From: Aneesh Bansal Date: Tue, 16 Jun 2015 05:06:00 +0000 (+0530) Subject: powerpc/mpc85xx: SECURE BOOT- NAND secure boot target for P3041 X-Git-Tag: v2025.01-rc5-pxa1908~12417^2~6 X-Git-Url: http://git.dujemihanovic.xyz/posts?a=commitdiff_plain;h=467a40dfe35f48d830f01a72617207d03ca85b4d;p=u-boot.git powerpc/mpc85xx: SECURE BOOT- NAND secure boot target for P3041 Secure Boot Target is added for NAND for P3041. For mpc85xx SoCs, the core begins execution from address 0xFFFFFFFC. In case of secure boot, this default address maps to Boot ROM. The Boot ROM code requires that the bootloader(U-boot) must lie in 0 to 3.5G address space i.e. 0x0 - 0xDFFFFFFF. In case of NAND Secure Boot, CONFIG_SYS_RAMBOOT is enabled and CPC is configured as SRAM. U-Boot binary will be located on SRAM configured at address 0xBFF00000. In the U-Boot code, TLB entries are created to map the virtual address 0xFFF00000 to physical address 0xBFF00000 of CPC configured as SRAM. Signed-off-by: Saksham Jain Signed-off-by: Ruchika Gupta Signed-off-by: Aneesh Bansal Reviewed-by: York Sun --- diff --git a/Makefile b/Makefile index 54ef2cd1a0..a95d0e3386 100644 --- a/Makefile +++ b/Makefile @@ -738,8 +738,12 @@ ALL-$(CONFIG_ONENAND_U_BOOT) += u-boot-onenand.bin ifeq ($(CONFIG_SPL_FSL_PBL),y) ALL-$(CONFIG_RAMBOOT_PBL) += u-boot-with-spl-pbl.bin else +ifneq ($(CONFIG_SECURE_BOOT), y) +# For Secure Boot The Image needs to be signed and Header must also +# be included. So The image has to be built explicitly ALL-$(CONFIG_RAMBOOT_PBL) += u-boot.pbl endif +endif ALL-$(CONFIG_SPL) += spl/u-boot-spl.bin ALL-$(CONFIG_SPL_FRAMEWORK) += u-boot.img ALL-$(CONFIG_TPL) += tpl/u-boot-tpl.bin diff --git a/arch/powerpc/cpu/mpc85xx/start.S b/arch/powerpc/cpu/mpc85xx/start.S index e61d8e0fc2..a70fb711c7 100644 --- a/arch/powerpc/cpu/mpc85xx/start.S +++ b/arch/powerpc/cpu/mpc85xx/start.S @@ -1052,6 +1052,17 @@ create_init_ram_area: CONFIG_SYS_MONITOR_BASE & 0xfff00000, MAS2_I|MAS2_G, \ CONFIG_SYS_PBI_FLASH_WINDOW & 0xfff00000, MAS3_SX|MAS3_SW|MAS3_SR, \ 0, r6 + +#elif defined(CONFIG_RAMBOOT_PBL) && defined(CONFIG_SECURE_BOOT) + /* create a temp mapping in AS = 1 for mapping CONFIG_SYS_MONITOR_BASE + * to L3 Address configured by PBL for ISBC code + */ + create_tlb1_entry 15, \ + 1, BOOKE_PAGESZ_1M, \ + CONFIG_SYS_MONITOR_BASE & 0xfff00000, MAS2_I|MAS2_G, \ + CONFIG_SYS_INIT_L3_ADDR & 0xfff00000, MAS3_SX|MAS3_SW|MAS3_SR, \ + 0, r6 + #else /* * create a temp mapping in AS=1 to the 1M CONFIG_SYS_MONITOR_BASE space, the main diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h index 7810ae2147..442853c239 100644 --- a/arch/powerpc/include/asm/fsl_secure_boot.h +++ b/arch/powerpc/include/asm/fsl_secure_boot.h @@ -48,6 +48,11 @@ #define CONFIG_SYS_INIT_L3_ADDR 0xbff00000 #endif +#if defined(CONFIG_RAMBOOT_PBL) +#undef CONFIG_SYS_INIT_L3_ADDR +#define CONFIG_SYS_INIT_L3_ADDR 0xbff00000 +#endif + #if defined(CONFIG_C29XPCIE) #define CONFIG_KEY_REVOCATION #endif diff --git a/board/freescale/common/p_corenet/tlb.c b/board/freescale/common/p_corenet/tlb.c index 8148e46efa..56e4f63348 100644 --- a/board/freescale/common/p_corenet/tlb.c +++ b/board/freescale/common/p_corenet/tlb.c @@ -43,6 +43,8 @@ struct fsl_e_tlb_entry tlb_table[] = { /* TLB 1 */ /* *I*** - Covers boot page */ #if defined(CONFIG_SYS_RAMBOOT) && defined(CONFIG_SYS_INIT_L3_ADDR) + +#if !defined(CONFIG_SECURE_BOOT) /* * *I*G - L3SRAM. When L3 is used as 1M SRAM, the address of the * SRAM is at 0xfff00000, it covered the 0xfffff000. @@ -50,6 +52,19 @@ struct fsl_e_tlb_entry tlb_table[] = { SET_TLB_ENTRY(1, CONFIG_SYS_INIT_L3_ADDR, CONFIG_SYS_INIT_L3_ADDR, MAS3_SX|MAS3_SW|MAS3_SR, MAS2_I|MAS2_G, 0, 0, BOOKE_PAGESZ_1M, 1), +#else + /* + * *I*G - L3SRAM. When L3 is used as 1M SRAM, in case of Secure Boot + * the physical address of the SRAM is at CONFIG_SYS_INIT_L3_ADDR, + * and virtual address is CONFIG_SYS_MONITOR_BASE + */ + + SET_TLB_ENTRY(1, CONFIG_SYS_MONITOR_BASE & 0xfff00000, + CONFIG_SYS_INIT_L3_ADDR & 0xfff00000, + MAS3_SX|MAS3_SW|MAS3_SR, MAS2_I|MAS2_G, + 0, 0, BOOKE_PAGESZ_1M, 1), +#endif + #elif defined(CONFIG_SRIO_PCIE_BOOT_SLAVE) /* * SRIO_PCIE_BOOT-SLAVE. When slave boot, the address of the diff --git a/board/freescale/corenet_ds/MAINTAINERS b/board/freescale/corenet_ds/MAINTAINERS index 745847cdba..6855446ca8 100644 --- a/board/freescale/corenet_ds/MAINTAINERS +++ b/board/freescale/corenet_ds/MAINTAINERS @@ -28,3 +28,8 @@ F: configs/P5040DS_NAND_defconfig F: configs/P5040DS_SDCARD_defconfig F: configs/P5040DS_SPIFLASH_defconfig F: configs/P5040DS_SECURE_BOOT_defconfig + +CORENET_DS_SECURE_BOOT BOARD +M: Aneesh Bansal +S: Maintained +F: configs/P3041DS_NAND_SECURE_BOOT_defconfig diff --git a/configs/P3041DS_NAND_SECURE_BOOT_defconfig b/configs/P3041DS_NAND_SECURE_BOOT_defconfig new file mode 100644 index 0000000000..2f18bc1777 --- /dev/null +++ b/configs/P3041DS_NAND_SECURE_BOOT_defconfig @@ -0,0 +1,5 @@ +CONFIG_SYS_EXTRA_OPTIONS="RAMBOOT_PBL,NAND,SECURE_BOOT,SYS_TEXT_BASE=0xFFF40000" +CONFIG_PPC=y +CONFIG_MPC85xx=y +CONFIG_TARGET_P3041DS=y +CONFIG_SPI_FLASH=y diff --git a/include/configs/corenet_ds.h b/include/configs/corenet_ds.h index 88750e057e..7c8b73d06c 100644 --- a/include/configs/corenet_ds.h +++ b/include/configs/corenet_ds.h @@ -16,6 +16,13 @@ #include "../board/freescale/common/ics307_clk.h" #ifdef CONFIG_RAMBOOT_PBL +#ifdef CONFIG_SECURE_BOOT +#define CONFIG_RAMBOOT_TEXT_BASE CONFIG_SYS_TEXT_BASE +#define CONFIG_RESET_VECTOR_ADDRESS 0xfffffffc +#ifdef CONFIG_NAND +#define CONFIG_RAMBOOT_NAND +#endif +#else #define CONFIG_RAMBOOT_TEXT_BASE CONFIG_SYS_TEXT_BASE #define CONFIG_RESET_VECTOR_ADDRESS 0xfffffffc #define CONFIG_SYS_FSL_PBL_PBI board/freescale/corenet_ds/pbi.cfg @@ -29,6 +36,7 @@ #define CONFIG_SYS_FSL_PBL_RCW board/freescale/corenet_ds/rcw_p5040ds.cfg #endif #endif +#endif #ifdef CONFIG_SRIO_PCIE_BOOT_SLAVE /* Set 1M boot space */