summaryrefslogtreecommitdiff
path: root/arch/arm/include/asm/fsl_secure_boot.h
AgeCommit message (Collapse)Author
2017-03-28fsl: Secure Boot: Enable IE (Key extention) FeatureUdit Agarwal
For validating images from uboot (Such as Kernel Image), either keys from SoC fuses can be used or keys from a verified table of public keys can be used. The latter feature is called IE Key Extension Feature. For Layerscape Chasis 3 based platforms, IE table is validated by Bootrom and address of this table is written in scratch registers 13 and 14 via PBI commands. Following are the steps describing usage of this feature: 1) Verify IE Table in ISBC phase using keys stored in fuses. 2) Install IE table. (To be used across verification of multiple images stored in a static global structure.) 3) Use keys from IE table, to verify further images. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-03-28armv8: lsch3: SECURE_BOOT: Define CONFIG_SYS_LS_PPA_ESBC_ADDR for LS2080AUdit Agarwal
Add header address for PPA to be validated during ESBC phase for LS2080A platform based on Layescape Chasis 3. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-03-14LS1021ATWR: Modify u-boot size for sd secure bootVinitha Pillai
Raw uboot image is used in place of FIT image in secure boot. The maximum allocated size of raw u-boot bin is 1MB in memory map. Hence , CONFIG_SYS_MONITOR_LEN has been modified to 1 MB. The bootscript (BS_ADDR) and its header (BS_HDR_ADDR) offset on MMC have also been modified to accommodate the increase in uboot size. Signed-off-by: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com> Reviewed-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-03-09Freescale/NXP: Migrate CONFIG_FSL_CAAM to defconfigsTom Rini
In some cases this is absolutely required, so select this for some secure features. This also requires migration of RSA_FREESCALE_EXP Cc: Ruchika Gupta <ruchika.gupta@nxp.com> Cc: Poonam Aggrwal <poonam.aggrwal@freescale.com> Cc: Naveen Burmi <NaveenBurmi@freescale.com> Cc: Po Liu <po.liu@freescale.com> Cc: Shengzhou Liu <Shengzhou.Liu@freescale.com> Cc: Priyanka Jain <Priyanka.Jain@freescale.com> Cc: Sumit Garg <sumit.garg@nxp.com> Cc: Shaohui Xie <Shaohui.Xie@freescale.com> Cc: Chunhe Lan <Chunhe.Lan@freescale.com> Cc: Feng Li <feng.li_2@nxp.com> Cc: Alison Wang <alison.wang@freescale.com> Cc: Mingkai Hu <Mingkai.Hu@freescale.com> Cc: York Sun <york.sun@nxp.com> Cc: Saksham Jain <saksham.jain@nxp.freescale.com> Cc: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com> Signed-off-by: Tom Rini <trini@konsulko.com>
2017-01-24NXP: Introduce board/freescale/common/Kconfig and migrate CHAIN_OF_TRUSTTom Rini
Introduce board/freescale/common/Kconfig so that we have a single place for CONFIG options that are shared between ARM and PowerPC NXP platforms. Cc: York Sun <york.sun@nxp.com> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-01-18SECURE_BOOT: Update bootscript and its hdr addressesUdit Agarwal
Update bootscript and its hdr addresses for Layerscape Chasis 3 based platforms instead of individual SoCs. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-09-26Merge git://git.denx.de/u-boot-fsl-qoriqTom Rini
trini: Drop local memset() from examples/standalone/mem_to_mem_idma2intr.c Signed-off-by: Tom Rini <trini@konsulko.com>
2016-09-16Convert CONFIG_SPL_DRIVERS_MISC_SUPPORT to KconfigSimon Glass
Move this option to Kconfig and tidy up existing uses. Signed-off-by: Simon Glass <sjg@chromium.org>
2016-09-16Convert CONFIG_SPL_HASH_SUPPORT to KconfigSimon Glass
Move this option to Kconfig and tidy up existing uses. Signed-off-by: Simon Glass <sjg@chromium.org>
2016-09-16Convert CONFIG_SPL_CRYPTO_SUPPORT to KconfigSimon Glass
Move this option to Kconfig and tidy up existing uses. Signed-off-by: Simon Glass <sjg@chromium.org>
