align hash output buffers") places the hash output buffer at the .bss section. However, AST2600 by default executes SPL in the NOR flash XIP way. This results in the hash output cannot be written to the buffer as it is located at the R/X only region. We need to move the .bss section out of the SPL body to the DRAM space, where hash output can be written to. This patch includes: - Define the .bss section base and size - A new SPL linker script is added with a separate .bss region specified - Enable CONFIG_SPL_SEPARATE_BSS kconfig option Signed-off-by: Chia-Wei Wang --- arch/arm/mach-aspeed/ast2600/u-boot-spl.lds | 94 + configs/evb-ast2600_defconfig | 3 + include/configs/evb_ast2600.h | 3 + 3 files changed, 100 insertions(+) create mode 100644 arch/arm/mach-aspeed/ast2600/u-boot-spl.lds diff --git a/arch/arm/mach-aspeed/ast2600/u-boot-spl.lds b/arch/arm/mach-aspeed/ast2600/u-boot-spl.lds new file mode 100644 index 00..22b4e16d35 --- /dev/null +++ b/arch/arm/mach-aspeed/ast2600/u-boot-spl.lds @@ -0,0 +1,94 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Copyright (c) 2004-2008 Texas Instruments + * + * (C) Copyright 2002 + * Gary Jennejohn, DENX Software Engineering, + * + * (C) Copyright 2022 + * Chia-Wei Wang + */ + +MEMORY { .nor : ORIGIN = CONFIG_SPL_TEXT_BASE, + LENGTH = CONFIG_SPL_SIZE_LIMIT } +MEMORY { .bss : ORIGIN = CONFIG_SPL_BSS_START_ADDR, + LENGTH = CONFIG_SPL_BSS_MAX_SIZE } + +OUTPUT_FORMAT("elf32-littlearm", "elf32-littlearm", "elf32-littlearm") +OUTPUT_ARCH(arm) +ENTRY(_start) +SECTIONS +{ + . = 0x; + + . = ALIGN(4); + .text : + { + __image_copy_start = .; + *(.vectors) + CPUDIR/start.o (.text*) + *(.text*) + *(.glue*) + } > .nor + + . = ALIGN(4); + .rodata : { *(SORT_BY_ALIGNMENT(SORT_BY_NAME(.rodata*))) } > .nor + + . = ALIGN(4); + .data : { + *(.data*) + } > .nor + + . = ALIGN(4); + .u_boot_list : { + KEEP(*(SORT(.u_boot_list*))); + } > .nor + + . = ALIGN(4); + .binman_sym_table : { + __binman_sym_start = .; + KEEP(*(SORT(.binman_sym*))); + __binman_sym_end = .; + } > .nor + + . = ALIGN(4); + + __image_copy_end = .; + + .rel.dyn : { + __rel_dyn_start = .; + *(.rel*) + __rel_dyn_end = .; + } > .nor + + .end : + { + *(.__end) + } > .nor + + _image_binary_end = .; + + .bss : { + __bss_start = .; + *(.bss*) +. = ALIGN(4); + __bss_end = .; + } > .bss + + __bss_size = __bss_end - __bss_start; +} + +#if defined(IMAGE_MAX_SIZE) +ASSERT(__image_copy_end - __image_copy_start <= (IMAGE_MAX_SIZE), \ + "SPL image too big"); +#endif + +#if defined(CONFIG_SPL_BSS_MAX_SIZE) +ASSERT(__bss_end - __bss_start <= (CONFIG_SPL_BSS_MAX_SIZE), \ + "SPL image BSS too big"); +#endif + +#if defined(CONFIG_SPL_MAX_FOOTPRINT) +ASSERT(__bss_end - _start <= (CONFIG_SPL_MAX_FOOTPRINT), \ + "SPL image plus BSS too big"); +#endif diff --git a/configs/evb-ast2600_defconfig b/configs/evb-ast2600_defconfig index f84b723bbb..d19e1d79ec 100644 --- a/configs/evb-ast2600_defconfig +++ b/configs/evb-ast2600_defconfig @@ -1,6 +1,7 @@ CONFIG_ARM=y CONFIG_SYS_DCACHE_OFF=y CONFIG_SPL_SYS_THUMB_BUILD=y +CONFIG_SPL_LDSCRIPT="arch/arm/mach-aspeed/ast2600/u-boot-spl.lds" CONFIG_ARCH_ASPEED=y CONFIG_SYS_TEXT_BASE=0x8000 CONFIG_SYS_MALLOC_LEN=0x200 @@ -35,6 +36,8 @@ CONFIG_SPL_SIZE_LIMIT_SUBTRACT_MALLOC=y CONFIG_SPL_SYS_MALLOC_SIMPLE=y CONFIG_SPL_STACK_R=y CONFIG_SPL_STACK_R_MALLOC_SIMPLE_LEN=0x200 +CONFIG_SPL_SEPARATE_BSS=y +# CONFIG_TPL_SEPARATE_BSS is not set CONFIG_SPL_FIT_IMAGE_TINY=y CONFIG_SPL_DM_RESET=y CONFIG_SPL_RAM_SUPPORT=y diff --git a/include/configs/evb_ast2600.h b/include/configs/evb_ast2600.h index 3c2155da46..54abb29df9 100644 --- a/include/configs/evb_ast2600.h +++ b/include/configs/evb_ast2600.h @@ -10,6 +10,9 @@ #define CONFIG_SYS_UBOOT_BASE CONFIG_SYS_TEXT_BASE +#define CONFIG_SPL_BSS_START_ADDR 0x8300 +#define CONFIG_SPL_BSS_MAX_SIZE0x0100 + /* Misc */ #define STR_HELPER(s) #s #define STR(s) STR_HELPER(s) -- 2.25.1
[PATCH v8 12/12] configs: ast2600: Boot kernel FIT in DRAM
AST2600 leverages the FIT hash/signature verification to fulfill secure boot trust chain. To improve the performance and save SW code size for those crypto operations, the two HW crypto engine, HACE and ACRY, are enabled. However, both of the engines can only access to data stored in DRAM space. Therefore, we need to move the FIT image into DRAM before the booting. This patch update the CONFIG_BOOTCOMMAND to execute the pre-defined ENV variable which consists of FIT image copy to memory and booting. Signed-off-by: Chia-Wei Wang --- configs/evb-ast2600_defconfig | 2 +- include/configs/evb_ast2600.h | 7 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/configs/evb-ast2600_defconfig b/configs/evb-ast2600_defconfig index eba6940ec1..abb156f13e 100644 --- a/configs/evb-ast2600_defconfig +++ b/configs/evb-ast2600_defconfig @@ -27,7 +27,7 @@ CONFIG_SPL_LOAD_FIT_ADDRESS=0x1 CONFIG_USE_BOOTARGS=y CONFIG_BOOTARGS="console=ttyS4,115200n8 root=/dev/ram rw" CONFIG_USE_BOOTCOMMAND=y -CONFIG_BOOTCOMMAND="bootm 2010" +CONFIG_BOOTCOMMAND="run bootspi" # CONFIG_DISPLAY_CPUINFO is not set CONFIG_SPL_SIZE_LIMIT_SUBTRACT_GD=y CONFIG_SPL_SIZE_LIMIT_SUBTRACT_MALLOC=y diff --git a/include/configs/evb_ast2600.h b/include/configs/evb_ast2600.h index 3805091d7c..9049a9fc10 100644 --- a/include/configs/evb_ast2600.h +++ b/include/configs/evb_ast2600.h @@ -14,7 +14,14 @@ #define CONFIG_SYS_LOAD_ADDR 0x8300 /* Misc */ +#define STR_HELPER(s) #s +#define STR(s) STR_HELPER(s) + #define CONFIG_EXTRA_ENV_SETTINGS \ + "loadaddr=" STR(CONFIG_SYS_LOAD_ADDR) "\0" \ + "bootspi=fdt addr 2010 && fdt header get fitsize totalsize && " \ + "cp.b 2010 ${loadaddr} ${fitsize} && bootm; " \ + "echo Error loading kernel FIT image\0" \ "" #endif /* __CONFIG_H */ -- 2.25.1
[PATCH v8 10/12] configs: ast2600-evb: Enable SPL FIT support
Enable SPL FIT image load and verification support. The HW accelerated SHA is also available with the newly added support of the HACE HW hash engine. The SPL thumb build is also enabled to keep the binary less than 64KB to fit into the Aspeed secure boot design. Signed-off-by: Chia-Wei Wang Reviewed-by: Joel Stanley --- configs/evb-ast2600_defconfig | 20 +--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/configs/evb-ast2600_defconfig b/configs/evb-ast2600_defconfig index 56ab885d9b..eba6940ec1 100644 --- a/configs/evb-ast2600_defconfig +++ b/configs/evb-ast2600_defconfig @@ -1,7 +1,8 @@ CONFIG_ARM=y CONFIG_SYS_DCACHE_OFF=y +CONFIG_SPL_SYS_THUMB_BUILD=y CONFIG_ARCH_ASPEED=y -CONFIG_SYS_TEXT_BASE=0x1 +CONFIG_SYS_TEXT_BASE=0x8000 CONFIG_ASPEED_AST2600=y CONFIG_TARGET_EVB_AST2600=y CONFIG_SPL_LIBCOMMON_SUPPORT=y @@ -12,13 +13,17 @@ CONFIG_ENV_SIZE=0x1 CONFIG_SYS_MALLOC_LEN=0x200 CONFIG_DEFAULT_DEVICE_TREE="ast2600-evb" CONFIG_SPL_SERIAL=y +CONFIG_SPL_STACK_R_ADDR=0x8300 CONFIG_SPL_SIZE_LIMIT=0x1 CONFIG_SPL=y # CONFIG_ARMV7_NONSEC is not set # CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set CONFIG_SYS_LOAD_ADDR=0x8300 CONFIG_FIT=y -# CONFIG_LEGACY_IMAGE_FORMAT is not set +CONFIG_SPL_FIT_SIGNATURE=y +CONFIG_SPL_LOAD_FIT=y +CONFIG_SPL_LOAD_FIT_ADDRESS=0x1 +# CONFIG_USE_SPL_FIT_GENERATOR is not set CONFIG_USE_BOOTARGS=y CONFIG_BOOTARGS="console=ttyS4,115200n8 root=/dev/ram rw" CONFIG_USE_BOOTCOMMAND=y @@ -26,8 +31,10 @@ CONFIG_BOOTCOMMAND="bootm 2010" # CONFIG_DISPLAY_CPUINFO is not set CONFIG_SPL_SIZE_LIMIT_SUBTRACT_GD=y CONFIG_SPL_SIZE_LIMIT_SUBTRACT_MALLOC=y -# CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set CONFIG_SPL_SYS_MALLOC_SIMPLE=y +CONFIG_SPL_STACK_R=y +CONFIG_SPL_STACK_R_MALLOC_SIMPLE_LEN=0x200 +CONFIG_SPL_FIT_IMAGE_TINY=y CONFIG_SPL_DM_RESET=y CONFIG_SPL_RAM_SUPPORT=y CONFIG_SPL_RAM_DEVICE=y @@ -47,6 +54,9 @@ CONFIG_REGMAP=y CONFIG_SPL_OF_TRANSLATE=y CONFIG_CLK=y CONFIG_SPL_CLK=y +CONFIG_DM_HASH=y +CONFIG_HASH_ASPEED=y +CONFIG_ASPEED_ACRY=y CONFIG_DM_I2C=y CONFIG_MISC=y CONFIG_SPL_MISC=y @@ -65,5 +75,9 @@ CONFIG_SYS_NS16550=y CONFIG_SYSRESET=y CONFIG_SPL_SYSRESET=y CONFIG_WDT=y +CONFIG_SHA512_ALGO=y +CONFIG_SHA512=y +CONFIG_SHA384=y CONFIG_HEXDUMP=y # CONFIG_EFI_LOADER is not set +CONFIG_PHANDLE_CHECK_SEQ=y -- 2.25.1
[PATCH v8 11/12] configs: aspeed: Make EXTRA_ENV_SETTINGS board specific
Move CONFIG_EXTRA_ENV_SETTINGS to board-specific configuration headers. Signed-off-by: Chia-Wei Wang --- include/configs/aspeed-common.h | 9 - include/configs/evb_ast2500.h | 7 +++ include/configs/evb_ast2600.h | 7 +++ 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/include/configs/aspeed-common.h b/include/configs/aspeed-common.h index 5177bf20fa..96526e1a75 100644 --- a/include/configs/aspeed-common.h +++ b/include/configs/aspeed-common.h @@ -38,13 +38,4 @@ */ #define CONFIG_BOOTP_BOOTFILESIZE -/* - * Miscellaneous configurable options - */ - -#define CONFIG_EXTRA_ENV_SETTINGS \ - "verify=yes\0" \ - "spi_dma=yes\0" \ - "" - #endif /* __AST_COMMON_CONFIG_H */ diff --git a/include/configs/evb_ast2500.h b/include/configs/evb_ast2500.h index dc032c1a41..558d6f9452 100644 --- a/include/configs/evb_ast2500.h +++ b/include/configs/evb_ast2500.h @@ -13,4 +13,11 @@ #define CONFIG_SYS_UBOOT_BASE CONFIG_SYS_TEXT_BASE +/* Memory Info */ +#define CONFIG_SYS_LOAD_ADDR 0x8300 + +/* Misc */ +#define CONFIG_EXTRA_ENV_SETTINGS \ + "" + #endif /* __CONFIG_H */ diff --git a/include/configs/evb_ast2600.h b/include/configs/evb_ast2600.h index 177a52eb91..3805091d7c 100644 --- a/include/configs/evb_ast2600.h +++ b/include/configs/evb_ast2600.h @@ -10,4 +10,11 @@ #define CONFIG_SYS_UBOOT_BASE CONFIG_SYS_TEXT_BASE +/* Memory Info */ +#define CONFIG_SYS_LOAD_ADDR 0x8300 + +/* Misc */ +#define CONFIG_EXTRA_ENV_SETTINGS \ + "" + #endif /* __CONFIG_H */ -- 2.25.1
[PATCH v8 07/12] crypto: aspeed: Add AST2600 ACRY support
ACRY is designed to accelerate ECC/RSA digital signature generation and verification. Signed-off-by: Chia-Wei Wang --- drivers/crypto/aspeed/Kconfig | 10 ++ drivers/crypto/aspeed/Makefile | 1 + drivers/crypto/aspeed/aspeed_acry.c | 190 lib/rsa/Kconfig | 10 +- 4 files changed, 210 insertions(+), 1 deletion(-) create mode 100644 drivers/crypto/aspeed/aspeed_acry.c diff --git a/drivers/crypto/aspeed/Kconfig b/drivers/crypto/aspeed/Kconfig index 471c06f986..9bf317177a 100644 --- a/drivers/crypto/aspeed/Kconfig +++ b/drivers/crypto/aspeed/Kconfig @@ -8,3 +8,13 @@ config ASPEED_HACE Enabling this allows the use of SHA operations in hardware without requiring the SHA software implementations. It also improves performance and saves code size. + +config ASPEED_ACRY + bool "ASPEED RSA and ECC Engine" + depends on ASPEED_AST2600 + help +Select this option to enable a driver for using the RSA/ECC engine in +the ASPEED BMC SoCs. + +Enabling this allows the use of RSA/ECC operations in hardware without requiring the +software implementations. It also improves performance and saves code size. diff --git a/drivers/crypto/aspeed/Makefile b/drivers/crypto/aspeed/Makefile index 84e6bfe82a..58b55fc46e 100644 --- a/drivers/crypto/aspeed/Makefile +++ b/drivers/crypto/aspeed/Makefile @@ -1 +1,2 @@ obj-$(CONFIG_ASPEED_HACE) += aspeed_hace.o +obj-$(CONFIG_ASPEED_ACRY) += aspeed_acry.o diff --git a/drivers/crypto/aspeed/aspeed_acry.c b/drivers/crypto/aspeed/aspeed_acry.c new file mode 100644 index 00..c28cdf374b --- /dev/null +++ b/drivers/crypto/aspeed/aspeed_acry.c @@ -0,0 +1,190 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright 2021 ASPEED Technology Inc. + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* ACRY register offsets */ +#define ACRY_CTRL1 0x00 +#define ACRY_CTRL1_RSA_DMA BIT(1) +#define ACRY_CTRL1_RSA_START BIT(0) +#define ACRY_CTRL2 0x44 +#define ACRY_CTRL3 0x48 +#define ACRY_CTRL3_SRAM_AHB_ACCESS BIT(8) +#define ACRY_CTRL3_ECC_RSA_MODE_MASK GENMASK(5, 4) +#define ACRY_CTRL3_ECC_RSA_MODE_SHIFT4 +#define ACRY_DMA_DRAM_SADDR0x4c +#define ACRY_DMA_DMEM_TADDR0x50 +#define ACRY_DMA_DMEM_TADDR_LEN_MASK GENMASK(15, 0) +#define ACRY_DMA_DMEM_TADDR_LEN_SHIFT0 +#define ACRY_RSA_PARAM 0x58 +#define ACRY_RSA_PARAM_EXP_MASK GENMASK(31, 16) +#define ACRY_RSA_PARAM_EXP_SHIFT 16 +#define ACRY_RSA_PARAM_MOD_MASK GENMASK(15, 0) +#define ACRY_RSA_PARAM_MOD_SHIFT 0 +#define ACRY_RSA_INT_EN0x3f8 +#define ACRY_RSA_INT_EN_RSA_READYBIT(2) +#define ACRY_RSA_INT_EN_RSA_CMPLTBIT(1) +#define ACRY_RSA_INT_STS 0x3fc +#define ACRY_RSA_INT_STS_RSA_READY BIT(2) +#define ACRY_RSA_INT_STS_RSA_CMPLT BIT(1) + +/* misc. constant */ +#define ACRY_ECC_MODE 2 +#define ACRY_RSA_MODE 3 +#define ACRY_CTX_BUFSZ 0x600 + +struct aspeed_acry { + phys_addr_t base; + phys_addr_t sram_base; /* internal sram */ + struct clk clk; +}; + +static int aspeed_acry_mod_exp(struct udevice *dev, const uint8_t *sig, uint32_t sig_len, + struct key_prop *prop, uint8_t *out) +{ + int i, j; + u8 *ctx; + u8 *ptr; + u32 reg; + struct aspeed_acry *acry = dev_get_priv(dev); + + ctx = memalign(16, ACRY_CTX_BUFSZ); + if (!ctx) + return -ENOMEM; + + memset(ctx, 0, ACRY_CTX_BUFSZ); + + ptr = (u8 *)prop->public_exponent; + for (i = prop->exp_len - 1, j = 0; i >= 0; --i) { + ctx[j] = ptr[i]; + j++; + j = (j % 16) ? j : j + 32; + } + + ptr = (u8 *)prop->modulus; + for (i = (prop->num_bits >> 3) - 1, j = 0; i >= 0; --i) { + ctx[j + 16] = ptr[i]; + j++; + j = (j % 16) ? j : j + 32; + } + + ptr = (u8 *)sig; + for (i = sig_len - 1, j = 0; i >= 0; --i) { + ctx[j + 32] = ptr[i]; + j++; + j = (j % 16) ? j : j + 32; + } + + writel((u32)ctx, acry->base + ACRY_DMA_DRAM_SADDR); + + reg = (((prop->exp_len << 3) << ACRY_RSA_PARAM_EXP_SHIFT) & ACRY_RSA_PARAM_EXP_MASK) | + ((prop->num_bits << ACRY_RSA_PARAM_MOD_SHIFT) & ACRY_RSA_PARAM_MOD_MASK); + writel(reg, acry->base + ACRY_RSA_PARAM); + + reg = (ACRY_CTX_BUFSZ << ACRY_DMA_DMEM_TADDR_LEN_SHIFT) & ACRY_DMA_DMEM_TADDR_LEN_MASK; + writel(reg, acry->base + ACRY_DMA_DMEM_TADDR); + + reg = (ACRY_RSA_MODE << ACRY_CTRL3_ECC_RSA_MODE_SHIFT) & ACRY_CTRL3_ECC_RSA_MODE_MASK; + writel(reg, acry->bas
[PATCH v8 08/12] ARM: dts: ast2600: Add ACRY to device tree
Add ACRY DTS node and enable it for AST2600 EVB. Signed-off-by: Chia-Wei Wang Reviewed-by: Joel Stanley --- arch/arm/dts/ast2600-evb.dts | 5 + arch/arm/dts/ast2600.dtsi| 9 + 2 files changed, 14 insertions(+) diff --git a/arch/arm/dts/ast2600-evb.dts b/arch/arm/dts/ast2600-evb.dts index adb80a30ef..05362d19bd 100644 --- a/arch/arm/dts/ast2600-evb.dts +++ b/arch/arm/dts/ast2600-evb.dts @@ -182,3 +182,8 @@ u-boot,dm-pre-reloc; status = "okay"; }; + + { + u-boot,dm-pre-reloc; + status = "okay"; +}; diff --git a/arch/arm/dts/ast2600.dtsi b/arch/arm/dts/ast2600.dtsi index b8fe966c7d..31905fd208 100644 --- a/arch/arm/dts/ast2600.dtsi +++ b/arch/arm/dts/ast2600.dtsi @@ -195,6 +195,15 @@ status = "disabled"; }; + acry: acry@1e6fa000 { + compatible = "aspeed,ast2600-acry"; + reg = <0x1e6fa000 0x1000>, + <0x1e71 0x1>; + interrupts = ; + clocks = < ASPEED_CLK_GATE_RSACLK>; + status = "disabled"; + }; + edac: sdram@1e6e { compatible = "aspeed,ast2600-sdram-edac"; reg = <0x1e6e 0x174>; -- 2.25.1
[PATCH v8 04/12] crypto: aspeed: Add AST2600 HACE support
From: Johnny Huang Hash and Crypto Engine (HACE) is designed to accelerate the throughput of hash data digest, and symmetric-key encryption. Signed-off-by: Johnny Huang Signed-off-by: Chia-Wei Wang --- drivers/crypto/Kconfig | 2 + drivers/crypto/Makefile | 1 + drivers/crypto/aspeed/Kconfig | 10 + drivers/crypto/aspeed/Makefile | 1 + drivers/crypto/aspeed/aspeed_hace.c | 381 drivers/crypto/hash/Kconfig | 8 + 6 files changed, 403 insertions(+) create mode 100644 drivers/crypto/aspeed/Kconfig create mode 100644 drivers/crypto/aspeed/Makefile create mode 100644 drivers/crypto/aspeed/aspeed_hace.c diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index 0082177c21..675081ecd3 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -4,4 +4,6 @@ source drivers/crypto/hash/Kconfig source drivers/crypto/fsl/Kconfig +source drivers/crypto/aspeed/Kconfig + endmenu diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile index e8bae43e3f..6b762565a1 100644 --- a/drivers/crypto/Makefile +++ b/drivers/crypto/Makefile @@ -7,3 +7,4 @@ obj-$(CONFIG_EXYNOS_ACE_SHA)+= ace_sha.o obj-y += rsa_mod_exp/ obj-y += fsl/ obj-y += hash/ +obj-y += aspeed/ diff --git a/drivers/crypto/aspeed/Kconfig b/drivers/crypto/aspeed/Kconfig new file mode 100644 index 00..471c06f986 --- /dev/null +++ b/drivers/crypto/aspeed/Kconfig @@ -0,0 +1,10 @@ +config ASPEED_HACE + bool "ASPEED Hash and Crypto Engine" + depends on DM_HASH + help + Select this option to enable a driver for using the SHA engine in + the ASPEED BMC SoCs. + + Enabling this allows the use of SHA operations in hardware without + requiring the SHA software implementations. It also improves performance + and saves code size. diff --git a/drivers/crypto/aspeed/Makefile b/drivers/crypto/aspeed/Makefile new file mode 100644 index 00..84e6bfe82a --- /dev/null +++ b/drivers/crypto/aspeed/Makefile @@ -0,0 +1 @@ +obj-$(CONFIG_ASPEED_HACE) += aspeed_hace.o diff --git a/drivers/crypto/aspeed/aspeed_hace.c b/drivers/crypto/aspeed/aspeed_hace.c new file mode 100644 index 00..1178cc6a76 --- /dev/null +++ b/drivers/crypto/aspeed/aspeed_hace.c @@ -0,0 +1,381 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright 2021 ASPEED Technology Inc. + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* register offsets*/ +#define HACE_STS 0x1C +#define HACE_HASH_DATA_OVF BIT(23) +#define HACE_HASH_INTBIT(9) +#define HACE_HASH_BUSY BIT(0) +#define HACE_HASH_DATA 0x20 +#define HACE_HASH_DIGEST 0x24 +#define HACE_HASH_HMAC_KEY 0x28 +#define HACE_HASH_DATA_LEN 0x2C +#define HACE_HASH_CMD 0x30 +#define HACE_HASH_MODE_ACCUM BIT(8) +#define HACE_HASH_ALGO_SHA1 BIT(5) +#define HACE_HASH_ALGO_SHA256(BIT(6) | BIT(4)) +#define HACE_HASH_ALGO_SHA384(BIT(10) | BIT(6) | BIT(5)) +#define HACE_HASH_ALGO_SHA512(BIT(6) | BIT(5)) +#define HACE_HASH_SHA_BE_EN BIT(3) + +/* buffer size based on SHA-512 need*/ +#define HASH_BLOCK_BUFSZ 128 +#define HASH_DIGEST_BUFSZ 64 + +struct aspeed_hace_ctx { + uint8_t digest[HASH_DIGEST_BUFSZ]; + + uint32_t cmd; + enum HASH_ALGO algo; + + uint32_t blk_size; + uint32_t pad_size; + uint64_t total[2]; + + uint8_t buf[HASH_BLOCK_BUFSZ]; + uint32_t buf_cnt; +} __aligned((8)); + +struct aspeed_hace { + phys_addr_t base; + struct clk clk; +}; + +static const uint32_t iv_sha1[8] = { + 0x01234567, 0x89abcdef, 0xfedcba98, 0x76543210, + 0xf0e1d2c3, 0, 0, 0 +}; + +static const uint32_t iv_sha256[8] = { + 0x67e6096a, 0x85ae67bb, 0x72f36e3c, 0x3af54fa5, + 0x7f520e51, 0x8c68059b, 0xabd9831f, 0x19cde05bUL +}; + +static const uint32_t iv_sha384[16] = { + 0x5d9dbbcb, 0xd89e05c1, 0x2a299a62, 0x07d57c36, + 0x5a015991, 0x17dd7030, 0xd8ec2f15, 0x39590ef7, + 0x67263367, 0x310bc0ff, 0x874ab48e, 0x11155868, + 0x0d2e0cdb, 0xa78ff964, 0x1d48b547, 0xa44ffabeUL +}; + +static const uint32_t iv_sha512[16] = { + 0x67e6096a, 0x08c9bcf3, 0x85ae67bb, 0x3ba7ca84, + 0x72f36e3c, 0x2bf894fe, 0x3af54fa5, 0xf1361d5f, + 0x7f520e51, 0xd182e6ad, 0x8c68059b, 0x1f6c3e2b, + 0xabd9831f, 0x6bbd41fb, 0x19cde05b, 0x79217e13UL +}; + +static int aspeed_hace_wait_completion(uint32_t reg, uint32_t flag, int timeout_us) +{ + uint32_t val; + + return readl_poll_timeout(reg, val, (val & flag) == flag, timeout_us); +} + +static int aspeed_hace_process(struct udevice *dev, void *ctx, const void *ibuf, uint32_t ilen) +{ + struct aspeed_hace *hace = de
[PATCH v8 09/12] ast2600: spl: Locate load buffer in DRAM space
Return CONFIG_SYS_LOAD_ADDR pointing to DRAM space for spl_get_load_buffer() to allow generic SPL image loading code (e.g. FIT and Ymodem) to store data in DRAM. Signed-off-by: Chia-Wei Wang Reviewed-by: Joel Stanley --- arch/arm/mach-aspeed/ast2600/spl.c | 9 + 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/arch/arm/mach-aspeed/ast2600/spl.c b/arch/arm/mach-aspeed/ast2600/spl.c index 0d8cb29678..6c49d6aede 100644 --- a/arch/arm/mach-aspeed/ast2600/spl.c +++ b/arch/arm/mach-aspeed/ast2600/spl.c @@ -28,14 +28,7 @@ u32 spl_boot_device(void) struct image_header *spl_get_load_buffer(ssize_t offset, size_t size) { - /* -* When boot from SPI, AST2600 already remap 0x ~ 0x0fff -* to BMC SPI memory space 0x2000 ~ 0x2fff. The next stage BL -* has been located in SPI for XIP. In this case, the load buffer for -* SPL image loading will be set to the remapped address of the next -* BL instead of the DRAM space CONFIG_SYS_LOAD_ADDR -*/ - return (struct image_header *)(CONFIG_SYS_TEXT_BASE); + return (struct image_header *)(CONFIG_SYS_LOAD_ADDR); } #ifdef CONFIG_SPL_OS_BOOT -- 2.25.1
[PATCH v8 06/12] clk: ast2600: Add RSACLK control for ACRY
Add RSACLK enable for ACRY, the HW RSA/ECC crypto engine of ASPEED AST2600 SoCs. Signed-off-by: Chia-Wei Wang --- .../arm/include/asm/arch-aspeed/scu_ast2600.h | 1 + drivers/clk/aspeed/clk_ast2600.c | 24 +++ 2 files changed, 25 insertions(+) diff --git a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h index d7b500f656..7c5aab98b6 100644 --- a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h +++ b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h @@ -8,6 +8,7 @@ #define SCU_UNLOCK_KEY 0x1688a8a8 #define SCU_CLKGATE1_EMMC BIT(27) +#define SCU_CLKGATE1_ACRY BIT(24) #define SCU_CLKGATE1_MAC2 BIT(21) #define SCU_CLKGATE1_MAC1 BIT(20) #define SCU_CLKGATE1_USB_HUB BIT(14) diff --git a/drivers/clk/aspeed/clk_ast2600.c b/drivers/clk/aspeed/clk_ast2600.c index 9871a6bdbf..42ca39421c 100644 --- a/drivers/clk/aspeed/clk_ast2600.c +++ b/drivers/clk/aspeed/clk_ast2600.c @@ -1018,6 +1018,7 @@ static ulong ast2600_enable_haceclk(struct ast2600_scu *scu) uint32_t reset_bit; uint32_t clkgate_bit; + /* share the same reset control bit with ACRY */ reset_bit = BIT(ASPEED_RESET_HACE); clkgate_bit = SCU_CLKGATE1_HACE; @@ -1032,6 +1033,26 @@ static ulong ast2600_enable_haceclk(struct ast2600_scu *scu) return 0; } +static ulong ast2600_enable_rsaclk(struct ast2600_scu *scu) +{ + uint32_t reset_bit; + uint32_t clkgate_bit; + + /* same reset control bit with HACE */ + reset_bit = BIT(ASPEED_RESET_HACE); + clkgate_bit = SCU_CLKGATE1_ACRY; + + /* +* we don't do reset assertion here as HACE +* shares the same reset control with ACRY +*/ + writel(clkgate_bit, >clkgate_clr1); + mdelay(20); + writel(reset_bit, >modrst_clr1); + + return 0; +} + static int ast2600_clk_enable(struct clk *clk) { struct ast2600_clk_priv *priv = dev_get_priv(clk->dev); @@ -1073,6 +1094,9 @@ static int ast2600_clk_enable(struct clk *clk) case ASPEED_CLK_GATE_YCLK: ast2600_enable_haceclk(priv->scu); break; + case ASPEED_CLK_GATE_RSACLK: + ast2600_enable_rsaclk(priv->scu); + break; default: pr_err("can't enable clk\n"); return -ENOENT; -- 2.25.1
[PATCH v8 05/12] ARM: dts: ast2600: Add HACE to device tree
From: Joel Stanley Add HACE DTS node and enable it for AST2600 EVB. Signed-off-by: Joel Stanley Signed-off-by: Chia-Wei Wang --- arch/arm/dts/ast2600-evb.dts | 5 + arch/arm/dts/ast2600.dtsi| 8 2 files changed, 13 insertions(+) diff --git a/arch/arm/dts/ast2600-evb.dts b/arch/arm/dts/ast2600-evb.dts index 2abd31341c..adb80a30ef 100644 --- a/arch/arm/dts/ast2600-evb.dts +++ b/arch/arm/dts/ast2600-evb.dts @@ -177,3 +177,8 @@ 0x08 0x04 0x08 0x04>; }; + + { + u-boot,dm-pre-reloc; + status = "okay"; +}; diff --git a/arch/arm/dts/ast2600.dtsi b/arch/arm/dts/ast2600.dtsi index f121f547e6..b8fe966c7d 100644 --- a/arch/arm/dts/ast2600.dtsi +++ b/arch/arm/dts/ast2600.dtsi @@ -187,6 +187,14 @@ }; }; + hace: hace@1e6d { + compatible = "aspeed,ast2600-hace"; + reg = <0x1e6d 0x200>; + interrupts = ; + clocks = < ASPEED_CLK_GATE_YCLK>; + status = "disabled"; + }; + edac: sdram@1e6e { compatible = "aspeed,ast2600-sdram-edac"; reg = <0x1e6e 0x174>; -- 2.25.1
[PATCH v8 03/12] clk: ast2600: Add YCLK control for HACE
From: Joel Stanley Add YCLK enable for HACE, the HW hash engine of ASPEED AST2600 SoCs. Signed-off-by: Joel Stanley Signed-off-by: Chia-Wei Wang --- .../arm/include/asm/arch-aspeed/scu_ast2600.h | 5 +++-- drivers/clk/aspeed/clk_ast2600.c | 22 +++ 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h index a205fb1f76..d7b500f656 100644 --- a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h +++ b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h @@ -10,8 +10,9 @@ #define SCU_CLKGATE1_EMMC BIT(27) #define SCU_CLKGATE1_MAC2 BIT(21) #define SCU_CLKGATE1_MAC1 BIT(20) -#define SCU_CLKGATE1_USB_HUB BIT(14) -#define SCU_CLKGATE1_USB_HOST2 BIT(7) +#define SCU_CLKGATE1_USB_HUB BIT(14) +#define SCU_CLKGATE1_HACE BIT(13) +#define SCU_CLKGATE1_USB_HOST2 BIT(7) #define SCU_CLKGATE2_FSI BIT(30) #define SCU_CLKGATE2_MAC4 BIT(21) diff --git a/drivers/clk/aspeed/clk_ast2600.c b/drivers/clk/aspeed/clk_ast2600.c index 3a92739f5c..9871a6bdbf 100644 --- a/drivers/clk/aspeed/clk_ast2600.c +++ b/drivers/clk/aspeed/clk_ast2600.c @@ -1013,6 +1013,25 @@ static ulong ast2600_enable_usbbhclk(struct ast2600_scu *scu) return 0; } +static ulong ast2600_enable_haceclk(struct ast2600_scu *scu) +{ + uint32_t reset_bit; + uint32_t clkgate_bit; + + reset_bit = BIT(ASPEED_RESET_HACE); + clkgate_bit = SCU_CLKGATE1_HACE; + + /* +* we don't do reset assertion here as HACE +* shares the same reset control with ACRY +*/ + writel(clkgate_bit, >clkgate_clr1); + mdelay(20); + writel(reset_bit, >modrst_clr1); + + return 0; +} + static int ast2600_clk_enable(struct clk *clk) { struct ast2600_clk_priv *priv = dev_get_priv(clk->dev); @@ -1051,6 +1070,9 @@ static int ast2600_clk_enable(struct clk *clk) case ASPEED_CLK_GATE_USBPORT2CLK: ast2600_enable_usbbhclk(priv->scu); break; + case ASPEED_CLK_GATE_YCLK: + ast2600_enable_haceclk(priv->scu); + break; default: pr_err("can't enable clk\n"); return -ENOENT; -- 2.25.1
