From fcfdb6d580ab108f4496f1ef7bd7ed260488ffde Mon Sep 17 00:00:00 2001 From: Saksham Jain Date: Wed, 23 Mar 2016 16:24:35 +0530 Subject: [PATCH] armv8: ls2080rdb: ls2080qds: Add secure boot support Sec_init has been called at the beginning to initialize SEC Block (CAAM) which is used by secure boot validation later for both ls2080a qds and rdb. 64-bit address in ESBC Header has been enabled. Secure boot defconfigs are created for boards (NOR boot). Signed-off-by: Saksham Jain Reviewed-by: York Sun --- arch/arm/include/asm/fsl_secure_boot.h | 9 +++++++-- board/freescale/ls2080aqds/MAINTAINERS | 6 ++++++ board/freescale/ls2080aqds/ls2080aqds.c | 5 ++++- board/freescale/ls2080ardb/MAINTAINERS | 6 ++++++ board/freescale/ls2080ardb/ls2080ardb.c | 5 ++++- configs/ls2080aqds_SECURE_BOOT_defconfig | 20 ++++++++++++++++++++ configs/ls2080ardb_SECURE_BOOT_defconfig | 20 ++++++++++++++++++++ configs/ls2085aqds_SECURE_BOOT_defconfig | 20 ++++++++++++++++++++ configs/ls2085ardb_SECURE_BOOT_defconfig | 20 ++++++++++++++++++++ include/configs/ls2080aqds.h | 2 ++ include/configs/ls2080ardb.h | 2 ++ 11 files changed, 111 insertions(+), 4 deletions(-) create mode 100644 configs/ls2080aqds_SECURE_BOOT_defconfig create mode 100644 configs/ls2080ardb_SECURE_BOOT_defconfig create mode 100644 configs/ls2085aqds_SECURE_BOOT_defconfig create mode 100644 configs/ls2085ardb_SECURE_BOOT_defconfig diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index 4eb3b156c8..b745194c73 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -18,7 +18,9 @@ #ifdef CONFIG_CHAIN_OF_TRUST #define CONFIG_CMD_ESBC_VALIDATE #define CONFIG_CMD_BLOB +#define CONFIG_CMD_HASH #define CONFIG_FSL_SEC_MON +#define CONFIG_SHA_HW_ACCEL #define CONFIG_SHA_PROG_HW_ACCEL #define CONFIG_RSA_FREESCALE_EXP @@ -42,8 +44,11 @@ #endif -#ifdef CONFIG_LS1043A -/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit */ +#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A) ||\ + defined(CONFIG_LS2085A) +/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit + * Similiarly for LS2080 and LS2085 + */ #define CONFIG_ESBC_ADDR_64BIT #endif diff --git a/board/freescale/ls2080aqds/MAINTAINERS b/board/freescale/ls2080aqds/MAINTAINERS index 6f99ad0d91..558cef1190 100644 --- a/board/freescale/ls2080aqds/MAINTAINERS +++ b/board/freescale/ls2080aqds/MAINTAINERS @@ -8,3 +8,9 @@ F: configs/ls2080aqds_defconfig F: configs/ls2080aqds_nand_defconfig F: configs/ls2085aqds_defconfig F: configs/ls2085aqds_nand_defconfig + +LS2080A_SECURE_BOOT BOARD +M: Saksham Jain +S: Maintained +F: configs/ls2080aqds_SECURE_BOOT_defconfig +F: configs/ls2085aqds_SECURE_BOOT_defconfig diff --git a/board/freescale/ls2080aqds/ls2080aqds.c b/board/freescale/ls2080aqds/ls2080aqds.c index f3925e25a3..e1a521d080 100644 --- a/board/freescale/ls2080aqds/ls2080aqds.c +++ b/board/freescale/ls2080aqds/ls2080aqds.c @@ -19,6 +19,7 @@ #include #include #include +#include #include "../common/qixis.h" #include "ls2080aqds_qixis.h" @@ -248,7 +249,9 @@ int arch_misc_init(void) #ifdef CONFIG_FSL_DEBUG_SERVER debug_server_init(); #endif - +#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif return 0; } #endif diff --git a/board/freescale/ls2080ardb/MAINTAINERS b/board/freescale/ls2080ardb/MAINTAINERS index c9f3459f78..0817711d08 100644 --- a/board/freescale/ls2080ardb/MAINTAINERS +++ b/board/freescale/ls2080ardb/MAINTAINERS @@ -8,3 +8,9 @@ F: configs/ls2080ardb_defconfig F: configs/ls2080ardb_nand_defconfig F: configs/ls2085ardb_defconfig F: configs/ls2085ardb_nand_defconfig + +LS2080A_SECURE_BOOT BOARD +M: Saksham Jain +S: Maintained +F: configs/ls2080ardb_SECURE_BOOT_defconfig +F: configs/ls2085ardb_SECURE_BOOT_defconfig diff --git a/board/freescale/ls2080ardb/ls2080ardb.c b/board/freescale/ls2080ardb/ls2080ardb.c index 844d9f5a09..ec4b74c272 100644 --- a/board/freescale/ls2080ardb/ls2080ardb.c +++ b/board/freescale/ls2080ardb/ls2080ardb.c @@ -18,6 +18,7 @@ #include #include #include +#include #include "../common/qixis.h" #include "ls2080ardb_qixis.h" @@ -218,7 +219,9 @@ int arch_misc_init(void) #ifdef CONFIG_FSL_DEBUG_SERVER debug_server_init(); #endif - +#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif return 0; } #endif diff --git a/configs/ls2080aqds_SECURE_BOOT_defconfig b/configs/ls2080aqds_SECURE_BOOT_defconfig new file mode 100644 index 0000000000..408d1ee1e7 --- /dev/null +++ b/configs/ls2080aqds_SECURE_BOOT_defconfig @@ -0,0 +1,20 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS2080AQDS=y +# CONFIG_SYS_MALLOC_F is not set +CONFIG_DM_SPI=y +CONFIG_DM_SPI_FLASH=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-qds" +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2080A, SECURE_BOOT" +# CONFIG_CMD_SETEXPR is not set +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_NETDEVICES=y +CONFIG_E1000=y +CONFIG_SYS_NS16550=y +CONFIG_FSL_DSPI=y +CONFIG_RSA=y diff --git a/configs/ls2080ardb_SECURE_BOOT_defconfig b/configs/ls2080ardb_SECURE_BOOT_defconfig new file mode 100644 index 0000000000..dde3311653 --- /dev/null +++ b/configs/ls2080ardb_SECURE_BOOT_defconfig @@ -0,0 +1,20 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS2080ARDB=y +# CONFIG_SYS_MALLOC_F is not set +CONFIG_DM_SPI=y +CONFIG_DM_SPI_FLASH=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-rdb" +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2080A, SECURE_BOOT" +# CONFIG_CMD_SETEXPR is not set +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_NETDEVICES=y +CONFIG_E1000=y +CONFIG_SYS_NS16550=y +CONFIG_FSL_DSPI=y +CONFIG_RSA=y diff --git a/configs/ls2085aqds_SECURE_BOOT_defconfig b/configs/ls2085aqds_SECURE_BOOT_defconfig new file mode 100644 index 0000000000..f13ee41c77 --- /dev/null +++ b/configs/ls2085aqds_SECURE_BOOT_defconfig @@ -0,0 +1,20 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS2080AQDS=y +# CONFIG_SYS_MALLOC_F is not set +CONFIG_DM_SPI=y +CONFIG_DM_SPI_FLASH=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-qds" +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2085A, SECURE_BOOT" +# CONFIG_CMD_SETEXPR is not set +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_NETDEVICES=y +CONFIG_E1000=y +CONFIG_SYS_NS16550=y +CONFIG_FSL_DSPI=y +CONFIG_RSA=y diff --git a/configs/ls2085ardb_SECURE_BOOT_defconfig b/configs/ls2085ardb_SECURE_BOOT_defconfig new file mode 100644 index 0000000000..aa6650849c --- /dev/null +++ b/configs/ls2085ardb_SECURE_BOOT_defconfig @@ -0,0 +1,20 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS2080ARDB=y +# CONFIG_SYS_MALLOC_F is not set +CONFIG_DM_SPI=y +CONFIG_DM_SPI_FLASH=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-rdb" +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2085A, SECURE_BOOT" +# CONFIG_CMD_SETEXPR is not set +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_NETDEVICES=y +CONFIG_E1000=y +CONFIG_SYS_NS16550=y +CONFIG_FSL_DSPI=y +CONFIG_RSA=y diff --git a/include/configs/ls2080aqds.h b/include/configs/ls2080aqds.h index dab38208f5..91fad0a0cd 100644 --- a/include/configs/ls2080aqds.h +++ b/include/configs/ls2080aqds.h @@ -399,4 +399,6 @@ unsigned long get_board_ddr_clk(void); #define CONFIG_USB_STORAGE #define CONFIG_CMD_EXT2 +#include + #endif /* __LS2_QDS_H */ diff --git a/include/configs/ls2080ardb.h b/include/configs/ls2080ardb.h index 59a3f66310..ce1d90098f 100644 --- a/include/configs/ls2080ardb.h +++ b/include/configs/ls2080ardb.h @@ -363,4 +363,6 @@ unsigned long get_board_sys_clk(void); #define CONFIG_PHY_AQUANTIA #endif +#include + #endif /* __LS2_RDB_H */ -- 2.25.1