2016-09-16Move existing use of CONFIG_SPL_RSA to KconfigSimon Glass
A few boards define this in a header file which is incorrect. It means that Kconfig options that rely on this cannot be used. Move it. Signed-off-by: Simon Glass <sjg@chromium.org>
2016-09-16Move existing use of CONFIG_SPL_DM to KconfigSimon Glass
A few boards define this in a header file which is incorrect. It means that Kconfig options that rely on this cannot be used. Move it. Note that quite a few boards defined this options but do not appear to actually use SPL: BSC9132QDS_NOR_DDRCLK100_SECURE BSC9132QDS_NOR_DDRCLK133_SECURE BSC9132QDS_SDCARD_DDRCLK100_SECURE BSC9132QDS_SDCARD_DDRCLK133_SECURE BSC9132QDS_SPIFLASH_DDRCLK100_SECURE BSC9132QDS_SPIFLASH_DDRCLK133_SECURE C29XPCIE_NOR_SECBOOT P1010RDB-PA_36BIT_NAND_SECBOOT P1010RDB-PA_36BIT_SPIFLASH_SECBOOT P1010RDB-PA_NAND_SECBOOT P1010RDB-PA_NOR_SECBOOT P1010RDB-PB_36BIT_NOR_SECBOOT P1010RDB-PB_36BIT_SPIFLASH_SECBOOT P1010RDB-PB_NAND_SECBOOT P1010RDB-PB_NOR_SECBOOT P3041DS_SECURE_BOOT P4080DS_SECURE_BOOT P5020DS_NAND_SECURE_BOOT P5040DS_SECURE_BOOT T1023RDB_SECURE_BOOT T1024QDS_DDR4_SECURE_BOOT T1024QDS_SECURE_BOOT T1024RDB_SECURE_BOOT T1040RDB_SECURE_BOOT T1042D4RDB_SECURE_BOOT T1042RDB_SECURE_BOOT T2080QDS_SECURE_BOOT T2080RDB_SECURE_BOOT T4160QDS_SECURE_BOOT T4240QDS_SECURE_BOOT ls1021aqds_nor_SECURE_BOOT ls1021atwr_nor_SECURE_BOOT ls1043ardb_SECURE_BOOT For these boards CONFIG_SPL_DM will no-longer be defined in SPL. But since they apparently don't have an SPL, this should not matter. Signed-off-by: Simon Glass <sjg@chromium.org>
2016-09-16arm: fsl: Adjust ordering of #ifndef CONFIG_SPL_BUILDSimon Glass
The secure boot header files incorrectly define SPL options only if CONFIG_SPL_BUILD is defined. This means that the options are only enabled in an SPL build, and not with a normal 'make xxx_defconfig'. This means that moveconfig.py cannot work, since it sees the options as disabled even when they may be manually enabled in an SPL build. Fix this by changing the order. Signed-off-by: Simon Glass <sjg@chromium.org>
2016-09-14ls1043ardb: PPA: add PPA validation in case of secure bootSumit Garg
As part of Secure Boot Chain of trust, PPA image must be validated before the image is started. The code for the same has been added. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-07-26SECURE_BOOT: Enable SD as a source for bootscriptSumit Garg
Add support for reading bootscript and bootscript header from SD. Also renamed macros *_FLASH to *_DEVICE to represent SD alongwith NAND and NOR flash. Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <york.sun@nxp.com>
2016-07-26SECURE_BOOT: Enable chain of trust in SPL frameworkSumit Garg
Override jump_to_image_no_args function to include validation of u-boot image using spl_validate_uboot before jumping to u-boot image. Also define macros in SPL framework to enable crypto operations. Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <york.sun@nxp.com>
2016-04-06armv8: LS2080A: Consolidate LS2080A and LS2085AYork Sun
LS2080A is the primary SoC, and LS2085A is a personality with AIOP and DPAA DDR. The RDB and QDS boards support both personality. By detecting the SVR at runtime, a single image per board can support both SoCs. It gives users flexibility to swtich SoC without the need to reprogram the board. Signed-off-by: York Sun <york.sun@nxp.com> CC: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com> Reviewed-by: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>
2016-03-29armv8: ls2080: Change env variable "fdt_high"Saksham Jain
"fdt_high" env variable was set to 0xcfffffff for secure boot. Change it to 0xa0000000 for LS2080 to be consistent with non-secure boot targets. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-29armv8: fsl-lsch3: Copy Bootscript and header from NOR to DDRSaksham Jain