[PATCH v8 02/12] aspeed: ast2600: Enlarge SRAM size
The AST2600 SRAM has been extended to 88KB since A1 chip revision. This patch updates the SRAM size to offer more space for early stack/heap use. Signed-off-by: Chia-Wei Wang Reviewed-by: Joel Stanley --- arch/arm/include/asm/arch-aspeed/platform.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/include/asm/arch-aspeed/platform.h b/arch/arm/include/asm/arch-aspeed/platform.h index d50ec5f8a9..589abd4a3f 100644 --- a/arch/arm/include/asm/arch-aspeed/platform.h +++ b/arch/arm/include/asm/arch-aspeed/platform.h @@ -17,7 +17,7 @@ #define ASPEED_MAC_COUNT 4 #define ASPEED_DRAM_BASE 0x8000 #define ASPEED_SRAM_BASE 0x1000 -#define ASPEED_SRAM_SIZE 0x1 +#define ASPEED_SRAM_SIZE 0x16000 #else #err "Unrecognized Aspeed platform." #endif -- 2.25.1
[PATCH v8 00/12] aspeed: Support secure boot chain with FIT image verification
This patch series intends to provide a secure boot chain from SPL to Linux kernel based on the hash and signature verification of FIT image paradigm. To improve the performance and save code size (SPL is limited to 64KB due to HW-RoT), the drviers of two HW crypto engine HACE and ACRY are also added for AST26xx SoCs. As HACE and ACRY can only access to DRAM space, additional configuration and boot command are also updated according to move each FIT image before its booting. In addition, the common code of FIT image hash algorithm lookup is also revised to leverage the HW accelerated calculation. v8: - include reviewers' tag - address comments suggested by Joel - move this patch series back to the master branch as DM_HASH has been merged v7: - fix missing interrupt status clear for ACRY RSA operation v6: - fix parameter comment for v5 update v5: - fix inconsistent parameter name due to parallel patch work v4: - add new DM_HASH based driver for Aspeed HACE - remove SPL board init, which was originally used to probe non-DM HACE driver - fix typo of ARCY to ACRY - refactor defconfig based on the new Kconfig of U-Boot next branch v3: - add SW work around for HACE HW DMA issue by resetting HACE - add reset control for HACE device tree node - sync all of the HACE error message to use debug() v2: - update commit authors Chia-Wei Wang (9): image: fit: Fix parameter name for hash algorithm aspeed: ast2600: Enlarge SRAM size clk: ast2600: Add RSACLK control for ACRY crypto: aspeed: Add AST2600 ACRY support ARM: dts: ast2600: Add ACRY to device tree ast2600: spl: Locate load buffer in DRAM space configs: ast2600-evb: Enable SPL FIT support configs: aspeed: Make EXTRA_ENV_SETTINGS board specific configs: ast2600: Boot kernel FIT in DRAM Joel Stanley (2): clk: ast2600: Add YCLK control for HACE ARM: dts: ast2600: Add HACE to device tree Johnny Huang (1): crypto: aspeed: Add AST2600 HACE support arch/arm/dts/ast2600-evb.dts | 10 + arch/arm/dts/ast2600.dtsi | 17 + arch/arm/include/asm/arch-aspeed/platform.h | 2 +- .../arm/include/asm/arch-aspeed/scu_ast2600.h | 6 +- arch/arm/mach-aspeed/ast2600/spl.c| 9 +- common/image-fit.c| 4 +- configs/evb-ast2600_defconfig | 22 +- drivers/clk/aspeed/clk_ast2600.c | 46 +++ drivers/crypto/Kconfig| 2 + drivers/crypto/Makefile | 1 + drivers/crypto/aspeed/Kconfig | 20 + drivers/crypto/aspeed/Makefile| 2 + drivers/crypto/aspeed/aspeed_acry.c | 190 + drivers/crypto/aspeed/aspeed_hace.c | 381 ++ drivers/crypto/hash/Kconfig | 8 + include/configs/aspeed-common.h | 9 - include/configs/evb_ast2500.h | 7 + include/configs/evb_ast2600.h | 14 + lib/rsa/Kconfig | 10 +- 19 files changed, 733 insertions(+), 27 deletions(-) create mode 100644 drivers/crypto/aspeed/Kconfig create mode 100644 drivers/crypto/aspeed/Makefile create mode 100644 drivers/crypto/aspeed/aspeed_acry.c create mode 100644 drivers/crypto/aspeed/aspeed_hace.c -- 2.25.1
[PATCH v8 01/12] image: fit: Fix parameter name for hash algorithm
Fix inconsistent function parameter name of the hash algorithm. Signed-off-by: Chia-Wei Wang Fixes: 92055e138f2 ("image: Drop if/elseif hash selection in calculate_hash()") Reviewed-by: Joel Stanley Reviewed-by: Simon Glass --- common/image-fit.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/common/image-fit.c b/common/image-fit.c index 33b4a46028..b629339f4e 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -1202,7 +1202,7 @@ int fit_set_timestamp(void *fit, int noffset, time_t timestamp) * calculate_hash - calculate and return hash for provided input data * @data: pointer to the input data * @data_len: data length - * @algo: requested hash algorithm + * @name: requested hash algorithm name * @value: pointer to the char, will hold hash value data (caller must * allocate enough free space) * value_len: length of the calculated hash @@ -1230,7 +1230,7 @@ int calculate_hash(const void *data, int data_len, const char *name, return -1; } - hash_algo = hash_algo_lookup_by_name(algo); + hash_algo = hash_algo_lookup_by_name(name); if (hash_algo == HASH_ALGO_INVALID) { debug("Unsupported hash algorithm\n"); return -1; -- 2.25.1
[PATCH next v7 08/12] ARM: dts: ast2600: Add ACRY to device tree
Add ACRY DTS node and enable it for AST2600 EVB. Signed-off-by: Chia-Wei Wang --- arch/arm/dts/ast2600-evb.dts | 5 + arch/arm/dts/ast2600.dtsi| 9 + 2 files changed, 14 insertions(+) diff --git a/arch/arm/dts/ast2600-evb.dts b/arch/arm/dts/ast2600-evb.dts index adb80a30ef..05362d19bd 100644 --- a/arch/arm/dts/ast2600-evb.dts +++ b/arch/arm/dts/ast2600-evb.dts @@ -182,3 +182,8 @@ u-boot,dm-pre-reloc; status = "okay"; }; + + { + u-boot,dm-pre-reloc; + status = "okay"; +}; diff --git a/arch/arm/dts/ast2600.dtsi b/arch/arm/dts/ast2600.dtsi index b8fe966c7d..31905fd208 100644 --- a/arch/arm/dts/ast2600.dtsi +++ b/arch/arm/dts/ast2600.dtsi @@ -195,6 +195,15 @@ status = "disabled"; }; + acry: acry@1e6fa000 { + compatible = "aspeed,ast2600-acry"; + reg = <0x1e6fa000 0x1000>, + <0x1e71 0x1>; + interrupts = ; + clocks = < ASPEED_CLK_GATE_RSACLK>; + status = "disabled"; + }; + edac: sdram@1e6e { compatible = "aspeed,ast2600-sdram-edac"; reg = <0x1e6e 0x174>; -- 2.17.1
[PATCH next v7 09/12] ast2600: spl: Locate load buffer in DRAM space
Return CONFIG_SYS_LOAD_ADDR pointing to DRAM space for spl_get_load_buffer() to allow generic SPL image loading code (e.g. FIT and Ymodem) to store data in DRAM. Signed-off-by: Chia-Wei Wang --- arch/arm/mach-aspeed/ast2600/spl.c | 9 + 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/arch/arm/mach-aspeed/ast2600/spl.c b/arch/arm/mach-aspeed/ast2600/spl.c index 0d8cb29678..6c49d6aede 100644 --- a/arch/arm/mach-aspeed/ast2600/spl.c +++ b/arch/arm/mach-aspeed/ast2600/spl.c @@ -28,14 +28,7 @@ u32 spl_boot_device(void) struct image_header *spl_get_load_buffer(ssize_t offset, size_t size) { - /* -* When boot from SPI, AST2600 already remap 0x ~ 0x0fff -* to BMC SPI memory space 0x2000 ~ 0x2fff. The next stage BL -* has been located in SPI for XIP. In this case, the load buffer for -* SPL image loading will be set to the remapped address of the next -* BL instead of the DRAM space CONFIG_SYS_LOAD_ADDR -*/ - return (struct image_header *)(CONFIG_SYS_TEXT_BASE); + return (struct image_header *)(CONFIG_SYS_LOAD_ADDR); } #ifdef CONFIG_SPL_OS_BOOT -- 2.17.1
[PATCH next v7 04/12] crypto: aspeed: Add AST2600 HACE support
From: Johnny Huang Hash and Crypto Engine (HACE) is designed to accelerate the throughput of hash data digest, and symmetric-key encryption. Signed-off-by: Johnny Huang Signed-off-by: Chia-Wei Wang --- drivers/crypto/Kconfig | 2 + drivers/crypto/Makefile | 1 + drivers/crypto/aspeed/Kconfig | 10 + drivers/crypto/aspeed/Makefile | 1 + drivers/crypto/aspeed/aspeed_hace.c | 381 drivers/crypto/hash/Kconfig | 8 + 6 files changed, 403 insertions(+) create mode 100644 drivers/crypto/aspeed/Kconfig create mode 100644 drivers/crypto/aspeed/Makefile create mode 100644 drivers/crypto/aspeed/aspeed_hace.c diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index 0082177c21..675081ecd3 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -4,4 +4,6 @@ source drivers/crypto/hash/Kconfig source drivers/crypto/fsl/Kconfig +source drivers/crypto/aspeed/Kconfig + endmenu diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile index e8bae43e3f..6b762565a1 100644 --- a/drivers/crypto/Makefile +++ b/drivers/crypto/Makefile @@ -7,3 +7,4 @@ obj-$(CONFIG_EXYNOS_ACE_SHA)+= ace_sha.o obj-y += rsa_mod_exp/ obj-y += fsl/ obj-y += hash/ +obj-y += aspeed/ diff --git a/drivers/crypto/aspeed/Kconfig b/drivers/crypto/aspeed/Kconfig new file mode 100644 index 00..471c06f986 --- /dev/null +++ b/drivers/crypto/aspeed/Kconfig @@ -0,0 +1,10 @@ +config ASPEED_HACE + bool "ASPEED Hash and Crypto Engine" + depends on DM_HASH + help + Select this option to enable a driver for using the SHA engine in + the ASPEED BMC SoCs. + + Enabling this allows the use of SHA operations in hardware without + requiring the SHA software implementations. It also improves performance + and saves code size. diff --git a/drivers/crypto/aspeed/Makefile b/drivers/crypto/aspeed/Makefile new file mode 100644 index 00..84e6bfe82a --- /dev/null +++ b/drivers/crypto/aspeed/Makefile @@ -0,0 +1 @@ +obj-$(CONFIG_ASPEED_HACE) += aspeed_hace.o diff --git a/drivers/crypto/aspeed/aspeed_hace.c b/drivers/crypto/aspeed/aspeed_hace.c new file mode 100644 index 00..1178cc6a76 --- /dev/null +++ b/drivers/crypto/aspeed/aspeed_hace.c @@ -0,0 +1,381 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright 2021 ASPEED Technology Inc. + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* register offsets*/ +#define HACE_STS 0x1C +#define HACE_HASH_DATA_OVF BIT(23) +#define HACE_HASH_INTBIT(9) +#define HACE_HASH_BUSY BIT(0) +#define HACE_HASH_DATA 0x20 +#define HACE_HASH_DIGEST 0x24 +#define HACE_HASH_HMAC_KEY 0x28 +#define HACE_HASH_DATA_LEN 0x2C +#define HACE_HASH_CMD 0x30 +#define HACE_HASH_MODE_ACCUM BIT(8) +#define HACE_HASH_ALGO_SHA1 BIT(5) +#define HACE_HASH_ALGO_SHA256(BIT(6) | BIT(4)) +#define HACE_HASH_ALGO_SHA384(BIT(10) | BIT(6) | BIT(5)) +#define HACE_HASH_ALGO_SHA512(BIT(6) | BIT(5)) +#define HACE_HASH_SHA_BE_EN BIT(3) + +/* buffer size based on SHA-512 need*/ +#define HASH_BLOCK_BUFSZ 128 +#define HASH_DIGEST_BUFSZ 64 + +struct aspeed_hace_ctx { + uint8_t digest[HASH_DIGEST_BUFSZ]; + + uint32_t cmd; + enum HASH_ALGO algo; + + uint32_t blk_size; + uint32_t pad_size; + uint64_t total[2]; + + uint8_t buf[HASH_BLOCK_BUFSZ]; + uint32_t buf_cnt; +} __aligned((8)); + +struct aspeed_hace { + phys_addr_t base; + struct clk clk; +}; + +static const uint32_t iv_sha1[8] = { + 0x01234567, 0x89abcdef, 0xfedcba98, 0x76543210, + 0xf0e1d2c3, 0, 0, 0 +}; + +static const uint32_t iv_sha256[8] = { + 0x67e6096a, 0x85ae67bb, 0x72f36e3c, 0x3af54fa5, + 0x7f520e51, 0x8c68059b, 0xabd9831f, 0x19cde05bUL +}; + +static const uint32_t iv_sha384[16] = { + 0x5d9dbbcb, 0xd89e05c1, 0x2a299a62, 0x07d57c36, + 0x5a015991, 0x17dd7030, 0xd8ec2f15, 0x39590ef7, + 0x67263367, 0x310bc0ff, 0x874ab48e, 0x11155868, + 0x0d2e0cdb, 0xa78ff964, 0x1d48b547, 0xa44ffabeUL +}; + +static const uint32_t iv_sha512[16] = { + 0x67e6096a, 0x08c9bcf3, 0x85ae67bb, 0x3ba7ca84, + 0x72f36e3c, 0x2bf894fe, 0x3af54fa5, 0xf1361d5f, + 0x7f520e51, 0xd182e6ad, 0x8c68059b, 0x1f6c3e2b, + 0xabd9831f, 0x6bbd41fb, 0x19cde05b, 0x79217e13UL +}; + +static int aspeed_hace_wait_completion(uint32_t reg, uint32_t flag, int timeout_us) +{ + uint32_t val; + + return readl_poll_timeout(reg, val, (val & flag) == flag, timeout_us); +} + +static int aspeed_hace_process(struct udevice *dev, void *ctx, const void *ibuf, uint32_t ilen) +{ + struct aspeed_hace *hace = de
[PATCH next v7 12/12] configs: ast2600: Boot kernel FIT in DRAM
AST2600 leverages the FIT hash/signature verification to fulfill secure boot trust chain. To improve the performance and save SW code size for those crypto operations, the two HW crypto engine, HACE and ACRY, are enabled. However, both of the engines can only access to data stored in DRAM space. Therefore, we need to move the FIT image into DRAM before the booting. This patch update the CONFIG_BOOTCOMMAND to execute the pre-defined ENV variable which consists of FIT image copy to memory and booting. Signed-off-by: Chia-Wei Wang --- configs/evb-ast2600_defconfig | 2 +- include/configs/evb_ast2600.h | 7 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/configs/evb-ast2600_defconfig b/configs/evb-ast2600_defconfig index eba6940ec1..abb156f13e 100644 --- a/configs/evb-ast2600_defconfig +++ b/configs/evb-ast2600_defconfig @@ -27,7 +27,7 @@ CONFIG_SPL_LOAD_FIT_ADDRESS=0x1 CONFIG_USE_BOOTARGS=y CONFIG_BOOTARGS="console=ttyS4,115200n8 root=/dev/ram rw" CONFIG_USE_BOOTCOMMAND=y -CONFIG_BOOTCOMMAND="bootm 2010" +CONFIG_BOOTCOMMAND="run bootspi" # CONFIG_DISPLAY_CPUINFO is not set CONFIG_SPL_SIZE_LIMIT_SUBTRACT_GD=y CONFIG_SPL_SIZE_LIMIT_SUBTRACT_MALLOC=y diff --git a/include/configs/evb_ast2600.h b/include/configs/evb_ast2600.h index d2aceb6663..83002db317 100644 --- a/include/configs/evb_ast2600.h +++ b/include/configs/evb_ast2600.h @@ -14,7 +14,14 @@ #define CONFIG_SYS_LOAD_ADDR 0x8300 /* Misc */ +#define STR_HELPER(s) #s +#define STR(s) STR_HELPER(s) + #define CONFIG_EXTRA_ENV_SETTINGS \ + "loadaddr=" STR(CONFIG_SYS_LOAD_ADDR) "\0" \ + "bootspi=fdt addr 2010 && fdt header get fitsize totalsize && " \ + "cp.b 2010 ${loadaddr} ${fitsize} && bootm; " \ + "echo Error loading kernel FIT image\0" \ "verify=yes\0" \ "spi_dma=yes\0" \ "" -- 2.17.1
[PATCH next v7 10/12] configs: ast2600-evb: Enable SPL FIT support
Enable SPL FIT image load and verification support. The HW accelerated SHA is also available with the newly added support of the HACE HW hash engine. The SPL thumb build is also enabled to keep the binary less than 64KB to fit into the Aspeed secure boot design. Signed-off-by: Chia-Wei Wang --- configs/evb-ast2600_defconfig | 20 +--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/configs/evb-ast2600_defconfig b/configs/evb-ast2600_defconfig index 56ab885d9b..eba6940ec1 100644 --- a/configs/evb-ast2600_defconfig +++ b/configs/evb-ast2600_defconfig @@ -1,7 +1,8 @@ CONFIG_ARM=y CONFIG_SYS_DCACHE_OFF=y +CONFIG_SPL_SYS_THUMB_BUILD=y CONFIG_ARCH_ASPEED=y -CONFIG_SYS_TEXT_BASE=0x1 +CONFIG_SYS_TEXT_BASE=0x8000 CONFIG_ASPEED_AST2600=y CONFIG_TARGET_EVB_AST2600=y CONFIG_SPL_LIBCOMMON_SUPPORT=y @@ -12,13 +13,17 @@ CONFIG_ENV_SIZE=0x1 CONFIG_SYS_MALLOC_LEN=0x200 CONFIG_DEFAULT_DEVICE_TREE="ast2600-evb" CONFIG_SPL_SERIAL=y +CONFIG_SPL_STACK_R_ADDR=0x8300 CONFIG_SPL_SIZE_LIMIT=0x1 CONFIG_SPL=y # CONFIG_ARMV7_NONSEC is not set # CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set CONFIG_SYS_LOAD_ADDR=0x8300 CONFIG_FIT=y -# CONFIG_LEGACY_IMAGE_FORMAT is not set +CONFIG_SPL_FIT_SIGNATURE=y +CONFIG_SPL_LOAD_FIT=y +CONFIG_SPL_LOAD_FIT_ADDRESS=0x1 +# CONFIG_USE_SPL_FIT_GENERATOR is not set CONFIG_USE_BOOTARGS=y CONFIG_BOOTARGS="console=ttyS4,115200n8 root=/dev/ram rw" CONFIG_USE_BOOTCOMMAND=y @@ -26,8 +31,10 @@ CONFIG_BOOTCOMMAND="bootm 2010" # CONFIG_DISPLAY_CPUINFO is not set CONFIG_SPL_SIZE_LIMIT_SUBTRACT_GD=y CONFIG_SPL_SIZE_LIMIT_SUBTRACT_MALLOC=y -# CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set CONFIG_SPL_SYS_MALLOC_SIMPLE=y +CONFIG_SPL_STACK_R=y +CONFIG_SPL_STACK_R_MALLOC_SIMPLE_LEN=0x200 +CONFIG_SPL_FIT_IMAGE_TINY=y CONFIG_SPL_DM_RESET=y CONFIG_SPL_RAM_SUPPORT=y CONFIG_SPL_RAM_DEVICE=y @@ -47,6 +54,9 @@ CONFIG_REGMAP=y CONFIG_SPL_OF_TRANSLATE=y CONFIG_CLK=y CONFIG_SPL_CLK=y +CONFIG_DM_HASH=y +CONFIG_HASH_ASPEED=y +CONFIG_ASPEED_ACRY=y CONFIG_DM_I2C=y CONFIG_MISC=y CONFIG_SPL_MISC=y @@ -65,5 +75,9 @@ CONFIG_SYS_NS16550=y CONFIG_SYSRESET=y CONFIG_SPL_SYSRESET=y CONFIG_WDT=y +CONFIG_SHA512_ALGO=y +CONFIG_SHA512=y +CONFIG_SHA384=y CONFIG_HEXDUMP=y # CONFIG_EFI_LOADER is not set +CONFIG_PHANDLE_CHECK_SEQ=y -- 2.17.1
[PATCH next v7 11/12] configs: aspeed: Make EXTRA_ENV_SETTINGS board specific
Move CONFIG_EXTRA_ENV_SETTINGS to board-specific configuration headers. Signed-off-by: Chia-Wei Wang --- include/configs/aspeed-common.h | 9 - include/configs/evb_ast2500.h | 9 + include/configs/evb_ast2600.h | 9 + 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/include/configs/aspeed-common.h b/include/configs/aspeed-common.h index 5177bf20fa..96526e1a75 100644 --- a/include/configs/aspeed-common.h +++ b/include/configs/aspeed-common.h @@ -38,13 +38,4 @@ */ #define CONFIG_BOOTP_BOOTFILESIZE -/* - * Miscellaneous configurable options - */ - -#define CONFIG_EXTRA_ENV_SETTINGS \ - "verify=yes\0" \ - "spi_dma=yes\0" \ - "" - #endif /* __AST_COMMON_CONFIG_H */ diff --git a/include/configs/evb_ast2500.h b/include/configs/evb_ast2500.h index dc032c1a41..a886fd941e 100644 --- a/include/configs/evb_ast2500.h +++ b/include/configs/evb_ast2500.h @@ -13,4 +13,13 @@ #define CONFIG_SYS_UBOOT_BASE CONFIG_SYS_TEXT_BASE +/* Memory Info */ +#define CONFIG_SYS_LOAD_ADDR 0x8300 + +/* Misc */ +#define CONFIG_EXTRA_ENV_SETTINGS \ + "verify=yes\0" \ + "spi_dma=yes\0" \ + "" + #endif /* __CONFIG_H */ diff --git a/include/configs/evb_ast2600.h b/include/configs/evb_ast2600.h index 177a52eb91..d2aceb6663 100644 --- a/include/configs/evb_ast2600.h +++ b/include/configs/evb_ast2600.h @@ -10,4 +10,13 @@ #define CONFIG_SYS_UBOOT_BASE CONFIG_SYS_TEXT_BASE +/* Memory Info */ +#define CONFIG_SYS_LOAD_ADDR 0x8300 + +/* Misc */ +#define CONFIG_EXTRA_ENV_SETTINGS \ + "verify=yes\0" \ + "spi_dma=yes\0" \ + "" + #endif /* __CONFIG_H */ -- 2.17.1
[PATCH next v7 07/12] crypto: aspeed: Add AST2600 ACRY support
ACRY is deisnged to accerlerate ECC/RSA digital signature generation and verification. Signed-off-by: Chia-Wei Wang --- drivers/crypto/aspeed/Kconfig | 10 ++ drivers/crypto/aspeed/Makefile | 1 + drivers/crypto/aspeed/aspeed_acry.c | 190 lib/rsa/Kconfig | 10 +- 4 files changed, 210 insertions(+), 1 deletion(-) create mode 100644 drivers/crypto/aspeed/aspeed_acry.c diff --git a/drivers/crypto/aspeed/Kconfig b/drivers/crypto/aspeed/Kconfig index 471c06f986..9bf317177a 100644 --- a/drivers/crypto/aspeed/Kconfig +++ b/drivers/crypto/aspeed/Kconfig @@ -8,3 +8,13 @@ config ASPEED_HACE Enabling this allows the use of SHA operations in hardware without requiring the SHA software implementations. It also improves performance and saves code size. + +config ASPEED_ACRY + bool "ASPEED RSA and ECC Engine" + depends on ASPEED_AST2600 + help +Select this option to enable a driver for using the RSA/ECC engine in +the ASPEED BMC SoCs. + +Enabling this allows the use of RSA/ECC operations in hardware without requiring the +software implementations. It also improves performance and saves code size. diff --git a/drivers/crypto/aspeed/Makefile b/drivers/crypto/aspeed/Makefile index 84e6bfe82a..58b55fc46e 100644 --- a/drivers/crypto/aspeed/Makefile +++ b/drivers/crypto/aspeed/Makefile @@ -1 +1,2 @@ obj-$(CONFIG_ASPEED_HACE) += aspeed_hace.o +obj-$(CONFIG_ASPEED_ACRY) += aspeed_acry.o diff --git a/drivers/crypto/aspeed/aspeed_acry.c b/drivers/crypto/aspeed/aspeed_acry.c new file mode 100644 index 00..c28cdf374b --- /dev/null +++ b/drivers/crypto/aspeed/aspeed_acry.c @@ -0,0 +1,190 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright 2021 ASPEED Technology Inc. + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* ACRY register offsets */ +#define ACRY_CTRL1 0x00 +#define ACRY_CTRL1_RSA_DMA BIT(1) +#define ACRY_CTRL1_RSA_START BIT(0) +#define ACRY_CTRL2 0x44 +#define ACRY_CTRL3 0x48 +#define ACRY_CTRL3_SRAM_AHB_ACCESS BIT(8) +#define ACRY_CTRL3_ECC_RSA_MODE_MASK GENMASK(5, 4) +#define ACRY_CTRL3_ECC_RSA_MODE_SHIFT4 +#define ACRY_DMA_DRAM_SADDR0x4c +#define ACRY_DMA_DMEM_TADDR0x50 +#define ACRY_DMA_DMEM_TADDR_LEN_MASK GENMASK(15, 0) +#define ACRY_DMA_DMEM_TADDR_LEN_SHIFT0 +#define ACRY_RSA_PARAM 0x58 +#define ACRY_RSA_PARAM_EXP_MASK GENMASK(31, 16) +#define ACRY_RSA_PARAM_EXP_SHIFT 16 +#define ACRY_RSA_PARAM_MOD_MASK GENMASK(15, 0) +#define ACRY_RSA_PARAM_MOD_SHIFT 0 +#define ACRY_RSA_INT_EN0x3f8 +#define ACRY_RSA_INT_EN_RSA_READYBIT(2) +#define ACRY_RSA_INT_EN_RSA_CMPLTBIT(1) +#define ACRY_RSA_INT_STS 0x3fc +#define ACRY_RSA_INT_STS_RSA_READY BIT(2) +#define ACRY_RSA_INT_STS_RSA_CMPLT BIT(1) + +/* misc. constant */ +#define ACRY_ECC_MODE 2 +#define ACRY_RSA_MODE 3 +#define ACRY_CTX_BUFSZ 0x600 + +struct aspeed_acry { + phys_addr_t base; + phys_addr_t sram_base; /* internal sram */ + struct clk clk; +}; + +static int aspeed_acry_mod_exp(struct udevice *dev, const uint8_t *sig, uint32_t sig_len, + struct key_prop *prop, uint8_t *out) +{ + int i, j; + u8 *ctx; + u8 *ptr; + u32 reg; + struct aspeed_acry *acry = dev_get_priv(dev); + + ctx = memalign(16, ACRY_CTX_BUFSZ); + if (!ctx) + return -ENOMEM; + + memset(ctx, 0, ACRY_CTX_BUFSZ); + + ptr = (u8 *)prop->public_exponent; + for (i = prop->exp_len - 1, j = 0; i >= 0; --i) { + ctx[j] = ptr[i]; + j++; + j = (j % 16) ? j : j + 32; + } + + ptr = (u8 *)prop->modulus; + for (i = (prop->num_bits >> 3) - 1, j = 0; i >= 0; --i) { + ctx[j + 16] = ptr[i]; + j++; + j = (j % 16) ? j : j + 32; + } + + ptr = (u8 *)sig; + for (i = sig_len - 1, j = 0; i >= 0; --i) { + ctx[j + 32] = ptr[i]; + j++; + j = (j % 16) ? j : j + 32; + } + + writel((u32)ctx, acry->base + ACRY_DMA_DRAM_SADDR); + + reg = (((prop->exp_len << 3) << ACRY_RSA_PARAM_EXP_SHIFT) & ACRY_RSA_PARAM_EXP_MASK) | + ((prop->num_bits << ACRY_RSA_PARAM_MOD_SHIFT) & ACRY_RSA_PARAM_MOD_MASK); + writel(reg, acry->base + ACRY_RSA_PARAM); + + reg = (ACRY_CTX_BUFSZ << ACRY_DMA_DMEM_TADDR_LEN_SHIFT) & ACRY_DMA_DMEM_TADDR_LEN_MASK; + writel(reg, acry->base + ACRY_DMA_DMEM_TADDR); + + reg = (ACRY_RSA_MODE << ACRY_CTRL3_ECC_RSA_MODE_SHIFT) & ACRY_CTRL3_ECC_RSA_MODE_MASK; + writel(reg, acry->bas
[PATCH next v7 05/12] ARM: dts: ast2600: Add HACE to device tree
From: Joel Stanley Add HACE DTS node and enable it for AST2600 EVB. Signed-off-by: Joel Stanley Signed-off-by: Chia-Wei Wang --- arch/arm/dts/ast2600-evb.dts | 5 + arch/arm/dts/ast2600.dtsi| 8 2 files changed, 13 insertions(+) diff --git a/arch/arm/dts/ast2600-evb.dts b/arch/arm/dts/ast2600-evb.dts index 2abd31341c..adb80a30ef 100644 --- a/arch/arm/dts/ast2600-evb.dts +++ b/arch/arm/dts/ast2600-evb.dts @@ -177,3 +177,8 @@ 0x08 0x04 0x08 0x04>; }; + + { + u-boot,dm-pre-reloc; + status = "okay"; +}; diff --git a/arch/arm/dts/ast2600.dtsi b/arch/arm/dts/ast2600.dtsi index f121f547e6..b8fe966c7d 100644 --- a/arch/arm/dts/ast2600.dtsi +++ b/arch/arm/dts/ast2600.dtsi @@ -187,6 +187,14 @@ }; }; + hace: hace@1e6d { + compatible = "aspeed,ast2600-hace"; + reg = <0x1e6d 0x200>; + interrupts = ; + clocks = < ASPEED_CLK_GATE_YCLK>; + status = "disabled"; + }; + edac: sdram@1e6e { compatible = "aspeed,ast2600-sdram-edac"; reg = <0x1e6e 0x174>; -- 2.17.1
[PATCH next v7 06/12] clk: ast2600: Add RSACLK control for ACRY
Add RSACLK enable for ACRY, the HW RSA/ECC crypto engine of ASPEED AST2600 SoCs. As ACRY and HACE share the same reset control bit, we do not perform the reset-hold-n-release operation during their clock ungating process. Instead, only reset release is conducted to prevent mutual interference. Signed-off-by: Chia-Wei Wang --- .../arm/include/asm/arch-aspeed/scu_ast2600.h | 1 + drivers/clk/aspeed/clk_ast2600.c | 22 +-- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h index d7b500f656..7c5aab98b6 100644 --- a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h +++ b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h @@ -8,6 +8,7 @@ #define SCU_UNLOCK_KEY 0x1688a8a8 #define SCU_CLKGATE1_EMMC BIT(27) +#define SCU_CLKGATE1_ACRY BIT(24) #define SCU_CLKGATE1_MAC2 BIT(21) #define SCU_CLKGATE1_MAC1 BIT(20) #define SCU_CLKGATE1_USB_HUB BIT(14) diff --git a/drivers/clk/aspeed/clk_ast2600.c b/drivers/clk/aspeed/clk_ast2600.c index 69128fd3c4..f6ebf824aa 100644 --- a/drivers/clk/aspeed/clk_ast2600.c +++ b/drivers/clk/aspeed/clk_ast2600.c @@ -1018,11 +1018,26 @@ static ulong ast2600_enable_haceclk(struct ast2600_scu *scu) uint32_t reset_bit; uint32_t clkgate_bit; + /* share the same reset control bit with ACRY */ reset_bit = BIT(ASPEED_RESET_HACE); clkgate_bit = SCU_CLKGATE1_HACE; - writel(reset_bit, >modrst_ctrl1); - udelay(100); + writel(clkgate_bit, >clkgate_clr1); + mdelay(20); + writel(reset_bit, >modrst_clr1); + + return 0; +} + +static ulong ast2600_enable_rsaclk(struct ast2600_scu *scu) +{ + uint32_t reset_bit; + uint32_t clkgate_bit; + + /* share the same reset control bit with HACE */ + reset_bit = BIT(ASPEED_RESET_HACE); + clkgate_bit = SCU_CLKGATE1_ACRY; + writel(clkgate_bit, >clkgate_clr1); mdelay(20); writel(reset_bit, >modrst_clr1); @@ -1071,6 +1086,9 @@ static int ast2600_clk_enable(struct clk *clk) case ASPEED_CLK_GATE_YCLK: ast2600_enable_haceclk(priv->scu); break; + case ASPEED_CLK_GATE_RSACLK: + ast2600_enable_rsaclk(priv->scu); + break; default: pr_err("can't enable clk\n"); return -ENOENT; -- 2.17.1
[PATCH next v7 03/12] clk: ast2600: Add YCLK control for HACE
