brain-hackers_pepepper-mirror/u-boot-brain
1
0
Fork 0
mirror of https://github.com/brain-hackers/u-boot-brain synced 2024-06-09 23:36:03 +09:00
Code Issues Projects Releases Wiki Activity
6829d60702
u-boot-brain/arch/arm/include/asm/fsl_secure_boot.h

136 lines
4.1 KiB
C
Raw Normal View History

SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-07 06:58:06 +09:00
/* SPDX-License-Identifier: GPL-2.0+ */
Add bootscript support to esbc_validate. 1. Default environment will be used for secure boot flow which can't be edited or saved. 2. Command for secure boot is predefined in the default environment which will run on autoboot (and autoboot is the only option allowed in case of secure boot) and it looks like this: #define CONFIG_SECBOOT \ "setenv bs_hdraddr 0xe8e00000;" \ "esbc_validate $bs_hdraddr;" \ "source $img_addr;" \ "esbc_halt;" #endif 3. Boot Script can contain esbc_validate commands and bootm command. Uboot source command used in default secure boot command will run the bootscript. 4. Command esbc_halt added to ensure either bootm executes after validation of images or core should just spin. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-03-10 17:38:50 +09:00
/*
* Copyright 2015 Freescale Semiconductor, Inc.
SECURE_BOOT: Unify memory map for Layerscape based platforms Unify memory map for Layerscape based platforms. This patch includes changes in bootscript, bootscript header and PPA header addresses change as per unified memory map. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Tested-by: Vinitha Pillai <vinitha.pillai@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-08-16 20:13:28 +09:00
* Copyright 2017 NXP
Add bootscript support to esbc_validate. 1. Default environment will be used for secure boot flow which can't be edited or saved. 2. Command for secure boot is predefined in the default environment which will run on autoboot (and autoboot is the only option allowed in case of secure boot) and it looks like this: #define CONFIG_SECBOOT \ "setenv bs_hdraddr 0xe8e00000;" \ "esbc_validate $bs_hdraddr;" \ "source $img_addr;" \ "esbc_halt;" #endif 3. Boot Script can contain esbc_validate commands and bootm command. Uboot source command used in default secure boot command will run the bootscript. 4. Command esbc_halt added to ensure either bootm executes after validation of images or core should just spin. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-03-10 17:38:50 +09:00
*/
#ifndef __FSL_SECURE_BOOT_H
#define __FSL_SECURE_BOOT_H
secure_boot: split the secure boot functionality in two parts There are two phases in Secure Boot 1. ISBC: In BootROM, validate the BootLoader (U-Boot). 2. ESBC: In U-Boot, continuing the Chain of Trust by validating and booting LINUX. For ESBC phase, there is no difference in SoC's based on ARM or PowerPC cores. But the exit conditions after ISBC phase i.e. entry conditions for U-Boot are different for ARM and PowerPC. PowerPC: If Secure Boot is executed, a separate U-Boot target is required which must be compiled with a diffrent Text Base as compared to Non-Secure Boot. There are some LAW and TLB settings which are required specifically for Secure Boot scenario. ARM: ARM based SoC's have a fixed memory map and exit conditions from BootROM are same irrespective of boot mode (Secure or Non-Secure). Thus the current Secure Boot functionlity has been split into two parts: CONFIG_CHAIN_OF_TRUST This will have the following functionality as part of U-Boot: 1. Enable commands like esbc_validate, esbc_halt 2. Change the environment settings based on bootmode, determined at run time: - If bootmode is non-secure, no change - If bootmode is secure, set the following: - bootdelay = 0 (Don't give boot prompt) - bootcmd = Validate and execute the bootscript. CONFIG_SECURE_BOOT This is defined only for creating a different compile time target for secure boot. Traditionally, both these functionalities were defined under CONFIG_SECURE_BOOT. This patch is aimed at removing the requirement for a separate Secure Boot target for ARM based SoC's. CONFIG_CHAIN_OF_TRUST will be defined and boot mode will be determine at run time. Another Security Requirement for running CHAIN_OF_TRUST is that U-Boot environemnt must not be picked from flash/external memory. This cannot be done based on bootmode at run time in current U-Boot architecture. Once this dependency is resolved, no separate SECURE_BOOT target will be required for ARM based SoC's. Currently, the only code under CONFIG_SECURE_BOOT for ARM SoC's is defining CONFIG_ENV_IS_NOWHERE Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-22 20:07:24 +09:00
