diff options
31 files changed, 440 insertions, 65 deletions
diff --git a/arch/arm/cpu/armv8/fsl-layerscape/soc.c b/arch/arm/cpu/armv8/fsl-layerscape/soc.c index 213ce3a..a76447e 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/soc.c +++ b/arch/arm/cpu/armv8/fsl-layerscape/soc.c @@ -151,7 +151,14 @@ static void erratum_a009203(void) #endif #endif } - +void bypass_smmu(void) +{ + u32 val; + val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK); + out_le32(SMMU_SCR0, val); + val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK); + out_le32(SMMU_NSCR0, val); +} void fsl_lsch3_early_init_f(void) { erratum_a008751(); @@ -160,6 +167,15 @@ void fsl_lsch3_early_init_f(void) erratum_a009203(); erratum_a008514(); erratum_a008336(); +#ifdef CONFIG_CHAIN_OF_TRUST + /* In case of Secure Boot, the IBR configures the SMMU + * to allow only Secure transactions. + * SMMU must be reset in bypass mode. + * Set the ClientPD bit and Clear the USFCFG Bit + */ + if (fsl_check_boot_mode_secure() == 1) + bypass_smmu(); +#endif } #ifdef CONFIG_SCSI_AHCI_PLAT @@ -240,7 +256,7 @@ void fsl_lsch2_early_init_f(void) init_early_memctl_regs(); /* tighten IFC timing */ #endif -#ifdef CONFIG_FSL_QSPI +#if defined(CONFIG_FSL_QSPI) && !defined(CONFIG_QSPI_BOOT) out_be32(&scfg->qspi_cfg, SCFG_QSPI_CLKSEL); #endif /* Make SEC reads and writes snoopable */ diff --git a/arch/arm/dts/fsl-ls1043a-qds.dtsi b/arch/arm/dts/fsl-ls1043a-qds.dtsi index 66efe67..2e9f1f9 100644 --- a/arch/arm/dts/fsl-ls1043a-qds.dtsi +++ b/arch/arm/dts/fsl-ls1043a-qds.dtsi @@ -28,8 +28,10 @@ #address-cells = <1>; #size-cells = <1>; compatible = "spi-flash"; - reg = <0>; spi-max-frequency = <1000000>; /* input clock */ + spi-cpol; + spi-cpha; + reg = <0>; }; dflash1: sst25wf040b { @@ -37,6 +39,8 @@ #size-cells = <1>; compatible = "spi-flash"; spi-max-frequency = <3500000>; + spi-cpol; + spi-cpha; reg = <1>; }; @@ -45,6 +49,8 @@ #size-cells = <1>; compatible = "spi-flash"; spi-max-frequency = <3500000>; + spi-cpol; + spi-cpha; reg = <2>; }; }; diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h b/arch/arm/include/asm/arch-fsl-layerscape/config.h index bfaece2..ceefe43 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/config.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h @@ -67,6 +67,24 @@ /* SMMU Defintions */ #define SMMU_BASE 0x05000000 /* GR0 Base */ +/* SFP */ +#define CONFIG_SYS_FSL_SFP_VER_3_4 +#define CONFIG_SYS_FSL_SFP_LE +#define CONFIG_SYS_FSL_SRK_LE + +/* SEC */ +#define CONFIG_SYS_FSL_SEC_LE +#define CONFIG_SYS_FSL_SEC_COMPAT 5 + +/* Security Monitor */ +#define CONFIG_SYS_FSL_SEC_MON_LE + +/* Secure Boot */ +#define CONFIG_ESBC_HDR_LS + +/* DCFG - GUR */ +#define CONFIG_SYS_FSL_CCSR_GUR_LE + /* Cache Coherent Interconnect */ #define CCI_MN_BASE 0x04000000 #define CCI_MN_RNF_NODEID_LIST 0x180 diff --git a/arch/arm/include/asm/arch-fsl-layerscape/cpu.h b/arch/arm/include/asm/arch-fsl-layerscape/cpu.h index 93bbda3..f75faa6 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/cpu.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/cpu.h @@ -12,6 +12,7 @@ static struct cpu_type cpu_type_list[] = { CPU_TYPE_ENTRY(LS2085, LS2085, 8), CPU_TYPE_ENTRY(LS2045, LS2045, 4), CPU_TYPE_ENTRY(LS1043, LS1043, 4), + CPU_TYPE_ENTRY(LS1023, LS1023, 2), CPU_TYPE_ENTRY(LS2040, LS2040, 4), }; diff --git a/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch3.h b/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch3.h index 081519a..1d3b336 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch3.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch3.h @@ -73,6 +73,32 @@ #define AHCI_BASE_ADDR1 (CONFIG_SYS_IMMR + 0x02200000) #define AHCI_BASE_ADDR2 (CONFIG_SYS_IMMR + 0x02210000) +/* SFP */ +#define CONFIG_SYS_SFP_ADDR (CONFIG_SYS_IMMR + 0x00e80200) + +/* SEC */ +#define CONFIG_SYS_FSL_SEC_ADDR (CONFIG_SYS_IMMR + 0x07000000) +#define CONFIG_SYS_FSL_JR0_ADDR (CONFIG_SYS_IMMR + 0x07010000) + +/* Security Monitor */ +#define CONFIG_SYS_SEC_MON_ADDR (CONFIG_SYS_IMMR + 0x00e90000) + +/* MMU 500 */ +#define SMMU_SCR0 (SMMU_BASE + 0x0) +#define SMMU_SCR1 (SMMU_BASE + 0x4) +#define SMMU_SCR2 (SMMU_BASE + 0x8) +#define SMMU_SACR (SMMU_BASE + 0x10) +#define SMMU_IDR0 (SMMU_BASE + 0x20) +#define SMMU_IDR1 (SMMU_BASE + 0x24) + +#define SMMU_NSCR0 (SMMU_BASE + 0x400) +#define SMMU_NSCR2 (SMMU_BASE + 0x408) +#define SMMU_NSACR (SMMU_BASE + 