summaryrefslogtreecommitdiff
path: root/arch/powerpc
diff options
context:
space:
mode:
authorSumit Garg <sumit.garg@nxp.com>2016-07-14 12:27:51 -0400
committerYork Sun <york.sun@nxp.com>2016-07-21 11:09:23 -0700
commit8f01397ba76d1ee210bedbf031d807e8df34c482 (patch)
tree5c25955aa0d03c186a5c7eace132c590c9b6c877 /arch/powerpc
parent63865278dae47ad19527d9f9b6e0dad6cb01f401 (diff)
downloadu-boot-imx-8f01397ba76d1ee210bedbf031d807e8df34c482.zip
u-boot-imx-8f01397ba76d1ee210bedbf031d807e8df34c482.tar.gz
u-boot-imx-8f01397ba76d1ee210bedbf031d807e8df34c482.tar.bz2
powerpc/mpc85xx: SECURE BOOT- Enable chain of trust in SPL
As part of Chain of Trust for Secure boot, the SPL U-Boot will validate the next level U-boot image. Add a new function spl_validate_uboot to perform the validation. Enable hardware crypto operations in SPL using SEC block. In case of Secure Boot, PAMU is not bypassed. For allowing SEC block access to CPC configured as SRAM, configure PAMU. Reviewed-by: Ruchika Gupta <ruchika.gupta@nxp.com> Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <york.sun@nxp.com>
Diffstat (limited to 'arch/powerpc')
-rw-r--r--arch/powerpc/cpu/mpc8xxx/fsl_pamu.c8
-rw-r--r--arch/powerpc/cpu/mpc8xxx/pamu_table.c8
-rw-r--r--arch/powerpc/include/asm/fsl_secure_boot.h31
3 files changed, 46 insertions, 1 deletions
diff --git a/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c b/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c
index 9421f1e..ede8e66 100644
--- a/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c
+++ b/arch/powerpc/cpu/mpc8xxx/fsl_pamu.c
@@ -239,15 +239,23 @@ int pamu_init(void)
spaact_size = sizeof(struct paace) * NUM_SPAACT_ENTRIES;
/* Allocate space for Primary PAACT Table */
+#if (defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_PPAACT_ADDR))
+ ppaact = (void *)CONFIG_SPL_PPAACT_ADDR;
+#else
ppaact = memalign(PAMU_TABLE_ALIGNMENT, ppaact_size);
if (!ppaact)
return -1;
+#endif
memset(ppaact, 0, ppaact_size);
/* Allocate space for Secondary PAACT Table */
+#if (defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_SPAACT_ADDR))
+ sec = (void *)CONFIG_SPL_SPAACT_ADDR;
+#else
sec = memalign(PAMU_TABLE_ALIGNMENT, spaact_size);
if (!sec)
return -1;
+#endif
memset(sec, 0, spaact_size);
ppaact_phys = virt_to_phys((void *)ppaact);
diff --git a/arch/powerpc/cpu/mpc8xxx/pamu_table.c b/arch/powerpc/cpu/mpc8xxx/pamu_table.c
index 26c5ea4..a8e6f51 100644
--- a/arch/powerpc/cpu/mpc8xxx/pamu_table.c
+++ b/arch/powerpc/cpu/mpc8xxx/pamu_table.c
@@ -28,6 +28,14 @@ void construct_pamu_addr_table(struct pamu_addr_tbl *tbl, int *num_entries)
i++;
#endif
+#if (defined(CONFIG_SPL_BUILD) && (CONFIG_SYS_INIT_L3_VADDR))
+ tbl->start_addr[i] =
+ (uint64_t)virt_to_phys((void *)CONFIG_SYS_INIT_L3_VADDR);
+ tbl->size[i] = 256 * 1024; /* 256K CPC flash */
+ tbl->end_addr[i] = tbl->start_addr[i] + tbl->size[i] - 1;
+
+ i++;
+#endif
debug("PAMU address\t\t\tsize\n");
for (j = 0; j < i ; j++)
debug("%llx \t\t\t%llx\n", tbl->start_addr[j], tbl->size[j]);
diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h
index 826f9c9..9420021 100644
--- a/arch/powerpc/include/asm/fsl_secure_boot.h
+++ b/arch/powerpc/include/asm/fsl_secure_boot.h
@@ -72,6 +72,32 @@
#ifdef CONFIG_CHAIN_OF_TRUST
+#ifdef CONFIG_SPL_BUILD
+#define CONFIG_SPL_DM 1
+#define CONFIG_SPL_CRYPTO_SUPPORT
+#define CONFIG_SPL_HASH_SUPPORT
+#define CONFIG_SPL_RSA
+#define CONFIG_SPL_DRIVERS_MISC_SUPPORT
+/*
+ * PPAACT and SPAACT table for PAMU must be placed on DDR after DDR init
+ * due to space crunch on CPC and thus malloc will not work.
+ */
+#define CONFIG_SPL_PPAACT_ADDR 0x2e000000
+#define CONFIG_SPL_SPAACT_ADDR 0x2f000000
+#define CONFIG_SPL_JR0_LIODN_S 454
+#define CONFIG_SPL_JR0_LIODN_NS 458
+/*
+ * Define the key hash for U-Boot here if public/private key pair used to
+ * sign U-boot are different from the SRK hash put in the fuse
+ * Example of defining KEY_HASH is
+ * #define CONFIG_SPL_UBOOT_KEY_HASH \
+ * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
+ * else leave it defined as NULL
+ */
+
+#define CONFIG_SPL_UBOOT_KEY_HASH NULL
+#endif /* ifdef CONFIG_SPL_BUILD */
+
#define CONFIG_CMD_ESBC_VALIDATE
#define CONFIG_CMD_BLOB
#define CONFIG_FSL_SEC_MON
@@ -82,7 +108,9 @@
#define CONFIG_FSL_CAAM
#endif
-/* fsl_setenv_chain_of_trust() must be called from
+#ifndef CONFIG_SPL_BUILD
+/*
+ * fsl_setenv_chain_of_trust() must be called from
* board_late_init()
*/
#ifndef CONFIG_BOARD_LATE_INIT
@@ -119,5 +147,6 @@
#endif /* #ifdef CONFIG_BOOTSCRIPT_COPY_RAM */
#include <config_fsl_chain_trust.h>
+#endif /* #ifndef CONFIG_SPL_BUILD */
#endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
#endif