From a8c6fd4ec11a3bd9cfd3bdb6350686d497158d62 Mon Sep 17 00:00:00 2001 From: Udit Agarwal Date: Fri, 3 Feb 2017 22:53:38 +0530 Subject: armv8: LS2080A: Move sec_init to board_init Moves sec_init to board_init rather than in misc_init function beacuse PPA will be initialised in board_init function and for PPA validation sec_init has to be done prior to PPA init. Signed-off-by: Sumit Garg Signed-off-by: Udit Agarwal Reviewed-by: York Sun --- board/freescale/ls2080aqds/ls2080aqds.c | 6 +++--- board/freescale/ls2080ardb/ls2080ardb.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'board/freescale') diff --git a/board/freescale/ls2080aqds/ls2080aqds.c b/board/freescale/ls2080aqds/ls2080aqds.c index 277013bfcc..e1de799ee5 100644 --- a/board/freescale/ls2080aqds/ls2080aqds.c +++ b/board/freescale/ls2080aqds/ls2080aqds.c @@ -224,6 +224,9 @@ int board_init(void) #endif select_i2c_ch_pca9547(I2C_MUX_CH_DEFAULT); rtc_enable_32khz_output(); +#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif return 0; } @@ -266,9 +269,6 @@ void detail_board_ddr_info(void) #if defined(CONFIG_ARCH_MISC_INIT) int arch_misc_init(void) { -#ifdef CONFIG_FSL_CAAM - sec_init(); -#endif return 0; } #endif diff --git a/board/freescale/ls2080ardb/ls2080ardb.c b/board/freescale/ls2080ardb/ls2080ardb.c index 4c01f560bc..6d410c05e9 100644 --- a/board/freescale/ls2080ardb/ls2080ardb.c +++ b/board/freescale/ls2080ardb/ls2080ardb.c @@ -185,6 +185,9 @@ int board_init(void) /* invert AQR405 IRQ pins polarity */ out_le32(irq_ccsr + IRQCR_OFFSET / 4, AQR405_IRQ_MASK); #endif +#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif return 0; } @@ -223,9 +226,6 @@ void detail_board_ddr_info(void) #if defined(CONFIG_ARCH_MISC_INIT) int arch_misc_init(void) { -#ifdef CONFIG_FSL_CAAM - sec_init(); -#endif return 0; } #endif -- cgit From 9e052d975058cd01c1421c4beb9ddd387dd525da Mon Sep 17 00:00:00 2001 From: Hou Zhiqiang Date: Mon, 6 Feb 2017 11:27:27 +0800 Subject: fsl-layerscape/ppa: cleanup ppa.h Moved the ifdef into ppa.h and removed the duplicated macros. Signed-off-by: Hou Zhiqiang Reviewed-by: York Sun --- board/freescale/ls1043ardb/ls1043ardb.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'board/freescale') diff --git a/board/freescale/ls1043ardb/ls1043ardb.c b/board/freescale/ls1043ardb/ls1043ardb.c index 2333843958..728de2e3f1 100644 --- a/board/freescale/ls1043ardb/ls1043ardb.c +++ b/board/freescale/ls1043ardb/ls1043ardb.c @@ -23,9 +23,7 @@ #ifdef CONFIG_U_QE #include #endif -#ifdef CONFIG_FSL_LS_PPA #include -#endif DECLARE_GLOBAL_DATA_PTR; -- cgit From ac55dadb1cb6a350604affd84e19006984933fa0 Mon Sep 17 00:00:00 2001 From: Udit Agarwal Date: Thu, 9 Feb 2017 21:36:11 +0530 Subject: fsl: Secure Boot: Enable IE (Key extention) Feature For validating images from uboot (Such as Kernel Image), either keys from SoC fuses can be used or keys from a verified table of public keys can be used. The latter feature is called IE Key Extension Feature. For Layerscape Chasis 3 based platforms, IE table is validated by Bootrom and address of this table is written in scratch registers 13 and 14 via PBI commands. Following are the steps describing usage of this feature: 1) Verify IE Table in ISBC phase using keys stored in fuses. 2) Install IE table. (To be used across verification of multiple images stored in a static global structure.) 3) Use keys from IE table, to verify further images. Signed-off-by: Aneesh Bansal Signed-off-by: Saksham Jain Signed-off-by: Udit Agarwal Reviewed-by: York Sun --- board/freescale/common/fsl_validate.c | 88 ++++++++++++++++++++++++++++------- 1 file changed, 72 insertions(+), 16 deletions(-) (limited to 'board/freescale') diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c index 2b723a4b9c..7396aa2f69 100644 --- a/board/freescale/common/fsl_validate.c +++ b/board/freescale/common/fsl_validate.c @@ -27,6 +27,10 @@ #define CHECK_KEY_LEN(key_len) (((key_len) == 2 * KEY_SIZE_BYTES / 4) || \ ((key_len) == 2 * KEY_SIZE_BYTES / 2) || \ ((key_len) == 2 * KEY_SIZE_BYTES)) +#if defined(CONFIG_FSL_ISBC_KEY_EXT) +/* Global data structure */ +static struct fsl_secboot_glb glb; +#endif /* This array contains DER value for SHA-256 */ static const u8 hash_identifier[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, @@ -60,7 +64,7 @@ self: #if defined(CONFIG_FSL_ISBC_KEY_EXT) static u32 check_ie(struct fsl_secboot_img_priv *img) { - if (img->hdr.ie_flag) + if (img->hdr.ie_flag & IE_FLAG_MASK) return 1; return 0; @@ -119,7 +123,21 @@ int get_csf_base_addr(u32 *csf_addr, u32 *flash_base_addr) } #endif -static int get_ie_info_addr(u32 *ie_addr) +#if defined(CONFIG_ESBC_HDR_LS) +static int get_ie_info_addr(uintptr_t *ie_addr) +{ + struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR); + /* For LS-CH3, the address of IE Table is + * stated in Scratch13 and scratch14 of DCFG. + * Bootrom validates this table while validating uboot. + * DCFG is LE*/ + *ie_addr = in_le32(&gur->scratchrw[SCRATCH_IE_HIGH_ADR - 1]); + *ie_addr = *ie_addr << 32; + *ie_addr |= in_le32(&gur->scratchrw[SCRATCH_IE_LOW_ADR - 1]); + return 0; +} +#else /* CONFIG_ESBC_HDR_LS */ +static int get_ie_info_addr(uintptr_t *ie_addr) { struct fsl_secboot_img_hdr *hdr; struct fsl_secboot_sg_table *sg_tbl; @@ -147,16 +165,17 @@ static int get_ie_info_addr(u32 *ie_addr) /* IE Key Table is the first entry in the SG Table */ #if defined(CONFIG_MPC85xx) - *ie_addr = (sg_tbl->src_addr & ~(CONFIG_SYS_PBI_FLASH_BASE)) + - flash_base_addr; + *ie_addr = (uintptr_t)((sg_tbl->src_addr & + ~(CONFIG_SYS_PBI_FLASH_BASE)) + + flash_base_addr); #else - *ie_addr = sg_tbl->src_addr; + *ie_addr = (uintptr_t)sg_tbl->src_addr; #endif - debug("IE Table address is %x\n", *ie_addr); + debug("IE Table address is %lx\n", *ie_addr); return 0; } - +#endif /* CONFIG_ESBC_HDR_LS */ #endif #ifdef CONFIG_KEY_REVOCATION @@ -164,7 +183,10 @@ static int get_ie_info_addr(u32 *ie_addr) static u32 check_srk(struct fsl_secboot_img_priv *img) { #ifdef CONFIG_ESBC_HDR_LS - /* In LS, No SRK Flag as SRK is always present*/ + /* In LS, No SRK Flag as SRK is always present if IE not present*/ +#if defined(CONFIG_FSL_ISBC_KEY_EXT) + return !check_ie(img); +#endif return 1; #else if (img->hdr.len_kr.srk_table_flag & SRK_FLAG) @@ -253,14 +275,29 @@ static u32 read_validate_single_key(struct fsl_secboot_img_priv *img) #endif /* CONFIG_ESBC_HDR_LS */ #if defined(CONFIG_FSL_ISBC_KEY_EXT) + +static void install_ie_tbl(uintptr_t ie_tbl_addr, + struct fsl_secboot_img_priv *img) +{ + /* Copy IE tbl to Global Data */ + memcpy(&glb.ie_tbl, (u8 *)ie_tbl_addr, sizeof(struct ie_key_info)); + img->ie_addr = (uintptr_t)&glb.ie_tbl; + glb.ie_addr = img->ie_addr; +} + static u32 read_validate_ie_tbl(struct fsl_secboot_img_priv *img) { struct fsl_secboot_img_hdr *hdr = &img->hdr; u32 ie_key_len, ie_revoc_flag, ie_num; struct ie_key_info *ie_info; - if (get_ie_info_addr(&img->ie_addr)) - return ERROR_IE_TABLE_NOT_FOUND; + if (!img->ie_addr) { + if (get_ie_info_addr(&img->ie_addr)) + return ERROR_IE_TABLE_NOT_FOUND; + else + install_ie_tbl(img->ie_addr, img); + } + ie_info = (struct ie_key_info *)(uintptr_t)img->ie_addr; if (ie_info->num_keys == 0 || ie_info->num_keys > 32) return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY; @@ -786,6 +823,26 @@ static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img) return 0; } +/* Function to initialize img priv and global data structure + */ +static int secboot_init(struct fsl_secboot_img_priv **img_ptr) +{ + *img_ptr = malloc(sizeof(struct fsl_secboot_img_priv)); + + struct fsl_secboot_img_priv *img = *img_ptr; + + if (!img) + return -ENOMEM; + memset(img, 0, sizeof(struct fsl_secboot_img_priv)); + +#if defined(CONFIG_FSL_ISBC_KEY_EXT) + if (glb.ie_addr) + img->ie_addr = glb.ie_addr; +#endif + return 0; +} + + /* haddr - Address of the header of image to be validated. * arg_hash_str - Option hash string. If provided, this * overrides the key hash in the SFP fuses. @@ -839,12 +896,9 @@ int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, hash_cmd = 1; } - img = malloc(sizeof(struct fsl_secboot_img_priv)); - - if (!img) - return -1; - - memset(img, 0, sizeof(struct fsl_secboot_img_priv)); + ret = secboot_init(&img); + if (ret) + goto exit; /* Update the information in Private Struct */ hdr = &img->hdr; @@ -899,5 +953,7 @@ int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, } exit: + /* Free Img as it was malloc'ed*/ + free(img); return ret; } -- cgit From 54ad7b5ab8ad4e5577e79f782582d1d0f79b4659 Mon Sep 17 00:00:00 2001 From: Santan Kumar Date: Tue, 7 Mar 2017 11:21:03 +0530 Subject: board: freescale: ls2080a/ls2088a: Enable PPA Enable PPA on LS2080A, LS2088A boards: -LS2080ARDB, LS2080AQDS -LS2088ARDB, LS2088AQDS Signed-off-by: Santan Kumar Signed-off-by: Abhimanyu Saini Signed-off-by: Priyanka Jain Reviewed-by: York Sun --- board/freescale/ls2080aqds/ls2080aqds.c | 7 +++++++ board/freescale/ls2080ardb/ls2080ardb.c | 5 +++++ 2 files changed, 12 insertions(+) (limited to 'board/freescale') diff --git a/board/freescale/ls2080aqds/ls2080aqds.c b/board/freescale/ls2080aqds/ls2080aqds.c index e1de799ee5..6da9c6cfe8 100644 --- a/board/freescale/ls2080aqds/ls2080aqds.c +++ b/board/freescale/ls2080aqds/ls2080aqds.c @@ -19,6 +19,8 @@ #include #include #include +#include + #include "../common/qixis.h" #include "ls2080aqds_qixis.h" @@ -224,6 +226,11 @@ int board_init(void) #endif select_i2c_ch_pca9547(I2C_MUX_CH_DEFAULT); rtc_enable_32khz_output(); + +#ifdef CONFIG_FSL_LS_PPA + ppa_init(); +#endif + #ifdef CONFIG_FSL_CAAM sec_init(); #endif diff --git a/board/freescale/ls2080ardb/ls2080ardb.c b/board/freescale/ls2080ardb/ls2080ardb.c index 6d410c05e9..ea05ec6f65 100644 --- a/board/freescale/ls2080ardb/ls2080ardb.c +++ b/board/freescale/ls2080ardb/ls2080ardb.c @@ -19,6 +19,7 @@ #include #include #include +#include #include #include "../common/qixis.h" @@ -181,6 +182,10 @@ int board_init(void) QIXIS_WRITE(rst_ctl, QIXIS_RST_CTL_RESET_EN); +#ifdef CONFIG_FSL_LS_PPA + ppa_init(); +#endif + #ifdef CONFIG_FSL_MC_ENET /* invert AQR405 IRQ pins polarity */ out_le32(irq_ccsr + IRQCR_OFFSET / 4, AQR405_IRQ_MASK); -- cgit