0x410) + +#define SCR0_CLIENTPD_MASK 0x00000001 +#define SCR0_USFCFG_MASK 0x00000400 + + /* PCIe */ #define CONFIG_SYS_PCIE1_ADDR (CONFIG_SYS_IMMR + 0x2400000) #define CONFIG_SYS_PCIE2_ADDR (CONFIG_SYS_IMMR + 0x2500000) @@ -154,6 +180,10 @@ struct ccsr_gur { u8 res_008[0x20-0x8]; u32 gpporcr1; /* General-purpose POR configuration */ u32 gpporcr2; /* General-purpose POR configuration 2 */ +#define FSL_CHASSIS3_DCFG_FUSESR_VID_SHIFT 25 +#define FSL_CHASSIS3_DCFG_FUSESR_VID_MASK 0x1F +#define FSL_CHASSIS3_DCFG_FUSESR_ALTVID_SHIFT 20 +#define FSL_CHASSIS3_DCFG_FUSESR_ALTVID_MASK 0x1F u32 dcfg_fusesr; /* Fuse status register */ u32 gpporcr3; u32 gpporcr4; @@ -209,6 +239,8 @@ struct ccsr_gur { #define FSL_CHASSIS3_RCWSR28_SRDS1_PRTCL_SHIFT 16 #define FSL_CHASSIS3_RCWSR28_SRDS2_PRTCL_MASK 0xFF000000 #define FSL_CHASSIS3_RCWSR28_SRDS2_PRTCL_SHIFT 24 +#define RCW_SB_EN_REG_INDEX 9 +#define RCW_SB_EN_MASK 0x00000400 u8 res_180[0x200-0x180]; u32 scratchrw[32]; /* Scratch Read/Write */ diff --git a/arch/arm/include/asm/arch-fsl-layerscape/soc.h b/arch/arm/include/asm/arch-fsl-layerscape/soc.h index ea78e15..56989e1 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/soc.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/soc.h @@ -41,7 +41,8 @@ struct cpu_type { { .name = #n, .soc_ver = SVR_##v, .num_cores = (nc)} #define SVR_WO_E 0xFFFFFE -#define SVR_LS1043 0x879204 +#define SVR_LS1043 0x879200 +#define SVR_LS1023 0x879208 #define SVR_LS2045 0x870120 #define SVR_LS2080 0x870110 #define SVR_LS2085 0x870100 diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index a32a1d7..d576f2e 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -18,7 +18,9 @@ #ifdef CONFIG_CHAIN_OF_TRUST #define CONFIG_CMD_ESBC_VALIDATE #define CONFIG_CMD_BLOB +#define CONFIG_CMD_HASH #define CONFIG_FSL_SEC_MON +#define CONFIG_SHA_HW_ACCEL #define CONFIG_SHA_PROG_HW_ACCEL #define CONFIG_RSA_FREESCALE_EXP @@ -35,21 +37,61 @@ * The feature is only applicable in case of NOR boot and is * not applicable in case of RAMBOOT (NAND, SD, SPI). */ +#ifndef CONFIG_ESBC_HDR_LS +/* Current Key EXT feature not available in LS ESBC Header */ #define CONFIG_FSL_ISBC_KEY_EXT #endif -#ifdef CONFIG_LS1043A -/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit */ +#endif + +#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A) ||\ + defined(CONFIG_LS2085A) +/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit + * Similiarly for LS2080 and LS2085 + */ #define CONFIG_ESBC_ADDR_64BIT #endif +#if defined(CONFIG_LS2080A) || defined(CONFIG_LS2085A) +#define CONFIG_EXTRA_ENV \ + "setenv fdt_high 0xa0000000;" \ + "setenv initrd_high 0xcfffffff;" \ + "setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';" +#else #define CONFIG_EXTRA_ENV \ "setenv fdt_high 0xcfffffff;" \ "setenv initrd_high 0xcfffffff;" \ "setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';" +#endif -/* The address needs to be modified according to NOR memory map */ -#define CONFIG_BOOTSCRIPT_HDR_ADDR 0x600a0000 +/* Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from + * Non-XIP Memory (Nand/SD)*/ +#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_LS2080A) ||\ + defined(CONFIG_LS2085A) +#define CONFIG_BOOTSCRIPT_COPY_RAM +#endif +/* The address needs to be modified according to NOR and DDR memory map */ +#if defined(CONFIG_LS2080A) || defined(CONFIG_LS2085A) +#define CONFIG_BS_HDR_ADDR_FLASH 0x583920000 +#define CONFIG_BS_ADDR_FLASH 0x583900000 +#define CONFIG_BS_HDR_ADDR_RAM 0xa3920000 +#define CONFIG_BS_ADDR_RAM 0xa3900000 +#else +#define CONFIG_BS_HDR_ADDR_FLASH 0x600a0000 +#define CONFIG_BS_ADDR_FLASH 0x60060000 +#define CONFIG_BS_HDR_ADDR_RAM 0xa0060000 +#define CONFIG_BS_ADDR_RAM 0xa0060000 +#endif + +#ifdef CONFIG_BOOTSCRIPT_COPY_RAM +#define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_RAM +#define CONFIG_BS_HDR_SIZE 0x00002000 +#define CONFIG_BOOTSCRIPT_ADDR CONFIG_BS_ADDR_RAM +#define CONFIG_BS_SIZE 0x00001000 +#else +#define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_FLASH +/* BS_HDR_SIZE, BOOTSCRIPT_ADDR and BS_SIZE are not required */ +#endif #include <config_fsl_chain_trust.h> #endif /* #ifdef CONFIG_CHAIN_OF_TRUST */ diff --git a/board/freescale/common/cmd_esbc_validate.c b/board/freescale/common/cmd_esbc_validate.c index dfa3e21..cefe3cc 100644 --- a/board/freescale/common/cmd_esbc_validate.c +++ b/board/freescale/common/cmd_esbc_validate.c @@ -8,7 +8,7 @@ #include <command.h> #include <fsl_validate.h> -static int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc, +int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { if (fsl_check_boot_mode_secure() == 0) { @@ -29,6 +29,8 @@ static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag, int argc, char *hash_str = NULL; uintptr_t haddr; int ret; + uintptr_t img_addr = 0; + char buf[20]; if (argc < 2) return cmd_usage(cmdtp); @@ -43,7 +45,15 @@ static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag, int argc, * part of header. So, the function is called * by passing this argument as 0. */ - ret = fsl_secboot_validate(haddr, hash_str, 0); + ret = fsl_secboot_validate(haddr, hash_str, &img_addr); + + /* Need to set "img_addr" even if validation failure. + * Required when SB_EN in RCW set and non-fatal error + * to continue U-Boot + */ + sprintf(buf, "%lx", img_addr); + setenv("img_addr", buf); + if (ret) return 1; diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c index 8fd6dd6..64e4e30 100644 --- a/board/freescale/common/fsl_validate.c +++ b/board/freescale/common/fsl_validate.c @@ -35,7 +35,13 @@ static const u8 hash_identifier[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, }; static u8 hash_val[SHA256_BYTES]; + +#ifdef CONFIG_ESBC_HDR_LS +/* New Barker Code for LS ESBC Header */ +static const u8 barker_code[ESBC_BARKER_LEN] = { 0x12, 0x19, 0x20, 0x01 }; +#else static const u8 barker_code[ESBC_BARKER_LEN] = { 0x68, 0x39, 0x27, 0x81 }; +#endif void branch_to_self(void) __attribute__ ((noreturn)); @@ -157,10 +163,15 @@ static int get_ie_info_addr(u32 *ie_addr) /* This function checks srk_table_flag in header and set/reset srk_flag.*/ static u32 check_srk(struct fsl_secboot_img_priv *img) { +#ifdef CONFIG_ESBC_HDR_LS + /* In LS, No SRK Flag as SRK is always present*/ + return 1; +#else if (img->hdr.len_kr.srk_table_flag & SRK_FLAG) return 1; return 0; +#endif } /* This function returns ospr's key_revoc values.*/ @@ -223,6 +234,7 @@ static u32 read_validate_srk_tbl(struct fsl_secboot_img_priv *img) } #endif +#ifndef CONFIG_ESBC_HDR_LS static u32 read_validate_single_key(struct fsl_secboot_img_priv *img) { struct fsl_secboot_img_hdr *hdr = &img->hdr; @@ -238,6 +250,7 @@ static u32 read_validate_single_key(struct fsl_secboot_img_priv *img) return 0; } +#endif /* CONFIG_ESBC_HDR_LS */ #if defined(CONFIG_FSL_ISBC_KEY_EXT) static u32 read_validate_ie_tbl(struct fsl_secboot_img_priv *img) @@ -312,6 +325,8 @@ static void fsl_secboot_header_verification_failure(void) printf("Generating reset request\n"); do_reset(NULL, 0, 0, NULL); + /* If reset doesn't coocur, halt execution */ + do_esbc_halt(NULL, 0, 0, NULL); } /* @@ -342,6 +357,9 @@ static void fsl_secboot_image_verification_failure(void) printf("Generating reset request\n"); do_reset(NULL, 0, 0, NULL); + /* If reset doesn't coocur, halt execution */ + do_esbc_halt(NULL, 0, 0, NULL); + } else { change_sec_mon_state(HPSR_SSM_ST_TRUST, HPSR_SSM_ST_NON_SECURE); @@ -388,6 +406,7 @@ void fsl_secboot_handle_error(int error) case ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD: case ERROR_ESBC_CLIENT_HEADER_SG_ESBC_EP: case ERROR_ESBC_CLIENT_HEADER_SG_ENTIRES_BAD: + case ERROR_KEY_TABLE_NOT_FOUND: #ifdef CONFIG_KEY_REVOCATION case ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED: case ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY: @@ -536,15 +555,22 @@ static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img) if (!key_hash && check_ie(img)) key_hash = 1; #endif - if (!key_hash) +#ifndef CONFIG_ESBC_HDR_LS +/* No single key support in LS ESBC header */ + if (!key_hash) { ret = algo->hash_update(algo, ctx, img->img_key, img->hdr.key_len, 0); + key_hash = 1; + } +#endif if (ret) return ret; + if (!key_hash) + return ERROR_KEY_TABLE_NOT_FOUND; /* Update hash for actual Image */ ret = algo->hash_update(algo, ctx, - (u8 *)img->img_addr, img->img_size, 1); + (u8 *)(*(img->img_addr_ptr)), img->img_size, 1); if (ret) return ret; @@ -620,14 +646,11 @@ static void construct_img_encoded_hash_second(struct fsl_secboot_img_priv *img) */ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) { - char buf[20]; struct fsl_secboot_img_hdr *hdr = &img->hdr; void *esbc = (u8 *)(uintptr_t)img->ehdrloc; u8 *k, *s; u32 ret = 0; -#ifdef CONFIG_KEY_REVOCATION -#endif int key_found = 