From: gaurav rana Date: Fri, 27 Feb 2015 04:16:17 +0000 (+0530) Subject: SECURE_BOOT : enable esbc_validate command for powerpc and arm platforms. X-Git-Tag: v2025.01-rc5-pxa1908~13643^2 X-Git-Url: http://git.dujemihanovic.xyz/img/html/static/gitweb.css?a=commitdiff_plain;h=e04916a721a2069fc770412c57974d02e153ad18;p=u-boot.git SECURE_BOOT : enable esbc_validate command for powerpc and arm platforms. esbc_validate command uses various IP Blocks: Security Monitor, CAAM block and SFP registers. Hence the respective CONFIG's are enabled. Apart from these CONFIG_SHA_PROG_HW_ACCEL and CONFIG_RSA are also enabled. Signed-off-by: Gaurav Rana Reviewed-by: York Sun --- diff --git a/arch/arm/include/asm/arch-ls102xa/config.h b/arch/arm/include/asm/arch-ls102xa/config.h index 3b6a1696d8..6561ce644e 100644 --- a/arch/arm/include/asm/arch-ls102xa/config.h +++ b/arch/arm/include/asm/arch-ls102xa/config.h @@ -27,6 +27,8 @@ #define CONFIG_SYS_FSL_SCFG_ADDR (CONFIG_SYS_IMMR + 0x00570000) #define CONFIG_SYS_FSL_SEC_ADDR (CONFIG_SYS_IMMR + 0x700000) #define CONFIG_SYS_FSL_JR0_ADDR (CONFIG_SYS_IMMR + 0x710000) +#define CONFIG_SYS_SEC_MON_ADDR (CONFIG_SYS_IMMR + 0x00e90000) +#define CONFIG_SYS_SFP_ADDR (CONFIG_SYS_IMMR + 0x00e80200) #define CONFIG_SYS_FSL_SERDES_ADDR (CONFIG_SYS_IMMR + 0x00ea0000) #define CONFIG_SYS_FSL_GUTS_ADDR (CONFIG_SYS_IMMR + 0x00ee0000) #define CONFIG_SYS_FSL_LS1_CLK_ADDR (CONFIG_SYS_IMMR + 0x00ee1000) @@ -95,7 +97,25 @@ #define CONFIG_SYS_FSL_DSPI_BE #define CONFIG_SYS_FSL_QSPI_BE #define CONFIG_SYS_FSL_DCU_BE +#define CONFIG_SYS_FSL_SEC_MON_LE #define CONFIG_SYS_FSL_SEC_LE +#define CONFIG_SYS_FSL_SFP_VER_3_2 +#define CONFIG_SYS_FSL_SFP_BE +#define CONFIG_SYS_FSL_SRK_LE +#define CONFIG_KEY_REVOCATION +#define CONFIG_FSL_ISBC_KEY_EXT + +#ifdef CONFIG_SECURE_BOOT +#define CONFIG_CMD_ESBC_VALIDATE +#define CONFIG_FSL_SEC_MON +#define CONFIG_SHA_PROG_HW_ACCEL +#define CONFIG_DM +#define CONFIG_RSA +#define CONFIG_RSA_FREESCALE_EXP +#ifndef CONFIG_FSL_CAAM +#define CONFIG_FSL_CAAM +#endif +#endif #define DCU_LAYER_MAX_NUM 16 diff --git a/arch/powerpc/include/asm/config_mpc85xx.h b/arch/powerpc/include/asm/config_mpc85xx.h index cb0f44199d..69e05923f6 100644 --- a/arch/powerpc/include/asm/config_mpc85xx.h +++ b/arch/powerpc/include/asm/config_mpc85xx.h @@ -26,6 +26,7 @@ #define CONFIG_SYS_FSL_IFC_BE #define CONFIG_SYS_FSL_SEC_BE #define CONFIG_SYS_FSL_SFP_BE +#define CONFIG_SYS_FSL_SEC_MON_BE /* Number of TLB CAM entries we have on FSL Book-E chips */ #if defined(CONFIG_E500MC) diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h index b4c0c99b39..49f6814383 100644 --- a/arch/powerpc/include/asm/fsl_secure_boot.h +++ b/arch/powerpc/include/asm/fsl_secure_boot.h @@ -6,6 +6,19 @@ #ifndef __FSL_SECURE_BOOT_H #define __FSL_SECURE_BOOT_H +#include + +#ifdef