To unify steps for secure boot for xip (eg. NOR) and non-xip memories (eg. NAND, SD), bootscipts and its header are copied to main memory. Validation and execution are performed from there. For other ARM Platforms (ls1043 and ls1020), to avoid disruption of existing users, this copy step is not used for NOR boot. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-29armv8: ls2080: Add bootscript header addr for secure bootSaksham Jain
During secure boot, Linux image along with other images are validated using bootscript. This bootscript also needs to be validated before it executes. This requires a header for bootscript. When secure boot is enabled, default bootcmd is changed to first validate bootscript using the header and then execute the script. For ls2080, NOR memory map is different from other ARM SoCs. So a new address on NOR is used for this bootscript header (0x583920000). The Bootscript address is mentioned in this header along with addresses of other images. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-29armv8: ls2080rdb: ls2080qds: Add secure boot supportSaksham Jain
Sec_init has been called at the beginning to initialize SEC Block (CAAM) which is used by secure boot validation later for both ls2080a qds and rdb. 64-bit address in ESBC Header has been enabled. Secure boot defconfigs are created for boards (NOR boot). Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-29armv8: fsl-lsch3: Add new header for secure bootSaksham Jain
For secure boot, a header is used to identify key table, signature and image address. A new header structure is added for lsch3. Currently key extension (IE) feature is not supported. Single key feature is not supported. Keys must be in table format. Hence, SRK (key table) must be present. Max key number has increase from 4 to 8. The 8th key is irrevocable. A new barker Code is used. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-14Kconfig: Move CONFIG_FIT and related options to KconfigSimon Glass
There are already two FIT options in Kconfig but the CONFIG options are still in the header files. We need to do a proper move to fix this. Move these options to Kconfig and tidy up board configuration: CONFIG_FIT CONFIG_OF_BOARD_SETUP CONFIG_OF_SYSTEM_SETUP CONFIG_FIT_SIGNATURE CONFIG_FIT_BEST_MATCH CONFIG_FIT_VERBOSE CONFIG_OF_STDOUT_VIA_ALIAS CONFIG_RSA Unfortunately the first one is a little complicated. We need to make sure this option is not enabled in SPL by this change. Also this option is enabled automatically in the host builds by defining CONFIG_FIT in the image.h file. To solve this, add a new IMAGE_USE_FIT #define which can be used in files that are built on the host but must also build for U-Boot and SPL. Note: Masahiro's moveconfig.py script is amazing. Signed-off-by: Simon Glass <sjg@chromium.org> [trini: Add microblaze change, various configs/ re-applies] Signed-off-by: Tom Rini <trini@konsulko.com>
2016-03-14freescale: Remove CONFIG_DM from header filesSimon Glass
Kconfig options must defined in the defconfig files. Since RSA_SOFTWARE_EXP relies on CONFIG_DM, unless it is set in kconfig we cannot enable RSA. Remove the hacks which enable CONFIG_DM in header files and update the defconfig. Signed-off-by: Simon Glass <sjg@chromium.org>
2016-01-27secure_boot: split the secure boot functionality in two partsAneesh Bansal
There are two phases in Secure Boot 1. ISBC: In BootROM, validate the BootLoader (U-Boot). 2. ESBC: In U-Boot, continuing the Chain of Trust by validating and booting LINUX. For ESBC phase, there is no difference in SoC's based on ARM or PowerPC cores. But the exit conditions after ISBC phase i.e. entry conditions for U-Boot are different for ARM and PowerPC. PowerPC: If Secure Boot is executed, a separate U-Boot target is required which must be compiled with a diffrent Text Base as compared to Non-Secure Boot. There are some LAW and TLB settings which are required specifically for Secure Boot scenario. ARM: ARM based SoC's have a fixed memory map and exit conditions from BootROM are same irrespective of boot mode (Secure or Non-Secure). Thus the current Secure Boot functionlity has been split into two parts: CONFIG_CHAIN_OF_TRUST This will have the following functionality as part of U-Boot: 1. Enable commands like esbc_validate, esbc_halt 2. Change the environment settings based on bootmode, determined at run time: - If bootmode is non-secure, no change - If bootmode is secure, set the following: - bootdelay = 0 (Don't give boot prompt) - bootcmd = Validate and execute the bootscript. CONFIG_SECURE_BOOT This is defined only for creating a different compile time target for secure boot. Traditionally, both these functionalities were defined under CONFIG_SECURE_BOOT. This patch is aimed at removing the requirement for a separate Secure Boot target for ARM based SoC's. CONFIG_CHAIN_OF_TRUST will be defined and boot mode will be determine at run time. Another Security Requirement for running CHAIN_OF_TRUST is that U-Boot environemnt must not be picked from flash/external memory. This cannot be done based on bootmode at run time in current U-Boot architecture. Once this dependency is resolved, no separate SECURE_BOOT target will be required for ARM based SoC's. Currently, the only code under CONFIG_SECURE_BOOT for ARM SoC's is defining CONFIG_ENV_IS_NOWHERE Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-27secure_boot: include/configs: move definition of CONFIG_CMD_BLOBAneesh Bansal
CONFIG_CMD_BLOB must be defined in case of Secure Boot. It was earlier defined in all config files. The definition has been moved to a common file which is included by all configs. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-27secure_boot: include/configs: make secure boot header file uniformAneesh Bansal
The file fsl_secure_boot.h must be included in config file for Secure Boot. This is not required to be protected by any macro. CONFIG_FSL_CAAM must be defined and CONFIG_CMD_HASH should be turned on. The above was missing in some config files and all files have been made uniform in this respect. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2015-12-15armv8/ls1043ardb: add SECURE BOOT target for NORAneesh Bansal
LS1043ARDB Secure Boot Target from NOR has been added. - Configs defined to enable esbc_validate. - ESBC Address in header is made 64 bit. - SMMU is re-configured in Bypass mode. Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-09-01SECURE_BOOT: Disable IE Key feature for RAMBOOTAneesh Bansal
ISBC Key Extension feature is not applicable for RAMBOOT as there is no way to retrieve the CSF Header and validated IE Key table from SRAM once CPC has been disabled. The feature is only applicable in case of NOR SECURE BOOT. Code Cleanup: The SECURE_BOOT specific defines have been moved from arch-ls102xa/config.h to arm/include/asm/fsl_secure_boot.h Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-04-21Add bootscript support to esbc_validate.gaurav rana
1. Default environment will be used for secure boot flow which can't be edited or saved. 2. Command for secure boot is predefined in the default environment which will run on autoboot (and autoboot is the only option allowed in case of secure boot) and it looks like this: #define CONFIG_SECBOOT \ "setenv bs_hdraddr 0xe8e00000;" \ "esbc_validate $bs_hdraddr;" \ "source $img_addr;" \ "esbc_halt;" #endif 3. Boot Script can contain esbc_validate commands and bootm command. Uboot source command used in default secure boot command will run the bootscript. 4. Command esbc_halt added to ensure either bootm executes after validation of images or core should just spin. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>