From: Joel Stanley Add YCLK enable for HACE, the HW hash engine of ASPEED AST2600 SoCs. Signed-off-by: Joel Stanley Signed-off-by: Chia-Wei Wang --- .../arm/include/asm/arch-aspeed/scu_ast2600.h | 5 +++-- drivers/clk/aspeed/clk_ast2600.c | 20 +++ 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h index a205fb1f76..d7b500f656 100644 --- a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h +++ b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h @@ -10,8 +10,9 @@ #define SCU_CLKGATE1_EMMC BIT(27) #define SCU_CLKGATE1_MAC2 BIT(21) #define SCU_CLKGATE1_MAC1 BIT(20) -#define SCU_CLKGATE1_USB_HUB BIT(14) -#define SCU_CLKGATE1_USB_HOST2 BIT(7) +#define SCU_CLKGATE1_USB_HUB BIT(14) +#define SCU_CLKGATE1_HACE BIT(13) +#define SCU_CLKGATE1_USB_HOST2 BIT(7) #define SCU_CLKGATE2_FSI BIT(30) #define SCU_CLKGATE2_MAC4 BIT(21) diff --git a/drivers/clk/aspeed/clk_ast2600.c b/drivers/clk/aspeed/clk_ast2600.c index 3a92739f5c..69128fd3c4 100644 --- a/drivers/clk/aspeed/clk_ast2600.c +++ b/drivers/clk/aspeed/clk_ast2600.c @@ -1013,6 +1013,23 @@ static ulong ast2600_enable_usbbhclk(struct ast2600_scu *scu) return 0; } +static ulong ast2600_enable_haceclk(struct ast2600_scu *scu) +{ + uint32_t reset_bit; + uint32_t clkgate_bit; + + reset_bit = BIT(ASPEED_RESET_HACE); + clkgate_bit = SCU_CLKGATE1_HACE; + + writel(reset_bit, >modrst_ctrl1); + udelay(100); + writel(clkgate_bit, >clkgate_clr1); + mdelay(20); + writel(reset_bit, >modrst_clr1); + + return 0; +} + static int ast2600_clk_enable(struct clk *clk) { struct ast2600_clk_priv *priv = dev_get_priv(clk->dev); @@ -1051,6 +1068,9 @@ static int ast2600_clk_enable(struct clk *clk) case ASPEED_CLK_GATE_USBPORT2CLK: ast2600_enable_usbbhclk(priv->scu); break; + case ASPEED_CLK_GATE_YCLK: + ast2600_enable_haceclk(priv->scu); + break; default: pr_err("can't enable clk\n"); return -ENOENT; -- 2.17.1
[PATCH next v7 00/12] aspeed: Support secure boot chain with FIT image verification
This patch series intends to provide a secure boot chain from SPL to Linux kernel based on the hash and signature verification of FIT image paradigm. To improve the performance and save code size (SPL is limited to 64KB due to HW-RoT), the drviers of two HW crypto engine HACE and ACRY are also added for AST26xx SoCs. As HACE and ACRY can only access to DRAM space, additional configuration and boot command are also updated according to move each FIT image before its booting. In addition, the common code of FIT image hash algorithm lookup is also revised to leverage the HW accelerated calculation. v7: - fix missing interrupt status clear for ACRY RSA operation v6: - fix parameter comment for v5 update v5: - fix inconsistent parameter name due to parallel patch work v4: - add new DM_HASH based driver for Aspeed HACE - remove SPL board init, which was originally used to probe non-DM HACE driver - fix typo of ARCY to ACRY - refactor defconfig based on the new Kconfig of U-Boot next branch v3: - add SW work around for HACE HW DMA issue by resetting HACE - add reset control for HACE device tree node - sync all of the HACE error message to use debug() v2: - update commit authors Chia-Wei Wang (9): image: fit: Fix parameter name for hash algorithm aspeed: ast2600: Enlarge SRAM size clk: ast2600: Add RSACLK control for ACRY crypto: aspeed: Add AST2600 ACRY support ARM: dts: ast2600: Add ACRY to device tree ast2600: spl: Locate load buffer in DRAM space configs: ast2600-evb: Enable SPL FIT support configs: aspeed: Make EXTRA_ENV_SETTINGS board specific configs: ast2600: Boot kernel FIT in DRAM Joel Stanley (2): clk: ast2600: Add YCLK control for HACE ARM: dts: ast2600: Add HACE to device tree Johnny Huang (1): crypto: aspeed: Add AST2600 HACE support arch/arm/dts/ast2600-evb.dts | 10 + arch/arm/dts/ast2600.dtsi | 17 + arch/arm/include/asm/arch-aspeed/platform.h | 2 +- .../arm/include/asm/arch-aspeed/scu_ast2600.h | 6 +- arch/arm/mach-aspeed/ast2600/spl.c| 9 +- common/image-fit.c| 4 +- configs/evb-ast2600_defconfig | 22 +- drivers/clk/aspeed/clk_ast2600.c | 38 ++ drivers/crypto/Kconfig| 2 + drivers/crypto/Makefile | 1 + drivers/crypto/aspeed/Kconfig | 20 + drivers/crypto/aspeed/Makefile| 2 + drivers/crypto/aspeed/aspeed_acry.c | 190 + drivers/crypto/aspeed/aspeed_hace.c | 381 ++ drivers/crypto/hash/Kconfig | 8 + include/configs/aspeed-common.h | 9 - include/configs/evb_ast2500.h | 9 + include/configs/evb_ast2600.h | 16 + lib/rsa/Kconfig | 10 +- 19 files changed, 729 insertions(+), 27 deletions(-) create mode 100644 drivers/crypto/aspeed/Kconfig create mode 100644 drivers/crypto/aspeed/Makefile create mode 100644 drivers/crypto/aspeed/aspeed_acry.c create mode 100644 drivers/crypto/aspeed/aspeed_hace.c -- 2.17.1
[PATCH next v7 01/12] image: fit: Fix parameter name for hash algorithm
Fix inconsistent function parameter name of the hash algorithm. Signed-off-by: Chia-Wei Wang Fixes: 92055e138f2 ("image: Drop if/elseif hash selection in calculate_hash()") --- common/image-fit.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/common/image-fit.c b/common/image-fit.c index 5a0a0cc200..a53a2b5d6f 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -1201,7 +1201,7 @@ int fit_set_timestamp(void *fit, int noffset, time_t timestamp) * calculate_hash - calculate and return hash for provided input data * @data: pointer to the input data * @data_len: data length - * @algo: requested hash algorithm + * @name: requested hash algorithm name * @value: pointer to the char, will hold hash value data (caller must * allocate enough free space) * value_len: length of the calculated hash @@ -1229,7 +1229,7 @@ int calculate_hash(const void *data, int data_len, const char *name, return -1; } - hash_algo = hash_algo_lookup_by_name(algo); + hash_algo = hash_algo_lookup_by_name(name); if (hash_algo == HASH_ALGO_INVALID) { debug("Unsupported hash algorithm\n"); return -1; -- 2.17.1
[PATCH next v7 02/12] aspeed: ast2600: Enlarge SRAM size
The AST2600 SRAM has been extended to 88KB since A1 chip revision. This patch updates the SRAM size to offer more space for early stack/heap use. Signed-off-by: Chia-Wei Wang --- arch/arm/include/asm/arch-aspeed/platform.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/include/asm/arch-aspeed/platform.h b/arch/arm/include/asm/arch-aspeed/platform.h index d50ec5f8a9..589abd4a3f 100644 --- a/arch/arm/include/asm/arch-aspeed/platform.h +++ b/arch/arm/include/asm/arch-aspeed/platform.h @@ -17,7 +17,7 @@ #define ASPEED_MAC_COUNT 4 #define ASPEED_DRAM_BASE 0x8000 #define ASPEED_SRAM_BASE 0x1000 -#define ASPEED_SRAM_SIZE 0x1 +#define ASPEED_SRAM_SIZE 0x16000 #else #err "Unrecognized Aspeed platform." #endif -- 2.17.1
[PATCH next v6 11/12] configs: aspeed: Make EXTRA_ENV_SETTINGS board specific
Move CONFIG_EXTRA_ENV_SETTINGS to board-specific configuration headers. Signed-off-by: Chia-Wei Wang --- include/configs/aspeed-common.h | 9 - include/configs/evb_ast2500.h | 9 + include/configs/evb_ast2600.h | 9 + 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/include/configs/aspeed-common.h b/include/configs/aspeed-common.h index 5177bf20fa..96526e1a75 100644 --- a/include/configs/aspeed-common.h +++ b/include/configs/aspeed-common.h @@ -38,13 +38,4 @@ */ #define CONFIG_BOOTP_BOOTFILESIZE -/* - * Miscellaneous configurable options - */ - -#define CONFIG_EXTRA_ENV_SETTINGS \ - "verify=yes\0" \ - "spi_dma=yes\0" \ - "" - #endif /* __AST_COMMON_CONFIG_H */ diff --git a/include/configs/evb_ast2500.h b/include/configs/evb_ast2500.h index dc032c1a41..a886fd941e 100644 --- a/include/configs/evb_ast2500.h +++ b/include/configs/evb_ast2500.h @@ -13,4 +13,13 @@ #define CONFIG_SYS_UBOOT_BASE CONFIG_SYS_TEXT_BASE +/* Memory Info */ +#define CONFIG_SYS_LOAD_ADDR 0x8300 + +/* Misc */ +#define CONFIG_EXTRA_ENV_SETTINGS \ + "verify=yes\0" \ + "spi_dma=yes\0" \ + "" + #endif /* __CONFIG_H */ diff --git a/include/configs/evb_ast2600.h b/include/configs/evb_ast2600.h index 177a52eb91..d2aceb6663 100644 --- a/include/configs/evb_ast2600.h +++ b/include/configs/evb_ast2600.h @@ -10,4 +10,13 @@ #define CONFIG_SYS_UBOOT_BASE CONFIG_SYS_TEXT_BASE +/* Memory Info */ +#define CONFIG_SYS_LOAD_ADDR 0x8300 + +/* Misc */ +#define CONFIG_EXTRA_ENV_SETTINGS \ + "verify=yes\0" \ + "spi_dma=yes\0" \ + "" + #endif /* __CONFIG_H */ -- 2.17.1
[PATCH next v6 04/12] crypto: aspeed: Add AST2600 HACE support
From: Johnny Huang Hash and Crypto Engine (HACE) is designed to accelerate the throughput of hash data digest, and symmetric-key encryption. Signed-off-by: Johnny Huang Signed-off-by: Chia-Wei Wang --- drivers/crypto/Kconfig | 2 + drivers/crypto/Makefile | 1 + drivers/crypto/aspeed/Kconfig | 10 + drivers/crypto/aspeed/Makefile | 1 + drivers/crypto/aspeed/aspeed_hace.c | 381 drivers/crypto/hash/Kconfig | 8 + 6 files changed, 403 insertions(+) create mode 100644 drivers/crypto/aspeed/Kconfig create mode 100644 drivers/crypto/aspeed/Makefile create mode 100644 drivers/crypto/aspeed/aspeed_hace.c diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index 0082177c21..675081ecd3 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -4,4 +4,6 @@ source drivers/crypto/hash/Kconfig source drivers/crypto/fsl/Kconfig +source drivers/crypto/aspeed/Kconfig + endmenu diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile index e8bae43e3f..6b762565a1 100644 --- a/drivers/crypto/Makefile +++ b/drivers/crypto/Makefile @@ -7,3 +7,4 @@ obj-$(CONFIG_EXYNOS_ACE_SHA)+= ace_sha.o obj-y += rsa_mod_exp/ obj-y += fsl/ obj-y += hash/ +obj-y += aspeed/ diff --git a/drivers/crypto/aspeed/Kconfig b/drivers/crypto/aspeed/Kconfig new file mode 100644 index 00..471c06f986 --- /dev/null +++ b/drivers/crypto/aspeed/Kconfig @@ -0,0 +1,10 @@ +config ASPEED_HACE + bool "ASPEED Hash and Crypto Engine" + depends on DM_HASH + help + Select this option to enable a driver for using the SHA engine in + the ASPEED BMC SoCs. + + Enabling this allows the use of SHA operations in hardware without + requiring the SHA software implementations. It also improves performance + and saves code size. diff --git a/drivers/crypto/aspeed/Makefile b/drivers/crypto/aspeed/Makefile new file mode 100644 index 00..84e6bfe82a --- /dev/null +++ b/drivers/crypto/aspeed/Makefile @@ -0,0 +1 @@ +obj-$(CONFIG_ASPEED_HACE) += aspeed_hace.o diff --git a/drivers/crypto/aspeed/aspeed_hace.c b/drivers/crypto/aspeed/aspeed_hace.c new file mode 100644 index 00..1178cc6a76 --- /dev/null +++ b/drivers/crypto/aspeed/aspeed_hace.c @@ -0,0 +1,381 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright 2021 ASPEED Technology Inc. + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* register offsets*/ +#define HACE_STS 0x1C +#define HACE_HASH_DATA_OVF BIT(23) +#define HACE_HASH_INTBIT(9) +#define HACE_HASH_BUSY BIT(0) +#define HACE_HASH_DATA 0x20 +#define HACE_HASH_DIGEST 0x24 +#define HACE_HASH_HMAC_KEY 0x28 +#define HACE_HASH_DATA_LEN 0x2C +#define HACE_HASH_CMD 0x30 +#define HACE_HASH_MODE_ACCUM BIT(8) +#define HACE_HASH_ALGO_SHA1 BIT(5) +#define HACE_HASH_ALGO_SHA256(BIT(6) | BIT(4)) +#define HACE_HASH_ALGO_SHA384(BIT(10) | BIT(6) | BIT(5)) +#define HACE_HASH_ALGO_SHA512(BIT(6) | BIT(5)) +#define HACE_HASH_SHA_BE_EN BIT(3) + +/* buffer size based on SHA-512 need*/ +#define HASH_BLOCK_BUFSZ 128 +#define HASH_DIGEST_BUFSZ 64 + +struct aspeed_hace_ctx { + uint8_t digest[HASH_DIGEST_BUFSZ]; + + uint32_t cmd; + enum HASH_ALGO algo; + + uint32_t blk_size; + uint32_t pad_size; + uint64_t total[2]; + + uint8_t buf[HASH_BLOCK_BUFSZ]; + uint32_t buf_cnt; +} __aligned((8)); + +struct aspeed_hace { + phys_addr_t base; + struct clk clk; +}; + +static const uint32_t iv_sha1[8] = { + 0x01234567, 0x89abcdef, 0xfedcba98, 0x76543210, + 0xf0e1d2c3, 0, 0, 0 +}; + +static const uint32_t iv_sha256[8] = { + 0x67e6096a, 0x85ae67bb, 0x72f36e3c, 0x3af54fa5, + 0x7f520e51, 0x8c68059b, 0xabd9831f, 0x19cde05bUL +}; + +static const uint32_t iv_sha384[16] = { + 0x5d9dbbcb, 0xd89e05c1, 0x2a299a62, 0x07d57c36, + 0x5a015991, 0x17dd7030, 0xd8ec2f15, 0x39590ef7, + 0x67263367, 0x310bc0ff, 0x874ab48e, 0x11155868, + 0x0d2e0cdb, 0xa78ff964, 0x1d48b547, 0xa44ffabeUL +}; + +static const uint32_t iv_sha512[16] = { + 0x67e6096a, 0x08c9bcf3, 0x85ae67bb, 0x3ba7ca84, + 0x72f36e3c, 0x2bf894fe, 0x3af54fa5, 0xf1361d5f, + 0x7f520e51, 0xd182e6ad, 0x8c68059b, 0x1f6c3e2b, + 0xabd9831f, 0x6bbd41fb, 0x19cde05b, 0x79217e13UL +}; + +static int aspeed_hace_wait_completion(uint32_t reg, uint32_t flag, int timeout_us) +{ + uint32_t val; + + return readl_poll_timeout(reg, val, (val & flag) == flag, timeout_us); +} + +static int aspeed_hace_process(struct udevice *dev, void *ctx, const void *ibuf, uint32_t ilen) +{ + struct aspeed_hace *hace = de
[PATCH next v6 12/12] configs: ast2600: Boot kernel FIT in DRAM
AST2600 leverages the FIT hash/signature verification to fulfill secure boot trust chain. To improve the performance and save SW code size for those crypto operations, the two HW crypto engine, HACE and ACRY, are enabled. However, both of the engines can only access to data stored in DRAM space. Therefore, we need to move the FIT image into DRAM before the booting. This patch update the CONFIG_BOOTCOMMAND to execute the pre-defined ENV variable which consists of FIT image copy to memory and booting. Signed-off-by: Chia-Wei Wang --- configs/evb-ast2600_defconfig | 2 +- include/configs/evb_ast2600.h | 7 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/configs/evb-ast2600_defconfig b/configs/evb-ast2600_defconfig index eba6940ec1..abb156f13e 100644 --- a/configs/evb-ast2600_defconfig +++ b/configs/evb-ast2600_defconfig @@ -27,7 +27,7 @@ CONFIG_SPL_LOAD_FIT_ADDRESS=0x1 CONFIG_USE_BOOTARGS=y CONFIG_BOOTARGS="console=ttyS4,115200n8 root=/dev/ram rw" CONFIG_USE_BOOTCOMMAND=y -CONFIG_BOOTCOMMAND="bootm 2010" +CONFIG_BOOTCOMMAND="run bootspi" # CONFIG_DISPLAY_CPUINFO is not set CONFIG_SPL_SIZE_LIMIT_SUBTRACT_GD=y CONFIG_SPL_SIZE_LIMIT_SUBTRACT_MALLOC=y diff --git a/include/configs/evb_ast2600.h b/include/configs/evb_ast2600.h index d2aceb6663..83002db317 100644 --- a/include/configs/evb_ast2600.h +++ b/include/configs/evb_ast2600.h @@ -14,7 +14,14 @@ #define CONFIG_SYS_LOAD_ADDR 0x8300 /* Misc */ +#define STR_HELPER(s) #s +#define STR(s) STR_HELPER(s) + #define CONFIG_EXTRA_ENV_SETTINGS \ + "loadaddr=" STR(CONFIG_SYS_LOAD_ADDR) "\0" \ + "bootspi=fdt addr 2010 && fdt header get fitsize totalsize && " \ + "cp.b 2010 ${loadaddr} ${fitsize} && bootm; " \ + "echo Error loading kernel FIT image\0" \ "verify=yes\0" \ "spi_dma=yes\0" \ "" -- 2.17.1
[PATCH next v6 07/12] crypto: aspeed: Add AST2600 ACRY support
ACRY is deisnged to accerlerate ECC/RSA digital signature generation and verification. Signed-off-by: Chia-Wei Wang --- drivers/crypto/aspeed/Kconfig | 10 ++ drivers/crypto/aspeed/Makefile | 1 + drivers/crypto/aspeed/aspeed_acry.c | 182 lib/rsa/Kconfig | 10 +- 4 files changed, 202 insertions(+), 1 deletion(-) create mode 100644 drivers/crypto/aspeed/aspeed_acry.c diff --git a/drivers/crypto/aspeed/Kconfig b/drivers/crypto/aspeed/Kconfig index 471c06f986..9bf317177a 100644 --- a/drivers/crypto/aspeed/Kconfig +++ b/drivers/crypto/aspeed/Kconfig @@ -8,3 +8,13 @@ config ASPEED_HACE Enabling this allows the use of SHA operations in hardware without requiring the SHA software implementations. It also improves performance and saves code size. + +config ASPEED_ACRY + bool "ASPEED RSA and ECC Engine" + depends on ASPEED_AST2600 + help +Select this option to enable a driver for using the RSA/ECC engine in +the ASPEED BMC SoCs. + +Enabling this allows the use of RSA/ECC operations in hardware without requiring the +software implementations. It also improves performance and saves code size. diff --git a/drivers/crypto/aspeed/Makefile b/drivers/crypto/aspeed/Makefile index 84e6bfe82a..58b55fc46e 100644 --- a/drivers/crypto/aspeed/Makefile +++ b/drivers/crypto/aspeed/Makefile @@ -1 +1,2 @@ obj-$(CONFIG_ASPEED_HACE) += aspeed_hace.o +obj-$(CONFIG_ASPEED_ACRY) += aspeed_acry.o diff --git a/drivers/crypto/aspeed/aspeed_acry.c b/drivers/crypto/aspeed/aspeed_acry.c new file mode 100644 index 00..0b948f828a --- /dev/null +++ b/drivers/crypto/aspeed/aspeed_acry.c @@ -0,0 +1,182 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright 2021 ASPEED Technology Inc. + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* ACRY register offsets */ +#define ACRY_CTRL1 0x00 +#define ACRY_CTRL1_RSA_DMA BIT(1) +#define ACRY_CTRL1_RSA_START BIT(0) +#define ACRY_CTRL2 0x44 +#define ACRY_CTRL3 0x48 +#define ACRY_CTRL3_SRAM_AHB_ACCESS BIT(8) +#define ACRY_CTRL3_ECC_RSA_MODE_MASK GENMASK(5, 4) +#define ACRY_CTRL3_ECC_RSA_MODE_SHIFT4 +#define ACRY_DMA_DRAM_SADDR0x4c +#define ACRY_DMA_DMEM_TADDR0x50 +#define ACRY_DMA_DMEM_TADDR_LEN_MASK GENMASK(15, 0) +#define ACRY_DMA_DMEM_TADDR_LEN_SHIFT0 +#define ACRY_RSA_PARAM 0x58 +#define ACRY_RSA_PARAM_EXP_MASK GENMASK(31, 16) +#define ACRY_RSA_PARAM_EXP_SHIFT 16 +#define ACRY_RSA_PARAM_MOD_MASK GENMASK(15, 0) +#define ACRY_RSA_PARAM_MOD_SHIFT 0 +#define ACRY_RSA_INT_EN0x3f8 +#define ACRY_RSA_INT_EN_RSA_READYBIT(2) +#define ACRY_RSA_INT_EN_RSA_CMPLTBIT(1) +#define ACRY_RSA_INT_STS 0x3fc +#define ACRY_RSA_INT_STS_RSA_READY BIT(2) +#define ACRY_RSA_INT_STS_RSA_CMPLT BIT(1) + +/* misc. constant */ +#define ACRY_ECC_MODE 2 +#define ACRY_RSA_MODE 3 +#define ACRY_CTX_BUFSZ 0x600 + +struct aspeed_acry { + phys_addr_t base; + phys_addr_t sram_base; /* internal sram */ + struct clk clk; +}; + +static int aspeed_acry_mod_exp(struct udevice *dev, const uint8_t *sig, uint32_t sig_len, + struct key_prop *prop, uint8_t *out) +{ + int i, j; + u8 *ctx; + u8 *ptr; + u32 reg; + struct aspeed_acry *acry = dev_get_priv(dev); + + ctx = memalign(16, ACRY_CTX_BUFSZ); + if (!ctx) + return -ENOMEM; + + memset(ctx, 0, ACRY_CTX_BUFSZ); + + ptr = (u8 *)prop->public_exponent; + for (i = prop->exp_len - 1, j = 0; i >= 0; --i) { + ctx[j] = ptr[i]; + j++; + j = (j % 16) ? j : j + 32; + } + + ptr = (u8 *)prop->modulus; + for (i = (prop->num_bits >> 3) - 1, j = 0; i >= 0; --i) { + ctx[j + 16] = ptr[i]; + j++; + j = (j % 16) ? j : j + 32; + } + + ptr = (u8 *)sig; + for (i = sig_len - 1, j = 0; i >= 0; --i) { + ctx[j + 32] = ptr[i]; + j++; + j = (j % 16) ? j : j + 32; + } + + writel((u32)ctx, acry->base + ACRY_DMA_DRAM_SADDR); + + reg = (((prop->exp_len << 3) << ACRY_RSA_PARAM_EXP_SHIFT) & ACRY_RSA_PARAM_EXP_MASK) | + ((prop->num_bits << ACRY_RSA_PARAM_MOD_SHIFT) & ACRY_RSA_PARAM_MOD_MASK); + writel(reg, acry->base + ACRY_RSA_PARAM); + + reg = (ACRY_CTX_BUFSZ << ACRY_DMA_DMEM_TADDR_LEN_SHIFT) & ACRY_DMA_DMEM_TADDR_LEN_MASK; + writel(reg, acry->base + ACRY_DMA_DMEM_TADDR); + + reg = (ACRY_RSA_MODE << ACRY_CTRL3_ECC_RSA_MODE_SHIFT) & ACRY_CTRL3_ECC_RSA_MODE_MASK; + writel(reg, acry->bas
[PATCH next v6 09/12] ast2600: spl: Locate load buffer in DRAM space
Return CONFIG_SYS_LOAD_ADDR pointing to DRAM space for spl_get_load_buffer() to allow generic SPL image loading code (e.g. FIT and Ymodem) to store data in DRAM. Signed-off-by: Chia-Wei Wang --- arch/arm/mach-aspeed/ast2600/spl.c | 9 + 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/arch/arm/mach-aspeed/ast2600/spl.c b/arch/arm/mach-aspeed/ast2600/spl.c index 0d8cb29678..6c49d6aede 100644 --- a/arch/arm/mach-aspeed/ast2600/spl.c +++ b/arch/arm/mach-aspeed/ast2600/spl.c @@ -28,14 +28,7 @@ u32 spl_boot_device(void) struct image_header *spl_get_load_buffer(ssize_t offset, size_t size) { - /* -* When boot from SPI, AST2600 already remap 0x ~ 0x0fff -* to BMC SPI memory space 0x2000 ~ 0x2fff. The next stage BL -* has been located in SPI for XIP. In this case, the load buffer for -* SPL image loading will be set to the remapped address of the next -* BL instead of the DRAM space CONFIG_SYS_LOAD_ADDR -*/ - return (struct image_header *)(CONFIG_SYS_TEXT_BASE); + return (struct image_header *)(CONFIG_SYS_LOAD_ADDR); } #ifdef CONFIG_SPL_OS_BOOT -- 2.17.1
[PATCH next v6 08/12] ARM: dts: ast2600: Add ACRY to device tree
Add ACRY DTS node and enable it for AST2600 EVB. Signed-off-by: Chia-Wei Wang --- arch/arm/dts/ast2600-evb.dts | 5 + arch/arm/dts/ast2600.dtsi| 9 + 2 files changed, 14 insertions(+) diff --git a/arch/arm/dts/ast2600-evb.dts b/arch/arm/dts/ast2600-evb.dts index adb80a30ef..05362d19bd 100644 --- a/arch/arm/dts/ast2600-evb.dts +++ b/arch/arm/dts/ast2600-evb.dts @@ -182,3 +182,8 @@ u-boot,dm-pre-reloc; status = "okay"; }; + + { + u-boot,dm-pre-reloc; + status = "okay"; +}; diff --git a/arch/arm/dts/ast2600.dtsi b/arch/arm/dts/ast2600.dtsi index b8fe966c7d..31905fd208 100644 --- a/arch/arm/dts/ast2600.dtsi +++ b/arch/arm/dts/ast2600.dtsi @@ -195,6 +195,15 @@ status = "disabled"; }; + acry: acry@1e6fa000 { + compatible = "aspeed,ast2600-acry"; + reg = <0x1e6fa000 0x1000>, + <0x1e71 0x1>; + interrupts = ; + clocks = < ASPEED_CLK_GATE_RSACLK>; + status = "disabled"; + }; + edac: sdram@1e6e { compatible = "aspeed,ast2600-sdram-edac"; reg = <0x1e6e 0x174>; -- 2.17.1
[PATCH next v6 10/12] configs: ast2600-evb: Enable SPL FIT support
Enable SPL FIT image load and verification support. The HW accelerated SHA is also available with the newly added support of the HACE HW hash engine. The SPL thumb build is also enabled to keep the binary less than 64KB to fit into the Aspeed secure boot design. Signed-off-by: Chia-Wei Wang --- configs/evb-ast2600_defconfig | 20 +--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/configs/evb-ast2600_defconfig b/configs/evb-ast2600_defconfig index 56ab885d9b..eba6940ec1 100644 --- a/configs/evb-ast2600_defconfig +++ b/configs/evb-ast2600_defconfig @@ -1,7 +1,8 @@ CONFIG_ARM=y CONFIG_SYS_DCACHE_OFF=y +CONFIG_SPL_SYS_THUMB_BUILD=y CONFIG_ARCH_ASPEED=y -CONFIG_SYS_TEXT_BASE=0x1 +CONFIG_SYS_TEXT_BASE=0x8000 CONFIG_ASPEED_AST2600=y CONFIG_TARGET_EVB_AST2600=y CONFIG_SPL_LIBCOMMON_SUPPORT=y @@ -12,13 +13,17 @@ CONFIG_ENV_SIZE=0x1 CONFIG_SYS_MALLOC_LEN=0x200 CONFIG_DEFAULT_DEVICE_TREE="ast2600-evb" CONFIG_SPL_SERIAL=y +CONFIG_SPL_STACK_R_ADDR=0x8300 CONFIG_SPL_SIZE_LIMIT=0x1 CONFIG_SPL=y # CONFIG_ARMV7_NONSEC is not set # CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set CONFIG_SYS_LOAD_ADDR=0x8300 CONFIG_FIT=y -# CONFIG_LEGACY_IMAGE_FORMAT is not set +CONFIG_SPL_FIT_SIGNATURE=y +CONFIG_SPL_LOAD_FIT=y +CONFIG_SPL_LOAD_FIT_ADDRESS=0x1 +# CONFIG_USE_SPL_FIT_GENERATOR is not set CONFIG_USE_BOOTARGS=y CONFIG_BOOTARGS="console=ttyS4,115200n8 root=/dev/ram rw" CONFIG_USE_BOOTCOMMAND=y @@ -26,8 +31,10 @@ CONFIG_BOOTCOMMAND="bootm 2010" # CONFIG_DISPLAY_CPUINFO is not set CONFIG_SPL_SIZE_LIMIT_SUBTRACT_GD=y CONFIG_SPL_SIZE_LIMIT_SUBTRACT_MALLOC=y -# CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set CONFIG_SPL_SYS_MALLOC_SIMPLE=y +CONFIG_SPL_STACK_R=y +CONFIG_SPL_STACK_R_MALLOC_SIMPLE_LEN=0x200 +CONFIG_SPL_FIT_IMAGE_TINY=y CONFIG_SPL_DM_RESET=y CONFIG_SPL_RAM_SUPPORT=y CONFIG_SPL_RAM_DEVICE=y @@ -47,6 +54,9 @@ CONFIG_REGMAP=y CONFIG_SPL_OF_TRANSLATE=y CONFIG_CLK=y CONFIG_SPL_CLK=y +CONFIG_DM_HASH=y +CONFIG_HASH_ASPEED=y +CONFIG_ASPEED_ACRY=y CONFIG_DM_I2C=y CONFIG_MISC=y CONFIG_SPL_MISC=y @@ -65,5 +75,9 @@ CONFIG_SYS_NS16550=y CONFIG_SYSRESET=y CONFIG_SPL_SYSRESET=y CONFIG_WDT=y +CONFIG_SHA512_ALGO=y +CONFIG_SHA512=y +CONFIG_SHA384=y CONFIG_HEXDUMP=y # CONFIG_EFI_LOADER is not set +CONFIG_PHANDLE_CHECK_SEQ=y -- 2.17.1
[PATCH next v6 06/12] clk: ast2600: Add RSACLK control for ACRY
Add RSACLK enable for ACRY, the HW RSA/ECC crypto engine of ASPEED AST2600 SoCs. As ACRY and HACE share the same reset control bit, we do not perform the reset-hold-n-release operation during their clock ungating process. Instead, only reset release is conducted to prevent mutual interference. Signed-off-by: Chia-Wei Wang --- .../arm/include/asm/arch-aspeed/scu_ast2600.h | 1 + drivers/clk/aspeed/clk_ast2600.c | 22 +-- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h index d7b500f656..7c5aab98b6 100644 --- a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h +++ b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h @@ -8,6 +8,7 @@ #define SCU_UNLOCK_KEY 0x1688a8a8 #define SCU_CLKGATE1_EMMC BIT(27) +#define SCU_CLKGATE1_ACRY BIT(24) #define SCU_CLKGATE1_MAC2 BIT(21) #define SCU_CLKGATE1_MAC1 BIT(20) #define SCU_CLKGATE1_USB_HUB BIT(14) diff --git a/drivers/clk/aspeed/clk_ast2600.c b/drivers/clk/aspeed/clk_ast2600.c index 69128fd3c4..f6ebf824aa 100644 --- a/drivers/clk/aspeed/clk_ast2600.c +++ b/drivers/clk/aspeed/clk_ast2600.c @@ -1018,11 +1018,26 @@ static ulong ast2600_enable_haceclk(struct ast2600_scu *scu) uint32_t reset_bit; uint32_t clkgate_bit; + /* share the same reset control bit with ACRY */ reset_bit = BIT(ASPEED_RESET_HACE); clkgate_bit = SCU_CLKGATE1_HACE; - writel(reset_bit, >modrst_ctrl1); - udelay(100); + writel(clkgate_bit, >clkgate_clr1); + mdelay(20); + writel(reset_bit, >modrst_clr1); + + return 0; +} + +static ulong ast2600_enable_rsaclk(struct ast2600_scu *scu) +{ + uint32_t reset_bit; + uint32_t clkgate_bit; + + /* share the same reset control bit with HACE */ + reset_bit = BIT(ASPEED_RESET_HACE); + clkgate_bit = SCU_CLKGATE1_ACRY; + writel(clkgate_bit, >clkgate_clr1); mdelay(20); writel(reset_bit, >modrst_clr1); @@ -1071,6 +1086,9 @@ static int ast2600_clk_enable(struct clk *clk) case ASPEED_CLK_GATE_YCLK: ast2600_enable_haceclk(priv->scu); break; + case ASPEED_CLK_GATE_RSACLK: + ast2600_enable_rsaclk(priv->scu); + break; default: pr_err("can't enable clk\n"); return -ENOENT; -- 2.17.1
[PATCH next v6 05/12] ARM: dts: ast2600: Add HACE to device tree
From: Joel Stanley Add HACE DTS node and enable it for AST2600 EVB. Signed-off-by: Joel Stanley Signed-off-by: Chia-Wei Wang --- arch/arm/dts/ast2600-evb.dts | 5 + arch/arm/dts/ast2600.dtsi| 8 2 files changed, 13 insertions(+) diff --git a/arch/arm/dts/ast2600-evb.dts b/arch/arm/dts/ast2600-evb.dts index 2abd31341c..adb80a30ef 100644 --- a/arch/arm/dts/ast2600-evb.dts +++ b/arch/arm/dts/ast2600-evb.dts @@ -177,3 +177,8 @@ 0x08 0x04 0x08 0x04>; }; + + { + u-boot,dm-pre-reloc; + status = "okay"; +}; diff --git a/arch/arm/dts/ast2600.dtsi b/arch/arm/dts/ast2600.dtsi index f121f547e6..b8fe966c7d 100644 --- a/arch/arm/dts/ast2600.dtsi +++ b/arch/arm/dts/ast2600.dtsi @@ -187,6 +187,14 @@ }; }; + hace: hace@1e6d { + compatible = "aspeed,ast2600-hace"; + reg = <0x1e6d 0x200>; + interrupts = ; + clocks = < ASPEED_CLK_GATE_YCLK>; + status = "disabled"; + }; + edac: sdram@1e6e { compatible = "aspeed,ast2600-sdram-edac"; reg = <0x1e6e 0x174>; -- 2.17.1
