summaryrefslogtreecommitdiff
path: root/board/freescale
diff options
context:
space:
mode:
authorTom Rini <trini@konsulko.com>2016-01-27 15:05:36 -0500
committerTom Rini <trini@konsulko.com>2016-01-27 15:05:36 -0500
commitcd85bec36d0e0d16fedb00e0c434ed070a9c6b37 (patch)
tree69f52abae63886f9c50671e1e058c1a26fc7c8bf /board/freescale
parent19bde0316f2c58b3ab6357832790aee6ed7a4ad5 (diff)
parentb0f20caf6570fbc4d19c41dcedf9679784042860 (diff)
downloadu-boot-imx-cd85bec36d0e0d16fedb00e0c434ed070a9c6b37.zip
u-boot-imx-cd85bec36d0e0d16fedb00e0c434ed070a9c6b37.tar.gz
u-boot-imx-cd85bec36d0e0d16fedb00e0c434ed070a9c6b37.tar.bz2
Merge branch 'master' of git://git.denx.de/u-boot-fsl-qoriq
Diffstat (limited to 'board/freescale')
-rw-r--r--board/freescale/common/Makefile1
-rw-r--r--board/freescale/common/cmd_esbc_validate.c28
-rw-r--r--board/freescale/common/fsl_chain_of_trust.c70
-rw-r--r--board/freescale/common/fsl_validate.c323
-rw-r--r--board/freescale/common/qixis.c36
-rw-r--r--board/freescale/ls1021aqds/ls1021aqds.c4
-rw-r--r--board/freescale/ls1021atwr/ls1021atwr.c4
-rw-r--r--board/freescale/ls1043aqds/MAINTAINERS2
-rw-r--r--board/freescale/ls1043aqds/README1
-rw-r--r--board/freescale/ls1043aqds/ddr.c19
-rw-r--r--board/freescale/ls1043aqds/ls1043aqds.c27
-rw-r--r--board/freescale/ls1043aqds/ls1043aqds_rcw_sd_qspi.cfg8
12 files changed, 377 insertions, 146 deletions
diff --git a/board/freescale/common/Makefile b/board/freescale/common/Makefile
index 51d2814..be114ce 100644
--- a/board/freescale/common/Makefile
+++ b/board/freescale/common/Makefile
@@ -76,5 +76,6 @@ obj-$(CONFIG_LAYERSCAPE_NS_ACCESS) += ns_access.o
ifdef CONFIG_SECURE_BOOT
obj-$(CONFIG_CMD_ESBC_VALIDATE) += fsl_validate.o cmd_esbc_validate.o
endif
+obj-$(CONFIG_CHAIN_OF_TRUST) += fsl_chain_of_trust.o
endif
diff --git a/board/freescale/common/cmd_esbc_validate.c b/board/freescale/common/cmd_esbc_validate.c
index 8bbe85b..dfa3e21 100644
--- a/board/freescale/common/cmd_esbc_validate.c
+++ b/board/freescale/common/cmd_esbc_validate.c
@@ -11,6 +11,11 @@
static int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[])
{
+ if (fsl_check_boot_mode_secure() == 0) {
+ printf("Boot Mode is Non-Secure. Not entering spin loop.\n");
+ return 0;
+ }
+
printf("Core is entering spin loop.\n");
loop:
goto loop;
@@ -21,10 +26,29 @@ loop:
static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[])
{
+ char *hash_str = NULL;
+ uintptr_t haddr;
+ int ret;
+
if (argc < 2)
return cmd_usage(cmdtp);
+ else if (argc > 2)
+ /* Second arg - Optional - Hash Str*/
+ hash_str = argv[2];
+
+ /* First argument - header address -32/64bit */
+ haddr = (uintptr_t)simple_strtoul(argv[1], NULL, 16);
- return fsl_secboot_validate(cmdtp, flag, argc, argv);
+ /* With esbc_validate command, Image address must be
+ * part of header. So, the function is called
+ * by passing this argument as 0.
+ */
+ ret = fsl_secboot_validate(haddr, hash_str, 0);
+ if (ret)
+ return 1;
+
+ printf("esbc_validate command successful\n");
+ return 0;
}
/***************************************************/
@@ -45,6 +69,6 @@ U_BOOT_CMD(
U_BOOT_CMD(
esbc_halt, 1, 0, do_esbc_halt,
- "Put the core in spin loop ",
+ "Put the core in spin loop (Secure Boot Only)",
""
);
diff --git a/board/freescale/common/fsl_chain_of_trust.c b/board/freescale/common/fsl_chain_of_trust.c
new file mode 100644
index 0000000..ecfcc82
--- /dev/null
+++ b/board/freescale/common/fsl_chain_of_trust.c
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2015 Freescale Semiconductor, Inc.
