armv8: ls2080rdb: ls2080qds: Add secure boot support

Sec_init has been called at the beginning to initialize SEC Block
(CAAM) which is used by secure boot validation later for both ls2080a
qds and rdb. 64-bit address in ESBC Header has been enabled. Secure
boot defconfigs are created for boards (NOR boot).

Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>

diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index 4eb3b156c8f1b86a3d65ac105825bf2a80392ac9..b745194c7371b056e4f60e9d8caa2d1cc2de5aaf 100644 (file)
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -18,7 +18,9 @@
 #ifdef CONFIG_CHAIN_OF_TRUST
 #define CONFIG_CMD_ESBC_VALIDATE
 #define CONFIG_CMD_BLOB
+#define CONFIG_CMD_HASH
 #define CONFIG_FSL_SEC_MON
+#define CONFIG_SHA_HW_ACCEL
 #define CONFIG_SHA_PROG_HW_ACCEL
 #define CONFIG_RSA_FREESCALE_EXP
 
@@ -42,8 +44,11 @@
 
 #endif
 
-#ifdef CONFIG_LS1043A
-/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit */
+#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A) ||\
+       defined(CONFIG_LS2085A)
+/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit
+ * Similiarly for LS2080 and LS2085
+ */
 #define CONFIG_ESBC_ADDR_64BIT
 #endif
 

diff --git a/board/freescale/ls2080aqds/MAINTAINERS b/board/freescale/ls2080aqds/MAINTAINERS
index 6f99ad0d912065662e6008a7049debcb0ad95239..558cef11905b50d4d38b63d07d3f29f90a9f7ac1 100644 (file)
--- a/board/freescale/ls2080aqds/MAINTAINERS
+++ b/board/freescale/ls2080aqds/MAINTAINERS
@@ -8,3 +8,9 @@ F:      configs/ls2080aqds_defconfig
 F:     configs/ls2080aqds_nand_defconfig
 F:     configs/ls2085aqds_defconfig
 F:     configs/ls2085aqds_nand_defconfig
+
+LS2080A_SECURE_BOOT BOARD
+M:     Saksham Jain <saksham.jain@nxp.freescale.com>
+S:     Maintained
+F:     configs/ls2080aqds_SECURE_BOOT_defconfig
+F:     configs/ls2085aqds_SECURE_BOOT_defconfig

diff --git a/board/freescale/ls2080aqds/ls2080aqds.c b/board/freescale/ls2080aqds/ls2080aqds.c
index f3925e25a318eca81f15f299f12038e4b8cce7f6..e1a521d0805c2aac5fa8d6faa3f2b0e333bf20bf 100644 (file)
--- a/board/freescale/ls2080aqds/ls2080aqds.c
+++ b/board/freescale/ls2080aqds/ls2080aqds.c
@@ -19,6 +19,7 @@
 #include <rtc.h>
 #include <asm/arch/soc.h>
 #include <hwconfig.h>
+#include <fsl_sec.h>
 
 #include "../common/qixis.h"
 #include "ls2080aqds_qixis.h"
@@ -248,7 +249,9 @@ int arch_misc_init(void)
 #ifdef CONFIG_FSL_DEBUG_SERVER
        debug_server_init();
 #endif
-
+#ifdef CONFIG_FSL_CAAM
+       sec_init();
+#endif
        return 0;
 }
 #endif

diff --git a/board/freescale/ls2080ardb/MAINTAINERS b/board/freescale/ls2080ardb/MAINTAINERS
index c9f3459f7856901875d97ff34d451ebf056b72cd..0817711d089e9ba0f3bc8bea1ccfeb23dd69f4ae 100644 (file)
--- a/board/freescale/ls2080ardb/MAINTAINERS
+++ b/board/freescale/ls2080ardb/MAINTAINERS
@@ -8,3 +8,9 @@ F:      configs/ls2080ardb_defconfig
 F:     configs/ls2080ardb_nand_defconfig
 F:     configs/ls2085ardb_defconfig
 F:     configs/ls2085ardb_nand_defconfig
+
+LS2080A_SECURE_BOOT BOARD
+M:     Saksham Jain <saksham.jain@nxp.freescale.com>
+S:     Maintained
+F:     configs/ls2080ardb_SECURE_BOOT_defconfig
+F:     configs/ls2085ardb_SECURE_BOOT_defconfig

diff --git a/board/freescale/ls2080ardb/ls2080ardb.c b/board/freescale/ls2080ardb/ls2080ardb.c
index 844d9f5a090f5a60b89e2e61e11decf87e3dfd96..ec4b74c2726e76cb00a18a7d8d8559d1df19fc21 100644 (file)
--- a/board/freescale/ls2080ardb/ls2080ardb.c
+++ b/board/freescale/ls2080ardb/ls2080ardb.c
@@ -18,6 +18,7 @@
 #include <environment.h>
 #include <i2c.h>
 #include <asm/arch/soc.h>
+#include <fsl_sec.h>
 