[PATCH next v6 00/12] aspeed: Support secure boot chain with FIT image verification
This patch series intends to provide a secure boot chain from SPL to Linux kernel based on the hash and signature verification of FIT image paradigm. To improve the performance and save code size (SPL is limited to 64KB due to HW-RoT), the drviers of two HW crypto engine HACE and ACRY are also added for AST26xx SoCs. As HACE and ACRY can only access to DRAM space, additional configuration and boot command are also updated according to move each FIT image before its booting. In addition, the common code of FIT image hash algorithm lookup is also revised to leverage the HW accelerated calculation. v6: - fix parameter comment for v5 update v5: - fix inconsistent parameter name due to parallel patch work v4: - add new DM_HASH based driver for Aspeed HACE - remove SPL board init, which was originally used to probe non-DM HACE driver - fix typo of ARCY to ACRY - refactor defconfig based on the new Kconfig of U-Boot next branch v3: - add SW work around for HACE HW DMA issue by resetting HACE - add reset control for HACE device tree node - sync all of the HACE error message to use debug() v2: - update commit authors Chia-Wei Wang (9): image: fit: Fix parameter name for hash algorithm aspeed: ast2600: Enlarge SRAM size clk: ast2600: Add RSACLK control for ACRY crypto: aspeed: Add AST2600 ACRY support ARM: dts: ast2600: Add ACRY to device tree ast2600: spl: Locate load buffer in DRAM space configs: ast2600-evb: Enable SPL FIT support configs: aspeed: Make EXTRA_ENV_SETTINGS board specific configs: ast2600: Boot kernel FIT in DRAM Joel Stanley (2): clk: ast2600: Add YCLK control for HACE ARM: dts: ast2600: Add HACE to device tree Johnny Huang (1): crypto: aspeed: Add AST2600 HACE support arch/arm/dts/ast2600-evb.dts | 10 + arch/arm/dts/ast2600.dtsi | 17 + arch/arm/include/asm/arch-aspeed/platform.h | 2 +- .../arm/include/asm/arch-aspeed/scu_ast2600.h | 6 +- arch/arm/mach-aspeed/ast2600/spl.c| 9 +- common/image-fit.c| 4 +- configs/evb-ast2600_defconfig | 22 +- drivers/clk/aspeed/clk_ast2600.c | 38 ++ drivers/crypto/Kconfig| 2 + drivers/crypto/Makefile | 1 + drivers/crypto/aspeed/Kconfig | 20 + drivers/crypto/aspeed/Makefile| 2 + drivers/crypto/aspeed/aspeed_acry.c | 182 + drivers/crypto/aspeed/aspeed_hace.c | 381 ++ drivers/crypto/hash/Kconfig | 8 + include/configs/aspeed-common.h | 9 - include/configs/evb_ast2500.h | 9 + include/configs/evb_ast2600.h | 16 + lib/rsa/Kconfig | 10 +- 19 files changed, 721 insertions(+), 27 deletions(-) create mode 100644 drivers/crypto/aspeed/Kconfig create mode 100644 drivers/crypto/aspeed/Makefile create mode 100644 drivers/crypto/aspeed/aspeed_acry.c create mode 100644 drivers/crypto/aspeed/aspeed_hace.c -- 2.17.1
[PATCH next v6 03/12] clk: ast2600: Add YCLK control for HACE
From: Joel Stanley Add YCLK enable for HACE, the HW hash engine of ASPEED AST2600 SoCs. Signed-off-by: Joel Stanley Signed-off-by: Chia-Wei Wang --- .../arm/include/asm/arch-aspeed/scu_ast2600.h | 5 +++-- drivers/clk/aspeed/clk_ast2600.c | 20 +++ 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h index a205fb1f76..d7b500f656 100644 --- a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h +++ b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h @@ -10,8 +10,9 @@ #define SCU_CLKGATE1_EMMC BIT(27) #define SCU_CLKGATE1_MAC2 BIT(21) #define SCU_CLKGATE1_MAC1 BIT(20) -#define SCU_CLKGATE1_USB_HUB BIT(14) -#define SCU_CLKGATE1_USB_HOST2 BIT(7) +#define SCU_CLKGATE1_USB_HUB BIT(14) +#define SCU_CLKGATE1_HACE BIT(13) +#define SCU_CLKGATE1_USB_HOST2 BIT(7) #define SCU_CLKGATE2_FSI BIT(30) #define SCU_CLKGATE2_MAC4 BIT(21) diff --git a/drivers/clk/aspeed/clk_ast2600.c b/drivers/clk/aspeed/clk_ast2600.c index 3a92739f5c..69128fd3c4 100644 --- a/drivers/clk/aspeed/clk_ast2600.c +++ b/drivers/clk/aspeed/clk_ast2600.c @@ -1013,6 +1013,23 @@ static ulong ast2600_enable_usbbhclk(struct ast2600_scu *scu) return 0; } +static ulong ast2600_enable_haceclk(struct ast2600_scu *scu) +{ + uint32_t reset_bit; + uint32_t clkgate_bit; + + reset_bit = BIT(ASPEED_RESET_HACE); + clkgate_bit = SCU_CLKGATE1_HACE; + + writel(reset_bit, >modrst_ctrl1); + udelay(100); + writel(clkgate_bit, >clkgate_clr1); + mdelay(20); + writel(reset_bit, >modrst_clr1); + + return 0; +} + static int ast2600_clk_enable(struct clk *clk) { struct ast2600_clk_priv *priv = dev_get_priv(clk->dev); @@ -1051,6 +1068,9 @@ static int ast2600_clk_enable(struct clk *clk) case ASPEED_CLK_GATE_USBPORT2CLK: ast2600_enable_usbbhclk(priv->scu); break; + case ASPEED_CLK_GATE_YCLK: + ast2600_enable_haceclk(priv->scu); + break; default: pr_err("can't enable clk\n"); return -ENOENT; -- 2.17.1
[PATCH next v6 01/12] image: fit: Fix parameter name for hash algorithm
Fix inconsistent parameter naming of the hash algorithm. Signed-off-by: Chia-Wei Wang Fixes: 92055e138f2 ("image: Drop if/elseif hash selection in calculate_hash()") --- common/image-fit.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/common/image-fit.c b/common/image-fit.c index 5a0a0cc200..a53a2b5d6f 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -1201,7 +1201,7 @@ int fit_set_timestamp(void *fit, int noffset, time_t timestamp) * calculate_hash - calculate and return hash for provided input data * @data: pointer to the input data * @data_len: data length - * @algo: requested hash algorithm + * @name: requested hash algorithm name * @value: pointer to the char, will hold hash value data (caller must * allocate enough free space) * value_len: length of the calculated hash @@ -1229,7 +1229,7 @@ int calculate_hash(const void *data, int data_len, const char *name, return -1; } - hash_algo = hash_algo_lookup_by_name(algo); + hash_algo = hash_algo_lookup_by_name(name); if (hash_algo == HASH_ALGO_INVALID) { debug("Unsupported hash algorithm\n"); return -1; -- 2.17.1
[PATCH next v6 02/12] aspeed: ast2600: Enlarge SRAM size
The AST2600 SRAM has been extended to 88KB since A1 chip revision. This patch updates the SRAM size to offer more space for early stack/heap use. Signed-off-by: Chia-Wei Wang --- arch/arm/include/asm/arch-aspeed/platform.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/include/asm/arch-aspeed/platform.h b/arch/arm/include/asm/arch-aspeed/platform.h index d50ec5f8a9..589abd4a3f 100644 --- a/arch/arm/include/asm/arch-aspeed/platform.h +++ b/arch/arm/include/asm/arch-aspeed/platform.h @@ -17,7 +17,7 @@ #define ASPEED_MAC_COUNT 4 #define ASPEED_DRAM_BASE 0x8000 #define ASPEED_SRAM_BASE 0x1000 -#define ASPEED_SRAM_SIZE 0x1 +#define ASPEED_SRAM_SIZE 0x16000 #else #err "Unrecognized Aspeed platform." #endif -- 2.17.1
[PATCH next v5 11/12] configs: aspeed: Make EXTRA_ENV_SETTINGS board specific
Move CONFIG_EXTRA_ENV_SETTINGS to board-specific configuration headers. Signed-off-by: Chia-Wei Wang --- include/configs/aspeed-common.h | 9 - include/configs/evb_ast2500.h | 9 + include/configs/evb_ast2600.h | 9 + 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/include/configs/aspeed-common.h b/include/configs/aspeed-common.h index 5177bf20fa..96526e1a75 100644 --- a/include/configs/aspeed-common.h +++ b/include/configs/aspeed-common.h @@ -38,13 +38,4 @@ */ #define CONFIG_BOOTP_BOOTFILESIZE -/* - * Miscellaneous configurable options - */ - -#define CONFIG_EXTRA_ENV_SETTINGS \ - "verify=yes\0" \ - "spi_dma=yes\0" \ - "" - #endif /* __AST_COMMON_CONFIG_H */ diff --git a/include/configs/evb_ast2500.h b/include/configs/evb_ast2500.h index dc032c1a41..a886fd941e 100644 --- a/include/configs/evb_ast2500.h +++ b/include/configs/evb_ast2500.h @@ -13,4 +13,13 @@ #define CONFIG_SYS_UBOOT_BASE CONFIG_SYS_TEXT_BASE +/* Memory Info */ +#define CONFIG_SYS_LOAD_ADDR 0x8300 + +/* Misc */ +#define CONFIG_EXTRA_ENV_SETTINGS \ + "verify=yes\0" \ + "spi_dma=yes\0" \ + "" + #endif /* __CONFIG_H */ diff --git a/include/configs/evb_ast2600.h b/include/configs/evb_ast2600.h index 177a52eb91..d2aceb6663 100644 --- a/include/configs/evb_ast2600.h +++ b/include/configs/evb_ast2600.h @@ -10,4 +10,13 @@ #define CONFIG_SYS_UBOOT_BASE CONFIG_SYS_TEXT_BASE +/* Memory Info */ +#define CONFIG_SYS_LOAD_ADDR 0x8300 + +/* Misc */ +#define CONFIG_EXTRA_ENV_SETTINGS \ + "verify=yes\0" \ + "spi_dma=yes\0" \ + "" + #endif /* __CONFIG_H */ -- 2.17.1
[PATCH next v5 10/12] configs: ast2600-evb: Enable SPL FIT support
Enable SPL FIT image load and verification support. The HW accelerated SHA is also available with the newly added support of the HACE HW hash engine. The SPL thumb build is also enabled to keep the binary less than 64KB to fit into the Aspeed secure boot design. Signed-off-by: Chia-Wei Wang --- configs/evb-ast2600_defconfig | 20 +--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/configs/evb-ast2600_defconfig b/configs/evb-ast2600_defconfig index 56ab885d9b..eba6940ec1 100644 --- a/configs/evb-ast2600_defconfig +++ b/configs/evb-ast2600_defconfig @@ -1,7 +1,8 @@ CONFIG_ARM=y CONFIG_SYS_DCACHE_OFF=y +CONFIG_SPL_SYS_THUMB_BUILD=y CONFIG_ARCH_ASPEED=y -CONFIG_SYS_TEXT_BASE=0x1 +CONFIG_SYS_TEXT_BASE=0x8000 CONFIG_ASPEED_AST2600=y CONFIG_TARGET_EVB_AST2600=y CONFIG_SPL_LIBCOMMON_SUPPORT=y @@ -12,13 +13,17 @@ CONFIG_ENV_SIZE=0x1 CONFIG_SYS_MALLOC_LEN=0x200 CONFIG_DEFAULT_DEVICE_TREE="ast2600-evb" CONFIG_SPL_SERIAL=y +CONFIG_SPL_STACK_R_ADDR=0x8300 CONFIG_SPL_SIZE_LIMIT=0x1 CONFIG_SPL=y # CONFIG_ARMV7_NONSEC is not set # CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set CONFIG_SYS_LOAD_ADDR=0x8300 CONFIG_FIT=y -# CONFIG_LEGACY_IMAGE_FORMAT is not set +CONFIG_SPL_FIT_SIGNATURE=y +CONFIG_SPL_LOAD_FIT=y +CONFIG_SPL_LOAD_FIT_ADDRESS=0x1 +# CONFIG_USE_SPL_FIT_GENERATOR is not set CONFIG_USE_BOOTARGS=y CONFIG_BOOTARGS="console=ttyS4,115200n8 root=/dev/ram rw" CONFIG_USE_BOOTCOMMAND=y @@ -26,8 +31,10 @@ CONFIG_BOOTCOMMAND="bootm 2010" # CONFIG_DISPLAY_CPUINFO is not set CONFIG_SPL_SIZE_LIMIT_SUBTRACT_GD=y CONFIG_SPL_SIZE_LIMIT_SUBTRACT_MALLOC=y -# CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set CONFIG_SPL_SYS_MALLOC_SIMPLE=y +CONFIG_SPL_STACK_R=y +CONFIG_SPL_STACK_R_MALLOC_SIMPLE_LEN=0x200 +CONFIG_SPL_FIT_IMAGE_TINY=y CONFIG_SPL_DM_RESET=y CONFIG_SPL_RAM_SUPPORT=y CONFIG_SPL_RAM_DEVICE=y @@ -47,6 +54,9 @@ CONFIG_REGMAP=y CONFIG_SPL_OF_TRANSLATE=y CONFIG_CLK=y CONFIG_SPL_CLK=y +CONFIG_DM_HASH=y +CONFIG_HASH_ASPEED=y +CONFIG_ASPEED_ACRY=y CONFIG_DM_I2C=y CONFIG_MISC=y CONFIG_SPL_MISC=y @@ -65,5 +75,9 @@ CONFIG_SYS_NS16550=y CONFIG_SYSRESET=y CONFIG_SPL_SYSRESET=y CONFIG_WDT=y +CONFIG_SHA512_ALGO=y +CONFIG_SHA512=y +CONFIG_SHA384=y CONFIG_HEXDUMP=y # CONFIG_EFI_LOADER is not set +CONFIG_PHANDLE_CHECK_SEQ=y -- 2.17.1
[PATCH next v5 12/12] configs: ast2600: Boot kernel FIT in DRAM
AST2600 leverages the FIT hash/signature verification to fulfill secure boot trust chain. To improve the performance and save SW code size for those crypto operations, the two HW crypto engine, HACE and ACRY, are enabled. However, both of the engines can only access to data stored in DRAM space. Therefore, we need to move the FIT image into DRAM before the booting. This patch update the CONFIG_BOOTCOMMAND to execute the pre-defined ENV variable which consists of FIT image copy to memory and booting. Signed-off-by: Chia-Wei Wang --- configs/evb-ast2600_defconfig | 2 +- include/configs/evb_ast2600.h | 7 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/configs/evb-ast2600_defconfig b/configs/evb-ast2600_defconfig index eba6940ec1..abb156f13e 100644 --- a/configs/evb-ast2600_defconfig +++ b/configs/evb-ast2600_defconfig @@ -27,7 +27,7 @@ CONFIG_SPL_LOAD_FIT_ADDRESS=0x1 CONFIG_USE_BOOTARGS=y CONFIG_BOOTARGS="console=ttyS4,115200n8 root=/dev/ram rw" CONFIG_USE_BOOTCOMMAND=y -CONFIG_BOOTCOMMAND="bootm 2010" +CONFIG_BOOTCOMMAND="run bootspi" # CONFIG_DISPLAY_CPUINFO is not set CONFIG_SPL_SIZE_LIMIT_SUBTRACT_GD=y CONFIG_SPL_SIZE_LIMIT_SUBTRACT_MALLOC=y diff --git a/include/configs/evb_ast2600.h b/include/configs/evb_ast2600.h index d2aceb6663..83002db317 100644 --- a/include/configs/evb_ast2600.h +++ b/include/configs/evb_ast2600.h @@ -14,7 +14,14 @@ #define CONFIG_SYS_LOAD_ADDR 0x8300 /* Misc */ +#define STR_HELPER(s) #s +#define STR(s) STR_HELPER(s) + #define CONFIG_EXTRA_ENV_SETTINGS \ + "loadaddr=" STR(CONFIG_SYS_LOAD_ADDR) "\0" \ + "bootspi=fdt addr 2010 && fdt header get fitsize totalsize && " \ + "cp.b 2010 ${loadaddr} ${fitsize} && bootm; " \ + "echo Error loading kernel FIT image\0" \ "verify=yes\0" \ "spi_dma=yes\0" \ "" -- 2.17.1
[PATCH next v5 04/12] crypto: aspeed: Add AST2600 HACE support
From: Johnny Huang Hash and Crypto Engine (HACE) is designed to accelerate the throughput of hash data digest, and symmetric-key encryption. Signed-off-by: Johnny Huang Signed-off-by: Chia-Wei Wang --- drivers/crypto/Kconfig | 2 + drivers/crypto/Makefile | 1 + drivers/crypto/aspeed/Kconfig | 10 + drivers/crypto/aspeed/Makefile | 1 + drivers/crypto/aspeed/aspeed_hace.c | 381 drivers/crypto/hash/Kconfig | 8 + 6 files changed, 403 insertions(+) create mode 100644 drivers/crypto/aspeed/Kconfig create mode 100644 drivers/crypto/aspeed/Makefile create mode 100644 drivers/crypto/aspeed/aspeed_hace.c diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index 0082177c21..675081ecd3 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -4,4 +4,6 @@ source drivers/crypto/hash/Kconfig source drivers/crypto/fsl/Kconfig +source drivers/crypto/aspeed/Kconfig + endmenu diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile index e8bae43e3f..6b762565a1 100644 --- a/drivers/crypto/Makefile +++ b/drivers/crypto/Makefile @@ -7,3 +7,4 @@ obj-$(CONFIG_EXYNOS_ACE_SHA)+= ace_sha.o obj-y += rsa_mod_exp/ obj-y += fsl/ obj-y += hash/ +obj-y += aspeed/ diff --git a/drivers/crypto/aspeed/Kconfig b/drivers/crypto/aspeed/Kconfig new file mode 100644 index 00..471c06f986 --- /dev/null +++ b/drivers/crypto/aspeed/Kconfig @@ -0,0 +1,10 @@ +config ASPEED_HACE + bool "ASPEED Hash and Crypto Engine" + depends on DM_HASH + help + Select this option to enable a driver for using the SHA engine in + the ASPEED BMC SoCs. + + Enabling this allows the use of SHA operations in hardware without + requiring the SHA software implementations. It also improves performance + and saves code size. diff --git a/drivers/crypto/aspeed/Makefile b/drivers/crypto/aspeed/Makefile new file mode 100644 index 00..84e6bfe82a --- /dev/null +++ b/drivers/crypto/aspeed/Makefile @@ -0,0 +1 @@ +obj-$(CONFIG_ASPEED_HACE) += aspeed_hace.o diff --git a/drivers/crypto/aspeed/aspeed_hace.c b/drivers/crypto/aspeed/aspeed_hace.c new file mode 100644 index 00..1178cc6a76 --- /dev/null +++ b/drivers/crypto/aspeed/aspeed_hace.c @@ -0,0 +1,381 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright 2021 ASPEED Technology Inc. + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* register offsets*/ +#define HACE_STS 0x1C +#define HACE_HASH_DATA_OVF BIT(23) +#define HACE_HASH_INTBIT(9) +#define HACE_HASH_BUSY BIT(0) +#define HACE_HASH_DATA 0x20 +#define HACE_HASH_DIGEST 0x24 +#define HACE_HASH_HMAC_KEY 0x28 +#define HACE_HASH_DATA_LEN 0x2C +#define HACE_HASH_CMD 0x30 +#define HACE_HASH_MODE_ACCUM BIT(8) +#define HACE_HASH_ALGO_SHA1 BIT(5) +#define HACE_HASH_ALGO_SHA256(BIT(6) | BIT(4)) +#define HACE_HASH_ALGO_SHA384(BIT(10) | BIT(6) | BIT(5)) +#define HACE_HASH_ALGO_SHA512(BIT(6) | BIT(5)) +#define HACE_HASH_SHA_BE_EN BIT(3) + +/* buffer size based on SHA-512 need*/ +#define HASH_BLOCK_BUFSZ 128 +#define HASH_DIGEST_BUFSZ 64 + +struct aspeed_hace_ctx { + uint8_t digest[HASH_DIGEST_BUFSZ]; + + uint32_t cmd; + enum HASH_ALGO algo; + + uint32_t blk_size; + uint32_t pad_size; + uint64_t total[2]; + + uint8_t buf[HASH_BLOCK_BUFSZ]; + uint32_t buf_cnt; +} __aligned((8)); + +struct aspeed_hace { + phys_addr_t base; + struct clk clk; +}; + +static const uint32_t iv_sha1[8] = { + 0x01234567, 0x89abcdef, 0xfedcba98, 0x76543210, + 0xf0e1d2c3, 0, 0, 0 +}; + +static const uint32_t iv_sha256[8] = { + 0x67e6096a, 0x85ae67bb, 0x72f36e3c, 0x3af54fa5, + 0x7f520e51, 0x8c68059b, 0xabd9831f, 0x19cde05bUL +}; + +static const uint32_t iv_sha384[16] = { + 0x5d9dbbcb, 0xd89e05c1, 0x2a299a62, 0x07d57c36, + 0x5a015991, 0x17dd7030, 0xd8ec2f15, 0x39590ef7, + 0x67263367, 0x310bc0ff, 0x874ab48e, 0x11155868, + 0x0d2e0cdb, 0xa78ff964, 0x1d48b547, 0xa44ffabeUL +}; + +static const uint32_t iv_sha512[16] = { + 0x67e6096a, 0x08c9bcf3, 0x85ae67bb, 0x3ba7ca84, + 0x72f36e3c, 0x2bf894fe, 0x3af54fa5, 0xf1361d5f, + 0x7f520e51, 0xd182e6ad, 0x8c68059b, 0x1f6c3e2b, + 0xabd9831f, 0x6bbd41fb, 0x19cde05b, 0x79217e13UL +}; + +static int aspeed_hace_wait_completion(uint32_t reg, uint32_t flag, int timeout_us) +{ + uint32_t val; + + return readl_poll_timeout(reg, val, (val & flag) == flag, timeout_us); +} + +static int aspeed_hace_process(struct udevice *dev, void *ctx, const void *ibuf, uint32_t ilen) +{ + struct aspeed_hace *hace = de
[PATCH next v5 03/12] clk: ast2600: Add YCLK control for HACE
From: Joel Stanley Add YCLK enable for HACE, the HW hash engine of ASPEED AST2600 SoCs. Signed-off-by: Joel Stanley Signed-off-by: Chia-Wei Wang --- .../arm/include/asm/arch-aspeed/scu_ast2600.h | 5 +++-- drivers/clk/aspeed/clk_ast2600.c | 20 +++ 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h index a205fb1f76..d7b500f656 100644 --- a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h +++ b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h @@ -10,8 +10,9 @@ #define SCU_CLKGATE1_EMMC BIT(27) #define SCU_CLKGATE1_MAC2 BIT(21) #define SCU_CLKGATE1_MAC1 BIT(20) -#define SCU_CLKGATE1_USB_HUB BIT(14) -#define SCU_CLKGATE1_USB_HOST2 BIT(7) +#define SCU_CLKGATE1_USB_HUB BIT(14) +#define SCU_CLKGATE1_HACE BIT(13) +#define SCU_CLKGATE1_USB_HOST2 BIT(7) #define SCU_CLKGATE2_FSI BIT(30) #define SCU_CLKGATE2_MAC4 BIT(21) diff --git a/drivers/clk/aspeed/clk_ast2600.c b/drivers/clk/aspeed/clk_ast2600.c index 3a92739f5c..69128fd3c4 100644 --- a/drivers/clk/aspeed/clk_ast2600.c +++ b/drivers/clk/aspeed/clk_ast2600.c @@ -1013,6 +1013,23 @@ static ulong ast2600_enable_usbbhclk(struct ast2600_scu *scu) return 0; } +static ulong ast2600_enable_haceclk(struct ast2600_scu *scu) +{ + uint32_t reset_bit; + uint32_t clkgate_bit; + + reset_bit = BIT(ASPEED_RESET_HACE); + clkgate_bit = SCU_CLKGATE1_HACE; + + writel(reset_bit, >modrst_ctrl1); + udelay(100); + writel(clkgate_bit, >clkgate_clr1); + mdelay(20); + writel(reset_bit, >modrst_clr1); + + return 0; +} + static int ast2600_clk_enable(struct clk *clk) { struct ast2600_clk_priv *priv = dev_get_priv(clk->dev); @@ -1051,6 +1068,9 @@ static int ast2600_clk_enable(struct clk *clk) case ASPEED_CLK_GATE_USBPORT2CLK: ast2600_enable_usbbhclk(priv->scu); break; + case ASPEED_CLK_GATE_YCLK: + ast2600_enable_haceclk(priv->scu); + break; default: pr_err("can't enable clk\n"); return -ENOENT; -- 2.17.1
[PATCH next v5 09/12] ast2600: spl: Locate load buffer in DRAM space
Return CONFIG_SYS_LOAD_ADDR pointing to DRAM space for spl_get_load_buffer() to allow generic SPL image loading code (e.g. FIT and Ymodem) to store data in DRAM. Signed-off-by: Chia-Wei Wang --- arch/arm/mach-aspeed/ast2600/spl.c | 9 + 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/arch/arm/mach-aspeed/ast2600/spl.c b/arch/arm/mach-aspeed/ast2600/spl.c index 0d8cb29678..6c49d6aede 100644 --- a/arch/arm/mach-aspeed/ast2600/spl.c +++ b/arch/arm/mach-aspeed/ast2600/spl.c @@ -28,14 +28,7 @@ u32 spl_boot_device(void) struct image_header *spl_get_load_buffer(ssize_t offset, size_t size) { - /* -* When boot from SPI, AST2600 already remap 0x ~ 0x0fff -* to BMC SPI memory space 0x2000 ~ 0x2fff. The next stage BL -* has been located in SPI for XIP. In this case, the load buffer for -* SPL image loading will be set to the remapped address of the next -* BL instead of the DRAM space CONFIG_SYS_LOAD_ADDR -*/ - return (struct image_header *)(CONFIG_SYS_TEXT_BASE); + return (struct image_header *)(CONFIG_SYS_LOAD_ADDR); } #ifdef CONFIG_SPL_OS_BOOT -- 2.17.1
[PATCH next v5 08/12] ARM: dts: ast2600: Add ACRY to device tree
Add ACRY DTS node and enable it for AST2600 EVB. Signed-off-by: Chia-Wei Wang --- arch/arm/dts/ast2600-evb.dts | 5 + arch/arm/dts/ast2600.dtsi| 9 + 2 files changed, 14 insertions(+) diff --git a/arch/arm/dts/ast2600-evb.dts b/arch/arm/dts/ast2600-evb.dts index adb80a30ef..05362d19bd 100644 --- a/arch/arm/dts/ast2600-evb.dts +++ b/arch/arm/dts/ast2600-evb.dts @@ -182,3 +182,8 @@ u-boot,dm-pre-reloc; status = "okay"; }; + + { + u-boot,dm-pre-reloc; + status = "okay"; +}; diff --git a/arch/arm/dts/ast2600.dtsi b/arch/arm/dts/ast2600.dtsi index b8fe966c7d..31905fd208 100644 --- a/arch/arm/dts/ast2600.dtsi +++ b/arch/arm/dts/ast2600.dtsi @@ -195,6 +195,15 @@ status = "disabled"; }; + acry: acry@1e6fa000 { + compatible = "aspeed,ast2600-acry"; + reg = <0x1e6fa000 0x1000>, + <0x1e71 0x1>; + interrupts = ; + clocks = < ASPEED_CLK_GATE_RSACLK>; + status = "disabled"; + }; + edac: sdram@1e6e { compatible = "aspeed,ast2600-sdram-edac"; reg = <0x1e6e 0x174>; -- 2.17.1
[PATCH next v5 07/12] crypto: aspeed: Add AST2600 ACRY support
ACRY is deisnged to accerlerate ECC/RSA digital signature generation and verification. Signed-off-by: Chia-Wei Wang --- drivers/crypto/aspeed/Kconfig | 10 ++ drivers/crypto/aspeed/Makefile | 1 + drivers/crypto/aspeed/aspeed_acry.c | 182 lib/rsa/Kconfig | 10 +- 4 files changed, 202 insertions(+), 1 deletion(-) create mode 100644 drivers/crypto/aspeed/aspeed_acry.c diff --git a/drivers/crypto/aspeed/Kconfig b/drivers/crypto/aspeed/Kconfig index 471c06f986..9bf317177a 100644 --- a/drivers/crypto/aspeed/Kconfig +++ b/drivers/crypto/aspeed/Kconfig @@ -8,3 +8,13 @@ config ASPEED_HACE Enabling this allows the use of SHA operations in hardware without requiring the SHA software implementations. It also improves performance and saves code size. + +config ASPEED_ACRY + bool "ASPEED RSA and ECC Engine" + depends on ASPEED_AST2600 + help +Select this option to enable a driver for using the RSA/ECC engine in +the ASPEED BMC SoCs. + +Enabling this allows the use of RSA/ECC operations in hardware without requiring the +software implementations. It also improves performance and saves code size. diff --git a/drivers/crypto/aspeed/Makefile b/drivers/crypto/aspeed/Makefile index 84e6bfe82a..58b55fc46e 100644 --- a/drivers/crypto/aspeed/Makefile +++ b/drivers/crypto/aspeed/Makefile @@ -1 +1,2 @@ obj-$(CONFIG_ASPEED_HACE) += aspeed_hace.o +obj-$(CONFIG_ASPEED_ACRY) += aspeed_acry.o diff --git a/drivers/crypto/aspeed/aspeed_acry.c b/drivers/crypto/aspeed/aspeed_acry.c new file mode 100644 index 00..0b948f828a --- /dev/null +++ b/drivers/crypto/aspeed/aspeed_acry.c @@ -0,0 +1,182 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright 2021 ASPEED Technology Inc. + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* ACRY register offsets */ +#define ACRY_CTRL1 0x00 +#define ACRY_CTRL1_RSA_DMA BIT(1) +#define ACRY_CTRL1_RSA_START BIT(0) +#define ACRY_CTRL2 0x44 +#define ACRY_CTRL3 0x48 +#define ACRY_CTRL3_SRAM_AHB_ACCESS BIT(8) +#define ACRY_CTRL3_ECC_RSA_MODE_MASK GENMASK(5, 4) +#define ACRY_CTRL3_ECC_RSA_MODE_SHIFT4 +#define ACRY_DMA_DRAM_SADDR0x4c +#define ACRY_DMA_DMEM_TADDR0x50 +#define ACRY_DMA_DMEM_TADDR_LEN_MASK GENMASK(15, 0) +#define ACRY_DMA_DMEM_TADDR_LEN_SHIFT0 +#define ACRY_RSA_PARAM 0x58 +#define ACRY_RSA_PARAM_EXP_MASK GENMASK(31, 16) +#define ACRY_RSA_PARAM_EXP_SHIFT 16 +#define ACRY_RSA_PARAM_MOD_MASK GENMASK(15, 0) +#define ACRY_RSA_PARAM_MOD_SHIFT 0 +#define ACRY_RSA_INT_EN0x3f8 +#define ACRY_RSA_INT_EN_RSA_READYBIT(2) +#define ACRY_RSA_INT_EN_RSA_CMPLTBIT(1) +#define ACRY_RSA_INT_STS 0x3fc +#define ACRY_RSA_INT_STS_RSA_READY BIT(2) +#define ACRY_RSA_INT_STS_RSA_CMPLT BIT(1) + +/* misc. constant */ +#define ACRY_ECC_MODE 2 +#define ACRY_RSA_MODE 3 +#define ACRY_CTX_BUFSZ 0x600 + +struct aspeed_acry { + phys_addr_t base; + phys_addr_t sram_base; /* internal sram */ + struct clk clk; +}; + +static int aspeed_acry_mod_exp(struct udevice *dev, const uint8_t *sig, uint32_t sig_len, + struct key_prop *prop, uint8_t *out) +{ + int i, j; + u8 *ctx; + u8 *ptr; + u32 reg; + struct aspeed_acry *acry = dev_get_priv(dev); + + ctx = memalign(16, ACRY_CTX_BUFSZ); + if (!ctx) + return -ENOMEM; + + memset(ctx, 0, ACRY_CTX_BUFSZ); + + ptr = (u8 *)prop->public_exponent; + for (i = prop->exp_len - 1, j = 0; i >= 0; --i) { + ctx[j] = ptr[i]; + j++; + j = (j % 16) ? j : j + 32; + } + + ptr = (u8 *)prop->modulus; + for (i = (prop->num_bits >> 3) - 1, j = 0; i >= 0; --i) { + ctx[j + 16] = ptr[i]; + j++; + j = (j % 16) ? j : j + 32; + } + + ptr = (u8 *)sig; + for (i = sig_len - 1, j = 0; i >= 0; --i) { + ctx[j + 32] = ptr[i]; + j++; + j = (j % 16) ? j : j + 32; + } + + writel((u32)ctx, acry->base + ACRY_DMA_DRAM_SADDR); + + reg = (((prop->exp_len << 3) << ACRY_RSA_PARAM_EXP_SHIFT) & ACRY_RSA_PARAM_EXP_MASK) | + ((prop->num_bits << ACRY_RSA_PARAM_MOD_SHIFT) & ACRY_RSA_PARAM_MOD_MASK); + writel(reg, acry->base + ACRY_RSA_PARAM); + + reg = (ACRY_CTX_BUFSZ << ACRY_DMA_DMEM_TADDR_LEN_SHIFT) & ACRY_DMA_DMEM_TADDR_LEN_MASK; + writel(reg, acry->base + ACRY_DMA_DMEM_TADDR); + + reg = (ACRY_RSA_MODE << ACRY_CTRL3_ECC_RSA_MODE_SHIFT) & ACRY_CTRL3_ECC_RSA_MODE_MASK; + writel(reg, acry->bas