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#include <common.h>
+#include <fsl_validate.h>
+#include <fsl_sfp.h>
+
+#ifdef CONFIG_LS102XA
+#include <asm/arch/immap_ls102xa.h>
+#endif
+
+#if defined(CONFIG_MPC85xx)
+#define CONFIG_DCFG_ADDR CONFIG_SYS_MPC85xx_GUTS_ADDR
+#else
+#define CONFIG_DCFG_ADDR CONFIG_SYS_FSL_GUTS_ADDR
+#endif
+
+#ifdef CONFIG_SYS_FSL_CCSR_GUR_LE
+#define gur_in32(a) in_le32(a)
+#else
+#define gur_in32(a) in_be32(a)
+#endif
+
+/* Check the Boot Mode. If Secure, return 1 else return 0 */
+int fsl_check_boot_mode_secure(void)
+{
+ uint32_t val;
+ struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR);
+ struct ccsr_gur __iomem *gur = (void *)(CONFIG_DCFG_ADDR);
+
+ val = sfp_in32(&sfp_regs->ospr) & ITS_MASK;
+ if (val == ITS_MASK)
+ return 1;
+
+#if defined(CONFIG_FSL_CORENET) || !defined(CONFIG_MPC85xx)
+ /* For PBL based platforms check the SB_EN bit in RCWSR */
+ val = gur_in32(&gur->rcwsr[RCW_SB_EN_REG_INDEX - 1]) & RCW_SB_EN_MASK;
+ if (val == RCW_SB_EN_MASK)
+ return 1;
+#endif
+
+#if defined(CONFIG_MPC85xx) && !defined(CONFIG_FSL_CORENET)
+ /* For Non-PBL Platforms, check the Device Status register 2*/
+ val = gur_in32(&gur->pordevsr2) & MPC85xx_PORDEVSR2_SBC_MASK;
+ if (val != MPC85xx_PORDEVSR2_SBC_MASK)
+ return 1;
+
+#endif
+ return 0;
+}
+
+int fsl_setenv_chain_of_trust(void)
+{
+ /* Check Boot Mode
+ * If Boot Mode is Non-Secure, no changes are required
+ */
+ if (fsl_check_boot_mode_secure() == 0)
+ return 0;
+
+ /* If Boot mode is Secure, set the environment variables
+ * bootdelay = 0 (To disable Boot Prompt)
+ * bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)
+ */
+ setenv("bootdelay", "0");
+ setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD);
+ return 0;
+}
diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c
index b510c71..8fd6dd6 100644
--- a/board/freescale/common/fsl_validate.c
+++ b/board/freescale/common/fsl_validate.c
@@ -24,6 +24,10 @@
#define SHA256_NIBBLES (256/4)
#define NUM_HEX_CHARS (sizeof(ulong) * 2)
+#define CHECK_KEY_LEN(key_len) (((key_len) == 2 * KEY_SIZE_BYTES / 4) || \
+ ((key_len) == 2 * KEY_SIZE_BYTES / 2) || \
+ ((key_len) == 2 * KEY_SIZE_BYTES))
+
/* This array contains DER value for SHA-256 */
static const u8 hash_identifier[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60,
0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00,
@@ -179,20 +183,97 @@ static u32 is_key_revoked(u32 keynum, u32 rev_flag)
return 0;
}
-/* It validates srk_table key lengths.*/
-static u32 validate_srk_tbl(struct srk_table *tbl, u32 num_entries)
+/* It read validates srk_table key lengths.*/
+static u32 read_validate_srk_tbl(struct fsl_secboot_img_priv *img)
{
int i = 0;
- for (i = 0; i < num_entries; i++) {
- if (!((tbl[i].key_len == 2 * KEY_SIZE_BYTES/4) ||
- (tbl[i].key_len == 2 * KEY_SIZE_BYTES/2) ||
- (tbl[i].key_len == 2 * KEY_SIZE_BYTES)))