#ifdef CONFIG_CHAIN_OF_TRUST
SECURE_BOOT: Disable IE Key feature for RAMBOOT ISBC Key Extension feature is not applicable for RAMBOOT as there is no way to retrieve the CSF Header and validated IE Key table from SRAM once CPC has been disabled. The feature is only applicable in case of NOR SECURE BOOT. Code Cleanup: The SECURE_BOOT specific defines have been moved from arch-ls102xa/config.h to arm/include/asm/fsl_secure_boot.h Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-07-31 17:40:03 +09:00
#define CONFIG_FSL_SEC_MON
arm: fsl: Adjust ordering of #ifndef CONFIG_SPL_BUILD The secure boot header files incorrectly define SPL options only if CONFIG_SPL_BUILD is defined. This means that the options are only enabled in an SPL build, and not with a normal 'make xxx_defconfig'. This means that moveconfig.py cannot work, since it sees the options as disabled even when they may be manually enabled in an SPL build. Fix this by changing the order. Signed-off-by: Simon Glass <sjg@chromium.org>
2016-09-13 14:18:23 +09:00
#ifdef CONFIG_SPL_BUILD
SECURE_BOOT: Enable chain of trust in SPL framework Override jump_to_image_no_args function to include validation of u-boot image using spl_validate_uboot before jumping to u-boot image. Also define macros in SPL framework to enable crypto operations. Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <york.sun@nxp.com>
2016-06-15 02:52:38 +09:00
/*
* Define the key hash for U-Boot here if public/private key pair used to
* sign U-boot are different from the SRK hash put in the fuse
* Example of defining KEY_HASH is
* #define CONFIG_SPL_UBOOT_KEY_HASH \
* "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
* else leave it defined as NULL
*/
#define CONFIG_SPL_UBOOT_KEY_HASH NULL
#endif /* ifdef CONFIG_SPL_BUILD */
arm: ls1043ardb: Add SD secure boot target - Add SD secure boot target for ls1043ardb. - Implement FSL_LSCH2 specific spl_board_init() to setup CAAM stream ID and corresponding stream ID in SMMU. - Change the u-boot size defined by a macro for copying the main U-Boot by SPL to also include the u-boot Secure Boot header size as header is appended to u-boot image. So header will also be copied from SD to DDR. - CONFIG_MAX_SPL_SIZE is limited to 90KB. SPL is copied to OCRAM (128K) where 32K are reserved for use by boot ROM and 6K for secure boto header. - Error messages during SPL boot are limited to error code numbers instead of strings to reduce the size of SPL image. Signed-off-by: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-04-17 21:37:17 +09:00
#define CONFIG_KEY_REVOCATION
ls1088ardb: Add SD Secure boot target support Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> [YS: run moveconfig.py -s] Reviewed-by: York Sun <york.sun@nxp.com>
2018-01-06 12:34:25 +09:00
#if defined(CONFIG_FSL_LAYERSCAPE)
/*
* For fsl layerscape based platforms, ESBC image Address in Header
* is 64 bit.
*/
#define CONFIG_ESBC_ADDR_64BIT
#endif
SECURE_BOOT: Enable chain of trust in SPL framework Override jump_to_image_no_args function to include validation of u-boot image using spl_validate_uboot before jumping to u-boot image. Also define macros in SPL framework to enable crypto operations. Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <york.sun@nxp.com>
2016-06-15 02:52:38 +09:00
#ifndef CONFIG_SPL_BUILD
SECURE_BOOT: Disable IE Key feature for RAMBOOT ISBC Key Extension feature is not applicable for RAMBOOT as there is no way to retrieve the CSF Header and validated IE Key table from SRAM once CPC has been disabled. The feature is only applicable in case of NOR SECURE BOOT. Code Cleanup: The SECURE_BOOT specific defines have been moved from arch-ls102xa/config.h to arm/include/asm/fsl_secure_boot.h Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-07-31 17:40:03 +09:00
#ifndef CONFIG_SYS_RAMBOOT
/* The key used for verification of next level images
* is picked up from an Extension Table which has
* been verified by the ISBC (Internal Secure boot Code)
* in boot ROM of the SoC.