[PATCH next v5 06/12] clk: ast2600: Add RSACLK control for ACRY
Add RSACLK enable for ACRY, the HW RSA/ECC crypto engine of ASPEED AST2600 SoCs. As ACRY and HACE share the same reset control bit, we do not perform the reset-hold-n-release operation during their clock ungating process. Instead, only reset release is conducted to prevent mutual interference. Signed-off-by: Chia-Wei Wang --- .../arm/include/asm/arch-aspeed/scu_ast2600.h | 1 + drivers/clk/aspeed/clk_ast2600.c | 22 +-- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h index d7b500f656..7c5aab98b6 100644 --- a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h +++ b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h @@ -8,6 +8,7 @@ #define SCU_UNLOCK_KEY 0x1688a8a8 #define SCU_CLKGATE1_EMMC BIT(27) +#define SCU_CLKGATE1_ACRY BIT(24) #define SCU_CLKGATE1_MAC2 BIT(21) #define SCU_CLKGATE1_MAC1 BIT(20) #define SCU_CLKGATE1_USB_HUB BIT(14) diff --git a/drivers/clk/aspeed/clk_ast2600.c b/drivers/clk/aspeed/clk_ast2600.c index 69128fd3c4..f6ebf824aa 100644 --- a/drivers/clk/aspeed/clk_ast2600.c +++ b/drivers/clk/aspeed/clk_ast2600.c @@ -1018,11 +1018,26 @@ static ulong ast2600_enable_haceclk(struct ast2600_scu *scu) uint32_t reset_bit; uint32_t clkgate_bit; + /* share the same reset control bit with ACRY */ reset_bit = BIT(ASPEED_RESET_HACE); clkgate_bit = SCU_CLKGATE1_HACE; - writel(reset_bit, >modrst_ctrl1); - udelay(100); + writel(clkgate_bit, >clkgate_clr1); + mdelay(20); + writel(reset_bit, >modrst_clr1); + + return 0; +} + +static ulong ast2600_enable_rsaclk(struct ast2600_scu *scu) +{ + uint32_t reset_bit; + uint32_t clkgate_bit; + + /* share the same reset control bit with HACE */ + reset_bit = BIT(ASPEED_RESET_HACE); + clkgate_bit = SCU_CLKGATE1_ACRY; + writel(clkgate_bit, >clkgate_clr1); mdelay(20); writel(reset_bit, >modrst_clr1); @@ -1071,6 +1086,9 @@ static int ast2600_clk_enable(struct clk *clk) case ASPEED_CLK_GATE_YCLK: ast2600_enable_haceclk(priv->scu); break; + case ASPEED_CLK_GATE_RSACLK: + ast2600_enable_rsaclk(priv->scu); + break; default: pr_err("can't enable clk\n"); return -ENOENT; -- 2.17.1
[PATCH next v5 05/12] ARM: dts: ast2600: Add HACE to device tree
From: Joel Stanley Add HACE DTS node and enable it for AST2600 EVB. Signed-off-by: Joel Stanley Signed-off-by: Chia-Wei Wang --- arch/arm/dts/ast2600-evb.dts | 5 + arch/arm/dts/ast2600.dtsi| 8 2 files changed, 13 insertions(+) diff --git a/arch/arm/dts/ast2600-evb.dts b/arch/arm/dts/ast2600-evb.dts index 2abd31341c..adb80a30ef 100644 --- a/arch/arm/dts/ast2600-evb.dts +++ b/arch/arm/dts/ast2600-evb.dts @@ -177,3 +177,8 @@ 0x08 0x04 0x08 0x04>; }; + + { + u-boot,dm-pre-reloc; + status = "okay"; +}; diff --git a/arch/arm/dts/ast2600.dtsi b/arch/arm/dts/ast2600.dtsi index f121f547e6..b8fe966c7d 100644 --- a/arch/arm/dts/ast2600.dtsi +++ b/arch/arm/dts/ast2600.dtsi @@ -187,6 +187,14 @@ }; }; + hace: hace@1e6d { + compatible = "aspeed,ast2600-hace"; + reg = <0x1e6d 0x200>; + interrupts = ; + clocks = < ASPEED_CLK_GATE_YCLK>; + status = "disabled"; + }; + edac: sdram@1e6e { compatible = "aspeed,ast2600-sdram-edac"; reg = <0x1e6e 0x174>; -- 2.17.1
[PATCH next v5 00/12] aspeed: Support secure boot chain with FIT image verification
This patch series intends to provide a secure boot chain from SPL to Linux kernel based on the hash and signature verification of FIT image paradigm. To improve the performance and save code size (SPL is limited to 64KB due to HW-RoT), the drviers of two HW crypto engine HACE and ACRY are also added for AST26xx SoCs. As HACE and ACRY can only access to DRAM space, additional configuration and boot command are also updated according to move each FIT image before its booting. In addition, the common code of FIT image hash algorithm lookup is also revised to leverage the HW accelerated calculation. v5: - fix inconsistent parameter name due to parallel patch work v4: - add new DM_HASH based driver for Aspeed HACE - remove SPL board init, which was originally used to probe non-DM HACE driver - fix typo of ARCY to ACRY - refactor defconfig based on the new Kconfig of U-Boot next branch v3: - add SW work around for HACE HW DMA issue by resetting HACE - add reset control for HACE device tree node - sync all of the HACE error message to use debug() v2: - update commit authors Chia-Wei Wang (9): image: fit: Fix parameter name for hash algorithm aspeed: ast2600: Enlarge SRAM size clk: ast2600: Add RSACLK control for ACRY crypto: aspeed: Add AST2600 ACRY support ARM: dts: ast2600: Add ACRY to device tree ast2600: spl: Locate load buffer in DRAM space configs: ast2600-evb: Enable SPL FIT support configs: aspeed: Make EXTRA_ENV_SETTINGS board specific configs: ast2600: Boot kernel FIT in DRAM Joel Stanley (2): clk: ast2600: Add YCLK control for HACE ARM: dts: ast2600: Add HACE to device tree Johnny Huang (1): crypto: aspeed: Add AST2600 HACE support arch/arm/dts/ast2600-evb.dts | 10 + arch/arm/dts/ast2600.dtsi | 17 + arch/arm/include/asm/arch-aspeed/platform.h | 2 +- .../arm/include/asm/arch-aspeed/scu_ast2600.h | 6 +- arch/arm/mach-aspeed/ast2600/spl.c| 9 +- common/image-fit.c| 2 +- configs/evb-ast2600_defconfig | 22 +- drivers/clk/aspeed/clk_ast2600.c | 38 ++ drivers/crypto/Kconfig| 2 + drivers/crypto/Makefile | 1 + drivers/crypto/aspeed/Kconfig | 20 + drivers/crypto/aspeed/Makefile| 2 + drivers/crypto/aspeed/aspeed_acry.c | 182 + drivers/crypto/aspeed/aspeed_hace.c | 381 ++ drivers/crypto/hash/Kconfig | 8 + include/configs/aspeed-common.h | 9 - include/configs/evb_ast2500.h | 9 + include/configs/evb_ast2600.h | 16 + lib/rsa/Kconfig | 10 +- 19 files changed, 720 insertions(+), 26 deletions(-) create mode 100644 drivers/crypto/aspeed/Kconfig create mode 100644 drivers/crypto/aspeed/Makefile create mode 100644 drivers/crypto/aspeed/aspeed_acry.c create mode 100644 drivers/crypto/aspeed/aspeed_hace.c -- 2.17.1
[PATCH next v5 02/12] aspeed: ast2600: Enlarge SRAM size
The AST2600 SRAM has been extended to 88KB since A1 chip revision. This patch updates the SRAM size to offer more space for early stack/heap use. Signed-off-by: Chia-Wei Wang --- arch/arm/include/asm/arch-aspeed/platform.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/include/asm/arch-aspeed/platform.h b/arch/arm/include/asm/arch-aspeed/platform.h index d50ec5f8a9..589abd4a3f 100644 --- a/arch/arm/include/asm/arch-aspeed/platform.h +++ b/arch/arm/include/asm/arch-aspeed/platform.h @@ -17,7 +17,7 @@ #define ASPEED_MAC_COUNT 4 #define ASPEED_DRAM_BASE 0x8000 #define ASPEED_SRAM_BASE 0x1000 -#define ASPEED_SRAM_SIZE 0x1 +#define ASPEED_SRAM_SIZE 0x16000 #else #err "Unrecognized Aspeed platform." #endif -- 2.17.1
[PATCH next v5 01/12] image: fit: Fix parameter name for hash algorithm
Fix inconsistent function parameter name of the hash algorithm. Signed-off-by: Chia-Wei Wang Fixes: 92055e138f2 ("image: Drop if/elseif hash selection in calculate_hash()") --- common/image-fit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/image-fit.c b/common/image-fit.c index 5a0a0cc200..9e8a1f36c1 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -1229,7 +1229,7 @@ int calculate_hash(const void *data, int data_len, const char *name, return -1; } - hash_algo = hash_algo_lookup_by_name(algo); + hash_algo = hash_algo_lookup_by_name(name); if (hash_algo == HASH_ALGO_INVALID) { debug("Unsupported hash algorithm\n"); return -1; -- 2.17.1
[PATCH next v4 02/11] clk: ast2600: Add YCLK control for HACE
From: Joel Stanley Add YCLK enable for HACE, the HW hash engine of ASPEED AST2600 SoCs. Signed-off-by: Joel Stanley Signed-off-by: Chia-Wei Wang --- .../arm/include/asm/arch-aspeed/scu_ast2600.h | 5 +++-- drivers/clk/aspeed/clk_ast2600.c | 20 +++ 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h index a205fb1f76..d7b500f656 100644 --- a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h +++ b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h @@ -10,8 +10,9 @@ #define SCU_CLKGATE1_EMMC BIT(27) #define SCU_CLKGATE1_MAC2 BIT(21) #define SCU_CLKGATE1_MAC1 BIT(20) -#define SCU_CLKGATE1_USB_HUB BIT(14) -#define SCU_CLKGATE1_USB_HOST2 BIT(7) +#define SCU_CLKGATE1_USB_HUB BIT(14) +#define SCU_CLKGATE1_HACE BIT(13) +#define SCU_CLKGATE1_USB_HOST2 BIT(7) #define SCU_CLKGATE2_FSI BIT(30) #define SCU_CLKGATE2_MAC4 BIT(21) diff --git a/drivers/clk/aspeed/clk_ast2600.c b/drivers/clk/aspeed/clk_ast2600.c index 3a92739f5c..69128fd3c4 100644 --- a/drivers/clk/aspeed/clk_ast2600.c +++ b/drivers/clk/aspeed/clk_ast2600.c @@ -1013,6 +1013,23 @@ static ulong ast2600_enable_usbbhclk(struct ast2600_scu *scu) return 0; } +static ulong ast2600_enable_haceclk(struct ast2600_scu *scu) +{ + uint32_t reset_bit; + uint32_t clkgate_bit; + + reset_bit = BIT(ASPEED_RESET_HACE); + clkgate_bit = SCU_CLKGATE1_HACE; + + writel(reset_bit, >modrst_ctrl1); + udelay(100); + writel(clkgate_bit, >clkgate_clr1); + mdelay(20); + writel(reset_bit, >modrst_clr1); + + return 0; +} + static int ast2600_clk_enable(struct clk *clk) { struct ast2600_clk_priv *priv = dev_get_priv(clk->dev); @@ -1051,6 +1068,9 @@ static int ast2600_clk_enable(struct clk *clk) case ASPEED_CLK_GATE_USBPORT2CLK: ast2600_enable_usbbhclk(priv->scu); break; + case ASPEED_CLK_GATE_YCLK: + ast2600_enable_haceclk(priv->scu); + break; default: pr_err("can't enable clk\n"); return -ENOENT; -- 2.17.1
[PATCH next v4 09/11] configs: ast2600-evb: Enable SPL FIT support
Enable SPL FIT image load and verification support. The HW accelerated SHA is also available with the newly added support of the HACE HW hash engine. The SPL thumb build is also enabled to keep the binary less than 64KB to fit into the Aspeed secure boot design. Signed-off-by: Chia-Wei Wang --- configs/evb-ast2600_defconfig | 20 +--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/configs/evb-ast2600_defconfig b/configs/evb-ast2600_defconfig index 56ab885d9b..eba6940ec1 100644 --- a/configs/evb-ast2600_defconfig +++ b/configs/evb-ast2600_defconfig @@ -1,7 +1,8 @@ CONFIG_ARM=y CONFIG_SYS_DCACHE_OFF=y +CONFIG_SPL_SYS_THUMB_BUILD=y CONFIG_ARCH_ASPEED=y -CONFIG_SYS_TEXT_BASE=0x1 +CONFIG_SYS_TEXT_BASE=0x8000 CONFIG_ASPEED_AST2600=y CONFIG_TARGET_EVB_AST2600=y CONFIG_SPL_LIBCOMMON_SUPPORT=y @@ -12,13 +13,17 @@ CONFIG_ENV_SIZE=0x1 CONFIG_SYS_MALLOC_LEN=0x200 CONFIG_DEFAULT_DEVICE_TREE="ast2600-evb" CONFIG_SPL_SERIAL=y +CONFIG_SPL_STACK_R_ADDR=0x8300 CONFIG_SPL_SIZE_LIMIT=0x1 CONFIG_SPL=y # CONFIG_ARMV7_NONSEC is not set # CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set CONFIG_SYS_LOAD_ADDR=0x8300 CONFIG_FIT=y -# CONFIG_LEGACY_IMAGE_FORMAT is not set +CONFIG_SPL_FIT_SIGNATURE=y +CONFIG_SPL_LOAD_FIT=y +CONFIG_SPL_LOAD_FIT_ADDRESS=0x1 +# CONFIG_USE_SPL_FIT_GENERATOR is not set CONFIG_USE_BOOTARGS=y CONFIG_BOOTARGS="console=ttyS4,115200n8 root=/dev/ram rw" CONFIG_USE_BOOTCOMMAND=y @@ -26,8 +31,10 @@ CONFIG_BOOTCOMMAND="bootm 2010" # CONFIG_DISPLAY_CPUINFO is not set CONFIG_SPL_SIZE_LIMIT_SUBTRACT_GD=y CONFIG_SPL_SIZE_LIMIT_SUBTRACT_MALLOC=y -# CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set CONFIG_SPL_SYS_MALLOC_SIMPLE=y +CONFIG_SPL_STACK_R=y +CONFIG_SPL_STACK_R_MALLOC_SIMPLE_LEN=0x200 +CONFIG_SPL_FIT_IMAGE_TINY=y CONFIG_SPL_DM_RESET=y CONFIG_SPL_RAM_SUPPORT=y CONFIG_SPL_RAM_DEVICE=y @@ -47,6 +54,9 @@ CONFIG_REGMAP=y CONFIG_SPL_OF_TRANSLATE=y CONFIG_CLK=y CONFIG_SPL_CLK=y +CONFIG_DM_HASH=y +CONFIG_HASH_ASPEED=y +CONFIG_ASPEED_ACRY=y CONFIG_DM_I2C=y CONFIG_MISC=y CONFIG_SPL_MISC=y @@ -65,5 +75,9 @@ CONFIG_SYS_NS16550=y CONFIG_SYSRESET=y CONFIG_SPL_SYSRESET=y CONFIG_WDT=y +CONFIG_SHA512_ALGO=y +CONFIG_SHA512=y +CONFIG_SHA384=y CONFIG_HEXDUMP=y # CONFIG_EFI_LOADER is not set +CONFIG_PHANDLE_CHECK_SEQ=y -- 2.17.1
[PATCH next v4 10/11] configs: aspeed: Make EXTRA_ENV_SETTINGS board specific
Move CONFIG_EXTRA_ENV_SETTINGS to board-specific configuration headers. Signed-off-by: Chia-Wei Wang --- include/configs/aspeed-common.h | 9 - include/configs/evb_ast2500.h | 9 + include/configs/evb_ast2600.h | 9 + 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/include/configs/aspeed-common.h b/include/configs/aspeed-common.h index 5177bf20fa..96526e1a75 100644 --- a/include/configs/aspeed-common.h +++ b/include/configs/aspeed-common.h @@ -38,13 +38,4 @@ */ #define CONFIG_BOOTP_BOOTFILESIZE -/* - * Miscellaneous configurable options - */ - -#define CONFIG_EXTRA_ENV_SETTINGS \ - "verify=yes\0" \ - "spi_dma=yes\0" \ - "" - #endif /* __AST_COMMON_CONFIG_H */ diff --git a/include/configs/evb_ast2500.h b/include/configs/evb_ast2500.h index dc032c1a41..a886fd941e 100644 --- a/include/configs/evb_ast2500.h +++ b/include/configs/evb_ast2500.h @@ -13,4 +13,13 @@ #define CONFIG_SYS_UBOOT_BASE CONFIG_SYS_TEXT_BASE +/* Memory Info */ +#define CONFIG_SYS_LOAD_ADDR 0x8300 + +/* Misc */ +#define CONFIG_EXTRA_ENV_SETTINGS \ + "verify=yes\0" \ + "spi_dma=yes\0" \ + "" + #endif /* __CONFIG_H */ diff --git a/include/configs/evb_ast2600.h b/include/configs/evb_ast2600.h index 177a52eb91..d2aceb6663 100644 --- a/include/configs/evb_ast2600.h +++ b/include/configs/evb_ast2600.h @@ -10,4 +10,13 @@ #define CONFIG_SYS_UBOOT_BASE CONFIG_SYS_TEXT_BASE +/* Memory Info */ +#define CONFIG_SYS_LOAD_ADDR 0x8300 + +/* Misc */ +#define CONFIG_EXTRA_ENV_SETTINGS \ + "verify=yes\0" \ + "spi_dma=yes\0" \ + "" + #endif /* __CONFIG_H */ -- 2.17.1
[PATCH next v4 11/11] configs: ast2600: Boot kernel FIT in DRAM
AST2600 leverages the FIT hash/signature verification to fulfill secure boot trust chain. To improve the performance and save SW code size for those crypto operations, the two HW crypto engine, HACE and ACRY, are enabled. However, both of the engines can only access to data stored in DRAM space. Therefore, we need to move the FIT image into DRAM before the booting. This patch update the CONFIG_BOOTCOMMAND to execute the pre-defined ENV variable which consists of FIT image copy to memory and booting. Signed-off-by: Chia-Wei Wang --- configs/evb-ast2600_defconfig | 2 +- include/configs/evb_ast2600.h | 7 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/configs/evb-ast2600_defconfig b/configs/evb-ast2600_defconfig index eba6940ec1..abb156f13e 100644 --- a/configs/evb-ast2600_defconfig +++ b/configs/evb-ast2600_defconfig @@ -27,7 +27,7 @@ CONFIG_SPL_LOAD_FIT_ADDRESS=0x1 CONFIG_USE_BOOTARGS=y CONFIG_BOOTARGS="console=ttyS4,115200n8 root=/dev/ram rw" CONFIG_USE_BOOTCOMMAND=y -CONFIG_BOOTCOMMAND="bootm 2010" +CONFIG_BOOTCOMMAND="run bootspi" # CONFIG_DISPLAY_CPUINFO is not set CONFIG_SPL_SIZE_LIMIT_SUBTRACT_GD=y CONFIG_SPL_SIZE_LIMIT_SUBTRACT_MALLOC=y diff --git a/include/configs/evb_ast2600.h b/include/configs/evb_ast2600.h index d2aceb6663..83002db317 100644 --- a/include/configs/evb_ast2600.h +++ b/include/configs/evb_ast2600.h @@ -14,7 +14,14 @@ #define CONFIG_SYS_LOAD_ADDR 0x8300 /* Misc */ +#define STR_HELPER(s) #s +#define STR(s) STR_HELPER(s) + #define CONFIG_EXTRA_ENV_SETTINGS \ + "loadaddr=" STR(CONFIG_SYS_LOAD_ADDR) "\0" \ + "bootspi=fdt addr 2010 && fdt header get fitsize totalsize && " \ + "cp.b 2010 ${loadaddr} ${fitsize} && bootm; " \ + "echo Error loading kernel FIT image\0" \ "verify=yes\0" \ "spi_dma=yes\0" \ "" -- 2.17.1
[PATCH next v4 06/11] crypto: aspeed: Add AST2600 ACRY support
ACRY is deisnged to accerlerate ECC/RSA digital signature generation and verification. Signed-off-by: Chia-Wei Wang --- drivers/crypto/aspeed/Kconfig | 10 ++ drivers/crypto/aspeed/Makefile | 1 + drivers/crypto/aspeed/aspeed_acry.c | 182 lib/rsa/Kconfig | 10 +- 4 files changed, 202 insertions(+), 1 deletion(-) create mode 100644 drivers/crypto/aspeed/aspeed_acry.c diff --git a/drivers/crypto/aspeed/Kconfig b/drivers/crypto/aspeed/Kconfig index 471c06f986..9bf317177a 100644 --- a/drivers/crypto/aspeed/Kconfig +++ b/drivers/crypto/aspeed/Kconfig @@ -8,3 +8,13 @@ config ASPEED_HACE Enabling this allows the use of SHA operations in hardware without requiring the SHA software implementations. It also improves performance and saves code size. + +config ASPEED_ACRY + bool "ASPEED RSA and ECC Engine" + depends on ASPEED_AST2600 + help +Select this option to enable a driver for using the RSA/ECC engine in +the ASPEED BMC SoCs. + +Enabling this allows the use of RSA/ECC operations in hardware without requiring the +software implementations. It also improves performance and saves code size. diff --git a/drivers/crypto/aspeed/Makefile b/drivers/crypto/aspeed/Makefile index 84e6bfe82a..58b55fc46e 100644 --- a/drivers/crypto/aspeed/Makefile +++ b/drivers/crypto/aspeed/Makefile @@ -1 +1,2 @@ obj-$(CONFIG_ASPEED_HACE) += aspeed_hace.o +obj-$(CONFIG_ASPEED_ACRY) += aspeed_acry.o diff --git a/drivers/crypto/aspeed/aspeed_acry.c b/drivers/crypto/aspeed/aspeed_acry.c new file mode 100644 index 00..0b948f828a --- /dev/null +++ b/drivers/crypto/aspeed/aspeed_acry.c @@ -0,0 +1,182 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright 2021 ASPEED Technology Inc. + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* ACRY register offsets */ +#define ACRY_CTRL1 0x00 +#define ACRY_CTRL1_RSA_DMA BIT(1) +#define ACRY_CTRL1_RSA_START BIT(0) +#define ACRY_CTRL2 0x44 +#define ACRY_CTRL3 0x48 +#define ACRY_CTRL3_SRAM_AHB_ACCESS BIT(8) +#define ACRY_CTRL3_ECC_RSA_MODE_MASK GENMASK(5, 4) +#define ACRY_CTRL3_ECC_RSA_MODE_SHIFT4 +#define ACRY_DMA_DRAM_SADDR0x4c +#define ACRY_DMA_DMEM_TADDR0x50 +#define ACRY_DMA_DMEM_TADDR_LEN_MASK GENMASK(15, 0) +#define ACRY_DMA_DMEM_TADDR_LEN_SHIFT0 +#define ACRY_RSA_PARAM 0x58 +#define ACRY_RSA_PARAM_EXP_MASK GENMASK(31, 16) +#define ACRY_RSA_PARAM_EXP_SHIFT 16 +#define ACRY_RSA_PARAM_MOD_MASK GENMASK(15, 0) +#define ACRY_RSA_PARAM_MOD_SHIFT 0 +#define ACRY_RSA_INT_EN0x3f8 +#define ACRY_RSA_INT_EN_RSA_READYBIT(2) +#define ACRY_RSA_INT_EN_RSA_CMPLTBIT(1) +#define ACRY_RSA_INT_STS 0x3fc +#define ACRY_RSA_INT_STS_RSA_READY BIT(2) +#define ACRY_RSA_INT_STS_RSA_CMPLT BIT(1) + +/* misc. constant */ +#define ACRY_ECC_MODE 2 +#define ACRY_RSA_MODE 3 +#define ACRY_CTX_BUFSZ 0x600 + +struct aspeed_acry { + phys_addr_t base; + phys_addr_t sram_base; /* internal sram */ + struct clk clk; +}; + +static int aspeed_acry_mod_exp(struct udevice *dev, const uint8_t *sig, uint32_t sig_len, + struct key_prop *prop, uint8_t *out) +{ + int i, j; + u8 *ctx; + u8 *ptr; + u32 reg; + struct aspeed_acry *acry = dev_get_priv(dev); + + ctx = memalign(16, ACRY_CTX_BUFSZ); + if (!ctx) + return -ENOMEM; + + memset(ctx, 0, ACRY_CTX_BUFSZ); + + ptr = (u8 *)prop->public_exponent; + for (i = prop->exp_len - 1, j = 0; i >= 0; --i) { + ctx[j] = ptr[i]; + j++; + j = (j % 16) ? j : j + 32; + } + + ptr = (u8 *)prop->modulus; + for (i = (prop->num_bits >> 3) - 1, j = 0; i >= 0; --i) { + ctx[j + 16] = ptr[i]; + j++; + j = (j % 16) ? j : j + 32; + } + + ptr = (u8 *)sig; + for (i = sig_len - 1, j = 0; i >= 0; --i) { + ctx[j + 32] = ptr[i]; + j++; + j = (j % 16) ? j : j + 32; + } + + writel((u32)ctx, acry->base + ACRY_DMA_DRAM_SADDR); + + reg = (((prop->exp_len << 3) << ACRY_RSA_PARAM_EXP_SHIFT) & ACRY_RSA_PARAM_EXP_MASK) | + ((prop->num_bits << ACRY_RSA_PARAM_MOD_SHIFT) & ACRY_RSA_PARAM_MOD_MASK); + writel(reg, acry->base + ACRY_RSA_PARAM); + + reg = (ACRY_CTX_BUFSZ << ACRY_DMA_DMEM_TADDR_LEN_SHIFT) & ACRY_DMA_DMEM_TADDR_LEN_MASK; + writel(reg, acry->base + ACRY_DMA_DMEM_TADDR); + + reg = (ACRY_RSA_MODE << ACRY_CTRL3_ECC_RSA_MODE_SHIFT) & ACRY_CTRL3_ECC_RSA_MODE_MASK; + writel(reg, acry->bas
[PATCH next v4 07/11] ARM: dts: ast2600: Add ACRY to device tree
Add ACRY DTS node and enable it for AST2600 EVB. Signed-off-by: Chia-Wei Wang --- arch/arm/dts/ast2600-evb.dts | 5 + arch/arm/dts/ast2600.dtsi| 9 + 2 files changed, 14 insertions(+) diff --git a/arch/arm/dts/ast2600-evb.dts b/arch/arm/dts/ast2600-evb.dts index adb80a30ef..05362d19bd 100644 --- a/arch/arm/dts/ast2600-evb.dts +++ b/arch/arm/dts/ast2600-evb.dts @@ -182,3 +182,8 @@ u-boot,dm-pre-reloc; status = "okay"; }; + + { + u-boot,dm-pre-reloc; + status = "okay"; +}; diff --git a/arch/arm/dts/ast2600.dtsi b/arch/arm/dts/ast2600.dtsi index 642206fb77..0103e93573 100644 --- a/arch/arm/dts/ast2600.dtsi +++ b/arch/arm/dts/ast2600.dtsi @@ -195,6 +195,15 @@ status = "disabled"; }; + acry: acry@1e6fa000 { + compatible = "aspeed,ast2600-acry"; + reg = <0x1e6fa000 0x1000>, + <0x1e71 0x1>; + interrupts = ; + clocks = < ASPEED_CLK_GATE_RSACLK>; + status = "disabled"; + }; + edac: sdram@1e6e { compatible = "aspeed,ast2600-sdram-edac"; reg = <0x1e6e 0x174>; -- 2.17.1
[PATCH next v4 08/11] ast2600: spl: Locate load buffer in DRAM space
Return CONFIG_SYS_LOAD_ADDR pointing to DRAM space for spl_get_load_buffer() to allow generic SPL image loading code (e.g. FIT and Ymodem) to store data in DRAM. Signed-off-by: Chia-Wei Wang --- arch/arm/mach-aspeed/ast2600/spl.c | 9 + 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/arch/arm/mach-aspeed/ast2600/spl.c b/arch/arm/mach-aspeed/ast2600/spl.c index 0d8cb29678..6c49d6aede 100644 --- a/arch/arm/mach-aspeed/ast2600/spl.c +++ b/arch/arm/mach-aspeed/ast2600/spl.c @@ -28,14 +28,7 @@ u32 spl_boot_device(void) struct image_header *spl_get_load_buffer(ssize_t offset, size_t size) { - /* -* When boot from SPI, AST2600 already remap 0x ~ 0x0fff -* to BMC SPI memory space 0x2000 ~ 0x2fff. The next stage BL -* has been located in SPI for XIP. In this case, the load buffer for -* SPL image loading will be set to the remapped address of the next -* BL instead of the DRAM space CONFIG_SYS_LOAD_ADDR -*/ - return (struct image_header *)(CONFIG_SYS_TEXT_BASE); + return (struct image_header *)(CONFIG_SYS_LOAD_ADDR); } #ifdef CONFIG_SPL_OS_BOOT -- 2.17.1
[PATCH next v4 04/11] ARM: dts: ast2600: Add HACE to device tree
From: Joel Stanley Add HACE DTS node and enable it for AST2600 EVB. Signed-off-by: Joel Stanley Signed-off-by: Chia-Wei Wang --- arch/arm/dts/ast2600-evb.dts | 5 + arch/arm/dts/ast2600.dtsi| 8 2 files changed, 13 insertions(+) diff --git a/arch/arm/dts/ast2600-evb.dts b/arch/arm/dts/ast2600-evb.dts index 2abd31341c..adb80a30ef 100644 --- a/arch/arm/dts/ast2600-evb.dts +++ b/arch/arm/dts/ast2600-evb.dts @@ -177,3 +177,8 @@ 0x08 0x04 0x08 0x04>; }; + + { + u-boot,dm-pre-reloc; + status = "okay"; +}; diff --git a/arch/arm/dts/ast2600.dtsi b/arch/arm/dts/ast2600.dtsi index ac0f08b7ea..642206fb77 100644 --- a/arch/arm/dts/ast2600.dtsi +++ b/arch/arm/dts/ast2600.dtsi @@ -187,6 +187,14 @@ }; }; + hace: hace@1e6d { + compatible = "aspeed,ast2600-hace"; + reg = <0x1e6d 0x200>; + interrupts = ; + clocks = < ASPEED_CLK_GATE_YCLK>; + status = "disabled"; + }; + edac: sdram@1e6e { compatible = "aspeed,ast2600-sdram-edac"; reg = <0x1e6e 0x174>; -- 2.17.1
[PATCH next v4 05/11] clk: ast2600: Add RSACLK control for ACRY
Add RSACLK enable for ACRY, the HW RSA/ECC crypto engine of ASPEED AST2600 SoCs. As ACRY and HACE share the same reset control bit, we do not perform the reset-hold-n-release operation during their clock ungating process. Instead, only reset release is conducted to prevent mutual interference. Signed-off-by: Chia-Wei Wang --- .../arm/include/asm/arch-aspeed/scu_ast2600.h | 1 + drivers/clk/aspeed/clk_ast2600.c | 22 +-- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h index d7b500f656..7c5aab98b6 100644 --- a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h +++ b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h @@ -8,6 +8,7 @@ #define SCU_UNLOCK_KEY 0x1688a8a8 #define SCU_CLKGATE1_EMMC BIT(27) +#define SCU_CLKGATE1_ACRY BIT(24) #define SCU_CLKGATE1_MAC2 BIT(21) #define SCU_CLKGATE1_MAC1 BIT(20) #define SCU_CLKGATE1_USB_HUB BIT(14) diff --git a/drivers/clk/aspeed/clk_ast2600.c b/drivers/clk/aspeed/clk_ast2600.c index 69128fd3c4..f6ebf824aa 100644 --- a/drivers/clk/aspeed/clk_ast2600.c +++ b/drivers/clk/aspeed/clk_ast2600.c @@ -1018,11 +1018,26 @@ static ulong ast2600_enable_haceclk(struct ast2600_scu *scu) uint32_t reset_bit; uint32_t clkgate_bit; + /* share the same reset control bit with ACRY */ reset_bit = BIT(ASPEED_RESET_HACE); clkgate_bit = SCU_CLKGATE1_HACE; - writel(reset_bit, >modrst_ctrl1); - udelay(100); + writel(clkgate_bit, >clkgate_clr1); + mdelay(20); + writel(reset_bit, >modrst_clr1); + + return 0; +} + +static ulong ast2600_enable_rsaclk(struct ast2600_scu *scu) +{ + uint32_t reset_bit; + uint32_t clkgate_bit; + + /* share the same reset control bit with HACE */ + reset_bit = BIT(ASPEED_RESET_HACE); + clkgate_bit = SCU_CLKGATE1_ACRY; + writel(clkgate_bit, >clkgate_clr1); mdelay(20); writel(reset_bit, >modrst_clr1); @@ -1071,6 +1086,9 @@ static int ast2600_clk_enable(struct clk *clk) case ASPEED_CLK_GATE_YCLK: ast2600_enable_haceclk(priv->scu); break; + case ASPEED_CLK_GATE_RSACLK: + ast2600_enable_rsaclk(priv->scu); + break; default: pr_err("can't enable clk\n"); return -ENOENT; -- 2.17.1
[PATCH next v4 03/11] crypto: aspeed: Add AST2600 HACE support