+ u32 ret, key_num, key_revoc_flag, size;
+ struct fsl_secboot_img_hdr *hdr = &img->hdr;
+ void *esbc = (u8 *)(uintptr_t)img->ehdrloc;
+
+ if ((hdr->len_kr.num_srk == 0) ||
+ (hdr->len_kr.num_srk > MAX_KEY_ENTRIES))
+ return ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY;
+
+ key_num = hdr->len_kr.srk_sel;
+ if (key_num == 0 || key_num > hdr->len_kr.num_srk)
+ return ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM;
+
+ /* Get revoc key from sfp */
+ key_revoc_flag = get_key_revoc();
+ ret = is_key_revoked(key_num, key_revoc_flag);
+ if (ret)
+ return ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED;
+
+ size = hdr->len_kr.num_srk * sizeof(struct srk_table);
+
+ memcpy(&img->srk_tbl, esbc + hdr->srk_tbl_off, size);
+
+ for (i = 0; i < hdr->len_kr.num_srk; i++) {
+ if (!CHECK_KEY_LEN(img->srk_tbl[i].key_len))
return ERROR_ESBC_CLIENT_HEADER_INV_SRK_ENTRY_KEYLEN;
}
+
+ img->key_len = img->srk_tbl[key_num - 1].key_len;
+
+ memcpy(&img->img_key, &(img->srk_tbl[key_num - 1].pkey),
+ img->key_len);
+
+ return 0;
+}
+#endif
+
+static u32 read_validate_single_key(struct fsl_secboot_img_priv *img)
+{
+ struct fsl_secboot_img_hdr *hdr = &img->hdr;
+ void *esbc = (u8 *)(uintptr_t)img->ehdrloc;
+
+ /* check key length */
+ if (!CHECK_KEY_LEN(hdr->key_len))
+ return ERROR_ESBC_CLIENT_HEADER_KEY_LEN;
+
+ memcpy(&img->img_key, esbc + hdr->pkey, hdr->key_len);
+
+ img->key_len = hdr->key_len;
+
+ return 0;
+}
+
+#if defined(CONFIG_FSL_ISBC_KEY_EXT)
+static u32 read_validate_ie_tbl(struct fsl_secboot_img_priv *img)
+{
+ struct fsl_secboot_img_hdr *hdr = &img->hdr;
+ u32 ie_key_len, ie_revoc_flag, ie_num;
+ struct ie_key_info *ie_info;
+
+ if (get_ie_info_addr(&img->ie_addr))
+ return ERROR_IE_TABLE_NOT_FOUND;
+ ie_info = (struct ie_key_info *)(uintptr_t)img->ie_addr;
+ if (ie_info->num_keys == 0 || ie_info->num_keys > 32)
+ return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY;
+
+ ie_num = hdr->ie_key_sel;
+ if (ie_num == 0 || ie_num > ie_info->num_keys)
+ return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM;
+
+ ie_revoc_flag = ie_info->key_revok;
+ if ((u32)(1 << (ie_num - 1)) & ie_revoc_flag)
+ return ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED;
+
+ ie_key_len = ie_info->ie_key_tbl[ie_num - 1].key_len;
+
+ if (!CHECK_KEY_LEN(ie_key_len))
+ return ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN;
+
+ memcpy(&img->img_key, &(ie_info->ie_key_tbl[ie_num - 1].pkey),
+ ie_key_len);
+
+ img->key_len = ie_key_len;
return 0;
}
#endif
+
/* This function return length of public key.*/
static inline u32 get_key_len(struct fsl_secboot_img_priv *img)
{
@@ -289,6 +370,13 @@ void fsl_secboot_handle_error(int error)
printf("ERROR :: %x :: %s\n", error, e->name);
}
+ /* If Boot Mode is secure, transition the SNVS state and issue
+ * reset based on type of failure and ITS setting.
+ * If Boot mode is non-secure, return from this function.