0; /* check barker code */ @@ -637,17 +660,14 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) /* If Image Address is not passed as argument to function, * then Address and Size must be read from the Header. */ - if (img->img_addr == 0) { + if (*(img->img_addr_ptr) == 0) { #ifdef CONFIG_ESBC_ADDR_64BIT - img->img_addr = hdr->pimg64; + *(img->img_addr_ptr) = hdr->pimg64; #else - img->img_addr = hdr->pimg; + *(img->img_addr_ptr) = hdr->pimg; #endif } - sprintf(buf, "%lx", img->img_addr); - setenv("img_addr", buf); - if (!hdr->img_size) return ERROR_ESBC_CLIENT_HEADER_IMG_SIZE; @@ -671,13 +691,17 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) key_found = 1; } #endif - +#ifndef CONFIG_ESBC_HDR_LS +/* Single Key Feature not available in LS ESBC Header */ if (key_found == 0) { ret = read_validate_single_key(img); if (ret != 0) return ret; key_found = 1; } +#endif + if (!key_found) + return ERROR_KEY_TABLE_NOT_FOUND; /* check signaure */ if (get_key_len(img) == 2 * hdr->sign_len) { @@ -691,10 +715,12 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) } memcpy(&img->img_sign, esbc + hdr->psign, hdr->sign_len); - +/* No SG support in LS-CH3 */ +#ifndef CONFIG_ESBC_HDR_LS /* No SG support */ if (hdr->sg_flag) return ERROR_ESBC_CLIENT_HEADER_SG; +#endif /* modulus most significant bit should be set */ k = (u8 *)&img->img_key; @@ -784,9 +810,17 @@ static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img) return 0; } - +/* haddr - Address of the header of image to be validated. + * arg_hash_str - Option hash string. If provided, this + * overides the key hash in the SFP fuses. + * img_addr_ptr - Optional pointer to address of image to be validated. + * If non zero addr, this overides the addr of image in header, + * otherwise updated to image addr in header. + * Acts as both input and output of function. + * This pointer shouldn't be NULL. + */ int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, - uintptr_t img_addr) + uintptr_t *img_addr_ptr) { struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); ulong hash[SHA256_BYTES/sizeof(ulong)]; @@ -839,7 +873,7 @@ int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, /* Update the information in Private Struct */ hdr = &img->hdr; img->ehdrloc = haddr; - img->img_addr = img_addr; + img->img_addr_ptr = img_addr_ptr; esbc = (u8 *)img->ehdrloc; memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr)); diff --git a/board/freescale/common/vid.c b/board/freescale/common/vid.c index a6a132a..2f29795 100644 --- a/board/freescale/common/vid.c +++ b/board/freescale/common/vid.c @@ -10,6 +10,8 @@ #include <asm/io.h> #ifdef CONFIG_LS1043A #include <asm/arch/immap_lsch2.h> +#elif defined(CONFIG_FSL_LSCH3) +#include <asm/arch/immap_lsch3.h> #else #include <asm/immap_85xx.h> #endif @@ -285,7 +287,7 @@ static int set_voltage(int i2caddress, int vdd) int adjust_vdd(ulong vdd_override) { int re_enable = disable_interrupts(); -#ifdef CONFIG_LS1043A +#if defined(CONFIG_LS1043A) || defined(CONFIG_FSL_LSCH3) struct ccsr_gur *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR); #else ccsr_gur_t __iomem *gur = @@ -362,7 +364,11 @@ int adjust_vdd(ulong vdd_override) } /* get the voltage ID from fuse status register */ +#ifdef CONFIG_FSL_LSCH3 + fusesr = in_le32(&gur->dcfg_fusesr); +#else fusesr = in_be32(&gur->dcfg_fusesr); +#endif /* * VID is used according to the table below * --------------------------------------- @@ -387,6 +393,13 @@ int adjust_vdd(ulong vdd_override) vid = (fusesr >> FSL_CHASSIS2_DCFG_FUSESR_VID_SHIFT) & FSL_CHASSIS2_DCFG_FUSESR_VID_MASK; } +#elif defined(CONFIG_FSL_LSCH3) + vid = (fusesr >> FSL_CHASSIS3_DCFG_FUSESR_ALTVID_SHIFT) & + FSL_CHASSIS3_DCFG_FUSESR_ALTVID_MASK; + if ((vid == 0) || (vid == FSL_CHASSIS3_DCFG_FUSESR_ALTVID_MASK)) { + vid = (fusesr >> FSL_CHASSIS3_DCFG_FUSESR_VID_SHIFT) & + FSL_CHASSIS3_DCFG_FUSESR_VID_MASK; + } #else vid = (fusesr >> FSL_CORENET_DCFG_FUSESR_ALTVID_SHIFT) & FSL_CORENET_DCFG_FUSESR_ALTVID_MASK; diff --git a/board/freescale/ls2080a/ls2080a.c b/board/freescale/ls2080a/ls2080a.c index 7bce8b0..ace0d79 100644 --- a/board/freescale/ls2080a/ls2080a.c +++ b/board/freescale/ls2080a/ls2080a.c @@ -87,14 +87,14 @@ void fdt_fixup_board_enet(void *fdt) { int offset; - offset = fdt_path_offset(fdt, "/fsl-mc"); + offset = fdt_path_offset(fdt, "/soc/fsl-mc"); /* * TODO: Remove this when