From: Johnny Huang Hash and Crypto Engine (HACE) is designed to accelerate the throughput of hash data digest, and symmetric-key encryption. Signed-off-by: Johnny Huang Signed-off-by: Chia-Wei Wang --- drivers/crypto/Kconfig | 2 + drivers/crypto/Makefile | 1 + drivers/crypto/aspeed/Kconfig | 10 + drivers/crypto/aspeed/Makefile | 1 + drivers/crypto/aspeed/aspeed_hace.c | 381 drivers/crypto/hash/Kconfig | 8 + 6 files changed, 403 insertions(+) create mode 100644 drivers/crypto/aspeed/Kconfig create mode 100644 drivers/crypto/aspeed/Makefile create mode 100644 drivers/crypto/aspeed/aspeed_hace.c diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index 0082177c21..675081ecd3 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -4,4 +4,6 @@ source drivers/crypto/hash/Kconfig source drivers/crypto/fsl/Kconfig +source drivers/crypto/aspeed/Kconfig + endmenu diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile index 4a12b56be6..584715b4c9 100644 --- a/drivers/crypto/Makefile +++ b/drivers/crypto/Makefile @@ -7,3 +7,4 @@ obj-$(CONFIG_EXYNOS_ACE_SHA)+= ace_sha.o obj-y += rsa_mod_exp/ obj-y += fsl/ obj-y += hash/ +obj-y += aspeed/ diff --git a/drivers/crypto/aspeed/Kconfig b/drivers/crypto/aspeed/Kconfig new file mode 100644 index 00..471c06f986 --- /dev/null +++ b/drivers/crypto/aspeed/Kconfig @@ -0,0 +1,10 @@ +config ASPEED_HACE + bool "ASPEED Hash and Crypto Engine" + depends on DM_HASH + help + Select this option to enable a driver for using the SHA engine in + the ASPEED BMC SoCs. + + Enabling this allows the use of SHA operations in hardware without + requiring the SHA software implementations. It also improves performance + and saves code size. diff --git a/drivers/crypto/aspeed/Makefile b/drivers/crypto/aspeed/Makefile new file mode 100644 index 00..84e6bfe82a --- /dev/null +++ b/drivers/crypto/aspeed/Makefile @@ -0,0 +1 @@ +obj-$(CONFIG_ASPEED_HACE) += aspeed_hace.o diff --git a/drivers/crypto/aspeed/aspeed_hace.c b/drivers/crypto/aspeed/aspeed_hace.c new file mode 100644 index 00..1178cc6a76 --- /dev/null +++ b/drivers/crypto/aspeed/aspeed_hace.c @@ -0,0 +1,381 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright 2021 ASPEED Technology Inc. + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* register offsets*/ +#define HACE_STS 0x1C +#define HACE_HASH_DATA_OVF BIT(23) +#define HACE_HASH_INTBIT(9) +#define HACE_HASH_BUSY BIT(0) +#define HACE_HASH_DATA 0x20 +#define HACE_HASH_DIGEST 0x24 +#define HACE_HASH_HMAC_KEY 0x28 +#define HACE_HASH_DATA_LEN 0x2C +#define HACE_HASH_CMD 0x30 +#define HACE_HASH_MODE_ACCUM BIT(8) +#define HACE_HASH_ALGO_SHA1 BIT(5) +#define HACE_HASH_ALGO_SHA256(BIT(6) | BIT(4)) +#define HACE_HASH_ALGO_SHA384(BIT(10) | BIT(6) | BIT(5)) +#define HACE_HASH_ALGO_SHA512(BIT(6) | BIT(5)) +#define HACE_HASH_SHA_BE_EN BIT(3) + +/* buffer size based on SHA-512 need*/ +#define HASH_BLOCK_BUFSZ 128 +#define HASH_DIGEST_BUFSZ 64 + +struct aspeed_hace_ctx { + uint8_t digest[HASH_DIGEST_BUFSZ]; + + uint32_t cmd; + enum HASH_ALGO algo; + + uint32_t blk_size; + uint32_t pad_size; + uint64_t total[2]; + + uint8_t buf[HASH_BLOCK_BUFSZ]; + uint32_t buf_cnt; +} __aligned((8)); + +struct aspeed_hace { + phys_addr_t base; + struct clk clk; +}; + +static const uint32_t iv_sha1[8] = { + 0x01234567, 0x89abcdef, 0xfedcba98, 0x76543210, + 0xf0e1d2c3, 0, 0, 0 +}; + +static const uint32_t iv_sha256[8] = { + 0x67e6096a, 0x85ae67bb, 0x72f36e3c, 0x3af54fa5, + 0x7f520e51, 0x8c68059b, 0xabd9831f, 0x19cde05bUL +}; + +static const uint32_t iv_sha384[16] = { + 0x5d9dbbcb, 0xd89e05c1, 0x2a299a62, 0x07d57c36, + 0x5a015991, 0x17dd7030, 0xd8ec2f15, 0x39590ef7, + 0x67263367, 0x310bc0ff, 0x874ab48e, 0x11155868, + 0x0d2e0cdb, 0xa78ff964, 0x1d48b547, 0xa44ffabeUL +}; + +static const uint32_t iv_sha512[16] = { + 0x67e6096a, 0x08c9bcf3, 0x85ae67bb, 0x3ba7ca84, + 0x72f36e3c, 0x2bf894fe, 0x3af54fa5, 0xf1361d5f, + 0x7f520e51, 0xd182e6ad, 0x8c68059b, 0x1f6c3e2b, + 0xabd9831f, 0x6bbd41fb, 0x19cde05b, 0x79217e13UL +}; + +static int aspeed_hace_wait_completion(uint32_t reg, uint32_t flag, int timeout_us) +{ + uint32_t val; + + return readl_poll_timeout(reg, val, (val & flag) == flag, timeout_us); +} + +static int aspeed_hace_process(struct udevice *dev, void *ctx, const void *ibuf, uint32_t ilen) +{ + struct aspeed_hace *hace = de
[PATCH next v4 00/11] aspeed: Support secure boot chain with FIT image verification
This patch series intends to provide a secure boot chain from SPL to Linux kernel based on the hash and signature verification of FIT image paradigm. To improve the performance and save code size (SPL is limited to 64KB due to HW-RoT), the drviers of two HW crypto engine HACE and ACRY are also added for AST26xx SoCs. As HACE and ACRY can only access to DRAM space, additional configuration and boot command are also updated according to move each FIT image before its booting. In addition, the common code of FIT image hash algorithm lookup is also revised to leverage the HW accelerated calculation. v4: - add new DM_HASH based driver for Aspeed HACE - remove SPL board init, which was originally used to probe non-DM HACE driver - fix typo of ARCY to ACRY - refactor defconfig based on the new Kconfig of U-Boot next branch v3: - add SW work around for HACE HW DMA issue by resetting HACE - add reset control for HACE device tree node - sync all of the HACE error message to use debug() v2: - update commit authors Chia-Wei Wang (8): aspeed: ast2600: Enlarge SRAM size clk: ast2600: Add RSACLK control for ACRY crypto: aspeed: Add AST2600 ACRY support ARM: dts: ast2600: Add ACRY to device tree ast2600: spl: Locate load buffer in DRAM space configs: ast2600-evb: Enable SPL FIT support configs: aspeed: Make EXTRA_ENV_SETTINGS board specific configs: ast2600: Boot kernel FIT in DRAM Joel Stanley (2): clk: ast2600: Add YCLK control for HACE ARM: dts: ast2600: Add HACE to device tree Johnny Huang (1): crypto: aspeed: Add AST2600 HACE support arch/arm/dts/ast2600-evb.dts | 10 + arch/arm/dts/ast2600.dtsi | 17 + arch/arm/include/asm/arch-aspeed/platform.h | 2 +- .../arm/include/asm/arch-aspeed/scu_ast2600.h | 6 +- arch/arm/mach-aspeed/ast2600/spl.c| 9 +- configs/evb-ast2600_defconfig | 22 +- drivers/clk/aspeed/clk_ast2600.c | 38 ++ drivers/crypto/Kconfig| 2 + drivers/crypto/Makefile | 1 + drivers/crypto/aspeed/Kconfig | 20 + drivers/crypto/aspeed/Makefile| 2 + drivers/crypto/aspeed/aspeed_acry.c | 182 + drivers/crypto/aspeed/aspeed_hace.c | 381 ++ drivers/crypto/hash/Kconfig | 8 + include/configs/aspeed-common.h | 9 - include/configs/evb_ast2500.h | 9 + include/configs/evb_ast2600.h | 16 + lib/rsa/Kconfig | 10 +- 18 files changed, 719 insertions(+), 25 deletions(-) create mode 100644 drivers/crypto/aspeed/Kconfig create mode 100644 drivers/crypto/aspeed/Makefile create mode 100644 drivers/crypto/aspeed/aspeed_acry.c create mode 100644 drivers/crypto/aspeed/aspeed_hace.c -- 2.17.1
[PATCH next v4 01/11] aspeed: ast2600: Enlarge SRAM size
The AST2600 SRAM has been extended to 88KB since A1 chip revision. This patch updates the SRAM size to offer more space for early stack/heap use. Signed-off-by: Chia-Wei Wang --- arch/arm/include/asm/arch-aspeed/platform.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/include/asm/arch-aspeed/platform.h b/arch/arm/include/asm/arch-aspeed/platform.h index d50ec5f8a9..589abd4a3f 100644 --- a/arch/arm/include/asm/arch-aspeed/platform.h +++ b/arch/arm/include/asm/arch-aspeed/platform.h @@ -17,7 +17,7 @@ #define ASPEED_MAC_COUNT 4 #define ASPEED_DRAM_BASE 0x8000 #define ASPEED_SRAM_BASE 0x1000 -#define ASPEED_SRAM_SIZE 0x1 +#define ASPEED_SRAM_SIZE 0x16000 #else #err "Unrecognized Aspeed platform." #endif -- 2.17.1
[PATCH next] lib: hash-checksum: Use DM_HASH if supported
Use DM_HASH to perform hashing operations if supported. Thus either SW or HW-assisted hashing could be leveraged. Signed-off-by: Chia-Wei Wang --- lib/hash-checksum.c | 37 + 1 file changed, 37 insertions(+) diff --git a/lib/hash-checksum.c b/lib/hash-checksum.c index d732ecc38f..f30873db38 100644 --- a/lib/hash-checksum.c +++ b/lib/hash-checksum.c @@ -10,6 +10,10 @@ #include #include #include +#if defined(CONFIG_DM_HASH) +#include +#include +#endif #else #include "fdt_host.h" #endif @@ -20,6 +24,38 @@ int hash_calculate(const char *name, const struct image_region region[], int region_count, uint8_t *checksum) { +#if !defined(USE_HOSTCC) && defined(CONFIG_DM_HASH) + int i, rc; + enum HASH_ALGO hash_algo; + struct udevice *dev; + void *ctx; + + rc = uclass_get_device(UCLASS_HASH, 0, ); + if (rc) { + debug("failed to get hash device, rc=%d\n", rc); + return -1; + } + + hash_algo = hash_algo_lookup_by_name(name); + if (hash_algo == HASH_ALGO_INVALID) { + debug("Unsupported hash algorithm\n"); + return -1; + }; + + rc = hash_init(dev, hash_algo, ); + if (rc) + return rc; + + for (i = 0; i < region_count; i++) { + rc = hash_update(dev, ctx, region[i].data, region[i].size); + if (rc) + return rc; + } + + rc = hash_finish(dev, ctx, checksum); + if (rc) + return rc; +#else struct hash_algo *algo; int ret = 0; void *ctx; @@ -47,6 +83,7 @@ int hash_calculate(const char *name, ret = algo->hash_finish(algo, ctx, checksum, algo->digest_size); if (ret) return ret; +#endif return 0; } -- 2.17.1
[PATCH] ARM: dts: ast2600: Make WDT by default disabled
The WDT devices described in the general .dtsi file should be marked as "disabled" by default. A WDT should be then enabled in the board specific .dts file on demands. Signed-off-by: Chia-Wei Wang --- arch/arm/dts/ast2600.dtsi | 4 1 file changed, 4 insertions(+) diff --git a/arch/arm/dts/ast2600.dtsi b/arch/arm/dts/ast2600.dtsi index ac0f08b7ea..f121f547e6 100644 --- a/arch/arm/dts/ast2600.dtsi +++ b/arch/arm/dts/ast2600.dtsi @@ -474,21 +474,25 @@ wdt1: watchdog@1e785000 { compatible = "aspeed,ast2600-wdt"; reg = <0x1e785000 0x40>; + status = "disabled"; }; wdt2: watchdog@1e785040 { compatible = "aspeed,ast2600-wdt"; reg = <0x1e785040 0x40>; + status = "disabled"; }; wdt3: watchdog@1e785080 { compatible = "aspeed,ast2600-wdt"; reg = <0x1e785080 0x40>; + status = "disabled"; }; wdt4: watchdog@1e7850C0 { compatible = "aspeed,ast2600-wdt"; reg = <0x1e7850C0 0x40>; + status = "disabled"; }; lpc: lpc@1e789000 { -- 2.17.1
[PATCH v2] Rename CONFIG_SPL_FIT_SHAxxx to CONFIG_SPL_SHAxxx
Rename these options to align the use in common/image-fit.c else if (CONFIG_IS_ENABLED(SHA1) && strcmp(algo, "sha1") == 0) ... else if (CONFIG_IS_ENABLED(SHA256) && strcmp(algo, "sha256") == 0) ... else if (CONFIG_IS_ENABLED(SHA384) && strcmp(algo, "sha384") == 0) ... else if (CONFIG_IS_ENABLED(SHA512) && strcmp(algo, "sha512") == 0) ... Signed-off-by: Chia-Wei Wang --- v2: - fix typo in the commit title common/spl/Kconfig | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/common/spl/Kconfig b/common/spl/Kconfig index c155a3b5fc..c771ae028b 100644 --- a/common/spl/Kconfig +++ b/common/spl/Kconfig @@ -439,7 +439,7 @@ config SPL_MD5 applications where images may be changed maliciously, you should consider SHA256 or SHA384. -config SPL_FIT_SHA1 +config SPL_SHA1 bool "Support SHA1" depends on SPL_FIT select SHA1 @@ -451,7 +451,7 @@ config SPL_FIT_SHA1 due to the expanding computing power available to brute-force attacks. For more security, consider SHA256 or SHA384. -config SPL_FIT_SHA256 +config SPL_SHA256 bool "Support SHA256" depends on SPL_FIT select SHA256 @@ -460,7 +460,7 @@ config SPL_FIT_SHA256 checksum is a 256-bit (32-byte) hash value used to check that the image contents have not been corrupted. -config SPL_FIT_SHA384 +config SPL_SHA384 bool "Support SHA384" depends on SPL_FIT select SHA384 @@ -471,7 +471,7 @@ config SPL_FIT_SHA384 image contents have not been corrupted. Use this for the highest security. -config SPL_FIT_SHA512 +config SPL_SHA512 bool "Support SHA512" depends on SPL_FIT select SHA512 -- 2.17.1
[PATCH v2 1/2] arm: Fix option dependency with Kconfig language
Use Kconfig 'depends on' instead of #if macro to express the option depdencies. Signed-off-by: Chia-Wei Wang --- arch/arm/Kconfig | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 2b7b625705..c142eaa5c1 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -9,9 +9,9 @@ config ARM64 select PHYS_64BIT select SYS_CACHE_SHIFT_6 -if ARM64 config POSITION_INDEPENDENT bool "Generate position-independent pre-relocation code" + depends on ARM64 help U-Boot expects to be linked to a specific hard-coded address, and to be loaded to and run from that address. This option lifts that @@ -22,6 +22,7 @@ config POSITION_INDEPENDENT config INIT_SP_RELATIVE bool "Specify the early stack pointer relative to the .bss section" + depends on ARM64 default n if ARCH_QEMU default y if POSITION_INDEPENDENT help @@ -37,6 +38,7 @@ config INIT_SP_RELATIVE config SYS_INIT_SP_BSS_OFFSET int "Early stack offset from the .bss base address" + depends on ARM64 depends on INIT_SP_RELATIVE default 524288 help @@ -46,6 +48,7 @@ config SYS_INIT_SP_BSS_OFFSET do not overlap any appended DTB. config LINUX_KERNEL_IMAGE_HEADER + depends on ARM64 bool help Place a Linux kernel image header at the start of the U-Boot binary. @@ -54,14 +57,12 @@ config LINUX_KERNEL_IMAGE_HEADER image header reports the amount of memory (BSS and similar) that U-Boot needs to use, but which isn't part of the binary. -if LINUX_KERNEL_IMAGE_HEADER config LNX_KRNL_IMG_TEXT_OFFSET_BASE + depends on LINUX_KERNEL_IMAGE_HEADER hex help The value subtracted from CONFIG_SYS_TEXT_BASE to calculate the TEXT_OFFSET value written to the Linux kernel image header. -endif -endif config GIC_V3_ITS bool "ARM GICV3 ITS" -- 2.17.1
[PATCH v2 2/2] armv7: Add Position Independent Execution support
A U-Boot image could be loaded and executed at a different location than it was linked at. For example, Aspeed takes a stable release version of U-Boot image as the golden one for recovery purposes. When the primary storage such as flash is corrupted, the golden image would be loaded to any SRAM/DRAM address on demands through ethernet/UART/etc and run for rescue. To deal with this condition, the PIE is needed as there is only one signed, golden image, which could be however executed at different places. This patch adds the PIE support for ARMv7 platform. Signed-off-by: Chia-Wei Wang --- arch/arm/Kconfig | 2 +- arch/arm/cpu/armv7/start.S | 43 ++ arch/arm/lib/crt0.S| 11 ++ arch/arm/lib/relocate.S| 35 ++- 4 files changed, 80 insertions(+), 11 deletions(-) diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index c142eaa5c1..d653f64c47 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -11,7 +11,7 @@ config ARM64 config POSITION_INDEPENDENT bool "Generate position-independent pre-relocation code" - depends on ARM64 + depends on ARM64 || CPU_V7A help U-Boot expects to be linked to a specific hard-coded address, and to be loaded to and run from that address. This option lifts that diff --git a/arch/arm/cpu/armv7/start.S b/arch/arm/cpu/armv7/start.S index dcb4195d7b..3c0b2d6a71 100644 --- a/arch/arm/cpu/armv7/start.S +++ b/arch/arm/cpu/armv7/start.S @@ -39,6 +39,42 @@ reset: /* Allow the board to save important registers */ b save_boot_params save_boot_params_ret: +#ifdef CONFIG_POSITION_INDEPENDENT + /* +* Fix .rela.dyn relocations. This allows U-Boot to loaded to and +* executed at a different address than it was linked at. +*/ +pie_fixup: + adr r0, reset /* r0 <- Runtime value of reset label */ + ldr r1, =reset /* r1 <- Linked value of reset label */ + subsr4, r0, r1 /* r4 <- Runtime-vs-link offset */ + beq pie_fixup_done + + adr r0, pie_fixup + ldr r1, _rel_dyn_start_ofs + add r2, r0, r1 /* r2 <- Runtime &__rel_dyn_start */ + ldr r1, _rel_dyn_end_ofs + add r3, r0, r1 /* r3 <- Runtime &__rel_dyn_end */ + +pie_fix_loop: + ldr r0, [r2]/* r0 <- Link location */ + ldr r1, [r2, #4]/* r1 <- fixup */ + cmp r1, #23 /* relative fixup? */ + bne pie_skip_reloc + + /* relative fix: increase location by offset */ + add r0, r4 + ldr r1, [r0] + add r1, r4 + str r1, [r0] + str r0, [r2] + add r2, #8 +pie_skip_reloc: + cmp r2, r3 + blo pie_fix_loop +pie_fixup_done: +#endif + #ifdef CONFIG_ARMV7_LPAE /* * check for Hypervisor support @@ -340,3 +376,10 @@ ENTRY(cpu_init_crit) b lowlevel_init @ go setup pll,mux,memory ENDPROC(cpu_init_crit) #endif + +#if CONFIG_POSITION_INDEPENDENT +_rel_dyn_start_ofs: + .word __rel_dyn_start - pie_fixup +_rel_dyn_end_ofs: + .word __rel_dyn_end - pie_fixup +#endif diff --git a/arch/arm/lib/crt0.S b/arch/arm/lib/crt0.S index 46b6be21a8..956d258c9d 100644 --- a/arch/arm/lib/crt0.S +++ b/arch/arm/lib/crt0.S @@ -130,6 +130,14 @@ ENTRY(_main) ldr r9, [r9, #GD_NEW_GD]/* r9 <- gd->new_gd */ adr lr, here +#if defined(CONFIG_POSITION_INDEPENDENT) + adr r0, _main + ldr r1, _start_ofs + add r0, r1 + ldr r1, =CONFIG_SYS_TEXT_BASE + sub r1, r0 + add lr, r1 +#endif ldr r0, [r9, #GD_RELOC_OFF] /* r0 = gd->reloc_off */ add lr, lr, r0 #if defined(CONFIG_CPU_V7M) @@ -180,3 +188,6 @@ here: #endif ENDPROC(_main) + +_start_ofs: + .word _start - _main diff --git a/arch/arm/lib/relocate.S b/arch/arm/lib/relocate.S index e5f7267be1..14b7f61c1a 100644 --- a/arch/arm/lib/relocate.S +++ b/arch/arm/lib/relocate.S @@ -78,22 +78,28 @@ ENDPROC(relocate_vectors) */ ENTRY(relocate_code) - ldr r1, =__image_copy_start /* r1 <- SRC &__image_copy_start */ - subsr4, r0, r1 /* r4 <- relocation offset */ - beq relocate_done /* skip relocation */ - ldr r2, =__image_copy_end /* r2 <- SRC &__image_copy_end */ - + adr r3, relocate_code + ldr r1, _image_copy_start_ofs + add r1, r3 /* r1 <- Run &__image_copy_start */ + subsr4, r0, r1 /* r4 <- Run to copy offset */ + beq relocate_done /* skip relocation */ + ldr r1, _image_copy_start_ofs + add r1, r3 /* r1 <- Run &__image_copy_start */ + ld
[PATCH v2 0/2] armv7: Add Position Independent Execution support
Add PIE support for ARMv7 platform. v2: - Fix Kconfig option dependices using Kconfig language Chia-Wei Wang (2): arm: Fix option dependency with Kconfig language armv7: Add Position Independent Execution support arch/arm/Kconfig | 9 arch/arm/cpu/armv7/start.S | 43 ++ arch/arm/lib/crt0.S| 11 ++ arch/arm/lib/relocate.S| 35 ++- 4 files changed, 84 insertions(+), 14 deletions(-) -- 2.17.1
[PATCH] armv7: Add Position Independent Execution support
A U-Boot image could be loaded and executed at a different location than it was linked at. For example, Aspeed takes a stable release version of U-Boot image as the golden one for recovery purposes. When the primary storage such as flash is corrupted, the golden image could be loaded to any SRAM/DRAM address on demands through ethernet/UART/etc. To deal with this condition, the PIE is needed as there is only one signed, golden image, which could be however executed at different places. This patch adds the PIE support for ARMv7 platform. Signed-off-by: Chia-Wei Wang --- arch/arm/Kconfig | 4 +++- arch/arm/cpu/armv7/start.S | 43 ++ arch/arm/lib/crt0.S| 11 ++ arch/arm/lib/relocate.S| 35 ++- 4 files changed, 82 insertions(+), 11 deletions(-) diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 2b7b625705..45879c9f06 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -9,7 +9,7 @@ config ARM64 select PHYS_64BIT select SYS_CACHE_SHIFT_6 -if ARM64 +if ARM64 || CPU_V7A config POSITION_INDEPENDENT bool "Generate position-independent pre-relocation code" help @@ -19,7 +19,9 @@ config POSITION_INDEPENDENT almost any 4K aligned address. This logic relies on the relocation information that is embedded in the binary to support U-Boot relocating itself to the top-of-RAM later during execution. +endif +if ARM64 config INIT_SP_RELATIVE bool "Specify the early stack pointer relative to the .bss section" default n if ARCH_QEMU diff --git a/arch/arm/cpu/armv7/start.S b/arch/arm/cpu/armv7/start.S index dcb4195d7b..3c0b2d6a71 100644 --- a/arch/arm/cpu/armv7/start.S +++ b/arch/arm/cpu/armv7/start.S @@ -39,6 +39,42 @@ reset: /* Allow the board to save important registers */ b save_boot_params save_boot_params_ret: +#ifdef CONFIG_POSITION_INDEPENDENT + /* +* Fix .rela.dyn relocations. This allows U-Boot to loaded to and +* executed at a different address than it was linked at. +*/ +pie_fixup: + adr r0, reset /* r0 <- Runtime value of reset label */ + ldr r1, =reset /* r1 <- Linked value of reset label */ + subsr4, r0, r1 /* r4 <- Runtime-vs-link offset */ + beq pie_fixup_done + + adr r0, pie_fixup + ldr r1, _rel_dyn_start_ofs + add r2, r0, r1 /* r2 <- Runtime &__rel_dyn_start */ + ldr r1, _rel_dyn_end_ofs + add r3, r0, r1 /* r3 <- Runtime &__rel_dyn_end */ + +pie_fix_loop: + ldr r0, [r2]/* r0 <- Link location */ + ldr r1, [r2, #4]/* r1 <- fixup */ + cmp r1, #23 /* relative fixup? */ + bne pie_skip_reloc + + /* relative fix: increase location by offset */ + add r0, r4 + ldr r1, [r0] + add r1, r4 + str r1, [r0] + str r0, [r2] + add r2, #8 +pie_skip_reloc: + cmp r2, r3 + blo pie_fix_loop +pie_fixup_done: +#endif + #ifdef CONFIG_ARMV7_LPAE /* * check for Hypervisor support @@ -340,3 +376,10 @@ ENTRY(cpu_init_crit) b lowlevel_init @ go setup pll,mux,memory ENDPROC(cpu_init_crit) #endif + +#if CONFIG_POSITION_INDEPENDENT +_rel_dyn_start_ofs: + .word __rel_dyn_start - pie_fixup +_rel_dyn_end_ofs: + .word __rel_dyn_end - pie_fixup +#endif diff --git a/arch/arm/lib/crt0.S b/arch/arm/lib/crt0.S index 46b6be21a8..956d258c9d 100644 --- a/arch/arm/lib/crt0.S +++ b/arch/arm/lib/crt0.S @@ -130,6 +130,14 @@ ENTRY(_main) ldr r9, [r9, #GD_NEW_GD]/* r9 <- gd->new_gd */ adr lr, here +#if defined(CONFIG_POSITION_INDEPENDENT) + adr r0, _main + ldr r1, _start_ofs + add r0, r1 + ldr r1, =CONFIG_SYS_TEXT_BASE + sub r1, r0 + add lr, r1 +#endif ldr r0, [r9, #GD_RELOC_OFF] /* r0 = gd->reloc_off */ add lr, lr, r0 #if defined(CONFIG_CPU_V7M) @@ -180,3 +188,6 @@ here: #endif ENDPROC(_main) + +_start_ofs: + .word _start - _main diff --git a/arch/arm/lib/relocate.S b/arch/arm/lib/relocate.S index e5f7267be1..14b7f61c1a 100644 --- a/arch/arm/lib/relocate.S +++ b/arch/arm/lib/relocate.S @@ -78,22 +78,28 @@ ENDPROC(relocate_vectors) */ ENTRY(relocate_code) - ldr r1, =__image_copy_start /* r1 <- SRC &__image_copy_start */ - subsr4, r0, r1 /* r4 <- relocation offset */ - beq relocate_done /* skip relocation */ - ldr r2, =__image_copy_end /* r2 <- SRC &__image_copy_end */ - + adr r3, relocate_code + ldr r1, _image_copy_start_ofs + add r1, r3 /* r1 <- Run &__image_copy_start */ +
[PATCH] Rname CONFIG_SPL_FIT_SHAxxx to CONFIG_SPL_SHAxxx
Rename these options to align the use in common/image-fit.c else if (CONFIG_IS_ENABLED(SHA1) && strcmp(algo, "sha1") == 0) ... else if (CONFIG_IS_ENABLED(SHA256) && strcmp(algo, "sha256") == 0) ... else if (CONFIG_IS_ENABLED(SHA384) && strcmp(algo, "sha384") == 0) ... else if (CONFIG_IS_ENABLED(SHA512) && strcmp(algo, "sha512") == 0) ... Signed-off-by: Chia-Wei Wang --- common/spl/Kconfig | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/common/spl/Kconfig b/common/spl/Kconfig index 9552ed4911..67e0345906 100644 --- a/common/spl/Kconfig +++ b/common/spl/Kconfig @@ -439,7 +439,7 @@ config SPL_MD5 applications where images may be changed maliciously, you should consider SHA256 or SHA384. -config SPL_FIT_SHA1 +config SPL_SHA1 bool "Support SHA1" depends on SPL_FIT select SHA1 @@ -451,7 +451,7 @@ config SPL_FIT_SHA1 due to the expanding computing power available to brute-force attacks. For more security, consider SHA256 or SHA384. -config SPL_FIT_SHA256 +config SPL_SHA256 bool "Support SHA256" depends on SPL_FIT select SHA256 @@ -460,7 +460,7 @@ config SPL_FIT_SHA256 checksum is a 256-bit (32-byte) hash value used to check that the image contents have not been corrupted. -config SPL_FIT_SHA384 +config SPL_SHA384 bool "Support SHA384" depends on SPL_FIT select SHA384 @@ -471,7 +471,7 @@ config SPL_FIT_SHA384 image contents have not been corrupted. Use this for the highest security. -config SPL_FIT_SHA512 +config SPL_SHA512 bool "Support SHA512" depends on SPL_FIT select SHA512 -- 2.17.1
[PATCH 4/4] fit: Use DM hash driver if supported
Calculate hash using DM driver if supported. For backward compatibility, the call to legacy hash functions is reserved. Signed-off-by: Chia-Wei Wang --- common/image-fit.c | 30 ++ 1 file changed, 30 insertions(+) diff --git a/common/image-fit.c b/common/image-fit.c index d6b2c3c7ec..ec2e526356 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -25,6 +25,10 @@ #include #include #include +#ifdef CONFIG_DM_HASH +#include +#include +#endif DECLARE_GLOBAL_DATA_PTR; #endif /* !USE_HOSTCC*/ @@ -1214,6 +1218,31 @@ int fit_set_timestamp(void *fit, int noffset, time_t timestamp) int calculate_hash(const void *data, int data_len, const char *algo, uint8_t *value, int *value_len) { +#if !defined(USE_HOSTCC) && defined(CONFIG_DM_HASH) + int rc; + enum HASH_ALGO hash_algo; + struct udevice *dev; + + rc = uclass_get_device(UCLASS_HASH, 0, ); + if (rc) { + debug("failed to get hash device, rc=%d\n", rc); + return -1; + } + + hash_algo = hash_algo_lookup_by_name(algo); + if (hash_algo == HASH_ALGO_INVALID) { + debug("Unsupported hash algorithm\n"); + return -1; + }; + + rc = hash_digest_wd(dev, hash_algo, data, data_len, value, CHUNKSZ); + if (rc) { + debug("failed to get hash value, rc=%d\n", rc); + return -1; + } + + *value_len = hash_algo_digest_size(hash_algo); +#else if (IMAGE_ENABLE_CRC32 && strcmp(algo, "crc32") == 0) { *((uint32_t *)value) = crc32_wd(0, data, data_len, CHUNKSZ_CRC32); @@ -1242,6 +1271,7 @@ int calculate_hash(const void *data, int data_len, const char *algo, debug("Unsupported hash alogrithm\n"); return -1; } +#endif return 0; } -- 2.17.1
[PATCH 2/4] dm: hash: Add new UCLASS_HASH support