+ */
+ if (fsl_check_boot_mode_secure() == 0)
+ return;
+
switch (error) {
case ERROR_ESBC_CLIENT_HEADER_BARKER:
case ERROR_ESBC_CLIENT_HEADER_IMG_SIZE:
@@ -455,13 +543,8 @@ static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img)
return ret;
/* Update hash for actual Image */
-#ifdef CONFIG_ESBC_ADDR_64BIT
- ret = algo->hash_update(algo, ctx,
- (u8 *)(uintptr_t)img->hdr.pimg64, img->hdr.img_size, 1);
-#else
ret = algo->hash_update(algo, ctx,
- (u8 *)(uintptr_t)img->hdr.pimg, img->hdr.img_size, 1);
-#endif
+ (u8 *)img->img_addr, img->img_size, 1);
if (ret)
return ret;
@@ -541,13 +624,9 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img)
struct fsl_secboot_img_hdr *hdr = &img->hdr;
void *esbc = (u8 *)(uintptr_t)img->ehdrloc;
u8 *k, *s;
+ u32 ret = 0;
+
#ifdef CONFIG_KEY_REVOCATION
- u32 ret;
- u32 key_num, key_revoc_flag, size;
-#endif
-#if defined(CONFIG_FSL_ISBC_KEY_EXT)
- struct ie_key_info *ie_info;
- u32 ie_num, ie_revoc_flag, ie_key_len;
#endif
int key_found = 0;
@@ -555,93 +634,48 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img)
if (memcmp(hdr->barker, barker_code, ESBC_BARKER_LEN))
return ERROR_ESBC_CLIENT_HEADER_BARKER;
-#ifdef CONFIG_ESBC_ADDR_64BIT
- sprintf(buf, "%llx", hdr->pimg64);
-#else
- sprintf(buf, "%x", hdr->pimg);
-#endif
+ /* If Image Address is not passed as argument to function,
+ * then Address and Size must be read from the Header.
+ */
+ if (img->img_addr == 0) {
+ #ifdef CONFIG_ESBC_ADDR_64BIT
+ img->img_addr = hdr->pimg64;
+ #else
+ img->img_addr = hdr->pimg;
+ #endif
+ }
+
+ sprintf(buf, "%lx", img->img_addr);
setenv("img_addr", buf);
if (!hdr->img_size)
return ERROR_ESBC_CLIENT_HEADER_IMG_SIZE;
+ img->img_size = hdr->img_size;
+
/* Key checking*/
#ifdef CONFIG_KEY_REVOCATION
if (check_srk(img)) {
- if ((hdr->len_kr.num_srk == 0) ||
- (hdr->len_kr.num_srk > MAX_KEY_ENTRIES))
- return ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY;
-
- key_num = hdr->len_kr.srk_sel;
- if (key_num == 0 || key_num > hdr->len_kr.num_srk)
- return ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM;
-
- /* Get revoc key from sfp */
- key_revoc_flag = get_key_revoc();
- ret = is_key_revoked(key_num, key_revoc_flag);
- if (ret)
- return ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED;
-
- size = hdr->len_kr.num_srk * sizeof(struct srk_table);
-
- memcpy(&img->srk_tbl, esbc + hdr->srk_tbl_off, size);
-
- ret = validate_srk_tbl(img->srk_tbl, hdr->len_kr.num_srk);
-
+ ret = read_validate_srk_tbl(img);
if (ret != 0)
return ret;
-
- img->key_len = img->srk_tbl[key_num - 1].key_len;
-
- memcpy(&img->img_key, &(img->srk_tbl[key_num - 1].pkey),
- img->key_len);
-
key_found = 1;
}
#endif
#if defined(CONFIG_FSL_ISBC_KEY_EXT)
if (!key_found && check_ie(img)) {
- if (get_ie_info_addr(&img->ie_addr))
- return ERROR_IE_TABLE_NOT_FOUND;
- ie_info = (struct ie_key_info *)(uintptr_t)img->ie_addr;
- if (ie_info->num_keys == 0 || ie_info->num_keys > 32)
- return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY;
-
- ie_num = hdr->ie_key_sel;
- if (ie_num == 0 || ie_num > ie_info->num_keys)
- return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM;
-
- ie_revoc_flag = ie_info->key_revok;
- if ((u32)(1 << (ie_num - 1)) & ie_revoc_flag)
- return ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED;
-
- ie_key_len = ie_info->ie_key_tbl[ie_num - 1].key_len;
-
- if (!((ie_key_len == 2 * KEY_SIZE_BYTES / 4) ||
- (ie_key_len == 2 * KEY_SIZE_BYTES / 2) ||
- (ie_key_len == 2 * KEY_SIZE_BYTES)))
- return ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN;
-
- memcpy(&img->img_key, &(ie_info->ie_key_tbl[ie_num - 1].pkey),
- ie_key_len);
-
- img->key_len = ie_key_len;
+ ret = read_validate_ie_tbl(img);
+ if (ret != 0)
+ return ret;
key_found = 1;
}
#endif
if (key_found == 0) {
- /* check key length */
- if (!((hdr->key_len == 2 * KEY_SIZE_BYTES / 4) ||
- (hdr->key_len == 2 * KEY_SIZE_BYTES / 2) ||
- (hdr->key_len == 2 * KEY_SIZE_BYTES)))
- return ERROR_ESBC_CLIENT_HEADER_KEY_LEN;
-
- memcpy(&img->img_key, esbc + hdr->pkey, hdr->key_len);
-
- img->key_len = hdr->key_len;
-
+ ret = read_validate_single_key(img);
+ if (ret != 0)
+ return ret;
key_found = 1;
}
@@ -698,27 +732,73 @@ static inline int str2longbe(const char *p, ulong *num)
return *p != '\0' && *endptr == '\0';
}
+/* Function to calculate the ESBC Image Hash
+ * and hash from Digital signature.
