[PATCH 1/1] include/configs: ls1012a: Remove fdt_high env variable
From: Udit Agarwal Remove "fdt_high" environment variable to use the bootm_size to safely contain a kernel, device tree and initrd for relocation. Signed-off-by: Udit Agarwal --- include/configs/ls1012a2g5rdb.h | 2 +- include/configs/ls1012a_common.h | 2 +- include/configs/ls1012afrdm.h| 2 +- include/configs/ls1012afrwy.h| 2 +- include/configs/ls1012ardb.h | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/configs/ls1012a2g5rdb.h b/include/configs/ls1012a2g5rdb.h index 869e0ad6b8..ad16fdcbd3 100644 --- a/include/configs/ls1012a2g5rdb.h +++ b/include/configs/ls1012a2g5rdb.h @@ -35,7 +35,6 @@ #undef CONFIG_EXTRA_ENV_SETTINGS #define CONFIG_EXTRA_ENV_SETTINGS \ "verify=no\0" \ - "fdt_high=0x\0" \ "initrd_high=0x\0" \ "fdt_addr=0x00f0\0" \ "kernel_addr=0x0100\0" \ @@ -49,6 +48,7 @@ "load_addr=0xa000\0"\ "kernel_size=0x280\0" \ "kernelheader_size=0x4\0" \ + "bootm_size=0x1000\0" \ "console=ttyS0,115200\0"\ BOOTENV \ "boot_scripts=ls1012ardb_boot.scr\0"\ diff --git a/include/configs/ls1012a_common.h b/include/configs/ls1012a_common.h index 3bea9a9186..eed12e0234 100644 --- a/include/configs/ls1012a_common.h +++ b/include/configs/ls1012a_common.h @@ -83,11 +83,11 @@ "verify=no\0" \ "loadaddr=0x8010\0" \ "kernel_addr=0x10\0"\ - "fdt_high=0x\0" \ "initrd_high=0x\0" \ "kernel_start=0x100\0" \ "kernel_load=0xa000\0" \ "kernel_size=0x280\0" \ + "bootm_size=0x1000\0" \ #undef CONFIG_BOOTCOMMAND #ifdef CONFIG_TFABOOT diff --git a/include/configs/ls1012afrdm.h b/include/configs/ls1012afrdm.h index 54ea43420f..dae06535d6 100644 --- a/include/configs/ls1012afrdm.h +++ b/include/configs/ls1012afrdm.h @@ -25,7 +25,6 @@ #define CONFIG_EXTRA_ENV_SETTINGS \ "verify=no\0" \ "fdt_high=0x\0" \ - "initrd_high=0x\0" \ "fdt_addr=0x00f0\0" \ "kernel_addr=0x0100\0" \ "scriptaddr=0x8000\0" \ @@ -35,6 +34,7 @@ "fdt_addr_r=0x9000\0" \ "load_addr=0x9600\0"\ "kernel_size=0x280\0" \ + "bootm_size=0x1000\0" \ "console=ttyS0,115200\0"\ BOOTENV \ "boot_scripts=ls1012afrdm_boot.scr\0" \ diff --git a/include/configs/ls1012afrwy.h b/include/configs/ls1012afrwy.h index 1ea6548015..eeb1fa8122 100644 --- a/include/configs/ls1012afrwy.h +++ b/include/configs/ls1012afrwy.h @@ -46,7 +46,6 @@ #undef CONFIG_EXTRA_ENV_SETTINGS #define CONFIG_EXTRA_ENV_SETTINGS \ "verify=no\0" \ - "fdt_high=0x\0" \ "initrd_high=0x\0" \ "fdt_addr=0x00f0\0" \ "kernel_addr=0x0100\0" \ @@ -66,6 +65,7 @@ "load_addr=0x9200\0"\ "kernel_size=0x280\0" \ "kernelheader_size=0x4\0" \ + "bootm_size=0x1000\0" \ "console=ttyS0,115200\0"\ "BOARD=ls1012afrwy\0" \ BOOTENV \ diff --git a/include/configs/ls1012ardb.h b/include/configs/ls1012ardb.h index 8fb75650e2..428130ee57 100644 --- a/include/configs/ls1012ardb.h +++ b/include/configs/ls1012ardb.h @@ -54,7 +54,6 @@ #undef CONFIG_EXTRA_ENV_SETTINGS #define CONFIG_EXTRA_ENV_SETTINGS \ "verify=no\0" \ - "fdt_high=0x\0" \ "initrd_high=0x\0" \ "fdt_addr=0x00f0\0" \ "kernel_addr=0x0100\0" \ @@ -68,6 +67,7 @@ "load_addr=0xa000\0"\ "kernel_size=0x280\0" \ "kernelheader_size=0x4\0" \ + "bootm_size=0x1000\0" \ "console=ttyS0,115200\0"\ BOOTENV \ "boot_scripts=ls1012ardb_boot.scr\0"\ -- 2.17.1
[U-Boot] [Patch v4 1/2] configs: fsl-layerscape: secure_boot: Enable setexpr command
setexpr command is used while running secure boot (chain of trust with confidentiality) feature. Enable CONFIG_CMD_SETEXPR to enable setexpr command. Signed-off-by: Udit Agarwal --- Changes in v4: Corrects commit message. configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1012aqds_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1012ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1028aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1028ardb_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1043aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1043ardb_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1046aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1046ardb_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1088ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls2088ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/lx2160aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/lx2160ardb_tfa_SECURE_BOOT_defconfig | 1 + 13 files changed, 13 insertions(+), 4 deletions(-) diff --git a/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig b/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig index 640a462dfb..2e715343c4 100644 --- a/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig @@ -53,4 +53,5 @@ CONFIG_DM_USB=y CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_RSA=y +CONFIG_CMD_SETEXPR=y CONFIG_RSA_SOFTWARE_EXP=y diff --git a/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig b/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig index f011aa02f5..bb2c4dd2c0 100644 --- a/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig @@ -30,7 +30,7 @@ CONFIG_CMD_SF=y CONFIG_CMD_SPI=y CONFIG_DEFAULT_SPI_BUS=1 CONFIG_CMD_USB=y -# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_SETEXPR=y CONFIG_CMD_CACHE=y CONFIG_CMD_DATE=y CONFIG_OF_CONTROL=y diff --git a/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig index f3a2a13e0b..438aa29547 100644 --- a/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig @@ -27,7 +27,7 @@ CONFIG_CMD_MMC=y CONFIG_CMD_PCI=y CONFIG_CMD_SF=y CONFIG_CMD_USB=y -# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_SETEXPR=y CONFIG_CMD_CACHE=y CONFIG_OF_CONTROL=y CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1012a-rdb" diff --git a/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig b/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig index c115885923..09da097fc2 100644 --- a/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig @@ -73,4 +73,5 @@ CONFIG_USB_XHCI_DWC3=y CONFIG_WDT=y CONFIG_WDT_SP805=y CONFIG_RSA=y +CONFIG_CMD_SETEXPR=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y diff --git a/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig index caba7f7be4..53d96b4610 100644 --- a/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig @@ -73,4 +73,5 @@ CONFIG_USB_XHCI_DWC3=y CONFIG_WDT=y CONFIG_WDT_SP805=y CONFIG_RSA=y +CONFIG_CMD_SETEXPR=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y diff --git a/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig b/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig index 472786ab26..579a9b8448 100644 --- a/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig @@ -59,4 +59,5 @@ CONFIG_USB_XHCI_DWC3=y CONFIG_RSA=y CONFIG_SPL_RSA=y CONFIG_RSA_SOFTWARE_EXP=y +CONFIG_CMD_SETEXPR=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y diff --git a/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig index 5c8257de4e..dad3eab9a7 100644 --- a/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig @@ -53,3 +53,4 @@ CONFIG_RSA=y CONFIG_SPL_RSA=y CONFIG_RSA_SOFTWARE_EXP=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_CMD_SETEXPR=y diff --git a/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig b/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig index 2b4f72f54c..d823f7253e 100644 --- a/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig @@ -60,3 +60,4 @@ CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_RSA=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_CMD_SETEXPR=y diff --git a/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig index 9423d7db22..957d041355 100644 --- a/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig @@ -53,3 +53,4 @@ CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_RSA=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_CMD_SETEXPR=y diff --git a/configs/ls1088ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1088ardb_tfa_SECURE_BOOT_defconfig index 45df1347fa..535fb0e6fd 100644 --- a/configs/ls1088ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1088ardb_tfa_SECURE_BOOT_defconfig @@ -26,7 +26,7 @@ CONFIG_CMD_I2C=y CONFIG_CMD_MMC=y CONFIG_CMD_SF=y CONFIG_CMD_USB=y -# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD
[U-Boot] [Patch v4 2/2] armv8: fsl-layerscape: Increase mmc read size for secure-boot headers
Maximum size of secure boot header to be read from MMC is 12KB which spans across 0x20 blocks. Hence increase the mmc read size for secure boot headers from MMC to 0x20 blocks. Signed-off-by: Udit Agarwal --- Changes in v4: Corrects commit message. include/configs/ls1088ardb.h | 18 +- include/configs/ls2080ardb.h | 8 include/configs/lx2160a_common.h | 8 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/include/configs/ls1088ardb.h b/include/configs/ls1088ardb.h index b71f70426c..50de658d2e 100644 --- a/include/configs/ls1088ardb.h +++ b/include/configs/ls1088ardb.h @@ -318,8 +318,8 @@ "mmcinfo;mmc read 0x8000 0x5000 0x800;" \ "mmc read 0x8010 0x7000 0x800;" \ "env exists secureboot && " \ - "mmc read 0x8070 0x3800 0x10 && " \ - "mmc read 0x8074 0x3A00 0x10 && " \ + "mmc read 0x8070 0x3800 0x20 && " \ + "mmc read 0x8074 0x3A00 0x20 && " \ "esbc_validate 0x8070 && " \ "esbc_validate 0x8074 ;"\ "fsl_mc start mc 0x8000 0x8010\0" @@ -340,8 +340,8 @@ "mcinitcmd=mmcinfo;mmc read 0x8000 0x5000 0x800;" \ "mmc read 0x8010 0x7000 0x800;" \ "env exists secureboot && " \ - "mmc read 0x8070 0x3800 0x10 && " \ - "mmc read 0x8074 0x3A00 0x10 && " \ + "mmc read 0x8070 0x3800 0x20 && " \ + "mmc read 0x8074 0x3A00 0x20 && " \ "esbc_validate 0x8070 && " \ "esbc_validate 0x8074 ;"\ "fsl_mc start mc 0x8000 0x8010\0" \ @@ -375,7 +375,7 @@ "load_addr=0xa000\0"\ "kernel_size=0x280\0" \ "kernel_size_sd=0x14000\0" \ - "kernelhdr_size_sd=0x10\0" \ + "kernelhdr_size_sd=0x20\0" \ QSPI_MC_INIT_CMD\ "mcmemsize=0x7000\0"\ BOOTENV \ @@ -444,7 +444,7 @@ "load_addr=0xa000\0"\ "kernel_size=0x280\0" \ "kernel_size_sd=0x14000\0" \ - "kernelhdr_size_sd=0x10\0" \ + "kernelhdr_size_sd=0x20\0" \ MC_INIT_CMD \ BOOTENV \ "boot_scripts=ls1088ardb_boot.scr\0"\ @@ -491,7 +491,7 @@ #undef CONFIG_BOOTCOMMAND #ifdef CONFIG_TFABOOT #define QSPI_NOR_BOOTCOMMAND \ - "sf read 0x80001000 0xd0 0x10;" \ + "sf read 0x80001000 0xd0 0x10;" \ "env exists mcinitcmd && env exists secureboot "\ " && sf read 0x8078 0x78 0x10 " \ "&& esbc_validate 0x8078;env exists mcinitcmd " \ @@ -502,7 +502,7 @@ "env exists mcinitcmd && mmcinfo; " \ "mmc read 0x80001000 0x6800 0x800; "\ "env exists mcinitcmd && env exists secureboot "\ - " && mmc read 0x8078 0x3C00 0x10 " \ + " && mmc read 0x8078 0x3C00 0x20 " \ "&& esbc_validate 0x8078;env exists mcinitcmd " \ "&& fsl_mc lazyapply dpl 0x80001000;" \ "run distro_bootcmd;run sd_bootcmd;"\ @@ -525,7 +525,7 @@ "env exists mcinitcmd && mmcinfo; " \ "mmc read 0x80001000 0x6800 0x800; "\ "env exists mcinitcmd && env exists secureboot "\ - " && mmc read 0x8078 0x3C00 0x10 " \ + " && mmc read 0x8078 0x3C00 0x20 " \ "&& esbc_validate 0x8078;env exists mcinitcmd " \ "&& fsl_mc lazyapply dpl 0x80001000;"
[U-Boot] [PATCH v4] board/freescale/ls1028a: Secure boot: Adds sec_init call
Call sec_init function to initialise the job ring parameters for secure boot operations. Signed-off-by: Udit Agarwal --- Changes in V4: Corrects commit message. board/freescale/ls1028a/ls1028a.c | 4 1 file changed, 4 insertions(+) diff --git a/board/freescale/ls1028a/ls1028a.c b/board/freescale/ls1028a/ls1028a.c index c9e6c4aa6c..ed98eedfbe 100644 --- a/board/freescale/ls1028a/ls1028a.c +++ b/board/freescale/ls1028a/ls1028a.c @@ -64,6 +64,10 @@ int board_init(void) gd->env_addr = (ulong)_environment[0]; #endif +#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif + #ifdef CONFIG_FSL_LS_PPA ppa_init(); #endif -- 2.17.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v4] configs/ls1046afrwy: Add TFA secure boot defconfig
Enables secure boot related configs in defconfig for LS1046AFRWY. Signed-off-by: Udit Agarwal --- Changes in V4: Corrects commit message. configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig | 57 +++ 1 file changed, 57 insertions(+) create mode 100644 configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig diff --git a/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig new file mode 100644 index 00..aa293302f5 --- /dev/null +++ b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig @@ -0,0 +1,57 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS1046AFRWY=y +CONFIG_TFABOOT=y +CONFIG_SYS_TEXT_BASE=0x8200 +CONFIG_SECURE_BOOT=y +CONFIG_QSPI_AHB_INIT=y +CONFIG_NR_DRAM_BANKS=2 +CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT=y +CONFIG_SEC_FIRMWARE_ARMV8_PSCI=y +CONFIG_AHCI=y +CONFIG_DISTRO_DEFAULTS=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_USE_BOOTARGS=y +CONFIG_BOOTARGS="console=ttyS0,115200 root=/dev/ram0 earlycon=uart8250,mmio,0x21c0500 mtdparts=155.spi:1m(rcw),15m(u-boot),48m(kernel.itb);7e80.flash:16m(nand_uboot),48m(nand_kernel),448m(nand_free)" +CONFIG_MISC_INIT_R=y +CONFIG_CMD_GPT=y +CONFIG_CMD_I2C=y +CONFIG_CMD_MMC=y +CONFIG_CMD_NAND=y +CONFIG_CMD_PCI=y +CONFIG_CMD_SF=y +CONFIG_CMD_USB=y +CONFIG_CMD_CACHE=y +CONFIG_MP=y +CONFIG_MTDPARTS_DEFAULT="mtdparts=155.spi:1m(rcw),15m(u-boot),48m(kernel.itb);7e80.flash:16m(nand_uboot),48m(nand_kernel),448m(nand_free)" +CONFIG_OF_CONTROL=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1046a-frwy" +CONFIG_ENV_IS_NOWHERE=y +CONFIG_DM=y +CONFIG_SATA_CEVA=y +CONFIG_FSL_CAAM=y +CONFIG_DM_MMC=y +CONFIG_FSL_ESDHC=y +CONFIG_SPI_FLASH=y +# CONFIG_SPI_FLASH_BAR is not set +CONFIG_SPI_FLASH_STMICRO=y +# CONFIG_SPI_FLASH_USE_4K_SECTORS is not set +CONFIG_PHYLIB=y +CONFIG_PHY_VITESSE=y +CONFIG_PHY_GIGE=y +CONFIG_E1000=y +CONFIG_PCI=y +CONFIG_DM_PCI=y +CONFIG_DM_PCI_COMPAT=y +CONFIG_PCIE_LAYERSCAPE=y +CONFIG_DM_SCSI=y +CONFIG_SYS_NS16550=y +CONFIG_SPI=y +CONFIG_DM_SPI=y +CONFIG_FSL_QSPI=y +CONFIG_USB=y +CONFIG_DM_USB=y +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_XHCI_DWC3=y +CONFIG_RSA=y +CONFIG_CMD_SETEXPR=y -- 2.17.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v3 2/2] Maximum size of secure boot header to be read from MMC is 12KB which spans across 0x20 blocks.
Hence increase the mmc read size for secure boot headers from MMC to 0x20 blocks. Signed-off-by: Udit Agarwal --- Changes in V3: Resends the patch. include/configs/ls1088ardb.h | 18 +- include/configs/ls2080ardb.h | 8 include/configs/lx2160a_common.h | 8 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/include/configs/ls1088ardb.h b/include/configs/ls1088ardb.h index b71f70426c..50de658d2e 100644 --- a/include/configs/ls1088ardb.h +++ b/include/configs/ls1088ardb.h @@ -318,8 +318,8 @@ "mmcinfo;mmc read 0x8000 0x5000 0x800;" \ "mmc read 0x8010 0x7000 0x800;" \ "env exists secureboot && " \ - "mmc read 0x8070 0x3800 0x10 && " \ - "mmc read 0x8074 0x3A00 0x10 && " \ + "mmc read 0x8070 0x3800 0x20 && " \ + "mmc read 0x8074 0x3A00 0x20 && " \ "esbc_validate 0x8070 && " \ "esbc_validate 0x8074 ;"\ "fsl_mc start mc 0x8000 0x8010\0" @@ -340,8 +340,8 @@ "mcinitcmd=mmcinfo;mmc read 0x8000 0x5000 0x800;" \ "mmc read 0x8010 0x7000 0x800;" \ "env exists secureboot && " \ - "mmc read 0x8070 0x3800 0x10 && " \ - "mmc read 0x8074 0x3A00 0x10 && " \ + "mmc read 0x8070 0x3800 0x20 && " \ + "mmc read 0x8074 0x3A00 0x20 && " \ "esbc_validate 0x8070 && " \ "esbc_validate 0x8074 ;"\ "fsl_mc start mc 0x8000 0x8010\0" \ @@ -375,7 +375,7 @@ "load_addr=0xa000\0"\ "kernel_size=0x280\0" \ "kernel_size_sd=0x14000\0" \ - "kernelhdr_size_sd=0x10\0" \ + "kernelhdr_size_sd=0x20\0" \ QSPI_MC_INIT_CMD\ "mcmemsize=0x7000\0"\ BOOTENV \ @@ -444,7 +444,7 @@ "load_addr=0xa000\0"\ "kernel_size=0x280\0" \ "kernel_size_sd=0x14000\0" \ - "kernelhdr_size_sd=0x10\0" \ + "kernelhdr_size_sd=0x20\0" \ MC_INIT_CMD \ BOOTENV \ "boot_scripts=ls1088ardb_boot.scr\0"\ @@ -491,7 +491,7 @@ #undef CONFIG_BOOTCOMMAND #ifdef CONFIG_TFABOOT #define QSPI_NOR_BOOTCOMMAND \ - "sf read 0x80001000 0xd0 0x10;" \ + "sf read 0x80001000 0xd0 0x10;" \ "env exists mcinitcmd && env exists secureboot "\ " && sf read 0x8078 0x78 0x10 " \ "&& esbc_validate 0x8078;env exists mcinitcmd " \ @@ -502,7 +502,7 @@ "env exists mcinitcmd && mmcinfo; " \ "mmc read 0x80001000 0x6800 0x800; "\ "env exists mcinitcmd && env exists secureboot "\ - " && mmc read 0x8078 0x3C00 0x10 " \ + " && mmc read 0x8078 0x3C00 0x20 " \ "&& esbc_validate 0x8078;env exists mcinitcmd " \ "&& fsl_mc lazyapply dpl 0x80001000;" \ "run distro_bootcmd;run sd_bootcmd;"\ @@ -525,7 +525,7 @@ "env exists mcinitcmd && mmcinfo; " \ "mmc read 0x80001000 0x6800 0x800; "\ "env exists mcinitcmd && env exists secureboot "\ - " && mmc read 0x8078 0x3C00 0x10 " \ + " && mmc read 0x8078 0x3C00 0x20 " \ "&& esbc_validate 0x8078;env exists mcinitcmd " \ "&& fsl_mc lazyapply dpl 0x80001000;" \ "run distro_bootcmd;run sd_bootcmd;"\ diff --git a/
[U-Boot] [PATCH v3 1/2] setexpr command is used while running secure boot (chain of trust with confidentiality) feature.
So, Enable CONFIG_CMD_SETEXPR to enable setexpr command. Signed-off-by: Udit Agarwal --- Changes in V3: Resends patches. configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1012aqds_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1012ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1028aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1028ardb_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1043aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1043ardb_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1046aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1046ardb_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1088ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls2088ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/lx2160aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/lx2160ardb_tfa_SECURE_BOOT_defconfig | 1 + 13 files changed, 13 insertions(+), 4 deletions(-) diff --git a/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig b/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig index 640a462dfb..2e715343c4 100644 --- a/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig @@ -53,4 +53,5 @@ CONFIG_DM_USB=y CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_RSA=y +CONFIG_CMD_SETEXPR=y CONFIG_RSA_SOFTWARE_EXP=y diff --git a/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig b/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig index f011aa02f5..bb2c4dd2c0 100644 --- a/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig @@ -30,7 +30,7 @@ CONFIG_CMD_SF=y CONFIG_CMD_SPI=y CONFIG_DEFAULT_SPI_BUS=1 CONFIG_CMD_USB=y -# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_SETEXPR=y CONFIG_CMD_CACHE=y CONFIG_CMD_DATE=y CONFIG_OF_CONTROL=y diff --git a/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig index f3a2a13e0b..438aa29547 100644 --- a/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig @@ -27,7 +27,7 @@ CONFIG_CMD_MMC=y CONFIG_CMD_PCI=y CONFIG_CMD_SF=y CONFIG_CMD_USB=y -# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_SETEXPR=y CONFIG_CMD_CACHE=y CONFIG_OF_CONTROL=y CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1012a-rdb" diff --git a/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig b/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig index c115885923..09da097fc2 100644 --- a/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig @@ -73,4 +73,5 @@ CONFIG_USB_XHCI_DWC3=y CONFIG_WDT=y CONFIG_WDT_SP805=y CONFIG_RSA=y +CONFIG_CMD_SETEXPR=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y diff --git a/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig index caba7f7be4..53d96b4610 100644 --- a/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig @@ -73,4 +73,5 @@ CONFIG_USB_XHCI_DWC3=y CONFIG_WDT=y CONFIG_WDT_SP805=y CONFIG_RSA=y +CONFIG_CMD_SETEXPR=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y diff --git a/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig b/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig index 472786ab26..579a9b8448 100644 --- a/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig @@ -59,4 +59,5 @@ CONFIG_USB_XHCI_DWC3=y CONFIG_RSA=y CONFIG_SPL_RSA=y CONFIG_RSA_SOFTWARE_EXP=y +CONFIG_CMD_SETEXPR=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y diff --git a/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig index 5c8257de4e..dad3eab9a7 100644 --- a/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig @@ -53,3 +53,4 @@ CONFIG_RSA=y CONFIG_SPL_RSA=y CONFIG_RSA_SOFTWARE_EXP=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_CMD_SETEXPR=y diff --git a/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig b/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig index 2b4f72f54c..d823f7253e 100644 --- a/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig @@ -60,3 +60,4 @@ CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_RSA=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_CMD_SETEXPR=y diff --git a/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig index 9423d7db22..957d041355 100644 --- a/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig @@ -53,3 +53,4 @@ CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_RSA=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_CMD_SETEXPR=y diff --git a/configs/ls1088ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1088ardb_tfa_SECURE_BOOT_defconfig index 45df1347fa..535fb0e6fd 100644 --- a/configs/ls1088ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1088ardb_tfa_SECURE_BOOT_defconfig @@ -26,7 +26,7 @@ CONFIG_CMD_I2C=y CONFIG_CMD_MMC=y CONFIG_CMD_SF=y CONFIG_CMD_USB=y -# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_SETEXPR=y CONFIG_MP=y CONFIG_OF_CONTROL=y CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1088a-rdb"
[U-Boot] [PATCH v3] Add TFA secure boot defconfig and Enables secure boot related configs in it.
Signed-off-by: Udit Agarwal --- Changes in V3: Corrects commit message and resends patch. configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig | 57 +++ 1 file changed, 57 insertions(+) create mode 100644 configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig diff --git a/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig new file mode 100644 index 00..aa293302f5 --- /dev/null +++ b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig @@ -0,0 +1,57 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS1046AFRWY=y +CONFIG_TFABOOT=y +CONFIG_SYS_TEXT_BASE=0x8200 +CONFIG_SECURE_BOOT=y +CONFIG_QSPI_AHB_INIT=y +CONFIG_NR_DRAM_BANKS=2 +CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT=y +CONFIG_SEC_FIRMWARE_ARMV8_PSCI=y +CONFIG_AHCI=y +CONFIG_DISTRO_DEFAULTS=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_USE_BOOTARGS=y +CONFIG_BOOTARGS="console=ttyS0,115200 root=/dev/ram0 earlycon=uart8250,mmio,0x21c0500 mtdparts=155.spi:1m(rcw),15m(u-boot),48m(kernel.itb);7e80.flash:16m(nand_uboot),48m(nand_kernel),448m(nand_free)" +CONFIG_MISC_INIT_R=y +CONFIG_CMD_GPT=y +CONFIG_CMD_I2C=y +CONFIG_CMD_MMC=y +CONFIG_CMD_NAND=y +CONFIG_CMD_PCI=y +CONFIG_CMD_SF=y +CONFIG_CMD_USB=y +CONFIG_CMD_CACHE=y +CONFIG_MP=y +CONFIG_MTDPARTS_DEFAULT="mtdparts=155.spi:1m(rcw),15m(u-boot),48m(kernel.itb);7e80.flash:16m(nand_uboot),48m(nand_kernel),448m(nand_free)" +CONFIG_OF_CONTROL=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1046a-frwy" +CONFIG_ENV_IS_NOWHERE=y +CONFIG_DM=y +CONFIG_SATA_CEVA=y +CONFIG_FSL_CAAM=y +CONFIG_DM_MMC=y +CONFIG_FSL_ESDHC=y +CONFIG_SPI_FLASH=y +# CONFIG_SPI_FLASH_BAR is not set +CONFIG_SPI_FLASH_STMICRO=y +# CONFIG_SPI_FLASH_USE_4K_SECTORS is not set +CONFIG_PHYLIB=y +CONFIG_PHY_VITESSE=y +CONFIG_PHY_GIGE=y +CONFIG_E1000=y +CONFIG_PCI=y +CONFIG_DM_PCI=y +CONFIG_DM_PCI_COMPAT=y +CONFIG_PCIE_LAYERSCAPE=y +CONFIG_DM_SCSI=y +CONFIG_SYS_NS16550=y +CONFIG_SPI=y +CONFIG_DM_SPI=y +CONFIG_FSL_QSPI=y +CONFIG_USB=y +CONFIG_DM_USB=y +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_XHCI_DWC3=y +CONFIG_RSA=y +CONFIG_CMD_SETEXPR=y -- 2.17.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v2 2/2] freescale/powerpc: Rename the config CONFIG_SECURE_BOOT name.
