[PATCH 1/1] include/configs: ls1012a: Remove fdt_high env variable

[udit . agarwal]

From: Udit Agarwal 

Remove "fdt_high" environment variable to use the bootm_size
to safely contain a kernel, device tree and initrd for
relocation.

Signed-off-by: Udit Agarwal 
---
 include/configs/ls1012a2g5rdb.h  | 2 +-
 include/configs/ls1012a_common.h | 2 +-
 include/configs/ls1012afrdm.h| 2 +-
 include/configs/ls1012afrwy.h| 2 +-
 include/configs/ls1012ardb.h | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/include/configs/ls1012a2g5rdb.h b/include/configs/ls1012a2g5rdb.h
index 869e0ad6b8..ad16fdcbd3 100644
--- a/include/configs/ls1012a2g5rdb.h
+++ b/include/configs/ls1012a2g5rdb.h
@@ -35,7 +35,6 @@
 #undef CONFIG_EXTRA_ENV_SETTINGS
 #define CONFIG_EXTRA_ENV_SETTINGS  \
"verify=no\0"   \
-   "fdt_high=0x\0" \
"initrd_high=0x\0"  \
"fdt_addr=0x00f0\0" \
"kernel_addr=0x0100\0"  \
@@ -49,6 +48,7 @@
"load_addr=0xa000\0"\
"kernel_size=0x280\0"   \
"kernelheader_size=0x4\0"   \
+   "bootm_size=0x1000\0"   \
"console=ttyS0,115200\0"\
BOOTENV \
"boot_scripts=ls1012ardb_boot.scr\0"\
diff --git a/include/configs/ls1012a_common.h b/include/configs/ls1012a_common.h
index 3bea9a9186..eed12e0234 100644
--- a/include/configs/ls1012a_common.h
+++ b/include/configs/ls1012a_common.h
@@ -83,11 +83,11 @@
"verify=no\0"   \
"loadaddr=0x8010\0" \
"kernel_addr=0x10\0"\
-   "fdt_high=0x\0" \
"initrd_high=0x\0"  \
"kernel_start=0x100\0"  \
"kernel_load=0xa000\0"  \
"kernel_size=0x280\0"   \
+   "bootm_size=0x1000\0"   \
 
 #undef CONFIG_BOOTCOMMAND
 #ifdef CONFIG_TFABOOT
diff --git a/include/configs/ls1012afrdm.h b/include/configs/ls1012afrdm.h
index 54ea43420f..dae06535d6 100644
--- a/include/configs/ls1012afrdm.h
+++ b/include/configs/ls1012afrdm.h
@@ -25,7 +25,6 @@
 #define CONFIG_EXTRA_ENV_SETTINGS  \
"verify=no\0"   \
"fdt_high=0x\0" \
-   "initrd_high=0x\0"  \
"fdt_addr=0x00f0\0" \
"kernel_addr=0x0100\0"  \
"scriptaddr=0x8000\0"   \
@@ -35,6 +34,7 @@
"fdt_addr_r=0x9000\0"   \
"load_addr=0x9600\0"\
"kernel_size=0x280\0"   \
+   "bootm_size=0x1000\0"   \
"console=ttyS0,115200\0"\
BOOTENV \
"boot_scripts=ls1012afrdm_boot.scr\0"   \
diff --git a/include/configs/ls1012afrwy.h b/include/configs/ls1012afrwy.h
index 1ea6548015..eeb1fa8122 100644
--- a/include/configs/ls1012afrwy.h
+++ b/include/configs/ls1012afrwy.h
@@ -46,7 +46,6 @@
 #undef CONFIG_EXTRA_ENV_SETTINGS
 #define CONFIG_EXTRA_ENV_SETTINGS  \
"verify=no\0"   \
-   "fdt_high=0x\0" \
"initrd_high=0x\0"  \
"fdt_addr=0x00f0\0" \
"kernel_addr=0x0100\0"  \
@@ -66,6 +65,7 @@
"load_addr=0x9200\0"\
"kernel_size=0x280\0"   \
"kernelheader_size=0x4\0"   \
+   "bootm_size=0x1000\0"   \
"console=ttyS0,115200\0"\
"BOARD=ls1012afrwy\0"   \
BOOTENV \
diff --git a/include/configs/ls1012ardb.h b/include/configs/ls1012ardb.h
index 8fb75650e2..428130ee57 100644
--- a/include/configs/ls1012ardb.h
+++ b/include/configs/ls1012ardb.h
@@ -54,7 +54,6 @@
 #undef CONFIG_EXTRA_ENV_SETTINGS
 #define CONFIG_EXTRA_ENV_SETTINGS  \
"verify=no\0"   \
-   "fdt_high=0x\0" \
"initrd_high=0x\0"  \
"fdt_addr=0x00f0\0" \
"kernel_addr=0x0100\0"  \
@@ -68,6 +67,7 @@
"load_addr=0xa000\0"\
"kernel_size=0x280\0"   \
"kernelheader_size=0x4\0"   \
+   "bootm_size=0x1000\0"   \
"console=ttyS0,115200\0"\
BOOTENV \
"boot_scripts=ls1012ardb_boot.scr\0"\
-- 
2.17.1

[U-Boot] [Patch v4 1/2] configs: fsl-layerscape: secure_boot: Enable setexpr command

[Udit Agarwal]

setexpr command is used while running secure boot
(chain of trust with confidentiality) feature.

Enable CONFIG_CMD_SETEXPR to enable setexpr command.

Signed-off-by: Udit Agarwal 
---
Changes in v4:
Corrects commit message.

 configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig | 1 +
 configs/ls1012aqds_tfa_SECURE_BOOT_defconfig  | 2 +-
 configs/ls1012ardb_tfa_SECURE_BOOT_defconfig  | 2 +-
 configs/ls1028aqds_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/ls1028ardb_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/ls1043aqds_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/ls1043ardb_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/ls1046aqds_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/ls1046ardb_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/ls1088ardb_tfa_SECURE_BOOT_defconfig  | 2 +-
 configs/ls2088ardb_tfa_SECURE_BOOT_defconfig  | 2 +-
 configs/lx2160aqds_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/lx2160ardb_tfa_SECURE_BOOT_defconfig  | 1 +
 13 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig 
b/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig
index 640a462dfb..2e715343c4 100644
--- a/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig
@@ -53,4 +53,5 @@ CONFIG_DM_USB=y
 CONFIG_USB_XHCI_HCD=y
 CONFIG_USB_XHCI_DWC3=y
 CONFIG_RSA=y
+CONFIG_CMD_SETEXPR=y
 CONFIG_RSA_SOFTWARE_EXP=y
diff --git a/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig 
b/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig
index f011aa02f5..bb2c4dd2c0 100644
--- a/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig
@@ -30,7 +30,7 @@ CONFIG_CMD_SF=y
 CONFIG_CMD_SPI=y
 CONFIG_DEFAULT_SPI_BUS=1
 CONFIG_CMD_USB=y
-# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_SETEXPR=y
 CONFIG_CMD_CACHE=y
 CONFIG_CMD_DATE=y
 CONFIG_OF_CONTROL=y
diff --git a/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig 
b/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig
index f3a2a13e0b..438aa29547 100644
--- a/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig
@@ -27,7 +27,7 @@ CONFIG_CMD_MMC=y
 CONFIG_CMD_PCI=y
 CONFIG_CMD_SF=y
 CONFIG_CMD_USB=y
-# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_SETEXPR=y
 CONFIG_CMD_CACHE=y
 CONFIG_OF_CONTROL=y
 CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1012a-rdb"
diff --git a/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig 
b/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig
index c115885923..09da097fc2 100644
--- a/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig
@@ -73,4 +73,5 @@ CONFIG_USB_XHCI_DWC3=y
 CONFIG_WDT=y
 CONFIG_WDT_SP805=y
 CONFIG_RSA=y
+CONFIG_CMD_SETEXPR=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
diff --git a/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig 
b/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig
index caba7f7be4..53d96b4610 100644
--- a/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig
@@ -73,4 +73,5 @@ CONFIG_USB_XHCI_DWC3=y
 CONFIG_WDT=y
 CONFIG_WDT_SP805=y
 CONFIG_RSA=y
+CONFIG_CMD_SETEXPR=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
diff --git a/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig 
b/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig
index 472786ab26..579a9b8448 100644
--- a/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig
@@ -59,4 +59,5 @@ CONFIG_USB_XHCI_DWC3=y
 CONFIG_RSA=y
 CONFIG_SPL_RSA=y
 CONFIG_RSA_SOFTWARE_EXP=y
+CONFIG_CMD_SETEXPR=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
diff --git a/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig 
b/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig
index 5c8257de4e..dad3eab9a7 100644
--- a/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig
@@ -53,3 +53,4 @@ CONFIG_RSA=y
 CONFIG_SPL_RSA=y
 CONFIG_RSA_SOFTWARE_EXP=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
+CONFIG_CMD_SETEXPR=y
diff --git a/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig 
b/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig
index 2b4f72f54c..d823f7253e 100644
--- a/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig
@@ -60,3 +60,4 @@ CONFIG_USB_XHCI_HCD=y
 CONFIG_USB_XHCI_DWC3=y
 CONFIG_RSA=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
+CONFIG_CMD_SETEXPR=y
diff --git a/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig 
b/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig
index 9423d7db22..957d041355 100644
--- a/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig
@@ -53,3 +53,4 @@ CONFIG_USB_XHCI_HCD=y
 CONFIG_USB_XHCI_DWC3=y
 CONFIG_RSA=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
+CONFIG_CMD_SETEXPR=y
diff --git a/configs/ls1088ardb_tfa_SECURE_BOOT_defconfig 
b/configs/ls1088ardb_tfa_SECURE_BOOT_defconfig
index 45df1347fa..535fb0e6fd 100644
--- a/configs/ls1088ardb_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1088ardb_tfa_SECURE_BOOT_defconfig
@@ -26,7 +26,7 @@ CONFIG_CMD_I2C=y
 CONFIG_CMD_MMC=y
 CONFIG_CMD_SF=y
 CONFIG_CMD_USB=y
-# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD

[U-Boot] [Patch v4 2/2] armv8: fsl-layerscape: Increase mmc read size for secure-boot headers

[Udit Agarwal]

Maximum size of secure boot header to be read from MMC is
12KB which spans across 0x20 blocks.

Hence increase the mmc read size for secure boot
headers from MMC to 0x20 blocks.

Signed-off-by: Udit Agarwal 
---
Changes in v4:
Corrects commit message.

 include/configs/ls1088ardb.h | 18 +-
 include/configs/ls2080ardb.h |  8 
 include/configs/lx2160a_common.h |  8 
 3 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/include/configs/ls1088ardb.h b/include/configs/ls1088ardb.h
index b71f70426c..50de658d2e 100644
--- a/include/configs/ls1088ardb.h
+++ b/include/configs/ls1088ardb.h
@@ -318,8 +318,8 @@
"mmcinfo;mmc read 0x8000 0x5000 0x800;" \
"mmc read 0x8010 0x7000 0x800;" \
"env exists secureboot && " \
-   "mmc read 0x8070 0x3800 0x10 && "   \
-   "mmc read 0x8074 0x3A00 0x10 && "   \
+   "mmc read 0x8070 0x3800 0x20 && "   \
+   "mmc read 0x8074 0x3A00 0x20 && "   \
"esbc_validate 0x8070 && "  \
"esbc_validate 0x8074 ;"\
"fsl_mc start mc 0x8000 0x8010\0"
@@ -340,8 +340,8 @@
"mcinitcmd=mmcinfo;mmc read 0x8000 0x5000 0x800;"   \
"mmc read 0x8010 0x7000 0x800;" \
"env exists secureboot && " \
-   "mmc read 0x8070 0x3800 0x10 && "   \
-   "mmc read 0x8074 0x3A00 0x10 && "   \
+   "mmc read 0x8070 0x3800 0x20 && "   \
+   "mmc read 0x8074 0x3A00 0x20 && "   \
"esbc_validate 0x8070 && "  \
"esbc_validate 0x8074 ;"\
"fsl_mc start mc 0x8000 0x8010\0"   \
@@ -375,7 +375,7 @@
"load_addr=0xa000\0"\
"kernel_size=0x280\0"   \
"kernel_size_sd=0x14000\0"  \
-   "kernelhdr_size_sd=0x10\0"  \
+   "kernelhdr_size_sd=0x20\0"  \
QSPI_MC_INIT_CMD\
"mcmemsize=0x7000\0"\
BOOTENV \
@@ -444,7 +444,7 @@
"load_addr=0xa000\0"\
"kernel_size=0x280\0"   \
"kernel_size_sd=0x14000\0"  \
-   "kernelhdr_size_sd=0x10\0"  \
+   "kernelhdr_size_sd=0x20\0"  \
MC_INIT_CMD \
BOOTENV \
"boot_scripts=ls1088ardb_boot.scr\0"\
@@ -491,7 +491,7 @@
 #undef CONFIG_BOOTCOMMAND
 #ifdef CONFIG_TFABOOT
 #define QSPI_NOR_BOOTCOMMAND   \
-   "sf read 0x80001000 0xd0 0x10;" \
+   "sf read 0x80001000 0xd0 0x10;" \
"env exists mcinitcmd && env exists secureboot "\
" && sf read 0x8078 0x78 0x10 " \
"&& esbc_validate 0x8078;env exists mcinitcmd " \
@@ -502,7 +502,7 @@
"env exists mcinitcmd && mmcinfo; " \
"mmc read 0x80001000 0x6800 0x800; "\
"env exists mcinitcmd && env exists secureboot "\
-   " && mmc read 0x8078 0x3C00 0x10 "  \
+   " && mmc read 0x8078 0x3C00 0x20 "  \
"&& esbc_validate 0x8078;env exists mcinitcmd " \
"&& fsl_mc lazyapply dpl 0x80001000;"   \
"run distro_bootcmd;run sd_bootcmd;"\
@@ -525,7 +525,7 @@
"env exists mcinitcmd && mmcinfo; " \
"mmc read 0x80001000 0x6800 0x800; "\
"env exists mcinitcmd && env exists secureboot "\
-   " && mmc read 0x8078 0x3C00 0x10 "  \
+   " && mmc read 0x8078 0x3C00 0x20 "  \
"&& esbc_validate 0x8078;env exists mcinitcmd " \
"&& fsl_mc lazyapply dpl 0x80001000;"

[U-Boot] [PATCH v4] board/freescale/ls1028a: Secure boot: Adds sec_init call

[Udit Agarwal]

Call sec_init function to initialise the job ring
parameters for secure boot operations.

Signed-off-by: Udit Agarwal 
---
Changes in V4:
Corrects commit message.

 board/freescale/ls1028a/ls1028a.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/board/freescale/ls1028a/ls1028a.c 
b/board/freescale/ls1028a/ls1028a.c
index c9e6c4aa6c..ed98eedfbe 100644
--- a/board/freescale/ls1028a/ls1028a.c
+++ b/board/freescale/ls1028a/ls1028a.c
@@ -64,6 +64,10 @@ int board_init(void)
gd->env_addr = (ulong)_environment[0];
 #endif
 
+#ifdef CONFIG_FSL_CAAM
+   sec_init();
+#endif
+
 #ifdef CONFIG_FSL_LS_PPA
ppa_init();
 #endif
-- 
2.17.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH v4] configs/ls1046afrwy: Add TFA secure boot defconfig

[Udit Agarwal]

Enables secure boot related configs in defconfig for
LS1046AFRWY.

Signed-off-by: Udit Agarwal 
---
Changes in V4:
Corrects commit message.

 configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig | 57 +++
 1 file changed, 57 insertions(+)
 create mode 100644 configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig

diff --git a/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig 
b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig
new file mode 100644
index 00..aa293302f5
--- /dev/null
+++ b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig
@@ -0,0 +1,57 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS1046AFRWY=y
+CONFIG_TFABOOT=y
+CONFIG_SYS_TEXT_BASE=0x8200
+CONFIG_SECURE_BOOT=y
+CONFIG_QSPI_AHB_INIT=y
+CONFIG_NR_DRAM_BANKS=2
+CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT=y
+CONFIG_SEC_FIRMWARE_ARMV8_PSCI=y
+CONFIG_AHCI=y
+CONFIG_DISTRO_DEFAULTS=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_USE_BOOTARGS=y
+CONFIG_BOOTARGS="console=ttyS0,115200 root=/dev/ram0 
earlycon=uart8250,mmio,0x21c0500 
mtdparts=155.spi:1m(rcw),15m(u-boot),48m(kernel.itb);7e80.flash:16m(nand_uboot),48m(nand_kernel),448m(nand_free)"
+CONFIG_MISC_INIT_R=y
+CONFIG_CMD_GPT=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_NAND=y
+CONFIG_CMD_PCI=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_USB=y
+CONFIG_CMD_CACHE=y
+CONFIG_MP=y
+CONFIG_MTDPARTS_DEFAULT="mtdparts=155.spi:1m(rcw),15m(u-boot),48m(kernel.itb);7e80.flash:16m(nand_uboot),48m(nand_kernel),448m(nand_free)"
+CONFIG_OF_CONTROL=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1046a-frwy"
+CONFIG_ENV_IS_NOWHERE=y
+CONFIG_DM=y
+CONFIG_SATA_CEVA=y
+CONFIG_FSL_CAAM=y
+CONFIG_DM_MMC=y
+CONFIG_FSL_ESDHC=y
+CONFIG_SPI_FLASH=y
+# CONFIG_SPI_FLASH_BAR is not set
+CONFIG_SPI_FLASH_STMICRO=y
+# CONFIG_SPI_FLASH_USE_4K_SECTORS is not set
+CONFIG_PHYLIB=y
+CONFIG_PHY_VITESSE=y
+CONFIG_PHY_GIGE=y
+CONFIG_E1000=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_PCIE_LAYERSCAPE=y
+CONFIG_DM_SCSI=y
+CONFIG_SYS_NS16550=y
+CONFIG_SPI=y
+CONFIG_DM_SPI=y
+CONFIG_FSL_QSPI=y
+CONFIG_USB=y
+CONFIG_DM_USB=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_RSA=y
+CONFIG_CMD_SETEXPR=y
-- 
2.17.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH v3 2/2] Maximum size of secure boot header to be read from MMC is 12KB which spans across 0x20 blocks.

[Udit Agarwal]

Hence increase the mmc read size for secure boot
headers from MMC to 0x20 blocks.

Signed-off-by: Udit Agarwal 
---
Changes in V3: 
Resends the patch.

 include/configs/ls1088ardb.h | 18 +-
 include/configs/ls2080ardb.h |  8 
 include/configs/lx2160a_common.h |  8 
 3 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/include/configs/ls1088ardb.h b/include/configs/ls1088ardb.h
index b71f70426c..50de658d2e 100644
--- a/include/configs/ls1088ardb.h
+++ b/include/configs/ls1088ardb.h
@@ -318,8 +318,8 @@
"mmcinfo;mmc read 0x8000 0x5000 0x800;" \
"mmc read 0x8010 0x7000 0x800;" \
"env exists secureboot && " \
-   "mmc read 0x8070 0x3800 0x10 && "   \
-   "mmc read 0x8074 0x3A00 0x10 && "   \
+   "mmc read 0x8070 0x3800 0x20 && "   \
+   "mmc read 0x8074 0x3A00 0x20 && "   \
"esbc_validate 0x8070 && "  \
"esbc_validate 0x8074 ;"\
"fsl_mc start mc 0x8000 0x8010\0"
@@ -340,8 +340,8 @@
"mcinitcmd=mmcinfo;mmc read 0x8000 0x5000 0x800;"   \
"mmc read 0x8010 0x7000 0x800;" \
"env exists secureboot && " \
-   "mmc read 0x8070 0x3800 0x10 && "   \
-   "mmc read 0x8074 0x3A00 0x10 && "   \
+   "mmc read 0x8070 0x3800 0x20 && "   \
+   "mmc read 0x8074 0x3A00 0x20 && "   \
"esbc_validate 0x8070 && "  \
"esbc_validate 0x8074 ;"\
"fsl_mc start mc 0x8000 0x8010\0"   \
@@ -375,7 +375,7 @@
"load_addr=0xa000\0"\
"kernel_size=0x280\0"   \
"kernel_size_sd=0x14000\0"  \
-   "kernelhdr_size_sd=0x10\0"  \
+   "kernelhdr_size_sd=0x20\0"  \
QSPI_MC_INIT_CMD\
"mcmemsize=0x7000\0"\
BOOTENV \
@@ -444,7 +444,7 @@
"load_addr=0xa000\0"\
"kernel_size=0x280\0"   \
"kernel_size_sd=0x14000\0"  \
-   "kernelhdr_size_sd=0x10\0"  \
+   "kernelhdr_size_sd=0x20\0"  \
MC_INIT_CMD \
BOOTENV \
"boot_scripts=ls1088ardb_boot.scr\0"\
@@ -491,7 +491,7 @@
 #undef CONFIG_BOOTCOMMAND
 #ifdef CONFIG_TFABOOT
 #define QSPI_NOR_BOOTCOMMAND   \
-   "sf read 0x80001000 0xd0 0x10;" \
+   "sf read 0x80001000 0xd0 0x10;" \
"env exists mcinitcmd && env exists secureboot "\
" && sf read 0x8078 0x78 0x10 " \
"&& esbc_validate 0x8078;env exists mcinitcmd " \
@@ -502,7 +502,7 @@
"env exists mcinitcmd && mmcinfo; " \
"mmc read 0x80001000 0x6800 0x800; "\
"env exists mcinitcmd && env exists secureboot "\
-   " && mmc read 0x8078 0x3C00 0x10 "  \
+   " && mmc read 0x8078 0x3C00 0x20 "  \
"&& esbc_validate 0x8078;env exists mcinitcmd " \
"&& fsl_mc lazyapply dpl 0x80001000;"   \
"run distro_bootcmd;run sd_bootcmd;"\
@@ -525,7 +525,7 @@
"env exists mcinitcmd && mmcinfo; " \
"mmc read 0x80001000 0x6800 0x800; "\
"env exists mcinitcmd && env exists secureboot "\
-   " && mmc read 0x8078 0x3C00 0x10 "  \
+   " && mmc read 0x8078 0x3C00 0x20 "  \
"&& esbc_validate 0x8078;env exists mcinitcmd " \
"&& fsl_mc lazyapply dpl 0x80001000;"   \
"run distro_bootcmd;run sd_bootcmd;"\
diff --git a/

[U-Boot] [PATCH v3 1/2] setexpr command is used while running secure boot (chain of trust with confidentiality) feature.

[Udit Agarwal]

So, Enable CONFIG_CMD_SETEXPR to enable setexpr command.

Signed-off-by: Udit Agarwal 
---
Changes in V3:
Resends patches.

 configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig | 1 +
 configs/ls1012aqds_tfa_SECURE_BOOT_defconfig  | 2 +-
 configs/ls1012ardb_tfa_SECURE_BOOT_defconfig  | 2 +-
 configs/ls1028aqds_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/ls1028ardb_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/ls1043aqds_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/ls1043ardb_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/ls1046aqds_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/ls1046ardb_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/ls1088ardb_tfa_SECURE_BOOT_defconfig  | 2 +-
 configs/ls2088ardb_tfa_SECURE_BOOT_defconfig  | 2 +-
 configs/lx2160aqds_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/lx2160ardb_tfa_SECURE_BOOT_defconfig  | 1 +
 13 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig 
b/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig
index 640a462dfb..2e715343c4 100644
--- a/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig
@@ -53,4 +53,5 @@ CONFIG_DM_USB=y
 CONFIG_USB_XHCI_HCD=y
 CONFIG_USB_XHCI_DWC3=y
 CONFIG_RSA=y
+CONFIG_CMD_SETEXPR=y
 CONFIG_RSA_SOFTWARE_EXP=y
diff --git a/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig 
b/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig
index f011aa02f5..bb2c4dd2c0 100644
--- a/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig
@@ -30,7 +30,7 @@ CONFIG_CMD_SF=y
 CONFIG_CMD_SPI=y
 CONFIG_DEFAULT_SPI_BUS=1
 CONFIG_CMD_USB=y
-# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_SETEXPR=y
 CONFIG_CMD_CACHE=y
 CONFIG_CMD_DATE=y
 CONFIG_OF_CONTROL=y
diff --git a/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig 
b/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig
index f3a2a13e0b..438aa29547 100644
--- a/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig
@@ -27,7 +27,7 @@ CONFIG_CMD_MMC=y
 CONFIG_CMD_PCI=y
 CONFIG_CMD_SF=y
 CONFIG_CMD_USB=y
-# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_SETEXPR=y
 CONFIG_CMD_CACHE=y
 CONFIG_OF_CONTROL=y
 CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1012a-rdb"
diff --git a/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig 
b/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig
index c115885923..09da097fc2 100644
--- a/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig
@@ -73,4 +73,5 @@ CONFIG_USB_XHCI_DWC3=y
 CONFIG_WDT=y
 CONFIG_WDT_SP805=y
 CONFIG_RSA=y
+CONFIG_CMD_SETEXPR=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
diff --git a/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig 
b/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig
index caba7f7be4..53d96b4610 100644
--- a/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig
@@ -73,4 +73,5 @@ CONFIG_USB_XHCI_DWC3=y
 CONFIG_WDT=y
 CONFIG_WDT_SP805=y
 CONFIG_RSA=y
+CONFIG_CMD_SETEXPR=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
diff --git a/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig 
b/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig
index 472786ab26..579a9b8448 100644
--- a/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig
@@ -59,4 +59,5 @@ CONFIG_USB_XHCI_DWC3=y
 CONFIG_RSA=y
 CONFIG_SPL_RSA=y
 CONFIG_RSA_SOFTWARE_EXP=y
+CONFIG_CMD_SETEXPR=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
diff --git a/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig 
b/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig
index 5c8257de4e..dad3eab9a7 100644
--- a/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig
@@ -53,3 +53,4 @@ CONFIG_RSA=y
 CONFIG_SPL_RSA=y
 CONFIG_RSA_SOFTWARE_EXP=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
+CONFIG_CMD_SETEXPR=y
diff --git a/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig 
b/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig
index 2b4f72f54c..d823f7253e 100644
--- a/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig
@@ -60,3 +60,4 @@ CONFIG_USB_XHCI_HCD=y
 CONFIG_USB_XHCI_DWC3=y
 CONFIG_RSA=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
+CONFIG_CMD_SETEXPR=y
diff --git a/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig 
b/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig
index 9423d7db22..957d041355 100644
--- a/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig
@@ -53,3 +53,4 @@ CONFIG_USB_XHCI_HCD=y
 CONFIG_USB_XHCI_DWC3=y
 CONFIG_RSA=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
+CONFIG_CMD_SETEXPR=y
diff --git a/configs/ls1088ardb_tfa_SECURE_BOOT_defconfig 
b/configs/ls1088ardb_tfa_SECURE_BOOT_defconfig
index 45df1347fa..535fb0e6fd 100644
--- a/configs/ls1088ardb_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1088ardb_tfa_SECURE_BOOT_defconfig
@@ -26,7 +26,7 @@ CONFIG_CMD_I2C=y
 CONFIG_CMD_MMC=y
 CONFIG_CMD_SF=y
 CONFIG_CMD_USB=y
-# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_SETEXPR=y
 CONFIG_MP=y
 CONFIG_OF_CONTROL=y
 CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1088a-rdb"

[U-Boot] [PATCH v3] Add TFA secure boot defconfig and Enables secure boot related configs in it.