+ * The Two hash's are compared to yield the
+ * result of signature validation.
+ */
+static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img)
+{
+ int ret;
+ uint32_t key_len;
+ struct key_prop prop;
+#if !defined(USE_HOSTCC)
+ struct udevice *mod_exp_dev;
+#endif
+ ret = calc_esbchdr_esbc_hash(img);
+ if (ret)
+ return ret;
+
+ /* Construct encoded hash EM' wrt PKCSv1.5 */
+ construct_img_encoded_hash_second(img);
+
+ /* Fill prop structure for public key */
+ memset(&prop, 0, sizeof(struct key_prop));
+ key_len = get_key_len(img) / 2;
+ prop.modulus = img->img_key;
+ prop.public_exponent = img->img_key + key_len;
+ prop.num_bits = key_len * 8;
+ prop.exp_len = key_len;
+
+ ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev);
+ if (ret) {
+ printf("RSA: Can't find Modular Exp implementation\n");
+ return -EINVAL;
+ }
+
+ ret = rsa_mod_exp(mod_exp_dev, img->img_sign, img->hdr.sign_len,
+ &prop, img->img_encoded_hash);
+ if (ret)
+ return ret;
+
+ /*
+ * compare the encoded messages EM' and EM wrt RSA PKCSv1.5
+ * memcmp returns zero on success
+ * memcmp returns non-zero on failure
+ */
+ ret = memcmp(&img->img_encoded_hash_second, &img->img_encoded_hash,
+ img->hdr.sign_len);
-int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc,
- char * const argv[])
+ if (ret)
+ return ERROR_ESBC_CLIENT_HASH_COMPARE_EM;
+
+ return 0;
+}
+
+int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
+ uintptr_t img_addr)
{
struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR);
ulong hash[SHA256_BYTES/sizeof(ulong)];
char hash_str[NUM_HEX_CHARS + 1];
- ulong addr = simple_strtoul(argv[1], NULL, 16);
struct fsl_secboot_img_priv *img;
struct fsl_secboot_img_hdr *hdr;
void *esbc;
int ret, i, hash_cmd = 0;
u32 srk_hash[8];
- uint32_t key_len;
- struct key_prop prop;
-#if !defined(USE_HOSTCC)
- struct udevice *mod_exp_dev;
-#endif
- if (argc == 3) {
- char *cp = argv[2];
+ if (arg_hash_str != NULL) {
+ const char *cp = arg_hash_str;
int i = 0;
if (*cp == '0' && *(cp + 1) == 'x')
@@ -731,7 +811,7 @@ int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc,
*/
if (strlen(cp) != SHA256_NIBBLES) {
printf("%s is not a 256 bits hex string as expected\n",
- argv[2]);
+ arg_hash_str);
return -1;
}
@@ -741,7 +821,7 @@ int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc,
hash_str[NUM_HEX_CHARS] = '\0';
if (!str2longbe(hash_str, &hash[i])) {
printf("%s is not a 256 bits hex string ",
- argv[2]);
+ arg_hash_str);
return -1;
}
}
@@ -756,9 +836,11 @@ int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc,
memset(img, 0, sizeof(struct fsl_secboot_img_priv));
+ /* Update the information in Private Struct */
hdr = &img->hdr;
- img->ehdrloc = addr;
- esbc = (u8 *)(uintptr_t)img->ehdrloc;
+ img->ehdrloc = haddr;