* The feature is only applicable in case of NOR boot and is
* not applicable in case of RAMBOOT (NAND, SD, SPI).
fsl: Secure Boot: Enable IE (Key extention) Feature For validating images from uboot (Such as Kernel Image), either keys from SoC fuses can be used or keys from a verified table of public keys can be used. The latter feature is called IE Key Extension Feature. For Layerscape Chasis 3 based platforms, IE table is validated by Bootrom and address of this table is written in scratch registers 13 and 14 via PBI commands. Following are the steps describing usage of this feature: 1) Verify IE Table in ISBC phase using keys stored in fuses. 2) Install IE table. (To be used across verification of multiple images stored in a static global structure.) 3) Use keys from IE table, to verify further images. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-02-10 01:06:11 +09:00
* For LS, this feature is available for all device if IE Table
* is copied to XIP memory
* Also, for LS, ISBC doesn't verify this table.
SECURE_BOOT: Disable IE Key feature for RAMBOOT ISBC Key Extension feature is not applicable for RAMBOOT as there is no way to retrieve the CSF Header and validated IE Key table from SRAM once CPC has been disabled. The feature is only applicable in case of NOR SECURE BOOT. Code Cleanup: The SECURE_BOOT specific defines have been moved from arch-ls102xa/config.h to arm/include/asm/fsl_secure_boot.h Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-07-31 17:40:03 +09:00
*/
#define CONFIG_FSL_ISBC_KEY_EXT
armv8: fsl-lsch3: Add new header for secure boot For secure boot, a header is used to identify key table, signature and image address. A new header structure is added for lsch3. Currently key extension (IE) feature is not supported. Single key feature is not supported. Keys must be in table format. Hence, SRK (key table) must be present. Max key number has increase from 4 to 8. The 8th key is irrevocable. A new barker Code is used. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-23 19:54:34 +09:00
#endif
armv8: ls2080a: Drop macro CONFIG_LS2080A Use CONFIG_ARCH_LS2080A instead. Signed-off-by: York Sun <york.sun@nxp.com>
2017-03-28 03:41:01 +09:00
#ifdef CONFIG_ARCH_LS2080A
armv8: ls2080: Change env variable "fdt_high" "fdt_high" env variable was set to 0xcfffffff for secure boot. Change it to 0xa0000000 for LS2080 to be consistent with non-secure boot targets. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-23 19:54:38 +09:00
#define CONFIG_EXTRA_ENV \
"setenv fdt_high 0xa0000000;" \
"setenv initrd_high 0xcfffffff;" \
"setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';"
#else
Add bootscript support to esbc_validate. 1. Default environment will be used for secure boot flow which can't be edited or saved. 2. Command for secure boot is predefined in the default environment which will run on autoboot (and autoboot is the only option allowed in case of secure boot) and it looks like this: #define CONFIG_SECBOOT \ "setenv bs_hdraddr 0xe8e00000;" \ "esbc_validate $bs_hdraddr;" \ "source $img_addr;" \ "esbc_halt;" #endif 3. Boot Script can contain esbc_validate commands and bootm command. Uboot source command used in default secure boot command will run the bootscript. 4. Command esbc_halt added to ensure either bootm executes after validation of images or core should just spin. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-03-10 17:38:50 +09:00
#define CONFIG_EXTRA_ENV \
SECURE_BOOT: Enable SD as a source for bootscript Add support for reading bootscript and bootscript header from SD. Also renamed macros *_FLASH to *_DEVICE to represent SD alongwith NAND and NOR flash. Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <york.sun@nxp.com>
2016-06-15 02:52:39 +09:00
"setenv fdt_high 0xffffffff;" \
"setenv initrd_high 0xffffffff;" \
Add bootscript support to esbc_validate. 1. Default environment will be used for secure boot flow which can't be edited or saved. 2. Command for secure boot is predefined in the default environment which will run on autoboot (and autoboot is the only option allowed in case of secure boot) and it looks like this: #define CONFIG_SECBOOT \ "setenv bs_hdraddr 0xe8e00000;" \ "esbc_validate $bs_hdraddr;" \ "source $img_addr;" \ "esbc_halt;" #endif 3. Boot Script can contain esbc_validate commands and bootm command. Uboot source command used in default secure boot command will run the bootscript. 4. Command esbc_halt added to ensure either bootm executes after validation of images or core should just spin. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-03-10 17:38:50 +09:00
"setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';"
armv8: ls2080: Change env variable "fdt_high" "fdt_high" env variable was set to 0xcfffffff for secure boot. Change it to 0xa0000000 for LS2080 to be consistent with non-secure boot targets. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-23 19:54:38 +09:00
#endif
Add bootscript support to esbc_validate. 1. Default environment will be used for secure boot flow which can't be edited or saved. 2. Command for secure boot is predefined in the default environment which will run on autoboot (and autoboot is the only option allowed in case of secure boot) and it looks like this: #define CONFIG_SECBOOT \ "setenv bs_hdraddr 0xe8e00000;" \ "esbc_validate $bs_hdraddr;" \ "source $img_addr;" \ "esbc_halt;" #endif 3. Boot Script can contain esbc_validate commands and bootm command. Uboot source command used in default secure boot command will run the bootscript. 4. Command esbc_halt added to ensure either bootm executes after validation of images or core should just spin. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-03-10 17:38:50 +09:00
armv8: fsl-lsch3: Copy Bootscript and header from NOR to DDR To unify steps for secure boot for xip (eg. NOR) and non-xip memories (eg. NAND, SD), bootscipts and its header are copied to main memory. Validation and execution are performed from there. For other ARM Platforms (ls1043 and ls1020), to avoid disruption of existing users, this copy step is not used for NOR boot. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-23 19:54:37 +09:00
/* Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from
* Non-XIP Memory (Nand/SD)*/
SECURE_BOOT: Update bootscript and its hdr addresses Update bootscript and its hdr addresses for Layerscape Chasis 3 based platforms instead of individual SoCs. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-01-06 19:28:56 +09:00
#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_FSL_LSCH3) || \
arm: ls1043ardb: Add NAND secure boot target Add NAND secure boot target for ls1043ardb. - Change the u-boot size defined by a macro for copying the main U-Boot by SPL to also include the u-boot Secure Boot header size as header is appended to u-boot image. So header will also be copied from SD to DDR. - MACRO for CONFIG_BOOTSCRIPT_COPY_RAM is enabled to copy Bootscript from NAND to DDR. Offsets for Bootscript on NAND and DDR have been also defined. Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-04-17 21:37:18 +09:00
defined(CONFIG_SD_BOOT) || defined(CONFIG_NAND_BOOT)
armv8: fsl-lsch3: Copy Bootscript and header from NOR to DDR To unify steps for secure boot for xip (eg. NOR) and non-xip memories (eg. NAND, SD), bootscipts and its header are copied to main memory. Validation and execution are performed from there. For other ARM Platforms (ls1043 and ls1020), to avoid disruption of existing users, this copy step is not used for NOR boot. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-23 19:54:37 +09:00
#define CONFIG_BOOTSCRIPT_COPY_RAM
#endif
SECURE_BOOT: Enable SD as a source for bootscript Add support for reading bootscript and bootscript header from SD. Also renamed macros *_FLASH to *_DEVICE to represent SD alongwith NAND and NOR flash. Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <york.sun@nxp.com>
2016-06-15 02:52:39 +09:00
/* The address needs to be modified according to NOR, NAND, SD and
* DDR memory map
*/
SECURE_BOOT: Update bootscript and its hdr addresses Update bootscript and its hdr addresses for Layerscape Chasis 3 based platforms instead of individual SoCs. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-01-06 19:28:56 +09:00
#ifdef CONFIG_FSL_LSCH3
LS2080ARDB: QSPI boot: Secure Boot image validation Adds header address for PPA to be validated during ESBC phase for ARCH_LS2088 and QSPI_BOOT. Moves sec_init prior to ppa_init(). It must be initialized before the PPA. Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com> [YS: revised commit message] Reviewed-by: York Sun <york.sun@nxp.com>
2017-08-16 20:13:29 +09:00
#ifdef CONFIG_QSPI_BOOT
#define CONFIG_BS_ADDR_DEVICE 0x20600000
#define CONFIG_BS_HDR_ADDR_DEVICE 0x20640000
#else /* NOR BOOT */
SECURE_BOOT: Unify memory map for Layerscape based platforms Unify memory map for Layerscape based platforms. This patch includes changes in bootscript, bootscript header and PPA header addresses change as per unified memory map. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Tested-by: Vinitha Pillai <vinitha.pillai@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-08-16 20:13:28 +09:00