[Udit Agarwal]

Signed-off-by: Udit Agarwal 
---
Changes in V3:
Corrects commit message and resends patch.

 configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig | 57 +++
 1 file changed, 57 insertions(+)
 create mode 100644 configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig

diff --git a/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig 
b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig
new file mode 100644
index 00..aa293302f5
--- /dev/null
+++ b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig
@@ -0,0 +1,57 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS1046AFRWY=y
+CONFIG_TFABOOT=y
+CONFIG_SYS_TEXT_BASE=0x8200
+CONFIG_SECURE_BOOT=y
+CONFIG_QSPI_AHB_INIT=y
+CONFIG_NR_DRAM_BANKS=2
+CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT=y
+CONFIG_SEC_FIRMWARE_ARMV8_PSCI=y
+CONFIG_AHCI=y
+CONFIG_DISTRO_DEFAULTS=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_USE_BOOTARGS=y
+CONFIG_BOOTARGS="console=ttyS0,115200 root=/dev/ram0 
earlycon=uart8250,mmio,0x21c0500 
mtdparts=155.spi:1m(rcw),15m(u-boot),48m(kernel.itb);7e80.flash:16m(nand_uboot),48m(nand_kernel),448m(nand_free)"
+CONFIG_MISC_INIT_R=y
+CONFIG_CMD_GPT=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_NAND=y
+CONFIG_CMD_PCI=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_USB=y
+CONFIG_CMD_CACHE=y
+CONFIG_MP=y
+CONFIG_MTDPARTS_DEFAULT="mtdparts=155.spi:1m(rcw),15m(u-boot),48m(kernel.itb);7e80.flash:16m(nand_uboot),48m(nand_kernel),448m(nand_free)"
+CONFIG_OF_CONTROL=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1046a-frwy"
+CONFIG_ENV_IS_NOWHERE=y
+CONFIG_DM=y
+CONFIG_SATA_CEVA=y
+CONFIG_FSL_CAAM=y
+CONFIG_DM_MMC=y
+CONFIG_FSL_ESDHC=y
+CONFIG_SPI_FLASH=y
+# CONFIG_SPI_FLASH_BAR is not set
+CONFIG_SPI_FLASH_STMICRO=y
+# CONFIG_SPI_FLASH_USE_4K_SECTORS is not set
+CONFIG_PHYLIB=y
+CONFIG_PHY_VITESSE=y
+CONFIG_PHY_GIGE=y
+CONFIG_E1000=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_PCIE_LAYERSCAPE=y
+CONFIG_DM_SCSI=y
+CONFIG_SYS_NS16550=y
+CONFIG_SPI=y
+CONFIG_DM_SPI=y
+CONFIG_FSL_QSPI=y
+CONFIG_USB=y
+CONFIG_DM_USB=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_RSA=y
+CONFIG_CMD_SETEXPR=y
-- 
2.17.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH v2 2/2] freescale/powerpc: Rename the config CONFIG_SECURE_BOOT name.

[Udit Agarwal]

Renames the CONFIG_SECURE_BOOT name to CONFIG_NXP_ESBC to avoid
conflicts with UEFI secure boot.

Signed-off-by: Udit Agarwal 
---
Changes in V2:
Rebase on top of master branch.

 arch/powerpc/cpu/mpc85xx/Kconfig   |  4 ++--
 arch/powerpc/cpu/mpc85xx/cpu_init.c|  8 
 arch/powerpc/cpu/mpc85xx/start.S   | 10 +-
 arch/powerpc/cpu/mpc8xxx/law.c |  4 ++--
 arch/powerpc/include/asm/fsl_secure_boot.h |  4 ++--
 board/freescale/common/p_corenet/tlb.c |  2 +-
 board/freescale/t104xrdb/tlb.c |  4 ++--
 configs/B4860QDS_SECURE_BOOT_defconfig |  2 +-
 configs/BSC9132QDS_NAND_DDRCLK100_SECURE_defconfig |  2 +-
 configs/BSC9132QDS_NAND_DDRCLK133_SECURE_defconfig |  2 +-
 configs/BSC9132QDS_NOR_DDRCLK100_SECURE_defconfig  |  2 +-
 configs/BSC9132QDS_NOR_DDRCLK133_SECURE_defconfig  |  2 +-
 configs/BSC9132QDS_SDCARD_DDRCLK100_SECURE_defconfig   |  2 +-
 configs/BSC9132QDS_SDCARD_DDRCLK133_SECURE_defconfig   |  2 +-
 configs/BSC9132QDS_SPIFLASH_DDRCLK100_SECURE_defconfig |  2 +-
 configs/BSC9132QDS_SPIFLASH_DDRCLK133_SECURE_defconfig |  2 +-
 configs/C29XPCIE_NOR_SECBOOT_defconfig |  2 +-
 configs/C29XPCIE_SPIFLASH_SECBOOT_defconfig|  2 +-
 configs/P1010RDB-PA_36BIT_NAND_SECBOOT_defconfig   |  2 +-
 configs/P1010RDB-PA_36BIT_NOR_SECBOOT_defconfig|  2 +-
 configs/P1010RDB-PA_36BIT_SPIFLASH_SECBOOT_defconfig   |  2 +-
 configs/P1010RDB-PA_NAND_SECBOOT_defconfig |  2 +-
 configs/P1010RDB-PA_NOR_SECBOOT_defconfig  |  2 +-
 configs/P1010RDB-PA_SPIFLASH_SECBOOT_defconfig |  2 +-
 configs/P1010RDB-PB_36BIT_NAND_SECBOOT_defconfig   |  2 +-
 configs/P1010RDB-PB_36BIT_NOR_SECBOOT_defconfig|  2 +-
 configs/P1010RDB-PB_36BIT_SPIFLASH_SECBOOT_defconfig   |  2 +-
 configs/P1010RDB-PB_NAND_SECBOOT_defconfig |  2 +-
 configs/P1010RDB-PB_NOR_SECBOOT_defconfig  |  2 +-
 configs/P1010RDB-PB_SPIFLASH_SECBOOT_defconfig |  2 +-
 configs/P2041RDB_SECURE_BOOT_defconfig |  2 +-
 configs/P3041DS_NAND_SECURE_BOOT_defconfig |  2 +-
 configs/P3041DS_SECURE_BOOT_defconfig  |  2 +-
 configs/P4080DS_SECURE_BOOT_defconfig  |  2 +-
 configs/P5020DS_NAND_SECURE_BOOT_defconfig |  2 +-
 configs/P5020DS_SECURE_BOOT_defconfig  |  2 +-
 configs/P5040DS_NAND_SECURE_BOOT_defconfig |  2 +-
 configs/P5040DS_SECURE_BOOT_defconfig  |  2 +-
 configs/T1023RDB_SECURE_BOOT_defconfig |  2 +-
 configs/T1024QDS_DDR4_SECURE_BOOT_defconfig|  2 +-
 configs/T1024QDS_SECURE_BOOT_defconfig |  2 +-
 configs/T1024RDB_SECURE_BOOT_defconfig |  2 +-
 configs/T1040D4RDB_SECURE_BOOT_defconfig   |  2 +-
 configs/T1040QDS_SECURE_BOOT_defconfig |  2 +-
 configs/T1040RDB_SECURE_BOOT_defconfig |  2 +-
 configs/T1042D4RDB_SECURE_BOOT_defconfig   |  2 +-
 configs/T1042RDB_PI_NAND_SECURE_BOOT_defconfig |  2 +-
 configs/T1042RDB_SECURE_BOOT_defconfig |  2 +-
 configs/T2080QDS_SECURE_BOOT_defconfig |  2 +-
 configs/T2080RDB_SECURE_BOOT_defconfig |  2 +-
 configs/T4160QDS_SECURE_BOOT_defconfig |  2 +-
 configs/T4240QDS_SECURE_BOOT_defconfig |  2 +-
 doc/README.mpc85xx |  8 
 include/configs/P1010RDB.h |  4 ++--
 include/configs/T104xRDB.h |  6 +++---
 include/configs/corenet_ds.h   |  2 +-
 56 files changed, 73 insertions(+), 73 deletions(-)

diff --git a/arch/powerpc/cpu/mpc85xx/Kconfig b/arch/powerpc/cpu/mpc85xx/Kconfig
index c038a6ddb0..8cc82f80b4 100644
--- a/arch/powerpc/cpu/mpc85xx/Kconfig
+++ b/arch/powerpc/cpu/mpc85xx/Kconfig
@@ -1208,8 +1208,8 @@ config FSL_LAW
help
Use Freescale common code for Local Access Window
 
-config SECURE_BOOT
-   bool"Secure Boot"
+config NXP_ESBC
+   bool"NXP_ESBC"
help
Enable Freescale Secure Boot feature. Normally selected
by defconfig. If unsure, do not change.
diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init.c 
b/arch/powerpc/cpu/mpc85xx/cpu_init.c
index cac9280790..c2b2ef2041 100644
--- a/arch/powerpc/cpu/mpc85xx/cpu_init.c
+++ b/arch/powerpc/cpu/mpc85xx/cpu_init.c
@@ -38,7 +38,7 @@
 #ifdef CONFIG_FSL_CAAM
 #include 
 #endif
-#if defined(CONFIG_SECURE_BOOT) && defined(CONFIG_FSL_CORENET)
+#if defined(CONFIG_NXP_ESBC) && defined(CONFIG_FSL_CORENET)
 #include 
 #include 
 #endif
@@ -440,7 +440,7 @@ ulong cpu_init_f(void)
 #ifdef CONFIG_SYS_DCSRBAR_PHYS
ccsr_gur_t *gur = (void *)(CONFIG_SYS_MPC8

[U-Boot] [PATCH v2 1/2] freescale/layerscape: Rename the config CONFIG_SECURE_BOOT name.

[Udit Agarwal]

Renames CONFIG_SECURE_BOOT to CONFIG_NXP_ESBC to avoid conflict
with UEFI secure boot.

Signed-off-by: Udit Agarwal 
---
Changes in V2:
Rebase on top of master branch.

 arch/arm/cpu/armv7/ls102xa/Kconfig   | 4 ++--
 arch/arm/cpu/armv8/fsl-layerscape/Kconfig| 4 ++--
 arch/arm/cpu/armv8/fsl-layerscape/spl.c  | 2 +-
 board/freescale/common/Kconfig   | 2 +-
 board/freescale/common/Makefile  | 2 +-
 board/freescale/ls1043ardb/ls1043ardb.c  | 2 +-
 board/freescale/ls1046afrwy/ls1046afrwy.c| 2 +-
 board/freescale/ls1046aqds/ls1046aqds.c  | 2 +-
 board/freescale/ls1046ardb/ls1046ardb.c  | 2 +-
 configs/ls1012afrwy_qspi_SECURE_BOOT_defconfig   | 2 +-
 configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig| 2 +-
 configs/ls1012aqds_tfa_SECURE_BOOT_defconfig | 2 +-
 configs/ls1012ardb_qspi_SECURE_BOOT_defconfig| 2 +-
 configs/ls1012ardb_tfa_SECURE_BOOT_defconfig | 2 +-
 configs/ls1021aqds_nor_SECURE_BOOT_defconfig | 2 +-
 configs/ls1021atwr_nor_SECURE_BOOT_defconfig | 2 +-
 configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig  | 2 +-
 configs/ls1028aqds_tfa_SECURE_BOOT_defconfig | 2 +-
 configs/ls1028ardb_tfa_SECURE_BOOT_defconfig | 2 +-
 configs/ls1043aqds_tfa_SECURE_BOOT_defconfig | 2 +-
 configs/ls1043ardb_SECURE_BOOT_defconfig | 2 +-
 configs/ls1043ardb_nand_SECURE_BOOT_defconfig| 2 +-
 configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig  | 2 +-
 configs/ls1043ardb_tfa_SECURE_BOOT_defconfig | 2 +-
 configs/ls1046aqds_SECURE_BOOT_defconfig | 2 +-
 configs/ls1046aqds_tfa_SECURE_BOOT_defconfig | 2 +-
 configs/ls1046ardb_qspi_SECURE_BOOT_defconfig| 2 +-
 configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig  | 2 +-
 configs/ls1046ardb_tfa_SECURE_BOOT_defconfig | 2 +-
 configs/ls1088aqds_qspi_SECURE_BOOT_defconfig| 2 +-
 configs/ls1088ardb_qspi_SECURE_BOOT_defconfig| 2 +-
 configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig | 2 +-
 configs/ls1088ardb_tfa_SECURE_BOOT_defconfig | 2 +-
 configs/ls2080aqds_SECURE_BOOT_defconfig | 2 +-
 configs/ls2080ardb_SECURE_BOOT_defconfig | 2 +-
 configs/ls2088ardb_qspi_SECURE_BOOT_defconfig| 2 +-
 configs/ls2088ardb_tfa_SECURE_BOOT_defconfig | 2 +-
 configs/lx2160aqds_tfa_SECURE_BOOT_defconfig | 2 +-
 configs/lx2160ardb_tfa_SECURE_BOOT_defconfig | 2 +-
 include/configs/ls1021atwr.h | 4 ++--
 include/configs/ls1028a_common.h | 2 +-
 include/configs/ls1043a_common.h | 8 
 include/configs/ls1046a_common.h | 4 ++--
 include/configs/ls1088a_common.h | 4 ++--
 include/configs/ls1088aqds.h | 6 +++---
 include/configs/ls2080aqds.h | 4 ++--
 46 files changed, 57 insertions(+), 57 deletions(-)

diff --git a/arch/arm/cpu/armv7/ls102xa/Kconfig 
b/arch/arm/cpu/armv7/ls102xa/Kconfig
index 94fa68250d..b9511da3f3 100644
--- a/arch/arm/cpu/armv7/ls102xa/Kconfig
+++ b/arch/arm/cpu/armv7/ls102xa/Kconfig
@@ -50,8 +50,8 @@ config MAX_CPUS
  cores, count the reserved ports. This will allocate enough memory
  in spin table to properly handle all cores.
 
-config SECURE_BOOT
-   bool"Secure Boot"
+config NXP_ESBC
+   bool"NXP_ESBC"
help
Enable Freescale Secure Boot feature. Normally selected
by defconfig. If unsure, do not change.
diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig 
b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
index 24c606a232..cca706089c 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
+++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
@@ -375,8 +375,8 @@ config EMC2305
 Enable the EMC2305 fan controller for configuration of fan
 speed.
 
-config SECURE_BOOT
-   bool "Secure Boot"
+config NXP_ESBC
+   bool "NXP_ESBC"
help
Enable Freescale Secure Boot feature
 
diff --git a/arch/arm/cpu/armv8/fsl-layerscape/spl.c 
b/arch/arm/cpu/armv8/fsl-layerscape/spl.c
index 8f199b..3f6a5f6a42 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/spl.c
+++ b/arch/arm/cpu/armv8/fsl-layerscape/spl.c
@@ -34,7 +34,7 @@ u32 spl_boot_device(void)
 
 void spl_board_init(void)
 {
-#if defined(CONFIG_SECURE_BOOT) && defined(CONFIG_FSL_LSCH2)
+#if defined(CONFIG_NXP_ESBC) && defined(CONFIG_FSL_LSCH2)
/*
 * In case of Secure Boot, the IBR configures the SMMU
 * to allow only Secure transactions.
diff --git a/board/freescale/common/Kconfig b/board/freescale/common/Kconfig
index 8b89c10aba..1b1fd69cb2 100644
--- a/board/freescale/common/Kconfig
+++ b/board/freescale/common/Kconfig
@@ -1,5 +1,5 @@
 config CHAIN_OF_TRUST
-   

[U-Boot] [PATCH 2/2] freescale/powerpc: Rename the config CONFIG_SECURE_BOOT name.

[Udit Agarwal]

Renames the CONFIG_SECURE_BOOT name to CONFIG_NXP_ESBC to avoid
conflicts with UEFI secure boot.

Signed-off-by: Udit Agarwal 
---
 arch/powerpc/cpu/mpc85xx/Kconfig   |  4 ++--
 arch/powerpc/cpu/mpc85xx/cpu_init.c|  8 
 arch/powerpc/cpu/mpc85xx/start.S   | 10 +-
 arch/powerpc/cpu/mpc8xxx/law.c |  4 ++--
 arch/powerpc/include/asm/fsl_secure_boot.h |  4 ++--
 board/freescale/common/p_corenet/tlb.c |  2 +-
 board/freescale/t104xrdb/tlb.c |  4 ++--
 configs/B4860QDS_SECURE_BOOT_defconfig |  2 +-
 configs/BSC9132QDS_NAND_DDRCLK100_SECURE_defconfig |  2 +-
 configs/BSC9132QDS_NAND_DDRCLK133_SECURE_defconfig |  2 +-
 configs/BSC9132QDS_NOR_DDRCLK100_SECURE_defconfig  |  2 +-
 configs/BSC9132QDS_NOR_DDRCLK133_SECURE_defconfig  |  2 +-
 configs/BSC9132QDS_SDCARD_DDRCLK100_SECURE_defconfig   |  2 +-
 configs/BSC9132QDS_SDCARD_DDRCLK133_SECURE_defconfig   |  2 +-
 configs/BSC9132QDS_SPIFLASH_DDRCLK100_SECURE_defconfig |  2 +-
 configs/BSC9132QDS_SPIFLASH_DDRCLK133_SECURE_defconfig |  2 +-
 configs/C29XPCIE_NOR_SECBOOT_defconfig |  2 +-
 configs/C29XPCIE_SPIFLASH_SECBOOT_defconfig|  2 +-
 configs/P1010RDB-PA_36BIT_NAND_SECBOOT_defconfig   |  2 +-
 configs/P1010RDB-PA_36BIT_NOR_SECBOOT_defconfig|  2 +-
 configs/P1010RDB-PA_36BIT_SPIFLASH_SECBOOT_defconfig   |  2 +-
 configs/P1010RDB-PA_NAND_SECBOOT_defconfig |  2 +-
 configs/P1010RDB-PA_NOR_SECBOOT_defconfig  |  2 +-
 configs/P1010RDB-PA_SPIFLASH_SECBOOT_defconfig |  2 +-
 configs/P1010RDB-PB_36BIT_NAND_SECBOOT_defconfig   |  2 +-
 configs/P1010RDB-PB_36BIT_NOR_SECBOOT_defconfig|  2 +-
 configs/P1010RDB-PB_36BIT_SPIFLASH_SECBOOT_defconfig   |  2 +-
 configs/P1010RDB-PB_NAND_SECBOOT_defconfig |  2 +-
 configs/P1010RDB-PB_NOR_SECBOOT_defconfig  |  2 +-
 configs/P1010RDB-PB_SPIFLASH_SECBOOT_defconfig |  2 +-
 configs/P2041RDB_SECURE_BOOT_defconfig |  2 +-
 configs/P3041DS_NAND_SECURE_BOOT_defconfig |  2 +-
 configs/P3041DS_SECURE_BOOT_defconfig  |  2 +-
 configs/P4080DS_SECURE_BOOT_defconfig  |  2 +-
 configs/P5020DS_NAND_SECURE_BOOT_defconfig |  2 +-
 configs/P5020DS_SECURE_BOOT_defconfig  |  2 +-
 configs/P5040DS_NAND_SECURE_BOOT_defconfig |  2 +-
 configs/P5040DS_SECURE_BOOT_defconfig  |  2 +-
 configs/T1023RDB_SECURE_BOOT_defconfig |  2 +-
 configs/T1024QDS_DDR4_SECURE_BOOT_defconfig|  2 +-
 configs/T1024QDS_SECURE_BOOT_defconfig |  2 +-
 configs/T1024RDB_SECURE_BOOT_defconfig |  2 +-
 configs/T1040D4RDB_SECURE_BOOT_defconfig   |  2 +-
 configs/T1040QDS_SECURE_BOOT_defconfig |  2 +-
 configs/T1040RDB_SECURE_BOOT_defconfig |  2 +-
 configs/T1042D4RDB_SECURE_BOOT_defconfig   |  2 +-
 configs/T1042RDB_PI_NAND_SECURE_BOOT_defconfig |  2 +-
 configs/T1042RDB_SECURE_BOOT_defconfig |  2 +-
 configs/T2080QDS_SECURE_BOOT_defconfig |  2 +-
 configs/T2080RDB_SECURE_BOOT_defconfig |  2 +-
 configs/T4160QDS_SECURE_BOOT_defconfig |  2 +-
 configs/T4240QDS_SECURE_BOOT_defconfig |  2 +-
 doc/README.mpc85xx |  8 
 include/configs/P1010RDB.h |  4 ++--
 include/configs/T104xRDB.h |  6 +++---
 include/configs/corenet_ds.h   |  2 +-
 56 files changed, 73 insertions(+), 73 deletions(-)

diff --git a/arch/powerpc/cpu/mpc85xx/Kconfig b/arch/powerpc/cpu/mpc85xx/Kconfig
index 5c23efcf66..3a7dc96faf 100644
--- a/arch/powerpc/cpu/mpc85xx/Kconfig
+++ b/arch/powerpc/cpu/mpc85xx/Kconfig
@@ -1214,8 +1214,8 @@ config FSL_LAW
help
Use Freescale common code for Local Access Window
 
-config SECURE_BOOT
-   bool"Secure Boot"
+config NXP_ESBC
+   bool"NXP_ESBC"
help
Enable Freescale Secure Boot feature. Normally selected
by defconfig. If unsure, do not change.
diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init.c 
b/arch/powerpc/cpu/mpc85xx/cpu_init.c
index cbcd62e19a..4e9823a117 100644
--- a/arch/powerpc/cpu/mpc85xx/cpu_init.c
+++ b/arch/powerpc/cpu/mpc85xx/cpu_init.c
@@ -37,7 +37,7 @@
 #ifdef CONFIG_FSL_CAAM
 #include 
 #endif
-#if defined(CONFIG_SECURE_BOOT) && defined(CONFIG_FSL_CORENET)
+#if defined(CONFIG_NXP_ESBC) && defined(CONFIG_FSL_CORENET)
 #include 
 #include 
 #endif
@@ -439,7 +439,7 @@ ulong cpu_init_f(void)
 #ifdef CONFIG_SYS_DCSRBAR_PHYS
ccsr_gur_t *gur = (void *)(CONFIG_SYS_MPC85xx_GUTS_ADDR);
 #endif
-#if defined(CONFIG_SECURE_

[U-Boot] [PATCH 1/2] freescale/layerscape: Rename the config CONFIG_SECURE_BOOT name.

[Udit Agarwal]

Renames CONFIG_SECURE_BOOT to CONFIG_NXP_ESBC to avoid conflict
with UEFI secure boot.

Signed-off-by: Udit Agarwal 
---
 arch/arm/cpu/armv7/ls102xa/Kconfig   | 4 ++--
 arch/arm/cpu/armv8/fsl-layerscape/Kconfig| 4 ++--
 arch/arm/cpu/armv8/fsl-layerscape/spl.c  | 2 +-
 board/freescale/common/Kconfig   | 2 +-
 board/freescale/common/Makefile  | 2 +-
 board/freescale/ls1043ardb/ls1043ardb.c  | 2 +-
 board/freescale/ls1046afrwy/ls1046afrwy.c| 2 +-
 board/freescale/ls1046aqds/ls1046aqds.c  | 2 +-
 board/freescale/ls1046ardb/ls1046ardb.c  | 2 +-
 configs/ls1012afrwy_qspi_SECURE_BOOT_defconfig   | 2 +-
 configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig| 2 +-
 configs/ls1012aqds_tfa_SECURE_BOOT_defconfig | 2 +-
 configs/ls1012ardb_qspi_SECURE_BOOT_defconfig| 2 +-
 configs/ls1012ardb_tfa_SECURE_BOOT_defconfig | 2 +-
 configs/ls1021aqds_nor_SECURE_BOOT_defconfig | 2 +-
 configs/ls1021atwr_nor_SECURE_BOOT_defconfig | 2 +-
 configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig  | 2 +-
 configs/ls1028aqds_tfa_SECURE_BOOT_defconfig | 2 +-
 configs/ls1028ardb_tfa_SECURE_BOOT_defconfig | 2 +-
 configs/ls1043aqds_tfa_SECURE_BOOT_defconfig | 2 +-
 configs/ls1043ardb_SECURE_BOOT_defconfig | 2 +-
 configs/ls1043ardb_nand_SECURE_BOOT_defconfig| 2 +-
 configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig  | 2 +-
 configs/ls1043ardb_tfa_SECURE_BOOT_defconfig | 2 +-
 configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig| 2 +-
 configs/ls1046aqds_SECURE_BOOT_defconfig | 2 +-
 configs/ls1046aqds_tfa_SECURE_BOOT_defconfig | 2 +-
 configs/ls1046ardb_qspi_SECURE_BOOT_defconfig| 2 +-
 configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig  | 2 +-
 configs/ls1046ardb_tfa_SECURE_BOOT_defconfig | 2 +-
 configs/ls1088aqds_qspi_SECURE_BOOT_defconfig| 2 +-
 configs/ls1088ardb_qspi_SECURE_BOOT_defconfig| 2 +-
 configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig | 2 +-
 configs/ls1088ardb_tfa_SECURE_BOOT_defconfig | 2 +-
 configs/ls2080aqds_SECURE_BOOT_defconfig | 2 +-
 configs/ls2080ardb_SECURE_BOOT_defconfig | 2 +-
 configs/ls2088ardb_qspi_SECURE_BOOT_defconfig| 2 +-
 configs/ls2088ardb_tfa_SECURE_BOOT_defconfig | 2 +-
 configs/lx2160aqds_tfa_SECURE_BOOT_defconfig | 2 +-
 configs/lx2160ardb_tfa_SECURE_BOOT_defconfig | 2 +-
 include/configs/ls1021atwr.h | 4 ++--
 include/configs/ls1028a_common.h | 2 +-
 include/configs/ls1043a_common.h | 8 
 include/configs/ls1046a_common.h | 4 ++--
 include/configs/ls1088a_common.h | 4 ++--
 include/configs/ls1088aqds.h | 6 +++---
 include/configs/ls2080aqds.h | 4 ++--
 47 files changed, 58 insertions(+), 58 deletions(-)

diff --git a/arch/arm/cpu/armv7/ls102xa/Kconfig 
b/arch/arm/cpu/armv7/ls102xa/Kconfig
index 94fa68250d..b9511da3f3 100644
--- a/arch/arm/cpu/armv7/ls102xa/Kconfig
+++ b/arch/arm/cpu/armv7/ls102xa/Kconfig
@@ -50,8 +50,8 @@ config MAX_CPUS
  cores, count the reserved ports. This will allocate enough memory
  in spin table to properly handle all cores.
 
-config SECURE_BOOT
-   bool"Secure Boot"
+config NXP_ESBC
+   bool"NXP_ESBC"
help
Enable Freescale Secure Boot feature. Normally selected
by defconfig. If unsure, do not change.
diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig 
b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
index f011a628f6..78d373f436 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
+++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
@@ -379,8 +379,8 @@ config EMC2305
 Enable the EMC2305 fan controller for configuration of fan
 speed.
 
-config SECURE_BOOT
-   bool "Secure Boot"
+config NXP_ESBC
+   bool "NXP_ESBC"
help
Enable Freescale Secure Boot feature
 
diff --git a/arch/arm/cpu/armv8/fsl-layerscape/spl.c 
b/arch/arm/cpu/armv8/fsl-layerscape/spl.c
index 3e53084b21..10fc25cf28 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/spl.c
+++ b/arch/arm/cpu/armv8/fsl-layerscape/spl.c
@@ -33,7 +33,7 @@ u32 spl_boot_device(void)
 
 void spl_board_init(void)
 {
-#if defined(CONFIG_SECURE_BOOT) && defined(CONFIG_FSL_LSCH2)
+#if defined(CONFIG_NXP_ESBC) && defined(CONFIG_FSL_LSCH2)
/*
 * In case of Secure Boot, the IBR configures the SMMU
 * to allow only Secure transactions.
diff --git a/board/freescale/common/Kconfig b/board/freescale/common/Kconfig
index 8b89c10aba..1b1fd69cb2 100644
--- a/board/freescale/common/Kconfig
+++ b/board/freescale/common/Kconfig
@@ -1,5 +1,5 @@
 config CHAIN_O

[U-Boot] [PATCH 1/1] board/freescale/ls1028a: Secure boot: Adds sec_init call.

[Udit Agarwal]

Adds sec_init call to initialise the job ring parameters
for secure boot operations.