+ img->img_addr = img_addr;
+ esbc = (u8 *)img->ehdrloc;
memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr));
@@ -800,51 +882,12 @@ int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc,
goto exit;
}
- ret = calc_esbchdr_esbc_hash(img);
+ ret = calculate_cmp_img_sig(img);
if (ret) {
- fsl_secblk_handle_error(ret);
- goto exit;
- }
-
- /* Construct encoded hash EM' wrt PKCSv1.5 */
- construct_img_encoded_hash_second(img);
-
- /* Fill prop structure for public key */
- memset(&prop, 0, sizeof(struct key_prop));
- key_len = get_key_len(img) / 2;
- prop.modulus = img->img_key;
- prop.public_exponent = img->img_key + key_len;
- prop.num_bits = key_len * 8;
- prop.exp_len = key_len;
-
- ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev);
- if (ret) {
- printf("RSA: Can't find Modular Exp implementation\n");
- return -EINVAL;
- }
-
- ret = rsa_mod_exp(mod_exp_dev, img->img_sign, img->hdr.sign_len,
- &prop, img->img_encoded_hash);
- if (ret) {
- fsl_secblk_handle_error(ret);
- goto exit;
- }
-
- /*
- * compare the encoded messages EM' and EM wrt RSA PKCSv1.5
- * memcmp returns zero on success
- * memcmp returns non-zero on failure
- */
- ret = memcmp(&img->img_encoded_hash_second, &img->img_encoded_hash,
- img->hdr.sign_len);
-
- if (ret) {
- fsl_secboot_handle_error(ERROR_ESBC_CLIENT_HASH_COMPARE_EM);
+ fsl_secboot_handle_error(ret);
goto exit;
}
- printf("esbc_validate command successful\n");
-
exit:
- return 0;
+ return ret;
}
diff --git a/board/freescale/common/qixis.c b/board/freescale/common/qixis.c
index 9f6b0e7..113295f 100644
--- a/board/freescale/common/qixis.c
+++ b/board/freescale/common/qixis.c
@@ -216,6 +216,39 @@ int qixis_reset_cmd(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
#else
printf("Not implemented\n");
#endif
+ } else if (strcmp(argv[1], "sd") == 0) {
+#ifdef QIXIS_LBMAP_SD
+ QIXIS_WRITE(rst_ctl, 0x30);
+ QIXIS_WRITE(rcfg_ctl, 0);
+ set_lbmap(QIXIS_LBMAP_SD);
+ set_rcw_src(QIXIS_RCW_SRC_SD);
+ QIXIS_WRITE(rcfg_ctl, 0x20);
+ QIXIS_WRITE(rcfg_ctl, 0x21);
+#else
+ printf("Not implemented\n");
+#endif
+ } else if (strcmp(argv[1], "sd_qspi") == 0) {
+#ifdef QIXIS_LBMAP_SD_QSPI
+ QIXIS_WRITE(rst_ctl, 0x30);
+ QIXIS_WRITE(rcfg_ctl, 0);
+ set_lbmap(QIXIS_LBMAP_SD_QSPI);
+ set_rcw_src(QIXIS_RCW_SRC_SD);
+ qixis_write_i2c(offsetof(struct qixis, rcfg_ctl), 0x20);
+ qixis_write_i2c(offsetof(struct qixis, rcfg_ctl), 0x21);
+#else
+ printf("Not implemented\n");
+#endif
+ } else if (strcmp(argv[1], "qspi") == 0) {
+#ifdef QIXIS_LBMAP_QSPI
+ QIXIS_WRITE(rst_ctl, 0x30);
+ QIXIS_WRITE(rcfg_ctl, 0);
+ set_lbmap(QIXIS_LBMAP_QSPI);
+ set_rcw_src(QIXIS_RCW_SRC_QSPI);
+ qixis_write_i2c(offsetof(struct qixis, rcfg_ctl), 0x20);
+ qixis_write_i2c(offsetof(struct qixis, rcfg_ctl), 0x21);
+#else
