ENGR00233307 Need secure/encrypted boot for Widevine support.

* Adding the config option CONFIG_SECURE_BOOT to the SabreSD board,
but defaulting it to be disabled. Removed the CONFIG_SECURE_BOOT
key from mx6q_arm2_android.h so that it is only in one file,
include/configs/mx6q_arm2.h

* Fixed up an address alignment check in authenticate_image(). The
test would fail in the event the address is already aligned.
Also, added some debug code which can be enabled to assist in
testing secure images.

* Added support for authenticating an image when using booti.

* Adding support for secure boot to the Sabre SD board.

* Added support for encrypted boot to mx6q arm2 board linker script.

Signed-off-by: Dan Douglass <dan.douglass@freescale.com>

4 files changed, 33 insertions, 0 deletions

diff --git a/board/freescale/mx6q_arm2/u-boot.lds b/board/freescale/mx6q_arm2/u-boot.lds
index 8f16b26..bd58f18 100644
--- a/board/freescale/mx6q_arm2/u-boot.lds
+++ b/board/freescale/mx6q_arm2/u-boot.lds
@@ -73,6 +73,10 @@ SECTIONS
 	. = ALIGN(0x1000);
 	__hab_data = .;
 	. = . + 0x2000;
+	__data_enc_key = .;
+	/* actually, only 64bytes are needed, but this generates
+		a size multiple of 512bytes, which is optimal for SD boot */
+	. = . + 0x200;
 	__hab_data_end = .;
 	/* End of Hab Data, Place it before BSS section */
 
diff --git a/board/freescale/mx6q_sabresd/flash_header.S b/board/freescale/mx6q_sabresd/flash_header.S
index 2064159..444141a 100644
--- a/board/freescale/mx6q_sabresd/flash_header.S
+++ b/board/freescale/mx6q_sabresd/flash_header.S
@@ -46,11 +46,19 @@ reserv1:          .word 0x0
 dcd_ptr:          .word dcd_hdr
 boot_data_ptr:	  .word boot_data
 self_ptr:         .word ivt_header
+#ifdef CONFIG_SECURE_BOOT
+app_code_csf:     .word __hab_data
+#else
 app_code_csf:     .word 0x0
+#endif
 reserv2:          .word 0x0
 
 boot_data:        .word TEXT_BASE
+#ifdef CONFIG_SECURE_BOOT
+image_len:        .word __hab_data_end - TEXT_BASE + CONFIG_FLASH_HEADER_OFFSET
+#else
 image_len:        .word _end_of_copy  - TEXT_BASE + CONFIG_FLASH_HEADER_OFFSET
+#endif
 plugin:           .word 0x0
 
 #if defined CONFIG_MX6DL_DDR3
diff --git a/board/freescale/mx6q_sabresd/mx6q_sabresd.c b/board/freescale/mx6q_sabresd/mx6q_sabresd.c
index 92c28ae..1bc2e35 100644
--- a/board/freescale/mx6q_sabresd/mx6q_sabresd.c
+++ b/board/freescale/mx6q_sabresd/mx6q_sabresd.c
@@ -24,6 +24,9 @@
 #include <asm/io.h>
 #include <asm/arch/mx6.h>
 #include <asm/arch/mx6_pins.h>
+#if defined(CONFIG_SECURE_BOOT)
+#include <asm/arch/mx6_secure.h>
+#endif
 #include <asm/arch/mx6dl_pins.h>
 #include <asm/arch/iomux-v3.h>
 #include <asm/arch/regs-anadig.h>
@@ -1985,6 +1988,12 @@ int checkboard(void)
 		printf("UNKNOWN\n");
 		break;
 	}
+
+#ifdef CONFIG_SECURE_BOOT
+	if (check_hab_enable() == 1)
+		get_hab_status();
+#endif
+
 	return 0;
 }
 
diff --git a/board/freescale/mx6q_sabresd/u-boot.lds b/board/freescale/mx6q_sabresd/u-boot.lds
index 9b678da..4c8966d 100644
--- a/board/freescale/mx6q_sabresd/u-boot.lds
+++ b/board/freescale/mx6q_sabresd/u-boot.lds
@@ -68,6 +68,18 @@ SECTIONS
 
 	. = ALIGN(4);
 	_end_of_copy = .; /* end_of ROM copy code here */
+
+	/* Extend to align to 0x1000, then put the Hab Data */
+	. = ALIGN(0x1000);
+	__hab_data = .;
+	. = . + 0x2000;
+	__data_enc_key = .;
+	/* actually, only 64bytes are needed, but this generates
+		a size multiple of 512bytes, which is optimal for SD boot */
+	. = . + 0x200;
+	__hab_data_end = .;
+	/* End of Hab Data, Place it before BSS section */
+
 	__bss_start = .;
 	.bss : { *(.bss) }
 	_end = .;