Signed-off-by: Udit Agarwal 
---
 board/freescale/ls1028a/ls1028a.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/board/freescale/ls1028a/ls1028a.c 
b/board/freescale/ls1028a/ls1028a.c
index 6b126bcf44..a92b5b1079 100644
--- a/board/freescale/ls1028a/ls1028a.c
+++ b/board/freescale/ls1028a/ls1028a.c
@@ -64,6 +64,10 @@ int board_init(void)
gd->env_addr = (ulong)_environment[0];
 #endif
 
+#ifdef CONFIG_FSL_CAAM
+   sec_init();
+#endif
+
 #ifdef CONFIG_FSL_LS_PPA
ppa_init();
 #endif
-- 
2.17.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH v2 2/2] armv8: fsl-layerscape: Increase mmc read size for secure-boot headers

[Udit Agarwal]

Maximum size of secure boot header to be read from
MMC is 12KB which spans across 0x20 blocks.

Hence increase the mmc read size for secure boot
headers from MMC to 0x20 blocks.

Signed-off-by: Udit Agarwal 
---
Changes in V2:
Modifications in the subject line and commit
message.

 include/configs/ls1088ardb.h | 18 +-
 include/configs/ls2080ardb.h |  8 
 include/configs/lx2160a_common.h |  8 
 3 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/include/configs/ls1088ardb.h b/include/configs/ls1088ardb.h
index 322adb530a..7500c3d3c6 100644
--- a/include/configs/ls1088ardb.h
+++ b/include/configs/ls1088ardb.h
@@ -320,8 +320,8 @@
"mmcinfo;mmc read 0x8000 0x5000 0x800;" \
"mmc read 0x8010 0x7000 0x800;" \
"env exists secureboot && " \
-   "mmc read 0x8070 0x3800 0x10 && "   \
-   "mmc read 0x8074 0x3A00 0x10 && "   \
+   "mmc read 0x8070 0x3800 0x20 && "   \
+   "mmc read 0x8074 0x3A00 0x20 && "   \
"esbc_validate 0x8070 && "  \
"esbc_validate 0x8074 ;"\
"fsl_mc start mc 0x8000 0x8010\0"
@@ -342,8 +342,8 @@
"mcinitcmd=mmcinfo;mmc read 0x8000 0x5000 0x800;"   \
"mmc read 0x8010 0x7000 0x800;" \
"env exists secureboot && " \
-   "mmc read 0x8070 0x3800 0x10 && "   \
-   "mmc read 0x8074 0x3A00 0x10 && "   \
+   "mmc read 0x8070 0x3800 0x20 && "   \
+   "mmc read 0x8074 0x3A00 0x20 && "   \
"esbc_validate 0x8070 && "  \
"esbc_validate 0x8074 ;"\
"fsl_mc start mc 0x8000 0x8010\0"   \
@@ -377,7 +377,7 @@
"load_addr=0xa000\0"\
"kernel_size=0x280\0"   \
"kernel_size_sd=0x14000\0"  \
-   "kernelhdr_size_sd=0x10\0"  \
+   "kernelhdr_size_sd=0x20\0"  \
QSPI_MC_INIT_CMD\
"mcmemsize=0x7000\0"\
BOOTENV \
@@ -446,7 +446,7 @@
"load_addr=0xa000\0"\
"kernel_size=0x280\0"   \
"kernel_size_sd=0x14000\0"  \
-   "kernelhdr_size_sd=0x10\0"  \
+   "kernelhdr_size_sd=0x20\0"  \
MC_INIT_CMD \
BOOTENV \
"boot_scripts=ls1088ardb_boot.scr\0"\
@@ -493,7 +493,7 @@
 #undef CONFIG_BOOTCOMMAND
 #ifdef CONFIG_TFABOOT
 #define QSPI_NOR_BOOTCOMMAND   \
-   "sf read 0x80001000 0xd0 0x10;" \
+   "sf read 0x80001000 0xd0 0x10;" \
"env exists mcinitcmd && env exists secureboot "\
" && sf read 0x8078 0x78 0x10 " \
"&& esbc_validate 0x8078;env exists mcinitcmd " \
@@ -504,7 +504,7 @@
"env exists mcinitcmd && mmcinfo; " \
"mmc read 0x80001000 0x6800 0x800; "\
"env exists mcinitcmd && env exists secureboot "\
-   " && mmc read 0x8078 0x3C00 0x10 "  \
+   " && mmc read 0x8078 0x3C00 0x20 "  \
"&& esbc_validate 0x8078;env exists mcinitcmd " \
"&& fsl_mc lazyapply dpl 0x80001000;"   \
"run distro_bootcmd;run sd_bootcmd;"\
@@ -527,7 +527,7 @@
"env exists mcinitcmd && mmcinfo; " \
"mmc read 0x80001000 0x6800 0x800; "\
"env exists mcinitcmd && env exists secureboot "\
-   " && mmc read 0x8078 0x3C00 0x10 "  \
+   " && mmc read 0x8078 0x3C00 0x20 "  \
"&& esbc_validate 0x8078;env exists mcinitcmd " \
"&& fsl_mc

[U-Boot] [PATCH v2 1/2] configs: fsl-layerscape: secure_boot: Enable setexpr command.

[Udit Agarwal]

setexpr command is used while running secure boot (chain of trust with
confidentiality) feature.

So, Enable CONFIG_CMD_SETEXPR to enable setexpr command.

Signed-off-by: Udit Agarwal 
---
Changes in V2:
Corrects commit message.

 configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig | 1 +
 configs/ls1012aqds_tfa_SECURE_BOOT_defconfig  | 2 +-
 configs/ls1012ardb_tfa_SECURE_BOOT_defconfig  | 2 +-
 configs/ls1028aqds_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/ls1028ardb_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/ls1043aqds_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/ls1043ardb_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig | 1 +
 configs/ls1046aqds_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/ls1046ardb_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/ls1088ardb_tfa_SECURE_BOOT_defconfig  | 2 +-
 configs/ls2088ardb_tfa_SECURE_BOOT_defconfig  | 2 +-
 configs/lx2160aqds_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/lx2160ardb_tfa_SECURE_BOOT_defconfig  | 1 +
 14 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig 
b/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig
index 02f5dedfa2..bf68873466 100644
--- a/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig
@@ -50,4 +50,5 @@ CONFIG_DM_USB=y
 CONFIG_USB_XHCI_HCD=y
 CONFIG_USB_XHCI_DWC3=y
 CONFIG_RSA=y
+CONFIG_CMD_SETEXPR=y
 CONFIG_RSA_SOFTWARE_EXP=y
diff --git a/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig 
b/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig
index 9a6139e58c..80fb0c473c 100644
--- a/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig
@@ -30,7 +30,7 @@ CONFIG_CMD_SF=y
 CONFIG_CMD_SPI=y
 CONFIG_DEFAULT_SPI_BUS=1
 CONFIG_CMD_USB=y
-# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_SETEXPR=y
 CONFIG_CMD_CACHE=y
 CONFIG_CMD_DATE=y
 CONFIG_OF_CONTROL=y
diff --git a/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig 
b/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig
index 5e524e74c1..f8b7585802 100644
--- a/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig
@@ -27,7 +27,7 @@ CONFIG_CMD_MMC=y
 CONFIG_CMD_PCI=y
 CONFIG_CMD_SF=y
 CONFIG_CMD_USB=y
-# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_SETEXPR=y
 CONFIG_CMD_CACHE=y
 CONFIG_OF_CONTROL=y
 CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1012a-rdb"
diff --git a/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig 
b/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig
index 7cd2f59d7b..b1d2c6bb3e 100644
--- a/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig
@@ -59,4 +59,5 @@ CONFIG_USB_XHCI_DWC3=y
 CONFIG_WDT=y
 CONFIG_WDT_SP805=y
 CONFIG_RSA=y
+CONFIG_CMD_SETEXPR=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
diff --git a/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig 
b/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig
index 3432f90087..3cd6cb56bf 100644
--- a/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig
@@ -59,4 +59,5 @@ CONFIG_USB_XHCI_DWC3=y
 CONFIG_WDT=y
 CONFIG_WDT_SP805=y
 CONFIG_RSA=y
+CONFIG_CMD_SETEXPR=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
diff --git a/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig 
b/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig
index 8964042fcc..919d8b0e0f 100644
--- a/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig
@@ -58,4 +58,5 @@ CONFIG_USB_XHCI_DWC3=y
 CONFIG_RSA=y
 CONFIG_SPL_RSA=y
 CONFIG_RSA_SOFTWARE_EXP=y
+CONFIG_CMD_SETEXPR=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
diff --git a/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig 
b/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig
index a481cb104d..637febf9a5 100644
--- a/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig
@@ -52,3 +52,4 @@ CONFIG_RSA=y
 CONFIG_SPL_RSA=y
 CONFIG_RSA_SOFTWARE_EXP=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
+CONFIG_CMD_SETEXPR=y
diff --git a/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig 
b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig
index e5522d8629..116c9a26c7 100644
--- a/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig
@@ -53,3 +53,4 @@ CONFIG_DM_USB=y
 CONFIG_USB_XHCI_HCD=y
 CONFIG_USB_XHCI_DWC3=y
 CONFIG_RSA=y
+CONFIG_CMD_SETEXPR=y
diff --git a/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig 
b/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig
index 715d07934c..69e39e7207 100644
--- a/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig
@@ -59,3 +59,4 @@ CONFIG_USB_XHCI_HCD=y
 CONFIG_USB_XHCI_DWC3=y
 CONFIG_RSA=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
+CONFIG_CMD_SETEXPR=y
diff --git a/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig 
b/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig
index 3244d5659a..8cd246a63e 100644
--- a/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig
@@ -52,3 +52,4 @@ CONFIG_USB_XHCI_HCD=y
 CONFIG_USB_XHCI_DWC3=y
 CO

[U-Boot] [PATCH 1/1] board/freescale/common: secure_boot: Set bootdelay to -2.

[Udit Agarwal]

Uboot prompt must not be available while running
secure boot. TO ensure this  bootdelay must be set
to -2.

Signed-off-by: Udit Agarwal 
---
 board/freescale/common/fsl_chain_of_trust.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/board/freescale/common/fsl_chain_of_trust.c 
b/board/freescale/common/fsl_chain_of_trust.c
index 97376c4165..dddfd26a13 100644
--- a/board/freescale/common/fsl_chain_of_trust.c
+++ b/board/freescale/common/fsl_chain_of_trust.c
@@ -79,7 +79,7 @@ int fsl_setenv_chain_of_trust(void)
 * bootdelay = 0 (To disable Boot Prompt)
 * bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)
 */
-   env_set("bootdelay", "0");
+   env_set("bootdelay", "-2");
 
 #ifdef CONFIG_ARM
env_set("secureboot", "y");
-- 
2.17.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH 2/2] include/configs: Secure boot: Increases mmc read size for headers.

[Udit Agarwal]

Maximum size of secure boot header to be read from
MMC is 12KB which spans across 0x20 blocks.

Hence increases the mmc read size for secure boot
headers from MMC to 0x20 blocks.

Signed-off-by: Udit Agarwal 
---
 include/configs/ls1088ardb.h | 18 +-
 include/configs/ls2080ardb.h |  8 
 include/configs/lx2160a_common.h |  8 
 3 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/include/configs/ls1088ardb.h b/include/configs/ls1088ardb.h
index 322adb530a..7500c3d3c6 100644
--- a/include/configs/ls1088ardb.h
+++ b/include/configs/ls1088ardb.h
@@ -320,8 +320,8 @@
"mmcinfo;mmc read 0x8000 0x5000 0x800;" \
"mmc read 0x8010 0x7000 0x800;" \
"env exists secureboot && " \
-   "mmc read 0x8070 0x3800 0x10 && "   \
-   "mmc read 0x8074 0x3A00 0x10 && "   \
+   "mmc read 0x8070 0x3800 0x20 && "   \
+   "mmc read 0x8074 0x3A00 0x20 && "   \
"esbc_validate 0x8070 && "  \
"esbc_validate 0x8074 ;"\
"fsl_mc start mc 0x8000 0x8010\0"
@@ -342,8 +342,8 @@
"mcinitcmd=mmcinfo;mmc read 0x8000 0x5000 0x800;"   \
"mmc read 0x8010 0x7000 0x800;" \
"env exists secureboot && " \
-   "mmc read 0x8070 0x3800 0x10 && "   \
-   "mmc read 0x8074 0x3A00 0x10 && "   \
+   "mmc read 0x8070 0x3800 0x20 && "   \
+   "mmc read 0x8074 0x3A00 0x20 && "   \
"esbc_validate 0x8070 && "  \
"esbc_validate 0x8074 ;"\
"fsl_mc start mc 0x8000 0x8010\0"   \
@@ -377,7 +377,7 @@
"load_addr=0xa000\0"\
"kernel_size=0x280\0"   \
"kernel_size_sd=0x14000\0"  \
-   "kernelhdr_size_sd=0x10\0"  \
+   "kernelhdr_size_sd=0x20\0"  \
QSPI_MC_INIT_CMD\
"mcmemsize=0x7000\0"\
BOOTENV \
@@ -446,7 +446,7 @@
"load_addr=0xa000\0"\
"kernel_size=0x280\0"   \
"kernel_size_sd=0x14000\0"  \
-   "kernelhdr_size_sd=0x10\0"  \
+   "kernelhdr_size_sd=0x20\0"  \
MC_INIT_CMD \
BOOTENV \
"boot_scripts=ls1088ardb_boot.scr\0"\
@@ -493,7 +493,7 @@
 #undef CONFIG_BOOTCOMMAND
 #ifdef CONFIG_TFABOOT
 #define QSPI_NOR_BOOTCOMMAND   \
-   "sf read 0x80001000 0xd0 0x10;" \
+   "sf read 0x80001000 0xd0 0x10;" \
"env exists mcinitcmd && env exists secureboot "\
" && sf read 0x8078 0x78 0x10 " \
"&& esbc_validate 0x8078;env exists mcinitcmd " \
@@ -504,7 +504,7 @@
"env exists mcinitcmd && mmcinfo; " \
"mmc read 0x80001000 0x6800 0x800; "\
"env exists mcinitcmd && env exists secureboot "\
-   " && mmc read 0x8078 0x3C00 0x10 "  \
+   " && mmc read 0x8078 0x3C00 0x20 "  \
"&& esbc_validate 0x8078;env exists mcinitcmd " \
"&& fsl_mc lazyapply dpl 0x80001000;"   \
"run distro_bootcmd;run sd_bootcmd;"\
@@ -527,7 +527,7 @@
"env exists mcinitcmd && mmcinfo; " \
"mmc read 0x80001000 0x6800 0x800; "\
"env exists mcinitcmd && env exists secureboot "\
-   " && mmc read 0x8078 0x3C00 0x10 "  \
+   " && mmc read 0x8078 0x3C00 0x20 "  \
"&& esbc_validate 0x8078;env exists mcinitcmd " \
"&& fsl_mc lazyapply dpl 0x80001000;"   \
"run distro_boot

[U-Boot] [PATCH 1/2] configs: secure_boot: Add config to enable SETEXPR command.

[Udit Agarwal]

SETEXPR command is used while running secure boot (chain of
trust with confidentiality) feature.

To use the setexpr command from uboot comsole CONFIG_CMD_SETEXPR
config needs to be enabled in defconfig.

Signed-off-by: Udit Agarwal 
---
 configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig | 1 +
 configs/ls1012aqds_tfa_SECURE_BOOT_defconfig  | 2 +-
 configs/ls1012ardb_tfa_SECURE_BOOT_defconfig  | 2 +-
 configs/ls1028aqds_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/ls1028ardb_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/ls1043aqds_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/ls1043ardb_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig | 1 +
 configs/ls1046aqds_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/ls1046ardb_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/ls1088ardb_tfa_SECURE_BOOT_defconfig  | 2 +-
 configs/ls2088ardb_tfa_SECURE_BOOT_defconfig  | 2 +-
 configs/lx2160aqds_tfa_SECURE_BOOT_defconfig  | 1 +
 configs/lx2160ardb_tfa_SECURE_BOOT_defconfig  | 1 +
 14 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig 
b/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig
index 02f5dedfa2..bf68873466 100644
--- a/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1012afrwy_tfa_SECURE_BOOT_defconfig
@@ -50,4 +50,5 @@ CONFIG_DM_USB=y
 CONFIG_USB_XHCI_HCD=y
 CONFIG_USB_XHCI_DWC3=y
 CONFIG_RSA=y
+CONFIG_CMD_SETEXPR=y
 CONFIG_RSA_SOFTWARE_EXP=y
diff --git a/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig 
b/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig
index 9a6139e58c..80fb0c473c 100644
--- a/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1012aqds_tfa_SECURE_BOOT_defconfig
@@ -30,7 +30,7 @@ CONFIG_CMD_SF=y
 CONFIG_CMD_SPI=y
 CONFIG_DEFAULT_SPI_BUS=1
 CONFIG_CMD_USB=y
-# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_SETEXPR=y
 CONFIG_CMD_CACHE=y
 CONFIG_CMD_DATE=y
 CONFIG_OF_CONTROL=y
diff --git a/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig 
b/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig
index 5e524e74c1..f8b7585802 100644
--- a/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1012ardb_tfa_SECURE_BOOT_defconfig
@@ -27,7 +27,7 @@ CONFIG_CMD_MMC=y
 CONFIG_CMD_PCI=y
 CONFIG_CMD_SF=y
 CONFIG_CMD_USB=y
-# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_SETEXPR=y
 CONFIG_CMD_CACHE=y
 CONFIG_OF_CONTROL=y
 CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1012a-rdb"
diff --git a/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig 
b/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig
index 7cd2f59d7b..b1d2c6bb3e 100644
--- a/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1028aqds_tfa_SECURE_BOOT_defconfig
@@ -59,4 +59,5 @@ CONFIG_USB_XHCI_DWC3=y
 CONFIG_WDT=y
 CONFIG_WDT_SP805=y
 CONFIG_RSA=y
+CONFIG_CMD_SETEXPR=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
diff --git a/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig 
b/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig
index 3432f90087..3cd6cb56bf 100644
--- a/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1028ardb_tfa_SECURE_BOOT_defconfig
@@ -59,4 +59,5 @@ CONFIG_USB_XHCI_DWC3=y
 CONFIG_WDT=y
 CONFIG_WDT_SP805=y
 CONFIG_RSA=y
+CONFIG_CMD_SETEXPR=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
diff --git a/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig 
b/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig
index 8964042fcc..919d8b0e0f 100644
--- a/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1043aqds_tfa_SECURE_BOOT_defconfig
@@ -58,4 +58,5 @@ CONFIG_USB_XHCI_DWC3=y
 CONFIG_RSA=y
 CONFIG_SPL_RSA=y
 CONFIG_RSA_SOFTWARE_EXP=y
+CONFIG_CMD_SETEXPR=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
diff --git a/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig 
b/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig
index a481cb104d..637febf9a5 100644
--- a/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1043ardb_tfa_SECURE_BOOT_defconfig
@@ -52,3 +52,4 @@ CONFIG_RSA=y
 CONFIG_SPL_RSA=y
 CONFIG_RSA_SOFTWARE_EXP=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
+CONFIG_CMD_SETEXPR=y
diff --git a/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig 
b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig
index e5522d8629..116c9a26c7 100644
--- a/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig
@@ -53,3 +53,4 @@ CONFIG_DM_USB=y
 CONFIG_USB_XHCI_HCD=y
 CONFIG_USB_XHCI_DWC3=y
 CONFIG_RSA=y
+CONFIG_CMD_SETEXPR=y
diff --git a/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig 
b/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig
index 715d07934c..69e39e7207 100644
--- a/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1046aqds_tfa_SECURE_BOOT_defconfig
@@ -59,3 +59,4 @@ CONFIG_USB_XHCI_HCD=y
 CONFIG_USB_XHCI_DWC3=y
 CONFIG_RSA=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
+CONFIG_CMD_SETEXPR=y
diff --git a/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig 
b/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig
index 3244d5659a..8cd246a63e 100644
--- a/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig
+++ b/configs/ls1046ardb_tfa_SECURE_BOOT_defconfig
@@ -52,3 +52,4 @@ CONFIG_USB_XHCI_HCD=y
 CONFIG_USB_XHCI_DWC3=y
 CO

[U-Boot] [PATCH v2] configs: ls1046afrwy: Add tfa secure boot defonfig.

[Udit Agarwal]

Add TFA secure boot defconfig and Enables secure boot related
configs in it.

Signed-off-by: Udit Agarwal 
---
Changes in V2:
Change in commit message.

 configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig | 61 +++
 1 file changed, 61 insertions(+)
 create mode 100644 configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig

diff --git a/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig 
b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig
new file mode 100644
index 00..6cb192b003
--- /dev/null
+++ b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig
@@ -0,0 +1,61 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS1046AFRWY=y
+CONFIG_SYS_TEXT_BASE=0x8200
+CONFIG_SECURE_BOOT=y
+CONFIG_SEC_FIRMWARE_ARMV8_PSCI=y
+CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT=y
+CONFIG_QSPI_AHB_INIT=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1046a-frwy"
+CONFIG_DISTRO_DEFAULTS=y
+CONFIG_NR_DRAM_BANKS=2
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_TFABOOT=y
+CONFIG_BOOTDELAY=10
+CONFIG_USE_BOOTARGS=y
+CONFIG_BOOTARGS="console=ttyS0,115200 root=/dev/ram0 
earlycon=uart8250,mmio,0x21c0500 
mtdparts=155.quadspi:1m(rcw),15m(u-boot),48m(kernel.itb);7e80.flash:16m(nand_uboot),48m(nand_kernel),448m(nand_free)"
+CONFIG_MISC_INIT_R=y
+# CONFIG_SPI_FLASH_USE_4K_SECTORS is not set
+CONFIG_CMD_GPT=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_NAND=y
+CONFIG_CMD_PCI=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_USB=y
+CONFIG_CMD_CACHE=y
+CONFIG_MP=y
+CONFIG_MTDPARTS_DEFAULT="mtdparts=155.quadspi:1m(rcw),15m(u-boot),48m(kernel.itb);7e80.flash:16m(nand_uboot),48m(nand_kernel),448m(nand_free)"
+CONFIG_OF_CONTROL=y
+CONFIG_DM=y
+CONFIG_FSL_CAAM=y
+CONFIG_FSL_ESDHC=y
+CONFIG_SPI_FLASH=y
+CONFIG_SPI_FLASH_STMICRO=y
+CONFIG_PHYLIB=y
+CONFIG_NETDEVICES=y
+CONFIG_PHY_GIGE=y
+CONFIG_PHY_VITESSE=y
+CONFIG_E1000=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_PCIE_LAYERSCAPE=y
+CONFIG_SYS_NS16550=y
+CONFIG_SPI=y
+CONFIG_DM_SPI=y
+CONFIG_ENV_IS_NOWHERE=y
+CONFIG_USB=y
+CONFIG_FSL_QSPI=y
+CONFIG_DM_USB=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_USB_STORAGE=y
+CONFIG_RSA=y
+CONFIG_DM_MMC=y
+CONFIG_DM_SCSI=y
+CONFIG_SATA_CEVA=y
+CONFIG_SCSI_AHCI=y
+CONFIG_SCSI=y
+CONFIG_AHCI=y
+CONFIG_CMD_SETEXPR=y
-- 
2.17.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH 1/1] configs:ls1046afrwy: Add tfa secure boot defonfig.

[Udit Agarwal]

Add TFA secure boot defconfig and Enables secure boot related
configs in it.

Signed-off-by: Udit Agarwal 
---
 configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig | 61 +++
 1 file changed, 61 insertions(+)
 create mode 100644 configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig

diff --git a/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig 
b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig
new file mode 100644
index 00..6cb192b003
--- /dev/null
+++ b/configs/ls1046afrwy_tfa_SECURE_BOOT_defconfig
@@ -0,0 +1,61 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS1046AFRWY=y
+CONFIG_SYS_TEXT_BASE=0x8200
+CONFIG_SECURE_BOOT=y
+CONFIG_SEC_FIRMWARE_ARMV8_PSCI=y
+CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT=y
+CONFIG_QSPI_AHB_INIT=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1046a-frwy"
+CONFIG_DISTRO_DEFAULTS=y
+CONFIG_NR_DRAM_BANKS=2
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_TFABOOT=y
+CONFIG_BOOTDELAY=10
+CONFIG_USE_BOOTARGS=y
+CONFIG_BOOTARGS="console=ttyS0,115200 root=/dev/ram0 
earlycon=uart8250,mmio,0x21c0500 
mtdparts=155.quadspi:1m(rcw),15m(u-boot),48m(kernel.itb);7e80.flash:16m(nand_uboot),48m(nand_kernel),448m(nand_free)"
+CONFIG_MISC_INIT_R=y
+# CONFIG_SPI_FLASH_USE_4K_SECTORS is not set
+CONFIG_CMD_GPT=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_NAND=y
+CONFIG_CMD_PCI=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_USB=y
+CONFIG_CMD_CACHE=y
+CONFIG_MP=y
+CONFIG_MTDPARTS_DEFAULT="mtdparts=155.quadspi:1m(rcw),15m(u-boot),48m(kernel.itb);7e80.flash:16m(nand_uboot),48m(nand_kernel),448m(nand_free)"
+CONFIG_OF_CONTROL=y
+CONFIG_DM=y
+CONFIG_FSL_CAAM=y
+CONFIG_FSL_ESDHC=y
+CONFIG_SPI_FLASH=y
+CONFIG_SPI_FLASH_STMICRO=y
+CONFIG_PHYLIB=y
+CONFIG_NETDEVICES=y
+CONFIG_PHY_GIGE=y
+CONFIG_PHY_VITESSE=y
+CONFIG_E1000=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_PCIE_LAYERSCAPE=y
+CONFIG_SYS_NS16550=y
+CONFIG_SPI=y
+CONFIG_DM_SPI=y
+CONFIG_ENV_IS_NOWHERE=y
+CONFIG_USB=y
+CONFIG_FSL_QSPI=y
+CONFIG_DM_USB=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_USB_STORAGE=y
+CONFIG_RSA=y
+CONFIG_DM_MMC=y
+CONFIG_DM_SCSI=y
+CONFIG_SATA_CEVA=y
+CONFIG_SCSI_AHCI=y
+CONFIG_SCSI=y
+CONFIG_AHCI=y
+CONFIG_CMD_SETEXPR=y
-- 
2.17.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [Patch v3] armv8: fsl-layerscape: Set env_loc to ENVL_NOWHERE with CONFIG_ENV_IS_NOWHERE.

[Udit Agarwal]

ENVL_NOWHERE is dependent on CONFIG_ENV_IS_NOWHERE and not on
CONFIG_CHAIN_OF_TRUST so return ENVL_NOWHERE when CONFIG_ENV_IS_NOWHERE
is enabled

Signed-off-by: Udit Agarwal 
---
Changes in V3:
Correct checkpatch warnings.

 arch/arm/cpu/armv8/fsl-layerscape/cpu.c | 11 ++-
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/arch/arm/cpu/armv8/fsl-layerscape/cpu.c 
b/arch/arm/cpu/armv8/fsl-layerscape/cpu.c
index 54ea6b3de0..d26305ce2f 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/cpu.c
+++ b/arch/arm/cpu/armv8/fsl-layerscape/cpu.c
@@ -799,12 +799,8 @@ enum env_location env_get_location(enum env_operation op, 
int prio)
if (prio)
return ENVL_UNKNOWN;
 
-#ifdef CONFIG_CHAIN_OF_TRUST
-   /* Check Boot Mode
-* If Boot Mode is Secure, return ENVL_NOWHERE
-*/
-   if (fsl_check_boot_mode_secure() == 1)
-   goto done;
+#ifdef CONFIG_ENV_IS_NOWHERE
+   return env_loc;
 #endif
 
switch (src) {
@@ -834,9 +830,6 @@ enum env_location env_get_location(enum env_operation op, 
int prio)
break;
}
 
-#ifdef CONFIG_CHAIN_OF_TRUST
-done:
-#endif
return env_loc;
 }
 #endif /* CONFIG_TFABOOT */
-- 
2.17.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [Patch v2] armv8: Secure Boot: Modify boot_a_script definition

[Udit Agarwal]

From: Vinitha V Pillai 

boot_script_hdr does not exist, it should not continue to
boot. So adding separate validation after loading boot_script.