#define CONFIG_BS_ADDR_DEVICE 0x580600000
#define CONFIG_BS_HDR_ADDR_DEVICE 0x580640000
LS2080ARDB: QSPI boot: Secure Boot image validation Adds header address for PPA to be validated during ESBC phase for ARCH_LS2088 and QSPI_BOOT. Moves sec_init prior to ppa_init(). It must be initialized before the PPA. Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com> [YS: revised commit message] Reviewed-by: York Sun <york.sun@nxp.com>
2017-08-16 20:13:29 +09:00
#endif /*ifdef CONFIG_QSPI_BOOT */
SECURE_BOOT: Enable SD as a source for bootscript Add support for reading bootscript and bootscript header from SD. Also renamed macros *_FLASH to *_DEVICE to represent SD alongwith NAND and NOR flash. Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <york.sun@nxp.com>
2016-06-15 02:52:39 +09:00
#define CONFIG_BS_SIZE 0x00001000
SECURE_BOOT: Unify memory map for Layerscape based platforms Unify memory map for Layerscape based platforms. This patch includes changes in bootscript, bootscript header and PPA header addresses change as per unified memory map. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Tested-by: Vinitha Pillai <vinitha.pillai@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-08-16 20:13:28 +09:00
#define CONFIG_BS_HDR_SIZE 0x00004000
#define CONFIG_BS_ADDR_RAM 0xa0600000
#define CONFIG_BS_HDR_ADDR_RAM 0xa0640000
SECURE_BOOT: Enable SD as a source for bootscript Add support for reading bootscript and bootscript header from SD. Also renamed macros *_FLASH to *_DEVICE to represent SD alongwith NAND and NOR flash. Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <york.sun@nxp.com>
2016-06-15 02:52:39 +09:00
#else
#ifdef CONFIG_SD_BOOT
/* For SD boot address and size are assigned in terms of sector
* offset and no. of sectors respectively.
*/
SECURE_BOOT: Unify memory map for Layerscape based platforms Unify memory map for Layerscape based platforms. This patch includes changes in bootscript, bootscript header and PPA header addresses change as per unified memory map. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Tested-by: Vinitha Pillai <vinitha.pillai@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-08-16 20:13:28 +09:00
#define CONFIG_BS_ADDR_DEVICE 0x00003000
#define CONFIG_BS_HDR_ADDR_DEVICE 0x00003200
SECURE_BOOT: Enable SD as a source for bootscript Add support for reading bootscript and bootscript header from SD. Also renamed macros *_FLASH to *_DEVICE to represent SD alongwith NAND and NOR flash. Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <york.sun@nxp.com>
2016-06-15 02:52:39 +09:00
#define CONFIG_BS_SIZE 0x00000008
SECURE_BOOT: Unify memory map for Layerscape based platforms Unify memory map for Layerscape based platforms. This patch includes changes in bootscript, bootscript header and PPA header addresses change as per unified memory map. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Tested-by: Vinitha Pillai <vinitha.pillai@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-08-16 20:13:28 +09:00
#define CONFIG_BS_HDR_SIZE 0x00000010
arm: ls1043ardb: Add NAND secure boot target Add NAND secure boot target for ls1043ardb. - Change the u-boot size defined by a macro for copying the main U-Boot by SPL to also include the u-boot Secure Boot header size as header is appended to u-boot image. So header will also be copied from SD to DDR. - MACRO for CONFIG_BOOTSCRIPT_COPY_RAM is enabled to copy Bootscript from NAND to DDR. Offsets for Bootscript on NAND and DDR have been also defined. Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-04-17 21:37:18 +09:00
#elif defined(CONFIG_NAND_BOOT)
SECURE_BOOT: Unify memory map for Layerscape based platforms Unify memory map for Layerscape based platforms. This patch includes changes in bootscript, bootscript header and PPA header addresses change as per unified memory map. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Tested-by: Vinitha Pillai <vinitha.pillai@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-08-16 20:13:28 +09:00
#define CONFIG_BS_ADDR_DEVICE 0x00600000
#define CONFIG_BS_HDR_ADDR_DEVICE 0x00640000
#define CONFIG_BS_SIZE 0x00001000
armv8: SECURE_BOOT: Enable chain of trust on LS1046A platform Define bootscript and its header addresses for QSPI target. Also define PPA header address to enable PPA validation. Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
2017-03-23 17:18:16 +09:00
#define CONFIG_BS_HDR_SIZE 0x00002000