 #include "../common/qixis.h"
 #include "ls2080ardb_qixis.h"
@@ -218,7 +219,9 @@ int arch_misc_init(void)
 #ifdef CONFIG_FSL_DEBUG_SERVER
        debug_server_init();
 #endif
-
+#ifdef CONFIG_FSL_CAAM
+       sec_init();
+#endif
        return 0;
 }
 #endif

diff --git a/configs/ls2080aqds_SECURE_BOOT_defconfig b/configs/ls2080aqds_SECURE_BOOT_defconfig
new file mode 100644 (file)
index 0000000..408d1ee
--- /dev/null
+++ b/configs/ls2080aqds_SECURE_BOOT_defconfig
@@ -0,0 +1,20 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS2080AQDS=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-qds"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2080A, SECURE_BOOT"
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_OF_CONTROL=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_SYS_NS16550=y
+CONFIG_FSL_DSPI=y
+CONFIG_RSA=y

diff --git a/configs/ls2080ardb_SECURE_BOOT_defconfig b/configs/ls2080ardb_SECURE_BOOT_defconfig
new file mode 100644 (file)
index 0000000..dde3311
--- /dev/null
+++ b/configs/ls2080ardb_SECURE_BOOT_defconfig
@@ -0,0 +1,20 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS2080ARDB=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-rdb"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2080A, SECURE_BOOT"
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_OF_CONTROL=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_SYS_NS16550=y
+CONFIG_FSL_DSPI=y
+CONFIG_RSA=y

diff --git a/configs/ls2085aqds_SECURE_BOOT_defconfig b/configs/ls2085aqds_SECURE_BOOT_defconfig
new file mode 100644 (file)
index 0000000..f13ee41
--- /dev/null
+++ b/configs/ls2085aqds_SECURE_BOOT_defconfig
@@ -0,0 +1,20 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS2080AQDS=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-qds"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2085A, SECURE_BOOT"
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_OF_CONTROL=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_SYS_NS16550=y
+CONFIG_FSL_DSPI=y
+CONFIG_RSA=y

diff --git a/configs/ls2085ardb_SECURE_BOOT_defconfig b/configs/ls2085ardb_SECURE_BOOT_defconfig
new file mode 100644 (file)
index 0000000..aa66508
--- /dev/null
+++ b/configs/ls2085ardb_SECURE_BOOT_defconfig
@@ -0,0 +1,20 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS2080ARDB=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-rdb"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2085A, SECURE_BOOT"
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_OF_CONTROL=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_SYS_NS16550=y
+CONFIG_FSL_DSPI=y
+CONFIG_RSA=y

diff --git a/include/configs/ls2080aqds.h b/include/configs/ls2080aqds.h
index dab38208f5a564482011dee0c551c0e5e452c88b..91fad0a0cdcb565d2c29354373e7430c92d9dbba 100644 (file)
--- a/include/configs/ls2080aqds.h
+++ b/include/configs/ls2080aqds.h
@@ -399,4 +399,6 @@ unsigned long get_board_ddr_clk(void);
 #define CONFIG_USB_STORAGE
 #define CONFIG_CMD_EXT2
 
+#include <asm/fsl_secure_boot.h>
+
 #endif /* __LS2_QDS_H */

diff --git a/include/configs/ls2080ardb.h b/include/configs/ls2080ardb.h
index 59a3f66310433eed445fc5103a9342fbc1dcd024..ce1d90098f7c766b2bd3b5613cc4d04e50ce0f43 100644 (file)
--- a/include/configs/ls2080ardb.h
+++ b/include/configs/ls2080ardb.h
@@ -363,4 +363,6 @@ unsigned long get_board_sys_clk(void);
 #define CONFIG_PHY_AQUANTIA
 #endif
 
+#include <asm/fsl_secure_boot.h>
+
 #endif /* __LS2_RDB_H */