backward compatibility - * with old DT node (fsl,dprc@0) is no longer needed. + * with old DT node (/fsl-mc) is no longer needed. */ if (offset < 0) - offset = fdt_path_offset(fdt, "/fsl,dprc@0"); + offset = fdt_path_offset(fdt, "/fsl-mc"); if (offset < 0) { printf("%s: ERROR: fsl-mc node not found in device tree (error %d)\n", diff --git a/board/freescale/ls2080aqds/MAINTAINERS b/board/freescale/ls2080aqds/MAINTAINERS index 6f99ad0..558cef1 100644 --- a/board/freescale/ls2080aqds/MAINTAINERS +++ b/board/freescale/ls2080aqds/MAINTAINERS @@ -8,3 +8,9 @@ F: configs/ls2080aqds_defconfig F: configs/ls2080aqds_nand_defconfig F: configs/ls2085aqds_defconfig F: configs/ls2085aqds_nand_defconfig + +LS2080A_SECURE_BOOT BOARD +M: Saksham Jain <saksham.jain@nxp.freescale.com> +S: Maintained +F: configs/ls2080aqds_SECURE_BOOT_defconfig +F: configs/ls2085aqds_SECURE_BOOT_defconfig diff --git a/board/freescale/ls2080aqds/ls2080aqds.c b/board/freescale/ls2080aqds/ls2080aqds.c index aa256a2..e1a521d 100644 --- a/board/freescale/ls2080aqds/ls2080aqds.c +++ b/board/freescale/ls2080aqds/ls2080aqds.c @@ -19,6 +19,7 @@ #include <rtc.h> #include <asm/arch/soc.h> #include <hwconfig.h> +#include <fsl_sec.h> #include "../common/qixis.h" #include "ls2080aqds_qixis.h" @@ -248,7 +249,9 @@ int arch_misc_init(void) #ifdef CONFIG_FSL_DEBUG_SERVER debug_server_init(); #endif - +#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif return 0; } #endif @@ -258,10 +261,10 @@ void fdt_fixup_board_enet(void *fdt) { int offset; - offset = fdt_path_offset(fdt, "/fsl-mc"); + offset = fdt_path_offset(fdt, "/soc/fsl-mc"); if (offset < 0) - offset = fdt_path_offset(fdt, "/fsl,dprc@0"); + offset = fdt_path_offset(fdt, "/fsl-mc"); if (offset < 0) { printf("%s: ERROR: fsl-mc node not found in device tree (error %d)\n", diff --git a/board/freescale/ls2080ardb/MAINTAINERS b/board/freescale/ls2080ardb/MAINTAINERS index c9f3459..0817711d 100644 --- a/board/freescale/ls2080ardb/MAINTAINERS +++ b/board/freescale/ls2080ardb/MAINTAINERS @@ -8,3 +8,9 @@ F: configs/ls2080ardb_defconfig F: configs/ls2080ardb_nand_defconfig F: configs/ls2085ardb_defconfig F: configs/ls2085ardb_nand_defconfig + +LS2080A_SECURE_BOOT BOARD +M: Saksham Jain <saksham.jain@nxp.freescale.com> +S: Maintained +F: configs/ls2080ardb_SECURE_BOOT_defconfig +F: configs/ls2085ardb_SECURE_BOOT_defconfig diff --git a/board/freescale/ls2080ardb/ls2080ardb.c b/board/freescale/ls2080ardb/ls2080ardb.c index 12638df..8201048 100644 --- a/board/freescale/ls2080ardb/ls2080ardb.c +++ b/board/freescale/ls2080ardb/ls2080ardb.c @@ -18,9 +18,11 @@ #include <environment.h> #include <i2c.h> #include <asm/arch/soc.h> +#include <fsl_sec.h> #include "../common/qixis.h" #include "ls2080ardb_qixis.h" +#include "../common/vid.h" #define PIN_MUX_SEL_SDHC 0x00 #define PIN_MUX_SEL_DSPI 0x0a @@ -122,6 +124,11 @@ int select_i2c_ch_pca9547(u8 ch) return 0; } +int i2c_multiplexer_select_vid_channel(u8 channel) +{ + return select_i2c_ch_pca9547(channel); +} + int config_board_mux(int ctrl_type) { u8 reg5; @@ -188,6 +195,9 @@ int misc_init_r(void) if (hwconfig("sdhc")) config_board_mux(MUX_TYPE_SDHC); + if (adjust_vdd(0)) + printf("Warning: Adjusting core voltage failed.\n"); + return 0; } @@ -218,7 +228,9 @@ int arch_misc_init(void) #ifdef CONFIG_FSL_DEBUG_SERVER debug_server_init(); #endif - +#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif return 0; } #endif @@ -228,10 +240,10 @@ void fdt_fixup_board_enet(void *fdt) { int offset; - offset = fdt_path_offset(fdt, "/fsl-mc"); + offset = fdt_path_offset(fdt, "/soc/fsl-mc"); if (offset < 0) - offset = fdt_path_offset(fdt, "/fsl,dprc@0"); + offset = fdt_path_offset(fdt, "/fsl-mc"); if (offset < 0) { printf("%s: ERROR: fsl-mc node not found in device tree (error %d)\n", diff --git a/configs/ls2080aqds_SECURE_BOOT_defconfig b/configs/ls2080aqds_SECURE_BOOT_defconfig new file mode 100644 index 0000000..408d1ee --- /dev/null +++ b/configs/ls2080aqds_SECURE_BOOT_defconfig @@ -0,0 +1,20 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS2080AQDS=y +# CONFIG_SYS_MALLOC_F is not set +CONFIG_DM_SPI=y +CONFIG_DM_SPI_FLASH=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-qds" +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2080A, SECURE_BOOT" +# CONFIG_CMD_SETEXPR is not set +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_NETDEVICES=y +CONFIG_E1000=y +CONFIG_SYS_NS16550=y +CONFIG_FSL_DSPI=y +CONFIG_RSA=y diff --git a/configs/ls2080ardb_SECURE_BOOT_defconfig b/configs/ls2080ardb_SECURE_BOOT_defconfig new file mode 100644 index 0000000..dde3311 --- /dev/null +++ b/configs/ls2080ardb_SECURE_BOOT_defconfig @@ -0,0 +1,20 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS2080ARDB=y +# CONFIG_SYS_MALLOC_F is not set +CONFIG_DM_SPI=y +CONFIG_DM_SPI_FLASH=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-rdb" +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2080A, SECURE_BOOT" +# CONFIG_CMD_SETEXPR is not set +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_NETDEVICES=y +CONFIG_E1000=y +CONFIG_SYS_NS16550=y +CONFIG_FSL_DSPI=y +CONFIG_RSA=y diff --git a/configs/ls2085aqds_SECURE_BOOT_defconfig b/configs/ls2085aqds_SECURE_BOOT_defconfig new file mode 100644 index 0000000..f13ee41 --- /dev/null +++ b/configs/ls2085aqds_SECURE_BOOT_defconfig @@ -0,0 +1,20 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS2080AQDS=y +# CONFIG_SYS_MALLOC_F is not set +CONFIG_DM_SPI=y +CONFIG_DM_SPI_FLASH=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-qds" +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2085A, SECURE_BOOT" +# CONFIG_CMD_SETEXPR is not set +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_NETDEVICES=y +CONFIG_E1000=y +CONFIG_SYS_NS16550=y +CONFIG_FSL_DSPI=y +CONFIG_RSA=y diff --git a/configs/ls2085ardb_SECURE_BOOT_defconfig b/configs/ls2085ardb_SECURE_BOOT_defconfig new file mode 100644 index 0000000..aa66508 --- /dev/null +++ b/configs/ls2085ardb_SECURE_BOOT_defconfig @@ -0,0 +1,20 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS2080ARDB=y +# CONFIG_SYS_MALLOC_F is not set +CONFIG_DM_SPI=y +CONFIG_DM_SPI_FLASH=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-rdb" +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2085A, SECURE_BOOT" +# CONFIG_CMD_SETEXPR is not set +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_NETDEVICES=y +CONFIG_E1000=y +CONFIG_SYS_NS16550=y +CONFIG_FSL_DSPI=y +CONFIG_RSA=y diff --git a/drivers/crypto/fsl/desc_constr.h b/drivers/crypto/fsl/desc_constr.h index 4ea93b0..7dad753 100644 --- a/drivers/crypto/fsl/desc_constr.h +++ b/drivers/crypto/fsl/desc_constr.h @@ -112,10 +112,9 @@ static inline void append_ptr(u32 *desc, dma_addr_t ptr) #ifdef CONFIG_PHYS_64BIT /* The Position of low and high part of 64 bit address * will depend on the endianness of CAAM Block */ - union ptr_addr_t ptr_addr; - ptr_addr.m_halfs.high = (u32)(ptr >> 32); - ptr_addr.m_halfs.low = (u32)ptr; - *offset = ptr_addr.m_whole; + union ptr_addr_t *ptr_addr = (union ptr_addr_t *)offset; + ptr_addr->m_halfs.high = (u32)(ptr >> 32); + ptr_addr->m_halfs.low = (u32)ptr; #else *offset = ptr; #endif diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index 93c2471..3fc418a 100644 --- a/drivers/crypto/fsl/jr.c +++ b/drivers/crypto/fsl/jr.c @@ -543,7 +543,20 @@ int sec_init(void) uint32_t liodn_s; #endif + /* + * Modifying CAAM Read/Write Attributes + * For LS2080A and LS2085A + * For AXI Write - Cacheable, Write Back, Write allocate + * For AXI Read - Cacheable, Read allocate + * Only For LS2080a and LS2085a, to solve CAAM coherency issues + */ +#if defined(CONFIG_LS2080A) || defined(CONFIG_LS2085A) + mcr = (mcr & ~MCFGR_AWCACHE_MASK) | (0xb << MCFGR_AWCACHE_SHIFT); + mcr = (mcr & ~MCFGR_ARCACHE_MASK) | (0x6 << MCFGR_ARCACHE_SHIFT); +#else mcr = (mcr & ~MCFGR_AWCACHE_MASK) | (0x2 << MCFGR_AWCACHE_SHIFT); +#endif + #ifdef CONFIG_PHYS_64BIT mcr |= (1 << MCFGR_PS_SHIFT); #endif diff --git a/drivers/crypto/fsl/jr.h b/drivers/crypto/fsl/jr.h index 545d964..1642dbb 100644 --- a/drivers/crypto/fsl/jr.h +++ b/drivers/crypto/fsl/jr.h @@ -23,6 +23,9 @@ #define MCFGR_PS_SHIFT 16 #define MCFGR_AWCACHE_SHIFT 8 #define MCFGR_AWCACHE_MASK (0xf << MCFGR_AWCACHE_SHIFT) +#define MCFGR_ARCACHE_SHIFT 12 +#define MCFGR_ARCACHE_MASK (0xf << MCFGR_ARCACHE_SHIFT) + #define JR_INTMASK 0x00000001 #define JRCR_RESET 0x01 #define JRINT_ERR_HALT_INPROGRESS 0x4 diff --git a/drivers/net/fsl-mc/dpio/qbman_sys.h b/drivers/net/fsl-mc/dpio/qbman_sys.h index 235d641..7a537fb 100644 --- a/drivers/net/fsl-mc/dpio/qbman_sys.h +++ b/drivers/net/fsl-mc/dpio/qbman_sys.h @@ -255,11 +255,11 @@ static inline int qbman_swp_sys_init(struct qbman_swp_sys *s, s->addr_cena = d->cena_bar; s->addr_cinh = d->cinh_bar; s->cena = (void *)valloc(CONFIG_SYS_PAGE_SIZE); - memset((void *)s->cena, 0x00, CONFIG_SYS_PAGE_SIZE); if (!s->cena) { printf("Could not allocate page for cena shadow\n"); return -1; } + memset((void *)s->cena, 0x00, CONFIG_SYS_PAGE_SIZE); #ifdef QBMAN_CHECKING /* We should never be asked to initialise for a portal that isn't in diff --git a/drivers/net/fsl-mc/mc.c b/drivers/net/fsl-mc/mc.c index f83bd0c..d2b8b5c 100644 --- a/drivers/net/fsl-mc/mc.c +++ b/drivers/net/fsl-mc/mc.c @@ -747,11 +747,11 @@ static int dpio_init(void) err_get_swp_init: dpio_disable(dflt_mc_io, MC_CMD_NO_FLAGS, dflt_dpio->dpio_handle); err_get_enable: - free(dflt_dpio); err_get_attr: dpio_close(dflt_mc_io, MC_CMD_NO_FLAGS, dflt_dpio->dpio_handle); dpio_destroy(dflt_mc_io, MC_CMD_NO_FLAGS, dflt_dpio->dpio_handle); err_create: + free(dflt_dpio); err_malloc: return err; } diff --git a/include/config_fsl_chain_trust.h b/include/config_fsl_chain_trust.h index 45dda56..566fd80 100644 --- a/include/config_fsl_chain_trust.h +++ b/include/config_fsl_chain_trust.h @@ -44,11 +44,18 @@ * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b" */ +#ifdef CONFIG_BOOTARGS +#define CONFIG_SET_BOOTARGS "setenv bootargs \'" CONFIG_BOOTARGS" \';" +#else +#define CONFIG_SET_BOOTARGS "setenv bootargs \'root=/dev/ram " \ + "rw console=ttyS0,115200 ramdisk_size=600000\';" +#endif + + #ifdef CONFIG_BOOTSCRIPT_KEY_HASH #define CONFIG_SECBOOT \ "setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \ - "setenv bootargs \'root=/dev/ram rw console=ttyS0,115200 " \ - "ramdisk_size=600000\';" \ + CONFIG_SET_BOOTARGS \ CONFIG_EXTRA_ENV \ "esbc_validate $bs_hdraddr " \ __stringify(CONFIG_BOOTSCRIPT_KEY_HASH)";" \ @@ -57,16 +64,13 @@ #else #define CONFIG_SECBOOT \ "setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \ - "setenv bootargs \'root=/dev/ram rw console=ttyS0,115200 " \ - "ramdisk_size=600000\';" \ + CONFIG_SET_BOOTARGS \ CONFIG_EXTRA_ENV \ "esbc_validate $bs_hdraddr;" \ "source $img_addr;" \ "esbc_halt\0" #endif -/* For secure boot flow, default environment used will be used */ -#if defined(CONFIG_SYS_RAMBOOT) #ifdef CONFIG_BOOTSCRIPT_COPY_RAM #define CONFIG_BS_COPY_ENV \ "setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \ @@ -76,14 +80,19 @@ "setenv bs_flash " __stringify(CONFIG_BS_ADDR_FLASH)";" \ "setenv bs_size " __stringify(CONFIG_BS_SIZE)";" +/* For secure boot flow, default environment used will be used */ +#if defined(CONFIG_SYS_RAMBOOT) #if defined(CONFIG_RAMBOOT_NAND) #define CONFIG_BS_COPY_CMD \ "nand read $bs_hdr_ram $bs_hdr_flash $bs_hdr_size ;" \ "nand read $bs_ram $bs_flash $bs_size ;" #endif /* CONFIG_RAMBOOT_NAND */ -#endif /* CONFIG_BOOTSCRIPT_COPY_RAM */ - +#else +#define CONFIG_BS_COPY_CMD \ + "cp.b $bs_hdr_flash $bs_hdr_ram $bs_hdr_size ;" \ + "cp.b $bs_flash $bs_ram $bs_size ;" #endif +#endif /* CONFIG_BOOTSCRIPT_COPY_RAM */ #ifndef CONFIG_BS_COPY_ENV #define CONFIG_BS_COPY_ENV diff --git a/include/configs/ls1043a_common.h b/include/configs/ls1043a_common.h index ea25aad..fd243b1 100644 --- a/include/configs/ls1043a_common.h +++ b/include/configs/ls1043a_common.h @@ -245,13 +245,13 @@ "ramdisk_size=0x2000000\0" \ "fdt_high=0xffffffffffffffff\0" \ "initrd_high=0xffffffffffffffff\0" \ - "kernel_start=0x61200000\0" \ - "kernel_load=0x807f0000\0" \ - "kernel_size=0x1000000\0" \ + "kernel_start=0x61100000\0" \ + "kernel_load=0xa0000000\0" \ + "kernel_size=0x2800000\0" \ "console=ttyAMA0,38400n8\0" #define CONFIG_BOOTARGS "console=ttyS0,115200 root=/dev/ram0 " \ - "earlycon=uart8250,0x21c0500,115200" + "earlycon=uart8250,mmio,0x21c0500" #define CONFIG_BOOTCOMMAND "cp.b $kernel_start $kernel_load " \ "$kernel_size && bootm $kernel_load" #define CONFIG_BOOTDELAY 10 diff --git a/include/configs/ls2080aqds.h b/include/configs/ls2080aqds.h index dab3820..91fad0a 100644 --- a/include/configs/ls2080aqds.h +++ b/include/configs/ls2080aqds.h @@ -399,4 +399,6 @@ unsigned long get_board_ddr_clk(void); #define CONFIG_USB_STORAGE #define CONFIG_CMD_EXT2 +#include <asm/fsl_secure_boot.h> + #endif /* __LS2_QDS_H */ diff --git a/include/configs/ls2080ardb.h b/include/configs/ls2080ardb.h index 59a3f66..15a1172 100644 --- a/include/configs/ls2080ardb.h +++ b/include/configs/ls2080ardb.h @@ -14,6 +14,22 @@ #define CONFIG_DISPLAY_BOARDINFO +#define I2C_MUX_CH_VOL_MONITOR 0xa +#define I2C_VOL_MONITOR_ADDR 0x38 +#define CONFIG_VOL_MONITOR_IR36021_READ +#define CONFIG_VOL_MONITOR_IR36021_SET + +#define CONFIG_VID_FLS_ENV "ls2080ardb_vdd_mv" +#ifndef CONFIG_SPL_BUILD +#define CONFIG_VID +#endif +/* step the IR regulator in 5mV increments */ +#define IR_VDD_STEP_DOWN 5 +#define IR_VDD_STEP_UP 5 +/* The lowest and highest voltage allowed for LS2080ARDB */ +#define VDD_MV_MIN 819 +#define VDD_MV_MAX 1212 + #ifndef __ASSEMBLY__ unsigned long get_board_sys_clk(void); #endif @@ -363,4 +379,6 @@ unsigned long get_board_sys_clk(void); #define CONFIG_PHY_AQUANTIA #endif +#include <asm/fsl_secure_boot.h> + #endif /* __LS2_RDB_H */ diff --git a/include/fsl_secboot_err.h b/include/fsl_secboot_err.h index afc50a8..95d890b 100644 --- a/include/fsl_secboot_err.h +++ b/include/fsl_secboot_err.h @@ -29,6 +29,7 @@ #define ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN 0x18 #define ERROR_IE_TABLE_NOT_FOUND 0x19 #define ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN 0x20 +#define ERROR_KEY_TABLE_NOT_FOUND 0x21 #define ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1 0x40 #define ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2 0x80 #define ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD 0x100 @@ -121,6 +122,8 @@ static const struct fsl_secboot_errcode fsl_secboot_errcodes[] = { "Wrong IE public key len in header" }, { ERROR_IE_TABLE_NOT_FOUND, "Information about IE Table missing" }, + { ERROR_KEY_TABLE_NOT_FOUND, + "No Key/ Key Table Found in header"}, { ERROR_ESBC_CLIENT_MAX, "NULL" } }; diff --git a/include/fsl_sfp.h b/include/fsl_sfp.h index 353a123..2976a2c 100644 --- a/include/fsl_sfp.h +++ b/include/fsl_sfp.h @@ -32,7 +32,8 @@ /* Number of SRKH registers */ #define NUM_SRKH_REGS 8 -#ifdef CONFIG_SYS_FSL_SFP_VER_3_2 +#if defined(CONFIG_SYS_FSL_SFP_VER_3_2) || \ + defined(CONFIG_SYS_FSL_SFP_VER_3_4) struct ccsr_sfp_regs { u32 ospr; /* 0x200 */ u32 ospr1; /* 0x204 */ diff --git a/include/fsl_validate.h b/include/fsl_validate.h index 83efcf4..a71e1ce 100644 --- a/include/fsl_validate.h +++ b/include/fsl_validate.h @@ -21,14 +21,6 @@ extern struct jobring jr; -#ifdef CONFIG_KEY_REVOCATION -/* Srk table and key revocation check */ -#define SRK_FLAG 0x01 -#define UNREVOCABLE_KEY 4 -#define ALIGN_REVOC_KEY 3 -#define MAX_KEY_ENTRIES 4 -#endif - /* Barker code size in bytes */ #define ESBC_BARKER_LEN 4 /* barker code length in ESBC uboot client */ /* header */ @@ -39,6 +31,47 @@ extern struct jobring jr; /* Maximum number of SG entries allowed */ #define MAX_SG_ENTRIES 8 +/* Different Header Struct for LS-CH3 */ +#ifdef CONFIG_ESBC_HDR_LS +struct fsl_secboot_img_hdr { + u8 barker[ESBC_BARKER_LEN]; /* barker code */ + u32 srk_tbl_off; + struct { + u8 num_srk; + u8 srk_sel; + u8 reserve; + u8 ie_flag; + } len_kr; + + u32 uid_flag; + + u32 psign; /* signature offset */ + u32 sign_len; /* length of the signature in bytes */ + + u64 pimg64; /* 64 bit pointer to ESBC Image */ + u32 img_size; /* ESBC client image size in bytes */ + u32 ie_key_sel; + + u32 fsl_uid_0; + u32 fsl_uid_1; + u32 oem_uid_0; + u32 oem_uid_1; + u32 oem_uid_2; + u32 oem_uid_3; + u32 oem_uid_4; + u32 reserved1[3]; +}; + +#ifdef CONFIG_KEY_REVOCATION +/* Srk table and key revocation check */ +#define UNREVOCABLE_KEY 8 +#define ALIGN_REVOC_KEY 7 +#define MAX_KEY_ENTRIES 8 +#endif + + +#else /* CONFIG_ESBC_HDR_LS */ + /* * ESBC uboot client header structure. * The struct contain the following fields @@ -109,6 +142,17 @@ struct fsl_secboot_img_hdr { u32 ie_key_sel; }; +#ifdef CONFIG_KEY_REVOCATION +/* Srk table and key revocation check */ +#define SRK_FLAG 0x01 +#define UNREVOCABLE_KEY 4 +#define ALIGN_REVOC_KEY 3 +#define MAX_KEY_ENTRIES 4 +#endif + +#endif /* CONFIG_ESBC_HDR_LS */ + + #if defined(CONFIG_FSL_ISBC_KEY_EXT) struct ie_key_table { u32 key_len; @@ -194,12 +238,15 @@ struct fsl_secboot_img_priv { struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */ uintptr_t ehdrloc; /* ESBC Header location */ - uintptr_t img_addr; /* ESBC Image Location */ + uintptr_t *img_addr_ptr; /* ESBC Image Location */ uint32_t img_size; /* ESBC Image Size */ }; +int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc, + char * const argv[]); + int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, - uintptr_t img_loc); + uintptr_t *img_addr_ptr); int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]); int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc, |