summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVinitha V Pillai <vinitha.pillai@nxp.com>2018-05-23 11:03:31 +0530
committerYork Sun <york.sun@nxp.com>2018-06-11 12:34:45 -0700
commit2d91b533312888e596563a299588e81906383464 (patch)
tree8f841730899370f73b0fd610dc63db3b88d9ddeb
parent9629ccdde79adb1e471cfb24d9fee9f5c6c94aa6 (diff)
LS1012AFRWY: Add Secure Boot support
Added the following: 1. defconfig for LS1012AFRWY Secure boot 2. PfE Validation support Signed-off-by: Vinitha V Pillai <vinitha.pillai@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
-rw-r--r--arch/arm/Kconfig1
-rw-r--r--board/freescale/ls1012afrdm/Kconfig8
-rw-r--r--board/freescale/ls1012afrdm/MAINTAINERS4
-rw-r--r--board/freescale/ls1012afrdm/ls1012afrdm.c5
-rw-r--r--configs/ls1012afrwy_qspi_SECURE_BOOT_defconfig54
-rw-r--r--drivers/net/pfe_eth/pfe_firmware.c29
-rw-r--r--include/configs/ls1012afrwy.h16
7 files changed, 116 insertions, 1 deletions
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index e9f68cc3af..22234cde2a 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -1037,6 +1037,7 @@ config TARGET_LS1012A2G5RDB
config TARGET_LS1012AFRWY
bool "Support ls1012afrwy"
select ARCH_LS1012A
+ select BOARD_LATE_INIT
select ARM64
imply SCSI
imply SCSI_AHCI
diff --git a/board/freescale/ls1012afrdm/Kconfig b/board/freescale/ls1012afrdm/Kconfig
index 5255bce0d2..55b414e168 100644
--- a/board/freescale/ls1012afrdm/Kconfig
+++ b/board/freescale/ls1012afrdm/Kconfig
@@ -69,6 +69,14 @@ config SYS_LS_PPA_FW_ADDR
hex "PPA Firmware Addr"
default 0x40060000
+config SYS_LS_PPA_ESBC_ADDR
+ hex "PPA Firmware HDR Addr"
+ default 0x401f4000
+
+config SYS_LS_PFE_ESBC_ADDR
+ hex "PFE Firmware HDR Addr"
+ default 0x401f8000
+
endif
if TARGET_LS1012AFRDM || TARGET_LS1012AFRWY
diff --git a/board/freescale/ls1012afrdm/MAINTAINERS b/board/freescale/ls1012afrdm/MAINTAINERS
index 36e3e5ac73..f3fcdb87ae 100644
--- a/board/freescale/ls1012afrdm/MAINTAINERS
+++ b/board/freescale/ls1012afrdm/MAINTAINERS
@@ -11,3 +11,7 @@ S: Maintained
F: board/freescale/ls1012afrwy/
F: include/configs/ls1012afrwy.h
F: configs/ls1012afrwy_qspi_defconfig
+
+M: Vinitha V Pillai <vinitha.pillai@nxp.com>
+S: Maintained
+F: configs/ls1012afrwy_qspi_SECURE_BOOT_defconfig
diff --git a/board/freescale/ls1012afrdm/ls1012afrdm.c b/board/freescale/ls1012afrdm/ls1012afrdm.c
index e30ad6edcf..315da8b866 100644
--- a/board/freescale/ls1012afrdm/ls1012afrdm.c
+++ b/board/freescale/ls1012afrdm/ls1012afrdm.c
@@ -18,6 +18,7 @@
#include <environment.h>
#include <fsl_mmdc.h>
#include <netdev.h>
+#include <fsl_sec.h>
DECLARE_GLOBAL_DATA_PTR;
@@ -140,6 +141,10 @@ int board_init(void)
gd->env_addr = (ulong)&default_environment[0];
#endif
+#ifdef CONFIG_FSL_CAAM
+ sec_init();
+#endif
+
#ifdef CONFIG_FSL_LS_PPA
ppa_init();
#endif
diff --git a/configs/ls1012afrwy_qspi_SECURE_BOOT_defconfig b/configs/ls1012afrwy_qspi_SECURE_BOOT_defconfig
new file mode 100644
index 0000000000..bfc120ac25
--- /dev/null
+++ b/configs/ls1012afrwy_qspi_SECURE_BOOT_defconfig
@@ -0,0 +1,54 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS1012AFRWY=y
+CONFIG_SECURE_BOOT=y
+CONFIG_SYS_TEXT_BASE=0x40100000
+CONFIG_FSL_LS_PPA=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1012a-frwy"
+CONFIG_DISTRO_DEFAULTS=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_SYS_EXTRA_OPTIONS="QSPI_BOOT"
+CONFIG_QSPI_BOOT=y
+CONFIG_BOOTDELAY=10
+CONFIG_USE_BOOTARGS=y
+CONFIG_BOOTARGS="console=ttyS0,115200 root=/dev/ram0 earlycon=uart8250,mmio,0x21c0500 quiet lpj=250000"
+# CONFIG_DISPLAY_BOARDINFO is not set
+CONFIG_DISPLAY_BOARDINFO_LATE=y
+CONFIG_CMD_GREPENV=y
+CONFIG_CMD_GPT=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_PCI=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_USB=y
+CONFIG_CMD_CACHE=y
+CONFIG_OF_CONTROL=y