SECURE_BOOT: Unify memory map for Layerscape based platforms Unify memory map for Layerscape based platforms. This patch includes changes in bootscript, bootscript header and PPA header addresses change as per unified memory map. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Tested-by: Vinitha Pillai <vinitha.pillai@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-08-16 20:13:28 +09:00
#elif defined(CONFIG_QSPI_BOOT)
#define CONFIG_BS_ADDR_DEVICE 0x40600000
#define CONFIG_BS_HDR_ADDR_DEVICE 0x40640000
armv8: SECURE_BOOT: Enable chain of trust on LS1046A platform Define bootscript and its header addresses for QSPI target. Also define PPA header address to enable PPA validation. Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
2017-03-23 17:18:16 +09:00
#define CONFIG_BS_SIZE 0x00001000
SECURE_BOOT: Enable SD as a source for bootscript Add support for reading bootscript and bootscript header from SD. Also renamed macros *_FLASH to *_DEVICE to represent SD alongwith NAND and NOR flash. Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <york.sun@nxp.com>
2016-06-15 02:52:39 +09:00
#define CONFIG_BS_HDR_SIZE 0x00002000
SECURE_BOOT: Unify memory map for Layerscape based platforms Unify memory map for Layerscape based platforms. This patch includes changes in bootscript, bootscript header and PPA header addresses change as per unified memory map. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Tested-by: Vinitha Pillai <vinitha.pillai@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-08-16 20:13:28 +09:00
#else /* Default NOR Boot */
#define CONFIG_BS_ADDR_DEVICE 0x60600000
#define CONFIG_BS_HDR_ADDR_DEVICE 0x60640000
SECURE_BOOT: Enable SD as a source for bootscript Add support for reading bootscript and bootscript header from SD. Also renamed macros *_FLASH to *_DEVICE to represent SD alongwith NAND and NOR flash. Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <york.sun@nxp.com>
2016-06-15 02:52:39 +09:00
#define CONFIG_BS_SIZE 0x00001000
SECURE_BOOT: Unify memory map for Layerscape based platforms Unify memory map for Layerscape based platforms. This patch includes changes in bootscript, bootscript header and PPA header addresses change as per unified memory map. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Tested-by: Vinitha Pillai <vinitha.pillai@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-08-16 20:13:28 +09:00
#define CONFIG_BS_HDR_SIZE 0x00002000
armv8: SECURE_BOOT: Enable chain of trust on LS1046A platform Define bootscript and its header addresses for QSPI target. Also define PPA header address to enable PPA validation. Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
2017-03-23 17:18:16 +09:00
#endif
SECURE_BOOT: Unify memory map for Layerscape based platforms Unify memory map for Layerscape based platforms. This patch includes changes in bootscript, bootscript header and PPA header addresses change as per unified memory map. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Tested-by: Vinitha Pillai <vinitha.pillai@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-08-16 20:13:28 +09:00
#define CONFIG_BS_ADDR_RAM 0x81000000
#define CONFIG_BS_HDR_ADDR_RAM 0x81020000
armv8: fsl-lsch3: Copy Bootscript and header from NOR to DDR To unify steps for secure boot for xip (eg. NOR) and non-xip memories (eg. NAND, SD), bootscipts and its header are copied to main memory. Validation and execution are performed from there. For other ARM Platforms (ls1043 and ls1020), to avoid disruption of existing users, this copy step is not used for NOR boot. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-23 19:54:37 +09:00
#endif
#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
#define CONFIG_BOOTSCRIPT_ADDR CONFIG_BS_ADDR_RAM
SECURE_BOOT: Unify memory map for Layerscape based platforms Unify memory map for Layerscape based platforms. This patch includes changes in bootscript, bootscript header and PPA header addresses change as per unified memory map. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Tested-by: Vinitha Pillai <vinitha.pillai@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-08-16 20:13:28 +09:00
#define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_RAM
armv8: ls2080: Add bootscript header addr for secure boot During secure boot, Linux image along with other images are validated using bootscript. This bootscript also needs to be validated before it executes. This requires a header for bootscript. When secure boot is enabled, default bootcmd is changed to first validate bootscript using the header and then execute the script. For ls2080, NOR memory map is different from other ARM SoCs. So a new address on NOR is used for this bootscript header (0x583920000). The Bootscript address is mentioned in this header along with addresses of other images. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-23 19:54:36 +09:00
#else
SECURE_BOOT: Enable SD as a source for bootscript Add support for reading bootscript and bootscript header from SD. Also renamed macros *_FLASH to *_DEVICE to represent SD alongwith NAND and NOR flash. Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <york.sun@nxp.com>
2016-06-15 02:52:39 +09:00
#define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_DEVICE
/* BOOTSCRIPT_ADDR is not required */
armv8: ls2080: Add bootscript header addr for secure boot During secure boot, Linux image along with other images are validated using bootscript. This bootscript also needs to be validated before it executes. This requires a header for bootscript. When secure boot is enabled, default bootcmd is changed to first validate bootscript using the header and then execute the script. For ls2080, NOR memory map is different from other ARM SoCs. So a new address on NOR is used for this bootscript header (0x583920000). The Bootscript address is mentioned in this header along with addresses of other images. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-23 19:54:36 +09:00
#endif
Add bootscript support to esbc_validate. 1. Default environment will be used for secure boot flow which can't be edited or saved. 2. Command for secure boot is predefined in the default environment which will run on autoboot (and autoboot is the only option allowed in case of secure boot) and it looks like this: #define CONFIG_SECBOOT \ "setenv bs_hdraddr 0xe8e00000;" \ "esbc_validate $bs_hdraddr;" \ "source $img_addr;" \ "esbc_halt;" #endif 3. Boot Script can contain esbc_validate commands and bootm command. Uboot source command used in default secure boot command will run the bootscript. 4. Command esbc_halt added to ensure either bootm executes after validation of images or core should just spin. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-03-10 17:38:50 +09:00
ls1043ardb: PPA: add PPA validation in case of secure boot As part of Secure Boot Chain of trust, PPA image must be validated before the image is started. The code for the same has been added. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-09-02 01:56:44 +09:00
#ifdef CONFIG_FSL_LS_PPA
/* Define the key hash here if SRK used for signing PPA image is
* different from SRK hash put in SFP used for U-Boot.
* Example
armv8: fsl-layerscape: SECURE BOOT: Add header address of PPA in kconfig The header address of PPA defined in Kconfig. Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-03-23 17:18:14 +09:00
* #define PPA_KEY_HASH \
ls1043ardb: PPA: add PPA validation in case of secure boot As part of Secure Boot Chain of trust, PPA image must be validated before the image is started. The code for the same has been added. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-09-02 01:56:44 +09:00
* "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
*/
armv8: fsl-layerscape: SECURE BOOT: Add header address of PPA in kconfig The header address of PPA defined in Kconfig. Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-03-23 17:18:14 +09:00
#define PPA_KEY_HASH NULL
ls1043ardb: PPA: add PPA validation in case of secure boot As part of Secure Boot Chain of trust, PPA image must be validated before the image is started. The code for the same has been added. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-09-02 01:56:44 +09:00
#endif /* ifdef CONFIG_FSL_LS_PPA */
secure_boot: split the secure boot functionality in two parts There are two phases in Secure Boot 1. ISBC: In BootROM, validate the BootLoader (U-Boot). 2. ESBC: In U-Boot, continuing the Chain of Trust by validating and booting LINUX. For ESBC phase, there is no difference in SoC's based on ARM or PowerPC cores. But the exit conditions after ISBC phase i.e. entry conditions for U-Boot are different for ARM and PowerPC. PowerPC: If Secure Boot is executed, a separate U-Boot target is required which must be compiled with a diffrent Text Base as compared to Non-Secure Boot. There are some LAW and TLB settings which are required specifically for Secure Boot scenario. ARM: ARM based SoC's have a fixed memory map and exit conditions from BootROM are same irrespective of boot mode (Secure or Non-Secure). Thus the current Secure Boot functionlity has been split into two parts: CONFIG_CHAIN_OF_TRUST This will have the following functionality as part of U-Boot: 1. Enable commands like esbc_validate, esbc_halt 2. Change the environment settings based on bootmode, determined at run time: - If bootmode is non-secure, no change - If bootmode is secure, set the following: - bootdelay = 0 (Don't give boot prompt) - bootcmd = Validate and execute the bootscript. CONFIG_SECURE_BOOT This is defined only for creating a different compile time target for secure boot. Traditionally, both these functionalities were defined under CONFIG_SECURE_BOOT. This patch is aimed at removing the requirement for a separate Secure Boot target for ARM based SoC's. CONFIG_CHAIN_OF_TRUST will be defined and boot mode will be determine at run time. Another Security Requirement for running CHAIN_OF_TRUST is that U-Boot environemnt must not be picked from flash/external memory. This cannot be done based on bootmode at run time in current U-Boot architecture. Once this dependency is resolved, no separate SECURE_BOOT target will be required for ARM based SoC's. Currently, the only code under CONFIG_SECURE_BOOT for ARM SoC's is defining CONFIG_ENV_IS_NOWHERE Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-22 20:07:24 +09:00
#include <config_fsl_chain_trust.h>
SECURE_BOOT: Enable chain of trust in SPL framework Override jump_to_image_no_args function to include validation of u-boot image using spl_validate_uboot before jumping to u-boot image. Also define macros in SPL framework to enable crypto operations. Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <york.sun@nxp.com>
2016-06-15 02:52:38 +09:00
#endif /* #ifndef CONFIG_SPL_BUILD */
secure_boot: split the secure boot functionality in two parts There are two phases in Secure Boot 1. ISBC: In BootROM, validate the BootLoader (U-Boot). 2. ESBC: In U-Boot, continuing the Chain of Trust by validating and booting LINUX. For ESBC phase, there is no difference in SoC's based on ARM or PowerPC cores. But the exit conditions after ISBC phase i.e. entry conditions for U-Boot are different for ARM and PowerPC. PowerPC: If Secure Boot is executed, a separate U-Boot target is required which must be compiled with a diffrent Text Base as compared to Non-Secure Boot. There are some LAW and TLB settings which are required specifically for Secure Boot scenario. ARM: ARM based SoC's have a fixed memory map and exit conditions from BootROM are same irrespective of boot mode (Secure or Non-Secure). Thus the current Secure Boot functionlity has been split into two parts: CONFIG_CHAIN_OF_TRUST This will have the following functionality as part of U-Boot: 1. Enable commands like esbc_validate, esbc_halt 2. Change the environment settings based on bootmode, determined at run time: - If bootmode is non-secure, no change - If bootmode is secure, set the following: - bootdelay = 0 (Don't give boot prompt) - bootcmd = Validate and execute the bootscript. CONFIG_SECURE_BOOT This is defined only for creating a different compile time target for secure boot. Traditionally, both these functionalities were defined under CONFIG_SECURE_BOOT. This patch is aimed at removing the requirement for a separate Secure Boot target for ARM based SoC's. CONFIG_CHAIN_OF_TRUST will be defined and boot mode will be determine at run time. Another Security Requirement for running CHAIN_OF_TRUST is that U-Boot environemnt must not be picked from flash/external memory. This cannot be done based on bootmode at run time in current U-Boot architecture. Once this dependency is resolved, no separate SECURE_BOOT target will be required for ARM based SoC's. Currently, the only code under CONFIG_SECURE_BOOT for ARM SoC's is defining CONFIG_ENV_IS_NOWHERE Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-22 20:07:24 +09:00
#endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
Add bootscript support to esbc_validate. 1. Default environment will be used for secure boot flow which can't be edited or saved. 2. Command for secure boot is predefined in the default environment which will run on autoboot (and autoboot is the only option allowed in case of secure boot) and it looks like this: #define CONFIG_SECBOOT \ "setenv bs_hdraddr 0xe8e00000;" \ "esbc_validate $bs_hdraddr;" \ "source $img_addr;" \ "esbc_halt;" #endif 3. Boot Script can contain esbc_validate commands and bootm command. Uboot source command used in default secure boot command will run the bootscript. 4. Command esbc_halt added to ensure either bootm executes after validation of images or core should just spin. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-03-10 17:38:50 +09:00
#endif
Reference in New Issue Copy Permalink