Renames the CONFIG_SECURE_BOOT name to CONFIG_NXP_ESBC to avoid conflicts with UEFI secure boot. Signed-off-by: Udit Agarwal --- Changes in V2: Rebase on top of master branch. arch/powerpc/cpu/mpc85xx/Kconfig | 4 ++-- arch/powerpc/cpu/mpc85xx/cpu_init.c| 8 arch/powerpc/cpu/mpc85xx/start.S | 10 +- arch/powerpc/cpu/mpc8xxx/law.c | 4 ++-- arch/powerpc/include/asm/fsl_secure_boot.h | 4 ++-- board/freescale/common/p_corenet/tlb.c | 2 +- board/freescale/t104xrdb/tlb.c | 4 ++-- configs/B4860QDS_SECURE_BOOT_defconfig | 2 +- configs/BSC9132QDS_NAND_DDRCLK100_SECURE_defconfig | 2 +- configs/BSC9132QDS_NAND_DDRCLK133_SECURE_defconfig | 2 +- configs/BSC9132QDS_NOR_DDRCLK100_SECURE_defconfig | 2 +- configs/BSC9132QDS_NOR_DDRCLK133_SECURE_defconfig | 2 +- configs/BSC9132QDS_SDCARD_DDRCLK100_SECURE_defconfig | 2 +- configs/BSC9132QDS_SDCARD_DDRCLK133_SECURE_defconfig | 2 +- configs/BSC9132QDS_SPIFLASH_DDRCLK100_SECURE_defconfig | 2 +- configs/BSC9132QDS_SPIFLASH_DDRCLK133_SECURE_defconfig | 2 +- configs/C29XPCIE_NOR_SECBOOT_defconfig | 2 +- configs/C29XPCIE_SPIFLASH_SECBOOT_defconfig| 2 +- configs/P1010RDB-PA_36BIT_NAND_SECBOOT_defconfig | 2 +- configs/P1010RDB-PA_36BIT_NOR_SECBOOT_defconfig| 2 +- configs/P1010RDB-PA_36BIT_SPIFLASH_SECBOOT_defconfig | 2 +- configs/P1010RDB-PA_NAND_SECBOOT_defconfig | 2 +- configs/P1010RDB-PA_NOR_SECBOOT_defconfig | 2 +- configs/P1010RDB-PA_SPIFLASH_SECBOOT_defconfig | 2 +- configs/P1010RDB-PB_36BIT_NAND_SECBOOT_defconfig | 2 +- configs/P1010RDB-PB_36BIT_NOR_SECBOOT_defconfig| 2 +- configs/P1010RDB-PB_36BIT_SPIFLASH_SECBOOT_defconfig | 2 +- configs/P1010RDB-PB_NAND_SECBOOT_defconfig | 2 +- configs/P1010RDB-PB_NOR_SECBOOT_defconfig | 2 +- configs/P1010RDB-PB_SPIFLASH_SECBOOT_defconfig | 2 +- configs/P2041RDB_SECURE_BOOT_defconfig | 2 +- configs/P3041DS_NAND_SECURE_BOOT_defconfig | 2 +- configs/P3041DS_SECURE_BOOT_defconfig | 2 +- configs/P4080DS_SECURE_BOOT_defconfig | 2 +- configs/P5020DS_NAND_SECURE_BOOT_defconfig | 2 +- configs/P5020DS_SECURE_BOOT_defconfig | 2 +- configs/P5040DS_NAND_SECURE_BOOT_defconfig | 2 +- configs/P5040DS_SECURE_BOOT_defconfig | 2 +- configs/T1023RDB_SECURE_BOOT_defconfig | 2 +- configs/T1024QDS_DDR4_SECURE_BOOT_defconfig| 2 +- configs/T1024QDS_SECURE_BOOT_defconfig | 2 +- configs/T1024RDB_SECURE_BOOT_defconfig | 2 +- configs/T1040D4RDB_SECURE_BOOT_defconfig | 2 +- configs/T1040QDS_SECURE_BOOT_defconfig | 2 +- configs/T1040RDB_SECURE_BOOT_defconfig | 2 +- configs/T1042D4RDB_SECURE_BOOT_defconfig | 2 +- configs/T1042RDB_PI_NAND_SECURE_BOOT_defconfig | 2 +- configs/T1042RDB_SECURE_BOOT_defconfig | 2 +- configs/T2080QDS_SECURE_BOOT_defconfig | 2 +- configs/T2080RDB_SECURE_BOOT_defconfig | 2 +- configs/T4160QDS_SECURE_BOOT_defconfig | 2 +- configs/T4240QDS_SECURE_BOOT_defconfig | 2 +- doc/README.mpc85xx | 8 include/configs/P1010RDB.h | 4 ++-- include/configs/T104xRDB.h | 6 +++--- include/configs/corenet_ds.h | 2 +- 56 files changed, 73 insertions(+), 73 deletions(-) diff --git a/arch/powerpc/cpu/mpc85xx/Kconfig b/arch/powerpc/cpu/mpc85xx/Kconfig index c038a6ddb0..8cc82f80b4 100644 --- a/arch/powerpc/cpu/mpc85xx/Kconfig +++ b/arch/powerpc/cpu/mpc85xx/Kconfig @@ -1208,8 +1208,8 @@ config FSL_LAW help Use Freescale common code for Local Access Window -config SECURE_BOOT - bool"Secure Boot" +config NXP_ESBC + bool"NXP_ESBC" help Enable Freescale Secure Boot feature. Normally selected by defconfig. If unsure, do not change. diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init.c b/arch/powerpc/cpu/mpc85xx/cpu_init.c index cac9280790..c2b2ef2041 100644 --- a/arch/powerpc/cpu/mpc85xx/cpu_init.c +++ b/arch/powerpc/cpu/mpc85xx/cpu_init.c @@ -38,7 +38,7 @@ #ifdef CONFIG_FSL_CAAM #include #endif -#if defined(CONFIG_SECURE_BOOT) && defined(CONFIG_FSL_CORENET) +#if defined(CONFIG_NXP_ESBC) && defined(CONFIG_FSL_CORENET) #include #include #endif @@ -440,7 +440,7 @@ ulong cpu_init_f(void) #ifdef CONFIG_SYS_DCSRBAR_PHYS ccsr_gur_t *gur = (void *)(CONFIG_SYS_MPC8
[U-Boot] [PATCH v2 1/2] freescale/layerscape: Rename the config CONFIG_SECURE_BOOT name.
Renames CONFIG_SECURE_BOOT to CONFIG_NXP_ESBC to avoid conflict with UEFI secure boot. Signed-off-by: Udit Agarwal --- Changes in V2: Rebase on top of master branch. arch/arm/cpu/armv7/ls102xa/Kconfig | 4 ++-- arch/arm/cpu/armv8/fsl-layerscape/Kconfig| 4 ++-- arch/arm/cpu/armv8/fsl-layerscape/spl.c | 2 +- board/freescale/common/Kconfig | 2 +- board/freescale/common/Makefile | 2 +- board/freescale/ls1043ardb/ls1043ardb.c | 2 +- board/freescale/ls1046afrwy/ls1046afrwy.c| 2 +- board/freescale/ls1046aqds/ls1046aqds.c | 2 +- board/freescale/ls1046ardb/ls1046ardb.c | 2 +- configs/ls1012afrwy_qspi_SECURE_BOOT_defconfig | 2 +- configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig| 2 +- configs/ls1012aqds_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1012ardb_qspi_SECURE_BOOT_defconfig| 2 +- configs/ls1012ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1021aqds_nor_SECURE_BOOT_defconfig | 2 +- configs/ls1021atwr_nor_SECURE_BOOT_defconfig | 2 +- configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig | 2 +- configs/ls1028aqds_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1028ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1043aqds_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1043ardb_SECURE_BOOT_defconfig | 2 +- configs/ls1043ardb_nand_SECURE_BOOT_defconfig| 2 +- configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig | 2 +- configs/ls1043ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1046aqds_SECURE_BOOT_defconfig | 2 +- configs/ls1046aqds_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1046ardb_qspi_SECURE_BOOT_defconfig| 2 +- configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig | 2 +- configs/ls1046ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1088aqds_qspi_SECURE_BOOT_defconfig| 2 +- configs/ls1088ardb_qspi_SECURE_BOOT_defconfig| 2 +- configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig | 2 +- configs/ls1088ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls2080aqds_SECURE_BOOT_defconfig | 2 +- configs/ls2080ardb_SECURE_BOOT_defconfig | 2 +- configs/ls2088ardb_qspi_SECURE_BOOT_defconfig| 2 +- configs/ls2088ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/lx2160aqds_tfa_SECURE_BOOT_defconfig | 2 +- configs/lx2160ardb_tfa_SECURE_BOOT_defconfig | 2 +- include/configs/ls1021atwr.h | 4 ++-- include/configs/ls1028a_common.h | 2 +- include/configs/ls1043a_common.h | 8 include/configs/ls1046a_common.h | 4 ++-- include/configs/ls1088a_common.h | 4 ++-- include/configs/ls1088aqds.h | 6 +++--- include/configs/ls2080aqds.h | 4 ++-- 46 files changed, 57 insertions(+), 57 deletions(-) diff --git a/arch/arm/cpu/armv7/ls102xa/Kconfig b/arch/arm/cpu/armv7/ls102xa/Kconfig index 94fa68250d..b9511da3f3 100644 --- a/arch/arm/cpu/armv7/ls102xa/Kconfig +++ b/arch/arm/cpu/armv7/ls102xa/Kconfig @@ -50,8 +50,8 @@ config MAX_CPUS cores, count the reserved ports. This will allocate enough memory in spin table to properly handle all cores. -config SECURE_BOOT - bool"Secure Boot" +config NXP_ESBC + bool"NXP_ESBC" help Enable Freescale Secure Boot feature. Normally selected by defconfig. If unsure, do not change. diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig index 24c606a232..cca706089c 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig @@ -375,8 +375,8 @@ config EMC2305 Enable the EMC2305 fan controller for configuration of fan speed. -config SECURE_BOOT - bool "Secure Boot" +config NXP_ESBC + bool "NXP_ESBC" help Enable Freescale Secure Boot feature diff --git a/arch/arm/cpu/armv8/fsl-layerscape/spl.c b/arch/arm/cpu/armv8/fsl-layerscape/spl.c index 8f199b..3f6a5f6a42 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/spl.c +++ b/arch/arm/cpu/armv8/fsl-layerscape/spl.c @@ -34,7 +34,7 @@ u32 spl_boot_device(void) void spl_board_init(void) { -#if defined(CONFIG_SECURE_BOOT) && defined(CONFIG_FSL_LSCH2) +#if defined(CONFIG_NXP_ESBC) && defined(CONFIG_FSL_LSCH2) /* * In case of Secure Boot, the IBR configures the SMMU * to allow only Secure transactions. diff --git a/board/freescale/common/Kconfig b/board/freescale/common/Kconfig index 8b89c10aba..1b1fd69cb2 100644 --- a/board/freescale/common/Kconfig +++ b/board/freescale/common/Kconfig @@ -1,5 +1,5 @@ config CHAIN_OF_TRUST -
[U-Boot] [PATCH 2/2] freescale/powerpc: Rename the config CONFIG_SECURE_BOOT name.
Renames the CONFIG_SECURE_BOOT name to CONFIG_NXP_ESBC to avoid conflicts with UEFI secure boot. Signed-off-by: Udit Agarwal --- arch/powerpc/cpu/mpc85xx/Kconfig | 4 ++-- arch/powerpc/cpu/mpc85xx/cpu_init.c| 8 arch/powerpc/cpu/mpc85xx/start.S | 10 +- arch/powerpc/cpu/mpc8xxx/law.c | 4 ++-- arch/powerpc/include/asm/fsl_secure_boot.h | 4 ++-- board/freescale/common/p_corenet/tlb.c | 2 +- board/freescale/t104xrdb/tlb.c | 4 ++-- configs/B4860QDS_SECURE_BOOT_defconfig | 2 +- configs/BSC9132QDS_NAND_DDRCLK100_SECURE_defconfig | 2 +- configs/BSC9132QDS_NAND_DDRCLK133_SECURE_defconfig | 2 +- configs/BSC9132QDS_NOR_DDRCLK100_SECURE_defconfig | 2 +- configs/BSC9132QDS_NOR_DDRCLK133_SECURE_defconfig | 2 +- configs/BSC9132QDS_SDCARD_DDRCLK100_SECURE_defconfig | 2 +- configs/BSC9132QDS_SDCARD_DDRCLK133_SECURE_defconfig | 2 +- configs/BSC9132QDS_SPIFLASH_DDRCLK100_SECURE_defconfig | 2 +- configs/BSC9132QDS_SPIFLASH_DDRCLK133_SECURE_defconfig | 2 +- configs/C29XPCIE_NOR_SECBOOT_defconfig | 2 +- configs/C29XPCIE_SPIFLASH_SECBOOT_defconfig| 2 +- configs/P1010RDB-PA_36BIT_NAND_SECBOOT_defconfig | 2 +- configs/P1010RDB-PA_36BIT_NOR_SECBOOT_defconfig| 2 +- configs/P1010RDB-PA_36BIT_SPIFLASH_SECBOOT_defconfig | 2 +- configs/P1010RDB-PA_NAND_SECBOOT_defconfig | 2 +- configs/P1010RDB-PA_NOR_SECBOOT_defconfig | 2 +- configs/P1010RDB-PA_SPIFLASH_SECBOOT_defconfig | 2 +- configs/P1010RDB-PB_36BIT_NAND_SECBOOT_defconfig | 2 +- configs/P1010RDB-PB_36BIT_NOR_SECBOOT_defconfig| 2 +- configs/P1010RDB-PB_36BIT_SPIFLASH_SECBOOT_defconfig | 2 +- configs/P1010RDB-PB_NAND_SECBOOT_defconfig | 2 +- configs/P1010RDB-PB_NOR_SECBOOT_defconfig | 2 +- configs/P1010RDB-PB_SPIFLASH_SECBOOT_defconfig | 2 +- configs/P2041RDB_SECURE_BOOT_defconfig | 2 +- configs/P3041DS_NAND_SECURE_BOOT_defconfig | 2 +- configs/P3041DS_SECURE_BOOT_defconfig | 2 +- configs/P4080DS_SECURE_BOOT_defconfig | 2 +- configs/P5020DS_NAND_SECURE_BOOT_defconfig | 2 +- configs/P5020DS_SECURE_BOOT_defconfig | 2 +- configs/P5040DS_NAND_SECURE_BOOT_defconfig | 2 +- configs/P5040DS_SECURE_BOOT_defconfig | 2 +- configs/T1023RDB_SECURE_BOOT_defconfig | 2 +- configs/T1024QDS_DDR4_SECURE_BOOT_defconfig| 2 +- configs/T1024QDS_SECURE_BOOT_defconfig | 2 +- configs/T1024RDB_SECURE_BOOT_defconfig | 2 +- configs/T1040D4RDB_SECURE_BOOT_defconfig | 2 +- configs/T1040QDS_SECURE_BOOT_defconfig | 2 +- configs/T1040RDB_SECURE_BOOT_defconfig | 2 +- configs/T1042D4RDB_SECURE_BOOT_defconfig | 2 +- configs/T1042RDB_PI_NAND_SECURE_BOOT_defconfig | 2 +- configs/T1042RDB_SECURE_BOOT_defconfig | 2 +- configs/T2080QDS_SECURE_BOOT_defconfig | 2 +- configs/T2080RDB_SECURE_BOOT_defconfig | 2 +- configs/T4160QDS_SECURE_BOOT_defconfig | 2 +- configs/T4240QDS_SECURE_BOOT_defconfig | 2 +- doc/README.mpc85xx | 8 include/configs/P1010RDB.h | 4 ++-- include/configs/T104xRDB.h | 6 +++--- include/configs/corenet_ds.h | 2 +- 56 files changed, 73 insertions(+), 73 deletions(-) diff --git a/arch/powerpc/cpu/mpc85xx/Kconfig b/arch/powerpc/cpu/mpc85xx/Kconfig index 5c23efcf66..3a7dc96faf 100644 --- a/arch/powerpc/cpu/mpc85xx/Kconfig +++ b/arch/powerpc/cpu/mpc85xx/Kconfig @@ -1214,8 +1214,8 @@ config FSL_LAW help Use Freescale common code for Local Access Window -config SECURE_BOOT - bool"Secure Boot" +config NXP_ESBC + bool"NXP_ESBC" help Enable Freescale Secure Boot feature. Normally selected by defconfig. If unsure, do not change. diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init.c b/arch/powerpc/cpu/mpc85xx/cpu_init.c index cbcd62e19a..4e9823a117 100644 --- a/arch/powerpc/cpu/mpc85xx/cpu_init.c +++ b/arch/powerpc/cpu/mpc85xx/cpu_init.c @@ -37,7 +37,7 @@ #ifdef CONFIG_FSL_CAAM #include #endif -#if defined(CONFIG_SECURE_BOOT) && defined(CONFIG_FSL_CORENET) +#if defined(CONFIG_NXP_ESBC) && defined(CONFIG_FSL_CORENET) #include #include #endif @@ -439,7 +439,7 @@ ulong cpu_init_f(void) #ifdef CONFIG_SYS_DCSRBAR_PHYS ccsr_gur_t *gur = (void *)(CONFIG_SYS_MPC85xx_GUTS_ADDR); #endif -#if defined(CONFIG_SECURE_
[U-Boot] [PATCH 1/2] freescale/layerscape: Rename the config CONFIG_SECURE_BOOT name.
Renames CONFIG_SECURE_BOOT to CONFIG_NXP_ESBC to avoid conflict with UEFI secure boot. Signed-off-by: Udit Agarwal --- arch/arm/cpu/armv7/ls102xa/Kconfig | 4 ++-- arch/arm/cpu/armv8/fsl-layerscape/Kconfig| 4 ++-- arch/arm/cpu/armv8/fsl-layerscape/spl.c | 2 +- board/freescale/common/Kconfig | 2 +- board/freescale/common/Makefile | 2 +- board/freescale/ls1043ardb/ls1043ardb.c | 2 +- board/freescale/ls1046afrwy/ls1046afrwy.c| 2 +- board/freescale/ls1046aqds/ls1046aqds.c | 2 +- board/freescale/ls1046ardb/ls1046ardb.c | 2 +- configs/ls1012afrwy_qspi_SECURE_BOOT_defconfig | 2 +- configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig| 2 +- configs/ls1012aqds_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1012ardb_qspi_SECURE_BOOT_defconfig| 2 +- configs/ls1012ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1021aqds_nor_SECURE_BOOT_defconfig | 2 +- configs/ls1021atwr_nor_SECURE_BOOT_defconfig | 2 +- configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig | 2 +- configs/ls1028aqds_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1028ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1043aqds_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1043ardb_SECURE_BOOT_defconfig | 2 +- configs/ls1043ardb_nand_SECURE_BOOT_defconfig| 2 +- configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig | 2 +- configs/ls1043ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig| 2 +- configs/ls1046aqds_SECURE_BOOT_defconfig | 2 +- configs/ls1046aqds_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1046ardb_qspi_SECURE_BOOT_defconfig| 2 +- configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig | 2 +- configs/ls1046ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1088aqds_qspi_SECURE_BOOT_defconfig| 2 +- configs/ls1088ardb_qspi_SECURE_BOOT_defconfig| 2 +- configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig | 2 +- configs/ls1088ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls2080aqds_SECURE_BOOT_defconfig | 2 +- configs/ls2080ardb_SECURE_BOOT_defconfig | 2 +- configs/ls2088ardb_qspi_SECURE_BOOT_defconfig| 2 +- configs/ls2088ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/lx2160aqds_tfa_SECURE_BOOT_defconfig | 2 +- configs/lx2160ardb_tfa_SECURE_BOOT_defconfig | 2 +- include/configs/ls1021atwr.h | 4 ++-- include/configs/ls1028a_common.h | 2 +- include/configs/ls1043a_common.h | 8 include/configs/ls1046a_common.h | 4 ++-- include/configs/ls1088a_common.h | 4 ++-- include/configs/ls1088aqds.h | 6 +++--- include/configs/ls2080aqds.h | 4 ++-- 47 files changed, 58 insertions(+), 58 deletions(-) diff --git a/arch/arm/cpu/armv7/ls102xa/Kconfig b/arch/arm/cpu/armv7/ls102xa/Kconfig index 94fa68250d..b9511da3f3 100644 --- a/arch/arm/cpu/armv7/ls102xa/Kconfig +++ b/arch/arm/cpu/armv7/ls102xa/Kconfig @@ -50,8 +50,8 @@ config MAX_CPUS cores, count the reserved ports. This will allocate enough memory in spin table to properly handle all cores. -config SECURE_BOOT - bool"Secure Boot" +config NXP_ESBC + bool"NXP_ESBC" help Enable Freescale Secure Boot feature. Normally selected by defconfig. If unsure, do not change. diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig index f011a628f6..78d373f436 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig @@ -379,8 +379,8 @@ config EMC2305 Enable the EMC2305 fan controller for configuration of fan speed. -config SECURE_BOOT - bool "Secure Boot" +config NXP_ESBC + bool "NXP_ESBC" help Enable Freescale Secure Boot feature diff --git a/arch/arm/cpu/armv8/fsl-layerscape/spl.c b/arch/arm/cpu/armv8/fsl-layerscape/spl.c index 3e53084b21..10fc25cf28 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/spl.c +++ b/arch/arm/cpu/armv8/fsl-layerscape/spl.c @@ -33,7 +33,7 @@ u32 spl_boot_device(void) void spl_board_init(void) { -#if defined(CONFIG_SECURE_BOOT) && defined(CONFIG_FSL_LSCH2) +#if defined(CONFIG_NXP_ESBC) && defined(CONFIG_FSL_LSCH2) /* * In case of Secure Boot, the IBR configures the SMMU * to allow only Secure transactions. diff --git a/board/freescale/common/Kconfig b/board/freescale/common/Kconfig index 8b89c10aba..1b1fd69cb2 100644 --- a/board/freescale/common/Kconfig +++ b/board/freescale/common/Kconfig @@ -1,5 +1,5 @@ config CHAIN_O
[U-Boot] [PATCH 1/1] board/freescale/ls1028a: Secure boot: Adds sec_init call.