Add UCLASS_HASH for hash driver development. Thus the hash drivers (SW or HW-accelerated) can be developed in the DM-based fashion. Signed-off-by: Chia-Wei Wang --- drivers/crypto/Kconfig| 2 + drivers/crypto/Makefile | 1 + drivers/crypto/hash/Kconfig | 5 ++ drivers/crypto/hash/Makefile | 5 ++ drivers/crypto/hash/hash-uclass.c | 121 ++ include/dm/uclass-id.h| 1 + include/u-boot/hash.h | 61 +++ 7 files changed, 196 insertions(+) create mode 100644 drivers/crypto/hash/Kconfig create mode 100644 drivers/crypto/hash/Makefile create mode 100644 drivers/crypto/hash/hash-uclass.c create mode 100644 include/u-boot/hash.h diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index 1ea116be75..0082177c21 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -1,5 +1,7 @@ menu "Hardware crypto devices" +source drivers/crypto/hash/Kconfig + source drivers/crypto/fsl/Kconfig endmenu diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile index efbd1d3fca..4a12b56be6 100644 --- a/drivers/crypto/Makefile +++ b/drivers/crypto/Makefile @@ -6,3 +6,4 @@ obj-$(CONFIG_EXYNOS_ACE_SHA) += ace_sha.o obj-y += rsa_mod_exp/ obj-y += fsl/ +obj-y += hash/ diff --git a/drivers/crypto/hash/Kconfig b/drivers/crypto/hash/Kconfig new file mode 100644 index 00..e226144b9b --- /dev/null +++ b/drivers/crypto/hash/Kconfig @@ -0,0 +1,5 @@ +config DM_HASH + bool "Enable Driver Model for Hash" + depends on DM + help + If you want to use driver model for Hash, say Y. diff --git a/drivers/crypto/hash/Makefile b/drivers/crypto/hash/Makefile new file mode 100644 index 00..83acf3d47b --- /dev/null +++ b/drivers/crypto/hash/Makefile @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: GPL-2.0+ +# +# Copyright (c) 2021 ASPEED Technology Inc. + +obj-$(CONFIG_DM_HASH) += hash-uclass.o diff --git a/drivers/crypto/hash/hash-uclass.c b/drivers/crypto/hash/hash-uclass.c new file mode 100644 index 00..446eb9e56a --- /dev/null +++ b/drivers/crypto/hash/hash-uclass.c @@ -0,0 +1,121 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (c) 2021 ASPEED Technology Inc. + * Author: ChiaWei Wang + */ + +#define LOG_CATEGORY UCLASS_HASH + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +struct hash_info { + char *name; + uint32_t digest_size; +}; + +static const struct hash_info hash_info[HASH_ALGO_NUM] = { + [HASH_ALGO_CRC16_CCITT] = { "crc16-ccitt", 2 }, + [HASH_ALGO_CRC32] = { "crc32", 4 }, + [HASH_ALGO_MD5] = { "md5", 16 }, + [HASH_ALGO_SHA1] = { "sha1", 20 }, + [HASH_ALGO_SHA256] = { "sha256", 32 }, + [HASH_ALGO_SHA384] = { "sha384", 48 }, + [HASH_ALGO_SHA512] = { "sha512", 64}, +}; + +enum HASH_ALGO hash_algo_lookup_by_name(const char *name) +{ + int i; + + if (!name) + return HASH_ALGO_INVALID; + + for (i = 0; i < HASH_ALGO_NUM; ++i) + if (!strcmp(name, hash_info[i].name)) + return i; + + return HASH_ALGO_INVALID; +} + +ssize_t hash_algo_digest_size(enum HASH_ALGO algo) +{ + if (algo >= HASH_ALGO_NUM) + return -EINVAL; + + return hash_info[algo].digest_size; +} + +const char *hash_algo_name(enum HASH_ALGO algo) +{ + if (algo >= HASH_ALGO_NUM) + return NULL; + + return hash_info[algo].name; +} + +int hash_digest(struct udevice *dev, enum HASH_ALGO algo, + const void *ibuf, const uint32_t ilen, + void *obuf) +{ + struct hash_ops *ops = (struct hash_ops *)device_get_ops(dev); + + if (!ops->hash_digest) + return -ENOSYS; + + return ops->hash_digest(dev, algo, ibuf, ilen, obuf); +} + +int hash_digest_wd(struct udevice *dev, enum HASH_ALGO algo, + const void *ibuf, const uint32_t ilen, + void *obuf, uint32_t chunk_sz) +{ + struct hash_ops *ops = (struct hash_ops *)device_get_ops(dev); + + if (!ops->hash_digest_wd) + return -ENOSYS; + + return ops->hash_digest_wd(dev, algo, ibuf, ilen, obuf, chunk_sz); +} + +int hash_init(struct udevice *dev, enum HASH_ALGO algo, void **ctxp) +{ + struct hash_ops *ops = (struct hash_ops *)device_get_ops(dev); + + if (!ops->hash_init) + return -ENOSYS; + + return ops->hash_init(dev, algo, ctxp); +} + +int hash_update(struct udevice *dev, void *ctx, const void *ibuf, const uint32_t ilen) +{ + struct hash_ops *ops = (struct hash_ops *)device_get_ops(dev); + + if (!ops->hash_update) + return -ENOSYS; + + return ops->hash_update(dev, ctx, ibuf, ilen); +} + +int hash_finish(struct udevic
[PATCH 3/4] crypto: hash: Add software hash DM driver
Add purely software-implmented drivers to support multiple hash operations including CRC, MD5, and SHA family. This driver is based on the new hash uclass. Signed-off-by: Chia-Wei Wang --- drivers/crypto/hash/Kconfig | 11 ++ drivers/crypto/hash/Makefile | 1 + drivers/crypto/hash/hash_sw.c | 301 ++ 3 files changed, 313 insertions(+) create mode 100644 drivers/crypto/hash/hash_sw.c diff --git a/drivers/crypto/hash/Kconfig b/drivers/crypto/hash/Kconfig index e226144b9b..cd29a5c6a4 100644 --- a/drivers/crypto/hash/Kconfig +++ b/drivers/crypto/hash/Kconfig @@ -3,3 +3,14 @@ config DM_HASH depends on DM help If you want to use driver model for Hash, say Y. + +config HASH_SOFTWARE + bool "Enable driver for Hash in software" + depends on DM_HASH + depends on MD5 + depends on SHA1 + depends on SHA256 + depends on SHA512_ALGO + help + Enable driver for hashing operations in software. Currently + it support multiple hash algorithm including CRC/MD5/SHA. diff --git a/drivers/crypto/hash/Makefile b/drivers/crypto/hash/Makefile index 83acf3d47b..33d88161ed 100644 --- a/drivers/crypto/hash/Makefile +++ b/drivers/crypto/hash/Makefile @@ -3,3 +3,4 @@ # Copyright (c) 2021 ASPEED Technology Inc. obj-$(CONFIG_DM_HASH) += hash-uclass.o +obj-$(CONFIG_HASH_SOFTWARE) += hash_sw.o diff --git a/drivers/crypto/hash/hash_sw.c b/drivers/crypto/hash/hash_sw.c new file mode 100644 index 00..fea9d12609 --- /dev/null +++ b/drivers/crypto/hash/hash_sw.c @@ -0,0 +1,301 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (c) 2021 ASPEED Technology Inc. + * Author: ChiaWei Wang + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* CRC16-CCITT */ +static void hash_init_crc16_ccitt(void *ctx) +{ + *((uint16_t *)ctx) = 0; +} + +static void hash_update_crc16_ccitt(void *ctx, const void *ibuf, uint32_t ilen) +{ + *((uint16_t *)ctx) = crc16_ccitt(*((uint16_t *)ctx), ibuf, ilen); +} + +static void hash_finish_crc16_ccitt(void *ctx, void *obuf) +{ + *((uint16_t *)obuf) = *((uint16_t *)ctx); +} + +/* CRC32 */ +static void hash_init_crc32(void *ctx) +{ + *((uint32_t *)ctx) = 0; +} + +static void hash_update_crc32(void *ctx, const void *ibuf, uint32_t ilen) +{ + *((uint32_t *)ctx) = crc32(*((uint32_t *)ctx), ibuf, ilen); +} + +static void hash_finish_crc32(void *ctx, void *obuf) +{ + *((uint32_t *)obuf) = *((uint32_t *)ctx); +} + +/* MD5 */ +static void hash_init_md5(void *ctx) +{ + MD5Init((struct MD5Context *)ctx); +} + +static void hash_update_md5(void *ctx, const void *ibuf, uint32_t ilen) +{ + MD5Update((struct MD5Context *)ctx, ibuf, ilen); +} + +static void hash_finish_md5(void *ctx, void *obuf) +{ + MD5Final(obuf, (struct MD5Context *)ctx); +} + +/* SHA1 */ +static void hash_init_sha1(void *ctx) +{ + sha1_starts((sha1_context *)ctx); +} + +static void hash_update_sha1(void *ctx, const void *ibuf, uint32_t ilen) +{ + sha1_update((sha1_context *)ctx, ibuf, ilen); +} + +static void hash_finish_sha1(void *ctx, void *obuf) +{ + sha1_finish((sha1_context *)ctx, obuf); +} + +/* SHA256 */ +static void hash_init_sha256(void *ctx) +{ + sha256_starts((sha256_context *)ctx); +} + +static void hash_update_sha256(void *ctx, const void *ibuf, uint32_t ilen) +{ + sha256_update((sha256_context *)ctx, ibuf, ilen); +} + +static void hash_finish_sha256(void *ctx, void *obuf) +{ + sha256_finish((sha256_context *)ctx, obuf); +} + +/* SHA384 */ +static void hash_init_sha384(void *ctx) +{ + sha384_starts((sha512_context *)ctx); +} + +static void hash_update_sha384(void *ctx, const void *ibuf, uint32_t ilen) +{ + sha384_update((sha512_context *)ctx, ibuf, ilen); +} + +static void hash_finish_sha384(void *ctx, void *obuf) +{ + sha384_finish((sha512_context *)ctx, obuf); +} + +/* SHA512 */ +static void hash_init_sha512(void *ctx) +{ + sha512_starts((sha512_context *)ctx); +} + +static void hash_update_sha512(void *ctx, const void *ibuf, uint32_t ilen) +{ + sha512_update((sha512_context *)ctx, ibuf, ilen); +} + +static void hash_finish_sha512(void *ctx, void *obuf) +{ + sha512_finish((sha512_context *)ctx, obuf); +} + +struct sw_hash_ctx { + enum HASH_ALGO algo; + uint8_t algo_ctx[]; +}; + +struct sw_hash_impl { + void (*init)(void *ctx); + void (*update)(void *ctx, const void *ibuf, uint32_t ilen); + void (*finish)(void *ctx, void *obuf); + uint32_t ctx_alloc_sz; +}; + +static struct sw_hash_impl sw_hash_impl[HASH_ALGO_NUM] = { + [HASH_ALGO_CRC16_CCITT] = { + .init = hash_init_crc16_ccitt, + .update = hash_update_crc16_ccitt, + .finish = hash_finish_crc16_ccitt, + .ctx_alloc_sz = sizeo
[PATCH 1/4] lib/md5: Export progressive APIs
Export the MD5 hash init/update/finish progressive APIs for better flexibility. Signed-off-by: Chia-Wei Wang --- include/u-boot/md5.h | 4 lib/md5.c| 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/include/u-boot/md5.h b/include/u-boot/md5.h index e09c16a6e3..e5cb923d77 100644 --- a/include/u-boot/md5.h +++ b/include/u-boot/md5.h @@ -17,6 +17,10 @@ struct MD5Context { }; }; +void MD5Init(struct MD5Context *ctx); +void MD5Update(struct MD5Context *ctx, unsigned char const *buf, unsigned len); +void MD5Final(unsigned char digest[16], struct MD5Context *ctx); + /* * Calculate and store in 'output' the MD5 digest of 'len' bytes at * 'input'. 'output' must have enough space to hold 16 bytes. diff --git a/lib/md5.c b/lib/md5.c index 2ae4a06319..688b7254c6 100644 --- a/lib/md5.c +++ b/lib/md5.c @@ -55,7 +55,7 @@ byteReverse(unsigned char *buf, unsigned longs) * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious * initialization constants. */ -static void +void MD5Init(struct MD5Context *ctx) { ctx->buf[0] = 0x67452301; @@ -71,7 +71,7 @@ MD5Init(struct MD5Context *ctx) * Update context to reflect the concatenation of another buffer full * of bytes. */ -static void +void MD5Update(struct MD5Context *ctx, unsigned char const *buf, unsigned len) { register __u32 t; @@ -120,7 +120,7 @@ MD5Update(struct MD5Context *ctx, unsigned char const *buf, unsigned len) * Final wrapup - pad to 64-byte boundary with the bit pattern * 1 0* (64-bit count of bits processed, MSB-first) */ -static void +void MD5Final(unsigned char digest[16], struct MD5Context *ctx) { unsigned int count; -- 2.17.1
[PATCH 0/4] crypto: Add new UCLASS_HASH
This patch series proposes new UCLASS_HASH for hash devices. Thus the hash drivers (SW or HW-accelerated) can be developed in the DM-based fashion. A purely software implemented hash driver is also added under the newly added UCLASS_HASH uclass. In addition, the FIT image hash verification is also updated to leverage the UCLASS_HASH driver if configured. As there is widly spread use of non-DM hash functions (common/hash.c), this patch does not remove them. More patches are needed if UCLASS_HASH is established. Chia-Wei Wang (4): lib/md5: Export progressive APIs dm: hash: Add new UCLASS_HASH support crypto: hash: Add software hash DM driver fit: Use DM hash driver if supported common/image-fit.c| 30 +++ drivers/crypto/Kconfig| 2 + drivers/crypto/Makefile | 1 + drivers/crypto/hash/Kconfig | 16 ++ drivers/crypto/hash/Makefile | 6 + drivers/crypto/hash/hash-uclass.c | 121 drivers/crypto/hash/hash_sw.c | 301 ++ include/dm/uclass-id.h| 1 + include/u-boot/hash.h | 61 ++ include/u-boot/md5.h | 4 + lib/md5.c | 6 +- 11 files changed, 546 insertions(+), 3 deletions(-) create mode 100644 drivers/crypto/hash/Kconfig create mode 100644 drivers/crypto/hash/Makefile create mode 100644 drivers/crypto/hash/hash-uclass.c create mode 100644 drivers/crypto/hash/hash_sw.c create mode 100644 include/u-boot/hash.h -- 2.17.1
[PATCH] reset: ast2600: Fix missing reference operator
Fix missing reference operator '&' to correctly get HW register addresses for writel(). Signed-off-by: Chia-Wei Wang --- drivers/reset/reset-ast2600.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/reset/reset-ast2600.c b/drivers/reset/reset-ast2600.c index f64adaf74e..195ddd18e0 100644 --- a/drivers/reset/reset-ast2600.c +++ b/drivers/reset/reset-ast2600.c @@ -41,9 +41,9 @@ static int ast2600_reset_assert(struct reset_ctl *reset_ctl) debug("%s: reset_ctl->id: %lu\n", __func__, reset_ctl->id); if (reset_ctl->id < 32) - writel(BIT(reset_ctl->id), scu->modrst_ctrl1); + writel(BIT(reset_ctl->id), >modrst_ctrl1); else - writel(BIT(reset_ctl->id - 32), scu->modrst_ctrl2); + writel(BIT(reset_ctl->id - 32), >modrst_ctrl2); return 0; } @@ -56,9 +56,9 @@ static int ast2600_reset_deassert(struct reset_ctl *reset_ctl) debug("%s: reset_ctl->id: %lu\n", __func__, reset_ctl->id); if (reset_ctl->id < 32) - writel(BIT(reset_ctl->id), scu->modrst_clr1); + writel(BIT(reset_ctl->id), >modrst_clr1); else - writel(BIT(reset_ctl->id - 32), scu->modrst_clr2); + writel(BIT(reset_ctl->id - 32), >modrst_clr2); return 0; } -- 2.17.1
[PATCH v3 13/14] configs: aspeed: Make EXTRA_ENV_SETTINGS board specific
Move CONFIG_EXTRA_ENV_SETTINGS to board-specific configuration headers. Signed-off-by: Chia-Wei Wang --- include/configs/aspeed-common.h | 9 - include/configs/evb_ast2500.h | 6 ++ include/configs/evb_ast2600.h | 6 ++ 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/include/configs/aspeed-common.h b/include/configs/aspeed-common.h index df0f5d2e76..afe690af53 100644 --- a/include/configs/aspeed-common.h +++ b/include/configs/aspeed-common.h @@ -43,13 +43,4 @@ */ #define CONFIG_BOOTP_BOOTFILESIZE -/* - * Miscellaneous configurable options - */ - -#define CONFIG_EXTRA_ENV_SETTINGS \ - "verify=yes\0" \ - "spi_dma=yes\0" \ - "" - #endif /* __AST_COMMON_CONFIG_H */ diff --git a/include/configs/evb_ast2500.h b/include/configs/evb_ast2500.h index 0ff01af833..a886fd941e 100644 --- a/include/configs/evb_ast2500.h +++ b/include/configs/evb_ast2500.h @@ -16,4 +16,10 @@ /* Memory Info */ #define CONFIG_SYS_LOAD_ADDR 0x8300 +/* Misc */ +#define CONFIG_EXTRA_ENV_SETTINGS \ + "verify=yes\0" \ + "spi_dma=yes\0" \ + "" + #endif /* __CONFIG_H */ diff --git a/include/configs/evb_ast2600.h b/include/configs/evb_ast2600.h index e7975bf66d..d2aceb6663 100644 --- a/include/configs/evb_ast2600.h +++ b/include/configs/evb_ast2600.h @@ -13,4 +13,10 @@ /* Memory Info */ #define CONFIG_SYS_LOAD_ADDR 0x8300 +/* Misc */ +#define CONFIG_EXTRA_ENV_SETTINGS \ + "verify=yes\0" \ + "spi_dma=yes\0" \ + "" + #endif /* __CONFIG_H */ -- 2.17.1
[PATCH v3 14/14] configs: ast2600: Boot kernel FIT in DRAM
AST2600 leverages the FIT hash/signature verification to fulfill secure boot trust chain. To improve the performance and save SW code size for those crypto operations, the two HW crypto engine, HACE and ARCY, are enabled. However, both of the engines can only access to data stored in DRAM space. Therefore, we need to move the FIT image into DRAM before the booting. This patch update the CONFIG_BOOTCOMMAND to execute the pre-defined ENV variable which consists of FIT image copy to memory and booting. Signed-off-by: Chia-Wei Wang --- configs/evb-ast2600_defconfig | 2 +- include/configs/evb_ast2600.h | 7 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/configs/evb-ast2600_defconfig b/configs/evb-ast2600_defconfig index 5049217b55..f87487b82f 100644 --- a/configs/evb-ast2600_defconfig +++ b/configs/evb-ast2600_defconfig @@ -27,7 +27,7 @@ CONFIG_SPL_LOAD_FIT_ADDRESS=0x1 CONFIG_USE_BOOTARGS=y CONFIG_BOOTARGS="console=ttyS4,115200n8 root=/dev/ram rw" CONFIG_USE_BOOTCOMMAND=y -CONFIG_BOOTCOMMAND="bootm 2010" +CONFIG_BOOTCOMMAND="run bootspi" # CONFIG_DISPLAY_CPUINFO is not set CONFIG_SPL_SIZE_LIMIT_SUBTRACT_GD=y CONFIG_SPL_SIZE_LIMIT_SUBTRACT_MALLOC=y diff --git a/include/configs/evb_ast2600.h b/include/configs/evb_ast2600.h index d2aceb6663..83002db317 100644 --- a/include/configs/evb_ast2600.h +++ b/include/configs/evb_ast2600.h @@ -14,7 +14,14 @@ #define CONFIG_SYS_LOAD_ADDR 0x8300 /* Misc */ +#define STR_HELPER(s) #s +#define STR(s) STR_HELPER(s) + #define CONFIG_EXTRA_ENV_SETTINGS \ + "loadaddr=" STR(CONFIG_SYS_LOAD_ADDR) "\0" \ + "bootspi=fdt addr 2010 && fdt header get fitsize totalsize && " \ + "cp.b 2010 ${loadaddr} ${fitsize} && bootm; " \ + "echo Error loading kernel FIT image\0" \ "verify=yes\0" \ "spi_dma=yes\0" \ "" -- 2.17.1
[PATCH v3 12/14] configs: ast2600-evb: Enable SPL FIT support
Enable SPL FIT image load and verification support. The HW accelerated SHA is also available with the newly added support of the HACE HW hash engine. Signed-off-by: Chia-Wei Wang --- configs/evb-ast2600_defconfig | 24 +--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/configs/evb-ast2600_defconfig b/configs/evb-ast2600_defconfig index f24425997d..5049217b55 100644 --- a/configs/evb-ast2600_defconfig +++ b/configs/evb-ast2600_defconfig @@ -1,7 +1,7 @@ CONFIG_ARM=y CONFIG_SYS_DCACHE_OFF=y CONFIG_ARCH_ASPEED=y -CONFIG_SYS_TEXT_BASE=0x1 +CONFIG_SYS_TEXT_BASE=0x8000 CONFIG_ASPEED_AST2600=y CONFIG_TARGET_EVB_AST2600=y CONFIG_SPL_LIBCOMMON_SUPPORT=y @@ -11,12 +11,19 @@ CONFIG_NR_DRAM_BANKS=1 CONFIG_ENV_SIZE=0x1 CONFIG_DEFAULT_DEVICE_TREE="ast2600-evb" CONFIG_SPL_SERIAL_SUPPORT=y +CONFIG_SPL_DRIVERS_MISC_SUPPORT=y +CONFIG_SPL_STACK_R_ADDR=0x8300 CONFIG_SPL_SIZE_LIMIT=0x1 CONFIG_SPL=y # CONFIG_ARMV7_NONSEC is not set # CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set CONFIG_FIT=y -# CONFIG_LEGACY_IMAGE_FORMAT is not set +CONFIG_FIT_ENABLE_SHA384_SUPPORT=y +CONFIG_FIT_ENABLE_SHA512_SUPPORT=y +CONFIG_SPL_FIT_SIGNATURE=y +CONFIG_SPL_LOAD_FIT=y +CONFIG_SPL_LOAD_FIT_ADDRESS=0x1 +# CONFIG_USE_SPL_FIT_GENERATOR is not set CONFIG_USE_BOOTARGS=y CONFIG_BOOTARGS="console=ttyS4,115200n8 root=/dev/ram rw" CONFIG_USE_BOOTCOMMAND=y @@ -24,8 +31,15 @@ CONFIG_BOOTCOMMAND="bootm 2010" # CONFIG_DISPLAY_CPUINFO is not set CONFIG_SPL_SIZE_LIMIT_SUBTRACT_GD=y CONFIG_SPL_SIZE_LIMIT_SUBTRACT_MALLOC=y -# CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set +CONFIG_SPL_BOARD_INIT=y CONFIG_SPL_SYS_MALLOC_SIMPLE=y +CONFIG_SPL_STACK_R=y +CONFIG_SPL_STACK_R_MALLOC_SIMPLE_LEN=0x200 +CONFIG_SPL_SHA1_SUPPORT=y +CONFIG_SPL_SHA256_SUPPORT=y +CONFIG_SPL_SHA384_SUPPORT=y +CONFIG_SPL_SHA512_SUPPORT=y +CONFIG_SPL_FIT_IMAGE_TINY=y CONFIG_SPL_DM_RESET=y CONFIG_SPL_RAM_SUPPORT=y CONFIG_SPL_RAM_DEVICE=y @@ -45,6 +59,8 @@ CONFIG_REGMAP=y CONFIG_SPL_OF_TRANSLATE=y CONFIG_CLK=y CONFIG_SPL_CLK=y +CONFIG_ASPEED_HACE=y +CONFIG_ASPEED_ARCY=y CONFIG_DM_I2C=y CONFIG_MISC=y CONFIG_SPL_MISC=y @@ -63,6 +79,8 @@ CONFIG_SYS_NS16550=y CONFIG_SYSRESET=y CONFIG_SPL_SYSRESET=y CONFIG_WDT=y +CONFIG_SHA512_HW_ACCEL=y CONFIG_HEXDUMP=y # CONFIG_SPL_HEXDUMP is not set # CONFIG_EFI_LOADER is not set +CONFIG_PHANDLE_CHECK_SEQ=y -- 2.17.1
[PATCH v3 09/14] ast2600: spl: Add ARCY probing
Probe ARCY driver in SPL board init if enabled. Signed-off-by: Chia-Wei Wang --- arch/arm/mach-aspeed/ast2600/spl.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/arch/arm/mach-aspeed/ast2600/spl.c b/arch/arm/mach-aspeed/ast2600/spl.c index a0fc420ff1..2172bb4ae7 100644 --- a/arch/arm/mach-aspeed/ast2600/spl.c +++ b/arch/arm/mach-aspeed/ast2600/spl.c @@ -49,6 +49,12 @@ void spl_board_init(void) ); if (rc) debug("HACE initialization failure, rc=%d\n", rc); + + rc = uclass_get_device_by_driver(UCLASS_MOD_EXP, +DM_DRIVER_GET(aspeed_arcy), +); + if (rc) + debug("ARCY initialization failure, rc=%d\n", rc); } #endif -- 2.17.1
[PATCH v3 06/14] common: fit: Use hash.c to call CRC/SHA function
From: Joel Stanley Currently the FIT verification calls directly into SW implemented functions to get a CRC/SHA/MD5 hash. This patch removes duplcated algorithm lookup and use hash_lookup_algo to get the hashing function with HW accelearation supported if configured. The MD5 direct call remains as it is not included in the hash lookup table of hash.c. Signed-off-by: Joel Stanley Signed-off-by: Chia-Wei Wang --- common/image-fit.c | 35 ++- 1 file changed, 10 insertions(+), 25 deletions(-) diff --git a/common/image-fit.c b/common/image-fit.c index 0c5a05948d..e52ff47bc3 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -1196,7 +1196,7 @@ int fit_set_timestamp(void *fit, int noffset, time_t timestamp) * calculate_hash - calculate and return hash for provided input data * @data: pointer to the input data * @data_len: data length - * @algo: requested hash algorithm + * @algo_name: requested hash algorithm * @value: pointer to the char, will hold hash value data (caller must * allocate enough free space) * value_len: length of the calculated hash @@ -1210,37 +1210,22 @@ int fit_set_timestamp(void *fit, int noffset, time_t timestamp) * 0, on success *-1, when algo is unsupported */ -int calculate_hash(const void *data, int data_len, const char *algo, - uint8_t *value, int *value_len) +int calculate_hash(const void *data, int data_len, const char *algo_name, + uint8_t *value, int *value_len) { - if (IMAGE_ENABLE_CRC32 && strcmp(algo, "crc32") == 0) { - *((uint32_t *)value) = crc32_wd(0, data, data_len, - CHUNKSZ_CRC32); - *((uint32_t *)value) = cpu_to_uimage(*((uint32_t *)value)); - *value_len = 4; - } else if (IMAGE_ENABLE_SHA1 && strcmp(algo, "sha1") == 0) { - sha1_csum_wd((unsigned char *)data, data_len, -(unsigned char *)value, CHUNKSZ_SHA1); - *value_len = 20; - } else if (IMAGE_ENABLE_SHA256 && strcmp(algo, "sha256") == 0) { - sha256_csum_wd((unsigned char *)data, data_len, - (unsigned char *)value, CHUNKSZ_SHA256); - *value_len = SHA256_SUM_LEN; - } else if (IMAGE_ENABLE_SHA384 && strcmp(algo, "sha384") == 0) { - sha384_csum_wd((unsigned char *)data, data_len, - (unsigned char *)value, CHUNKSZ_SHA384); - *value_len = SHA384_SUM_LEN; - } else if (IMAGE_ENABLE_SHA512 && strcmp(algo, "sha512") == 0) { - sha512_csum_wd((unsigned char *)data, data_len, - (unsigned char *)value, CHUNKSZ_SHA512); - *value_len = SHA512_SUM_LEN; - } else if (IMAGE_ENABLE_MD5 && strcmp(algo, "md5") == 0) { + struct hash_algo *algo; + + if (IMAGE_ENABLE_MD5 && strcmp(algo_name, "md5") == 0) { md5_wd((unsigned char *)data, data_len, value, CHUNKSZ_MD5); *value_len = 16; + } else if (hash_lookup_algo(algo_name, ) == 0) { + algo->hash_func_ws(data, data_len, value, algo->chunk_size); + *value_len = algo->digest_size; } else { debug("Unsupported hash alogrithm\n"); return -1; } + return 0; } -- 2.17.1
[PATCH v3 10/14] ARM: dts: ast2600: Add ARCY to device tree
Add ARCY DTS node and enable it for AST2600 EVB. Signed-off-by: Chia-Wei Wang --- arch/arm/dts/ast2600-evb.dts | 5 + arch/arm/dts/ast2600.dtsi| 9 + 2 files changed, 14 insertions(+) diff --git a/arch/arm/dts/ast2600-evb.dts b/arch/arm/dts/ast2600-evb.dts index adb80a30ef..fd4e35e954 100644 --- a/arch/arm/dts/ast2600-evb.dts +++ b/arch/arm/dts/ast2600-evb.dts @@ -182,3 +182,8 @@ u-boot,dm-pre-reloc; status = "okay"; }; + + { + u-boot,dm-pre-reloc; + status = "okay"; +}; diff --git a/arch/arm/dts/ast2600.dtsi b/arch/arm/dts/ast2600.dtsi index 3061649205..3e20c16392 100644 --- a/arch/arm/dts/ast2600.dtsi +++ b/arch/arm/dts/ast2600.dtsi @@ -196,6 +196,15 @@ status = "disabled"; }; + arcy: arcy@1e6fa000 { + compatible = "aspeed,ast2600-arcy"; + reg = <0x1e6fa000 0x1000>, + <0x1e71 0x1>; + interrupts = ; + clocks = < ASPEED_CLK_GATE_RSACLK>; + status = "disabled"; + }; + edac: sdram@1e6e { compatible = "aspeed,ast2600-sdram-edac"; reg = <0x1e6e 0x174>; -- 2.17.1
[PATCH v3 08/14] crypto: aspeed: Add AST2600 ARCY support
ARCY is deisnged to accerlerate ECC/RSA digital signature generation and verification. Signed-off-by: Chia-Wei Wang --- drivers/crypto/aspeed/Kconfig | 10 ++ drivers/crypto/aspeed/Makefile | 1 + drivers/crypto/aspeed/aspeed_arcy.c | 182 lib/rsa/Kconfig | 10 +- 4 files changed, 202 insertions(+), 1 deletion(-) create mode 100644 drivers/crypto/aspeed/aspeed_arcy.c diff --git a/drivers/crypto/aspeed/Kconfig b/drivers/crypto/aspeed/Kconfig index 299efc223f..9d896afa8a 100644 --- a/drivers/crypto/aspeed/Kconfig +++ b/drivers/crypto/aspeed/Kconfig @@ -10,3 +10,13 @@ config ASPEED_HACE Enabling this allows the use of SHA operations in hardware without requiring the SHA software implementations. It also improves performance and saves code size. + +config ASPEED_ARCY + bool "ASPEED RSA and ECC Engine" + depends on ASPEED_AST2600 + help +Select this option to enable a driver for using the RSA/ECC engine in +the ASPEED BMC SoCs. + +Enabling this allows the use of RSA/ECC operations in hardware without requiring the +software implementations. It also improves performance and saves code size. diff --git a/drivers/crypto/aspeed/Makefile b/drivers/crypto/aspeed/Makefile index 84e6bfe82a..8de95eef7e 100644 --- a/drivers/crypto/aspeed/Makefile +++ b/drivers/crypto/aspeed/Makefile @@ -1 +1,2 @@ obj-$(CONFIG_ASPEED_HACE) += aspeed_hace.o +obj-$(CONFIG_ASPEED_ARCY) += aspeed_arcy.o diff --git a/drivers/crypto/aspeed/aspeed_arcy.c b/drivers/crypto/aspeed/aspeed_arcy.c new file mode 100644 index 00..d3da869f83 --- /dev/null +++ b/drivers/crypto/aspeed/aspeed_arcy.c @@ -0,0 +1,182 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright 2021 ASPEED Technology Inc. + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* ARCY register offsets */ +#define ARCY_CTRL1 0x00 +#define ARCY_CTRL1_RSA_DMA BIT(1) +#define ARCY_CTRL1_RSA_START BIT(0) +#define ARCY_CTRL2 0x44 +#define ARCY_CTRL3 0x48 +#define ARCY_CTRL3_SRAM_AHB_ACCESS BIT(8) +#define ARCY_CTRL3_ECC_RSA_MODE_MASK GENMASK(5, 4) +#define ARCY_CTRL3_ECC_RSA_MODE_SHIFT4 +#define ARCY_DMA_DRAM_SADDR0x4c +#define ARCY_DMA_DMEM_TADDR0x50 +#define ARCY_DMA_DMEM_TADDR_LEN_MASK GENMASK(15, 0) +#define ARCY_DMA_DMEM_TADDR_LEN_SHIFT0 +#define ARCY_RSA_PARAM 0x58 +#define ARCY_RSA_PARAM_EXP_MASK GENMASK(31, 16) +#define ARCY_RSA_PARAM_EXP_SHIFT 16 +#define ARCY_RSA_PARAM_MOD_MASK GENMASK(15, 0) +#define ARCY_RSA_PARAM_MOD_SHIFT 0 +#define ARCY_RSA_INT_EN0x3f8 +#define ARCY_RSA_INT_EN_RSA_READYBIT(2) +#define ARCY_RSA_INT_EN_RSA_CMPLTBIT(1) +#define ARCY_RSA_INT_STS 0x3fc +#define ARCY_RSA_INT_STS_RSA_READY BIT(2) +#define ARCY_RSA_INT_STS_RSA_CMPLT BIT(1) + +/* misc. constant */ +#define ARCY_ECC_MODE 2 +#define ARCY_RSA_MODE 3 +#define ARCY_CTX_BUFSZ 0x600 + +struct aspeed_arcy { + phys_addr_t base; + phys_addr_t sram_base; /* internal sram */ + struct clk clk; +}; + +static int aspeed_arcy_mod_exp(struct udevice *dev, const uint8_t *sig, uint32_t sig_len, + struct key_prop *prop, uint8_t *out) +{ + int i, j; + u8 *ctx; + u8 *ptr; + u32 reg; + struct aspeed_arcy *arcy = dev_get_priv(dev); + + ctx = memalign(16, ARCY_CTX_BUFSZ); + if (!ctx) + return -ENOMEM; + + memset(ctx, 0, ARCY_CTX_BUFSZ); + + ptr = (u8 *)prop->public_exponent; + for (i = prop->exp_len - 1, j = 0; i >= 0; --i) { + ctx[j] = ptr[i]; + j++; + j = (j % 16) ? j : j + 32; + } + + ptr = (u8 *)prop->modulus; + for (i = (prop->num_bits >> 3) - 1, j = 0; i >= 0; --i) { + ctx[j + 16] = ptr[i]; + j++; + j = (j % 16) ? j : j + 32; + } + + ptr = (u8 *)sig; + for (i = sig_len - 1, j = 0; i >= 0; --i) { + ctx[j + 32] = ptr[i]; + j++; + j = (j % 16) ? j : j + 32; + } + + writel((u32)ctx, arcy->base + ARCY_DMA_DRAM_SADDR); + + reg = (((prop->exp_len << 3) << ARCY_RSA_PARAM_EXP_SHIFT) & ARCY_RSA_PARAM_EXP_MASK) | + ((prop->num_bits << ARCY_RSA_PARAM_MOD_SHIFT) & ARCY_RSA_PARAM_MOD_MASK); + writel(reg, arcy->base + ARCY_RSA_PARAM); + + reg = (ARCY_CTX_BUFSZ << ARCY_DMA_DMEM_TADDR_LEN_SHIFT) & ARCY_DMA_DMEM_TADDR_LEN_MASK; + writel(reg, arcy->base + ARCY_DMA_DMEM_TADDR); + + reg = (ARCY_RSA_MODE << ARCY_CTRL3_ECC_RSA_MODE_SHIFT) & ARCY_CTRL3_ECC_RSA_MODE_MASK; + writel(reg, arcy->bas