The secure boot validation of the bootscript header will fail
and halts the further execution of commands which prevent
source command from execution.

Signed-off-by: Vinitha V Pillai 
Signed-off-by: Udit Agarwal 
---
Changes in V2:
Corrects commit message to add more clarity.

 include/configs/ls1012afrwy.h| 3 ++-
 include/configs/ls1012ardb.h | 3 ++-
 include/configs/ls1021atwr.h | 3 ++-
 include/configs/ls1043a_common.h | 3 ++-
 include/configs/ls1046a_common.h | 5 +++--
 include/configs/ls1088ardb.h | 3 ++-
 include/configs/ls2080ardb.h | 3 ++-
 7 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/include/configs/ls1012afrwy.h b/include/configs/ls1012afrwy.h
index ebb1df41c7..12e6437a05 100644
--- a/include/configs/ls1012afrwy.h
+++ b/include/configs/ls1012afrwy.h
@@ -98,7 +98,8 @@
"${scriptaddr} ${prefix}${script}; "\
"env exists secureboot && load ${devtype} " \
"${devnum}:${distro_bootpart} " \
-   "${scripthdraddr} ${prefix}${boot_script_hdr} " \
+   "${scripthdraddr} ${prefix}${boot_script_hdr}; " \
+   "env exists secureboot "\
"&& esbc_validate ${scripthdraddr};"\
"source ${scriptaddr}\0"  \
"installer=load mmc 0:2 $load_addr "\
diff --git a/include/configs/ls1012ardb.h b/include/configs/ls1012ardb.h
index f149a604cf..f6640fa499 100644
--- a/include/configs/ls1012ardb.h
+++ b/include/configs/ls1012ardb.h
@@ -98,7 +98,8 @@
"${scriptaddr} ${prefix}${script}; "\
"env exists secureboot && load ${devtype} " \
"${devnum}:${distro_bootpart} " \
-   "${scripthdraddr} ${prefix}${boot_script_hdr} " \
+   "${scripthdraddr} ${prefix}${boot_script_hdr}; " \
+   "env exists secureboot "\
"&& esbc_validate ${scripthdraddr};"\
"source ${scriptaddr}\0"  \
"installer=load mmc 0:2 $load_addr "\
diff --git a/include/configs/ls1021atwr.h b/include/configs/ls1021atwr.h
index da55bf2f43..2616f4aa5c 100644
--- a/include/configs/ls1021atwr.h
+++ b/include/configs/ls1021atwr.h
@@ -364,7 +364,8 @@
"${scriptaddr} ${prefix}${script}; "\
"env exists secureboot && load ${devtype} " \
"${devnum}:${distro_bootpart} " \
-   "${scripthdraddr} ${prefix}${boot_script_hdr} " \
+   "${scripthdraddr} ${prefix}${boot_script_hdr}; " \
+   "env exists secureboot "\
"&& esbc_validate ${scripthdraddr};"\
"source ${scriptaddr}\0"  \
"installer=load mmc 0:2 $load_addr "\
diff --git a/include/configs/ls1043a_common.h b/include/configs/ls1043a_common.h
index 2e9d476483..8618a5f182 100644
--- a/include/configs/ls1043a_common.h
+++ b/include/configs/ls1043a_common.h
@@ -275,7 +275,8 @@
"${scriptaddr} ${prefix}${script}; "\
"env exists secureboot && load ${devtype} " \
"${devnum}:${distro_bootpart} " \
-   "${scripthdraddr} ${prefix}${boot_script_hdr} " \
+   "${scripthdraddr} ${prefix}${boot_script_hdr}; " \
+   "env exists secureboot "\
"&& esbc_validate ${scripthdraddr};"\
"source ${scriptaddr}\0"\
"qspi_bootcmd=echo Trying load from qspi..;"\
diff --git a/include/configs/ls1046a_common.h b/include/configs/ls1046a_common.h
index 24ff2d1547..e4e71b24d4 100644
--- a/include/configs/ls1046a_common.h
+++ b/include/configs/ls1046a_common.h
@@ -256,8 +256,9 @@
"${scriptaddr} ${prefix}${script}; "\
"env exists secureboot && load ${devtype} " \
"${devnum}:${distro_bootpart} " \
-   "${scripthdraddr} ${prefix}${boot_script_hdr} " \
-   "&& esbc_validate ${scripthdraddr};"\
+   "${scripthdraddr}

Re: [U-Boot] [PATCH v2 1/1] Set environment location to ENVL_NOWHERE with CONFIG_ENV_IS_NOWHERE.

[Udit Agarwal]

Hi,

arch/arm/cpu/armv8/fsl-layerscape/cpu.c  uses ENVL_NOWHERE to initialize the 
env_loc enum variable.
Shall the ENVL_NOWHERE be replaced with ENV_NOWHERE in commit message.

Regards
Udit Agarwal


> -Original Message-
> From: Prabhakar Kushwaha
> Sent: Friday, March 22, 2019 4:32 PM
> To: Udit Agarwal ; u-boot@lists.denx.de
> Cc: Ruchika Gupta ; Jaiprakash Singh
> ; Arun Pathak 
> Subject: RE: [PATCH v2 1/1] Set environment location to ENVL_NOWHERE with
> CONFIG_ENV_IS_NOWHERE.
> 
> 
> > -Original Message-
> > From: Udit Agarwal
> > Sent: Thursday, March 7, 2019 2:55 PM
> > To: u-boot@lists.denx.de
> > Cc: Prabhakar Kushwaha ; Ruchika Gupta
> > ; Jaiprakash Singh ;
> > Arun Pathak ; Udit Agarwal 
> > Subject: [PATCH v2 1/1] Set environment location to ENVL_NOWHERE with
> > CONFIG_ENV_IS_NOWHERE.
> >
> > ENVL_NOWHERE is dependent on CONFIG_ENV_IS_NOWHERE and not on
> > CONFIG_CHAIN_OF_TRUST so return ENVL_NOWHERE when
> > CONFIG_ENV_IS_NOWHERE is enabled
> >
> > Signed-off-by: Udit Agarwal 
> > ---
> 
> S /ENVL /ENV
> 
> --pk

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH v2 1/1] Set environment location to ENVL_NOWHERE with CONFIG_ENV_IS_NOWHERE.

[Udit Agarwal]

ENVL_NOWHERE is dependent on CONFIG_ENV_IS_NOWHERE and not on
CONFIG_CHAIN_OF_TRUST so return ENVL_NOWHERE when CONFIG_ENV_IS_NOWHERE
is enabled

Signed-off-by: Udit Agarwal 
---
Changes in V2:
Corrects commit message.
Removes goto label.

 arch/arm/cpu/armv8/fsl-layerscape/cpu.c | 11 ++-
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/arch/arm/cpu/armv8/fsl-layerscape/cpu.c 
b/arch/arm/cpu/armv8/fsl-layerscape/cpu.c
index 34167cdd50..5b945f5959 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/cpu.c
+++ b/arch/arm/cpu/armv8/fsl-layerscape/cpu.c
@@ -795,12 +795,8 @@ enum env_location env_get_location(enum env_operation op, 
int prio)
if (prio)
return ENVL_UNKNOWN;
 
-#ifdef CONFIG_CHAIN_OF_TRUST
-   /* Check Boot Mode
-* If Boot Mode is Secure, return ENVL_NOWHERE
-*/
-   if (fsl_check_boot_mode_secure() == 1)
-   goto done;
+#ifdef CONFIG_ENV_IS_NOWHERE
+   return env_loc;
 #endif
 
switch (src) {
@@ -830,9 +826,6 @@ enum env_location env_get_location(enum env_operation op, 
int prio)
break;
}
 
-#ifdef CONFIG_CHAIN_OF_TRUST
-done:
-#endif
return env_loc;
 }
 #endif /* CONFIG_TFABOOT */
-- 
2.17.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH 1/1] Set environment location to ENVL_NOWHERE with CONFIG_ENV_IS_NOWHERE.

[Udit Agarwal]

Compiles code to set the environment location to ENVL_NOWHERE
and return when CONFIG_ENV_IS_NOWHERE is set.

Environment location is dependent on CONFIG_ENV_IS_NOWHERE config
and not on CONFIG_CHAIN_OF_TRUST.

Signed-off-by: Udit Agarwal 
---
 arch/arm/cpu/armv8/fsl-layerscape/cpu.c | 8 ++--
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/arch/arm/cpu/armv8/fsl-layerscape/cpu.c 
b/arch/arm/cpu/armv8/fsl-layerscape/cpu.c
index 34167cdd50..0f2a42f119 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/cpu.c
+++ b/arch/arm/cpu/armv8/fsl-layerscape/cpu.c
@@ -795,11 +795,7 @@ enum env_location env_get_location(enum env_operation op, 
int prio)
if (prio)
return ENVL_UNKNOWN;
 
-#ifdef CONFIG_CHAIN_OF_TRUST
-   /* Check Boot Mode
-* If Boot Mode is Secure, return ENVL_NOWHERE
-*/
-   if (fsl_check_boot_mode_secure() == 1)
+#ifdef CONFIG_ENV_IS_NOWHERE
goto done;
 #endif
 
@@ -830,7 +826,7 @@ enum env_location env_get_location(enum env_operation op, 
int prio)
break;
}
 
-#ifdef CONFIG_CHAIN_OF_TRUST
+#ifdef CONFIG_ENV_IS_NOWHERE
 done:
 #endif
return env_loc;
-- 
2.17.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH 1/1] LX2160AQDS: Adds SECURE_BOOT defconfig.

[Udit Agarwal]

Configs added to enable secure boot on LX2160AQDS board.

Signed-off-by: Udit Agarwal 
---
 configs/lx2160aqds_tfa_SECURE_BOOT_defconfig | 90 
 1 file changed, 90 insertions(+)
 create mode 100644 configs/lx2160aqds_tfa_SECURE_BOOT_defconfig

diff --git a/configs/lx2160aqds_tfa_SECURE_BOOT_defconfig 
b/configs/lx2160aqds_tfa_SECURE_BOOT_defconfig
new file mode 100644
index 00..c53a7ac350
--- /dev/null
+++ b/configs/lx2160aqds_tfa_SECURE_BOOT_defconfig
@@ -0,0 +1,90 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LX2160AQDS=y
+CONFIG_SYS_TEXT_BASE=0x8200
+CONFIG_SEC_FIRMWARE_ARMV8_PSCI=y
+CONFIG_SECURE_BOOT=y
+CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-lx2160a-qds"
+CONFIG_NR_DRAM_BANKS=3
+CONFIG_DM=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_TFABOOT=y
+CONFIG_USE_BOOTARGS=y
+CONFIG_BOOTARGS="console=ttyAMA0,115200 root=/dev/ram0 
earlycon=pl011,mmio32,0x21c ramdisk_size=0x200 default_hugepagesz=1024m 
hugepagesz=1024m hugepages=2 pci=pcie_bus_perf"
+# CONFIG_USE_BOOTCOMMAND is not set
+CONFIG_CMD_GREPENV=y
+CONFIG_CMD_EEPROM=y
+CONFIG_CMD_GPT=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_USB=y
+CONFIG_CMD_CACHE=y
+CONFIG_MP=y
+CONFIG_OF_CONTROL=y
+CONFIG_ENV_IS_NOWHERE=y
+CONFIG_ENV_IS_IN_SPI_FLASH=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM_SERIAL=y
+CONFIG_SERIAL_PROBE_ALL=y
+CONFIG_CONS_INDEX=0
+CONFIG_FSL_CAAM=y
+CONFIG_FSL_ESDHC=y
+CONFIG_SPI=y
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_SPI_FLASH=y
+CONFIG_SPI_FLASH_STMICRO=y
+CONFIG_SPI_FLASH_MICRON=y
+CONFIG_SPI_FLASH_USE_4K_SECTORS=n
+CONFIG_SPI_FLASH_SPANSION=y
+CONFIG_SPI_FLASH_SST=y
+CONFIG_SPI_FLASH_EON=y
+CONFIG_NXP_FSPI=y
+CONFIG_FSL_DSPI=y
+CONFIG_FSPI_AHB_EN_4BYTE=y
+CONFIG_SYS_FSPI_AHB_INIT=y
+CONFIG_PHYLIB=y
+CONFIG_NETDEVICES=y
+CONFIG_PHY_GIGE=y
+CONFIG_CMD_NET=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_PXE=y
+CONFIG_CMD_MII=y
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_FAT=y
+CONFIG_CMD_EXT2=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_PCIE_LX=y
+CONFIG_E1000=y
+CONFIG_NET=y
+CONFIG_DM_MMC=y
+CONFIG_USB=y
+CONFIG_DM_USB=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_USB_STORAGE=y
+CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
+CONFIG_SCSI_AHCI=y
+CONFIG_SCSI=y
+# CONFIG_SYS_FSL_DDR_PHY is not set
+CONFIG_SYS_GEN2_DDR_PHY=y
+CONFIG_SYS_MALLOC_F=y
+CONFIG_SYS_MALLOC_F_LEN=0x6000
+CONFIG_PHYLIB_10G=y
+CONFIG_PHY_AQUANTIA=y # X-M11-USXGMII
+CONFIG_PHY_CORTINA=y # X-M7-40G
+CONFIG_PHY_REALTEK=y # RGMII
+CONFIG_PHY_INPHI=y # X-M8-100G
+CONFIG_PHY_VITESSE=y # SGMII PEX RISER
+CONFIG_HUSH_PARSER=y
+CONFIG_DM_SCSI=y
+CONFIG_SATA_CEVA=y
+CONFIG_AHCI=y
+CONFIG_RSA=y
+CONFIG_SPL_RSA=y
+CONFIG_RSA_SOFTWARE_EXP=y
-- 
2.17.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH 1/1] LX2160AQDS: Adds SECURE_BOOT defconfig.

[Udit Agarwal]

Configs added to enable secure boot on LX2160AQDS board.

Signed-off-by: Udit Agarwal 
---
 configs/lx2160aqds_tfa_SECURE_BOOT_defconfig | 90 
 1 file changed, 90 insertions(+)
 create mode 100644 configs/lx2160aqds_tfa_SECURE_BOOT_defconfig

diff --git a/configs/lx2160aqds_tfa_SECURE_BOOT_defconfig 
b/configs/lx2160aqds_tfa_SECURE_BOOT_defconfig
new file mode 100644
index 00..c53a7ac350
--- /dev/null
+++ b/configs/lx2160aqds_tfa_SECURE_BOOT_defconfig
@@ -0,0 +1,90 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LX2160AQDS=y
+CONFIG_SYS_TEXT_BASE=0x8200
+CONFIG_SEC_FIRMWARE_ARMV8_PSCI=y
+CONFIG_SECURE_BOOT=y
+CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-lx2160a-qds"
+CONFIG_NR_DRAM_BANKS=3
+CONFIG_DM=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_TFABOOT=y
+CONFIG_USE_BOOTARGS=y
+CONFIG_BOOTARGS="console=ttyAMA0,115200 root=/dev/ram0 
earlycon=pl011,mmio32,0x21c ramdisk_size=0x200 default_hugepagesz=1024m 
hugepagesz=1024m hugepages=2 pci=pcie_bus_perf"
+# CONFIG_USE_BOOTCOMMAND is not set
+CONFIG_CMD_GREPENV=y
+CONFIG_CMD_EEPROM=y
+CONFIG_CMD_GPT=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_USB=y
+CONFIG_CMD_CACHE=y
+CONFIG_MP=y
+CONFIG_OF_CONTROL=y
+CONFIG_ENV_IS_NOWHERE=y
+CONFIG_ENV_IS_IN_SPI_FLASH=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM_SERIAL=y
+CONFIG_SERIAL_PROBE_ALL=y
+CONFIG_CONS_INDEX=0
+CONFIG_FSL_CAAM=y
+CONFIG_FSL_ESDHC=y
+CONFIG_SPI=y
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_SPI_FLASH=y
+CONFIG_SPI_FLASH_STMICRO=y
+CONFIG_SPI_FLASH_MICRON=y
+CONFIG_SPI_FLASH_USE_4K_SECTORS=n
+CONFIG_SPI_FLASH_SPANSION=y
+CONFIG_SPI_FLASH_SST=y
+CONFIG_SPI_FLASH_EON=y
+CONFIG_NXP_FSPI=y
+CONFIG_FSL_DSPI=y
+CONFIG_FSPI_AHB_EN_4BYTE=y
+CONFIG_SYS_FSPI_AHB_INIT=y
+CONFIG_PHYLIB=y
+CONFIG_NETDEVICES=y
+CONFIG_PHY_GIGE=y
+CONFIG_CMD_NET=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_PXE=y
+CONFIG_CMD_MII=y
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_FAT=y
+CONFIG_CMD_EXT2=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_PCIE_LX=y
+CONFIG_E1000=y
+CONFIG_NET=y
+CONFIG_DM_MMC=y
+CONFIG_USB=y
+CONFIG_DM_USB=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_USB_STORAGE=y
+CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
+CONFIG_SCSI_AHCI=y
+CONFIG_SCSI=y
+# CONFIG_SYS_FSL_DDR_PHY is not set
+CONFIG_SYS_GEN2_DDR_PHY=y
+CONFIG_SYS_MALLOC_F=y
+CONFIG_SYS_MALLOC_F_LEN=0x6000
+CONFIG_PHYLIB_10G=y
+CONFIG_PHY_AQUANTIA=y # X-M11-USXGMII
+CONFIG_PHY_CORTINA=y # X-M7-40G
+CONFIG_PHY_REALTEK=y # RGMII
+CONFIG_PHY_INPHI=y # X-M8-100G
+CONFIG_PHY_VITESSE=y # SGMII PEX RISER
+CONFIG_HUSH_PARSER=y
+CONFIG_DM_SCSI=y
+CONFIG_SATA_CEVA=y
+CONFIG_AHCI=y
+CONFIG_RSA=y
+CONFIG_SPL_RSA=y
+CONFIG_RSA_SOFTWARE_EXP=y
-- 
2.17.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH v2] armv8:LX2160: Adds distro secure boot support.

[Udit Agarwal]

Adds esbc validate command for verification of MC and DPC
firmware.

Adds secure boot defconfig.

Signed-off-by: Udit Agarwal 
---
Changes in v2:
Correct flash offset for Kernel header for secure boot.

 configs/lx2160ardb_tfa_SECURE_BOOT_defconfig | 86 
 include/configs/lx2160a_common.h | 12 ++-
 2 files changed, 97 insertions(+), 1 deletion(-)
 create mode 100644 configs/lx2160ardb_tfa_SECURE_BOOT_defconfig

diff --git a/configs/lx2160ardb_tfa_SECURE_BOOT_defconfig 
b/configs/lx2160ardb_tfa_SECURE_BOOT_defconfig
new file mode 100644
index 00..b7e3967ad9
--- /dev/null
+++ b/configs/lx2160ardb_tfa_SECURE_BOOT_defconfig
@@ -0,0 +1,86 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LX2160ARDB=y
+CONFIG_SYS_TEXT_BASE=0x8200
+CONFIG_SEC_FIRMWARE_ARMV8_PSCI=y
+CONFIG_SECURE_BOOT=y
+CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-lx2160a-rdb"
+CONFIG_NR_DRAM_BANKS=3
+CONFIG_DM=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_TFABOOT=y
+CONFIG_USE_BOOTARGS=y
+CONFIG_BOOTARGS="console=ttyAMA0,115200 root=/dev/ram0 
earlycon=pl011,mmio32,0x21c ramdisk_size=0x200 default_hugepagesz=1024m 
hugepagesz=1024m hugepages=2 pci=pcie_bus_perf"
+# CONFIG_USE_BOOTCOMMAND is not set
+CONFIG_CMD_GREPENV=y
+CONFIG_CMD_EEPROM=y
+CONFIG_CMD_GPT=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_USB=y
+CONFIG_CMD_CACHE=y
+CONFIG_MP=y
+CONFIG_OF_CONTROL=y
+CONFIG_ENV_IS_NOWHERE=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM_SERIAL=y
+CONFIG_SERIAL_PROBE_ALL=y
+CONFIG_CONS_INDEX=0
+CONFIG_FSL_CAAM=y
+CONFIG_FSL_ESDHC=y
+CONFIG_SPI=y
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_SPI_FLASH=y
+CONFIG_SPI_FLASH_STMICRO=y
+CONFIG_SPI_FLASH_MICRON=y
+CONFIG_SPI_FLASH_USE_4K_SECTORS=n
+CONFIG_SPI_FLASH_SPANSION=y
+CONFIG_NXP_FSPI=y
+CONFIG_FSPI_AHB_EN_4BYTE=y
+CONFIG_SYS_FSPI_AHB_INIT=y
+CONFIG_PHYLIB=y
+CONFIG_NETDEVICES=y
+CONFIG_PHY_GIGE=y
+CONFIG_CMD_NET=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_PXE=y
+CONFIG_CMD_MII=y
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_FAT=y
+CONFIG_CMD_EXT2=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_PCIE_LX=y
+CONFIG_E1000=y
+CONFIG_NET=y
+CONFIG_DM_MMC=y
+CONFIG_DM_MMC_OPS=n
+CONFIG_BLK=n
+CONFIG_USB=y
+CONFIG_DM_USB=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_USB_STORAGE=y
+CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
+CONFIG_SCSI_AHCI=y
+CONFIG_SCSI=y
+# CONFIG_SYS_FSL_DDR_PHY is not set
+CONFIG_SYS_GEN2_DDR_PHY=y
+CONFIG_SYS_MALLOC_F=y
+CONFIG_SYS_MALLOC_F_LEN=0x6000
+CONFIG_PHYLIB_10G=y
+CONFIG_PHY_AQUANTIA=y
+CONFIG_PHY_CORTINA=y
+CONFIG_PHY_ATHEROS=y
+CONFIG_PHY_INPHI=y
+CONFIG_INPHI_25G=y
+CONFIG_HUSH_PARSER=y
+CONFIG_EMC2305=y
+CONFIG_RSA=y
+CONFIG_SPL_RSA=y
+CONFIG_RSA_SOFTWARE_EXP=y
diff --git a/include/configs/lx2160a_common.h b/include/configs/lx2160a_common.h
index fa554bc2f5..3ff54a4dc9 100644
--- a/include/configs/lx2160a_common.h
+++ b/include/configs/lx2160a_common.h
@@ -198,11 +198,19 @@ unsigned long get_board_ddr_clk(void);
 
 /* Initial environment variables */
 #define XSPI_MC_INIT_CMD   \
+   "env exists secureboot && " \
+   "esbc_validate 0x2070 && "  \
+   "esbc_validate 0x2074 ;"\
"fsl_mc start mc 0x20a0 0x20e0\0"
 
 #define SD_MC_INIT_CMD \
"mmc read 0x8000 0x5000 0x800;" \
"mmc read 0x8010 0x7000 0x800;" \
+   "env exists secureboot && " \
+   "mmc read 0x8070 0x3800 0x10 && "   \
+   "mmc read 0x8074 0x3A00 0x10 && "   \
+   "esbc_validate 0x8070 && "  \
+   "esbc_validate 0x8074 ;"\
"fsl_mc start mc 0x8000 0x8010\0"
 
 #define EXTRA_ENV_SETTINGS \
@@ -213,7 +221,7 @@ unsigned long get_board_ddr_clk(void);
"initrd_high=0x\0"  \
"fdt_addr=0x64f0\0" \
"kernel_start=0x100\0"  \
-   "kernelheader_start=0x80\0" \
+   "kernelheader_start=0x7C\0" \
"scriptaddr=0x8000\0"   \
"scripthdraddr=0x8008\0"\
"fdtheader_addr_r=0x8010\0" \
@@ -224,7 +232,9 @@ unsigned long get_board_ddr_clk(void);
"load_addr=0xa000\0"\
"kernel_size=0x280\0"   \
"kernel_addr_sd=0x8000\0"   \
+   "kernelhdr_addr_sd=0x3E00\0"\
"kernel_size_sd=0x1d000\0"  \
+   "kernelhdr_size_sd=0x10\0"  \
"console=ttyAMA0,38400n8\0" \
BOOTENV \
"mcmemsize=0x7000\0"\
-- 
2.17.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH 1/1] armv8:LX2160: Adds distro secure boot support.

[Udit Agarwal]

Adds esbc validate command for verification of MC and DPC
firmware.

Adds secure boot defconfig.

Signed-off-by: Udit Agarwal 
---
 configs/lx2160ardb_tfa_SECURE_BOOT_defconfig | 86 
 include/configs/lx2160a_common.h | 10 +++
 2 files changed, 96 insertions(+)
 create mode 100644 configs/lx2160ardb_tfa_SECURE_BOOT_defconfig

diff --git a/configs/lx2160ardb_tfa_SECURE_BOOT_defconfig 
b/configs/lx2160ardb_tfa_SECURE_BOOT_defconfig
new file mode 100644
index 00..b7e3967ad9
--- /dev/null
+++ b/configs/lx2160ardb_tfa_SECURE_BOOT_defconfig
@@ -0,0 +1,86 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LX2160ARDB=y
+CONFIG_SYS_TEXT_BASE=0x8200
+CONFIG_SEC_FIRMWARE_ARMV8_PSCI=y
+CONFIG_SECURE_BOOT=y
+CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-lx2160a-rdb"
+CONFIG_NR_DRAM_BANKS=3
+CONFIG_DM=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_TFABOOT=y
+CONFIG_USE_BOOTARGS=y
+CONFIG_BOOTARGS="console=ttyAMA0,115200 root=/dev/ram0 
earlycon=pl011,mmio32,0x21c ramdisk_size=0x200 default_hugepagesz=1024m 
hugepagesz=1024m hugepages=2 pci=pcie_bus_perf"
+# CONFIG_USE_BOOTCOMMAND is not set
+CONFIG_CMD_GREPENV=y
+CONFIG_CMD_EEPROM=y
+CONFIG_CMD_GPT=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_USB=y
+CONFIG_CMD_CACHE=y
+CONFIG_MP=y
+CONFIG_OF_CONTROL=y
+CONFIG_ENV_IS_NOWHERE=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM_SERIAL=y
+CONFIG_SERIAL_PROBE_ALL=y
+CONFIG_CONS_INDEX=0
+CONFIG_FSL_CAAM=y
+CONFIG_FSL_ESDHC=y
+CONFIG_SPI=y
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_SPI_FLASH=y
+CONFIG_SPI_FLASH_STMICRO=y
+CONFIG_SPI_FLASH_MICRON=y
+CONFIG_SPI_FLASH_USE_4K_SECTORS=n
+CONFIG_SPI_FLASH_SPANSION=y
+CONFIG_NXP_FSPI=y
+CONFIG_FSPI_AHB_EN_4BYTE=y
+CONFIG_SYS_FSPI_AHB_INIT=y
+CONFIG_PHYLIB=y
+CONFIG_NETDEVICES=y
+CONFIG_PHY_GIGE=y
+CONFIG_CMD_NET=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_PXE=y
+CONFIG_CMD_MII=y
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_FAT=y
+CONFIG_CMD_EXT2=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_PCIE_LX=y
+CONFIG_E1000=y
+CONFIG_NET=y
+CONFIG_DM_MMC=y
+CONFIG_DM_MMC_OPS=n
+CONFIG_BLK=n
+CONFIG_USB=y
+CONFIG_DM_USB=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_USB_STORAGE=y
+CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
+CONFIG_SCSI_AHCI=y
+CONFIG_SCSI=y
+# CONFIG_SYS_FSL_DDR_PHY is not set
+CONFIG_SYS_GEN2_DDR_PHY=y
+CONFIG_SYS_MALLOC_F=y
+CONFIG_SYS_MALLOC_F_LEN=0x6000
+CONFIG_PHYLIB_10G=y
+CONFIG_PHY_AQUANTIA=y
+CONFIG_PHY_CORTINA=y
+CONFIG_PHY_ATHEROS=y
+CONFIG_PHY_INPHI=y
+CONFIG_INPHI_25G=y
+CONFIG_HUSH_PARSER=y
+CONFIG_EMC2305=y
+CONFIG_RSA=y
+CONFIG_SPL_RSA=y
+CONFIG_RSA_SOFTWARE_EXP=y
diff --git a/include/configs/lx2160a_common.h b/include/configs/lx2160a_common.h
index fa554bc2f5..dbeeae9a89 100644
--- a/include/configs/lx2160a_common.h
+++ b/include/configs/lx2160a_common.h
@@ -198,11 +198,19 @@ unsigned long get_board_ddr_clk(void);
 
 /* Initial environment variables */
 #define XSPI_MC_INIT_CMD   \
+   "env exists secureboot && " \
+   "esbc_validate 0x2070 && "  \
+   "esbc_validate 0x2074 ;"\
"fsl_mc start mc 0x20a0 0x20e0\0"
 
 #define SD_MC_INIT_CMD \
"mmc read 0x8000 0x5000 0x800;" \
"mmc read 0x8010 0x7000 0x800;" \
+   "env exists secureboot && " \
+   "mmc read 0x8070 0x3800 0x10 && "   \
+   "mmc read 0x8074 0x3A00 0x10 && "   \
+   "esbc_validate 0x8070 && "  \
+   "esbc_validate 0x8074 ;"\
"fsl_mc start mc 0x8000 0x8010\0"
 
 #define EXTRA_ENV_SETTINGS \
@@ -224,7 +232,9 @@ unsigned long get_board_ddr_clk(void);
"load_addr=0xa000\0"\
"kernel_size=0x280\0"   \
"kernel_addr_sd=0x8000\0"   \
+   "kernelhdr_addr_sd=0x4000\0"\
"kernel_size_sd=0x1d000\0"  \
+   "kernelhdr_size_sd=0x10\0"  \
"console=ttyAMA0,38400n8\0" \
BOOTENV \
"mcmemsize=0x7000\0"\
-- 
2.17.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

Re: [U-Boot] Default boot arguments in case of missing FDT

[Udit agarwal]

I found here <https://www.denx.de/wiki/DULG/UBootCmdGroupExec> that if, fdt
pointer is missing, by default bd_info will be passed. Can/How can I
override this, to pass my own default FDT?