Adds sec_init call to initialise the job ring parameters for secure boot operations. Signed-off-by: Udit Agarwal --- board/freescale/ls1028a/ls1028a.c | 4 1 file changed, 4 insertions(+) diff --git a/board/freescale/ls1028a/ls1028a.c b/board/freescale/ls1028a/ls1028a.c index 6b126bcf44..a92b5b1079 100644 --- a/board/freescale/ls1028a/ls1028a.c +++ b/board/freescale/ls1028a/ls1028a.c @@ -64,6 +64,10 @@ int board_init(void) gd->env_addr = (ulong)_environment[0]; #endif +#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif + #ifdef CONFIG_FSL_LS_PPA ppa_init(); #endif -- 2.17.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v2 2/2] armv8: fsl-layerscape: Increase mmc read size for secure-boot headers
Maximum size of secure boot header to be read from MMC is 12KB which spans across 0x20 blocks. Hence increase the mmc read size for secure boot headers from MMC to 0x20 blocks. Signed-off-by: Udit Agarwal --- Changes in V2: Modifications in the subject line and commit message. include/configs/ls1088ardb.h | 18 +- include/configs/ls2080ardb.h | 8 include/configs/lx2160a_common.h | 8 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/include/configs/ls1088ardb.h b/include/configs/ls1088ardb.h index 322adb530a..7500c3d3c6 100644 --- a/include/configs/ls1088ardb.h +++ b/include/configs/ls1088ardb.h @@ -320,8 +320,8 @@ "mmcinfo;mmc read 0x8000 0x5000 0x800;" \ "mmc read 0x8010 0x7000 0x800;" \ "env exists secureboot && " \ - "mmc read 0x8070 0x3800 0x10 && " \ - "mmc read 0x8074 0x3A00 0x10 && " \ + "mmc read 0x8070 0x3800 0x20 && " \ + "mmc read 0x8074 0x3A00 0x20 && " \ "esbc_validate 0x8070 && " \ "esbc_validate 0x8074 ;"\ "fsl_mc start mc 0x8000 0x8010\0" @@ -342,8 +342,8 @@ "mcinitcmd=mmcinfo;mmc read 0x8000 0x5000 0x800;" \ "mmc read 0x8010 0x7000 0x800;" \ "env exists secureboot && " \ - "mmc read 0x8070 0x3800 0x10 && " \ - "mmc read 0x8074 0x3A00 0x10 && " \ + "mmc read 0x8070 0x3800 0x20 && " \ + "mmc read 0x8074 0x3A00 0x20 && " \ "esbc_validate 0x8070 && " \ "esbc_validate 0x8074 ;"\ "fsl_mc start mc 0x8000 0x8010\0" \ @@ -377,7 +377,7 @@ "load_addr=0xa000\0"\ "kernel_size=0x280\0" \ "kernel_size_sd=0x14000\0" \ - "kernelhdr_size_sd=0x10\0" \ + "kernelhdr_size_sd=0x20\0" \ QSPI_MC_INIT_CMD\ "mcmemsize=0x7000\0"\ BOOTENV \ @@ -446,7 +446,7 @@ "load_addr=0xa000\0"\ "kernel_size=0x280\0" \ "kernel_size_sd=0x14000\0" \ - "kernelhdr_size_sd=0x10\0" \ + "kernelhdr_size_sd=0x20\0" \ MC_INIT_CMD \ BOOTENV \ "boot_scripts=ls1088ardb_boot.scr\0"\ @@ -493,7 +493,7 @@ #undef CONFIG_BOOTCOMMAND #ifdef CONFIG_TFABOOT #define QSPI_NOR_BOOTCOMMAND \ - "sf read 0x80001000 0xd0 0x10;" \ + "sf read 0x80001000 0xd0 0x10;" \ "env exists mcinitcmd && env exists secureboot "\ " && sf read 0x8078 0x78 0x10 " \ "&& esbc_validate 0x8078;env exists mcinitcmd " \ @@ -504,7 +504,7 @@ "env exists mcinitcmd && mmcinfo; " \ "mmc read 0x80001000 0x6800 0x800; "\ "env exists mcinitcmd && env exists secureboot "\ - " && mmc read 0x8078 0x3C00 0x10 " \ + " && mmc read 0x8078 0x3C00 0x20 " \ "&& esbc_validate 0x8078;env exists mcinitcmd " \ "&& fsl_mc lazyapply dpl 0x80001000;" \ "run distro_bootcmd;run sd_bootcmd;"\ @@ -527,7 +527,7 @@ "env exists mcinitcmd && mmcinfo; " \ "mmc read 0x80001000 0x6800 0x800; "\ "env exists mcinitcmd && env exists secureboot "\ - " && mmc read 0x8078 0x3C00 0x10 " \ + " && mmc read 0x8078 0x3C00 0x20 " \ "&& esbc_validate 0x8078;env exists mcinitcmd " \ "&& fsl_mc
[U-Boot] [PATCH v2 1/2] configs: fsl-layerscape: secure_boot: Enable setexpr command.
setexpr command is used while running secure boot (chain of trust with confidentiality) feature. So, Enable CONFIG_CMD_SETEXPR to enable setexpr command. Signed-off-by: Udit Agarwal --- Changes in V2: Corrects commit message. configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1012aqds_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1012ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1028aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1028ardb_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1043aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1043ardb_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1046aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1046ardb_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1088ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls2088ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/lx2160aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/lx2160ardb_tfa_SECURE_BOOT_defconfig | 1 + 14 files changed, 14 insertions(+), 4 deletions(-) diff --git a/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig b/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig index 02f5dedfa2..bf68873466 100644 --- a/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig @@ -50,4 +50,5 @@ CONFIG_DM_USB=y CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_RSA=y +CONFIG_CMD_SETEXPR=y CONFIG_RSA_SOFTWARE_EXP=y diff --git a/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig b/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig index 9a6139e58c..80fb0c473c 100644 --- a/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig @@ -30,7 +30,7 @@ CONFIG_CMD_SF=y CONFIG_CMD_SPI=y CONFIG_DEFAULT_SPI_BUS=1 CONFIG_CMD_USB=y -# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_SETEXPR=y CONFIG_CMD_CACHE=y CONFIG_CMD_DATE=y CONFIG_OF_CONTROL=y diff --git a/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig index 5e524e74c1..f8b7585802 100644 --- a/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig @@ -27,7 +27,7 @@ CONFIG_CMD_MMC=y CONFIG_CMD_PCI=y CONFIG_CMD_SF=y CONFIG_CMD_USB=y -# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_SETEXPR=y CONFIG_CMD_CACHE=y CONFIG_OF_CONTROL=y CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1012a-rdb" diff --git a/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig b/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig index 7cd2f59d7b..b1d2c6bb3e 100644 --- a/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig @@ -59,4 +59,5 @@ CONFIG_USB_XHCI_DWC3=y CONFIG_WDT=y CONFIG_WDT_SP805=y CONFIG_RSA=y +CONFIG_CMD_SETEXPR=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y diff --git a/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig index 3432f90087..3cd6cb56bf 100644 --- a/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig @@ -59,4 +59,5 @@ CONFIG_USB_XHCI_DWC3=y CONFIG_WDT=y CONFIG_WDT_SP805=y CONFIG_RSA=y +CONFIG_CMD_SETEXPR=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y diff --git a/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig b/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig index 8964042fcc..919d8b0e0f 100644 --- a/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig @@ -58,4 +58,5 @@ CONFIG_USB_XHCI_DWC3=y CONFIG_RSA=y CONFIG_SPL_RSA=y CONFIG_RSA_SOFTWARE_EXP=y +CONFIG_CMD_SETEXPR=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y diff --git a/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig index a481cb104d..637febf9a5 100644 --- a/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig @@ -52,3 +52,4 @@ CONFIG_RSA=y CONFIG_SPL_RSA=y CONFIG_RSA_SOFTWARE_EXP=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_CMD_SETEXPR=y diff --git a/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig index e5522d8629..116c9a26c7 100644 --- a/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig @@ -53,3 +53,4 @@ CONFIG_DM_USB=y CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_RSA=y +CONFIG_CMD_SETEXPR=y diff --git a/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig b/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig index 715d07934c..69e39e7207 100644 --- a/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig @@ -59,3 +59,4 @@ CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_RSA=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_CMD_SETEXPR=y diff --git a/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig index 3244d5659a..8cd246a63e 100644 --- a/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig @@ -52,3 +52,4 @@ CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CO
[U-Boot] [PATCH 1/1] board/freescale/common: secure_boot: Set bootdelay to -2.
Uboot prompt must not be available while running secure boot. TO ensure this bootdelay must be set to -2. Signed-off-by: Udit Agarwal --- board/freescale/common/fsl_chain_of_trust.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/board/freescale/common/fsl_chain_of_trust.c b/board/freescale/common/fsl_chain_of_trust.c index 97376c4165..dddfd26a13 100644 --- a/board/freescale/common/fsl_chain_of_trust.c +++ b/board/freescale/common/fsl_chain_of_trust.c @@ -79,7 +79,7 @@ int fsl_setenv_chain_of_trust(void) * bootdelay = 0 (To disable Boot Prompt) * bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script) */ - env_set("bootdelay", "0"); + env_set("bootdelay", "-2"); #ifdef CONFIG_ARM env_set("secureboot", "y"); -- 2.17.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 2/2] include/configs: Secure boot: Increases mmc read size for headers.
Maximum size of secure boot header to be read from MMC is 12KB which spans across 0x20 blocks. Hence increases the mmc read size for secure boot headers from MMC to 0x20 blocks. Signed-off-by: Udit Agarwal --- include/configs/ls1088ardb.h | 18 +- include/configs/ls2080ardb.h | 8 include/configs/lx2160a_common.h | 8 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/include/configs/ls1088ardb.h b/include/configs/ls1088ardb.h index 322adb530a..7500c3d3c6 100644 --- a/include/configs/ls1088ardb.h +++ b/include/configs/ls1088ardb.h @@ -320,8 +320,8 @@ "mmcinfo;mmc read 0x8000 0x5000 0x800;" \ "mmc read 0x8010 0x7000 0x800;" \ "env exists secureboot && " \ - "mmc read 0x8070 0x3800 0x10 && " \ - "mmc read 0x8074 0x3A00 0x10 && " \ + "mmc read 0x8070 0x3800 0x20 && " \ + "mmc read 0x8074 0x3A00 0x20 && " \ "esbc_validate 0x8070 && " \ "esbc_validate 0x8074 ;"\ "fsl_mc start mc 0x8000 0x8010\0" @@ -342,8 +342,8 @@ "mcinitcmd=mmcinfo;mmc read 0x8000 0x5000 0x800;" \ "mmc read 0x8010 0x7000 0x800;" \ "env exists secureboot && " \ - "mmc read 0x8070 0x3800 0x10 && " \ - "mmc read 0x8074 0x3A00 0x10 && " \ + "mmc read 0x8070 0x3800 0x20 && " \ + "mmc read 0x8074 0x3A00 0x20 && " \ "esbc_validate 0x8070 && " \ "esbc_validate 0x8074 ;"\ "fsl_mc start mc 0x8000 0x8010\0" \ @@ -377,7 +377,7 @@ "load_addr=0xa000\0"\ "kernel_size=0x280\0" \ "kernel_size_sd=0x14000\0" \ - "kernelhdr_size_sd=0x10\0" \ + "kernelhdr_size_sd=0x20\0" \ QSPI_MC_INIT_CMD\ "mcmemsize=0x7000\0"\ BOOTENV \ @@ -446,7 +446,7 @@ "load_addr=0xa000\0"\ "kernel_size=0x280\0" \ "kernel_size_sd=0x14000\0" \ - "kernelhdr_size_sd=0x10\0" \ + "kernelhdr_size_sd=0x20\0" \ MC_INIT_CMD \ BOOTENV \ "boot_scripts=ls1088ardb_boot.scr\0"\ @@ -493,7 +493,7 @@ #undef CONFIG_BOOTCOMMAND #ifdef CONFIG_TFABOOT #define QSPI_NOR_BOOTCOMMAND \ - "sf read 0x80001000 0xd0 0x10;" \ + "sf read 0x80001000 0xd0 0x10;" \ "env exists mcinitcmd && env exists secureboot "\ " && sf read 0x8078 0x78 0x10 " \ "&& esbc_validate 0x8078;env exists mcinitcmd " \ @@ -504,7 +504,7 @@ "env exists mcinitcmd && mmcinfo; " \ "mmc read 0x80001000 0x6800 0x800; "\ "env exists mcinitcmd && env exists secureboot "\ - " && mmc read 0x8078 0x3C00 0x10 " \ + " && mmc read 0x8078 0x3C00 0x20 " \ "&& esbc_validate 0x8078;env exists mcinitcmd " \ "&& fsl_mc lazyapply dpl 0x80001000;" \ "run distro_bootcmd;run sd_bootcmd;"\ @@ -527,7 +527,7 @@ "env exists mcinitcmd && mmcinfo; " \ "mmc read 0x80001000 0x6800 0x800; "\ "env exists mcinitcmd && env exists secureboot "\ - " && mmc read 0x8078 0x3C00 0x10 " \ + " && mmc read 0x8078 0x3C00 0x20 " \ "&& esbc_validate 0x8078;env exists mcinitcmd " \ "&& fsl_mc lazyapply dpl 0x80001000;" \ "run distro_boot
[U-Boot] [PATCH 1/2] configs: secure_boot: Add config to enable SETEXPR command.
SETEXPR command is used while running secure boot (chain of trust with confidentiality) feature. To use the setexpr command from uboot comsole CONFIG_CMD_SETEXPR config needs to be enabled in defconfig. Signed-off-by: Udit Agarwal --- configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1012aqds_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1012ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls1028aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1028ardb_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1043aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1043ardb_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1046aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1046ardb_tfa_SECURE_BOOT_defconfig | 1 + configs/ls1088ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/ls2088ardb_tfa_SECURE_BOOT_defconfig | 2 +- configs/lx2160aqds_tfa_SECURE_BOOT_defconfig | 1 + configs/lx2160ardb_tfa_SECURE_BOOT_defconfig | 1 + 14 files changed, 14 insertions(+), 4 deletions(-) diff --git a/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig b/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig index 02f5dedfa2..bf68873466 100644 --- a/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig @@ -50,4 +50,5 @@ CONFIG_DM_USB=y CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_RSA=y +CONFIG_CMD_SETEXPR=y CONFIG_RSA_SOFTWARE_EXP=y diff --git a/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig b/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig index 9a6139e58c..80fb0c473c 100644 --- a/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig @@ -30,7 +30,7 @@ CONFIG_CMD_SF=y CONFIG_CMD_SPI=y CONFIG_DEFAULT_SPI_BUS=1 CONFIG_CMD_USB=y -# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_SETEXPR=y CONFIG_CMD_CACHE=y CONFIG_CMD_DATE=y CONFIG_OF_CONTROL=y diff --git a/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig index 5e524e74c1..f8b7585802 100644 --- a/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig @@ -27,7 +27,7 @@ CONFIG_CMD_MMC=y CONFIG_CMD_PCI=y CONFIG_CMD_SF=y CONFIG_CMD_USB=y -# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_SETEXPR=y CONFIG_CMD_CACHE=y CONFIG_OF_CONTROL=y CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1012a-rdb" diff --git a/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig b/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig index 7cd2f59d7b..b1d2c6bb3e 100644 --- a/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig @@ -59,4 +59,5 @@ CONFIG_USB_XHCI_DWC3=y CONFIG_WDT=y CONFIG_WDT_SP805=y CONFIG_RSA=y +CONFIG_CMD_SETEXPR=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y diff --git a/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig index 3432f90087..3cd6cb56bf 100644 --- a/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig @@ -59,4 +59,5 @@ CONFIG_USB_XHCI_DWC3=y CONFIG_WDT=y CONFIG_WDT_SP805=y CONFIG_RSA=y +CONFIG_CMD_SETEXPR=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y diff --git a/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig b/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig index 8964042fcc..919d8b0e0f 100644 --- a/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig @@ -58,4 +58,5 @@ CONFIG_USB_XHCI_DWC3=y CONFIG_RSA=y CONFIG_SPL_RSA=y CONFIG_RSA_SOFTWARE_EXP=y +CONFIG_CMD_SETEXPR=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y diff --git a/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig index a481cb104d..637febf9a5 100644 --- a/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig @@ -52,3 +52,4 @@ CONFIG_RSA=y CONFIG_SPL_RSA=y CONFIG_RSA_SOFTWARE_EXP=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_CMD_SETEXPR=y diff --git a/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig index e5522d8629..116c9a26c7 100644 --- a/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig @@ -53,3 +53,4 @@ CONFIG_DM_USB=y CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_RSA=y +CONFIG_CMD_SETEXPR=y diff --git a/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig b/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig index 715d07934c..69e39e7207 100644 --- a/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig @@ -59,3 +59,4 @@ CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_RSA=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_CMD_SETEXPR=y diff --git a/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig b/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig index 3244d5659a..8cd246a63e 100644 --- a/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig +++ b/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig @@ -52,3 +52,4 @@ CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CO
[U-Boot] [PATCH v2] configs: ls1046afrwy: Add tfa secure boot defonfig.
Add TFA secure boot defconfig and Enables secure boot related configs in it. Signed-off-by: Udit Agarwal --- Changes in V2: Change in commit message. configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig | 61 +++ 1 file changed, 61 insertions(+) create mode 100644 configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig diff --git a/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig new file mode 100644 index 00..6cb192b003 --- /dev/null +++ b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig @@ -0,0 +1,61 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS1046AFRWY=y +CONFIG_SYS_TEXT_BASE=0x8200 +CONFIG_SECURE_BOOT=y +CONFIG_SEC_FIRMWARE_ARMV8_PSCI=y +CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT=y +CONFIG_QSPI_AHB_INIT=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1046a-frwy" +CONFIG_DISTRO_DEFAULTS=y +CONFIG_NR_DRAM_BANKS=2 +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_TFABOOT=y +CONFIG_BOOTDELAY=10 +CONFIG_USE_BOOTARGS=y +CONFIG_BOOTARGS="console=ttyS0,115200 root=/dev/ram0 earlycon=uart8250,mmio,0x21c0500 mtdparts=155.quadspi:1m(rcw),15m(u-boot),48m(kernel.itb);7e80.flash:16m(nand_uboot),48m(nand_kernel),448m(nand_free)" +CONFIG_MISC_INIT_R=y +# CONFIG_SPI_FLASH_USE_4K_SECTORS is not set +CONFIG_CMD_GPT=y +CONFIG_CMD_I2C=y +CONFIG_CMD_MMC=y +CONFIG_CMD_NAND=y +CONFIG_CMD_PCI=y +CONFIG_CMD_SF=y +CONFIG_CMD_USB=y +CONFIG_CMD_CACHE=y +CONFIG_MP=y +CONFIG_MTDPARTS_DEFAULT="mtdparts=155.quadspi:1m(rcw),15m(u-boot),48m(kernel.itb);7e80.flash:16m(nand_uboot),48m(nand_kernel),448m(nand_free)" +CONFIG_OF_CONTROL=y +CONFIG_DM=y +CONFIG_FSL_CAAM=y +CONFIG_FSL_ESDHC=y +CONFIG_SPI_FLASH=y +CONFIG_SPI_FLASH_STMICRO=y +CONFIG_PHYLIB=y +CONFIG_NETDEVICES=y +CONFIG_PHY_GIGE=y +CONFIG_PHY_VITESSE=y +CONFIG_E1000=y +CONFIG_PCI=y +CONFIG_DM_PCI=y +CONFIG_DM_PCI_COMPAT=y +CONFIG_PCIE_LAYERSCAPE=y +CONFIG_SYS_NS16550=y +CONFIG_SPI=y +CONFIG_DM_SPI=y +CONFIG_ENV_IS_NOWHERE=y +CONFIG_USB=y +CONFIG_FSL_QSPI=y +CONFIG_DM_USB=y +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_XHCI_DWC3=y +CONFIG_USB_STORAGE=y +CONFIG_RSA=y +CONFIG_DM_MMC=y +CONFIG_DM_SCSI=y +CONFIG_SATA_CEVA=y +CONFIG_SCSI_AHCI=y +CONFIG_SCSI=y +CONFIG_AHCI=y +CONFIG_CMD_SETEXPR=y -- 2.17.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 1/1] configs:ls1046afrwy: Add tfa secure boot defonfig.
Add TFA secure boot defconfig and Enables secure boot related configs in it. Signed-off-by: Udit Agarwal --- configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig | 61 +++ 1 file changed, 61 insertions(+) create mode 100644 configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig diff --git a/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig new file mode 100644 index 00..6cb192b003 --- /dev/null +++ b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig @@ -0,0 +1,61 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS1046AFRWY=y +CONFIG_SYS_TEXT_BASE=0x8200 +CONFIG_SECURE_BOOT=y +CONFIG_SEC_FIRMWARE_ARMV8_PSCI=y +CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT=y +CONFIG_QSPI_AHB_INIT=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1046a-frwy" +CONFIG_DISTRO_DEFAULTS=y +CONFIG_NR_DRAM_BANKS=2 +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_TFABOOT=y +CONFIG_BOOTDELAY=10 +CONFIG_USE_BOOTARGS=y +CONFIG_BOOTARGS="console=ttyS0,115200 root=/dev/ram0 earlycon=uart8250,mmio,0x21c0500 mtdparts=155.quadspi:1m(rcw),15m(u-boot),48m(kernel.itb);7e80.flash:16m(nand_uboot),48m(nand_kernel),448m(nand_free)" +CONFIG_MISC_INIT_R=y +# CONFIG_SPI_FLASH_USE_4K_SECTORS is not set +CONFIG_CMD_GPT=y +CONFIG_CMD_I2C=y +CONFIG_CMD_MMC=y +CONFIG_CMD_NAND=y +CONFIG_CMD_PCI=y +CONFIG_CMD_SF=y +CONFIG_CMD_USB=y +CONFIG_CMD_CACHE=y +CONFIG_MP=y +CONFIG_MTDPARTS_DEFAULT="mtdparts=155.quadspi:1m(rcw),15m(u-boot),48m(kernel.itb);7e80.flash:16m(nand_uboot),48m(nand_kernel),448m(nand_free)" +CONFIG_OF_CONTROL=y +CONFIG_DM=y +CONFIG_FSL_CAAM=y +CONFIG_FSL_ESDHC=y +CONFIG_SPI_FLASH=y +CONFIG_SPI_FLASH_STMICRO=y +CONFIG_PHYLIB=y +CONFIG_NETDEVICES=y +CONFIG_PHY_GIGE=y +CONFIG_PHY_VITESSE=y +CONFIG_E1000=y +CONFIG_PCI=y +CONFIG_DM_PCI=y +CONFIG_DM_PCI_COMPAT=y +CONFIG_PCIE_LAYERSCAPE=y +CONFIG_SYS_NS16550=y +CONFIG_SPI=y +CONFIG_DM_SPI=y +CONFIG_ENV_IS_NOWHERE=y +CONFIG_USB=y +CONFIG_FSL_QSPI=y +CONFIG_DM_USB=y +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_XHCI_DWC3=y +CONFIG_USB_STORAGE=y +CONFIG_RSA=y +CONFIG_DM_MMC=y +CONFIG_DM_SCSI=y +CONFIG_SATA_CEVA=y +CONFIG_SCSI_AHCI=y +CONFIG_SCSI=y +CONFIG_AHCI=y +CONFIG_CMD_SETEXPR=y -- 2.17.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [Patch v3] armv8: fsl-layerscape: Set env_loc to ENVL_NOWHERE with CONFIG_ENV_IS_NOWHERE.
ENVL_NOWHERE is dependent on CONFIG_ENV_IS_NOWHERE and not on CONFIG_CHAIN_OF_TRUST so return ENVL_NOWHERE when CONFIG_ENV_IS_NOWHERE is enabled Signed-off-by: Udit Agarwal --- Changes in V3: Correct checkpatch warnings. arch/arm/cpu/armv8/fsl-layerscape/cpu.c | 11 ++- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/arch/arm/cpu/armv8/fsl-layerscape/cpu.c b/arch/arm/cpu/armv8/fsl-layerscape/cpu.c index 54ea6b3de0..d26305ce2f 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/cpu.c +++ b/arch/arm/cpu/armv8/fsl-layerscape/cpu.c @@ -799,12 +799,8 @@ enum env_location env_get_location(enum env_operation op, int prio) if (prio) return ENVL_UNKNOWN; -#ifdef CONFIG_CHAIN_OF_TRUST - /* Check Boot Mode -* If Boot Mode is Secure, return ENVL_NOWHERE -*/ - if (fsl_check_boot_mode_secure() == 1) - goto done; +#ifdef CONFIG_ENV_IS_NOWHERE + return env_loc; #endif switch (src) { @@ -834,9 +830,6 @@ enum env_location env_get_location(enum env_operation op, int prio) break; } -#ifdef CONFIG_CHAIN_OF_TRUST -done: -#endif return env_loc; } #endif /* CONFIG_TFABOOT */ -- 2.17.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [Patch v2] armv8: Secure Boot: Modify boot_a_script definition
From: Vinitha V Pillai boot_script_hdr does not exist, it should not continue to boot. So adding separate validation after loading boot_script. The secure boot validation of the bootscript header will fail and halts the further execution of commands which prevent source command from execution. Signed-off-by: Vinitha V Pillai Signed-off-by: Udit Agarwal --- Changes in V2: Corrects commit message to add more clarity. include/configs/ls1012afrwy.h| 3 ++- include/configs/ls1012ardb.h | 3 ++- include/configs/ls1021atwr.h | 3 ++- include/configs/ls1043a_common.h | 3 ++- include/configs/ls1046a_common.h | 5 +++-- include/configs/ls1088ardb.h | 3 ++- include/configs/ls2080ardb.h | 3 ++- 7 files changed, 15 insertions(+), 8 deletions(-) diff --git a/include/configs/ls1012afrwy.h b/include/configs/ls1012afrwy.h index ebb1df41c7..12e6437a05 100644 --- a/include/configs/ls1012afrwy.h +++ b/include/configs/ls1012afrwy.h @@ -98,7 +98,8 @@ "${scriptaddr} ${prefix}${script}; "\ "env exists secureboot && load ${devtype} " \ "${devnum}:${distro_bootpart} " \ - "${scripthdraddr} ${prefix}${boot_script_hdr} " \ + "${scripthdraddr} ${prefix}${boot_script_hdr}; " \ + "env exists secureboot "\ "&& esbc_validate ${scripthdraddr};"\ "source ${scriptaddr}\0" \ "installer=load mmc 0:2 $load_addr "\ diff --git a/include/configs/ls1012ardb.h b/include/configs/ls1012ardb.h index f149a604cf..f6640fa499 100644 --- a/include/configs/ls1012ardb.h +++ b/include/configs/ls1012ardb.h @@ -98,7 +98,8 @@ "${scriptaddr} ${prefix}${script}; "\ "env exists secureboot && load ${devtype} " \ "${devnum}:${distro_bootpart} " \ - "${scripthdraddr} ${prefix}${boot_script_hdr} " \ + "${scripthdraddr} ${prefix}${boot_script_hdr}; " \ + "env exists secureboot "\ "&& esbc_validate ${scripthdraddr};"\ "source ${scriptaddr}\0" \ "installer=load mmc 0:2 $load_addr "\ diff --git a/include/configs/ls1021atwr.h b/include/configs/ls1021atwr.h index da55bf2f43..2616f4aa5c 100644 --- a/include/configs/ls1021atwr.h +++ b/include/configs/ls1021atwr.h @@ -364,7 +364,8 @@ "${scriptaddr} ${prefix}${script}; "\ "env exists secureboot && load ${devtype} " \ "${devnum}:${distro_bootpart} " \ - "${scripthdraddr} ${prefix}${boot_script_hdr} " \ + "${scripthdraddr} ${prefix}${boot_script_hdr}; " \ + "env exists secureboot "\ "&& esbc_validate ${scripthdraddr};"\ "source ${scriptaddr}\0" \ "installer=load mmc 0:2 $load_addr "\ diff --git a/include/configs/ls1043a_common.h b/include/configs/ls1043a_common.h index 2e9d476483..8618a5f182 100644 --- a/include/configs/ls1043a_common.h +++ b/include/configs/ls1043a_common.h @@ -275,7 +275,8 @@ "${scriptaddr} ${prefix}${script}; "\ "env exists secureboot && load ${devtype} " \ "${devnum}:${distro_bootpart} " \ - "${scripthdraddr} ${prefix}${boot_script_hdr} " \ + "${scripthdraddr} ${prefix}${boot_script_hdr}; " \ + "env exists secureboot "\ "&& esbc_validate ${scripthdraddr};"\ "source ${scriptaddr}\0"\ "qspi_bootcmd=echo Trying load from qspi..;"\ diff --git a/include/configs/ls1046a_common.h b/include/configs/ls1046a_common.h index 24ff2d1547..e4e71b24d4 100644 --- a/include/configs/ls1046a_common.h +++ b/include/configs/ls1046a_common.h @@ -256,8 +256,9 @@ "${scriptaddr} ${prefix}${script}; "\ "env exists secureboot && load ${devtype} " \ "${devnum}:${distro_bootpart} " \ - "${scripthdraddr} ${prefix}${boot_script_hdr} " \ - "&& esbc_validate ${scripthdraddr};"\ + "${scripthdraddr}
Re: [U-Boot] [PATCH v2 1/1] Set environment location to ENVL_NOWHERE with CONFIG_ENV_IS_NOWHERE.
Hi, arch/arm/cpu/armv8/fsl-layerscape/cpu.c uses ENVL_NOWHERE to initialize the env_loc enum variable. Shall the ENVL_NOWHERE be replaced with ENV_NOWHERE in commit message. Regards Udit Agarwal > -Original Message- > From: Prabhakar Kushwaha > Sent: Friday, March 22, 2019 4:32 PM > To: Udit Agarwal ; u-boot@lists.denx.de > Cc: Ruchika Gupta ; Jaiprakash Singh > ; Arun Pathak > Subject: RE: [PATCH v2 1/1] Set environment location to ENVL_NOWHERE with > CONFIG_ENV_IS_NOWHERE. > > > > -Original Message- > > From: Udit Agarwal > > Sent: Thursday, March 7, 2019 2:55 PM > > To: u-boot@lists.denx.de > > Cc: Prabhakar Kushwaha ; Ruchika Gupta > > ; Jaiprakash Singh ; > > Arun Pathak ; Udit Agarwal > > Subject: [PATCH v2 1/1] Set environment location to ENVL_NOWHERE with > > CONFIG_ENV_IS_NOWHERE. > > > > ENVL_NOWHERE is dependent on CONFIG_ENV_IS_NOWHERE and not on > > CONFIG_CHAIN_OF_TRUST so return ENVL_NOWHERE when > > CONFIG_ENV_IS_NOWHERE is enabled > > > > Signed-off-by: Udit Agarwal > > --- > > S /ENVL /ENV > > --pk ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v2 1/1] Set environment location to ENVL_NOWHERE with CONFIG_ENV_IS_NOWHERE.
ENVL_NOWHERE is dependent on CONFIG_ENV_IS_NOWHERE and not on CONFIG_CHAIN_OF_TRUST so return ENVL_NOWHERE when CONFIG_ENV_IS_NOWHERE is enabled Signed-off-by: Udit Agarwal --- Changes in V2: Corrects commit message. Removes goto label. arch/arm/cpu/armv8/fsl-layerscape/cpu.c | 11 ++- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/arch/arm/cpu/armv8/fsl-layerscape/cpu.c b/arch/arm/cpu/armv8/fsl-layerscape/cpu.c index 34167cdd50..5b945f5959 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/cpu.c +++ b/arch/arm/cpu/armv8/fsl-layerscape/cpu.c @@ -795,12 +795,8 @@ enum env_location env_get_location(enum env_operation op, int prio) if (prio) return ENVL_UNKNOWN; -#ifdef CONFIG_CHAIN_OF_TRUST - /* Check Boot Mode -* If Boot Mode is Secure, return ENVL_NOWHERE -*/ - if (fsl_check_boot_mode_secure() == 1) - goto done; +#ifdef CONFIG_ENV_IS_NOWHERE + return env_loc; #endif switch (src) { @@ -830,9 +826,6 @@ enum env_location env_get_location(enum env_operation op, int prio) break; } -#ifdef CONFIG_CHAIN_OF_TRUST -done: -#endif return env_loc; } #endif /* CONFIG_TFABOOT */ -- 2.17.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 1/1] Set environment location to ENVL_NOWHERE with CONFIG_ENV_IS_NOWHERE.
Compiles code to set the environment location to ENVL_NOWHERE and return when CONFIG_ENV_IS_NOWHERE is set. Environment location is dependent on CONFIG_ENV_IS_NOWHERE config and not on CONFIG_CHAIN_OF_TRUST. Signed-off-by: Udit Agarwal --- arch/arm/cpu/armv8/fsl-layerscape/cpu.c | 8 ++-- 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/arch/arm/cpu/armv8/fsl-layerscape/cpu.c b/arch/arm/cpu/armv8/fsl-layerscape/cpu.c index 34167cdd50..0f2a42f119 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/cpu.c +++ b/arch/arm/cpu/armv8/fsl-layerscape/cpu.c @@ -795,11 +795,7 @@ enum env_location env_get_location(enum env_operation op, int prio) if (prio) return ENVL_UNKNOWN; -#ifdef CONFIG_CHAIN_OF_TRUST - /* Check Boot Mode -* If Boot Mode is Secure, return ENVL_NOWHERE -*/ - if (fsl_check_boot_mode_secure() == 1) +#ifdef CONFIG_ENV_IS_NOWHERE goto done; #endif @@ -830,7 +826,7 @@ enum env_location env_get_location(enum env_operation op, int prio) break; } -#ifdef CONFIG_CHAIN_OF_TRUST +#ifdef CONFIG_ENV_IS_NOWHERE done: #endif return env_loc; -- 2.17.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 1/1] LX2160AQDS: Adds SECURE_BOOT defconfig.
Configs added to enable secure boot on LX2160AQDS board. Signed-off-by: Udit Agarwal --- configs/lx2160aqds_tfa_SECURE_BOOT_defconfig | 90 1 file changed, 90 insertions(+) create mode 100644 configs/lx2160aqds_tfa_SECURE_BOOT_defconfig diff --git a/configs/lx2160aqds_tfa_SECURE_BOOT_defconfig b/configs/lx2160aqds_tfa_SECURE_BOOT_defconfig new file mode 100644 index 00..c53a7ac350 --- /dev/null +++ b/configs/lx2160aqds_tfa_SECURE_BOOT_defconfig @@ -0,0 +1,90 @@ +CONFIG_ARM=y +CONFIG_TARGET_LX2160AQDS=y +CONFIG_SYS_TEXT_BASE=0x8200 +CONFIG_SEC_FIRMWARE_ARMV8_PSCI=y +CONFIG_SECURE_BOOT=y +CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-lx2160a-qds" +CONFIG_NR_DRAM_BANKS=3 +CONFIG_DM=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_TFABOOT=y +CONFIG_USE_BOOTARGS=y +CONFIG_BOOTARGS="console=ttyAMA0,115200 root=/dev/ram0 earlycon=pl011,mmio32,0x21c ramdisk_size=0x200 default_hugepagesz=1024m hugepagesz=1024m hugepages=2 pci=pcie_bus_perf" +# CONFIG_USE_BOOTCOMMAND is not set +CONFIG_CMD_GREPENV=y +CONFIG_CMD_EEPROM=y +CONFIG_CMD_GPT=y +CONFIG_CMD_I2C=y +CONFIG_CMD_MMC=y +CONFIG_CMD_SF=y +CONFIG_CMD_USB=y +CONFIG_CMD_CACHE=y +CONFIG_MP=y +CONFIG_OF_CONTROL=y +CONFIG_ENV_IS_NOWHERE=y +CONFIG_ENV_IS_IN_SPI_FLASH=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM_SERIAL=y +CONFIG_SERIAL_PROBE_ALL=y +CONFIG_CONS_INDEX=0 +CONFIG_FSL_CAAM=y +CONFIG_FSL_ESDHC=y +CONFIG_SPI=y +CONFIG_DM_SPI=y +CONFIG_DM_SPI_FLASH=y +CONFIG_SPI_FLASH=y +CONFIG_SPI_FLASH_STMICRO=y +CONFIG_SPI_FLASH_MICRON=y +CONFIG_SPI_FLASH_USE_4K_SECTORS=n +CONFIG_SPI_FLASH_SPANSION=y +CONFIG_SPI_FLASH_SST=y +CONFIG_SPI_FLASH_EON=y +CONFIG_NXP_FSPI=y +CONFIG_FSL_DSPI=y +CONFIG_FSPI_AHB_EN_4BYTE=y +CONFIG_SYS_FSPI_AHB_INIT=y +CONFIG_PHYLIB=y +CONFIG_NETDEVICES=y +CONFIG_PHY_GIGE=y +CONFIG_CMD_NET=y +CONFIG_CMD_PING=y +CONFIG_CMD_PXE=y +CONFIG_CMD_MII=y +CONFIG_CMD_DHCP=y +CONFIG_CMD_FAT=y +CONFIG_CMD_EXT2=y +CONFIG_PCI=y +CONFIG_DM_PCI=y +CONFIG_DM_PCI_COMPAT=y +CONFIG_PCIE_LX=y +CONFIG_E1000=y +CONFIG_NET=y +CONFIG_DM_MMC=y +CONFIG_USB=y +CONFIG_DM_USB=y +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_XHCI_DWC3=y +CONFIG_USB_STORAGE=y +CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_SCSI_AHCI=y +CONFIG_SCSI=y +# CONFIG_SYS_FSL_DDR_PHY is not set +CONFIG_SYS_GEN2_DDR_PHY=y +CONFIG_SYS_MALLOC_F=y +CONFIG_SYS_MALLOC_F_LEN=0x6000 +CONFIG_PHYLIB_10G=y +CONFIG_PHY_AQUANTIA=y # X-M11-USXGMII +CONFIG_PHY_CORTINA=y # X-M7-40G +CONFIG_PHY_REALTEK=y # RGMII +CONFIG_PHY_INPHI=y # X-M8-100G +CONFIG_PHY_VITESSE=y # SGMII PEX RISER +CONFIG_HUSH_PARSER=y +CONFIG_DM_SCSI=y +CONFIG_SATA_CEVA=y +CONFIG_AHCI=y +CONFIG_RSA=y +CONFIG_SPL_RSA=y +CONFIG_RSA_SOFTWARE_EXP=y -- 2.17.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 1/1] LX2160AQDS: Adds SECURE_BOOT defconfig.
Configs added to enable secure boot on LX2160AQDS board. Signed-off-by: Udit Agarwal --- configs/lx2160aqds_tfa_SECURE_BOOT_defconfig | 90 1 file changed, 90 insertions(+) create mode 100644 configs/lx2160aqds_tfa_SECURE_BOOT_defconfig diff --git a/configs/lx2160aqds_tfa_SECURE_BOOT_defconfig b/configs/lx2160aqds_tfa_SECURE_BOOT_defconfig new file mode 100644 index 00..c53a7ac350 --- /dev/null +++ b/configs/lx2160aqds_tfa_SECURE_BOOT_defconfig @@ -0,0 +1,90 @@ +CONFIG_ARM=y +CONFIG_TARGET_LX2160AQDS=y +CONFIG_SYS_TEXT_BASE=0x8200 +CONFIG_SEC_FIRMWARE_ARMV8_PSCI=y +CONFIG_SECURE_BOOT=y +CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-lx2160a-qds" +CONFIG_NR_DRAM_BANKS=3 +CONFIG_DM=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_TFABOOT=y +CONFIG_USE_BOOTARGS=y +CONFIG_BOOTARGS="console=ttyAMA0,115200 root=/dev/ram0 earlycon=pl011,mmio32,0x21c ramdisk_size=0x200 default_hugepagesz=1024m hugepagesz=1024m hugepages=2 pci=pcie_bus_perf" +# CONFIG_USE_BOOTCOMMAND is not set +CONFIG_CMD_GREPENV=y +CONFIG_CMD_EEPROM=y +CONFIG_CMD_GPT=y +CONFIG_CMD_I2C=y +CONFIG_CMD_MMC=y +CONFIG_CMD_SF=y +CONFIG_CMD_USB=y +CONFIG_CMD_CACHE=y +CONFIG_MP=y +CONFIG_OF_CONTROL=y +CONFIG_ENV_IS_NOWHERE=y +CONFIG_ENV_IS_IN_SPI_FLASH=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM_SERIAL=y +CONFIG_SERIAL_PROBE_ALL=y +CONFIG_CONS_INDEX=0 +CONFIG_FSL_CAAM=y +CONFIG_FSL_ESDHC=y +CONFIG_SPI=y +CONFIG_DM_SPI=y +CONFIG_DM_SPI_FLASH=y +CONFIG_SPI_FLASH=y +CONFIG_SPI_FLASH_STMICRO=y +CONFIG_SPI_FLASH_MICRON=y +CONFIG_SPI_FLASH_USE_4K_SECTORS=n +CONFIG_SPI_FLASH_SPANSION=y +CONFIG_SPI_FLASH_SST=y +CONFIG_SPI_FLASH_EON=y +CONFIG_NXP_FSPI=y +CONFIG_FSL_DSPI=y +CONFIG_FSPI_AHB_EN_4BYTE=y +CONFIG_SYS_FSPI_AHB_INIT=y +CONFIG_PHYLIB=y +CONFIG_NETDEVICES=y +CONFIG_PHY_GIGE=y +CONFIG_CMD_NET=y +CONFIG_CMD_PING=y +CONFIG_CMD_PXE=y +CONFIG_CMD_MII=y +CONFIG_CMD_DHCP=y +CONFIG_CMD_FAT=y +CONFIG_CMD_EXT2=y +CONFIG_PCI=y +CONFIG_DM_PCI=y +CONFIG_DM_PCI_COMPAT=y +CONFIG_PCIE_LX=y +CONFIG_E1000=y +CONFIG_NET=y +CONFIG_DM_MMC=y +CONFIG_USB=y +CONFIG_DM_USB=y +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_XHCI_DWC3=y +CONFIG_USB_STORAGE=y +CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_SCSI_AHCI=y +CONFIG_SCSI=y +# CONFIG_SYS_FSL_DDR_PHY is not set +CONFIG_SYS_GEN2_DDR_PHY=y +CONFIG_SYS_MALLOC_F=y +CONFIG_SYS_MALLOC_F_LEN=0x6000 +CONFIG_PHYLIB_10G=y +CONFIG_PHY_AQUANTIA=y # X-M11-USXGMII +CONFIG_PHY_CORTINA=y # X-M7-40G +CONFIG_PHY_REALTEK=y # RGMII +CONFIG_PHY_INPHI=y # X-M8-100G +CONFIG_PHY_VITESSE=y # SGMII PEX RISER +CONFIG_HUSH_PARSER=y +CONFIG_DM_SCSI=y +CONFIG_SATA_CEVA=y +CONFIG_AHCI=y +CONFIG_RSA=y +CONFIG_SPL_RSA=y +CONFIG_RSA_SOFTWARE_EXP=y -- 2.17.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v2] armv8:LX2160: Adds distro secure boot support.
Adds esbc validate command for verification of MC and DPC firmware. Adds secure boot defconfig. Signed-off-by: Udit Agarwal --- Changes in v2: Correct flash offset for Kernel header for secure boot. configs/lx2160ardb_tfa_SECURE_BOOT_defconfig | 86 include/configs/lx2160a_common.h | 12 ++- 2 files changed, 97 insertions(+), 1 deletion(-) create mode 100644 configs/lx2160ardb_tfa_SECURE_BOOT_defconfig diff --git a/configs/lx2160ardb_tfa_SECURE_BOOT_defconfig b/configs/lx2160ardb_tfa_SECURE_BOOT_defconfig new file mode 100644 index 00..b7e3967ad9 --- /dev/null +++ b/configs/lx2160ardb_tfa_SECURE_BOOT_defconfig @@ -0,0 +1,86 @@ +CONFIG_ARM=y +CONFIG_TARGET_LX2160ARDB=y +CONFIG_SYS_TEXT_BASE=0x8200 +CONFIG_SEC_FIRMWARE_ARMV8_PSCI=y +CONFIG_SECURE_BOOT=y +CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-lx2160a-rdb" +CONFIG_NR_DRAM_BANKS=3 +CONFIG_DM=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_TFABOOT=y +CONFIG_USE_BOOTARGS=y +CONFIG_BOOTARGS="console=ttyAMA0,115200 root=/dev/ram0 earlycon=pl011,mmio32,0x21c ramdisk_size=0x200 default_hugepagesz=1024m hugepagesz=1024m hugepages=2 pci=pcie_bus_perf" +# CONFIG_USE_BOOTCOMMAND is not set +CONFIG_CMD_GREPENV=y +CONFIG_CMD_EEPROM=y +CONFIG_CMD_GPT=y +CONFIG_CMD_I2C=y +CONFIG_CMD_MMC=y +CONFIG_CMD_SF=y +CONFIG_CMD_USB=y +CONFIG_CMD_CACHE=y +CONFIG_MP=y +CONFIG_OF_CONTROL=y +CONFIG_ENV_IS_NOWHERE=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM_SERIAL=y +CONFIG_SERIAL_PROBE_ALL=y +CONFIG_CONS_INDEX=0 +CONFIG_FSL_CAAM=y +CONFIG_FSL_ESDHC=y +CONFIG_SPI=y +CONFIG_DM_SPI=y +CONFIG_DM_SPI_FLASH=y +CONFIG_SPI_FLASH=y +CONFIG_SPI_FLASH_STMICRO=y +CONFIG_SPI_FLASH_MICRON=y +CONFIG_SPI_FLASH_USE_4K_SECTORS=n +CONFIG_SPI_FLASH_SPANSION=y +CONFIG_NXP_FSPI=y +CONFIG_FSPI_AHB_EN_4BYTE=y +CONFIG_SYS_FSPI_AHB_INIT=y +CONFIG_PHYLIB=y +CONFIG_NETDEVICES=y +CONFIG_PHY_GIGE=y +CONFIG_CMD_NET=y +CONFIG_CMD_PING=y +CONFIG_CMD_PXE=y +CONFIG_CMD_MII=y +CONFIG_CMD_DHCP=y +CONFIG_CMD_FAT=y +CONFIG_CMD_EXT2=y +CONFIG_PCI=y +CONFIG_DM_PCI=y +CONFIG_DM_PCI_COMPAT=y +CONFIG_PCIE_LX=y +CONFIG_E1000=y +CONFIG_NET=y +CONFIG_DM_MMC=y +CONFIG_DM_MMC_OPS=n +CONFIG_BLK=n +CONFIG_USB=y +CONFIG_DM_USB=y +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_XHCI_DWC3=y +CONFIG_USB_STORAGE=y +CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_SCSI_AHCI=y +CONFIG_SCSI=y +# CONFIG_SYS_FSL_DDR_PHY is not set +CONFIG_SYS_GEN2_DDR_PHY=y +CONFIG_SYS_MALLOC_F=y +CONFIG_SYS_MALLOC_F_LEN=0x6000 +CONFIG_PHYLIB_10G=y +CONFIG_PHY_AQUANTIA=y +CONFIG_PHY_CORTINA=y +CONFIG_PHY_ATHEROS=y +CONFIG_PHY_INPHI=y +CONFIG_INPHI_25G=y +CONFIG_HUSH_PARSER=y +CONFIG_EMC2305=y +CONFIG_RSA=y +CONFIG_SPL_RSA=y +CONFIG_RSA_SOFTWARE_EXP=y diff --git a/include/configs/lx2160a_common.h b/include/configs/lx2160a_common.h index fa554bc2f5..3ff54a4dc9 100644 --- a/include/configs/lx2160a_common.h +++ b/include/configs/lx2160a_common.h @@ -198,11 +198,19 @@ unsigned long get_board_ddr_clk(void); /* Initial environment variables */ #define XSPI_MC_INIT_CMD \ + "env exists secureboot && " \ + "esbc_validate 0x2070 && " \ + "esbc_validate 0x2074 ;"\ "fsl_mc start mc 0x20a0 0x20e0\0" #define SD_MC_INIT_CMD \ "mmc read 0x8000 0x5000 0x800;" \ "mmc read 0x8010 0x7000 0x800;" \ + "env exists secureboot && " \ + "mmc read 0x8070 0x3800 0x10 && " \ + "mmc read 0x8074 0x3A00 0x10 && " \ + "esbc_validate 0x8070 && " \ + "esbc_validate 0x8074 ;"\ "fsl_mc start mc 0x8000 0x8010\0" #define EXTRA_ENV_SETTINGS \ @@ -213,7 +221,7 @@ unsigned long get_board_ddr_clk(void); "initrd_high=0x\0" \ "fdt_addr=0x64f0\0" \ "kernel_start=0x100\0" \ - "kernelheader_start=0x80\0" \ + "kernelheader_start=0x7C\0" \ "scriptaddr=0x8000\0" \ "scripthdraddr=0x8008\0"\ "fdtheader_addr_r=0x8010\0" \ @@ -224,7 +232,9 @@ unsigned long get_board_ddr_clk(void); "load_addr=0xa000\0"\ "kernel_size=0x280\0" \ "kernel_addr_sd=0x8000\0" \ + "kernelhdr_addr_sd=0x3E00\0"\ "kernel_size_sd=0x1d000\0" \ + "kernelhdr_size_sd=0x10\0" \ "console=ttyAMA0,38400n8\0" \ BOOTENV \ "mcmemsize=0x7000\0"\ -- 2.17.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 1/1] armv8:LX2160: Adds distro secure boot support.
Adds esbc validate command for verification of MC and DPC firmware. Adds secure boot defconfig. Signed-off-by: Udit Agarwal --- configs/lx2160ardb_tfa_SECURE_BOOT_defconfig | 86 include/configs/lx2160a_common.h | 10 +++ 2 files changed, 96 insertions(+) create mode 100644 configs/lx2160ardb_tfa_SECURE_BOOT_defconfig diff --git a/configs/lx2160ardb_tfa_SECURE_BOOT_defconfig b/configs/lx2160ardb_tfa_SECURE_BOOT_defconfig new file mode 100644 index 00..b7e3967ad9 --- /dev/null +++ b/configs/lx2160ardb_tfa_SECURE_BOOT_defconfig @@ -0,0 +1,86 @@ +CONFIG_ARM=y +CONFIG_TARGET_LX2160ARDB=y +CONFIG_SYS_TEXT_BASE=0x8200 +CONFIG_SEC_FIRMWARE_ARMV8_PSCI=y +CONFIG_SECURE_BOOT=y +CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-lx2160a-rdb" +CONFIG_NR_DRAM_BANKS=3 +CONFIG_DM=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_TFABOOT=y +CONFIG_USE_BOOTARGS=y +CONFIG_BOOTARGS="console=ttyAMA0,115200 root=/dev/ram0 earlycon=pl011,mmio32,0x21c ramdisk_size=0x200 default_hugepagesz=1024m hugepagesz=1024m hugepages=2 pci=pcie_bus_perf" +# CONFIG_USE_BOOTCOMMAND is not set +CONFIG_CMD_GREPENV=y +CONFIG_CMD_EEPROM=y +CONFIG_CMD_GPT=y +CONFIG_CMD_I2C=y +CONFIG_CMD_MMC=y +CONFIG_CMD_SF=y +CONFIG_CMD_USB=y +CONFIG_CMD_CACHE=y +CONFIG_MP=y +CONFIG_OF_CONTROL=y +CONFIG_ENV_IS_NOWHERE=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM_SERIAL=y +CONFIG_SERIAL_PROBE_ALL=y +CONFIG_CONS_INDEX=0 +CONFIG_FSL_CAAM=y +CONFIG_FSL_ESDHC=y +CONFIG_SPI=y +CONFIG_DM_SPI=y +CONFIG_DM_SPI_FLASH=y +CONFIG_SPI_FLASH=y +CONFIG_SPI_FLASH_STMICRO=y +CONFIG_SPI_FLASH_MICRON=y +CONFIG_SPI_FLASH_USE_4K_SECTORS=n +CONFIG_SPI_FLASH_SPANSION=y +CONFIG_NXP_FSPI=y +CONFIG_FSPI_AHB_EN_4BYTE=y +CONFIG_SYS_FSPI_AHB_INIT=y +CONFIG_PHYLIB=y +CONFIG_NETDEVICES=y +CONFIG_PHY_GIGE=y +CONFIG_CMD_NET=y +CONFIG_CMD_PING=y +CONFIG_CMD_PXE=y +CONFIG_CMD_MII=y +CONFIG_CMD_DHCP=y +CONFIG_CMD_FAT=y +CONFIG_CMD_EXT2=y +CONFIG_PCI=y +CONFIG_DM_PCI=y +CONFIG_DM_PCI_COMPAT=y +CONFIG_PCIE_LX=y +CONFIG_E1000=y +CONFIG_NET=y +CONFIG_DM_MMC=y +CONFIG_DM_MMC_OPS=n +CONFIG_BLK=n +CONFIG_USB=y +CONFIG_DM_USB=y +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_XHCI_DWC3=y +CONFIG_USB_STORAGE=y +CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_SCSI_AHCI=y +CONFIG_SCSI=y +# CONFIG_SYS_FSL_DDR_PHY is not set +CONFIG_SYS_GEN2_DDR_PHY=y +CONFIG_SYS_MALLOC_F=y +CONFIG_SYS_MALLOC_F_LEN=0x6000 +CONFIG_PHYLIB_10G=y +CONFIG_PHY_AQUANTIA=y +CONFIG_PHY_CORTINA=y +CONFIG_PHY_ATHEROS=y +CONFIG_PHY_INPHI=y +CONFIG_INPHI_25G=y +CONFIG_HUSH_PARSER=y +CONFIG_EMC2305=y +CONFIG_RSA=y +CONFIG_SPL_RSA=y +CONFIG_RSA_SOFTWARE_EXP=y diff --git a/include/configs/lx2160a_common.h b/include/configs/lx2160a_common.h index fa554bc2f5..dbeeae9a89 100644 --- a/include/configs/lx2160a_common.h +++ b/include/configs/lx2160a_common.h @@ -198,11 +198,19 @@ unsigned long get_board_ddr_clk(void); /* Initial environment variables */ #define XSPI_MC_INIT_CMD \ + "env exists secureboot && " \ + "esbc_validate 0x2070 && " \ + "esbc_validate 0x2074 ;"\ "fsl_mc start mc 0x20a0 0x20e0\0" #define SD_MC_INIT_CMD \ "mmc read 0x8000 0x5000 0x800;" \ "mmc read 0x8010 0x7000 0x800;" \ + "env exists secureboot && " \ + "mmc read 0x8070 0x3800 0x10 && " \ + "mmc read 0x8074 0x3A00 0x10 && " \ + "esbc_validate 0x8070 && " \ + "esbc_validate 0x8074 ;"\ "fsl_mc start mc 0x8000 0x8010\0" #define EXTRA_ENV_SETTINGS \ @@ -224,7 +232,9 @@ unsigned long get_board_ddr_clk(void); "load_addr=0xa000\0"\ "kernel_size=0x280\0" \ "kernel_addr_sd=0x8000\0" \ + "kernelhdr_addr_sd=0x4000\0"\ "kernel_size_sd=0x1d000\0" \ + "kernelhdr_size_sd=0x10\0" \ "console=ttyAMA0,38400n8\0" \ BOOTENV \ "mcmemsize=0x7000\0"\ -- 2.17.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] Default boot arguments in case of missing FDT
I found here <https://www.denx.de/wiki/DULG/UBootCmdGroupExec> that if, fdt pointer is missing, by default bd_info will be passed. Can/How can I override this, to pass my own default FDT? On Sun, Mar 4, 2018 at 12:57 PM, Udit agarwal <dev.mada...@gmail.com> wrote: > Hi all, > I need to implement a check on whether user provided a valid FDT or not(on > beagle bone Black). > So, > >- First, what is the default value(if any) of FDT pointer passed on >via uboot to kernel? >- Is there a option to set/customize the default FDT pointer value? > > Regard, > > Udit agarwal > ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] Default boot arguments in case of missing FDT
Hi all, I need to implement a check on whether user provided a valid FDT or not(on beagle bone Black). So, - First, what is the default value(if any) of FDT pointer passed on via uboot to kernel? - Is there a option to set/customize the default FDT pointer value? Regard, Udit agarwal ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [Patch v3] LS2080A_SECURE_BOOT: Enable CONFIG_FSL_LS_PPA.