[PATCH v3 11/14] ast2600: spl: Locate load buffer in DRAM space
Return CONFIG_SYS_LOAD_ADDR pointing to DRAM space for spl_get_load_buffer() to allow generic SPL image loading code (e.g. FIT and Ymodem) to store data in DRAM. Signed-off-by: Chia-Wei Wang --- arch/arm/mach-aspeed/ast2600/spl.c | 9 + 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/arch/arm/mach-aspeed/ast2600/spl.c b/arch/arm/mach-aspeed/ast2600/spl.c index 2172bb4ae7..42ef24316e 100644 --- a/arch/arm/mach-aspeed/ast2600/spl.c +++ b/arch/arm/mach-aspeed/ast2600/spl.c @@ -28,14 +28,7 @@ u32 spl_boot_device(void) struct image_header *spl_get_load_buffer(ssize_t offset, size_t size) { - /* -* When boot from SPI, AST2600 already remap 0x ~ 0x0fff -* to BMC SPI memory space 0x2000 ~ 0x2fff. The next stage BL -* has been located in SPI for XIP. In this case, the load buffer for -* SPL image loading will be set to the remapped address of the next -* BL instead of the DRAM space CONFIG_SYS_LOAD_ADDR -*/ - return (struct image_header *)(CONFIG_SYS_TEXT_BASE); + return (struct image_header *)(CONFIG_SYS_LOAD_ADDR); } #ifdef CONFIG_SPL_BOARD_INIT -- 2.17.1
[PATCH v3 04/14] ast2600: spl: Add HACE probing
From: Joel Stanley Probe HACE driver in SPL board init if enabled. Signed-off-by: Joel Stanley Signed-off-by: Chia-Wei Wang --- arch/arm/mach-aspeed/ast2600/spl.c | 14 ++ 1 file changed, 14 insertions(+) diff --git a/arch/arm/mach-aspeed/ast2600/spl.c b/arch/arm/mach-aspeed/ast2600/spl.c index 0d8cb29678..a0fc420ff1 100644 --- a/arch/arm/mach-aspeed/ast2600/spl.c +++ b/arch/arm/mach-aspeed/ast2600/spl.c @@ -38,6 +38,20 @@ struct image_header *spl_get_load_buffer(ssize_t offset, size_t size) return (struct image_header *)(CONFIG_SYS_TEXT_BASE); } +#ifdef CONFIG_SPL_BOARD_INIT +void spl_board_init(void) +{ + int rc; + struct udevice *dev; + + rc = uclass_get_device_by_driver(UCLASS_MISC, +DM_DRIVER_GET(aspeed_hace), +); + if (rc) + debug("HACE initialization failure, rc=%d\n", rc); +} +#endif + #ifdef CONFIG_SPL_OS_BOOT int spl_start_uboot(void) { -- 2.17.1
[PATCH v3 07/14] clk: ast2600: Add RSACLK control for ARCY
Add RSACLK enable for ARCY, the HW RSA/ECC crypto engine of ASPEED AST2600 SoCs. Signed-off-by: Chia-Wei Wang --- arch/arm/include/asm/arch-aspeed/scu_ast2600.h | 1 + drivers/clk/aspeed/clk_ast2600.c | 15 +++ 2 files changed, 16 insertions(+) diff --git a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h index d7b500f656..27f4e9f994 100644 --- a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h +++ b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h @@ -8,6 +8,7 @@ #define SCU_UNLOCK_KEY 0x1688a8a8 #define SCU_CLKGATE1_EMMC BIT(27) +#define SCU_CLKGATE1_ARCY BIT(24) #define SCU_CLKGATE1_MAC2 BIT(21) #define SCU_CLKGATE1_MAC1 BIT(20) #define SCU_CLKGATE1_USB_HUB BIT(14) diff --git a/drivers/clk/aspeed/clk_ast2600.c b/drivers/clk/aspeed/clk_ast2600.c index 69128fd3c4..bf3379fce2 100644 --- a/drivers/clk/aspeed/clk_ast2600.c +++ b/drivers/clk/aspeed/clk_ast2600.c @@ -1030,6 +1030,18 @@ static ulong ast2600_enable_haceclk(struct ast2600_scu *scu) return 0; } +static ulong ast2600_enable_rsaclk(struct ast2600_scu *scu) +{ + uint32_t clkgate_bit; + + clkgate_bit = SCU_CLKGATE1_ARCY; + + writel(clkgate_bit, >clkgate_clr1); + mdelay(20); + + return 0; +} + static int ast2600_clk_enable(struct clk *clk) { struct ast2600_clk_priv *priv = dev_get_priv(clk->dev); @@ -1071,6 +1083,9 @@ static int ast2600_clk_enable(struct clk *clk) case ASPEED_CLK_GATE_YCLK: ast2600_enable_haceclk(priv->scu); break; + case ASPEED_CLK_GATE_RSACLK: + ast2600_enable_rsaclk(priv->scu); + break; default: pr_err("can't enable clk\n"); return -ENOENT; -- 2.17.1
[PATCH v3 03/14] crypto: aspeed: Add AST2600 HACE support
From: Joel Stanley Hash and Crypto Engine (HACE) is designed to accelerate the throughput of hash data digest, and symmetric-key encryption. Signed-off-by: Joel Stanley Signed-off-by: Chia-Wei Wang --- drivers/crypto/Kconfig | 2 + drivers/crypto/Makefile | 1 + drivers/crypto/aspeed/Kconfig | 12 ++ drivers/crypto/aspeed/Makefile | 1 + drivers/crypto/aspeed/aspeed_hace.c | 308 5 files changed, 324 insertions(+) create mode 100644 drivers/crypto/aspeed/Kconfig create mode 100644 drivers/crypto/aspeed/Makefile create mode 100644 drivers/crypto/aspeed/aspeed_hace.c diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index 1ea116be75..422d01403e 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -2,4 +2,6 @@ menu "Hardware crypto devices" source drivers/crypto/fsl/Kconfig +source drivers/crypto/aspeed/Kconfig + endmenu diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile index efbd1d3fca..0442067e5e 100644 --- a/drivers/crypto/Makefile +++ b/drivers/crypto/Makefile @@ -6,3 +6,4 @@ obj-$(CONFIG_EXYNOS_ACE_SHA) += ace_sha.o obj-y += rsa_mod_exp/ obj-y += fsl/ +obj-y += aspeed/ diff --git a/drivers/crypto/aspeed/Kconfig b/drivers/crypto/aspeed/Kconfig new file mode 100644 index 00..299efc223f --- /dev/null +++ b/drivers/crypto/aspeed/Kconfig @@ -0,0 +1,12 @@ +config ASPEED_HACE + bool "ASPEED Hash and Crypto Engine" + depends on ASPEED_AST2600 + imply SHA_HW_ACCEL + imply SHA_PROG_HW_ACCEL + imply CMD_HASH + help +Select this option to enable a driver for using the SHA engine in +the ASPEED BMC SoCs. + +Enabling this allows the use of SHA operations in hardware without requiring the +SHA software implementations. It also improves performance and saves code size. diff --git a/drivers/crypto/aspeed/Makefile b/drivers/crypto/aspeed/Makefile new file mode 100644 index 00..84e6bfe82a --- /dev/null +++ b/drivers/crypto/aspeed/Makefile @@ -0,0 +1 @@ +obj-$(CONFIG_ASPEED_HACE) += aspeed_hace.o diff --git a/drivers/crypto/aspeed/aspeed_hace.c b/drivers/crypto/aspeed/aspeed_hace.c new file mode 100644 index 00..896e1f1a3b --- /dev/null +++ b/drivers/crypto/aspeed/aspeed_hace.c @@ -0,0 +1,308 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright 2021 IBM Corp. + * Copyright 2021 ASPEED Technology Inc. + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* register offsets*/ +#define HACE_STS 0x1C +#define HACE_HASH_DATA_OVF BIT(23) +#define HACE_HASH_INTBIT(9) +#define HACE_HASH_BUSY BIT(0) +#define HACE_HASH_DATA 0x20 +#define HACE_HASH_DIGEST 0x24 +#define HACE_HASH_HMAC_KEY 0x28 +#define HACE_HASH_DATA_LEN 0x2C +#define HACE_SG_LAST BIT(31) +#define HACE_HASH_CMD 0x30 +#define HACE_SG_EN BIT(18) +#define HACE_ALGO_SHA384 (BIT(10) | BIT(6) | BIT(5)) +#define HACE_ALGO_SHA512 (BIT(6) | BIT(5)) +#define HACE_ALGO_SHA256 (BIT(6) | BIT(4)) +#define HACE_ALGO_SHA224 BIT(6) +#define HACE_ALGO_SHA1 BIT(5) +#define HACE_SHA_BE_EN BIT(3) +#define HACE_MD5_LE_EN BIT(2) + +#define HACE_MAX_SG32 + +struct aspeed_sg { + u32 len; + u32 addr; +}; + +struct aspeed_hash_ctx { + u32 method; + u32 digest_size; + u32 len; + u32 count; + struct aspeed_sg list[HACE_MAX_SG]; /* Must be 8 byte aligned */ +}; + +struct aspeed_hace { + phys_addr_t base; + struct clk clk; + struct reset_ctl rst; +}; + +static int aspeed_hace_wait_completion(u32 reg, u32 flag, int timeout_us) +{ + u32 val; + + return readl_poll_timeout(reg, val, (val & flag) == flag, timeout_us); +} + +static int digest_object(const void *data, unsigned int length, void *digest, +u32 method) +{ + int rc; + u32 sts; + struct udevice *dev; + struct aspeed_hace *hace; + + if (!((u32)data & BIT(31))) { + debug("HACE src out of bounds: can only copy from SDRAM\n"); + return -EINVAL; + } + + if (!((u32)digest & BIT(31))) { + debug("HACE dst out of bounds: can only copy to SDRAM\n"); + return -EINVAL; + } + + if ((u32)digest & 0x7) { + debug("HACE dst alignment incorrect: %p\n", digest); + return -EINVAL; + } + + /* get HACE device as crypto code does not pass us device/driver state */ + rc = uclass_get_device_by_driver(UCLASS_MISC, +DM_DRIVER_GET(aspeed_hace), +); + if (rc) { + debug(&qu
[PATCH v3 01/14] aspeed: ast2600: Enlarge SRAM size
The AST2600 SRAM has been extended to 88KB since A1 chip revision. This patch updates the SRAM size to offer more space for early stack/heap use. Signed-off-by: Chia-Wei Wang --- arch/arm/include/asm/arch-aspeed/platform.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/include/asm/arch-aspeed/platform.h b/arch/arm/include/asm/arch-aspeed/platform.h index d50ec5f8a9..589abd4a3f 100644 --- a/arch/arm/include/asm/arch-aspeed/platform.h +++ b/arch/arm/include/asm/arch-aspeed/platform.h @@ -17,7 +17,7 @@ #define ASPEED_MAC_COUNT 4 #define ASPEED_DRAM_BASE 0x8000 #define ASPEED_SRAM_BASE 0x1000 -#define ASPEED_SRAM_SIZE 0x1 +#define ASPEED_SRAM_SIZE 0x16000 #else #err "Unrecognized Aspeed platform." #endif -- 2.17.1
[PATCH v3 02/14] clk: ast2600: Add YCLK control for HACE
From: Joel Stanley Add YCLK enable for HACE, the HW hash engine of ASPEED AST2600 SoCs. Signed-off-by: Joel Stanley Signed-off-by: Chia-Wei Wang --- .../arm/include/asm/arch-aspeed/scu_ast2600.h | 5 +++-- drivers/clk/aspeed/clk_ast2600.c | 20 +++ 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h index a205fb1f76..d7b500f656 100644 --- a/arch/arm/include/asm/arch-aspeed/scu_ast2600.h +++ b/arch/arm/include/asm/arch-aspeed/scu_ast2600.h @@ -10,8 +10,9 @@ #define SCU_CLKGATE1_EMMC BIT(27) #define SCU_CLKGATE1_MAC2 BIT(21) #define SCU_CLKGATE1_MAC1 BIT(20) -#define SCU_CLKGATE1_USB_HUB BIT(14) -#define SCU_CLKGATE1_USB_HOST2 BIT(7) +#define SCU_CLKGATE1_USB_HUB BIT(14) +#define SCU_CLKGATE1_HACE BIT(13) +#define SCU_CLKGATE1_USB_HOST2 BIT(7) #define SCU_CLKGATE2_FSI BIT(30) #define SCU_CLKGATE2_MAC4 BIT(21) diff --git a/drivers/clk/aspeed/clk_ast2600.c b/drivers/clk/aspeed/clk_ast2600.c index 3a92739f5c..69128fd3c4 100644 --- a/drivers/clk/aspeed/clk_ast2600.c +++ b/drivers/clk/aspeed/clk_ast2600.c @@ -1013,6 +1013,23 @@ static ulong ast2600_enable_usbbhclk(struct ast2600_scu *scu) return 0; } +static ulong ast2600_enable_haceclk(struct ast2600_scu *scu) +{ + uint32_t reset_bit; + uint32_t clkgate_bit; + + reset_bit = BIT(ASPEED_RESET_HACE); + clkgate_bit = SCU_CLKGATE1_HACE; + + writel(reset_bit, >modrst_ctrl1); + udelay(100); + writel(clkgate_bit, >clkgate_clr1); + mdelay(20); + writel(reset_bit, >modrst_clr1); + + return 0; +} + static int ast2600_clk_enable(struct clk *clk) { struct ast2600_clk_priv *priv = dev_get_priv(clk->dev); @@ -1051,6 +1068,9 @@ static int ast2600_clk_enable(struct clk *clk) case ASPEED_CLK_GATE_USBPORT2CLK: ast2600_enable_usbbhclk(priv->scu); break; + case ASPEED_CLK_GATE_YCLK: + ast2600_enable_haceclk(priv->scu); + break; default: pr_err("can't enable clk\n"); return -ENOENT; -- 2.17.1
[PATCH v3 05/14] ARM: dts: ast2600: Add HACE to device tree
From: Joel Stanley Add HACE DTS node and enable it for AST2600 EVB. Signed-off-by: Joel Stanley Signed-off-by: Chia-Wei Wang --- arch/arm/dts/ast2600-evb.dts | 5 + arch/arm/dts/ast2600.dtsi| 9 + 2 files changed, 14 insertions(+) diff --git a/arch/arm/dts/ast2600-evb.dts b/arch/arm/dts/ast2600-evb.dts index 2abd31341c..adb80a30ef 100644 --- a/arch/arm/dts/ast2600-evb.dts +++ b/arch/arm/dts/ast2600-evb.dts @@ -177,3 +177,8 @@ 0x08 0x04 0x08 0x04>; }; + + { + u-boot,dm-pre-reloc; + status = "okay"; +}; diff --git a/arch/arm/dts/ast2600.dtsi b/arch/arm/dts/ast2600.dtsi index ac0f08b7ea..3061649205 100644 --- a/arch/arm/dts/ast2600.dtsi +++ b/arch/arm/dts/ast2600.dtsi @@ -187,6 +187,15 @@ }; }; + hace: hace@1e6d { + compatible = "aspeed,ast2600-hace"; + reg = <0x1e6d 0x200>; + interrupts = ; + clocks = < ASPEED_CLK_GATE_YCLK>; + resets = < ASPEED_RESET_HACE>; + status = "disabled"; + }; + edac: sdram@1e6e { compatible = "aspeed,ast2600-sdram-edac"; reg = <0x1e6e 0x174>; -- 2.17.1
[PATCH v3 00/14] aspeed: Support secure boot chain with FIT image verification
This patch series intends to provide a secure boot chain from SPL to Linux kernel based on the hash and signature verification of FIT image paradigm. To improve the performance and save code size (SPL is limited to 64KB due to HW-RoT), the drviers of two HW crypto engine HACE and ARCY are also added for AST26xx SoCs. As HACE and ARCY can only access to DRAM space, additional configuration and boot command are also updated according to move each FIT image before its booting. In addition, the common code of FIT image hash algorithm lookup is also revised to leverage the HW accelerated calculation. v3: - add SW work around for HACE HW DMA issue by resetting HACE - add reset control for HACE device tree node - sync all of the HACE error message to use debug() v2: - update commit authors Chia-Wei Wang (9): aspeed: ast2600: Enlarge SRAM size clk: ast2600: Add RSACLK control for ARCY crypto: aspeed: Add AST2600 ARCY support ast2600: spl: Add ARCY probing ARM: dts: ast2600: Add ARCY to device tree ast2600: spl: Locate load buffer in DRAM space configs: ast2600-evb: Enable SPL FIT support configs: aspeed: Make EXTRA_ENV_SETTINGS board specific configs: ast2600: Boot kernel FIT in DRAM Joel Stanley (5): clk: ast2600: Add YCLK control for HACE crypto: aspeed: Add AST2600 HACE support ast2600: spl: Add HACE probing ARM: dts: ast2600: Add HACE to device tree common: fit: Use hash.c to call CRC/SHA function arch/arm/dts/ast2600-evb.dts | 10 + arch/arm/dts/ast2600.dtsi | 18 + arch/arm/include/asm/arch-aspeed/platform.h | 2 +- .../arm/include/asm/arch-aspeed/scu_ast2600.h | 6 +- arch/arm/mach-aspeed/ast2600/spl.c| 29 +- common/image-fit.c| 35 +- configs/evb-ast2600_defconfig | 26 +- drivers/clk/aspeed/clk_ast2600.c | 35 ++ drivers/crypto/Kconfig| 2 + drivers/crypto/Makefile | 1 + drivers/crypto/aspeed/Kconfig | 22 ++ drivers/crypto/aspeed/Makefile| 2 + drivers/crypto/aspeed/aspeed_arcy.c | 182 +++ drivers/crypto/aspeed/aspeed_hace.c | 308 ++ include/configs/aspeed-common.h | 9 - include/configs/evb_ast2500.h | 6 + include/configs/evb_ast2600.h | 13 + lib/rsa/Kconfig | 10 +- 18 files changed, 666 insertions(+), 50 deletions(-) create mode 100644 drivers/crypto/aspeed/Kconfig create mode 100644 drivers/crypto/aspeed/Makefile create mode 100644 drivers/crypto/aspeed/aspeed_arcy.c create mode 100644 drivers/crypto/aspeed/aspeed_hace.c -- 2.17.1
[PATCH v2 12/14] configs: ast2600-evb: Enable SPL FIT support
Enable SPL FIT image load and verification support. The HW accelerated SHA is also available with the newly added support of the HACE HW hash engine. Signed-off-by: Chia-Wei Wang --- configs/evb-ast2600_defconfig | 24 +--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/configs/evb-ast2600_defconfig b/configs/evb-ast2600_defconfig index f24425997d..5049217b55 100644 --- a/configs/evb-ast2600_defconfig +++ b/configs/evb-ast2600_defconfig @@ -1,7 +1,7 @@ CONFIG_ARM=y CONFIG_SYS_DCACHE_OFF=y CONFIG_ARCH_ASPEED=y -CONFIG_SYS_TEXT_BASE=0x1 +CONFIG_SYS_TEXT_BASE=0x8000 CONFIG_ASPEED_AST2600=y CONFIG_TARGET_EVB_AST2600=y CONFIG_SPL_LIBCOMMON_SUPPORT=y @@ -11,12 +11,19 @@ CONFIG_NR_DRAM_BANKS=1 CONFIG_ENV_SIZE=0x1 CONFIG_DEFAULT_DEVICE_TREE="ast2600-evb" CONFIG_SPL_SERIAL_SUPPORT=y +CONFIG_SPL_DRIVERS_MISC_SUPPORT=y +CONFIG_SPL_STACK_R_ADDR=0x8300 CONFIG_SPL_SIZE_LIMIT=0x1 CONFIG_SPL=y # CONFIG_ARMV7_NONSEC is not set # CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set CONFIG_FIT=y -# CONFIG_LEGACY_IMAGE_FORMAT is not set +CONFIG_FIT_ENABLE_SHA384_SUPPORT=y +CONFIG_FIT_ENABLE_SHA512_SUPPORT=y +CONFIG_SPL_FIT_SIGNATURE=y +CONFIG_SPL_LOAD_FIT=y +CONFIG_SPL_LOAD_FIT_ADDRESS=0x1 +# CONFIG_USE_SPL_FIT_GENERATOR is not set CONFIG_USE_BOOTARGS=y CONFIG_BOOTARGS="console=ttyS4,115200n8 root=/dev/ram rw" CONFIG_USE_BOOTCOMMAND=y @@ -24,8 +31,15 @@ CONFIG_BOOTCOMMAND="bootm 2010" # CONFIG_DISPLAY_CPUINFO is not set CONFIG_SPL_SIZE_LIMIT_SUBTRACT_GD=y CONFIG_SPL_SIZE_LIMIT_SUBTRACT_MALLOC=y -# CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set +CONFIG_SPL_BOARD_INIT=y CONFIG_SPL_SYS_MALLOC_SIMPLE=y +CONFIG_SPL_STACK_R=y +CONFIG_SPL_STACK_R_MALLOC_SIMPLE_LEN=0x200 +CONFIG_SPL_SHA1_SUPPORT=y +CONFIG_SPL_SHA256_SUPPORT=y +CONFIG_SPL_SHA384_SUPPORT=y +CONFIG_SPL_SHA512_SUPPORT=y +CONFIG_SPL_FIT_IMAGE_TINY=y CONFIG_SPL_DM_RESET=y CONFIG_SPL_RAM_SUPPORT=y CONFIG_SPL_RAM_DEVICE=y @@ -45,6 +59,8 @@ CONFIG_REGMAP=y CONFIG_SPL_OF_TRANSLATE=y CONFIG_CLK=y CONFIG_SPL_CLK=y +CONFIG_ASPEED_HACE=y +CONFIG_ASPEED_ARCY=y CONFIG_DM_I2C=y CONFIG_MISC=y CONFIG_SPL_MISC=y @@ -63,6 +79,8 @@ CONFIG_SYS_NS16550=y CONFIG_SYSRESET=y CONFIG_SPL_SYSRESET=y CONFIG_WDT=y +CONFIG_SHA512_HW_ACCEL=y CONFIG_HEXDUMP=y # CONFIG_SPL_HEXDUMP is not set # CONFIG_EFI_LOADER is not set +CONFIG_PHANDLE_CHECK_SEQ=y -- 2.17.1
[PATCH v2 13/14] configs: aspeed: Make EXTRA_ENV_SETTINGS board specific
Move CONFIG_EXTRA_ENV_SETTINGS to board-specific configuration headers. Signed-off-by: Chia-Wei Wang --- include/configs/aspeed-common.h | 9 - include/configs/evb_ast2500.h | 6 ++ include/configs/evb_ast2600.h | 6 ++ 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/include/configs/aspeed-common.h b/include/configs/aspeed-common.h index df0f5d2e76..afe690af53 100644 --- a/include/configs/aspeed-common.h +++ b/include/configs/aspeed-common.h @@ -43,13 +43,4 @@ */ #define CONFIG_BOOTP_BOOTFILESIZE -/* - * Miscellaneous configurable options - */ - -#define CONFIG_EXTRA_ENV_SETTINGS \ - "verify=yes\0" \ - "spi_dma=yes\0" \ - "" - #endif /* __AST_COMMON_CONFIG_H */ diff --git a/include/configs/evb_ast2500.h b/include/configs/evb_ast2500.h index 0ff01af833..a886fd941e 100644 --- a/include/configs/evb_ast2500.h +++ b/include/configs/evb_ast2500.h @@ -16,4 +16,10 @@ /* Memory Info */ #define CONFIG_SYS_LOAD_ADDR 0x8300 +/* Misc */ +#define CONFIG_EXTRA_ENV_SETTINGS \ + "verify=yes\0" \ + "spi_dma=yes\0" \ + "" + #endif /* __CONFIG_H */ diff --git a/include/configs/evb_ast2600.h b/include/configs/evb_ast2600.h index e7975bf66d..d2aceb6663 100644 --- a/include/configs/evb_ast2600.h +++ b/include/configs/evb_ast2600.h @@ -13,4 +13,10 @@ /* Memory Info */ #define CONFIG_SYS_LOAD_ADDR 0x8300 +/* Misc */ +#define CONFIG_EXTRA_ENV_SETTINGS \ + "verify=yes\0" \ + "spi_dma=yes\0" \ + "" + #endif /* __CONFIG_H */ -- 2.17.1
[PATCH v2 14/14] configs: ast2600: Boot kernel FIT in DRAM
AST2600 leverages the FIT hash/signature verification to fulfill secure boot trust chain. To improve the performance and save SW code size for those crypto operations, the two HW crypto engine, HACE and ARCY, are enabled. However, both of the engines can only access to data stored in DRAM space. Therefore, we need to move the FIT image into DRAM before the booting. This patch update the CONFIG_BOOTCOMMAND to execute the pre-defined ENV variable which consists of FIT image copy to memory and booting. Signed-off-by: Chia-Wei Wang --- configs/evb-ast2600_defconfig | 2 +- include/configs/evb_ast2600.h | 7 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/configs/evb-ast2600_defconfig b/configs/evb-ast2600_defconfig index 5049217b55..f87487b82f 100644 --- a/configs/evb-ast2600_defconfig +++ b/configs/evb-ast2600_defconfig @@ -27,7 +27,7 @@ CONFIG_SPL_LOAD_FIT_ADDRESS=0x1 CONFIG_USE_BOOTARGS=y CONFIG_BOOTARGS="console=ttyS4,115200n8 root=/dev/ram rw" CONFIG_USE_BOOTCOMMAND=y -CONFIG_BOOTCOMMAND="bootm 2010" +CONFIG_BOOTCOMMAND="run bootspi" # CONFIG_DISPLAY_CPUINFO is not set CONFIG_SPL_SIZE_LIMIT_SUBTRACT_GD=y CONFIG_SPL_SIZE_LIMIT_SUBTRACT_MALLOC=y diff --git a/include/configs/evb_ast2600.h b/include/configs/evb_ast2600.h index d2aceb6663..83002db317 100644 --- a/include/configs/evb_ast2600.h +++ b/include/configs/evb_ast2600.h @@ -14,7 +14,14 @@ #define CONFIG_SYS_LOAD_ADDR 0x8300 /* Misc */ +#define STR_HELPER(s) #s +#define STR(s) STR_HELPER(s) + #define CONFIG_EXTRA_ENV_SETTINGS \ + "loadaddr=" STR(CONFIG_SYS_LOAD_ADDR) "\0" \ + "bootspi=fdt addr 2010 && fdt header get fitsize totalsize && " \ + "cp.b 2010 ${loadaddr} ${fitsize} && bootm; " \ + "echo Error loading kernel FIT image\0" \ "verify=yes\0" \ "spi_dma=yes\0" \ "" -- 2.17.1
[PATCH v2 05/14] ARM: dts: ast2600: Add HACE to device tree
From: Joel Stanley Add HACE DTS node and enable it for AST2600 EVB. Signed-off-by: Joel Stanley Signed-off-by: Chia-Wei Wang --- arch/arm/dts/ast2600-evb.dts | 5 + arch/arm/dts/ast2600.dtsi| 8 2 files changed, 13 insertions(+) diff --git a/arch/arm/dts/ast2600-evb.dts b/arch/arm/dts/ast2600-evb.dts index 2abd31341c..adb80a30ef 100644 --- a/arch/arm/dts/ast2600-evb.dts +++ b/arch/arm/dts/ast2600-evb.dts @@ -177,3 +177,8 @@ 0x08 0x04 0x08 0x04>; }; + + { + u-boot,dm-pre-reloc; + status = "okay"; +}; diff --git a/arch/arm/dts/ast2600.dtsi b/arch/arm/dts/ast2600.dtsi index ac0f08b7ea..642206fb77 100644 --- a/arch/arm/dts/ast2600.dtsi +++ b/arch/arm/dts/ast2600.dtsi @@ -187,6 +187,14 @@ }; }; + hace: hace@1e6d { + compatible = "aspeed,ast2600-hace"; + reg = <0x1e6d 0x200>; + interrupts = ; + clocks = < ASPEED_CLK_GATE_YCLK>; + status = "disabled"; + }; + edac: sdram@1e6e { compatible = "aspeed,ast2600-sdram-edac"; reg = <0x1e6e 0x174>; -- 2.17.1
[PATCH v2 06/14] common: fit: Use hash.c to call CRC/SHA function
From: Joel Stanley Currently the FIT verification calls directly into SW implemented functions to get a CRC/SHA/MD5 hash. This patch removes duplcated algorithm lookup and use hash_lookup_algo to get the hashing function with HW accelearation supported if configured. The MD5 direct call remains as it is not included in the hash lookup table of hash.c. Signed-off-by: Joel Stanley Signed-off-by: Chia-Wei Wang --- common/image-fit.c | 35 ++- 1 file changed, 10 insertions(+), 25 deletions(-) diff --git a/common/image-fit.c b/common/image-fit.c index 0c5a05948d..e52ff47bc3 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -1196,7 +1196,7 @@ int fit_set_timestamp(void *fit, int noffset, time_t timestamp) * calculate_hash - calculate and return hash for provided input data * @data: pointer to the input data * @data_len: data length - * @algo: requested hash algorithm + * @algo_name: requested hash algorithm * @value: pointer to the char, will hold hash value data (caller must * allocate enough free space) * value_len: length of the calculated hash @@ -1210,37 +1210,22 @@ int fit_set_timestamp(void *fit, int noffset, time_t timestamp) * 0, on success *-1, when algo is unsupported */ -int calculate_hash(const void *data, int data_len, const char *algo, - uint8_t *value, int *value_len) +int calculate_hash(const void *data, int data_len, const char *algo_name, + uint8_t *value, int *value_len) { - if (IMAGE_ENABLE_CRC32 && strcmp(algo, "crc32") == 0) { - *((uint32_t *)value) = crc32_wd(0, data, data_len, - CHUNKSZ_CRC32); - *((uint32_t *)value) = cpu_to_uimage(*((uint32_t *)value)); - *value_len = 4; - } else if (IMAGE_ENABLE_SHA1 && strcmp(algo, "sha1") == 0) { - sha1_csum_wd((unsigned char *)data, data_len, -(unsigned char *)value, CHUNKSZ_SHA1); - *value_len = 20; - } else if (IMAGE_ENABLE_SHA256 && strcmp(algo, "sha256") == 0) { - sha256_csum_wd((unsigned char *)data, data_len, - (unsigned char *)value, CHUNKSZ_SHA256); - *value_len = SHA256_SUM_LEN; - } else if (IMAGE_ENABLE_SHA384 && strcmp(algo, "sha384") == 0) { - sha384_csum_wd((unsigned char *)data, data_len, - (unsigned char *)value, CHUNKSZ_SHA384); - *value_len = SHA384_SUM_LEN; - } else if (IMAGE_ENABLE_SHA512 && strcmp(algo, "sha512") == 0) { - sha512_csum_wd((unsigned char *)data, data_len, - (unsigned char *)value, CHUNKSZ_SHA512); - *value_len = SHA512_SUM_LEN; - } else if (IMAGE_ENABLE_MD5 && strcmp(algo, "md5") == 0) { + struct hash_algo *algo; + + if (IMAGE_ENABLE_MD5 && strcmp(algo_name, "md5") == 0) { md5_wd((unsigned char *)data, data_len, value, CHUNKSZ_MD5); *value_len = 16; + } else if (hash_lookup_algo(algo_name, ) == 0) { + algo->hash_func_ws(data, data_len, value, algo->chunk_size); + *value_len = algo->digest_size; } else { debug("Unsupported hash alogrithm\n"); return -1; } + return 0; } -- 2.17.1