On Sun, Mar 4, 2018 at 12:57 PM, Udit agarwal <dev.mada...@gmail.com> wrote:

> Hi all,
> I need to implement a check on whether user provided a valid FDT or not(on
> beagle bone Black).
> So,
>
>- First, what is the default value(if any) of FDT pointer passed on
>via uboot to kernel?
>- Is there a option to set/customize the default FDT pointer value?
>
> Regard,
>
> Udit agarwal
>
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] Default boot arguments in case of missing FDT

[Udit agarwal]

Hi all,
I need to implement a check on whether user provided a valid FDT or not(on
beagle bone Black).
So,

   - First, what is the default value(if any) of FDT pointer passed on via
   uboot to kernel?
   - Is there a option to set/customize the default FDT pointer value?

Regard,

Udit agarwal
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [Patch v3] LS2080A_SECURE_BOOT: Enable CONFIG_FSL_LS_PPA.

[Udit Agarwal]

Adds config CONFIG_FSL_LS_PPA and CONFIG_FSL_CAAM in
LS2080AQDS and LS2080ARDB secure boot defconfig.

Removes CONFIG_FIT, as with CONFIG_FSL_LS_PPA enabled,
CONFIG_FIT is selected.

Removes CONFIG_SPL_RSA as in NOR boot SPL boot is not done.

Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
---
Changes in v3:
Corrects commit message for the patch.

 configs/ls2080aqds_SECURE_BOOT_defconfig | 5 +++--
 configs/ls2080ardb_SECURE_BOOT_defconfig | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/configs/ls2080aqds_SECURE_BOOT_defconfig 
b/configs/ls2080aqds_SECURE_BOOT_defconfig
index ee6043e..17a077d 100644
--- a/configs/ls2080aqds_SECURE_BOOT_defconfig
+++ b/configs/ls2080aqds_SECURE_BOOT_defconfig
@@ -1,12 +1,13 @@
 CONFIG_ARM=y
 CONFIG_TARGET_LS2080AQDS=y
+CONFIG_FSL_LS_PPA=y
 CONFIG_SECURE_BOOT=y
 CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-qds"
 # CONFIG_SYS_MALLOC_F is not set
-CONFIG_FIT=y
 CONFIG_FIT_VERBOSE=y
 CONFIG_OF_BOARD_SETUP=y
 CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_ENV_IS_IN_FLASH=y
 CONFIG_BOOTDELAY=10
 CONFIG_USE_BOOTARGS=y
 CONFIG_BOOTARGS="console=ttyS0,115200 root=/dev/ram0 
earlycon=uart8250,mmio,0x21c0500 ramdisk_size=0x200 default_hugepagesz=2m 
hugepagesz=2m hugepages=256"
@@ -28,6 +29,7 @@ CONFIG_CMD_DATE=y
 CONFIG_OF_CONTROL=y
 CONFIG_NET_RANDOM_ETHADDR=y
 CONFIG_DM=y
+CONFIG_FSL_CAAM=y
 CONFIG_MTD_NOR_FLASH=y
 CONFIG_DM_SPI_FLASH=y
 CONFIG_PHYLIB=y
@@ -47,6 +49,5 @@ CONFIG_USB_XHCI_HCD=y
 CONFIG_USB_XHCI_DWC3=y
 CONFIG_USB_STORAGE=y
 CONFIG_RSA=y
-CONFIG_SPL_RSA=y
 CONFIG_RSA_SOFTWARE_EXP=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
diff --git a/configs/ls2080ardb_SECURE_BOOT_defconfig 
b/configs/ls2080ardb_SECURE_BOOT_defconfig
index 01fc9e6..37137f4 100644
--- a/configs/ls2080ardb_SECURE_BOOT_defconfig
+++ b/configs/ls2080ardb_SECURE_BOOT_defconfig
@@ -1,12 +1,13 @@
 CONFIG_ARM=y
 CONFIG_TARGET_LS2080ARDB=y
+CONFIG_FSL_LS_PPA=y
 CONFIG_SECURE_BOOT=y
 CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-rdb"
 # CONFIG_SYS_MALLOC_F is not set
-CONFIG_FIT=y
 CONFIG_FIT_VERBOSE=y
 CONFIG_OF_BOARD_SETUP=y
 CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_ENV_IS_IN_FLASH=y
 CONFIG_BOOTDELAY=10
 CONFIG_USE_BOOTARGS=y
 CONFIG_BOOTARGS="console=ttyS1,115200 root=/dev/ram0 
earlycon=uart8250,mmio,0x21c0600 ramdisk_size=0x200 default_hugepagesz=2m 
hugepagesz=2m hugepages=256"
@@ -27,6 +28,7 @@ CONFIG_CMD_DATE=y
 CONFIG_OF_CONTROL=y
 CONFIG_NET_RANDOM_ETHADDR=y
 CONFIG_DM=y
+CONFIG_FSL_CAAM=y
 CONFIG_MTD_NOR_FLASH=y
 CONFIG_DM_SPI_FLASH=y
 CONFIG_PHYLIB=y
@@ -46,6 +48,5 @@ CONFIG_USB_XHCI_HCD=y
 CONFIG_USB_XHCI_DWC3=y
 CONFIG_USB_STORAGE=y
 CONFIG_RSA=y
-CONFIG_SPL_RSA=y
 CONFIG_RSA_SOFTWARE_EXP=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
-- 
1.9.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH v4 2/2] LS1088A_QSPI: Add secure boot defconfigs for QSPI boot.

[Udit Agarwal]

Add the secure boot defconfigs for QSPI boot on LS1088ARDB
and LS1088AQDS platforms.

Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
Signed-off-by: Vinitha Pillai-B57223 <vinitha.pil...@nxp.com>
---
Changes in v4:
Adds Distro boot support defconfigs.
Adds config to unset CONFIG_BOOTCOOMAND.
Keeping defconfig options in sorted manner.

 board/freescale/ls1088a/MAINTAINERS   | 12 +++
 configs/ls1088aqds_qspi_SECURE_BOOT_defconfig | 47 ++
 configs/ls1088ardb_qspi_SECURE_BOOT_defconfig | 48 +++
 3 files changed, 107 insertions(+)
 create mode 100644 configs/ls1088aqds_qspi_SECURE_BOOT_defconfig
 create mode 100644 configs/ls1088ardb_qspi_SECURE_BOOT_defconfig

diff --git a/board/freescale/ls1088a/MAINTAINERS 
b/board/freescale/ls1088a/MAINTAINERS
index b3d5c38..de3961d 100644
--- a/board/freescale/ls1088a/MAINTAINERS
+++ b/board/freescale/ls1088a/MAINTAINERS
@@ -15,3 +15,15 @@ F:   board/freescale/ls1088a/
 F: include/configs/ls1088aqds.h
 F: configs/ls1088aqds_qspi_defconfig
 F: configs/ls1088aqds_sdcard_qspi_defconfig
+
+LS1088AQDS_QSPI_SECURE_BOOT BOARD
+M: Udit Agarwal <udit.agar...@nxp.com>
+M: Vinitha Pillai-B57223 <vinitha.pil...@nxp.com>
+S: Maintained
+F: configs/ls1088aqds_qspi_SECURE_BOOT_defconfig
+
+LS1088ARDB_QSPI_SECURE_BOOT BOARD
+M: Udit Agarwal <udit.agar...@nxp.com>
+M: Vinitha Pillai-B57223 <vinitha.pil...@nxp.com>
+S: Maintained
+F: configs/ls1088ardb_qspi_SECURE_BOOT_defconfig
diff --git a/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig 
b/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig
new file mode 100644
index 000..529651b
--- /dev/null
+++ b/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig
@@ -0,0 +1,47 @@
+CONFIG_ARM=y
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_USB=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1088a-qds"
+CONFIG_DM=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_DM_USB=y
+CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
+CONFIG_ENV_IS_IN_SPI_FLASH=y
+CONFIG_E1000=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_FSL_CAAM=y
+CONFIG_FSL_DSPI=y
+CONFIG_FSL_LS_PPA=y
+CONFIG_HUSH_PARSER=y
+CONFIG_NETDEVICES=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_CONTROL=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_PCI=y
+CONFIG_PCIE_LAYERSCAPE=y
+CONFIG_RSA=y
+CONFIG_RSA_SOFTWARE_EXP=y
+CONFIG_SECURE_BOOT=y
+CONFIG_SPI_FLASH=y
+CONFIG_SPI_FLASH_SPANSION=y
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, QSPI_BOOT"
+CONFIG_SYS_NS16550=y
+CONFIG_TARGET_LS1088AQDS=y
+CONFIG_USB=y
+CONFIG_USB_DWC3=y
+CONFIG_USB_GADGET=y
+CONFIG_USB_STORAGE=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_USB_XHCI_HCD=y
+# CONFIG_DISPLAY_BOARDINFO is not set
+# CONFIG_USE_BOOTCOMMAND is not set
diff --git a/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig 
b/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig
new file mode 100644
index 000..e800966
--- /dev/null
+++ b/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig
@@ -0,0 +1,48 @@
+CONFIG_ARM=y
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_USB=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1088a-rdb"
+CONFIG_DISTRO_DEFAULTS=y
+CONFIG_DM=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_DM_USB=y
+CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
+CONFIG_ENV_IS_IN_SPI_FLASH=y
+CONFIG_E1000=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_FSL_CAAM=y
+CONFIG_FSL_DSPI=y
+CONFIG_FSL_LS_PPA=y
+CONFIG_HUSH_PARSER=y
+CONFIG_NETDEVICES=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_CONTROL=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_PCI=y
+CONFIG_PCIE_LAYERSCAPE=y
+CONFIG_RSA=y
+CONFIG_RSA_SOFTWARE_EXP=y
+CONFIG_SECURE_BOOT=y
+CONFIG_SPI_FLASH=y
+CONFIG_SPI_FLASH_SPANSION=y
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, QSPI_BOOT"
+CONFIG_SYS_NS16550=y
+CONFIG_TARGET_LS1088ARDB=y
+CONFIG_USB=y
+CONFIG_USB_DWC3=y
+CONFIG_USB_GADGET=y
+CONFIG_USB_STORAGE=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_USB_XHCI_HCD=y
+# CONFIG_DISPLAY_BOARDINFO is not set
+# CONFIG_USE_BOOTCOMMAND is not set
-- 
1.9.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH v4 1/2] LS1088A_QSPI: SECURE_BOOT: Images validation

[Udit Agarwal]

Validates PPA, MC, DPC, Bootscript, DPL and Kernel images in ESBC phase
using esbc_validate command.

Enable validation of boot.scr script prior to its execution dependent
on "secureboot" flag in environment

Add header address for PPA to be validated during ESBC phase for LS1088A
platform based on LAyerscape Chasis 3.

Moves sec_init prior to ppa_init as for validation of PPA sec must
be initialised before the PPA is initialised.

Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
Signed-off-by: Vinitha Pillai-B57223 <vinitha.pil...@nxp.com>
Signed-off-by: Sumit Garg <sumit.g...@nxp.com>
---
Changes in v4:
Adds Distro boot support.
Removes CONFIG_FSL_CAAM. Will be enabled via defconfig

 arch/arm/cpu/armv8/fsl-layerscape/Kconfig |  1 +
 board/freescale/ls1088a/Kconfig   |  2 ++
 board/freescale/ls1088a/ls1088a.c |  6 ++--
 include/configs/ls1088a_common.h  |  3 --
 include/configs/ls1088aqds.h  | 21 +
 include/configs/ls1088ardb.h  | 50 +++
 6 files changed, 64 insertions(+), 19 deletions(-)

diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig 
b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
index 5daf79e..4aa0414 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
+++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
@@ -244,6 +244,7 @@ config SYS_LS_PPA_ESBC_ADDR
default 0x4068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A
default 0x2068 if SYS_LS_PPA_FW_IN_XIP && QSPI_BOOT && ARCH_LS2080A
default 0x58068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS2080A
+   default 0x2068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1088A
default 0x68 if SYS_LS_PPA_FW_IN_MMC
default 0x68 if SYS_LS_PPA_FW_IN_NAND
help
diff --git a/board/freescale/ls1088a/Kconfig b/board/freescale/ls1088a/Kconfig
index 1ada661..4479dd0 100644
--- a/board/freescale/ls1088a/Kconfig
+++ b/board/freescale/ls1088a/Kconfig
@@ -12,6 +12,7 @@ config SYS_SOC
 config SYS_CONFIG_NAME
default "ls1088aqds"
 
+source "board/freescale/common/Kconfig"
 endif
 
 if TARGET_LS1088ARDB
@@ -28,4 +29,5 @@ config SYS_SOC
 config SYS_CONFIG_NAME
default "ls1088ardb"
 
+source "board/freescale/common/Kconfig"
 endif
diff --git a/board/freescale/ls1088a/ls1088a.c 
b/board/freescale/ls1088a/ls1088a.c
index 96d9ae7..1860f9c 100644
--- a/board/freescale/ls1088a/ls1088a.c
+++ b/board/freescale/ls1088a/ls1088a.c
@@ -315,6 +315,9 @@ int board_init(void)
out_le32(irq_ccsr + IRQCR_OFFSET / 4, AQR105_IRQ_MASK);
 #endif
 
+#ifdef CONFIG_FSL_CAAM
+   sec_init();
+#endif
 #ifdef CONFIG_FSL_LS_PPA
ppa_init();
 #endif
@@ -337,9 +340,6 @@ void detail_board_ddr_info(void)
 #if defined(CONFIG_ARCH_MISC_INIT)
 int arch_misc_init(void)
 {
-#ifdef CONFIG_FSL_CAAM
-   sec_init();
-#endif
return 0;
 }
 #endif
diff --git a/include/configs/ls1088a_common.h b/include/configs/ls1088a_common.h
index 6b71d47..b99257e 100644
--- a/include/configs/ls1088a_common.h
+++ b/include/configs/ls1088a_common.h
@@ -144,9 +144,6 @@ unsigned long long get_qixis_addr(void);
 #if defined(CONFIG_FSL_MC_ENET)
 #define CONFIG_SYS_LS_MC_DRAM_BLOCK_MIN_SIZE   (512UL * 1024 * 1024)
 #endif
-
-#define CONFIG_FSL_CAAM/* Enable SEC/CAAM */
-
 /* Command line configuration */
 #define CONFIG_CMD_GREPENV
 #define CONFIG_CMD_CACHE
diff --git a/include/configs/ls1088aqds.h b/include/configs/ls1088aqds.h
index 310e8fd..e7e3afe 100644
--- a/include/configs/ls1088aqds.h
+++ b/include/configs/ls1088aqds.h
@@ -335,6 +335,26 @@ unsigned long get_board_ddr_clk(void);
QIXIS_SDID_MASK) != QIXIS_ESDHC_NO_ADAPTER)
 
 /* Initial environment variables */
+#ifdef CONFIG_SECURE_BOOT
+#undef CONFIG_EXTRA_ENV_SETTINGS
+#define CONFIG_EXTRA_ENV_SETTINGS  \
+   "hwconfig=fsl_ddr:bank_intlv=auto\0"\
+   "loadaddr=0x9010\0" \
+   "kernel_addr=0x10\0"\
+   "ramdisk_addr=0x80\0"   \
+   "ramdisk_size=0x200\0"  \
+   "fdt_high=0xa000\0" \
+   "initrd_high=0x\0"  \
+   "kernel_start=0x100\0"  \
+   "kernel_load=0xa000\0"  \
+   "kernel_size=0x280\0"   \
+   "mcinitcmd=sf probe 0:0;sf read 0xa0a0 0xa0 0x10;"  \
+   "sf read 0xa070 0x70 0x4000; esbc_validate 0xa070;" \
+   "sf read 0xa0e0 0xe0 0x10;" \
+   "sf read 0xa074 0x74 0x4000;esbc_validate 0xa074;"  \
+   "fsl_mc start mc 0xa0a0 0xa0e0\0"   \
+   "mcmemsize=0x7000 \0"
+#el

Re: [U-Boot] [PATCH v3 1/2] LS1088A_QSPI: SECURE_BOOT: Images validation

[Udit Agarwal]

> -Original Message-
> From: York Sun
> Sent: Tuesday, October 24, 2017 3:04 AM
> To: Udit Agarwal <udit.agar...@nxp.com>; u-boot@lists.denx.de
> Cc: Ruchika Gupta <ruchika.gu...@nxp.com>; Sumit Garg <sumit.g...@nxp.com>;
> Prabhakar Kushwaha <prabhakar.kushw...@nxp.com>
> Subject: Re: [PATCH v3 1/2] LS1088A_QSPI: SECURE_BOOT: Images validation
> 
> On 10/15/2017 10:03 PM, Udit Agarwal wrote:
> > Validates PPA, MC, DPC, Bootscript, DPL and Kernel images in ESBC
> > phase using esbc_validate command. Add images validation in default
> > environment under mcinitcmd prior to MC initialization.
> >
> > Add header address for PPA to be validated during ESBC phase for
> > LS1088A platform based on LAyerscape Chasis 3.
> >
> > Moves sec_init prior to ppa_init as for validation of PPA sec must be
> > initialised before the PPA is initialised.
> >
> > Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
> > ---
> > Changes in v3:
> > Removes CONFIG_FSL_CAAM. Will be enabled via defconfig.
> >
> >  arch/arm/cpu/armv8/fsl-layerscape/Kconfig |  1 +
> >  board/freescale/ls1088a/Kconfig   |  2 ++
> >  board/freescale/ls1088a/ls1088a.c |  6 +++---
> >  include/configs/ls1088a_common.h  |  3 ---
> >  include/configs/ls1088aqds.h  | 21 +
> >  include/configs/ls1088ardb.h  | 22 +-
> >  6 files changed, 48 insertions(+), 7 deletions(-)
> >
> > diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> > b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> > index 3518d86..7883623 100644
> > --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> > +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> > @@ -242,6 +242,7 @@ config SYS_LS_PPA_ESBC_ADDR
> > default 0x4068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A
> > default 0x2068 if SYS_LS_PPA_FW_IN_XIP && QSPI_BOOT &&
> ARCH_LS2080A
> > default 0x58068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS2080A
> > +   default 0x2068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1088A
> > default 0x68 if SYS_LS_PPA_FW_IN_MMC
> > default 0x68 if SYS_LS_PPA_FW_IN_NAND
> > help
> > diff --git a/board/freescale/ls1088a/Kconfig
> > b/board/freescale/ls1088a/Kconfig index 1ada661..4479dd0 100644
> > --- a/board/freescale/ls1088a/Kconfig
> > +++ b/board/freescale/ls1088a/Kconfig
> > @@ -12,6 +12,7 @@ config SYS_SOC
> >  config SYS_CONFIG_NAME
> > default "ls1088aqds"
> >
> > +source "board/freescale/common/Kconfig"
> >  endif
> >
> >  if TARGET_LS1088ARDB
> > @@ -28,4 +29,5 @@ config SYS_SOC
> >  config SYS_CONFIG_NAME
> > default "ls1088ardb"
> >
> > +source "board/freescale/common/Kconfig"
> >  endif
> > diff --git a/board/freescale/ls1088a/ls1088a.c
> > b/board/freescale/ls1088a/ls1088a.c
> > index 96d9ae7..1860f9c 100644
> > --- a/board/freescale/ls1088a/ls1088a.c
> > +++ b/board/freescale/ls1088a/ls1088a.c
> > @@ -315,6 +315,9 @@ int board_init(void)
> > out_le32(irq_ccsr + IRQCR_OFFSET / 4, AQR105_IRQ_MASK);  #endif
> >
> > +#ifdef CONFIG_FSL_CAAM
> > +   sec_init();
> > +#endif
> >  #ifdef CONFIG_FSL_LS_PPA
> > ppa_init();
> >  #endif
> > @@ -337,9 +340,6 @@ void detail_board_ddr_info(void)  #if
> > defined(CONFIG_ARCH_MISC_INIT)  int arch_misc_init(void)  { -#ifdef
> > CONFIG_FSL_CAAM
> > -   sec_init();
> > -#endif
> > return 0;
> >  }
> >  #endif
> > diff --git a/include/configs/ls1088a_common.h
> > b/include/configs/ls1088a_common.h
> > index 84e9b14..6b82ee3 100644
> > --- a/include/configs/ls1088a_common.h
> > +++ b/include/configs/ls1088a_common.h
> > @@ -132,9 +132,6 @@ unsigned long long get_qixis_addr(void);  #if
> > defined(CONFIG_FSL_MC_ENET)
> >  #define CONFIG_SYS_LS_MC_DRAM_BLOCK_MIN_SIZE   (512UL *
> 1024 * 1024)
> >  #endif
> > -
> > -#define CONFIG_FSL_CAAM/* Enable SEC/CAAM */
> > -
> >  /* Command line configuration */
> >  #define CONFIG_CMD_GREPENV
> >  #define CONFIG_CMD_CACHE
> > diff --git a/include/configs/ls1088aqds.h
> > b/include/configs/ls1088aqds.h index 3547b0b..ff0cb7e 100644
> > --- a/include/configs/ls1088aqds.h
> > +++ b/include/configs/ls1088aqds.h
> > @@ -329,6 +329,26 @@ unsigned long get_board_ddr_clk(void);
> > QIXIS_SDID_MASK) != QIXIS_ESDHC_NO_ADAPTER)
> >
> >  /* 

[U-Boot] [Patch v2] LS2080A_SECURE_BOOT: Enable CONFIG_FSL_LS_PPA.

[Udit Agarwal]

Adds config CONFIG_FSL_LS_PPA and CONFIG_FSL_CAAM in
LS2080AQDS and LS2080ARDB secure boot defconfig.

Removes CONFIG_FIT, as not required when CONFIG_FSL_LS_PPA
is enabled.

Removes CONFIG_SPL_RSA as in QSPI boot SPL boot is not done.

Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
---
Changes in V2:
Adds information in patch description for other changes.

 configs/ls2080aqds_SECURE_BOOT_defconfig | 5 +++--
 configs/ls2080ardb_SECURE_BOOT_defconfig | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/configs/ls2080aqds_SECURE_BOOT_defconfig 
b/configs/ls2080aqds_SECURE_BOOT_defconfig
index c80a837..8063cd7 100644
--- a/configs/ls2080aqds_SECURE_BOOT_defconfig
+++ b/configs/ls2080aqds_SECURE_BOOT_defconfig
@@ -1,12 +1,13 @@
 CONFIG_ARM=y
 CONFIG_TARGET_LS2080AQDS=y
+CONFIG_FSL_LS_PPA=y
 CONFIG_SECURE_BOOT=y
 CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-qds"
 # CONFIG_SYS_MALLOC_F is not set
-CONFIG_FIT=y
 CONFIG_FIT_VERBOSE=y
 CONFIG_OF_BOARD_SETUP=y
 CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_ENV_IS_IN_FLASH=y
 CONFIG_BOOTDELAY=10
 CONFIG_USE_BOOTARGS=y
 CONFIG_BOOTARGS="console=ttyS0,115200 root=/dev/ram0 
earlycon=uart8250,mmio,0x21c0500 ramdisk_size=0x200 default_hugepagesz=2m 
hugepagesz=2m hugepages=256"
@@ -26,6 +27,7 @@ CONFIG_CMD_DATE=y
 CONFIG_OF_CONTROL=y
 CONFIG_NET_RANDOM_ETHADDR=y
 CONFIG_DM=y
+CONFIG_FSL_CAAM=y
 CONFIG_MTD_NOR_FLASH=y
 CONFIG_DM_SPI_FLASH=y
 CONFIG_PHYLIB=y
@@ -45,6 +47,5 @@ CONFIG_USB_XHCI_HCD=y
 CONFIG_USB_XHCI_DWC3=y
 CONFIG_USB_STORAGE=y
 CONFIG_RSA=y
-CONFIG_SPL_RSA=y
 CONFIG_RSA_SOFTWARE_EXP=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
diff --git a/configs/ls2080ardb_SECURE_BOOT_defconfig 
b/configs/ls2080ardb_SECURE_BOOT_defconfig
index 4a462ce..4e4666d 100644
--- a/configs/ls2080ardb_SECURE_BOOT_defconfig
+++ b/configs/ls2080ardb_SECURE_BOOT_defconfig
@@ -1,12 +1,13 @@
 CONFIG_ARM=y
 CONFIG_TARGET_LS2080ARDB=y
+CONFIG_FSL_LS_PPA=y
 CONFIG_SECURE_BOOT=y
 CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-rdb"
 # CONFIG_SYS_MALLOC_F is not set
-CONFIG_FIT=y
 CONFIG_FIT_VERBOSE=y
 CONFIG_OF_BOARD_SETUP=y
 CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_ENV_IS_IN_FLASH=y
 CONFIG_BOOTDELAY=10
 CONFIG_USE_BOOTARGS=y
 CONFIG_BOOTARGS="console=ttyS1,115200 root=/dev/ram0 
earlycon=uart8250,mmio,0x21c0600 ramdisk_size=0x200 default_hugepagesz=2m 
hugepagesz=2m hugepages=256"
@@ -25,6 +26,7 @@ CONFIG_CMD_DATE=y
 CONFIG_OF_CONTROL=y
 CONFIG_NET_RANDOM_ETHADDR=y
 CONFIG_DM=y
+CONFIG_FSL_CAAM=y
 CONFIG_MTD_NOR_FLASH=y
 CONFIG_DM_SPI_FLASH=y
 CONFIG_PHYLIB=y
@@ -44,6 +46,5 @@ CONFIG_USB_XHCI_HCD=y
 CONFIG_USB_XHCI_DWC3=y
 CONFIG_USB_STORAGE=y
 CONFIG_RSA=y
-CONFIG_SPL_RSA=y
 CONFIG_RSA_SOFTWARE_EXP=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
-- 
1.9.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH v3 1/2] LS1088A_QSPI: SECURE_BOOT: Images validation

[Udit Agarwal]

Validates PPA, MC, DPC, Bootscript, DPL and Kernel images in ESBC phase
using esbc_validate command. Add images validation in default environment
under mcinitcmd prior to MC initialization.