Adds config CONFIG_FSL_LS_PPA and CONFIG_FSL_CAAM in LS2080AQDS and LS2080ARDB secure boot defconfig. Removes CONFIG_FIT, as with CONFIG_FSL_LS_PPA enabled, CONFIG_FIT is selected. Removes CONFIG_SPL_RSA as in NOR boot SPL boot is not done. Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> --- Changes in v3: Corrects commit message for the patch. configs/ls2080aqds_SECURE_BOOT_defconfig | 5 +++-- configs/ls2080ardb_SECURE_BOOT_defconfig | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/configs/ls2080aqds_SECURE_BOOT_defconfig b/configs/ls2080aqds_SECURE_BOOT_defconfig index ee6043e..17a077d 100644 --- a/configs/ls2080aqds_SECURE_BOOT_defconfig +++ b/configs/ls2080aqds_SECURE_BOOT_defconfig @@ -1,12 +1,13 @@ CONFIG_ARM=y CONFIG_TARGET_LS2080AQDS=y +CONFIG_FSL_LS_PPA=y CONFIG_SECURE_BOOT=y CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-qds" # CONFIG_SYS_MALLOC_F is not set -CONFIG_FIT=y CONFIG_FIT_VERBOSE=y CONFIG_OF_BOARD_SETUP=y CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_ENV_IS_IN_FLASH=y CONFIG_BOOTDELAY=10 CONFIG_USE_BOOTARGS=y CONFIG_BOOTARGS="console=ttyS0,115200 root=/dev/ram0 earlycon=uart8250,mmio,0x21c0500 ramdisk_size=0x200 default_hugepagesz=2m hugepagesz=2m hugepages=256" @@ -28,6 +29,7 @@ CONFIG_CMD_DATE=y CONFIG_OF_CONTROL=y CONFIG_NET_RANDOM_ETHADDR=y CONFIG_DM=y +CONFIG_FSL_CAAM=y CONFIG_MTD_NOR_FLASH=y CONFIG_DM_SPI_FLASH=y CONFIG_PHYLIB=y @@ -47,6 +49,5 @@ CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_USB_STORAGE=y CONFIG_RSA=y -CONFIG_SPL_RSA=y CONFIG_RSA_SOFTWARE_EXP=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y diff --git a/configs/ls2080ardb_SECURE_BOOT_defconfig b/configs/ls2080ardb_SECURE_BOOT_defconfig index 01fc9e6..37137f4 100644 --- a/configs/ls2080ardb_SECURE_BOOT_defconfig +++ b/configs/ls2080ardb_SECURE_BOOT_defconfig @@ -1,12 +1,13 @@ CONFIG_ARM=y CONFIG_TARGET_LS2080ARDB=y +CONFIG_FSL_LS_PPA=y CONFIG_SECURE_BOOT=y CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-rdb" # CONFIG_SYS_MALLOC_F is not set -CONFIG_FIT=y CONFIG_FIT_VERBOSE=y CONFIG_OF_BOARD_SETUP=y CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_ENV_IS_IN_FLASH=y CONFIG_BOOTDELAY=10 CONFIG_USE_BOOTARGS=y CONFIG_BOOTARGS="console=ttyS1,115200 root=/dev/ram0 earlycon=uart8250,mmio,0x21c0600 ramdisk_size=0x200 default_hugepagesz=2m hugepagesz=2m hugepages=256" @@ -27,6 +28,7 @@ CONFIG_CMD_DATE=y CONFIG_OF_CONTROL=y CONFIG_NET_RANDOM_ETHADDR=y CONFIG_DM=y +CONFIG_FSL_CAAM=y CONFIG_MTD_NOR_FLASH=y CONFIG_DM_SPI_FLASH=y CONFIG_PHYLIB=y @@ -46,6 +48,5 @@ CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_USB_STORAGE=y CONFIG_RSA=y -CONFIG_SPL_RSA=y CONFIG_RSA_SOFTWARE_EXP=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y -- 1.9.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v4 2/2] LS1088A_QSPI: Add secure boot defconfigs for QSPI boot.
Add the secure boot defconfigs for QSPI boot on LS1088ARDB and LS1088AQDS platforms. Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> Signed-off-by: Vinitha Pillai-B57223 <vinitha.pil...@nxp.com> --- Changes in v4: Adds Distro boot support defconfigs. Adds config to unset CONFIG_BOOTCOOMAND. Keeping defconfig options in sorted manner. board/freescale/ls1088a/MAINTAINERS | 12 +++ configs/ls1088aqds_qspi_SECURE_BOOT_defconfig | 47 ++ configs/ls1088ardb_qspi_SECURE_BOOT_defconfig | 48 +++ 3 files changed, 107 insertions(+) create mode 100644 configs/ls1088aqds_qspi_SECURE_BOOT_defconfig create mode 100644 configs/ls1088ardb_qspi_SECURE_BOOT_defconfig diff --git a/board/freescale/ls1088a/MAINTAINERS b/board/freescale/ls1088a/MAINTAINERS index b3d5c38..de3961d 100644 --- a/board/freescale/ls1088a/MAINTAINERS +++ b/board/freescale/ls1088a/MAINTAINERS @@ -15,3 +15,15 @@ F: board/freescale/ls1088a/ F: include/configs/ls1088aqds.h F: configs/ls1088aqds_qspi_defconfig F: configs/ls1088aqds_sdcard_qspi_defconfig + +LS1088AQDS_QSPI_SECURE_BOOT BOARD +M: Udit Agarwal <udit.agar...@nxp.com> +M: Vinitha Pillai-B57223 <vinitha.pil...@nxp.com> +S: Maintained +F: configs/ls1088aqds_qspi_SECURE_BOOT_defconfig + +LS1088ARDB_QSPI_SECURE_BOOT BOARD +M: Udit Agarwal <udit.agar...@nxp.com> +M: Vinitha Pillai-B57223 <vinitha.pil...@nxp.com> +S: Maintained +F: configs/ls1088ardb_qspi_SECURE_BOOT_defconfig diff --git a/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig b/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig new file mode 100644 index 000..529651b --- /dev/null +++ b/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig @@ -0,0 +1,47 @@ +CONFIG_ARM=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_DHCP=y +CONFIG_CMD_I2C=y +CONFIG_CMD_MMC=y +CONFIG_CMD_PING=y +CONFIG_CMD_SF=y +CONFIG_CMD_USB=y +# CONFIG_SYS_MALLOC_F is not set +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1088a-qds" +CONFIG_DM=y +CONFIG_DM_PCI=y +CONFIG_DM_PCI_COMPAT=y +CONFIG_DM_SPI=y +CONFIG_DM_SPI_FLASH=y +CONFIG_DM_USB=y +CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_ENV_IS_IN_SPI_FLASH=y +CONFIG_E1000=y +CONFIG_FIT_VERBOSE=y +CONFIG_FSL_CAAM=y +CONFIG_FSL_DSPI=y +CONFIG_FSL_LS_PPA=y +CONFIG_HUSH_PARSER=y +CONFIG_NETDEVICES=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_CONTROL=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_PCI=y +CONFIG_PCIE_LAYERSCAPE=y +CONFIG_RSA=y +CONFIG_RSA_SOFTWARE_EXP=y +CONFIG_SECURE_BOOT=y +CONFIG_SPI_FLASH=y +CONFIG_SPI_FLASH_SPANSION=y +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, QSPI_BOOT" +CONFIG_SYS_NS16550=y +CONFIG_TARGET_LS1088AQDS=y +CONFIG_USB=y +CONFIG_USB_DWC3=y +CONFIG_USB_GADGET=y +CONFIG_USB_STORAGE=y +CONFIG_USB_XHCI_DWC3=y +CONFIG_USB_XHCI_HCD=y +# CONFIG_DISPLAY_BOARDINFO is not set +# CONFIG_USE_BOOTCOMMAND is not set diff --git a/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig b/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig new file mode 100644 index 000..e800966 --- /dev/null +++ b/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig @@ -0,0 +1,48 @@ +CONFIG_ARM=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_DHCP=y +CONFIG_CMD_I2C=y +CONFIG_CMD_MMC=y +CONFIG_CMD_PING=y +CONFIG_CMD_SF=y +CONFIG_CMD_USB=y +# CONFIG_SYS_MALLOC_F is not set +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1088a-rdb" +CONFIG_DISTRO_DEFAULTS=y +CONFIG_DM=y +CONFIG_DM_PCI=y +CONFIG_DM_PCI_COMPAT=y +CONFIG_DM_SPI=y +CONFIG_DM_SPI_FLASH=y +CONFIG_DM_USB=y +CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_ENV_IS_IN_SPI_FLASH=y +CONFIG_E1000=y +CONFIG_FIT_VERBOSE=y +CONFIG_FSL_CAAM=y +CONFIG_FSL_DSPI=y +CONFIG_FSL_LS_PPA=y +CONFIG_HUSH_PARSER=y +CONFIG_NETDEVICES=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_CONTROL=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_PCI=y +CONFIG_PCIE_LAYERSCAPE=y +CONFIG_RSA=y +CONFIG_RSA_SOFTWARE_EXP=y +CONFIG_SECURE_BOOT=y +CONFIG_SPI_FLASH=y +CONFIG_SPI_FLASH_SPANSION=y +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, QSPI_BOOT" +CONFIG_SYS_NS16550=y +CONFIG_TARGET_LS1088ARDB=y +CONFIG_USB=y +CONFIG_USB_DWC3=y +CONFIG_USB_GADGET=y +CONFIG_USB_STORAGE=y +CONFIG_USB_XHCI_DWC3=y +CONFIG_USB_XHCI_HCD=y +# CONFIG_DISPLAY_BOARDINFO is not set +# CONFIG_USE_BOOTCOMMAND is not set -- 1.9.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v4 1/2] LS1088A_QSPI: SECURE_BOOT: Images validation
Validates PPA, MC, DPC, Bootscript, DPL and Kernel images in ESBC phase using esbc_validate command. Enable validation of boot.scr script prior to its execution dependent on "secureboot" flag in environment Add header address for PPA to be validated during ESBC phase for LS1088A platform based on LAyerscape Chasis 3. Moves sec_init prior to ppa_init as for validation of PPA sec must be initialised before the PPA is initialised. Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> Signed-off-by: Vinitha Pillai-B57223 <vinitha.pil...@nxp.com> Signed-off-by: Sumit Garg <sumit.g...@nxp.com> --- Changes in v4: Adds Distro boot support. Removes CONFIG_FSL_CAAM. Will be enabled via defconfig arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 1 + board/freescale/ls1088a/Kconfig | 2 ++ board/freescale/ls1088a/ls1088a.c | 6 ++-- include/configs/ls1088a_common.h | 3 -- include/configs/ls1088aqds.h | 21 + include/configs/ls1088ardb.h | 50 +++ 6 files changed, 64 insertions(+), 19 deletions(-) diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig index 5daf79e..4aa0414 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig @@ -244,6 +244,7 @@ config SYS_LS_PPA_ESBC_ADDR default 0x4068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A default 0x2068 if SYS_LS_PPA_FW_IN_XIP && QSPI_BOOT && ARCH_LS2080A default 0x58068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS2080A + default 0x2068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1088A default 0x68 if SYS_LS_PPA_FW_IN_MMC default 0x68 if SYS_LS_PPA_FW_IN_NAND help diff --git a/board/freescale/ls1088a/Kconfig b/board/freescale/ls1088a/Kconfig index 1ada661..4479dd0 100644 --- a/board/freescale/ls1088a/Kconfig +++ b/board/freescale/ls1088a/Kconfig @@ -12,6 +12,7 @@ config SYS_SOC config SYS_CONFIG_NAME default "ls1088aqds" +source "board/freescale/common/Kconfig" endif if TARGET_LS1088ARDB @@ -28,4 +29,5 @@ config SYS_SOC config SYS_CONFIG_NAME default "ls1088ardb" +source "board/freescale/common/Kconfig" endif diff --git a/board/freescale/ls1088a/ls1088a.c b/board/freescale/ls1088a/ls1088a.c index 96d9ae7..1860f9c 100644 --- a/board/freescale/ls1088a/ls1088a.c +++ b/board/freescale/ls1088a/ls1088a.c @@ -315,6 +315,9 @@ int board_init(void) out_le32(irq_ccsr + IRQCR_OFFSET / 4, AQR105_IRQ_MASK); #endif +#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif #ifdef CONFIG_FSL_LS_PPA ppa_init(); #endif @@ -337,9 +340,6 @@ void detail_board_ddr_info(void) #if defined(CONFIG_ARCH_MISC_INIT) int arch_misc_init(void) { -#ifdef CONFIG_FSL_CAAM - sec_init(); -#endif return 0; } #endif diff --git a/include/configs/ls1088a_common.h b/include/configs/ls1088a_common.h index 6b71d47..b99257e 100644 --- a/include/configs/ls1088a_common.h +++ b/include/configs/ls1088a_common.h @@ -144,9 +144,6 @@ unsigned long long get_qixis_addr(void); #if defined(CONFIG_FSL_MC_ENET) #define CONFIG_SYS_LS_MC_DRAM_BLOCK_MIN_SIZE (512UL * 1024 * 1024) #endif - -#define CONFIG_FSL_CAAM/* Enable SEC/CAAM */ - /* Command line configuration */ #define CONFIG_CMD_GREPENV #define CONFIG_CMD_CACHE diff --git a/include/configs/ls1088aqds.h b/include/configs/ls1088aqds.h index 310e8fd..e7e3afe 100644 --- a/include/configs/ls1088aqds.h +++ b/include/configs/ls1088aqds.h @@ -335,6 +335,26 @@ unsigned long get_board_ddr_clk(void); QIXIS_SDID_MASK) != QIXIS_ESDHC_NO_ADAPTER) /* Initial environment variables */ +#ifdef CONFIG_SECURE_BOOT +#undef CONFIG_EXTRA_ENV_SETTINGS +#define CONFIG_EXTRA_ENV_SETTINGS \ + "hwconfig=fsl_ddr:bank_intlv=auto\0"\ + "loadaddr=0x9010\0" \ + "kernel_addr=0x10\0"\ + "ramdisk_addr=0x80\0" \ + "ramdisk_size=0x200\0" \ + "fdt_high=0xa000\0" \ + "initrd_high=0x\0" \ + "kernel_start=0x100\0" \ + "kernel_load=0xa000\0" \ + "kernel_size=0x280\0" \ + "mcinitcmd=sf probe 0:0;sf read 0xa0a0 0xa0 0x10;" \ + "sf read 0xa070 0x70 0x4000; esbc_validate 0xa070;" \ + "sf read 0xa0e0 0xe0 0x10;" \ + "sf read 0xa074 0x74 0x4000;esbc_validate 0xa074;" \ + "fsl_mc start mc 0xa0a0 0xa0e0\0" \ + "mcmemsize=0x7000 \0" +#el
Re: [U-Boot] [PATCH v3 1/2] LS1088A_QSPI: SECURE_BOOT: Images validation
> -Original Message- > From: York Sun > Sent: Tuesday, October 24, 2017 3:04 AM > To: Udit Agarwal <udit.agar...@nxp.com>; u-boot@lists.denx.de > Cc: Ruchika Gupta <ruchika.gu...@nxp.com>; Sumit Garg <sumit.g...@nxp.com>; > Prabhakar Kushwaha <prabhakar.kushw...@nxp.com> > Subject: Re: [PATCH v3 1/2] LS1088A_QSPI: SECURE_BOOT: Images validation > > On 10/15/2017 10:03 PM, Udit Agarwal wrote: > > Validates PPA, MC, DPC, Bootscript, DPL and Kernel images in ESBC > > phase using esbc_validate command. Add images validation in default > > environment under mcinitcmd prior to MC initialization. > > > > Add header address for PPA to be validated during ESBC phase for > > LS1088A platform based on LAyerscape Chasis 3. > > > > Moves sec_init prior to ppa_init as for validation of PPA sec must be > > initialised before the PPA is initialised. > > > > Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> > > --- > > Changes in v3: > > Removes CONFIG_FSL_CAAM. Will be enabled via defconfig. > > > > arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 1 + > > board/freescale/ls1088a/Kconfig | 2 ++ > > board/freescale/ls1088a/ls1088a.c | 6 +++--- > > include/configs/ls1088a_common.h | 3 --- > > include/configs/ls1088aqds.h | 21 + > > include/configs/ls1088ardb.h | 22 +- > > 6 files changed, 48 insertions(+), 7 deletions(-) > > > > diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig > > b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig > > index 3518d86..7883623 100644 > > --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig > > +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig > > @@ -242,6 +242,7 @@ config SYS_LS_PPA_ESBC_ADDR > > default 0x4068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A > > default 0x2068 if SYS_LS_PPA_FW_IN_XIP && QSPI_BOOT && > ARCH_LS2080A > > default 0x58068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS2080A > > + default 0x2068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1088A > > default 0x68 if SYS_LS_PPA_FW_IN_MMC > > default 0x68 if SYS_LS_PPA_FW_IN_NAND > > help > > diff --git a/board/freescale/ls1088a/Kconfig > > b/board/freescale/ls1088a/Kconfig index 1ada661..4479dd0 100644 > > --- a/board/freescale/ls1088a/Kconfig > > +++ b/board/freescale/ls1088a/Kconfig > > @@ -12,6 +12,7 @@ config SYS_SOC > > config SYS_CONFIG_NAME > > default "ls1088aqds" > > > > +source "board/freescale/common/Kconfig" > > endif > > > > if TARGET_LS1088ARDB > > @@ -28,4 +29,5 @@ config SYS_SOC > > config SYS_CONFIG_NAME > > default "ls1088ardb" > > > > +source "board/freescale/common/Kconfig" > > endif > > diff --git a/board/freescale/ls1088a/ls1088a.c > > b/board/freescale/ls1088a/ls1088a.c > > index 96d9ae7..1860f9c 100644 > > --- a/board/freescale/ls1088a/ls1088a.c > > +++ b/board/freescale/ls1088a/ls1088a.c > > @@ -315,6 +315,9 @@ int board_init(void) > > out_le32(irq_ccsr + IRQCR_OFFSET / 4, AQR105_IRQ_MASK); #endif > > > > +#ifdef CONFIG_FSL_CAAM > > + sec_init(); > > +#endif > > #ifdef CONFIG_FSL_LS_PPA > > ppa_init(); > > #endif > > @@ -337,9 +340,6 @@ void detail_board_ddr_info(void) #if > > defined(CONFIG_ARCH_MISC_INIT) int arch_misc_init(void) { -#ifdef > > CONFIG_FSL_CAAM > > - sec_init(); > > -#endif > > return 0; > > } > > #endif > > diff --git a/include/configs/ls1088a_common.h > > b/include/configs/ls1088a_common.h > > index 84e9b14..6b82ee3 100644 > > --- a/include/configs/ls1088a_common.h > > +++ b/include/configs/ls1088a_common.h > > @@ -132,9 +132,6 @@ unsigned long long get_qixis_addr(void); #if > > defined(CONFIG_FSL_MC_ENET) > > #define CONFIG_SYS_LS_MC_DRAM_BLOCK_MIN_SIZE (512UL * > 1024 * 1024) > > #endif > > - > > -#define CONFIG_FSL_CAAM/* Enable SEC/CAAM */ > > - > > /* Command line configuration */ > > #define CONFIG_CMD_GREPENV > > #define CONFIG_CMD_CACHE > > diff --git a/include/configs/ls1088aqds.h > > b/include/configs/ls1088aqds.h index 3547b0b..ff0cb7e 100644 > > --- a/include/configs/ls1088aqds.h > > +++ b/include/configs/ls1088aqds.h > > @@ -329,6 +329,26 @@ unsigned long get_board_ddr_clk(void); > > QIXIS_SDID_MASK) != QIXIS_ESDHC_NO_ADAPTER) > > > > /*
[U-Boot] [Patch v2] LS2080A_SECURE_BOOT: Enable CONFIG_FSL_LS_PPA.
Adds config CONFIG_FSL_LS_PPA and CONFIG_FSL_CAAM in LS2080AQDS and LS2080ARDB secure boot defconfig. Removes CONFIG_FIT, as not required when CONFIG_FSL_LS_PPA is enabled. Removes CONFIG_SPL_RSA as in QSPI boot SPL boot is not done. Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> --- Changes in V2: Adds information in patch description for other changes. configs/ls2080aqds_SECURE_BOOT_defconfig | 5 +++-- configs/ls2080ardb_SECURE_BOOT_defconfig | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/configs/ls2080aqds_SECURE_BOOT_defconfig b/configs/ls2080aqds_SECURE_BOOT_defconfig index c80a837..8063cd7 100644 --- a/configs/ls2080aqds_SECURE_BOOT_defconfig +++ b/configs/ls2080aqds_SECURE_BOOT_defconfig @@ -1,12 +1,13 @@ CONFIG_ARM=y CONFIG_TARGET_LS2080AQDS=y +CONFIG_FSL_LS_PPA=y CONFIG_SECURE_BOOT=y CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-qds" # CONFIG_SYS_MALLOC_F is not set -CONFIG_FIT=y CONFIG_FIT_VERBOSE=y CONFIG_OF_BOARD_SETUP=y CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_ENV_IS_IN_FLASH=y CONFIG_BOOTDELAY=10 CONFIG_USE_BOOTARGS=y CONFIG_BOOTARGS="console=ttyS0,115200 root=/dev/ram0 earlycon=uart8250,mmio,0x21c0500 ramdisk_size=0x200 default_hugepagesz=2m hugepagesz=2m hugepages=256" @@ -26,6 +27,7 @@ CONFIG_CMD_DATE=y CONFIG_OF_CONTROL=y CONFIG_NET_RANDOM_ETHADDR=y CONFIG_DM=y +CONFIG_FSL_CAAM=y CONFIG_MTD_NOR_FLASH=y CONFIG_DM_SPI_FLASH=y CONFIG_PHYLIB=y @@ -45,6 +47,5 @@ CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_USB_STORAGE=y CONFIG_RSA=y -CONFIG_SPL_RSA=y CONFIG_RSA_SOFTWARE_EXP=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y diff --git a/configs/ls2080ardb_SECURE_BOOT_defconfig b/configs/ls2080ardb_SECURE_BOOT_defconfig index 4a462ce..4e4666d 100644 --- a/configs/ls2080ardb_SECURE_BOOT_defconfig +++ b/configs/ls2080ardb_SECURE_BOOT_defconfig @@ -1,12 +1,13 @@ CONFIG_ARM=y CONFIG_TARGET_LS2080ARDB=y +CONFIG_FSL_LS_PPA=y CONFIG_SECURE_BOOT=y CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-rdb" # CONFIG_SYS_MALLOC_F is not set -CONFIG_FIT=y CONFIG_FIT_VERBOSE=y CONFIG_OF_BOARD_SETUP=y CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_ENV_IS_IN_FLASH=y CONFIG_BOOTDELAY=10 CONFIG_USE_BOOTARGS=y CONFIG_BOOTARGS="console=ttyS1,115200 root=/dev/ram0 earlycon=uart8250,mmio,0x21c0600 ramdisk_size=0x200 default_hugepagesz=2m hugepagesz=2m hugepages=256" @@ -25,6 +26,7 @@ CONFIG_CMD_DATE=y CONFIG_OF_CONTROL=y CONFIG_NET_RANDOM_ETHADDR=y CONFIG_DM=y +CONFIG_FSL_CAAM=y CONFIG_MTD_NOR_FLASH=y CONFIG_DM_SPI_FLASH=y CONFIG_PHYLIB=y @@ -44,6 +46,5 @@ CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_USB_STORAGE=y CONFIG_RSA=y -CONFIG_SPL_RSA=y CONFIG_RSA_SOFTWARE_EXP=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y -- 1.9.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v3 1/2] LS1088A_QSPI: SECURE_BOOT: Images validation
Validates PPA, MC, DPC, Bootscript, DPL and Kernel images in ESBC phase using esbc_validate command. Add images validation in default environment under mcinitcmd prior to MC initialization. Add header address for PPA to be validated during ESBC phase for LS1088A platform based on LAyerscape Chasis 3. Moves sec_init prior to ppa_init as for validation of PPA sec must be initialised before the PPA is initialised. Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> --- Changes in v3: Removes CONFIG_FSL_CAAM. Will be enabled via defconfig. arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 1 + board/freescale/ls1088a/Kconfig | 2 ++ board/freescale/ls1088a/ls1088a.c | 6 +++--- include/configs/ls1088a_common.h | 3 --- include/configs/ls1088aqds.h | 21 + include/configs/ls1088ardb.h | 22 +- 6 files changed, 48 insertions(+), 7 deletions(-) diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig index 3518d86..7883623 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig @@ -242,6 +242,7 @@ config SYS_LS_PPA_ESBC_ADDR default 0x4068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A default 0x2068 if SYS_LS_PPA_FW_IN_XIP && QSPI_BOOT && ARCH_LS2080A default 0x58068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS2080A + default 0x2068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1088A default 0x68 if SYS_LS_PPA_FW_IN_MMC default 0x68 if SYS_LS_PPA_FW_IN_NAND help diff --git a/board/freescale/ls1088a/Kconfig b/board/freescale/ls1088a/Kconfig index 1ada661..4479dd0 100644 --- a/board/freescale/ls1088a/Kconfig +++ b/board/freescale/ls1088a/Kconfig @@ -12,6 +12,7 @@ config SYS_SOC config SYS_CONFIG_NAME default "ls1088aqds" +source "board/freescale/common/Kconfig" endif if TARGET_LS1088ARDB @@ -28,4 +29,5 @@ config SYS_SOC config SYS_CONFIG_NAME default "ls1088ardb" +source "board/freescale/common/Kconfig" endif diff --git a/board/freescale/ls1088a/ls1088a.c b/board/freescale/ls1088a/ls1088a.c index 96d9ae7..1860f9c 100644 --- a/board/freescale/ls1088a/ls1088a.c +++ b/board/freescale/ls1088a/ls1088a.c @@ -315,6 +315,9 @@ int board_init(void) out_le32(irq_ccsr + IRQCR_OFFSET / 4, AQR105_IRQ_MASK); #endif +#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif #ifdef CONFIG_FSL_LS_PPA ppa_init(); #endif @@ -337,9 +340,6 @@ void detail_board_ddr_info(void) #if defined(CONFIG_ARCH_MISC_INIT) int arch_misc_init(void) { -#ifdef CONFIG_FSL_CAAM - sec_init(); -#endif return 0; } #endif diff --git a/include/configs/ls1088a_common.h b/include/configs/ls1088a_common.h index 84e9b14..6b82ee3 100644 --- a/include/configs/ls1088a_common.h +++ b/include/configs/ls1088a_common.h @@ -132,9 +132,6 @@ unsigned long long get_qixis_addr(void); #if defined(CONFIG_FSL_MC_ENET) #define CONFIG_SYS_LS_MC_DRAM_BLOCK_MIN_SIZE (512UL * 1024 * 1024) #endif - -#define CONFIG_FSL_CAAM/* Enable SEC/CAAM */ - /* Command line configuration */ #define CONFIG_CMD_GREPENV #define CONFIG_CMD_CACHE diff --git a/include/configs/ls1088aqds.h b/include/configs/ls1088aqds.h index 3547b0b..ff0cb7e 100644 --- a/include/configs/ls1088aqds.h +++ b/include/configs/ls1088aqds.h @@ -329,6 +329,26 @@ unsigned long get_board_ddr_clk(void); QIXIS_SDID_MASK) != QIXIS_ESDHC_NO_ADAPTER) /* Initial environment variables */ +#ifdef CONFIG_SECURE_BOOT +#undef CONFIG_EXTRA_ENV_SETTINGS +#define CONFIG_EXTRA_ENV_SETTINGS \ + "hwconfig=fsl_ddr:bank_intlv=auto\0"\ + "loadaddr=0x9010\0" \ + "kernel_addr=0x10\0"\ + "ramdisk_addr=0x80\0" \ + "ramdisk_size=0x200\0" \ + "fdt_high=0xa000\0" \ + "initrd_high=0x\0" \ + "kernel_start=0x100\0" \ + "kernel_load=0xa000\0" \ + "kernel_size=0x280\0" \ + "mcinitcmd=sf probe 0:0;sf read 0xa0a0 0xa0 0x10;" \ + "sf read 0xa070 0x70 0x4000; esbc_validate 0xa070;" \ + "sf read 0xa0e0 0xe0 0x10;" \ + "sf read 0xa074 0x74 0x4000;esbc_validate 0xa074;" \ + "fsl_mc start mc 0xa0a0 0xa0e0\0" \ + "mcmemsize=0x7000 \0" +#else /* if !(CONFIG_SECURE_BOOT) */ #if defined(CONFIG_QSPI_BOOT) #undef CONFIG_EXTRA_ENV_SETTINGS #define CONFIG_EXTRA_ENV_SETTINGS \ @@ -362,6 +382,7 @@ unsigned long get
[U-Boot] [PATCH v3 2/2] LS1088A_QSPI: Add secure boot defconfigs for QSPI boot.
Add the secure boot defconfigs for QSPI boot on LS1088ARDB and LS1088AQDS platforms. Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> --- Changes in v3: Keeping defconfig options in sorted manner. board/freescale/ls1088a/MAINTAINERS | 10 configs/ls1088aqds_qspi_SECURE_BOOT_defconfig | 37 +++ configs/ls1088ardb_qspi_SECURE_BOOT_defconfig | 37 +++ 3 files changed, 84 insertions(+) create mode 100644 configs/ls1088aqds_qspi_SECURE_BOOT_defconfig create mode 100644 configs/ls1088ardb_qspi_SECURE_BOOT_defconfig diff --git a/board/freescale/ls1088a/MAINTAINERS b/board/freescale/ls1088a/MAINTAINERS index e1e6d4b..19336ca 100644 --- a/board/freescale/ls1088a/MAINTAINERS +++ b/board/freescale/ls1088a/MAINTAINERS @@ -13,3 +13,13 @@ S: Maintained F: board/freescale/ls1088a/ F: include/configs/ls1088aqds.h F: configs/ls1088aqds_qspi_defconfig + +LS1088AQDS_QSPI_SECURE_BOOT BOARD +M: Udit Agarwal <udit.agar...@nxp.com> +S: Maintained +F: configs/ls1088aqds_qspi_SECURE_BOOT_defconfig + +LS1088ARDB_QSPI_SECURE_BOOT BOARD +M: Udit Agarwal <udit.agar...@nxp.com> +S: Maintained +F: configs/ls1088ardb_qspi_SECURE_BOOT_defconfig diff --git a/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig b/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig new file mode 100644 index 000..ce4dddf --- /dev/null +++ b/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig @@ -0,0 +1,37 @@ +CONFIG_ARM=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_DHCP=y +CONFIG_CMD_I2C=y +CONFIG_CMD_MMC=y +CONFIG_CMD_PING=y +CONFIG_CMD_SF=y +# CONFIG_SYS_MALLOC_F is not set +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1088a-qds" +CONFIG_DM=y +CONFIG_DM_PCI=y +CONFIG_DM_PCI_COMPAT=y +CONFIG_DM_SPI=y +CONFIG_DM_SPI_FLASH=y +CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_E1000=y +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_FSL_CAAM=y +CONFIG_FSL_DSPI=y +CONFIG_FSL_LS_PPA=y +CONFIG_HUSH_PARSER=y +CONFIG_NETDEVICES=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_CONTROL=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_PCI=y +CONFIG_PCIE_LAYERSCAPE=y +CONFIG_RSA=y +CONFIG_RSA_SOFTWARE_EXP=y +CONFIG_SECURE_BOOT=y +CONFIG_SPI_FLASH=y +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, QSPI_BOOT" +CONFIG_SYS_NS16550=y +CONFIG_TARGET_LS1088AQDS=y +# CONFIG_DISPLAY_BOARDINFO is not set diff --git a/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig b/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig new file mode 100644 index 000..e3046b2 --- /dev/null +++ b/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig @@ -0,0 +1,37 @@ +CONFIG_ARM=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_DHCP=y +CONFIG_CMD_I2C=y +CONFIG_CMD_MMC=y +CONFIG_CMD_PING=y +CONFIG_CMD_SF=y +# CONFIG_SYS_MALLOC_F is not set +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1088a-rdb" +CONFIG_DM=y +CONFIG_DM_PCI=y +CONFIG_DM_PCI_COMPAT=y +CONFIG_DM_SPI=y +CONFIG_DM_SPI_FLASH=y +CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_E1000=y +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_FSL_CAAM=y +CONFIG_FSL_DSPI=y +CONFIG_FSL_LS_PPA=y +CONFIG_HUSH_PARSER=y +CONFIG_NETDEVICES=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_CONTROL=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_PCI=y +CONFIG_PCIE_LAYERSCAPE=y +CONFIG_RSA=y +CONFIG_RSA_SOFTWARE_EXP=y +CONFIG_SECURE_BOOT=y +CONFIG_SPI_FLASH=y +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, QSPI_BOOT" +CONFIG_SYS_NS16550=y +CONFIG_TARGET_LS1088ARDB=y +# CONFIG_DISPLAY_BOARDINFO is not set -- 1.9.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH] LS2080A_SECURE_BOOT: Enable CONFIG_FSL_LS_PPA.
Add config CONFIG_FSL_LS_PPA and CONFIG_FSL_CAAM in LS2080AQDS and LS2080ARDB secure boot defconfig. Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> --- configs/ls2080aqds_SECURE_BOOT_defconfig | 5 +++-- configs/ls2080ardb_SECURE_BOOT_defconfig | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/configs/ls2080aqds_SECURE_BOOT_defconfig b/configs/ls2080aqds_SECURE_BOOT_defconfig index aace6b4..d4067a2 100644 --- a/configs/ls2080aqds_SECURE_BOOT_defconfig +++ b/configs/ls2080aqds_SECURE_BOOT_defconfig @@ -1,12 +1,13 @@ CONFIG_ARM=y CONFIG_TARGET_LS2080AQDS=y +CONFIG_FSL_LS_PPA=y CONFIG_SECURE_BOOT=y CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-qds" # CONFIG_SYS_MALLOC_F is not set -CONFIG_FIT=y CONFIG_FIT_VERBOSE=y CONFIG_OF_BOARD_SETUP=y CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_ENV_IS_IN_FLASH=y CONFIG_BOOTDELAY=10 CONFIG_CMD_GREPENV=y CONFIG_CMD_EEPROM=y @@ -23,6 +24,7 @@ CONFIG_CMD_DATE=y CONFIG_OF_CONTROL=y CONFIG_NET_RANDOM_ETHADDR=y CONFIG_DM=y +CONFIG_FSL_CAAM=y CONFIG_MTD_NOR_FLASH=y CONFIG_DM_SPI_FLASH=y CONFIG_PHYLIB=y @@ -42,6 +44,5 @@ CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_USB_STORAGE=y CONFIG_RSA=y -CONFIG_SPL_RSA=y CONFIG_RSA_SOFTWARE_EXP=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y diff --git a/configs/ls2080ardb_SECURE_BOOT_defconfig b/configs/ls2080ardb_SECURE_BOOT_defconfig index b035e57..249f18a 100644 --- a/configs/ls2080ardb_SECURE_BOOT_defconfig +++ b/configs/ls2080ardb_SECURE_BOOT_defconfig @@ -1,12 +1,13 @@ CONFIG_ARM=y CONFIG_TARGET_LS2080ARDB=y +CONFIG_FSL_LS_PPA=y CONFIG_SECURE_BOOT=y CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-rdb" # CONFIG_SYS_MALLOC_F is not set -CONFIG_FIT=y CONFIG_FIT_VERBOSE=y CONFIG_OF_BOARD_SETUP=y CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_ENV_IS_IN_FLASH=y CONFIG_BOOTDELAY=10 CONFIG_CMD_GREPENV=y CONFIG_CMD_EEPROM=y @@ -22,6 +23,7 @@ CONFIG_CMD_DATE=y CONFIG_OF_CONTROL=y CONFIG_NET_RANDOM_ETHADDR=y CONFIG_DM=y +CONFIG_FSL_CAAM=y CONFIG_MTD_NOR_FLASH=y CONFIG_DM_SPI_FLASH=y CONFIG_PHYLIB=y @@ -41,6 +43,5 @@ CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_USB_STORAGE=y CONFIG_RSA=y -CONFIG_SPL_RSA=y CONFIG_RSA_SOFTWARE_EXP=y CONFIG_EFI_LOADER_BOUNCE_BUFFER=y -- 1.9.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH v2 2/2] LS1088A_QSPI: Add secure boot defconfigs for QSPI boot.
Changes in V2: Rebasing the image validation patch. Dependent patch set: https://patchwork.ozlabs.org/patch/801852/ https://patchwork.ozlabs.org/patch/803045/ https://patchwork.ozlabs.org/patch/803043/ > -Original Message- > From: Udit Agarwal [mailto:udit.agar...@nxp.com] > Sent: Friday, August 25, 2017 2:29 PM > To: u-boot@lists.denx.de > Cc: York Sun <york@nxp.com>; Ruchika Gupta <ruchika.gu...@nxp.com>; Sumit > Garg <sumit.g...@nxp.com>; Prabhakar Kushwaha <prabhakar.kushw...@nxp.com>; > Ashish Kumar <ashish.ku...@nxp.com>; Udit Agarwal <udit.agar...@nxp.com> > Subject: [PATCH v2 2/2] LS1088A_QSPI: Add secure boot defconfigs for QSPI > boot. > > Add the secure boot defconfigs for QSPI boot on LS1088ARDB and LS1088AQDS > platforms. > > Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> > --- > configs/ls1088aqds_qspi_SECURE_BOOT_defconfig | 32 > +++ configs/ls1088ardb_qspi_SECURE_BOOT_defconfig > | 32 +++ > 2 files changed, 64 insertions(+) > create mode 100644 configs/ls1088aqds_qspi_SECURE_BOOT_defconfig > create mode 100644 configs/ls1088ardb_qspi_SECURE_BOOT_defconfig > > diff --git a/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig > b/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig > new file mode 100644 > index 000..65653b8 > --- /dev/null > +++ b/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig > @@ -0,0 +1,32 @@ > +CONFIG_ARM=y > +CONFIG_TARGET_LS1088AQDS=y > +# CONFIG_SYS_MALLOC_F is not set > +CONFIG_DM_SPI=y > +CONFIG_DM_SPI_FLASH=y > +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1088a-qds" > +CONFIG_FIT=y > +CONFIG_FIT_VERBOSE=y > +CONFIG_OF_BOARD_SETUP=y > +CONFIG_OF_STDOUT_VIA_ALIAS=y > +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, QSPI_BOOT" > +CONFIG_HUSH_PARSER=y > +CONFIG_CMD_MMC=y > +CONFIG_CMD_SF=y > +CONFIG_CMD_I2C=y > +# CONFIG_CMD_SETEXPR is not set > +CONFIG_CMD_DHCP=y > +CONFIG_CMD_PING=y > +CONFIG_OF_CONTROL=y > +CONFIG_NET_RANDOM_ETHADDR=y > +CONFIG_DM=y > +CONFIG_SPI_FLASH=y > +CONFIG_NETDEVICES=y > +CONFIG_E1000=y > +CONFIG_SYS_NS16550=y > +CONFIG_FSL_DSPI=y > +CONFIG_EFI_LOADER_BOUNCE_BUFFER=y > +# CONFIG_DISPLAY_BOARDINFO is not set > +CONFIG_FSL_LS_PPA=y > +CONFIG_SECURE_BOOT=y > +CONFIG_RSA=y > +CONFIG_RSA_SOFTWARE_EXP=y > diff --git a/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig > b/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig > new file mode 100644 > index 000..5afd559 > --- /dev/null > +++ b/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig > @@ -0,0 +1,32 @@ > +CONFIG_ARM=y > +CONFIG_TARGET_LS1088ARDB=y > +# CONFIG_SYS_MALLOC_F is not set > +CONFIG_DM_SPI=y > +CONFIG_DM_SPI_FLASH=y > +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1088a-rdb" > +CONFIG_FIT=y > +CONFIG_FIT_VERBOSE=y > +CONFIG_OF_BOARD_SETUP=y > +CONFIG_OF_STDOUT_VIA_ALIAS=y > +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, QSPI_BOOT" > +CONFIG_HUSH_PARSER=y > +CONFIG_CMD_MMC=y > +CONFIG_CMD_SF=y > +CONFIG_CMD_I2C=y > +# CONFIG_CMD_SETEXPR is not set > +CONFIG_CMD_DHCP=y > +CONFIG_CMD_PING=y > +CONFIG_OF_CONTROL=y > +CONFIG_NET_RANDOM_ETHADDR=y > +CONFIG_DM=y > +CONFIG_SPI_FLASH=y > +CONFIG_NETDEVICES=y > +CONFIG_E1000=y > +CONFIG_SYS_NS16550=y > +CONFIG_FSL_DSPI=y > +CONFIG_EFI_LOADER_BOUNCE_BUFFER=y > +# CONFIG_DISPLAY_BOARDINFO is not set > +CONFIG_FSL_LS_PPA=y > +CONFIG_SECURE_BOOT=y > +CONFIG_RSA=y > +CONFIG_RSA_SOFTWARE_EXP=y > -- > 1.9.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH v2 1/2] LS1088A_QSPI: SECURE_BOOT: Images validation
Changes in V2: Rebasing the image validation patch. Dependent patch set: https://patchwork.ozlabs.org/patch/801852/ https://patchwork.ozlabs.org/patch/803045/ https://patchwork.ozlabs.org/patch/803043/ > -Original Message- > From: Udit Agarwal [mailto:udit.agar...@nxp.com] > Sent: Friday, August 25, 2017 2:29 PM > To: u-boot@lists.denx.de > Cc: York Sun <york@nxp.com>; Ruchika Gupta <ruchika.gu...@nxp.com>; Sumit > Garg <sumit.g...@nxp.com>; Prabhakar Kushwaha <prabhakar.kushw...@nxp.com>; > Ashish Kumar <ashish.ku...@nxp.com>; Udit Agarwal <udit.agar...@nxp.com> > Subject: [PATCH v2 1/2] LS1088A_QSPI: SECURE_BOOT: Images validation > > Validates PPA, MC, DPC, Bootscript, DPL and Kernel images in ESBC phase using > esbc_validate command. Add images validation in default environment under > mcinitcmd > prior to MC in Changes in V2: Rebasing the image validation patch. Dependent patch set: https://patchwork.ozlabs.org/patch/801852/ https://patchwork.ozlabs.org/patch/803045/ https://patchwork.ozlabs.org/patch/803043/itialization. > > Add header address for PPA to be validated during ESBC phase for LS1088A > platform > based on LAyerscape Chasis 3. > > Moves sec_init prior to ppa_init as for validation of PPA sec must be > initialised before the > PPA is initialised. > > Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> > --- > arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 1 + > board/freescale/ls1088a/Kconfig | 2 ++ > board/freescale/ls1088a/ls1088a.c | 6 +++--- > include/configs/ls1088a_common.h | 6 +++--- > include/configs/ls1088aqds.h | 21 + > include/configs/ls1088ardb.h | 22 +- > 6 files changed, 51 insertions(+), 7 deletions(-) > > diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig > b/arch/arm/cpu/armv8/fsl- > layerscape/Kconfig > index ab69a32..d61f522 100644 > --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig > +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig > @@ -229,6 +229,7 @@ config SYS_LS_PPA_ESBC_ADDR > default 0x4068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A > default 0x2068 if SYS_LS_PPA_FW_IN_XIP && QSPI_BOOT && > ARCH_LS2080A > default 0x58068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS2080A > + default 0x2068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1088A > default 0x68 if SYS_LS_PPA_FW_IN_MMC > default 0x68 if SYS_LS_PPA_FW_IN_NAND > help > diff --git a/board/freescale/ls1088a/Kconfig > b/board/freescale/ls1088a/Kconfig index > 1ada661..4479dd0 100644 > --- a/board/freescale/ls1088a/Kconfig > +++ b/board/freescale/ls1088a/Kconfig > @@ -12,6 +12,7 @@ config SYS_SOC > config SYS_CONFIG_NAME > default "ls1088aqds" > > +source "board/freescale/common/Kconfig" > endif > > if TARGET_LS1088ARDB > @@ -28,4 +29,5 @@ config SYS_SOC > config SYS_CONFIG_NAME > default "ls1088ardb" > > +source "board/freescale/common/Kconfig" > endif > diff --git a/board/freescale/ls1088a/ls1088a.c > b/board/freescale/ls1088a/ls1088a.c > index d1de4d1..b3a646d 100644 > --- a/board/freescale/ls1088a/ls1088a.c > +++ b/board/freescale/ls1088a/ls1088a.c > @@ -315,6 +315,9 @@ int board_init(void) > out_le32(irq_ccsr + IRQCR_OFFSET / 4, AQR105_IRQ_MASK); #endif > > +#ifdef CONFIG_FSL_CAAM > + sec_init(); > +#endif > #ifdef CONFIG_FSL_LS_PPA > ppa_init(); > #endif > @@ -337,9 +340,6 @@ void detail_board_ddr_info(void) #if > defined(CONFIG_ARCH_MISC_INIT) int arch_misc_init(void) { -#ifdef > CONFIG_FSL_CAAM > - sec_init(); > -#endif > return 0; > } > #endif > diff --git a/include/configs/ls1088a_common.h > b/include/configs/ls1088a_common.h > index d01095e..4943e19 100644 > --- a/include/configs/ls1088a_common.h > +++ b/include/configs/ls1088a_common.h > @@ -128,9 +128,9 @@ unsigned long long get_qixis_addr(void); #if > defined(CONFIG_FSL_MC_ENET) > #define CONFIG_SYS_LS_MC_DRAM_BLOCK_MIN_SIZE (512UL * 1024 * > 1024) > #endif > - > -#define CONFIG_FSL_CAAM /* Enable SEC/CAAM */ > - > +#if !defined(CONFIG_FSL_CAAM) > + #define CONFIG_FSL_CAAM /* Enable SEC/CAAM */ > +#endif > /* Command line configuration */ > #define CONFIG_CMD_GREPENV > #define CONFIG_CMD_CACHE > diff --git a/include/configs/ls1088aqds.h b/include/configs/ls1088aqds.h index > 3547b0b..ff0cb7e 100644 > --- a/include/configs/ls1088aqds.h > +++ b/include/configs/ls1088aqds.
[U-Boot] [PATCH v2 2/2] LS1088A_QSPI: Add secure boot defconfigs for QSPI boot.
Add the secure boot defconfigs for QSPI boot on LS1088ARDB and LS1088AQDS platforms. Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> --- configs/ls1088aqds_qspi_SECURE_BOOT_defconfig | 32 +++ configs/ls1088ardb_qspi_SECURE_BOOT_defconfig | 32 +++ 2 files changed, 64 insertions(+) create mode 100644 configs/ls1088aqds_qspi_SECURE_BOOT_defconfig create mode 100644 configs/ls1088ardb_qspi_SECURE_BOOT_defconfig diff --git a/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig b/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig new file mode 100644 index 000..65653b8 --- /dev/null +++ b/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig @@ -0,0 +1,32 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS1088AQDS=y +# CONFIG_SYS_MALLOC_F is not set +CONFIG_DM_SPI=y +CONFIG_DM_SPI_FLASH=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1088a-qds" +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, QSPI_BOOT" +CONFIG_HUSH_PARSER=y +CONFIG_CMD_MMC=y +CONFIG_CMD_SF=y +CONFIG_CMD_I2C=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_DHCP=y +CONFIG_CMD_PING=y +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_SPI_FLASH=y +CONFIG_NETDEVICES=y +CONFIG_E1000=y +CONFIG_SYS_NS16550=y +CONFIG_FSL_DSPI=y +CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +# CONFIG_DISPLAY_BOARDINFO is not set +CONFIG_FSL_LS_PPA=y +CONFIG_SECURE_BOOT=y +CONFIG_RSA=y +CONFIG_RSA_SOFTWARE_EXP=y diff --git a/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig b/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig new file mode 100644 index 000..5afd559 --- /dev/null +++ b/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig @@ -0,0 +1,32 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS1088ARDB=y +# CONFIG_SYS_MALLOC_F is not set +CONFIG_DM_SPI=y +CONFIG_DM_SPI_FLASH=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1088a-rdb" +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, QSPI_BOOT" +CONFIG_HUSH_PARSER=y +CONFIG_CMD_MMC=y +CONFIG_CMD_SF=y +CONFIG_CMD_I2C=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_DHCP=y +CONFIG_CMD_PING=y +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_SPI_FLASH=y +CONFIG_NETDEVICES=y +CONFIG_E1000=y +CONFIG_SYS_NS16550=y +CONFIG_FSL_DSPI=y +CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +# CONFIG_DISPLAY_BOARDINFO is not set +CONFIG_FSL_LS_PPA=y +CONFIG_SECURE_BOOT=y +CONFIG_RSA=y +CONFIG_RSA_SOFTWARE_EXP=y -- 1.9.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v2 1/2] LS1088A_QSPI: SECURE_BOOT: Images validation
Validates PPA, MC, DPC, Bootscript, DPL and Kernel images in ESBC phase using esbc_validate command. Add images validation in default environment under mcinitcmd prior to MC initialization. Add header address for PPA to be validated during ESBC phase for LS1088A platform based on LAyerscape Chasis 3. Moves sec_init prior to ppa_init as for validation of PPA sec must be initialised before the PPA is initialised. Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> --- arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 1 + board/freescale/ls1088a/Kconfig | 2 ++ board/freescale/ls1088a/ls1088a.c | 6 +++--- include/configs/ls1088a_common.h | 6 +++--- include/configs/ls1088aqds.h | 21 + include/configs/ls1088ardb.h | 22 +- 6 files changed, 51 insertions(+), 7 deletions(-) diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig index ab69a32..d61f522 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig @@ -229,6 +229,7 @@ config SYS_LS_PPA_ESBC_ADDR default 0x4068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A default 0x2068 if SYS_LS_PPA_FW_IN_XIP && QSPI_BOOT && ARCH_LS2080A default 0x58068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS2080A + default 0x2068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1088A default 0x68 if SYS_LS_PPA_FW_IN_MMC default 0x68 if SYS_LS_PPA_FW_IN_NAND help diff --git a/board/freescale/ls1088a/Kconfig b/board/freescale/ls1088a/Kconfig index 1ada661..4479dd0 100644 --- a/board/freescale/ls1088a/Kconfig +++ b/board/freescale/ls1088a/Kconfig @@ -12,6 +12,7 @@ config SYS_SOC config SYS_CONFIG_NAME default "ls1088aqds" +source "board/freescale/common/Kconfig" endif if TARGET_LS1088ARDB @@ -28,4 +29,5 @@ config SYS_SOC config SYS_CONFIG_NAME default "ls1088ardb" +source "board/freescale/common/Kconfig" endif diff --git a/board/freescale/ls1088a/ls1088a.c b/board/freescale/ls1088a/ls1088a.c index d1de4d1..b3a646d 100644 --- a/board/freescale/ls1088a/ls1088a.c +++ b/board/freescale/ls1088a/ls1088a.c @@ -315,6 +315,9 @@ int board_init(void) out_le32(irq_ccsr + IRQCR_OFFSET / 4, AQR105_IRQ_MASK); #endif +#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif #ifdef CONFIG_FSL_LS_PPA ppa_init(); #endif @@ -337,9 +340,6 @@ void detail_board_ddr_info(void) #if defined(CONFIG_ARCH_MISC_INIT) int arch_misc_init(void) { -#ifdef CONFIG_FSL_CAAM - sec_init(); -#endif return 0; } #endif diff --git a/include/configs/ls1088a_common.h b/include/configs/ls1088a_common.h index d01095e..4943e19 100644 --- a/include/configs/ls1088a_common.h +++ b/include/configs/ls1088a_common.h @@ -128,9 +128,9 @@ unsigned long long get_qixis_addr(void); #if defined(CONFIG_FSL_MC_ENET) #define CONFIG_SYS_LS_MC_DRAM_BLOCK_MIN_SIZE (512UL * 1024 * 1024) #endif - -#define CONFIG_FSL_CAAM/* Enable SEC/CAAM */ - +#if !defined(CONFIG_FSL_CAAM) + #define CONFIG_FSL_CAAM /* Enable SEC/CAAM */ +#endif /* Command line configuration */ #define CONFIG_CMD_GREPENV #define CONFIG_CMD_CACHE diff --git a/include/configs/ls1088aqds.h b/include/configs/ls1088aqds.h index 3547b0b..ff0cb7e 100644 --- a/include/configs/ls1088aqds.h +++ b/include/configs/ls1088aqds.h @@ -329,6 +329,26 @@ unsigned long get_board_ddr_clk(void); QIXIS_SDID_MASK) != QIXIS_ESDHC_NO_ADAPTER) /* Initial environment variables */ +#ifdef CONFIG_SECURE_BOOT +#undef CONFIG_EXTRA_ENV_SETTINGS +#define CONFIG_EXTRA_ENV_SETTINGS \ + "hwconfig=fsl_ddr:bank_intlv=auto\0"\ + "loadaddr=0x9010\0" \ + "kernel_addr=0x10\0"\ + "ramdisk_addr=0x80\0" \ + "ramdisk_size=0x200\0" \ + "fdt_high=0xa000\0" \ + "initrd_high=0x\0" \ + "kernel_start=0x100\0" \ + "kernel_load=0xa000\0" \ + "kernel_size=0x280\0" \ + "mcinitcmd=sf probe 0:0;sf read 0xa0a0 0xa0 0x10;" \ + "sf read 0xa070 0x70 0x4000; esbc_validate 0xa070;" \ + "sf read 0xa0e0 0xe0 0x10;" \ + "sf read 0xa074 0x74 0x4000;esbc_validate 0xa074;" \ + "fsl_mc start mc 0xa0a0 0xa0e0\0" \ + "mcmemsize=0x7000 \0" +#else /* if !(CONFIG_SECURE_BOOT) */ #if defined(CONFIG_QSPI_BOOT) #undef CONFIG_EXTRA_ENV_SETTINGS #define CONFIG_EXTRA_ENV_SETTINGS
[U-Boot] [PATCH v2 2/2] LS2080ARDB: Secure Boot defconfig for QSPI boot.