+ printf("Not implemented\n");
+#endif
} else if (strcmp(argv[1], "watchdog") == 0) {
static char *period[9] = {"2s", "4s", "8s", "16s", "32s",
"1min", "2min", "4min", "8min"};
@@ -255,6 +288,9 @@ U_BOOT_CMD(
"- hard reset to default bank\n"
"qixis_reset altbank - reset to alternate bank\n"
"qixis_reset nand - reset to nand\n"
+ "qixis_reset sd - reset to sd\n"
+ "qixis_reset sd_qspi - reset to sd with qspi support\n"
+ "qixis_reset qspi - reset to qspi\n"
"qixis watchdog <watchdog_period> - set the watchdog period\n"
" period: 1s 2s 4s 8s 16s 32s 1min 2min 4min 8min\n"
"qixis_reset dump - display the QIXIS registers\n"
diff --git a/board/freescale/ls1021aqds/ls1021aqds.c b/board/freescale/ls1021aqds/ls1021aqds.c
index be3358a..5f4ec9d 100644
--- a/board/freescale/ls1021aqds/ls1021aqds.c
+++ b/board/freescale/ls1021aqds/ls1021aqds.c
@@ -22,6 +22,7 @@
#include <fsl_sec.h>
#include <spl.h>
#include <fsl_devdis.h>
+#include <fsl_validate.h>
#include "../common/sleep.h"
#include "../common/qixis.h"
@@ -369,6 +370,9 @@ int board_late_init(void)
#ifdef CONFIG_SCSI_AHCI_PLAT
ls1021a_sata_init();
#endif
+#ifdef CONFIG_CHAIN_OF_TRUST
+ fsl_setenv_chain_of_trust();
+#endif
return 0;
}
diff --git a/board/freescale/ls1021atwr/ls1021atwr.c b/board/freescale/ls1021atwr/ls1021atwr.c
index 8eaff5f..b85774c 100644
--- a/board/freescale/ls1021atwr/ls1021atwr.c
+++ b/board/freescale/ls1021atwr/ls1021atwr.c
@@ -30,6 +30,7 @@
#ifdef CONFIG_U_QE
#include "../../../drivers/qe/qe.h"
#endif
+#include <fsl_validate.h>
DECLARE_GLOBAL_DATA_PTR;
@@ -549,6 +550,9 @@ int board_late_init(void)
#ifdef CONFIG_SCSI_AHCI_PLAT
ls1021a_sata_init();
#endif
+#ifdef CONFIG_CHAIN_OF_TRUST
+ fsl_setenv_chain_of_trust();
+#endif
return 0;
}
diff --git a/board/freescale/ls1043aqds/MAINTAINERS b/board/freescale/ls1043aqds/MAINTAINERS
index 0c7f648..65a0af1 100644
--- a/board/freescale/ls1043aqds/MAINTAINERS
+++ b/board/freescale/ls1043aqds/MAINTAINERS
@@ -7,3 +7,5 @@ F: configs/ls1043aqds_defconfig
F: configs/ls1043aqds_nor_ddr3_defconfig
F: configs/ls1043aqds_nand_defconfig
F: configs/ls1043aqds_sdcard_ifc_defconfig
+F: configs/ls1043aqds_sdcard_qspi_defconfig
+F: configs/ls1043aqds_qspi_defconfig
diff --git a/board/freescale/ls1043aqds/README b/board/freescale/ls1043aqds/README
index 6261a77..a6fd7a3 100644
--- a/board/freescale/ls1043aqds/README
+++ b/board/freescale/ls1043aqds/README
@@ -94,3 +94,4 @@ a) Promjet Boot
b) NOR boot
c) NAND boot
d) SD boot
+e) QSPI boot
diff --git a/board/freescale/ls1043aqds/ddr.c b/board/freescale/ls1043aqds/ddr.c
index 42d9068..3d3c533 100644
--- a/board/freescale/ls1043aqds/ddr.c
+++ b/board/freescale/ls1043aqds/ddr.c
@@ -132,9 +132,22 @@ void dram_init_banksize(void)
* The address needs to add the offset of its bank.