Add header address for PPA to be validated during ESBC phase for LS1088A
platform based on LAyerscape Chasis 3.

Moves sec_init prior to ppa_init as for validation of PPA sec must
be initialised before the PPA is initialised.

Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
---
Changes in v3:
Removes CONFIG_FSL_CAAM. Will be enabled via defconfig.

 arch/arm/cpu/armv8/fsl-layerscape/Kconfig |  1 +
 board/freescale/ls1088a/Kconfig   |  2 ++
 board/freescale/ls1088a/ls1088a.c |  6 +++---
 include/configs/ls1088a_common.h  |  3 ---
 include/configs/ls1088aqds.h  | 21 +
 include/configs/ls1088ardb.h  | 22 +-
 6 files changed, 48 insertions(+), 7 deletions(-)

diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig 
b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
index 3518d86..7883623 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
+++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
@@ -242,6 +242,7 @@ config SYS_LS_PPA_ESBC_ADDR
default 0x4068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A
default 0x2068 if SYS_LS_PPA_FW_IN_XIP && QSPI_BOOT && ARCH_LS2080A
default 0x58068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS2080A
+   default 0x2068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1088A
default 0x68 if SYS_LS_PPA_FW_IN_MMC
default 0x68 if SYS_LS_PPA_FW_IN_NAND
help
diff --git a/board/freescale/ls1088a/Kconfig b/board/freescale/ls1088a/Kconfig
index 1ada661..4479dd0 100644
--- a/board/freescale/ls1088a/Kconfig
+++ b/board/freescale/ls1088a/Kconfig
@@ -12,6 +12,7 @@ config SYS_SOC
 config SYS_CONFIG_NAME
default "ls1088aqds"
 
+source "board/freescale/common/Kconfig"
 endif
 
 if TARGET_LS1088ARDB
@@ -28,4 +29,5 @@ config SYS_SOC
 config SYS_CONFIG_NAME
default "ls1088ardb"
 
+source "board/freescale/common/Kconfig"
 endif
diff --git a/board/freescale/ls1088a/ls1088a.c 
b/board/freescale/ls1088a/ls1088a.c
index 96d9ae7..1860f9c 100644
--- a/board/freescale/ls1088a/ls1088a.c
+++ b/board/freescale/ls1088a/ls1088a.c
@@ -315,6 +315,9 @@ int board_init(void)
out_le32(irq_ccsr + IRQCR_OFFSET / 4, AQR105_IRQ_MASK);
 #endif
 
+#ifdef CONFIG_FSL_CAAM
+   sec_init();
+#endif
 #ifdef CONFIG_FSL_LS_PPA
ppa_init();
 #endif
@@ -337,9 +340,6 @@ void detail_board_ddr_info(void)
 #if defined(CONFIG_ARCH_MISC_INIT)
 int arch_misc_init(void)
 {
-#ifdef CONFIG_FSL_CAAM
-   sec_init();
-#endif
return 0;
 }
 #endif
diff --git a/include/configs/ls1088a_common.h b/include/configs/ls1088a_common.h
index 84e9b14..6b82ee3 100644
--- a/include/configs/ls1088a_common.h
+++ b/include/configs/ls1088a_common.h
@@ -132,9 +132,6 @@ unsigned long long get_qixis_addr(void);
 #if defined(CONFIG_FSL_MC_ENET)
 #define CONFIG_SYS_LS_MC_DRAM_BLOCK_MIN_SIZE   (512UL * 1024 * 1024)
 #endif
-
-#define CONFIG_FSL_CAAM/* Enable SEC/CAAM */
-
 /* Command line configuration */
 #define CONFIG_CMD_GREPENV
 #define CONFIG_CMD_CACHE
diff --git a/include/configs/ls1088aqds.h b/include/configs/ls1088aqds.h
index 3547b0b..ff0cb7e 100644
--- a/include/configs/ls1088aqds.h
+++ b/include/configs/ls1088aqds.h
@@ -329,6 +329,26 @@ unsigned long get_board_ddr_clk(void);
QIXIS_SDID_MASK) != QIXIS_ESDHC_NO_ADAPTER)
 
 /* Initial environment variables */
+#ifdef CONFIG_SECURE_BOOT
+#undef CONFIG_EXTRA_ENV_SETTINGS
+#define CONFIG_EXTRA_ENV_SETTINGS  \
+   "hwconfig=fsl_ddr:bank_intlv=auto\0"\
+   "loadaddr=0x9010\0" \
+   "kernel_addr=0x10\0"\
+   "ramdisk_addr=0x80\0"   \
+   "ramdisk_size=0x200\0"  \
+   "fdt_high=0xa000\0" \
+   "initrd_high=0x\0"  \
+   "kernel_start=0x100\0"  \
+   "kernel_load=0xa000\0"  \
+   "kernel_size=0x280\0"   \
+   "mcinitcmd=sf probe 0:0;sf read 0xa0a0 0xa0 0x10;"  \
+   "sf read 0xa070 0x70 0x4000; esbc_validate 0xa070;" \
+   "sf read 0xa0e0 0xe0 0x10;" \
+   "sf read 0xa074 0x74 0x4000;esbc_validate 0xa074;"  \
+   "fsl_mc start mc 0xa0a0 0xa0e0\0"   \
+   "mcmemsize=0x7000 \0"
+#else /* if !(CONFIG_SECURE_BOOT) */
 #if defined(CONFIG_QSPI_BOOT)
 #undef CONFIG_EXTRA_ENV_SETTINGS
 #define CONFIG_EXTRA_ENV_SETTINGS  \
@@ -362,6 +382,7 @@ unsigned long get

[U-Boot] [PATCH v3 2/2] LS1088A_QSPI: Add secure boot defconfigs for QSPI boot.

[Udit Agarwal]

Add the secure boot defconfigs for QSPI boot on LS1088ARDB
and LS1088AQDS platforms.

Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
---
Changes in v3:
Keeping defconfig options in sorted manner.

 board/freescale/ls1088a/MAINTAINERS   | 10 
 configs/ls1088aqds_qspi_SECURE_BOOT_defconfig | 37 +++
 configs/ls1088ardb_qspi_SECURE_BOOT_defconfig | 37 +++
 3 files changed, 84 insertions(+)
 create mode 100644 configs/ls1088aqds_qspi_SECURE_BOOT_defconfig
 create mode 100644 configs/ls1088ardb_qspi_SECURE_BOOT_defconfig

diff --git a/board/freescale/ls1088a/MAINTAINERS 
b/board/freescale/ls1088a/MAINTAINERS
index e1e6d4b..19336ca 100644
--- a/board/freescale/ls1088a/MAINTAINERS
+++ b/board/freescale/ls1088a/MAINTAINERS
@@ -13,3 +13,13 @@ S:   Maintained
 F: board/freescale/ls1088a/
 F: include/configs/ls1088aqds.h
 F: configs/ls1088aqds_qspi_defconfig
+
+LS1088AQDS_QSPI_SECURE_BOOT BOARD
+M:  Udit Agarwal <udit.agar...@nxp.com>
+S:  Maintained
+F:  configs/ls1088aqds_qspi_SECURE_BOOT_defconfig
+
+LS1088ARDB_QSPI_SECURE_BOOT BOARD
+M:  Udit Agarwal <udit.agar...@nxp.com>
+S:  Maintained
+F:  configs/ls1088ardb_qspi_SECURE_BOOT_defconfig
diff --git a/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig 
b/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig
new file mode 100644
index 000..ce4dddf
--- /dev/null
+++ b/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig
@@ -0,0 +1,37 @@
+CONFIG_ARM=y
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_SF=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1088a-qds"
+CONFIG_DM=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
+CONFIG_E1000=y
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_FSL_CAAM=y
+CONFIG_FSL_DSPI=y
+CONFIG_FSL_LS_PPA=y
+CONFIG_HUSH_PARSER=y
+CONFIG_NETDEVICES=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_CONTROL=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_PCI=y
+CONFIG_PCIE_LAYERSCAPE=y
+CONFIG_RSA=y
+CONFIG_RSA_SOFTWARE_EXP=y
+CONFIG_SECURE_BOOT=y
+CONFIG_SPI_FLASH=y
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, QSPI_BOOT"
+CONFIG_SYS_NS16550=y
+CONFIG_TARGET_LS1088AQDS=y
+# CONFIG_DISPLAY_BOARDINFO is not set
diff --git a/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig 
b/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig
new file mode 100644
index 000..e3046b2
--- /dev/null
+++ b/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig
@@ -0,0 +1,37 @@
+CONFIG_ARM=y
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_SF=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1088a-rdb"
+CONFIG_DM=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
+CONFIG_E1000=y
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_FSL_CAAM=y
+CONFIG_FSL_DSPI=y
+CONFIG_FSL_LS_PPA=y
+CONFIG_HUSH_PARSER=y
+CONFIG_NETDEVICES=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_CONTROL=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_PCI=y
+CONFIG_PCIE_LAYERSCAPE=y
+CONFIG_RSA=y
+CONFIG_RSA_SOFTWARE_EXP=y
+CONFIG_SECURE_BOOT=y
+CONFIG_SPI_FLASH=y
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, QSPI_BOOT"
+CONFIG_SYS_NS16550=y
+CONFIG_TARGET_LS1088ARDB=y
+# CONFIG_DISPLAY_BOARDINFO is not set
-- 
1.9.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH] LS2080A_SECURE_BOOT: Enable CONFIG_FSL_LS_PPA.

[Udit Agarwal]

Add config CONFIG_FSL_LS_PPA and CONFIG_FSL_CAAM in
LS2080AQDS and LS2080ARDB secure boot defconfig.

Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
---
 configs/ls2080aqds_SECURE_BOOT_defconfig | 5 +++--
 configs/ls2080ardb_SECURE_BOOT_defconfig | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/configs/ls2080aqds_SECURE_BOOT_defconfig 
b/configs/ls2080aqds_SECURE_BOOT_defconfig
index aace6b4..d4067a2 100644
--- a/configs/ls2080aqds_SECURE_BOOT_defconfig
+++ b/configs/ls2080aqds_SECURE_BOOT_defconfig
@@ -1,12 +1,13 @@
 CONFIG_ARM=y
 CONFIG_TARGET_LS2080AQDS=y
+CONFIG_FSL_LS_PPA=y
 CONFIG_SECURE_BOOT=y
 CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-qds"
 # CONFIG_SYS_MALLOC_F is not set
-CONFIG_FIT=y
 CONFIG_FIT_VERBOSE=y
 CONFIG_OF_BOARD_SETUP=y
 CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_ENV_IS_IN_FLASH=y
 CONFIG_BOOTDELAY=10
 CONFIG_CMD_GREPENV=y
 CONFIG_CMD_EEPROM=y
@@ -23,6 +24,7 @@ CONFIG_CMD_DATE=y
 CONFIG_OF_CONTROL=y
 CONFIG_NET_RANDOM_ETHADDR=y
 CONFIG_DM=y
+CONFIG_FSL_CAAM=y
 CONFIG_MTD_NOR_FLASH=y
 CONFIG_DM_SPI_FLASH=y
 CONFIG_PHYLIB=y
@@ -42,6 +44,5 @@ CONFIG_USB_XHCI_HCD=y
 CONFIG_USB_XHCI_DWC3=y
 CONFIG_USB_STORAGE=y
 CONFIG_RSA=y
-CONFIG_SPL_RSA=y
 CONFIG_RSA_SOFTWARE_EXP=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
diff --git a/configs/ls2080ardb_SECURE_BOOT_defconfig 
b/configs/ls2080ardb_SECURE_BOOT_defconfig
index b035e57..249f18a 100644
--- a/configs/ls2080ardb_SECURE_BOOT_defconfig
+++ b/configs/ls2080ardb_SECURE_BOOT_defconfig
@@ -1,12 +1,13 @@
 CONFIG_ARM=y
 CONFIG_TARGET_LS2080ARDB=y
+CONFIG_FSL_LS_PPA=y
 CONFIG_SECURE_BOOT=y
 CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-rdb"
 # CONFIG_SYS_MALLOC_F is not set
-CONFIG_FIT=y
 CONFIG_FIT_VERBOSE=y
 CONFIG_OF_BOARD_SETUP=y
 CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_ENV_IS_IN_FLASH=y
 CONFIG_BOOTDELAY=10
 CONFIG_CMD_GREPENV=y
 CONFIG_CMD_EEPROM=y
@@ -22,6 +23,7 @@ CONFIG_CMD_DATE=y
 CONFIG_OF_CONTROL=y
 CONFIG_NET_RANDOM_ETHADDR=y
 CONFIG_DM=y
+CONFIG_FSL_CAAM=y
 CONFIG_MTD_NOR_FLASH=y
 CONFIG_DM_SPI_FLASH=y
 CONFIG_PHYLIB=y
@@ -41,6 +43,5 @@ CONFIG_USB_XHCI_HCD=y
 CONFIG_USB_XHCI_DWC3=y
 CONFIG_USB_STORAGE=y
 CONFIG_RSA=y
-CONFIG_SPL_RSA=y
 CONFIG_RSA_SOFTWARE_EXP=y
 CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
-- 
1.9.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

Re: [U-Boot] [PATCH v2 2/2] LS1088A_QSPI: Add secure boot defconfigs for QSPI boot.

[Udit Agarwal]

Changes in V2:
Rebasing the image validation patch.
Dependent patch set:
https://patchwork.ozlabs.org/patch/801852/
https://patchwork.ozlabs.org/patch/803045/
https://patchwork.ozlabs.org/patch/803043/

> -Original Message-
> From: Udit Agarwal [mailto:udit.agar...@nxp.com]
> Sent: Friday, August 25, 2017 2:29 PM
> To: u-boot@lists.denx.de
> Cc: York Sun <york@nxp.com>; Ruchika Gupta <ruchika.gu...@nxp.com>; Sumit
> Garg <sumit.g...@nxp.com>; Prabhakar Kushwaha <prabhakar.kushw...@nxp.com>;
> Ashish Kumar <ashish.ku...@nxp.com>; Udit Agarwal <udit.agar...@nxp.com>
> Subject: [PATCH v2 2/2] LS1088A_QSPI: Add secure boot defconfigs for QSPI 
> boot.
> 
> Add the secure boot defconfigs for QSPI boot on LS1088ARDB and LS1088AQDS
> platforms.
> 
> Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
> ---
>  configs/ls1088aqds_qspi_SECURE_BOOT_defconfig | 32
> +++  configs/ls1088ardb_qspi_SECURE_BOOT_defconfig
> | 32 +++
>  2 files changed, 64 insertions(+)
>  create mode 100644 configs/ls1088aqds_qspi_SECURE_BOOT_defconfig
>  create mode 100644 configs/ls1088ardb_qspi_SECURE_BOOT_defconfig
> 
> diff --git a/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig
> b/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig
> new file mode 100644
> index 000..65653b8
> --- /dev/null
> +++ b/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig
> @@ -0,0 +1,32 @@
> +CONFIG_ARM=y
> +CONFIG_TARGET_LS1088AQDS=y
> +# CONFIG_SYS_MALLOC_F is not set
> +CONFIG_DM_SPI=y
> +CONFIG_DM_SPI_FLASH=y
> +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1088a-qds"
> +CONFIG_FIT=y
> +CONFIG_FIT_VERBOSE=y
> +CONFIG_OF_BOARD_SETUP=y
> +CONFIG_OF_STDOUT_VIA_ALIAS=y
> +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, QSPI_BOOT"
> +CONFIG_HUSH_PARSER=y
> +CONFIG_CMD_MMC=y
> +CONFIG_CMD_SF=y
> +CONFIG_CMD_I2C=y
> +# CONFIG_CMD_SETEXPR is not set
> +CONFIG_CMD_DHCP=y
> +CONFIG_CMD_PING=y
> +CONFIG_OF_CONTROL=y
> +CONFIG_NET_RANDOM_ETHADDR=y
> +CONFIG_DM=y
> +CONFIG_SPI_FLASH=y
> +CONFIG_NETDEVICES=y
> +CONFIG_E1000=y
> +CONFIG_SYS_NS16550=y
> +CONFIG_FSL_DSPI=y
> +CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
> +# CONFIG_DISPLAY_BOARDINFO is not set
> +CONFIG_FSL_LS_PPA=y
> +CONFIG_SECURE_BOOT=y
> +CONFIG_RSA=y
> +CONFIG_RSA_SOFTWARE_EXP=y
> diff --git a/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig
> b/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig
> new file mode 100644
> index 000..5afd559
> --- /dev/null
> +++ b/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig
> @@ -0,0 +1,32 @@
> +CONFIG_ARM=y
> +CONFIG_TARGET_LS1088ARDB=y
> +# CONFIG_SYS_MALLOC_F is not set
> +CONFIG_DM_SPI=y
> +CONFIG_DM_SPI_FLASH=y
> +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1088a-rdb"
> +CONFIG_FIT=y
> +CONFIG_FIT_VERBOSE=y
> +CONFIG_OF_BOARD_SETUP=y
> +CONFIG_OF_STDOUT_VIA_ALIAS=y
> +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, QSPI_BOOT"
> +CONFIG_HUSH_PARSER=y
> +CONFIG_CMD_MMC=y
> +CONFIG_CMD_SF=y
> +CONFIG_CMD_I2C=y
> +# CONFIG_CMD_SETEXPR is not set
> +CONFIG_CMD_DHCP=y
> +CONFIG_CMD_PING=y
> +CONFIG_OF_CONTROL=y
> +CONFIG_NET_RANDOM_ETHADDR=y
> +CONFIG_DM=y
> +CONFIG_SPI_FLASH=y
> +CONFIG_NETDEVICES=y
> +CONFIG_E1000=y
> +CONFIG_SYS_NS16550=y
> +CONFIG_FSL_DSPI=y
> +CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
> +# CONFIG_DISPLAY_BOARDINFO is not set
> +CONFIG_FSL_LS_PPA=y
> +CONFIG_SECURE_BOOT=y
> +CONFIG_RSA=y
> +CONFIG_RSA_SOFTWARE_EXP=y
> --
> 1.9.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

Re: [U-Boot] [PATCH v2 1/2] LS1088A_QSPI: SECURE_BOOT: Images validation

[Udit Agarwal]

Changes in V2:
Rebasing the image validation patch.
Dependent patch set:
https://patchwork.ozlabs.org/patch/801852/
https://patchwork.ozlabs.org/patch/803045/
https://patchwork.ozlabs.org/patch/803043/


> -Original Message-
> From: Udit Agarwal [mailto:udit.agar...@nxp.com]
> Sent: Friday, August 25, 2017 2:29 PM
> To: u-boot@lists.denx.de
> Cc: York Sun <york@nxp.com>; Ruchika Gupta <ruchika.gu...@nxp.com>; Sumit
> Garg <sumit.g...@nxp.com>; Prabhakar Kushwaha <prabhakar.kushw...@nxp.com>;
> Ashish Kumar <ashish.ku...@nxp.com>; Udit Agarwal <udit.agar...@nxp.com>
> Subject: [PATCH v2 1/2] LS1088A_QSPI: SECURE_BOOT: Images validation
> 
> Validates PPA, MC, DPC, Bootscript, DPL and Kernel images in ESBC phase using
> esbc_validate command. Add images validation in default environment under 
> mcinitcmd
> prior to MC in Changes in V2:
Rebasing the image validation patch.
Dependent patch set:
https://patchwork.ozlabs.org/patch/801852/
https://patchwork.ozlabs.org/patch/803045/
https://patchwork.ozlabs.org/patch/803043/itialization.
> 
> Add header address for PPA to be validated during ESBC phase for LS1088A 
> platform
> based on LAyerscape Chasis 3.
> 
> Moves sec_init prior to ppa_init as for validation of PPA sec must be 
> initialised before the
> PPA is initialised.
> 
> Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
> ---
>  arch/arm/cpu/armv8/fsl-layerscape/Kconfig |  1 +
>  board/freescale/ls1088a/Kconfig   |  2 ++
>  board/freescale/ls1088a/ls1088a.c |  6 +++---
>  include/configs/ls1088a_common.h  |  6 +++---
>  include/configs/ls1088aqds.h  | 21 +
>  include/configs/ls1088ardb.h  | 22 +-
>  6 files changed, 51 insertions(+), 7 deletions(-)
> 
> diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig 
> b/arch/arm/cpu/armv8/fsl-
> layerscape/Kconfig
> index ab69a32..d61f522 100644
> --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
> @@ -229,6 +229,7 @@ config SYS_LS_PPA_ESBC_ADDR
>   default 0x4068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A
>   default 0x2068 if SYS_LS_PPA_FW_IN_XIP && QSPI_BOOT &&
> ARCH_LS2080A
>   default 0x58068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS2080A
> + default 0x2068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1088A
>   default 0x68 if SYS_LS_PPA_FW_IN_MMC
>   default 0x68 if SYS_LS_PPA_FW_IN_NAND
>   help
> diff --git a/board/freescale/ls1088a/Kconfig 
> b/board/freescale/ls1088a/Kconfig index
> 1ada661..4479dd0 100644
> --- a/board/freescale/ls1088a/Kconfig
> +++ b/board/freescale/ls1088a/Kconfig
> @@ -12,6 +12,7 @@ config SYS_SOC
>  config SYS_CONFIG_NAME
>   default "ls1088aqds"
> 
> +source "board/freescale/common/Kconfig"
>  endif
> 
>  if TARGET_LS1088ARDB
> @@ -28,4 +29,5 @@ config SYS_SOC
>  config SYS_CONFIG_NAME
>   default "ls1088ardb"
> 
> +source "board/freescale/common/Kconfig"
>  endif
> diff --git a/board/freescale/ls1088a/ls1088a.c 
> b/board/freescale/ls1088a/ls1088a.c
> index d1de4d1..b3a646d 100644
> --- a/board/freescale/ls1088a/ls1088a.c
> +++ b/board/freescale/ls1088a/ls1088a.c
> @@ -315,6 +315,9 @@ int board_init(void)
>   out_le32(irq_ccsr + IRQCR_OFFSET / 4, AQR105_IRQ_MASK);  #endif
> 
> +#ifdef CONFIG_FSL_CAAM
> + sec_init();
> +#endif
>  #ifdef CONFIG_FSL_LS_PPA
> ppa_init();
>  #endif
> @@ -337,9 +340,6 @@ void detail_board_ddr_info(void)  #if
> defined(CONFIG_ARCH_MISC_INIT)  int arch_misc_init(void)  { -#ifdef
> CONFIG_FSL_CAAM
> - sec_init();
> -#endif
>   return 0;
>  }
>  #endif
> diff --git a/include/configs/ls1088a_common.h 
> b/include/configs/ls1088a_common.h
> index d01095e..4943e19 100644
> --- a/include/configs/ls1088a_common.h
> +++ b/include/configs/ls1088a_common.h
> @@ -128,9 +128,9 @@ unsigned long long get_qixis_addr(void);  #if
> defined(CONFIG_FSL_MC_ENET)
>  #define CONFIG_SYS_LS_MC_DRAM_BLOCK_MIN_SIZE (512UL * 1024 *
> 1024)
>  #endif
> -
> -#define CONFIG_FSL_CAAM  /* Enable SEC/CAAM */
> -
> +#if !defined(CONFIG_FSL_CAAM)
> + #define CONFIG_FSL_CAAM /* Enable SEC/CAAM */
> +#endif
>  /* Command line configuration */
>  #define CONFIG_CMD_GREPENV
>  #define CONFIG_CMD_CACHE
> diff --git a/include/configs/ls1088aqds.h b/include/configs/ls1088aqds.h index
> 3547b0b..ff0cb7e 100644
> --- a/include/configs/ls1088aqds.h
> +++ b/include/configs/ls1088aqds.

[U-Boot] [PATCH v2 2/2] LS1088A_QSPI: Add secure boot defconfigs for QSPI boot.

[Udit Agarwal]

Add the secure boot defconfigs for QSPI boot on LS1088ARDB
and LS1088AQDS platforms.

Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
---
 configs/ls1088aqds_qspi_SECURE_BOOT_defconfig | 32 +++
 configs/ls1088ardb_qspi_SECURE_BOOT_defconfig | 32 +++
 2 files changed, 64 insertions(+)
 create mode 100644 configs/ls1088aqds_qspi_SECURE_BOOT_defconfig
 create mode 100644 configs/ls1088ardb_qspi_SECURE_BOOT_defconfig

diff --git a/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig 
b/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig
new file mode 100644
index 000..65653b8
--- /dev/null
+++ b/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig
@@ -0,0 +1,32 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS1088AQDS=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1088a-qds"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, QSPI_BOOT"
+CONFIG_HUSH_PARSER=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_I2C=y
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_PING=y
+CONFIG_OF_CONTROL=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_SPI_FLASH=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_SYS_NS16550=y
+CONFIG_FSL_DSPI=y
+CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
+# CONFIG_DISPLAY_BOARDINFO is not set
+CONFIG_FSL_LS_PPA=y
+CONFIG_SECURE_BOOT=y
+CONFIG_RSA=y
+CONFIG_RSA_SOFTWARE_EXP=y
diff --git a/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig 
b/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig
new file mode 100644
index 000..5afd559
--- /dev/null
+++ b/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig
@@ -0,0 +1,32 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS1088ARDB=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1088a-rdb"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, QSPI_BOOT"
+CONFIG_HUSH_PARSER=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_I2C=y
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_PING=y
+CONFIG_OF_CONTROL=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_SPI_FLASH=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_SYS_NS16550=y
+CONFIG_FSL_DSPI=y
+CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
+# CONFIG_DISPLAY_BOARDINFO is not set
+CONFIG_FSL_LS_PPA=y
+CONFIG_SECURE_BOOT=y
+CONFIG_RSA=y
+CONFIG_RSA_SOFTWARE_EXP=y
-- 
1.9.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH v2 1/2] LS1088A_QSPI: SECURE_BOOT: Images validation

[Udit Agarwal]

Validates PPA, MC, DPC, Bootscript, DPL and Kernel images in ESBC phase
using esbc_validate command. Add images validation in default environment
under mcinitcmd prior to MC initialization.

Add header address for PPA to be validated during ESBC phase for LS1088A
platform based on LAyerscape Chasis 3.

Moves sec_init prior to ppa_init as for validation of PPA sec must
be initialised before the PPA is initialised.

Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
---
 arch/arm/cpu/armv8/fsl-layerscape/Kconfig |  1 +
 board/freescale/ls1088a/Kconfig   |  2 ++
 board/freescale/ls1088a/ls1088a.c |  6 +++---
 include/configs/ls1088a_common.h  |  6 +++---
 include/configs/ls1088aqds.h  | 21 +
 include/configs/ls1088ardb.h  | 22 +-
 6 files changed, 51 insertions(+), 7 deletions(-)

diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig 
b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
index ab69a32..d61f522 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
+++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
@@ -229,6 +229,7 @@ config SYS_LS_PPA_ESBC_ADDR
default 0x4068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A
default 0x2068 if SYS_LS_PPA_FW_IN_XIP && QSPI_BOOT && ARCH_LS2080A
default 0x58068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS2080A
+   default 0x2068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1088A
default 0x68 if SYS_LS_PPA_FW_IN_MMC
default 0x68 if SYS_LS_PPA_FW_IN_NAND
help
diff --git a/board/freescale/ls1088a/Kconfig b/board/freescale/ls1088a/Kconfig
index 1ada661..4479dd0 100644
--- a/board/freescale/ls1088a/Kconfig
+++ b/board/freescale/ls1088a/Kconfig
@@ -12,6 +12,7 @@ config SYS_SOC
 config SYS_CONFIG_NAME
default "ls1088aqds"
 
+source "board/freescale/common/Kconfig"
 endif
 
 if TARGET_LS1088ARDB
@@ -28,4 +29,5 @@ config SYS_SOC
 config SYS_CONFIG_NAME
default "ls1088ardb"
 
+source "board/freescale/common/Kconfig"
 endif
diff --git a/board/freescale/ls1088a/ls1088a.c 
b/board/freescale/ls1088a/ls1088a.c
index d1de4d1..b3a646d 100644
--- a/board/freescale/ls1088a/ls1088a.c
+++ b/board/freescale/ls1088a/ls1088a.c
@@ -315,6 +315,9 @@ int board_init(void)
out_le32(irq_ccsr + IRQCR_OFFSET / 4, AQR105_IRQ_MASK);
 #endif
 
+#ifdef CONFIG_FSL_CAAM
+   sec_init();
+#endif
 #ifdef CONFIG_FSL_LS_PPA
ppa_init();
 #endif
@@ -337,9 +340,6 @@ void detail_board_ddr_info(void)
 #if defined(CONFIG_ARCH_MISC_INIT)
 int arch_misc_init(void)
 {
-#ifdef CONFIG_FSL_CAAM
-   sec_init();
-#endif
return 0;
 }
 #endif
diff --git a/include/configs/ls1088a_common.h b/include/configs/ls1088a_common.h
index d01095e..4943e19 100644
--- a/include/configs/ls1088a_common.h
+++ b/include/configs/ls1088a_common.h
@@ -128,9 +128,9 @@ unsigned long long get_qixis_addr(void);
 #if defined(CONFIG_FSL_MC_ENET)
 #define CONFIG_SYS_LS_MC_DRAM_BLOCK_MIN_SIZE   (512UL * 1024 * 1024)
 #endif
-
-#define CONFIG_FSL_CAAM/* Enable SEC/CAAM */
-
+#if !defined(CONFIG_FSL_CAAM)
+   #define CONFIG_FSL_CAAM /* Enable SEC/CAAM */
+#endif
 /* Command line configuration */
 #define CONFIG_CMD_GREPENV
 #define CONFIG_CMD_CACHE
diff --git a/include/configs/ls1088aqds.h b/include/configs/ls1088aqds.h
index 3547b0b..ff0cb7e 100644
--- a/include/configs/ls1088aqds.h
+++ b/include/configs/ls1088aqds.h
@@ -329,6 +329,26 @@ unsigned long get_board_ddr_clk(void);
QIXIS_SDID_MASK) != QIXIS_ESDHC_NO_ADAPTER)
 
 /* Initial environment variables */
+#ifdef CONFIG_SECURE_BOOT
+#undef CONFIG_EXTRA_ENV_SETTINGS
+#define CONFIG_EXTRA_ENV_SETTINGS  \
+   "hwconfig=fsl_ddr:bank_intlv=auto\0"\
+   "loadaddr=0x9010\0" \
+   "kernel_addr=0x10\0"\
+   "ramdisk_addr=0x80\0"   \
+   "ramdisk_size=0x200\0"  \
+   "fdt_high=0xa000\0" \
+   "initrd_high=0x\0"  \
+   "kernel_start=0x100\0"  \
+   "kernel_load=0xa000\0"  \
+   "kernel_size=0x280\0"   \
+   "mcinitcmd=sf probe 0:0;sf read 0xa0a0 0xa0 0x10;"  \
+   "sf read 0xa070 0x70 0x4000; esbc_validate 0xa070;" \
+   "sf read 0xa0e0 0xe0 0x10;" \
+   "sf read 0xa074 0x74 0x4000;esbc_validate 0xa074;"  \
+   "fsl_mc start mc 0xa0a0 0xa0e0\0"   \
+   "mcmemsize=0x7000 \0"
+#else /* if !(CONFIG_SECURE_BOOT) */
 #if defined(CONFIG_QSPI_BOOT)
 #undef CONFIG_EXTRA_ENV_SETTINGS
 #define CONFIG_EXTRA_ENV_SETTINGS   

[U-Boot] [PATCH v2 2/2] LS2080ARDB: Secure Boot defconfig for QSPI boot.

[Udit Agarwal]

Add the secure boot defconfig for QSPI boot on LS2088ARDB
platform.

Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
---
Dependent Patch Set:
https://patchwork.ozlabs.org/patch/756260/
Changes in v2:
Updates the MAINTAINERS file and reverses the order of
secure boot patches for LS2080 QSPI Boot.

 configs/ls2088ardb_qspi_SECURE_BOOT_defconfig | 49 +++
 1 file changed, 49 insertions(+)
 create mode 100644 configs/ls2088ardb_qspi_SECURE_BOOT_defconfig

diff --git a/configs/ls2088ardb_qspi_SECURE_BOOT_defconfig 
b/configs/ls2088ardb_qspi_SECURE_BOOT_defconfig
new file mode 100644
index 000..360d8c4
--- /dev/null
+++ b/configs/ls2088ardb_qspi_SECURE_BOOT_defconfig
@@ -0,0 +1,49 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS2080ARDB=y
+CONFIG_SECURE_BOOT=y
+CONFIG_FSL_LS_PPA=y
+CONFIG_QSPI_AHB_INIT=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2088a-rdb-qspi"
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_QSPI_BOOT=y
+CONFIG_BOOTDELAY=10
+CONFIG_CMD_GREPENV=y
+# CONFIG_CMD_IMLS is not set
+CONFIG_CMD_GPT=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_MII=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_CACHE=y
+CONFIG_CMD_EXT2=y
+CONFIG_CMD_FAT=y
+CONFIG_OF_CONTROL=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_FSL_CAAM=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_PCIE_LAYERSCAPE=y
+CONFIG_SYS_NS16550=y
+CONFIG_DM_SPI=y
+CONFIG_FSL_QSPI=y
+CONFIG_FSL_DSPI=y
+CONFIG_CMD_USB=y
+CONFIG_RSA=y
+CONFIG_RSA_SOFTWARE_EXP=y
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_USB=y
+CONFIG_DM_USB=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_USB_STORAGE=y
+CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
-- 
1.9.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH v2 1/2] LS2080ARDB: QSPI boot: Secure Boot image validation

[Udit Agarwal]

Validates the images in the ESBC phase for (QSPI boot) using
esbc_validate command. Add images validation in default
environment under mcinitcmd prior to MC initialization.

Adds header address for PPA to be validated during ESBC phase for
ARCH_LS2088 and QSPI_BOOT.

Moves sec_init prior to ppa_init as for validation of PPA, sec must
be initialised before the PPA is initialised.

Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
---
Dependent Patch Set:
https://patchwork.ozlabs.org/patch/756260/
Changes in v2:
Updates the MAINTAINERS file and reverses the order of
secure boot patches for LS2080 QSPI Boot.

 arch/arm/cpu/armv8/fsl-layerscape/Kconfig |  3 ++-
 arch/arm/include/asm/fsl_secure_boot.h|  5 +
 board/freescale/ls2080aqds/ls2080aqds.c   |  7 +++
 board/freescale/ls2080ardb/MAINTAINERS|  5 +
 board/freescale/ls2080ardb/ls2080ardb.c   |  4 
 include/configs/ls2080ardb.h  | 22 ++
 6 files changed, 41 insertions(+), 5 deletions(-)

diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig 
b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
index 312c54d..18c3b2a 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
+++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
@@ -182,7 +182,8 @@ config SYS_LS_PPA_ESBC_ADDR
default 0x6068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1043A
default 0x4068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1046A
default 0x4068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A
-   default 0x58068 if SYS_LS_PPA_FW_IN_XIP && FSL_LSCH3
+   default 0x2068 if SYS_LS_PPA_FW_IN_XIP && QSPI_BOOT && ARCH_LS2080A
+   default 0x58068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS2080A
default 0x68 if SYS_LS_PPA_FW_IN_MMC
default 0x68 if SYS_LS_PPA_FW_IN_NAND
help
diff --git a/arch/arm/include/asm/fsl_secure_boot.h 
b/arch/arm/include/asm/fsl_secure_boot.h
index 6d53708..b6f63a3 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -72,8 +72,13 @@
  * DDR memory map
  */
 #ifdef CONFIG_FSL_LSCH3
+#ifdef CONFIG_QSPI_BOOT
+#define CONFIG_BS_ADDR_DEVICE  0x2060
+#define CONFIG_BS_HDR_ADDR_DEVICE  0x2064
+#else /* NOR BOOT */
 #define CONFIG_BS_ADDR_DEVICE  0x58060
 #define CONFIG_BS_HDR_ADDR_DEVICE  0x58064
+#endif /*ifdef CONFIG_QSPI_BOOT */
 #define CONFIG_BS_SIZE 0x1000
 #define CONFIG_BS_HDR_SIZE 0x4000
 #define CONFIG_BS_ADDR_RAM 0xa060
diff --git a/board/freescale/ls2080aqds/ls2080aqds.c 
b/board/freescale/ls2080aqds/ls2080aqds.c
index 6da9c6c..b9eb549 100644
--- a/board/freescale/ls2080aqds/ls2080aqds.c
+++ b/board/freescale/ls2080aqds/ls2080aqds.c
@@ -226,15 +226,14 @@ int board_init(void)
 #endif
select_i2c_ch_pca9547(I2C_MUX_CH_DEFAULT);
rtc_enable_32khz_output();
+#ifdef CONFIG_FSL_CAAM
+   sec_init();
+#endif
 
 #ifdef CONFIG_FSL_LS_PPA
ppa_init();
 #endif
 
-#ifdef CONFIG_FSL_CAAM
-   sec_init();
-#endif
-
return 0;
 }
 
diff --git a/board/freescale/ls2080ardb/MAINTAINERS 
b/board/freescale/ls2080ardb/MAINTAINERS
index 91f13ea..8da1c6d 100644
--- a/board/freescale/ls2080ardb/MAINTAINERS
+++ b/board/freescale/ls2080ardb/MAINTAINERS
@@ -21,3 +21,8 @@ LS2080A_SECURE_BOOT BOARD
 M: Saksham Jain <saksham.j...@nxp.freescale.com>
 S: Maintained
 F: configs/ls2080ardb_SECURE_BOOT_defconfig
+
+LS2088A_QSPI_SECURE_BOOT BOARD
+M: Udit Agarwal <udit.agar...@nxp.com>
+S: Maintained
+F: configs/ls2088ardb_qspi_SECURE_BOOT_defconfig
diff --git a/board/freescale/ls2080ardb/ls2080ardb.c 
b/board/freescale/ls2080ardb/ls2080ardb.c
index df2d768..4c42c73 100644
--- a/board/freescale/ls2080ardb/ls2080ardb.c
+++ b/board/freescale/ls2080ardb/ls2080ardb.c
@@ -231,6 +231,10 @@ int board_init(void)
 #ifdef CONFIG_FSL_QIXIS
QIXIS_WRITE(rst_ctl, QIXIS_RST_CTL_RESET_EN);
 #endif
+
+#ifdef CONFIG_FSL_CAAM
+   sec_init();
+#endif
 #ifdef CONFIG_FSL_LS_PPA
ppa_init();
 #endif
diff --git a/include/configs/ls2080ardb.h b/include/configs/ls2080ardb.h
index 2dab065..f04a343 100644
--- a/include/configs/ls2080ardb.h
+++ b/include/configs/ls2080ardb.h
@@ -364,6 +364,27 @@ unsigned long get_board_sys_clk(void);
 /* Initial environment variables */
 #undef CONFIG_EXTRA_ENV_SETTINGS
 #ifdef CONFIG_SECURE_BOOT
+#ifdef CONFIG_QSPI_BOOT
+#define CONFIG_EXTRA_ENV_SETTINGS  \
+   "hwconfig=fsl_ddr:bank_intlv=auto\0"\
+   "scriptaddr=0x8080\0"   \
+   "kernel_addr_r=0x8100\0"\
+   "pxefile_addr_r=0x8100\0"   \
+   "fdt_addr_r=0x8800\0"   \
+   "ramdisk_addr_r=0x8900\0"   \
+   "loadaddr=0x8010\0" \
+   "kernel_addr=

[U-Boot] [PATCH 2/3] LS2080ARDB: QSPI boot: Secure Boot image validation

[Udit Agarwal]

Validates the images in the ESBC phase for LS2088ARDB platform
and QSPI boot using esbc_validate command. Add images validation
in default environment under mcinitcmd prior to MC initialization.

Adds header address for PPA to be validated during ESBC phase for
ARCH_LS2088 and QSPI_BOOT.

Moves sec_init prior to ppa_init as for validation of PPA sec must
be initialised before the PPA is initialised.

Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
---
https://patchwork.ozlabs.org/patch/756222/
https://patchwork.ozlabs.org/patch/756221/
https://patchwork.ozlabs.org/patch/756250/

 arch/arm/cpu/armv8/fsl-layerscape/Kconfig |  1 +
 board/freescale/ls2080aqds/ls2080aqds.c   |  2 +-
 board/freescale/ls2080ardb/ls2080ardb.c   |  7 ---
 include/configs/ls2080ardb.h  | 22 ++
 4 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig 
b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
index 57660e8..8b39e00 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
+++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
@@ -216,6 +216,7 @@ config SYS_LS_PPA_ESBC_ADDR
default 0x4068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1046A
default 0x4068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A
default 0x2068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1088A
+   default 0x2068 if SYS_LS_PPA_FW_IN_XIP && QSPI_BOOT && ARCH_LS2080A
default 0x58068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS2080A
default 0x68 if SYS_LS_PPA_FW_IN_MMC
default 0x68 if SYS_LS_PPA_FW_IN_NAND
diff --git a/board/freescale/ls2080aqds/ls2080aqds.c 
b/board/freescale/ls2080aqds/ls2080aqds.c
index ba3347b..00f4bb1 100644
--- a/board/freescale/ls2080aqds/ls2080aqds.c
+++ b/board/freescale/ls2080aqds/ls2080aqds.c
@@ -229,7 +229,7 @@ int board_init(void)
select_i2c_ch_pca9547(I2C_MUX_CH_DEFAULT);
rtc_enable_32khz_output();
 #ifdef CONFIG_FSL_CAAM
-sec_init();
+   sec_init();
 #endif
 
 #ifdef CONFIG_FSL_LS_PPA
diff --git a/board/freescale/ls2080ardb/ls2080ardb.c 
b/board/freescale/ls2080ardb/ls2080ardb.c
index edb6b33..c25f8ab 100644
--- a/board/freescale/ls2080ardb/ls2080ardb.c
+++ b/board/freescale/ls2080ardb/ls2080ardb.c
@@ -233,6 +233,10 @@ int board_init(void)
 #ifdef CONFIG_FSL_QIXIS
QIXIS_WRITE(rst_ctl, QIXIS_RST_CTL_RESET_EN);
 #endif
+
+#ifdef CONFIG_FSL_CAAM
+   sec_init();
+#endif
 #ifdef CONFIG_FSL_LS_PPA
ppa_init();
 #endif
@@ -241,9 +245,6 @@ int board_init(void)
/* invert AQR405 IRQ pins polarity */
out_le32(irq_ccsr + IRQCR_OFFSET / 4, AQR405_IRQ_MASK);
 #endif
-#ifdef CONFIG_FSL_CAAM
-sec_init();
-#endif
 
return 0;
 }
diff --git a/include/configs/ls2080ardb.h b/include/configs/ls2080ardb.h
index 711241a..5a1d516 100644
--- a/include/configs/ls2080ardb.h
+++ b/include/configs/ls2080ardb.h
@@ -366,6 +366,27 @@ unsigned long get_board_sys_clk(void);
 /* Initial environment variables */
 #undef CONFIG_EXTRA_ENV_SETTINGS
 #ifdef CONFIG_SECURE_BOOT
+#ifdef CONFIG_QSPI_BOOT
+#define CONFIG_EXTRA_ENV_SETTINGS  \
+   "hwconfig=fsl_ddr:bank_intlv=auto\0"\
+   "scriptaddr=0x8080\0"   \
+   "kernel_addr_r=0x8100\0"\
+   "pxefile_addr_r=0x8100\0"   \
+   "fdt_addr_r=0x8800\0"   \
+   "ramdisk_addr_r=0x8900\0"   \
+   "loadaddr=0x8010\0" \
+   "kernel_addr=0x10\0"\
+   "ramdisk_size=0x200\0"  \
+   "fdt_high=0xa000\0" \
+   "initrd_high=0x\0"  \
+   "kernel_start=0x2100\0" \
+   "mcmemsize=0x4000\0"\
+   "mcinitcmd=esbc_validate 0x2070;"   \
+   "esbc_validate 0x2074;" \
+   "fsl_mc start mc 0x20a0"\
+   " 0x20e0 \0"\
+   BOOTENV
+#else /* !(CONFIG_QSPI_BOOT) */
 #define CONFIG_EXTRA_ENV_SETTINGS  \
"hwconfig=fsl_ddr:bank_intlv=auto\0"\
"scriptaddr=0x8080\0"   \
@@ -389,6 +410,7 @@ unsigned long get_board_sys_clk(void);
"fsl_mc start mc 0x58030"   \
" 0x58080 \0"   \
BOOTENV
+#endif
 #else
 #ifdef CONFIG_QSPI_BOOT
 #define CONFIG_EXTRA_ENV_SETTINGS  \
-- 
1.9.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH 3/3] LS2080A: Adjust memory map for secure boot headers for NOR-boot

[Udit Agarwal]

This patch adjusts memory map for secure boot headers on LS2080AQDS
and LS2080ARDB platforms.

Secure boot headers are placed on NOR flash at offset 0x0060.

Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
---
https://patchwork.ozlabs.org/patch/756222/
https://patchwork.ozlabs.org/patch/756221/
https://patchwork.ozlabs.org/patch/756250/

 board/freescale/ls2080aqds/README |  1 +
 board/freescale/ls2080ardb/README |  1 +
 include/configs/ls2080aqds.h  | 10 +-
 include/configs/ls2080ardb.h  | 10 +-
 4 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/board/freescale/ls2080aqds/README 
b/board/freescale/ls2080aqds/README
index fd0e25a..cad860e 100644
--- a/board/freescale/ls2080aqds/README
+++ b/board/freescale/ls2080aqds/README
@@ -96,6 +96,7 @@ RCW+PBI   0x
 Boot firmware (U-Boot) 0x0010
 Boot firmware Environment  0x0030
 PPA firmware   0x0040
+Secure Headers 0x0060
 DPAA2 MC   0x00A0
 DPAA2 DPL  0x00D0
 DPAA2 DPC  0x00E0
diff --git a/board/freescale/ls2080ardb/README 
b/board/freescale/ls2080ardb/README
index f228d80..205c45c 100644
--- a/board/freescale/ls2080ardb/README
+++ b/board/freescale/ls2080ardb/README
@@ -92,6 +92,7 @@ RCW+PBI   0x
 Boot firmware (U-Boot) 0x0010
 Boot firmware Environment  0x0030
 PPA firmware   0x0040
+Secure Headers 0x0060
 Cortina PHY firmware   0x0098
 DPAA2 MC   0x00A0
 DPAA2 DPL  0x00D0
diff --git a/include/configs/ls2080aqds.h b/include/configs/ls2080aqds.h
index d646197..efc3d5b 100644
--- a/include/configs/ls2080aqds.h
+++ b/include/configs/ls2080aqds.h
@@ -369,14 +369,14 @@ unsigned long get_board_ddr_clk(void);
"ramdisk_size=0x200\0"  \
"fdt_high=0xa000\0" \
"initrd_high=0x\0"  \
-   "kernel_start=0x58110\0"\
+   "kernel_start=0x58100\0"\
"kernel_load=0xa000\0"  \
"kernel_size=0x280\0"   \
"mcmemsize=0x4000\0"\
-   "mcinitcmd=esbc_validate 0x580c8;"  \
-   "esbc_validate 0x580cc;"\
-   "fsl_mc start mc 0x58030"   \
-   " 0x58080 \0"
+   "mcinitcmd=esbc_validate 0x58070;"  \
+   "esbc_validate 0x58074;"\
+   "fsl_mc start mc 0x580a0"   \
+   " 0x580e0 \0"
 #else
 #define CONFIG_EXTRA_ENV_SETTINGS  \
"hwconfig=fsl_ddr:bank_intlv=auto\0"\
diff --git a/include/configs/ls2080ardb.h b/include/configs/ls2080ardb.h
index 5a1d516..6abf54b 100644
--- a/include/configs/ls2080ardb.h
+++ b/include/configs/ls2080ardb.h
@@ -400,15 +400,15 @@ unsigned long get_board_sys_clk(void);
"ramdisk_size=0x200\0"  \
"fdt_high=0xa000\0" \
"initrd_high=0x\0"  \
-   "kernel_start=0x58110\0"\
+   "kernel_start=0x58100\0"\
"kernel_load=0xa000\0"  \
"kernel_size=0x280\0"   \
"mcmemsize=0x4000\0"\
"fdtfile=fsl-ls2080a-rdb.dtb\0" \
-   "mcinitcmd=esbc_validate 0x580c8;"  \
-   "esbc_validate 0x580cc;"\
-   "fsl_mc start mc 0x58030"   \
-   " 0x58080 \0"   \
+   "mcinitcmd=esbc_validate 0x58070;"  \
+   "esbc_validate 0x58074;"\
+   "fsl_mc start mc 0x580a0"   \
+   " 0x580e0 \0"   \
BOOTENV
 #endif
 #else
-- 
1.9.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH 1/3] LS2080ARDB: Secure Boot defconfig for QSPI boot.

[Udit Agarwal]

Add the secure boot defconfig for QSPI boot on LS2088ARDB
platform.

Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
---
https://patchwork.ozlabs.org/patch/756222/
https://patchwork.ozlabs.org/patch/756221/
https://patchwork.ozlabs.org/patch/756250/

 configs/ls2088ardb_qspi_SECURE_BOOT_defconfig | 50 +++
 1 file changed, 50 insertions(+)
 create mode 100644 configs/ls2088ardb_qspi_SECURE_BOOT_defconfig

diff --git a/configs/ls2088ardb_qspi_SECURE_BOOT_defconfig 
b/configs/ls2088ardb_qspi_SECURE_BOOT_defconfig
new file mode 100644
index 000..749ad1d
--- /dev/null
+++ b/configs/ls2088ardb_qspi_SECURE_BOOT_defconfig
@@ -0,0 +1,50 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS2080ARDB=y
+CONFIG_SECURE_BOOT=y
+CONFIG_FSL_LS_PPA=y
+CONFIG_QSPI_AHB_INIT=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2088a-rdb-qspi"
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_SYS_EXTRA_OPTIONS="LS2080A"
+CONFIG_QSPI_BOOT=y
+CONFIG_BOOTDELAY=10
+CONFIG_CMD_GREPENV=y
+# CONFIG_CMD_IMLS is not set
+CONFIG_CMD_GPT=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_MII=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_CACHE=y
+CONFIG_CMD_EXT2=y
+CONFIG_CMD_FAT=y
+CONFIG_OF_CONTROL=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_FSL_CAAM=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_PCIE_LAYERSCAPE=y
+CONFIG_SYS_NS16550=y
+CONFIG_DM_SPI=y
+CONFIG_FSL_QSPI=y
+CONFIG_FSL_DSPI=y
+CONFIG_CMD_USB=y
+CONFIG_RSA=y
+CONFIG_RSA_SOFTWARE_EXP=y
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_USB=y
+CONFIG_DM_USB=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_USB_STORAGE=y
+CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
-- 
1.9.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH 2/2] LS1088A: SECURE_BOOT: Images validation

[Udit Agarwal]

Validates PPA, MC, DPC, Bootscript, DPL and Kernel images in ESBC phase
using esbc_validate command. Add images validation in default environment
under mcinitcmd prior to MC initialization.

Add header address for PPA to be validated during ESBC phase for LS1088A
platform based on LAyerscape Chasis 3.

Defines address for Bootscript image and its header for QSPI and adds
command to copy these images from QSPI to RAM using sf read command.

Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
---
Dependent patch set:
https://patchwork.ozlabs.org/patch/756260/

 arch/arm/cpu/armv8/fsl-layerscape/Kconfig |  3 ++-
 arch/arm/include/asm/fsl_secure_boot.h|  5 +
 board/freescale/ls1088a/Kconfig   |  1 +
 board/freescale/ls1088a/ls1088a.c |  6 +++---
 include/config_fsl_chain_trust.h  |  7 ++-
 include/configs/ls1088a_common.h  |  2 ++
 include/configs/ls1088aqds.h  | 21 +
 include/configs/ls1088ardb.h  | 21 +
 8 files changed, 61 insertions(+), 5 deletions(-)

diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig 
b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
index 1f23698..8c3c966 100644
--- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
+++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig
@@ -214,7 +214,8 @@ config SYS_LS_PPA_ESBC_ADDR
default 0x6068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1043A
default 0x4068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1046A
default 0x4068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1012A
-   default 0x58068 if SYS_LS_PPA_FW_IN_XIP && FSL_LSCH3
+   default 0x2068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS1088A
+   default 0x58068 if SYS_LS_PPA_FW_IN_XIP && ARCH_LS2080A
default 0x68 if SYS_LS_PPA_FW_IN_MMC
default 0x68 if SYS_LS_PPA_FW_IN_NAND
help
diff --git a/arch/arm/include/asm/fsl_secure_boot.h 
b/arch/arm/include/asm/fsl_secure_boot.h
index 42ae4e2..2e45275 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -78,8 +78,13 @@
  * DDR memory map
  */
 #ifdef CONFIG_FSL_LSCH3
+#ifdef CONFIG_QSPI_BOOT
+#define CONFIG_BS_ADDR_DEVICE  0x2060
+#define CONFIG_BS_HDR_ADDR_DEVICE  0x2064
+#else /* NOR BOOT */
 #define CONFIG_BS_ADDR_DEVICE  0x58060
 #define CONFIG_BS_HDR_ADDR_DEVICE  0x58064
+#endif /*ifdef CONFIG_QSPI_BOOT */
 #define CONFIG_BS_SIZE 0x1000
 #define CONFIG_BS_HDR_SIZE 0x4000
 #define CONFIG_BS_ADDR_RAM 0xa060
diff --git a/board/freescale/ls1088a/Kconfig b/board/freescale/ls1088a/Kconfig
index 1ada661..c8555d5 100644
--- a/board/freescale/ls1088a/Kconfig
+++ b/board/freescale/ls1088a/Kconfig
@@ -28,4 +28,5 @@ config SYS_SOC
 config SYS_CONFIG_NAME
default "ls1088ardb"
 
+source "board/freescale/common/Kconfig"
 endif
diff --git a/board/freescale/ls1088a/ls1088a.c 
b/board/freescale/ls1088a/ls1088a.c
index dcd919d..b094319 100644
--- a/board/freescale/ls1088a/ls1088a.c
+++ b/board/freescale/ls1088a/ls1088a.c
@@ -857,6 +857,9 @@ int board_init(void)
if (adjust_vdd(0) < 0)
printf("core voltage not adjusted\n");
 
+#ifdef CONFIG_FSL_CAAM
+   sec_init();
+#endif
 #ifdef CONFIG_FSL_LS_PPA
ppa_init();
 #endif
@@ -879,9 +882,6 @@ void detail_board_ddr_info(void)
 #if defined(CONFIG_ARCH_MISC_INIT)
 int arch_misc_init(void)
 {
-#ifdef CONFIG_FSL_CAAM
-   sec_init();
-#endif
return 0;
 }
 #endif
diff --git a/include/config_fsl_chain_trust.h b/include/config_fsl_chain_trust.h
index 40d323e..2105b05 100644
--- a/include/config_fsl_chain_trust.h
+++ b/include/config_fsl_chain_trust.h
@@ -80,7 +80,12 @@
"setenv bs_device " __stringify(CONFIG_BS_ADDR_DEVICE)";" \
"setenv bs_size " __stringify(CONFIG_BS_SIZE)";"
 
-/* For secure boot flow, default environment used will be used */
+/* Define BS_COPY_COMMAND to copy bootscript for different types of BOOT
+ * For RAMBOOT, check the type of RAMBOOT to define copy command
+ * For SoC's where QSPI XIP mode doesnot work - CONFIG_BS_COPY_QSPI_IP is used
+ * and for rest it is just a copy command
+ */
+
 #if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_NAND_BOOT) || \
defined(CONFIG_SD_BOOT)
 #if defined(CONFIG_RAMBOOT_NAND) || defined(CONFIG_NAND_BOOT)
diff --git a/include/configs/ls1088a_common.h b/include/configs/ls1088a_common.h
index fbf81f0..ee79470 100644
--- a/include/configs/ls1088a_common.h
+++ b/include/configs/ls1088a_common.h
@@ -142,7 +142,9 @@ unsigned long long get_qixis_addr(void);
 #define CONFIG_SYS_LS_MC_DRAM_BLOCK_MIN_SIZE   (512UL * 1024 * 1024)
 #endif
 
+#if !defined(CONFIG_FSL_CAAM)
 #define CONFIG_FSL_CAAM/* Enable SEC/CAAM */
+#endif
 
 /* Command line configuration */
 #define CONF

[U-Boot] [PATCH 1/2] LS1088A: Add secure boot defconfigs for QSPI boot.

[Udit Agarwal]

Add the secure boot defconfigs for QSPI boot on LS1088ARDB
and LS1088AQDS platforms.

Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
---
Dependent patch set:
https://patchwork.ozlabs.org/patch/756260/

 configs/ls1088aqds_qspi_SECURE_BOOT_defconfig | 31 +++
 configs/ls1088ardb_qspi_SECURE_BOOT_defconfig | 31 +++
 2 files changed, 62 insertions(+)
 create mode 100644 configs/ls1088aqds_qspi_SECURE_BOOT_defconfig
 create mode 100644 configs/ls1088ardb_qspi_SECURE_BOOT_defconfig

diff --git a/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig 
b/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig
new file mode 100644
index 000..fe3c936
--- /dev/null
+++ b/configs/ls1088aqds_qspi_SECURE_BOOT_defconfig
@@ -0,0 +1,31 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS1088AQDS=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1088a-qds"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_SECURE_BOOT=y
+
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, QSPI_BOOT"
+CONFIG_HUSH_PARSER=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_I2C=y
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_PING=y
+CONFIG_OF_CONTROL=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_SPI_FLASH=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_SYS_NS16550=y
+CONFIG_FSL_DSPI=y
+CONFIG_RSA=y
+CONFIG_RSA_SOFTWARE_EXP=y
+CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
+CONFIG_FSL_LS_PPA=y
diff --git a/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig 
b/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig
new file mode 100644
index 000..a2bab45
--- /dev/null
+++ b/configs/ls1088ardb_qspi_SECURE_BOOT_defconfig
@@ -0,0 +1,31 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS1088ARDB=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1088a-rdb"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_SECURE_BOOT=y
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, QSPI_BOOT"
+CONFIG_HUSH_PARSER=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_I2C=y
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_PING=y
+CONFIG_OF_CONTROL=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_SPI_FLASH=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_SYS_NS16550=y
+CONFIG_FSL_DSPI=y
+CONFIG_RSA=y
+CONFIG_RSA_SOFTWARE_EXP=y
+CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
+CONFIG_FSL_LS_PPA=y
-- 
1.9.1

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH 1/1] Secure Boot: Set NPSWA_EN bit for SNVS state transition to happen in EL2.

[Udit Agarwal]

For Layerscape chasis Gen 3 based platforms, during PPA execution
exception level transition happens from EL3 to EL2. While in EL2 state
SNVS state doesnot changes from secure to non secure state in
case of ESBC failure.

So to enable the SNVS transition in EL2 state, NPSWA_EN bit has to be set
when in EL3 state.

Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
---
 drivers/crypto/fsl/jr.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c
index 1b88229..ccd2168 100644
--- a/drivers/crypto/fsl/jr.c
+++ b/drivers/crypto/fsl/jr.c
@@ -8,6 +8,7 @@
 
 #include 
 #include 
+#include 
 #include "fsl_sec.h"
 #include "jr.h"
 #include "jobdesc.h"
@@ -574,6 +575,12 @@ int sec_init_idx(uint8_t sec_idx)
uint32_t liodn_s;
 #endif
 
+#if defined(CONFIG_FSL_LSCH3) && defined(CONFIG_SYS_LS_PPA_ESBC_ADDR)
+#define SEC_MON_HPCOMR (CONFIG_SYS_SEC_MON_ADDR + 0x04)
+#define SEC_MON_HPCOMR_NPSWA_EN0x8000
+   sec_mon_setbits32(SEC_MON_HPCOMR, SEC_MON_HPCOMR_NPSWA_EN);
+#endif
+
if (!(sec_idx < CONFIG_SYS_FSL_MAX_NUM_OF_SEC)) {
printf("SEC initialization failed\n");
return -1;
-- 
1.9.1

___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot

[U-Boot] [PATCH v2 1/1] Secure Boot: Enable IE (Key extention) Feature

[Udit Agarwal]

For validating images from uboot (Such as Kernel Image), either keys
from SoC fuses can be used or keys from a verified table of public keys
can be used. The latter feature is called IE Key Extension Feature.

For Layerscape Chasis 3 based platforms, IE table is validated by Bootrom
and address of this table is written in scratch registers 13 and 14 via
PBI commands.

Following are the steps describing usage of this feature:

1) Verify IE Table in ISBC phase using keys stored in fuses.
2) Install IE table. (To be used across verification of multiple images
   stored in a static global structure.)
3) Use keys from IE table, to verify further images.

Signed-off-by: Aneesh Bansal <aneesh.ban...@nxp.com>
Signed-off-by: Saksham Jain <saksham.j...@nxp.com>
Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
---

Changes for V2
Adds more clarity in subject and description related to this feature.
---
 arch/arm/include/asm/fsl_secure_boot.h |  6 +--
 board/freescale/common/fsl_validate.c  | 88 +++---
 include/fsl_validate.h | 24 +-
 3 files changed, 97 insertions(+), 21 deletions(-)

diff --git a/arch/arm/include/asm/fsl_secure_boot.h 
b/arch/arm/include/asm/fsl_secure_boot.h
index 27cf096..a612b7d 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -51,11 +51,11 @@
  * in boot ROM of the SoC.
  * The feature is only applicable in case of NOR boot and is
  * not applicable in case of RAMBOOT (NAND, SD, SPI).
+ * For LS, this feature is available for all device if IE Table
+ * is copied to XIP memory
+ * Also, for LS, ISBC doesn't verify this table.
  */
-#ifndef CONFIG_ESBC_HDR_LS
-/* Current Key EXT feature not available in LS ESBC Header */
 #define CONFIG_FSL_ISBC_KEY_EXT
-#endif
 
 #endif
 
diff --git a/board/freescale/common/fsl_validate.c 
b/board/freescale/common/fsl_validate.c
index 2b723a4..7396aa2 100644
--- a/board/freescale/common/fsl_validate.c
+++ b/board/freescale/common/fsl_validate.c
@@ -27,6 +27,10 @@
 #define CHECK_KEY_LEN(key_len) (((key_len) == 2 * KEY_SIZE_BYTES / 4) || \
 ((key_len) == 2 * KEY_SIZE_BYTES / 2) || \
 ((key_len) == 2 * KEY_SIZE_BYTES))
+#if defined(CONFIG_FSL_ISBC_KEY_EXT)
+/* Global data structure */
+static struct fsl_secboot_glb glb;
+#endif
 
 /* This array contains DER value for SHA-256 */
 static const u8 hash_identifier[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60,
@@ -60,7 +64,7 @@ self:
 #if defined(CONFIG_FSL_ISBC_KEY_EXT)
 static u32 check_ie(struct fsl_secboot_img_priv *img)
 {
-   if (img->hdr.ie_flag)
+   if (img->hdr.ie_flag & IE_FLAG_MASK)
return 1;
 
return 0;
@@ -119,7 +123,21 @@ int get_csf_base_addr(u32 *csf_addr, u32 *flash_base_addr)
 }
 #endif
 
-static int get_ie_info_addr(u32 *ie_addr)
+#if defined(CONFIG_ESBC_HDR_LS)
+static int get_ie_info_addr(uintptr_t *ie_addr)
+{
+   struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR);
+   /* For LS-CH3, the address of IE Table is
+* stated in Scratch13 and scratch14 of DCFG.
+* Bootrom validates this table while validating uboot.
+* DCFG is LE*/
+   *ie_addr = in_le32(>scratchrw[SCRATCH_IE_HIGH_ADR - 1]);
+   *ie_addr = *ie_addr << 32;
+   *ie_addr |= in_le32(>scratchrw[SCRATCH_IE_LOW_ADR - 1]);
+   return 0;
+}
+#else /* CONFIG_ESBC_HDR_LS */
+static int get_ie_info_addr(uintptr_t *ie_addr)
 {
struct fsl_secboot_img_hdr *hdr;
struct fsl_secboot_sg_table *sg_tbl;
@@ -147,16 +165,17 @@ static int get_ie_info_addr(u32 *ie_addr)
 
/* IE Key Table is the first entry in the SG Table */
 #if defined(CONFIG_MPC85xx)
-   *ie_addr = (sg_tbl->src_addr & ~(CONFIG_SYS_PBI_FLASH_BASE)) +
-  flash_base_addr;
+   *ie_addr = (uintptr_t)((sg_tbl->src_addr &
+   ~(CONFIG_SYS_PBI_FLASH_BASE)) +
+   flash_base_addr);
 #else
-   *ie_addr = sg_tbl->src_addr;
+   *ie_addr = (uintptr_t)sg_tbl->src_addr;
 #endif
 
-   debug("IE Table address is %x\n", *ie_addr);
+   debug("IE Table address is %lx\n", *ie_addr);
return 0;
 }
-
+#endif /* CONFIG_ESBC_HDR_LS */
 #endif
 
 #ifdef CONFIG_KEY_REVOCATION
@@ -164,7 +183,10 @@ static int get_ie_info_addr(u32 *ie_addr)
 static u32 check_srk(struct fsl_secboot_img_priv *img)
 {
 #ifdef CONFIG_ESBC_HDR_LS
-   /* In LS, No SRK Flag as SRK is always present*/
+   /* In LS, No SRK Flag as SRK is always present if IE not present*/
+#if defined(CONFIG_FSL_ISBC_KEY_EXT)
+   return !check_ie(img);
+#endif
return 1;
 #else
if (img->hdr.len_kr.srk_table_flag & SRK_FLAG)
@@ -253,14 +275,29 @@ static u32 read_validate_single_key(struct 
fsl_secboot_img_priv *img)
 #endif /* CONFIG_ESBC_HDR_LS */
 
 #if defined(CONFIG_FSL_IS

[U-Boot] [PATCH 1/1] Enable IE (Key extention) Feature in LS2080A

[Udit Agarwal]

For validating images from uboot (Such as Kernel Image), either keys
from SoC fuses can be used or keys from a verified table of public keys
can be used. The latter feature is called IE Key Extension Feature.

On ls-ch3 platforms,IE table is validated by Bootrom and address of this
table is written in scratch registers 13 and 14 via PBI commands.

The procedure is to first verify IE table using Keys stored in fuses,
and then use the keys in this table to verify further images. So the steps
are:

1) Verify IE Table (If "IE Table Flag" set in any image
i.e. Verify IE Table only when any image needs IE Table's Key to be verified)
2) Install IE table. (To be used across verification of multiple images.
Stored in a static global structure.)
3) If IE flag enabled in header of any image, Use keys from IE table,
otherwise use keys tied up with SoC's fuses (SRK).

Signed-off-by: Aneesh Bansal <aneesh.ban...@nxp.com>
Signed-off-by: Saksham Jain <saksham.j...@nxp.com>
Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
---
 arch/arm/include/asm/fsl_secure_boot.h |  6 +--
 board/freescale/common/fsl_validate.c  | 88 +++---
 include/fsl_validate.h | 24 +-
 3 files changed, 97 insertions(+), 21 deletions(-)

diff --git a/arch/arm/include/asm/fsl_secure_boot.h 
b/arch/arm/include/asm/fsl_secure_boot.h
index 27cf096..a612b7d 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -51,11 +51,11 @@
  * in boot ROM of the SoC.
  * The feature is only applicable in case of NOR boot and is
  * not applicable in case of RAMBOOT (NAND, SD, SPI).
+ * For LS, this feature is available for all device if IE Table
+ * is copied to XIP memory
+ * Also, for LS, ISBC doesn't verify this table.
  */
-#ifndef CONFIG_ESBC_HDR_LS
-/* Current Key EXT feature not available in LS ESBC Header */
 #define CONFIG_FSL_ISBC_KEY_EXT
-#endif
 
 #endif
 
diff --git a/board/freescale/common/fsl_validate.c 
b/board/freescale/common/fsl_validate.c
index 2b723a4..7396aa2 100644
--- a/board/freescale/common/fsl_validate.c
+++ b/board/freescale/common/fsl_validate.c
@@ -27,6 +27,10 @@
 #define CHECK_KEY_LEN(key_len) (((key_len) == 2 * KEY_SIZE_BYTES / 4) || \
 ((key_len) == 2 * KEY_SIZE_BYTES / 2) || \
 ((key_len) == 2 * KEY_SIZE_BYTES))
+#if defined(CONFIG_FSL_ISBC_KEY_EXT)
+/* Global data structure */
+static struct fsl_secboot_glb glb;
+#endif
 
 /* This array contains DER value for SHA-256 */
 static const u8 hash_identifier[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60,
@@ -60,7 +64,7 @@ self:
 #if defined(CONFIG_FSL_ISBC_KEY_EXT)
 static u32 check_ie(struct fsl_secboot_img_priv *img)
 {
-   if (img->hdr.ie_flag)
+   if (img->hdr.ie_flag & IE_FLAG_MASK)
return 1;
 
return 0;
@@ -119,7 +123,21 @@ int get_csf_base_addr(u32 *csf_addr, u32 *flash_base_addr)
 }
 #endif
 
-static int get_ie_info_addr(u32 *ie_addr)
+#if defined(CONFIG_ESBC_HDR_LS)
+static int get_ie_info_addr(uintptr_t *ie_addr)
+{
+   struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR);
+   /* For LS-CH3, the address of IE Table is
+* stated in Scratch13 and scratch14 of DCFG.
+* Bootrom validates this table while validating uboot.
+* DCFG is LE*/
+   *ie_addr = in_le32(>scratchrw[SCRATCH_IE_HIGH_ADR - 1]);
+   *ie_addr = *ie_addr << 32;
+   *ie_addr |= in_le32(>scratchrw[SCRATCH_IE_LOW_ADR - 1]);
+   return 0;
+}
+#else /* CONFIG_ESBC_HDR_LS */
+static int get_ie_info_addr(uintptr_t *ie_addr)
 {
struct fsl_secboot_img_hdr *hdr;
struct fsl_secboot_sg_table *sg_tbl;
@@ -147,16 +165,17 @@ static int get_ie_info_addr(u32 *ie_addr)
 
/* IE Key Table is the first entry in the SG Table */
 #if defined(CONFIG_MPC85xx)
-   *ie_addr = (sg_tbl->src_addr & ~(CONFIG_SYS_PBI_FLASH_BASE)) +
-  flash_base_addr;
+   *ie_addr = (uintptr_t)((sg_tbl->src_addr &
+   ~(CONFIG_SYS_PBI_FLASH_BASE)) +
+   flash_base_addr);
 #else
-   *ie_addr = sg_tbl->src_addr;
+   *ie_addr = (uintptr_t)sg_tbl->src_addr;
 #endif
 
-   debug("IE Table address is %x\n", *ie_addr);
+   debug("IE Table address is %lx\n", *ie_addr);
return 0;
 }
-
+#endif /* CONFIG_ESBC_HDR_LS */
 #endif
 
 #ifdef CONFIG_KEY_REVOCATION
@@ -164,7 +183,10 @@ static int get_ie_info_addr(u32 *ie_addr)
 static u32 check_srk(struct fsl_secboot_img_priv *img)
 {
 #ifdef CONFIG_ESBC_HDR_LS
-   /* In LS, No SRK Flag as SRK is always present*/
+   /* In LS, No SRK Flag as SRK is always present if IE not present*/
+#if defined(CONFIG_FSL_ISBC_KEY_EXT)
+   return !check_ie(img);
+#endif
return 1;
 #else
if (img->hdr.len_kr.srk_table_flag & SRK_FLAG)
@@ -253,14 +275,29 @@ sta

[U-Boot] [PATCH 2/2] LS2080A: Move sec_init to board_init

[Udit Agarwal]

Moves sec_init to board_init rather than in misc_init function beacuse
PPA will be initialised in board_init function and for PPA validation
sec_init has to be done prior to PPA init.

Signed-off-by: Sumit Garg <sumit.g...@nxp.com>
Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
---
 board/freescale/ls2080aqds/ls2080aqds.c | 6 +++---
 board/freescale/ls2080ardb/ls2080ardb.c | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/board/freescale/ls2080aqds/ls2080aqds.c 
b/board/freescale/ls2080aqds/ls2080aqds.c
index 73a61fd..d9d0bea 100644
--- a/board/freescale/ls2080aqds/ls2080aqds.c
+++ b/board/freescale/ls2080aqds/ls2080aqds.c
@@ -223,6 +223,9 @@ int board_init(void)
 #endif
select_i2c_ch_pca9547(I2C_MUX_CH_DEFAULT);
rtc_enable_32khz_output();
+#ifdef CONFIG_FSL_CAAM
+sec_init();
+#endif
 
return 0;
 }
@@ -264,9 +267,6 @@ int dram_init(void)
 #if defined(CONFIG_ARCH_MISC_INIT)
 int arch_misc_init(void)
 {
-#ifdef CONFIG_FSL_CAAM
-   sec_init();
-#endif
return 0;
 }
 #endif
diff --git a/board/freescale/ls2080ardb/ls2080ardb.c 
b/board/freescale/ls2080ardb/ls2080ardb.c
index 02954ef..b0024d3 100644
--- a/board/freescale/ls2080ardb/ls2080ardb.c
+++ b/board/freescale/ls2080ardb/ls2080ardb.c
@@ -184,6 +184,9 @@ int board_init(void)
/* invert AQR405 IRQ pins polarity */
out_le32(irq_ccsr + IRQCR_OFFSET / 4, AQR405_IRQ_MASK);
 #endif
+#ifdef CONFIG_FSL_CAAM
+sec_init();
+#endif
 
return 0;
 }
@@ -237,9 +240,6 @@ int dram_init(void)
 #if defined(CONFIG_ARCH_MISC_INIT)
 int arch_misc_init(void)
 {
-#ifdef CONFIG_FSL_CAAM
-   sec_init();
-#endif
return 0;
 }
 #endif
-- 
1.9.1

___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot

[U-Boot] [PATCH 1/2] SECURE_BOOT: Define CONFIG_SYS_LS_PPA_ESBC_ADDR for LS2080A

[Udit Agarwal]

Add header address for PPA to be validated during ESBC phase for LS2080A
platform based on Layescape Chasis 3.

Signed-off-by: Sumit Garg <sumit.g...@nxp.com>
Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
---
 arch/arm/include/asm/fsl_secure_boot.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/arch/arm/include/asm/fsl_secure_boot.h 
b/arch/arm/include/asm/fsl_secure_boot.h
index f920215..27cf096 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -125,6 +125,8 @@
 #ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP
 #ifdef CONFIG_LS1043A
 #define CONFIG_SYS_LS_PPA_ESBC_ADDR0x600c
+#elif defined(CONFIG_FSL_LSCH3)
+#define CONFIG_SYS_LS_PPA_ESBC_ADDR 0x580c4
 #endif
 #else
 #error "No CONFIG_SYS_LS_PPA_FW_IN_xxx defined"
-- 
1.9.1

___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot

[U-Boot] [PATCH v2 2/2] LS2080A: Add validation of MC & DPC images.

[Udit Agarwal]

Add secure boot validation of MC, DPC images using
esbc_validate command.

Signed-off-by: Sumit Garg <sumit.g...@nxp.com>
Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
---

Changes for V2:
Use of #ifdef instead of #ifndef with CONFIG_SECURE_BOOT macro
and coresponding changes in mcinitcmd command.

 include/configs/ls2080aqds.h | 21 -
 include/configs/ls2080ardb.h | 30 --
 2 files changed, 48 insertions(+), 3 deletions(-)

diff --git a/include/configs/ls2080aqds.h b/include/configs/ls2080aqds.h
index 838568f..6d566e8 100644
--- a/include/configs/ls2080aqds.h
+++ b/include/configs/ls2080aqds.h
@@ -365,6 +365,7 @@ unsigned long get_board_ddr_clk(void);
 
 /* Initial environment variables */
 #undef CONFIG_EXTRA_ENV_SETTINGS
+#ifdef CONFIG_SECURE_BOOT
 #define CONFIG_EXTRA_ENV_SETTINGS  \
"hwconfig=fsl_ddr:bank_intlv=auto\0"\
"loadaddr=0x8010\0" \
@@ -376,8 +377,26 @@ unsigned long get_board_ddr_clk(void);
"kernel_start=0x58110\0"\
"kernel_load=0xa000\0"  \
"kernel_size=0x280\0"   \
-   "mcinitcmd=fsl_mc start mc 0x58030" \
+   "mcinitcmd=esbc_validate 0x580c8;"  \
+   "esbc_validate 0x580cc;"\
+   "fsl_mc start mc 0x58030"   \
" 0x58080 \0"
+#else
+#define CONFIG_EXTRA_ENV_SETTINGS  \
+   "hwconfig=fsl_ddr:bank_intlv=auto\0"\
+   "loadaddr=0x8010\0" \
+   "kernel_addr=0x10\0"\
+   "ramdisk_addr=0x80\0"   \
+   "ramdisk_size=0x200\0"  \
+   "fdt_high=0xa000\0" \
+   "initrd_high=0x\0"  \
+   "kernel_start=0x58110\0"\
+   "kernel_load=0xa000\0"  \
+   "kernel_size=0x280\0"   \
+   "mcinitcmd=fsl_mc start mc 0x58030" \
+   " 0x58080 \0"
+#endif /* CONFIG_SECURE_BOOT */
+
 
 #ifdef CONFIG_FSL_MC_ENET
 #define CONFIG_FSL_MEMAC
diff --git a/include/configs/ls2080ardb.h b/include/configs/ls2080ardb.h
index 32fa0eb..ee99126 100644
--- a/include/configs/ls2080ardb.h
+++ b/include/configs/ls2080ardb.h
@@ -328,6 +328,7 @@ unsigned long get_board_sys_clk(void);
 
 /* Initial environment variables */
 #undef CONFIG_EXTRA_ENV_SETTINGS
+#ifdef CONFIG_SECURE_BOOT
 #define CONFIG_EXTRA_ENV_SETTINGS  \
"hwconfig=fsl_ddr:bank_intlv=auto\0"\
"scriptaddr=0x8080\0"   \
@@ -345,9 +346,34 @@ unsigned long get_board_sys_clk(void);
"kernel_load=0xa000\0"  \
"kernel_size=0x280\0"   \
"fdtfile=fsl-ls2080a-rdb.dtb\0" \
-   "mcinitcmd=fsl_mc start mc 0x58030" \
-   " 0x58080 \0"   \
+   "mcinitcmd=esbc_validate 0x580c8;"  \
+   "esbc_validate 0x580cc;"\
+   "fsl_mc start mc 0x58030"   \
+   " 0x58080 \0"   \
BOOTENV
+#else
+#define CONFIG_EXTRA_ENV_SETTINGS  \
+   "hwconfig=fsl_ddr:bank_intlv=auto\0"\
+   "scriptaddr=0x8080\0"   \
+   "kernel_addr_r=0x8100\0"\
+   "pxefile_addr_r=0x8100\0"   \
+   "fdt_addr_r=0x8800\0"   \
+   "ramdisk_addr_r=0x8900\0"   \
+   "loadaddr=0x8010\0" \
+   "kernel_addr=0x10\0"\
+   "ramdisk_addr=0x80\0"   \
+   "ramdisk_size=0x200\0"  \
+   "fdt_high=0xa000\0" \
+   "initrd_high=0x\0"  \
+   "kernel_start=0x58110\0"\
+   "kernel_load=0xa000\0"  \
+   "kernel_size=0x280\0"   \
+   "fdtfile=fsl-ls2080a-rdb.dtb\0" \
+   "mcinitcmd=fsl_mc start mc 0x58030" \
+   " 0x58080 \0"   \
+   BOOTENV
+#endif
+
 
 #undef CONFIG_BOOTARGS
 #define CONFIG_BOOTARGS"console=ttyS1,115200 root=/dev/ram0 " \
-- 
1.9.1

___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot

[U-Boot] [PATCH v2 1/2] SECURE_BOOT: Update bootscript and its hdr addresses

[Udit Agarwal]

Update bootscript and its hdr addresses for Layerscape Chasis 3
based platforms instead of individual SoCs.

Signed-off-by: Sumit Garg <sumit.g...@nxp.com>
Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
---

Changes for V2:
Modified the subject

 arch/arm/include/asm/fsl_secure_boot.h | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/arch/arm/include/asm/fsl_secure_boot.h 
b/arch/arm/include/asm/fsl_secure_boot.h
index 933e09c..f34ffc7 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -84,7 +84,7 @@
  * Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from
  * Non-XIP Memory (Nand/SD)
  */
-#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_LS2080A) || \
+#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_FSL_LSCH3) || \
defined(CONFIG_SD_BOOT)
 #define CONFIG_BOOTSCRIPT_COPY_RAM
 #endif
@@ -92,11 +92,11 @@
  * The address needs to be modified according to NOR, NAND, SD and
  * DDR memory map
  */
-#ifdef CONFIG_LS2080A
-#define CONFIG_BS_HDR_ADDR_DEVICE  0x58392
-#define CONFIG_BS_ADDR_DEVICE  0x58390
-#define CONFIG_BS_HDR_ADDR_RAM 0xa392
-#define CONFIG_BS_ADDR_RAM 0xa390
+#ifdef CONFIG_FSL_LSCH3
+#define CONFIG_BS_HDR_ADDR_DEVICE  0x580d0
+#define CONFIG_BS_ADDR_DEVICE  0x580e0
+#define CONFIG_BS_HDR_ADDR_RAM 0xa0d0
+#define CONFIG_BS_ADDR_RAM 0xa0e0
 #define CONFIG_BS_HDR_SIZE 0x2000
 #define CONFIG_BS_SIZE 0x1000
 #else
-- 
1.9.1

___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot

[U-Boot] [PATCH 1/2] SECURE_BOOT: Update bootscript and its address for LS Chasis 3

[Udit Agarwal]

Update bootscript and its  addresses for Layerscape Chasis 3
based platforms instead of individual SoCs.

Signed-off-by: Sumit Garg <sumit.g...@nxp.com>
Signed-off-by: Udit Agarwal <udit.agar...@nxp.com>
---
 arch/arm/include/asm/fsl_secure_boot.h | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/arch/arm/include/asm/fsl_secure_boot.h 
b/arch/arm/include/asm/fsl_secure_boot.h
index 933e09c..f34ffc7 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -84,7 +84,7 @@
  * Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from
  * Non-XIP Memory (Nand/SD)
  */
-#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_LS2080A) || \
+#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_FSL_LSCH3) || \
defined(CONFIG_SD_BOOT)
 #define CONFIG_BOOTSCRIPT_COPY_RAM
 #endif
@@ -92,11 +92,11 @@
  * The address needs to be modified according to NOR, NAND, SD and
  * DDR memory map
  */
-#ifdef CONFIG_LS2080A
-#define CONFIG_BS_HDR_ADDR_DEVICE  0x58392
-#define CONFIG_BS_ADDR_DEVICE  0x58390
-#define CONFIG_BS_HDR_ADDR_RAM 0xa392
-#define CONFIG_BS_ADDR_RAM 0xa390
+#ifdef CONFIG_FSL_LSCH3
+#define CONFIG_BS_HDR_ADDR_DEVICE  0x580d0
+#define CONFIG_BS_ADDR_DEVICE  0x580e0
+#define CONFIG_BS_HDR_ADDR_RAM 0xa0d0
+#define CONFIG_BS_ADDR_RAM 0xa0e0
 #define CONFIG_BS_HDR_SIZE 0x2000
 #define CONFIG_BS_SIZE 0x1000
 #else
-- 
1.9.1

___
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot