diff options
author | Sumit Garg <sumit.garg@nxp.com> | 2016-07-14 12:27:51 -0400 |
---|---|---|
committer | York Sun <york.sun@nxp.com> | 2016-07-21 11:09:23 -0700 |
commit | 8f01397ba76d1ee210bedbf031d807e8df34c482 (patch) | |
tree | 5c25955aa0d03c186a5c7eace132c590c9b6c877 /arch/powerpc | |
parent | 63865278dae47ad19527d9f9b6e0dad6cb01f401 (diff) | |
download | u-boot-imx-8f01397ba76d1ee210bedbf031d807e8df34c482.zip u-boot-imx-8f01397ba76d1ee210bedbf031d807e8df34c482.tar.gz u-boot-imx-8f01397ba76d1ee210bedbf031d807e8df34c482.tar.bz2 |
powerpc/mpc85xx: SECURE BOOT- Enable chain of trust in SPL
As part of Chain of Trust for Secure boot, the SPL U-Boot will validate
the next level U-boot image. Add a new function spl_validate_uboot to
perform the validation.
Enable hardware crypto operations in SPL using SEC block.
In case of Secure Boot, PAMU is not bypassed. For allowing SEC block
access to CPC configured as SRAM, configure PAMU.
Reviewed-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: York Sun <york.sun@nxp.com>
Diffstat (limited to 'arch/powerpc')
-rw-r--r-- | arch/powerpc/cpu/mpc8xxx/fsl_pamu.c | 8 | ||||
-rw-r--r-- | arch/powerpc/cpu/mpc8xxx/pamu_table.c | 8 | ||||
-rw-r--r-- | arch/powerpc/include/asm/fsl_secure_boot.h | 31 |
3 files changed, 46 insertions, 1 deletions
diff --git a/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c b/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c index 9421f1e..ede8e66 100644 --- a/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c +++ b/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c @@ -239,15 +239,23 @@ int pamu_init(void) spaact_size = sizeof(struct paace) * NUM_SPAACT_ENTRIES; /* Allocate space for Primary PAACT Table */ +#if (defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_PPAACT_ADDR)) + ppaact = (void *)CONFIG_SPL_PPAACT_ADDR; +#else ppaact = memalign(PAMU_TABLE_ALIGNMENT, ppaact_size); if (!ppaact) return -1; +#endif memset(ppaact, 0, ppaact_size); /* Allocate space for Secondary PAACT Table */ +#if (defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_SPAACT_ADDR)) + sec = (void *)CONFIG_SPL_SPAACT_ADDR; +#else sec = memalign(PAMU_TABLE_ALIGNMENT, spaact_size); if (!sec) return -1; +#endif memset(sec, 0, spaact_size); ppaact_phys = virt_to_phys((void *)ppaact); diff --git a/arch/powerpc/cpu/mpc8xxx/pamu_table.c b/arch/powerpc/cpu/mpc8xxx/pamu_table.c index 26c5ea4..a8e6f51 100644 --- a/arch/powerpc/cpu/mpc8xxx/pamu_table.c +++ b/arch/powerpc/cpu/mpc8xxx/pamu_table.c @@ -28,6 +28,14 @@ void construct_pamu_addr_table(struct pamu_addr_tbl *tbl, int *num_entries) i++; #endif +#if (defined(CONFIG_SPL_BUILD) && (CONFIG_SYS_INIT_L3_VADDR)) + tbl->start_addr[i] = + (uint64_t)virt_to_phys((void *)CONFIG_SYS_INIT_L3_VADDR); + tbl->size[i] = 256 * 1024; /* 256K CPC flash */ + tbl->end_addr[i] = tbl->start_addr[i] + tbl->size[i] - 1; + + i++; +#endif debug("PAMU address\t\t\tsize\n"); for (j = 0; j < i ; j++) debug("%llx \t\t\t%llx\n", tbl->start_addr[j], tbl->size[j]); diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h index 826f9c9..9420021 100644 --- a/arch/powerpc/include/asm/fsl_secure_boot.h +++ b/arch/powerpc/include/asm/fsl_secure_boot.h @@ -72,6 +72,32 @@ #ifdef CONFIG_CHAIN_OF_TRUST +#ifdef CONFIG_SPL_BUILD +#define CONFIG_SPL_DM 1 +#define CONFIG_SPL_CRYPTO_SUPPORT +#define CONFIG_SPL_HASH_SUPPORT +#define CONFIG_SPL_RSA +#define CONFIG_SPL_DRIVERS_MISC_SUPPORT +/* + * PPAACT and SPAACT table for PAMU must be placed on DDR after DDR init + * due to space crunch on CPC and thus malloc will not work. + */ +#define CONFIG_SPL_PPAACT_ADDR 0x2e000000 +#define CONFIG_SPL_SPAACT_ADDR 0x2f000000 +#define CONFIG_SPL_JR0_LIODN_S 454 +#define CONFIG_SPL_JR0_LIODN_NS 458 +/* + * Define the key hash for U-Boot here if public/private key pair used to + * sign U-boot are different from the SRK hash put in the fuse + * Example of defining KEY_HASH is + * #define CONFIG_SPL_UBOOT_KEY_HASH \ + * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b" + * else leave it defined as NULL + */ + +#define CONFIG_SPL_UBOOT_KEY_HASH NULL +#endif /* ifdef CONFIG_SPL_BUILD */ + #define CONFIG_CMD_ESBC_VALIDATE #define CONFIG_CMD_BLOB #define CONFIG_FSL_SEC_MON @@ -82,7 +108,9 @@ #define CONFIG_FSL_CAAM #endif -/* fsl_setenv_chain_of_trust() must be called from +#ifndef CONFIG_SPL_BUILD +/* + * fsl_setenv_chain_of_trust() must be called from * board_late_init() */ #ifndef CONFIG_BOARD_LATE_INIT @@ -119,5 +147,6 @@ #endif /* #ifdef CONFIG_BOOTSCRIPT_COPY_RAM */ #include <config_fsl_chain_trust.h> +#endif /* #ifndef CONFIG_SPL_BUILD */ #endif /* #ifdef CONFIG_CHAIN_OF_TRUST */ #endif |