+CONFIG_ENV_IS_IN_SPI_FLASH=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+# CONFIG_BLK is not set
+CONFIG_DM_MMC=y
+# CONFIG_DM_MMC_OPS is not set
+CONFIG_DM_SPI_FLASH=y
+CONFIG_SPI_FLASH=y
+CONFIG_DM_ETH=y
+CONFIG_SPI_FLASH_WINBOND=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_FSL_PFE=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_PCIE_LAYERSCAPE=y
+CONFIG_SYS_NS16550=y
+CONFIG_DM_SPI=y
+CONFIG_FSL_DSPI=y
+CONFIG_USB=y
+CONFIG_DM_USB=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_USB_STORAGE=y
+CONFIG_RSA=y
+CONFIG_RSA_SOFTWARE_EXP=y
diff --git a/drivers/net/pfe_eth/pfe_firmware.c b/drivers/net/pfe_eth/pfe_firmware.c
index f06ed37292..adb2d06010 100644
--- a/drivers/net/pfe_eth/pfe_firmware.c
+++ b/drivers/net/pfe_eth/pfe_firmware.c
@@ -12,6 +12,9 @@
#include <net/pfe_eth/pfe_eth.h>
#include <net/pfe_eth/pfe_firmware.h>
+#ifdef CONFIG_CHAIN_OF_TRUST
+#include <fsl_validate.h>
+#endif
#define PFE_FIRMEWARE_FIT_CNF_NAME "config@1"
@@ -168,10 +171,15 @@ static int pfe_fit_check(void)
*/
int pfe_firmware_init(void)
{
+#define PFE_KEY_HASH NULL
char *pfe_firmware_name;
const void *raw_image_addr;
size_t raw_image_size = 0;
u8 *pfe_firmware;
+#ifdef CONFIG_CHAIN_OF_TRUST
+ uintptr_t pfe_esbc_hdr = 0;
+ uintptr_t pfe_img_addr = 0;
+#endif
int ret = 0;
int fw_count;
@@ -179,6 +187,27 @@ int pfe_firmware_init(void)
if (ret)
goto err;
+#ifdef CONFIG_CHAIN_OF_TRUST
+ pfe_esbc_hdr = CONFIG_SYS_LS_PFE_ESBC_ADDR;
+ pfe_img_addr = (uintptr_t)pfe_fit_addr;
+ if (fsl_check_boot_mode_secure() != 0) {
+ /*
+ * In case of failure in validation, fsl_secboot_validate
+ * would not return back in case of Production environment
+ * with ITS=1. In Development environment (ITS=0 and
+ * SB_EN=1), the function may return back in case of
+ * non-fatal failures.
+ */
+ ret = fsl_secboot_validate(pfe_esbc_hdr,
+ PFE_KEY_HASH,
+ &pfe_img_addr);
+ if (ret != 0)
+ printf("PFE firmware(s) validation failed\n");
+ else
+ printf("PFE firmware(s) validation Successful\n");
+ }
+#endif
+
for (fw_count = 0; fw_count < 2; fw_count++) {
if (fw_count == 0)
pfe_firmware_name = "class";
diff --git a/include/configs/ls1012afrwy.h b/include/configs/ls1012afrwy.h
index 982f742627..35578c3e41 100644
--- a/include/configs/ls1012afrwy.h
+++ b/include/configs/ls1012afrwy.h
@@ -57,11 +57,17 @@
"initrd_high=0xffffffffffffffff\0" \
"fdt_addr=0x00f00000\0" \
"kernel_addr=0x01000000\0" \
+ "kernel_size_sd=0x16000\0" \
+ "kernelhdr_size_sd=0x10\0" \
+ "kernel_addr_sd=0x8000\0" \
+ "kernelhdr_addr_sd=0x4000\0" \
+ "kernelheader_addr=0x1fc000\0" \
"kernelheader_addr=0x1fc000\0" \
"scriptaddr=0x80000000\0" \
"scripthdraddr=0x80080000\0" \
"fdtheader_addr_r=0x80100000\0" \
"kernelheader_addr_r=0x80200000\0" \
+ "kernelheader_size=0x40000\0" \
"kernel_addr_r=0x81000000\0" \
"fdt_addr_r=0x90000000\0" \
"load_addr=0x96000000\0" \
@@ -104,10 +110,17 @@
"$kernel_addr $kernel_size; env exists secureboot " \
"&& sf read $kernelheader_addr_r $kernelheader_addr " \
"$kernelheader_size && esbc_validate ${kernelheader_addr_r}; " \
+ "bootm $load_addr#$board\0" \
+ "sd_bootcmd=echo Trying load from sd card..;" \
+ "mmcinfo; mmc read $load_addr " \
+ "$kernel_addr_sd $kernel_size_sd ;" \
+ "env exists secureboot && mmc read $kernelheader_addr_r "\
+ "$kernelhdr_addr_sd $kernelhdr_size_sd " \
+ " && esbc_validate ${kernelheader_addr_r};" \
"bootm $load_addr#$board\0"
#undef CONFIG_BOOTCOMMAND
-#define CONFIG_BOOTCOMMAND "pfe stop; run distro_bootcmd; run qspi_bootcmd; "\
+#define CONFIG_BOOTCOMMAND "pfe stop; run distro_bootcmd; run sd_bootcmd; "\
"env exists secureboot && esbc_halt;"
#define CONFIG_CMD_MEMINFO
#define CONFIG_CMD_MEMTEST
@@ -116,4 +129,5 @@
#include <asm/fsl_secure_boot.h>
+#include <asm/fsl_secure_boot.h>
#endif /* __LS1012AFRWY_H__ */