Add the secure boot defconfig for QSPI boot on LS2088ARDB platform. Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> --- Dependent Patch Set: https://patchwork.ozlabs.org/patch/756260/ Changes in v2: Updates the MAINTAINERS file and reverses the order of secure boot patches for LS2080 QSPI Boot. configs/ls2088ardb_qspi_SECURE_BOOT_defconfig | 49 +++ 1 file changed, 49 insertions(+) create mode 100644 configs/ls2088ardb_qspi_SECURE_BOOT_defconfig diff --git a/configs/ls2088ardb_qspi_SECURE_BOOT_defconfig b/configs/ls2088ardb_qspi_SECURE_BOOT_defconfig new file mode 100644 index 000..360d8c4 --- /dev/null +++ b/configs/ls2088ardb_qspi_SECURE_BOOT_defconfig @@ -0,0 +1,49 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS2080ARDB=y +CONFIG_SECURE_BOOT=y +CONFIG_FSL_LS_PPA=y +CONFIG_QSPI_AHB_INIT=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2088a-rdb-qspi" +# CONFIG_SYS_MALLOC_F is not set +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_QSPI_BOOT=y +CONFIG_BOOTDELAY=10 +CONFIG_CMD_GREPENV=y +# CONFIG_CMD_IMLS is not set +CONFIG_CMD_GPT=y +CONFIG_CMD_MMC=y +CONFIG_CMD_SF=y +CONFIG_CMD_I2C=y +CONFIG_CMD_DHCP=y +CONFIG_CMD_MII=y +CONFIG_CMD_PING=y +CONFIG_CMD_CACHE=y +CONFIG_CMD_EXT2=y +CONFIG_CMD_FAT=y +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_FSL_CAAM=y +CONFIG_DM_SPI_FLASH=y +CONFIG_NETDEVICES=y +CONFIG_E1000=y +CONFIG_PCI=y +CONFIG_DM_PCI=y +CONFIG_DM_PCI_COMPAT=y +CONFIG_PCIE_LAYERSCAPE=y +CONFIG_SYS_NS16550=y +CONFIG_DM_SPI=y +CONFIG_FSL_QSPI=y +CONFIG_FSL_DSPI=y +CONFIG_CMD_USB=y +CONFIG_RSA=y +CONFIG_RSA_SOFTWARE_EXP=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_USB=y +CONFIG_DM_USB=y +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_XHCI_DWC3=y +CONFIG_USB_STORAGE=y +CONFIG_EFI_LOADER_BOUNCE_BUFFER=y -- 1.9.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v2 1/2] LS2080ARDB: QSPI boot: Secure Boot image validation
Validates the images in the ESBC phase for (QSPI boot) using esbc_validate command. Add images validation in default environment under mcinitcmd prior to MC initialization. Adds header address for PPA to be validated during ESBC phase for ARCH_LS2088 and QSPI_BOOT. Moves sec_init prior to ppa_init as for validation of PPA, sec must be initialised before the PPA is initialised. Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> --- Dependent Patch Set: https://patchwork.ozlabs.org/patch/756260/ Changes in v2: Updates the MAINTAINERS file and reverses the order of secure boot patches for LS2080 QSPI Boot. arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 3 ++- arch/arm/include/asm/fsl_secure_boot.h| 5 + board/freescale/ls2080aqds/ls2080aqds.c | 7 +++ board/freescale/ls2080ardb/MAINTAINERS| 5 + board/freescale/ls2080ardb/ls2080ardb.c | 4 include/configs/ls2080ardb.h | 22 ++ 6 files changed, 41 insertions(+), 5 deletions(-) diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig index 312c54d..18c3b2a 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig @@ -182,7 +182,8 @@ config SYS_LS_PPA_ESBC_ADDR default 0x6068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1043A default 0x4068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1046A default 0x4068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A - default 0x58068 if SYS_LS_PPA_FW_IN_XIP && FSL_LSCH3 + default 0x2068 if SYS_LS_PPA_FW_IN_XIP && QSPI_BOOT && ARCH_LS2080A + default 0x58068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS2080A default 0x68 if SYS_LS_PPA_FW_IN_MMC default 0x68 if SYS_LS_PPA_FW_IN_NAND help diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index 6d53708..b6f63a3 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -72,8 +72,13 @@ * DDR memory map */ #ifdef CONFIG_FSL_LSCH3 +#ifdef CONFIG_QSPI_BOOT +#define CONFIG_BS_ADDR_DEVICE 0x2060 +#define CONFIG_BS_HDR_ADDR_DEVICE 0x2064 +#else /* NOR BOOT */ #define CONFIG_BS_ADDR_DEVICE 0x58060 #define CONFIG_BS_HDR_ADDR_DEVICE 0x58064 +#endif /*ifdef CONFIG_QSPI_BOOT */ #define CONFIG_BS_SIZE 0x1000 #define CONFIG_BS_HDR_SIZE 0x4000 #define CONFIG_BS_ADDR_RAM 0xa060 diff --git a/board/freescale/ls2080aqds/ls2080aqds.c b/board/freescale/ls2080aqds/ls2080aqds.c index 6da9c6c..b9eb549 100644 --- a/board/freescale/ls2080aqds/ls2080aqds.c +++ b/board/freescale/ls2080aqds/ls2080aqds.c @@ -226,15 +226,14 @@ int board_init(void) #endif select_i2c_ch_pca9547(I2C_MUX_CH_DEFAULT); rtc_enable_32khz_output(); +#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif #ifdef CONFIG_FSL_LS_PPA ppa_init(); #endif -#ifdef CONFIG_FSL_CAAM - sec_init(); -#endif - return 0; } diff --git a/board/freescale/ls2080ardb/MAINTAINERS b/board/freescale/ls2080ardb/MAINTAINERS index 91f13ea..8da1c6d 100644 --- a/board/freescale/ls2080ardb/MAINTAINERS +++ b/board/freescale/ls2080ardb/MAINTAINERS @@ -21,3 +21,8 @@ LS2080A_SECURE_BOOT BOARD M: Saksham Jain <saksham.j...@nxp.freescale.com> S: Maintained F: configs/ls2080ardb_SECURE_BOOT_defconfig + +LS2088A_QSPI_SECURE_BOOT BOARD +M: Udit Agarwal <udit.agar...@nxp.com> +S: Maintained +F: configs/ls2088ardb_qspi_SECURE_BOOT_defconfig diff --git a/board/freescale/ls2080ardb/ls2080ardb.c b/board/freescale/ls2080ardb/ls2080ardb.c index df2d768..4c42c73 100644 --- a/board/freescale/ls2080ardb/ls2080ardb.c +++ b/board/freescale/ls2080ardb/ls2080ardb.c @@ -231,6 +231,10 @@ int board_init(void) #ifdef CONFIG_FSL_QIXIS QIXIS_WRITE(rst_ctl, QIXIS_RST_CTL_RESET_EN); #endif + +#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif #ifdef CONFIG_FSL_LS_PPA ppa_init(); #endif diff --git a/include/configs/ls2080ardb.h b/include/configs/ls2080ardb.h index 2dab065..f04a343 100644 --- a/include/configs/ls2080ardb.h +++ b/include/configs/ls2080ardb.h @@ -364,6 +364,27 @@ unsigned long get_board_sys_clk(void); /* Initial environment variables */ #undef CONFIG_EXTRA_ENV_SETTINGS #ifdef CONFIG_SECURE_BOOT +#ifdef CONFIG_QSPI_BOOT +#define CONFIG_EXTRA_ENV_SETTINGS \ + "hwconfig=fsl_ddr:bank_intlv=auto\0"\ + "scriptaddr=0x8080\0" \ + "kernel_addr_r=0x8100\0"\ + "pxefile_addr_r=0x8100\0" \ + "fdt_addr_r=0x8800\0" \ + "ramdisk_addr_r=0x8900\0" \ + "loadaddr=0x8010\0" \ + "kernel_addr=
[U-Boot] [PATCH 2/3] LS2080ARDB: QSPI boot: Secure Boot image validation
Validates the images in the ESBC phase for LS2088ARDB platform and QSPI boot using esbc_validate command. Add images validation in default environment under mcinitcmd prior to MC initialization. Adds header address for PPA to be validated during ESBC phase for ARCH_LS2088 and QSPI_BOOT. Moves sec_init prior to ppa_init as for validation of PPA sec must be initialised before the PPA is initialised. Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> --- https://patchwork.ozlabs.org/patch/756222/ https://patchwork.ozlabs.org/patch/756221/ https://patchwork.ozlabs.org/patch/756250/ arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 1 + board/freescale/ls2080aqds/ls2080aqds.c | 2 +- board/freescale/ls2080ardb/ls2080ardb.c | 7 --- include/configs/ls2080ardb.h | 22 ++ 4 files changed, 28 insertions(+), 4 deletions(-) diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig index 57660e8..8b39e00 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig @@ -216,6 +216,7 @@ config SYS_LS_PPA_ESBC_ADDR default 0x4068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1046A default 0x4068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A default 0x2068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1088A + default 0x2068 if SYS_LS_PPA_FW_IN_XIP && QSPI_BOOT && ARCH_LS2080A default 0x58068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS2080A default 0x68 if SYS_LS_PPA_FW_IN_MMC default 0x68 if SYS_LS_PPA_FW_IN_NAND diff --git a/board/freescale/ls2080aqds/ls2080aqds.c b/board/freescale/ls2080aqds/ls2080aqds.c index ba3347b..00f4bb1 100644 --- a/board/freescale/ls2080aqds/ls2080aqds.c +++ b/board/freescale/ls2080aqds/ls2080aqds.c @@ -229,7 +229,7 @@ int board_init(void) select_i2c_ch_pca9547(I2C_MUX_CH_DEFAULT); rtc_enable_32khz_output(); #ifdef CONFIG_FSL_CAAM -sec_init(); + sec_init(); #endif #ifdef CONFIG_FSL_LS_PPA diff --git a/board/freescale/ls2080ardb/ls2080ardb.c b/board/freescale/ls2080ardb/ls2080ardb.c index edb6b33..c25f8ab 100644 --- a/board/freescale/ls2080ardb/ls2080ardb.c +++ b/board/freescale/ls2080ardb/ls2080ardb.c @@ -233,6 +233,10 @@ int board_init(void) #ifdef CONFIG_FSL_QIXIS QIXIS_WRITE(rst_ctl, QIXIS_RST_CTL_RESET_EN); #endif + +#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif #ifdef CONFIG_FSL_LS_PPA ppa_init(); #endif @@ -241,9 +245,6 @@ int board_init(void) /* invert AQR405 IRQ pins polarity */ out_le32(irq_ccsr + IRQCR_OFFSET / 4, AQR405_IRQ_MASK); #endif -#ifdef CONFIG_FSL_CAAM -sec_init(); -#endif return 0; } diff --git a/include/configs/ls2080ardb.h b/include/configs/ls2080ardb.h index 711241a..5a1d516 100644 --- a/include/configs/ls2080ardb.h +++ b/include/configs/ls2080ardb.h @@ -366,6 +366,27 @@ unsigned long get_board_sys_clk(void); /* Initial environment variables */ #undef CONFIG_EXTRA_ENV_SETTINGS #ifdef CONFIG_SECURE_BOOT +#ifdef CONFIG_QSPI_BOOT +#define CONFIG_EXTRA_ENV_SETTINGS \ + "hwconfig=fsl_ddr:bank_intlv=auto\0"\ + "scriptaddr=0x8080\0" \ + "kernel_addr_r=0x8100\0"\ + "pxefile_addr_r=0x8100\0" \ + "fdt_addr_r=0x8800\0" \ + "ramdisk_addr_r=0x8900\0" \ + "loadaddr=0x8010\0" \ + "kernel_addr=0x10\0"\ + "ramdisk_size=0x200\0" \ + "fdt_high=0xa000\0" \ + "initrd_high=0x\0" \ + "kernel_start=0x2100\0" \ + "mcmemsize=0x4000\0"\ + "mcinitcmd=esbc_validate 0x2070;" \ + "esbc_validate 0x2074;" \ + "fsl_mc start mc 0x20a0"\ + " 0x20e0 \0"\ + BOOTENV +#else /* !(CONFIG_QSPI_BOOT) */ #define CONFIG_EXTRA_ENV_SETTINGS \ "hwconfig=fsl_ddr:bank_intlv=auto\0"\ "scriptaddr=0x8080\0" \ @@ -389,6 +410,7 @@ unsigned long get_board_sys_clk(void); "fsl_mc start mc 0x58030" \ " 0x58080 \0" \ BOOTENV +#endif #else #ifdef CONFIG_QSPI_BOOT #define CONFIG_EXTRA_ENV_SETTINGS \ -- 1.9.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 3/3] LS2080A: Adjust memory map for secure boot headers for NOR-boot
This patch adjusts memory map for secure boot headers on LS2080AQDS and LS2080ARDB platforms. Secure boot headers are placed on NOR flash at offset 0x0060. Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> --- https://patchwork.ozlabs.org/patch/756222/ https://patchwork.ozlabs.org/patch/756221/ https://patchwork.ozlabs.org/patch/756250/ board/freescale/ls2080aqds/README | 1 + board/freescale/ls2080ardb/README | 1 + include/configs/ls2080aqds.h | 10 +- include/configs/ls2080ardb.h | 10 +- 4 files changed, 12 insertions(+), 10 deletions(-) diff --git a/board/freescale/ls2080aqds/README b/board/freescale/ls2080aqds/README index fd0e25a..cad860e 100644 --- a/board/freescale/ls2080aqds/README +++ b/board/freescale/ls2080aqds/README @@ -96,6 +96,7 @@ RCW+PBI 0x Boot firmware (U-Boot) 0x0010 Boot firmware Environment 0x0030 PPA firmware 0x0040 +Secure Headers 0x0060 DPAA2 MC 0x00A0 DPAA2 DPL 0x00D0 DPAA2 DPC 0x00E0 diff --git a/board/freescale/ls2080ardb/README b/board/freescale/ls2080ardb/README index f228d80..205c45c 100644 --- a/board/freescale/ls2080ardb/README +++ b/board/freescale/ls2080ardb/README @@ -92,6 +92,7 @@ RCW+PBI 0x Boot firmware (U-Boot) 0x0010 Boot firmware Environment 0x0030 PPA firmware 0x0040 +Secure Headers 0x0060 Cortina PHY firmware 0x0098 DPAA2 MC 0x00A0 DPAA2 DPL 0x00D0 diff --git a/include/configs/ls2080aqds.h b/include/configs/ls2080aqds.h index d646197..efc3d5b 100644 --- a/include/configs/ls2080aqds.h +++ b/include/configs/ls2080aqds.h @@ -369,14 +369,14 @@ unsigned long get_board_ddr_clk(void); "ramdisk_size=0x200\0" \ "fdt_high=0xa000\0" \ "initrd_high=0x\0" \ - "kernel_start=0x58110\0"\ + "kernel_start=0x58100\0"\ "kernel_load=0xa000\0" \ "kernel_size=0x280\0" \ "mcmemsize=0x4000\0"\ - "mcinitcmd=esbc_validate 0x580c8;" \ - "esbc_validate 0x580cc;"\ - "fsl_mc start mc 0x58030" \ - " 0x58080 \0" + "mcinitcmd=esbc_validate 0x58070;" \ + "esbc_validate 0x58074;"\ + "fsl_mc start mc 0x580a0" \ + " 0x580e0 \0" #else #define CONFIG_EXTRA_ENV_SETTINGS \ "hwconfig=fsl_ddr:bank_intlv=auto\0"\ diff --git a/include/configs/ls2080ardb.h b/include/configs/ls2080ardb.h index 5a1d516..6abf54b 100644 --- a/include/configs/ls2080ardb.h +++ b/include/configs/ls2080ardb.h @@ -400,15 +400,15 @@ unsigned long get_board_sys_clk(void); "ramdisk_size=0x200\0" \ "fdt_high=0xa000\0" \ "initrd_high=0x\0" \ - "kernel_start=0x58110\0"\ + "kernel_start=0x58100\0"\ "kernel_load=0xa000\0" \ "kernel_size=0x280\0" \ "mcmemsize=0x4000\0"\ "fdtfile=fsl-ls2080a-rdb.dtb\0" \ - "mcinitcmd=esbc_validate 0x580c8;" \ - "esbc_validate 0x580cc;"\ - "fsl_mc start mc 0x58030" \ - " 0x58080 \0" \ + "mcinitcmd=esbc_validate 0x58070;" \ + "esbc_validate 0x58074;"\ + "fsl_mc start mc 0x580a0" \ + " 0x580e0 \0" \ BOOTENV #endif #else -- 1.9.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 1/3] LS2080ARDB: Secure Boot defconfig for QSPI boot.
Add the secure boot defconfig for QSPI boot on LS2088ARDB platform. Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> --- https://patchwork.ozlabs.org/patch/756222/ https://patchwork.ozlabs.org/patch/756221/ https://patchwork.ozlabs.org/patch/756250/ configs/ls2088ardb_qspi_SECURE_BOOT_defconfig | 50 +++ 1 file changed, 50 insertions(+) create mode 100644 configs/ls2088ardb_qspi_SECURE_BOOT_defconfig diff --git a/configs/ls2088ardb_qspi_SECURE_BOOT_defconfig b/configs/ls2088ardb_qspi_SECURE_BOOT_defconfig new file mode 100644 index 000..749ad1d --- /dev/null +++ b/configs/ls2088ardb_qspi_SECURE_BOOT_defconfig @@ -0,0 +1,50 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS2080ARDB=y +CONFIG_SECURE_BOOT=y +CONFIG_FSL_LS_PPA=y +CONFIG_QSPI_AHB_INIT=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2088a-rdb-qspi" +# CONFIG_SYS_MALLOC_F is not set +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_SYS_EXTRA_OPTIONS="LS2080A" +CONFIG_QSPI_BOOT=y +CONFIG_BOOTDELAY=10 +CONFIG_CMD_GREPENV=y +# CONFIG_CMD_IMLS is not set +CONFIG_CMD_GPT=y +CONFIG_CMD_MMC=y +CONFIG_CMD_SF=y +CONFIG_CMD_I2C=y +CONFIG_CMD_DHCP=y +CONFIG_CMD_MII=y +CONFIG_CMD_PING=y +CONFIG_CMD_CACHE=y +CONFIG_CMD_EXT2=y +CONFIG_CMD_FAT=y +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_FSL_CAAM=y +CONFIG_DM_SPI_FLASH=y +CONFIG_NETDEVICES=y +CONFIG_E1000=y +CONFIG_PCI=y +CONFIG_DM_PCI=y +CONFIG_DM_PCI_COMPAT=y +CONFIG_PCIE_LAYERSCAPE=y +CONFIG_SYS_NS16550=y +CONFIG_DM_SPI=y +CONFIG_FSL_QSPI=y +CONFIG_FSL_DSPI=y +CONFIG_CMD_USB=y +CONFIG_RSA=y +CONFIG_RSA_SOFTWARE_EXP=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_USB=y +CONFIG_DM_USB=y +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_XHCI_DWC3=y +CONFIG_USB_STORAGE=y +CONFIG_EFI_LOADER_BOUNCE_BUFFER=y -- 1.9.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 2/2] LS1088A: SECURE_BOOT: Images validation
Validates PPA, MC, DPC, Bootscript, DPL and Kernel images in ESBC phase using esbc_validate command. Add images validation in default environment under mcinitcmd prior to MC initialization. Add header address for PPA to be validated during ESBC phase for LS1088A platform based on LAyerscape Chasis 3. Defines address for Bootscript image and its header for QSPI and adds command to copy these images from QSPI to RAM using sf read command. Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> --- Dependent patch set: https://patchwork.ozlabs.org/patch/756260/ arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 3 ++- arch/arm/include/asm/fsl_secure_boot.h| 5 + board/freescale/ls1088a/Kconfig | 1 + board/freescale/ls1088a/ls1088a.c | 6 +++--- include/config_fsl_chain_trust.h | 7 ++- include/configs/ls1088a_common.h | 2 ++ include/configs/ls1088aqds.h | 21 + include/configs/ls1088ardb.h | 21 + 8 files changed, 61 insertions(+), 5 deletions(-) diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig index 1f23698..8c3c966 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig @@ -214,7 +214,8 @@ config SYS_LS_PPA_ESBC_ADDR default 0x6068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1043A default 0x4068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1046A default 0x4068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A - default 0x58068 if SYS_LS_PPA_FW_IN_XIP && FSL_LSCH3 + default 0x2068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1088A + default 0x58068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS2080A default 0x68 if SYS_LS_PPA_FW_IN_MMC default 0x68 if SYS_LS_PPA_FW_IN_NAND help diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index 42ae4e2..2e45275 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -78,8 +78,13 @@ * DDR memory map */ #ifdef CONFIG_FSL_LSCH3 +#ifdef CONFIG_QSPI_BOOT +#define CONFIG_BS_ADDR_DEVICE 0x2060 +#define CONFIG_BS_HDR_ADDR_DEVICE 0x2064 +#else /* NOR BOOT */ #define CONFIG_BS_ADDR_DEVICE 0x58060 #define CONFIG_BS_HDR_ADDR_DEVICE 0x58064 +#endif /*ifdef CONFIG_QSPI_BOOT */ #define CONFIG_BS_SIZE 0x1000 #define CONFIG_BS_HDR_SIZE 0x4000 #define CONFIG_BS_ADDR_RAM 0xa060 diff --git a/board/freescale/ls1088a/Kconfig b/board/freescale/ls1088a/Kconfig index 1ada661..c8555d5 100644 --- a/board/freescale/ls1088a/Kconfig +++ b/board/freescale/ls1088a/Kconfig @@ -28,4 +28,5 @@ config SYS_SOC config SYS_CONFIG_NAME default "ls1088ardb" +source "board/freescale/common/Kconfig" endif diff --git a/board/freescale/ls1088a/ls1088a.c b/board/freescale/ls1088a/ls1088a.c index dcd919d..b094319 100644 --- a/board/freescale/ls1088a/ls1088a.c +++ b/board/freescale/ls1088a/ls1088a.c @@ -857,6 +857,9 @@ int board_init(void) if (adjust_vdd(0) < 0) printf("core voltage not adjusted\n"); +#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif #ifdef CONFIG_FSL_LS_PPA ppa_init(); #endif @@ -879,9 +882,6 @@ void detail_board_ddr_info(void) #if defined(CONFIG_ARCH_MISC_INIT) int arch_misc_init(void) { -#ifdef CONFIG_FSL_CAAM - sec_init(); -#endif return 0; } #endif diff --git a/include/config_fsl_chain_trust.h b/include/config_fsl_chain_trust.h index 40d323e..2105b05 100644 --- a/include/config_fsl_chain_trust.h +++ b/include/config_fsl_chain_trust.h @@ -80,7 +80,12 @@ "setenv bs_device " __stringify(CONFIG_BS_ADDR_DEVICE)";" \ "setenv bs_size " __stringify(CONFIG_BS_SIZE)";" -/* For secure boot flow, default environment used will be used */ +/* Define BS_COPY_COMMAND to copy bootscript for different types of BOOT + * For RAMBOOT, check the type of RAMBOOT to define copy command + * For SoC's where QSPI XIP mode doesnot work - CONFIG_BS_COPY_QSPI_IP is used + * and for rest it is just a copy command + */ + #if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_NAND_BOOT) || \ defined(CONFIG_SD_BOOT) #if defined(CONFIG_RAMBOOT_NAND) || defined(CONFIG_NAND_BOOT) diff --git a/include/configs/ls1088a_common.h b/include/configs/ls1088a_common.h index fbf81f0..ee79470 100644 --- a/include/configs/ls1088a_common.h +++ b/include/configs/ls1088a_common.h @@ -142,7 +142,9 @@ unsigned long long get_qixis_addr(void); #define CONFIG_SYS_LS_MC_DRAM_BLOCK_MIN_SIZE (512UL * 1024 * 1024) #endif +#if !defined(CONFIG_FSL_CAAM) #define CONFIG_FSL_CAAM/* Enable SEC/CAAM */ +#endif /* Command line configuration */ #define CONF
[U-Boot] [PATCH 1/2] LS1088A: Add secure boot defconfigs for QSPI boot.