*/
gd->bd->bi_dram[0].start = CONFIG_SYS_SDRAM_BASE;
- gd->bd->bi_dram[0].size = gd->ram_size;
+ if (gd->ram_size > CONFIG_SYS_DDR_BLOCK1_SIZE) {
+ gd->bd->bi_dram[0].size = CONFIG_SYS_DDR_BLOCK1_SIZE;
+ gd->bd->bi_dram[1].start = CONFIG_SYS_DDR_BLOCK2_BASE;
+ gd->bd->bi_dram[1].size = gd->ram_size -
+ CONFIG_SYS_DDR_BLOCK1_SIZE;
#ifdef CONFIG_SYS_MEM_RESERVE_SECURE
- gd->secure_ram = gd->bd->bi_dram[0].start + gd->secure_ram;
- gd->secure_ram |= MEM_RESERVE_SECURE_MAINTAINED;
+ gd->secure_ram = gd->bd->bi_dram[1].start +
+ gd->secure_ram -
+ CONFIG_SYS_DDR_BLOCK1_SIZE;
+ gd->secure_ram |= MEM_RESERVE_SECURE_MAINTAINED;
#endif
+ } else {
+ gd->bd->bi_dram[0].size = gd->ram_size;
+#ifdef CONFIG_SYS_MEM_RESERVE_SECURE
+ gd->secure_ram = gd->bd->bi_dram[0].start + gd->secure_ram;
+ gd->secure_ram |= MEM_RESERVE_SECURE_MAINTAINED;
+#endif
+ }
}
diff --git a/board/freescale/ls1043aqds/ls1043aqds.c b/board/freescale/ls1043aqds/ls1043aqds.c
index d6696ca..01db078 100644
--- a/board/freescale/ls1043aqds/ls1043aqds.c
+++ b/board/freescale/ls1043aqds/ls1043aqds.c
@@ -40,11 +40,14 @@ enum {
#define CFG_SD_MUX3_MUX4 0x1 /* MUX4 */
#define CFG_SD_MUX4_SLOT3 0x0 /* SLOT3 TX/RX1 */
#define CFG_SD_MUX4_SLOT1 0x1 /* SLOT1 TX/RX3 */
+#define CFG_UART_MUX_MASK 0x6
+#define CFG_UART_MUX_SHIFT 1
+#define CFG_LPUART_EN 0x1
int checkboard(void)
{
char buf[64];
-#ifndef CONFIG_SD_BOOT
+#if !defined(CONFIG_SD_BOOT) && !defined(CONFIG_QSPI_BOOT)
u8 sw;
#endif
@@ -52,6 +55,8 @@ int checkboard(void)
#ifdef CONFIG_SD_BOOT
puts("SD\n");
+#elif defined(CONFIG_QSPI_BOOT)
+ puts("QSPI\n");
#else
sw = QIXIS_READ(brdcfg[0]);
sw = (sw & QIXIS_LBMAP_MASK) >> QIXIS_LBMAP_SHIFT;
@@ -218,7 +223,17 @@ void board_retimer_init(void)
int board_early_init_f(void)
{
+#ifdef CONFIG_LPUART
+ u8 uart;
+#endif
fsl_lsch2_early_init_f();
+#ifdef CONFIG_LPUART
+ /* We use lpuart0 as system console */
+ uart = QIXIS_READ(brdcfg[14]);
+ uart &= ~CFG_UART_MUX_MASK;
+ uart |= CFG_LPUART_EN << CFG_UART_MUX_SHIFT;
+ QIXIS_WRITE(brdcfg[14], uart);
+#endif
return 0;
}
@@ -303,6 +318,16 @@ int board_init(void)
#ifdef CONFIG_OF_BOARD_SETUP
int ft_board_setup(void *blob, bd_t *bd)
{
+ u64 base[CONFIG_NR_DRAM_BANKS];
+ u64 size[CONFIG_NR_DRAM_BANKS];
+
+ /* fixup DT for the two DDR banks */
+ base[0] = gd->bd->bi_dram[0].start;
+ size[0] = gd->bd->bi_dram[0].size;
+ base[1] = gd->bd->bi_dram[1].start;
+ size[1] = gd->bd->bi_dram[1].size;
+
+ fdt_fixup_memory_banks(blob, base, size, 2);
ft_cpu_setup(blob, bd);
#ifdef CONFIG_SYS_DPAA_FMAN
diff --git a/board/freescale/ls1043aqds/ls1043aqds_rcw_sd_qspi.cfg b/board/freescale/ls1043aqds/ls1043aqds_rcw_sd_qspi.cfg
new file mode 100644
index 0000000..7783521
--- /dev/null
+++ b/board/freescale/ls1043aqds/ls1043aqds_rcw_sd_qspi.cfg
@@ -0,0 +1,8 @@
+#PBL preamble and RCW header
+aa55aa55 01ee0100
+# RCW
+# Enable QSPI; disable IFC
+08100010 0a000000 00000000 00000000
+14550002 80004012 60040000 c1002000
+00000000 00000000 00000000 00038800
+20124000 00001100 00000096 00000001