CONFIG_SECURE_BOOT +#define CONFIG_CMD_ESBC_VALIDATE +#define CONFIG_FSL_SEC_MON +#define CONFIG_SHA_PROG_HW_ACCEL +#define CONFIG_DM +#define CONFIG_RSA +#define CONFIG_RSA_FREESCALE_EXP +#ifndef CONFIG_FSL_CAAM +#define CONFIG_FSL_CAAM +#endif +#endif #ifdef CONFIG_SECURE_BOOT #if defined(CONFIG_FSL_CORENET) @@ -28,9 +41,31 @@ defined(CONFIG_PPC_T1023) || \ defined(CONFIG_PPC_T1024) #define CONFIG_SYS_CPC_REINIT_F +#define CONFIG_KEY_REVOCATION #undef CONFIG_SYS_INIT_L3_ADDR #define CONFIG_SYS_INIT_L3_ADDR 0xbff00000 #endif +#if defined(CONFIG_C29XPCIE) +#define CONFIG_KEY_REVOCATION +#endif + +#if defined(CONFIG_PPC_P3041) || \ + defined(CONFIG_PPC_P4080) || \ + defined(CONFIG_PPC_P5020) || \ + defined(CONFIG_PPC_P5040) || \ + defined(CONFIG_PPC_P2041) + #define CONFIG_FSL_TRUST_ARCH_v1 +#endif + +#if defined(CONFIG_FSL_CORENET) +/* The key used for verification of next level images + * is picked up from an Extension Table which has + * been verified by the ISBC (Internal Secure boot Code) + * in boot ROM of the SoC + */ +#define CONFIG_FSL_ISBC_KEY_EXT +#endif + #endif #endif diff --git a/arch/powerpc/include/asm/immap_85xx.h b/arch/powerpc/include/asm/immap_85xx.h index f89b90b724..0c9d85ec96 100644 --- a/arch/powerpc/include/asm/immap_85xx.h +++ b/arch/powerpc/include/asm/immap_85xx.h @@ -2883,6 +2883,7 @@ struct ccsr_pman { #define CONFIG_SYS_MPC85xx_SATA2_OFFSET 0x221000 #define CONFIG_SYS_FSL_SEC_OFFSET 0x300000 #define CONFIG_SYS_FSL_JR0_OFFSET 0x301000 +#define CONFIG_SYS_SEC_MON_OFFSET 0x314000 #define CONFIG_SYS_FSL_CORENET_PME_OFFSET 0x316000 #define CONFIG_SYS_FSL_QMAN_OFFSET 0x318000 #define CONFIG_SYS_FSL_BMAN_OFFSET 0x31a000 @@ -2950,7 +2951,7 @@ struct ccsr_pman { #endif #define CONFIG_SYS_MPC85xx_SERDES2_OFFSET 0xE3100 #define CONFIG_SYS_MPC85xx_SERDES1_OFFSET 0xE3000 -#define CONFIG_SYS_SNVS_OFFSET 0xE6000 +#define CONFIG_SYS_SEC_MON_OFFSET 0xE6000 #define CONFIG_SYS_SFP_OFFSET 0xE7000 #define CONFIG_SYS_MPC85xx_CPM_OFFSET 0x80000 #define CONFIG_SYS_FSL_QMAN_OFFSET 0x88000 @@ -3080,6 +3081,9 @@ struct ccsr_pman { #define CONFIG_SYS_SFP_ADDR \ (CONFIG_SYS_IMMR + CONFIG_SYS_SFP_OFFSET) +#define CONFIG_SYS_SEC_MON_ADDR \ + (CONFIG_SYS_IMMR + CONFIG_SYS_SEC_MON_OFFSET) + #define TSEC_BASE_ADDR (CONFIG_SYS_IMMR + CONFIG_SYS_TSEC1_OFFSET) #define MDIO_BASE_ADDR (CONFIG_SYS_IMMR + CONFIG_SYS_MDIO1_OFFSET) diff --git a/board/freescale/common/Makefile b/board/freescale/common/Makefile index 14af660087..7181cac291 100644 --- a/board/freescale/common/Makefile +++ b/board/freescale/common/Makefile @@ -72,4 +72,10 @@ obj-$(CONFIG_P5020DS) += p_corenet/ obj-$(CONFIG_P5040DS) += p_corenet/ obj-$(CONFIG_LS102XA_NS_ACCESS) += ns_access.o + +ifdef CONFIG_SECURE_BOOT +obj-y += fsl_validate.o +obj-$(CONFIG_CMD_ESBC_VALIDATE) += cmd_esbc_validate.o +endif + endif