Add the secure boot defconfigs for QSPI boot on LS1088ARDB and LS1088AQDS platforms. Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> --- Dependent patch set: https://patchwork.ozlabs.org/patch/756260/ configs/ls1088aqds_qspi_SECURE_BOOT_defconfig | 31 +++ configs/ls1088ardb_qspi_SECURE_BOOT_defconfig | 31 +++ 2 files changed, 62 insertions(+) create mode 100644 configs/ls1088aqds_qspi_SECURE_BOOT_defconfig create mode 100644 configs/ls1088ardb_qspi_SECURE_BOOT_defconfig diff --git a/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig b/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig new file mode 100644 index 000..fe3c936 --- /dev/null +++ b/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig @@ -0,0 +1,31 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS1088AQDS=y +# CONFIG_SYS_MALLOC_F is not set +CONFIG_DM_SPI=y +CONFIG_DM_SPI_FLASH=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1088a-qds" +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_SECURE_BOOT=y + +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, QSPI_BOOT" +CONFIG_HUSH_PARSER=y +CONFIG_CMD_MMC=y +CONFIG_CMD_SF=y +CONFIG_CMD_I2C=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_DHCP=y +CONFIG_CMD_PING=y +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_SPI_FLASH=y +CONFIG_NETDEVICES=y +CONFIG_E1000=y +CONFIG_SYS_NS16550=y +CONFIG_FSL_DSPI=y +CONFIG_RSA=y +CONFIG_RSA_SOFTWARE_EXP=y +CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_FSL_LS_PPA=y diff --git a/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig b/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig new file mode 100644 index 000..a2bab45 --- /dev/null +++ b/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig @@ -0,0 +1,31 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS1088ARDB=y +# CONFIG_SYS_MALLOC_F is not set +CONFIG_DM_SPI=y +CONFIG_DM_SPI_FLASH=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1088a-rdb" +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_SECURE_BOOT=y +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, QSPI_BOOT" +CONFIG_HUSH_PARSER=y +CONFIG_CMD_MMC=y +CONFIG_CMD_SF=y +CONFIG_CMD_I2C=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_DHCP=y +CONFIG_CMD_PING=y +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_SPI_FLASH=y +CONFIG_NETDEVICES=y +CONFIG_E1000=y +CONFIG_SYS_NS16550=y +CONFIG_FSL_DSPI=y +CONFIG_RSA=y +CONFIG_RSA_SOFTWARE_EXP=y +CONFIG_EFI_LOADER_BOUNCE_BUFFER=y +CONFIG_FSL_LS_PPA=y -- 1.9.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 1/1] Secure Boot: Set NPSWA_EN bit for SNVS state transition to happen in EL2.
For Layerscape chasis Gen 3 based platforms, during PPA execution exception level transition happens from EL3 to EL2. While in EL2 state SNVS state doesnot changes from secure to non secure state in case of ESBC failure. So to enable the SNVS transition in EL2 state, NPSWA_EN bit has to be set when in EL3 state. Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> --- drivers/crypto/fsl/jr.c | 7 +++ 1 file changed, 7 insertions(+) diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index 1b88229..ccd2168 100644 --- a/drivers/crypto/fsl/jr.c +++ b/drivers/crypto/fsl/jr.c @@ -8,6 +8,7 @@ #include #include +#include #include "fsl_sec.h" #include "jr.h" #include "jobdesc.h" @@ -574,6 +575,12 @@ int sec_init_idx(uint8_t sec_idx) uint32_t liodn_s; #endif +#if defined(CONFIG_FSL_LSCH3) && defined(CONFIG_SYS_LS_PPA_ESBC_ADDR) +#define SEC_MON_HPCOMR (CONFIG_SYS_SEC_MON_ADDR + 0x04) +#define SEC_MON_HPCOMR_NPSWA_EN0x8000 + sec_mon_setbits32(SEC_MON_HPCOMR, SEC_MON_HPCOMR_NPSWA_EN); +#endif + if (!(sec_idx < CONFIG_SYS_FSL_MAX_NUM_OF_SEC)) { printf("SEC initialization failed\n"); return -1; -- 1.9.1 ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
[U-Boot] [PATCH v2 1/1] Secure Boot: Enable IE (Key extention) Feature
For validating images from uboot (Such as Kernel Image), either keys from SoC fuses can be used or keys from a verified table of public keys can be used. The latter feature is called IE Key Extension Feature. For Layerscape Chasis 3 based platforms, IE table is validated by Bootrom and address of this table is written in scratch registers 13 and 14 via PBI commands. Following are the steps describing usage of this feature: 1) Verify IE Table in ISBC phase using keys stored in fuses. 2) Install IE table. (To be used across verification of multiple images stored in a static global structure.) 3) Use keys from IE table, to verify further images. Signed-off-by: Aneesh Bansal <aneesh.ban...@nxp.com> Signed-off-by: Saksham Jain <saksham.j...@nxp.com> Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> --- Changes for V2 Adds more clarity in subject and description related to this feature. --- arch/arm/include/asm/fsl_secure_boot.h | 6 +-- board/freescale/common/fsl_validate.c | 88 +++--- include/fsl_validate.h | 24 +- 3 files changed, 97 insertions(+), 21 deletions(-) diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index 27cf096..a612b7d 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -51,11 +51,11 @@ * in boot ROM of the SoC. * The feature is only applicable in case of NOR boot and is * not applicable in case of RAMBOOT (NAND, SD, SPI). + * For LS, this feature is available for all device if IE Table + * is copied to XIP memory + * Also, for LS, ISBC doesn't verify this table. */ -#ifndef CONFIG_ESBC_HDR_LS -/* Current Key EXT feature not available in LS ESBC Header */ #define CONFIG_FSL_ISBC_KEY_EXT -#endif #endif diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c index 2b723a4..7396aa2 100644 --- a/board/freescale/common/fsl_validate.c +++ b/board/freescale/common/fsl_validate.c @@ -27,6 +27,10 @@ #define CHECK_KEY_LEN(key_len) (((key_len) == 2 * KEY_SIZE_BYTES / 4) || \ ((key_len) == 2 * KEY_SIZE_BYTES / 2) || \ ((key_len) == 2 * KEY_SIZE_BYTES)) +#if defined(CONFIG_FSL_ISBC_KEY_EXT) +/* Global data structure */ +static struct fsl_secboot_glb glb; +#endif /* This array contains DER value for SHA-256 */ static const u8 hash_identifier[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, @@ -60,7 +64,7 @@ self: #if defined(CONFIG_FSL_ISBC_KEY_EXT) static u32 check_ie(struct fsl_secboot_img_priv *img) { - if (img->hdr.ie_flag) + if (img->hdr.ie_flag & IE_FLAG_MASK) return 1; return 0; @@ -119,7 +123,21 @@ int get_csf_base_addr(u32 *csf_addr, u32 *flash_base_addr) } #endif -static int get_ie_info_addr(u32 *ie_addr) +#if defined(CONFIG_ESBC_HDR_LS) +static int get_ie_info_addr(uintptr_t *ie_addr) +{ + struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR); + /* For LS-CH3, the address of IE Table is +* stated in Scratch13 and scratch14 of DCFG. +* Bootrom validates this table while validating uboot. +* DCFG is LE*/ + *ie_addr = in_le32(>scratchrw[SCRATCH_IE_HIGH_ADR - 1]); + *ie_addr = *ie_addr << 32; + *ie_addr |= in_le32(>scratchrw[SCRATCH_IE_LOW_ADR - 1]); + return 0; +} +#else /* CONFIG_ESBC_HDR_LS */ +static int get_ie_info_addr(uintptr_t *ie_addr) { struct fsl_secboot_img_hdr *hdr; struct fsl_secboot_sg_table *sg_tbl; @@ -147,16 +165,17 @@ static int get_ie_info_addr(u32 *ie_addr) /* IE Key Table is the first entry in the SG Table */ #if defined(CONFIG_MPC85xx) - *ie_addr = (sg_tbl->src_addr & ~(CONFIG_SYS_PBI_FLASH_BASE)) + - flash_base_addr; + *ie_addr = (uintptr_t)((sg_tbl->src_addr & + ~(CONFIG_SYS_PBI_FLASH_BASE)) + + flash_base_addr); #else - *ie_addr = sg_tbl->src_addr; + *ie_addr = (uintptr_t)sg_tbl->src_addr; #endif - debug("IE Table address is %x\n", *ie_addr); + debug("IE Table address is %lx\n", *ie_addr); return 0; } - +#endif /* CONFIG_ESBC_HDR_LS */ #endif #ifdef CONFIG_KEY_REVOCATION @@ -164,7 +183,10 @@ static int get_ie_info_addr(u32 *ie_addr) static u32 check_srk(struct fsl_secboot_img_priv *img) { #ifdef CONFIG_ESBC_HDR_LS - /* In LS, No SRK Flag as SRK is always present*/ + /* In LS, No SRK Flag as SRK is always present if IE not present*/ +#if defined(CONFIG_FSL_ISBC_KEY_EXT) + return !check_ie(img); +#endif return 1; #else if (img->hdr.len_kr.srk_table_flag & SRK_FLAG) @@ -253,14 +275,29 @@ static u32 read_validate_single_key(struct fsl_secboot_img_priv *img) #endif /* CONFIG_ESBC_HDR_LS */ #if defined(CONFIG_FSL_IS
[U-Boot] [PATCH 1/1] Enable IE (Key extention) Feature in LS2080A
For validating images from uboot (Such as Kernel Image), either keys from SoC fuses can be used or keys from a verified table of public keys can be used. The latter feature is called IE Key Extension Feature. On ls-ch3 platforms,IE table is validated by Bootrom and address of this table is written in scratch registers 13 and 14 via PBI commands. The procedure is to first verify IE table using Keys stored in fuses, and then use the keys in this table to verify further images. So the steps are: 1) Verify IE Table (If "IE Table Flag" set in any image i.e. Verify IE Table only when any image needs IE Table's Key to be verified) 2) Install IE table. (To be used across verification of multiple images. Stored in a static global structure.) 3) If IE flag enabled in header of any image, Use keys from IE table, otherwise use keys tied up with SoC's fuses (SRK). Signed-off-by: Aneesh Bansal <aneesh.ban...@nxp.com> Signed-off-by: Saksham Jain <saksham.j...@nxp.com> Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> --- arch/arm/include/asm/fsl_secure_boot.h | 6 +-- board/freescale/common/fsl_validate.c | 88 +++--- include/fsl_validate.h | 24 +- 3 files changed, 97 insertions(+), 21 deletions(-) diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index 27cf096..a612b7d 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -51,11 +51,11 @@ * in boot ROM of the SoC. * The feature is only applicable in case of NOR boot and is * not applicable in case of RAMBOOT (NAND, SD, SPI). + * For LS, this feature is available for all device if IE Table + * is copied to XIP memory + * Also, for LS, ISBC doesn't verify this table. */ -#ifndef CONFIG_ESBC_HDR_LS -/* Current Key EXT feature not available in LS ESBC Header */ #define CONFIG_FSL_ISBC_KEY_EXT -#endif #endif diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c index 2b723a4..7396aa2 100644 --- a/board/freescale/common/fsl_validate.c +++ b/board/freescale/common/fsl_validate.c @@ -27,6 +27,10 @@ #define CHECK_KEY_LEN(key_len) (((key_len) == 2 * KEY_SIZE_BYTES / 4) || \ ((key_len) == 2 * KEY_SIZE_BYTES / 2) || \ ((key_len) == 2 * KEY_SIZE_BYTES)) +#if defined(CONFIG_FSL_ISBC_KEY_EXT) +/* Global data structure */ +static struct fsl_secboot_glb glb; +#endif /* This array contains DER value for SHA-256 */ static const u8 hash_identifier[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, @@ -60,7 +64,7 @@ self: #if defined(CONFIG_FSL_ISBC_KEY_EXT) static u32 check_ie(struct fsl_secboot_img_priv *img) { - if (img->hdr.ie_flag) + if (img->hdr.ie_flag & IE_FLAG_MASK) return 1; return 0; @@ -119,7 +123,21 @@ int get_csf_base_addr(u32 *csf_addr, u32 *flash_base_addr) } #endif -static int get_ie_info_addr(u32 *ie_addr) +#if defined(CONFIG_ESBC_HDR_LS) +static int get_ie_info_addr(uintptr_t *ie_addr) +{ + struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR); + /* For LS-CH3, the address of IE Table is +* stated in Scratch13 and scratch14 of DCFG. +* Bootrom validates this table while validating uboot. +* DCFG is LE*/ + *ie_addr = in_le32(>scratchrw[SCRATCH_IE_HIGH_ADR - 1]); + *ie_addr = *ie_addr << 32; + *ie_addr |= in_le32(>scratchrw[SCRATCH_IE_LOW_ADR - 1]); + return 0; +} +#else /* CONFIG_ESBC_HDR_LS */ +static int get_ie_info_addr(uintptr_t *ie_addr) { struct fsl_secboot_img_hdr *hdr; struct fsl_secboot_sg_table *sg_tbl; @@ -147,16 +165,17 @@ static int get_ie_info_addr(u32 *ie_addr) /* IE Key Table is the first entry in the SG Table */ #if defined(CONFIG_MPC85xx) - *ie_addr = (sg_tbl->src_addr & ~(CONFIG_SYS_PBI_FLASH_BASE)) + - flash_base_addr; + *ie_addr = (uintptr_t)((sg_tbl->src_addr & + ~(CONFIG_SYS_PBI_FLASH_BASE)) + + flash_base_addr); #else - *ie_addr = sg_tbl->src_addr; + *ie_addr = (uintptr_t)sg_tbl->src_addr; #endif - debug("IE Table address is %x\n", *ie_addr); + debug("IE Table address is %lx\n", *ie_addr); return 0; } - +#endif /* CONFIG_ESBC_HDR_LS */ #endif #ifdef CONFIG_KEY_REVOCATION @@ -164,7 +183,10 @@ static int get_ie_info_addr(u32 *ie_addr) static u32 check_srk(struct fsl_secboot_img_priv *img) { #ifdef CONFIG_ESBC_HDR_LS - /* In LS, No SRK Flag as SRK is always present*/ + /* In LS, No SRK Flag as SRK is always present if IE not present*/ +#if defined(CONFIG_FSL_ISBC_KEY_EXT) + return !check_ie(img); +#endif return 1; #else if (img->hdr.len_kr.srk_table_flag & SRK_FLAG) @@ -253,14 +275,29 @@ sta
[U-Boot] [PATCH 2/2] LS2080A: Move sec_init to board_init
Moves sec_init to board_init rather than in misc_init function beacuse PPA will be initialised in board_init function and for PPA validation sec_init has to be done prior to PPA init. Signed-off-by: Sumit Garg <sumit.g...@nxp.com> Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> --- board/freescale/ls2080aqds/ls2080aqds.c | 6 +++--- board/freescale/ls2080ardb/ls2080ardb.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/board/freescale/ls2080aqds/ls2080aqds.c b/board/freescale/ls2080aqds/ls2080aqds.c index 73a61fd..d9d0bea 100644 --- a/board/freescale/ls2080aqds/ls2080aqds.c +++ b/board/freescale/ls2080aqds/ls2080aqds.c @@ -223,6 +223,9 @@ int board_init(void) #endif select_i2c_ch_pca9547(I2C_MUX_CH_DEFAULT); rtc_enable_32khz_output(); +#ifdef CONFIG_FSL_CAAM +sec_init(); +#endif return 0; } @@ -264,9 +267,6 @@ int dram_init(void) #if defined(CONFIG_ARCH_MISC_INIT) int arch_misc_init(void) { -#ifdef CONFIG_FSL_CAAM - sec_init(); -#endif return 0; } #endif diff --git a/board/freescale/ls2080ardb/ls2080ardb.c b/board/freescale/ls2080ardb/ls2080ardb.c index 02954ef..b0024d3 100644 --- a/board/freescale/ls2080ardb/ls2080ardb.c +++ b/board/freescale/ls2080ardb/ls2080ardb.c @@ -184,6 +184,9 @@ int board_init(void) /* invert AQR405 IRQ pins polarity */ out_le32(irq_ccsr + IRQCR_OFFSET / 4, AQR405_IRQ_MASK); #endif +#ifdef CONFIG_FSL_CAAM +sec_init(); +#endif return 0; } @@ -237,9 +240,6 @@ int dram_init(void) #if defined(CONFIG_ARCH_MISC_INIT) int arch_misc_init(void) { -#ifdef CONFIG_FSL_CAAM - sec_init(); -#endif return 0; } #endif -- 1.9.1 ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
[U-Boot] [PATCH 1/2] SECURE_BOOT: Define CONFIG_SYS_LS_PPA_ESBC_ADDR for LS2080A
Add header address for PPA to be validated during ESBC phase for LS2080A platform based on Layescape Chasis 3. Signed-off-by: Sumit Garg <sumit.g...@nxp.com> Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> --- arch/arm/include/asm/fsl_secure_boot.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index f920215..27cf096 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -125,6 +125,8 @@ #ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP #ifdef CONFIG_LS1043A #define CONFIG_SYS_LS_PPA_ESBC_ADDR0x600c +#elif defined(CONFIG_FSL_LSCH3) +#define CONFIG_SYS_LS_PPA_ESBC_ADDR 0x580c4 #endif #else #error "No CONFIG_SYS_LS_PPA_FW_IN_xxx defined" -- 1.9.1 ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
[U-Boot] [PATCH v2 2/2] LS2080A: Add validation of MC & DPC images.
Add secure boot validation of MC, DPC images using esbc_validate command. Signed-off-by: Sumit Garg <sumit.g...@nxp.com> Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> --- Changes for V2: Use of #ifdef instead of #ifndef with CONFIG_SECURE_BOOT macro and coresponding changes in mcinitcmd command. include/configs/ls2080aqds.h | 21 - include/configs/ls2080ardb.h | 30 -- 2 files changed, 48 insertions(+), 3 deletions(-) diff --git a/include/configs/ls2080aqds.h b/include/configs/ls2080aqds.h index 838568f..6d566e8 100644 --- a/include/configs/ls2080aqds.h +++ b/include/configs/ls2080aqds.h @@ -365,6 +365,7 @@ unsigned long get_board_ddr_clk(void); /* Initial environment variables */ #undef CONFIG_EXTRA_ENV_SETTINGS +#ifdef CONFIG_SECURE_BOOT #define CONFIG_EXTRA_ENV_SETTINGS \ "hwconfig=fsl_ddr:bank_intlv=auto\0"\ "loadaddr=0x8010\0" \ @@ -376,8 +377,26 @@ unsigned long get_board_ddr_clk(void); "kernel_start=0x58110\0"\ "kernel_load=0xa000\0" \ "kernel_size=0x280\0" \ - "mcinitcmd=fsl_mc start mc 0x58030" \ + "mcinitcmd=esbc_validate 0x580c8;" \ + "esbc_validate 0x580cc;"\ + "fsl_mc start mc 0x58030" \ " 0x58080 \0" +#else +#define CONFIG_EXTRA_ENV_SETTINGS \ + "hwconfig=fsl_ddr:bank_intlv=auto\0"\ + "loadaddr=0x8010\0" \ + "kernel_addr=0x10\0"\ + "ramdisk_addr=0x80\0" \ + "ramdisk_size=0x200\0" \ + "fdt_high=0xa000\0" \ + "initrd_high=0x\0" \ + "kernel_start=0x58110\0"\ + "kernel_load=0xa000\0" \ + "kernel_size=0x280\0" \ + "mcinitcmd=fsl_mc start mc 0x58030" \ + " 0x58080 \0" +#endif /* CONFIG_SECURE_BOOT */ + #ifdef CONFIG_FSL_MC_ENET #define CONFIG_FSL_MEMAC diff --git a/include/configs/ls2080ardb.h b/include/configs/ls2080ardb.h index 32fa0eb..ee99126 100644 --- a/include/configs/ls2080ardb.h +++ b/include/configs/ls2080ardb.h @@ -328,6 +328,7 @@ unsigned long get_board_sys_clk(void); /* Initial environment variables */ #undef CONFIG_EXTRA_ENV_SETTINGS +#ifdef CONFIG_SECURE_BOOT #define CONFIG_EXTRA_ENV_SETTINGS \ "hwconfig=fsl_ddr:bank_intlv=auto\0"\ "scriptaddr=0x8080\0" \ @@ -345,9 +346,34 @@ unsigned long get_board_sys_clk(void); "kernel_load=0xa000\0" \ "kernel_size=0x280\0" \ "fdtfile=fsl-ls2080a-rdb.dtb\0" \ - "mcinitcmd=fsl_mc start mc 0x58030" \ - " 0x58080 \0" \ + "mcinitcmd=esbc_validate 0x580c8;" \ + "esbc_validate 0x580cc;"\ + "fsl_mc start mc 0x58030" \ + " 0x58080 \0" \ BOOTENV +#else +#define CONFIG_EXTRA_ENV_SETTINGS \ + "hwconfig=fsl_ddr:bank_intlv=auto\0"\ + "scriptaddr=0x8080\0" \ + "kernel_addr_r=0x8100\0"\ + "pxefile_addr_r=0x8100\0" \ + "fdt_addr_r=0x8800\0" \ + "ramdisk_addr_r=0x8900\0" \ + "loadaddr=0x8010\0" \ + "kernel_addr=0x10\0"\ + "ramdisk_addr=0x80\0" \ + "ramdisk_size=0x200\0" \ + "fdt_high=0xa000\0" \ + "initrd_high=0x\0" \ + "kernel_start=0x58110\0"\ + "kernel_load=0xa000\0" \ + "kernel_size=0x280\0" \ + "fdtfile=fsl-ls2080a-rdb.dtb\0" \ + "mcinitcmd=fsl_mc start mc 0x58030" \ + " 0x58080 \0" \ + BOOTENV +#endif + #undef CONFIG_BOOTARGS #define CONFIG_BOOTARGS"console=ttyS1,115200 root=/dev/ram0 " \ -- 1.9.1 ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
[U-Boot] [PATCH v2 1/2] SECURE_BOOT: Update bootscript and its hdr addresses
Update bootscript and its hdr addresses for Layerscape Chasis 3 based platforms instead of individual SoCs. Signed-off-by: Sumit Garg <sumit.g...@nxp.com> Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> --- Changes for V2: Modified the subject arch/arm/include/asm/fsl_secure_boot.h | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index 933e09c..f34ffc7 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -84,7 +84,7 @@ * Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from * Non-XIP Memory (Nand/SD) */ -#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_LS2080A) || \ +#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_FSL_LSCH3) || \ defined(CONFIG_SD_BOOT) #define CONFIG_BOOTSCRIPT_COPY_RAM #endif @@ -92,11 +92,11 @@ * The address needs to be modified according to NOR, NAND, SD and * DDR memory map */ -#ifdef CONFIG_LS2080A -#define CONFIG_BS_HDR_ADDR_DEVICE 0x58392 -#define CONFIG_BS_ADDR_DEVICE 0x58390 -#define CONFIG_BS_HDR_ADDR_RAM 0xa392 -#define CONFIG_BS_ADDR_RAM 0xa390 +#ifdef CONFIG_FSL_LSCH3 +#define CONFIG_BS_HDR_ADDR_DEVICE 0x580d0 +#define CONFIG_BS_ADDR_DEVICE 0x580e0 +#define CONFIG_BS_HDR_ADDR_RAM 0xa0d0 +#define CONFIG_BS_ADDR_RAM 0xa0e0 #define CONFIG_BS_HDR_SIZE 0x2000 #define CONFIG_BS_SIZE 0x1000 #else -- 1.9.1 ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
[U-Boot] [PATCH 1/2] SECURE_BOOT: Update bootscript and its address for LS Chasis 3
Update bootscript and its addresses for Layerscape Chasis 3 based platforms instead of individual SoCs. Signed-off-by: Sumit Garg <sumit.g...@nxp.com> Signed-off-by: Udit Agarwal <udit.agar...@nxp.com> --- arch/arm/include/asm/fsl_secure_boot.h | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index 933e09c..f34ffc7 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -84,7 +84,7 @@ * Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from * Non-XIP Memory (Nand/SD) */ -#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_LS2080A) || \ +#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_FSL_LSCH3) || \ defined(CONFIG_SD_BOOT) #define CONFIG_BOOTSCRIPT_COPY_RAM #endif @@ -92,11 +92,11 @@ * The address needs to be modified according to NOR, NAND, SD and * DDR memory map */ -#ifdef CONFIG_LS2080A -#define CONFIG_BS_HDR_ADDR_DEVICE 0x58392 -#define CONFIG_BS_ADDR_DEVICE 0x58390 -#define CONFIG_BS_HDR_ADDR_RAM 0xa392 -#define CONFIG_BS_ADDR_RAM 0xa390 +#ifdef CONFIG_FSL_LSCH3 +#define CONFIG_BS_HDR_ADDR_DEVICE 0x580d0 +#define CONFIG_BS_ADDR_DEVICE 0x580e0 +#define CONFIG_BS_HDR_ADDR_RAM 0xa0d0 +#define CONFIG_BS_ADDR_RAM 0xa0e0 #define CONFIG_BS_HDR_SIZE 0x2000 #define CONFIG_BS_SIZE 0x1000 #else -- 1.9.1 ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot