spaact_size = sizeof(struct paace) * NUM_SPAACT_ENTRIES;
/* Allocate space for Primary PAACT Table */
+#if (defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_PPAACT_ADDR))
+ ppaact = (void *)CONFIG_SPL_PPAACT_ADDR;
+#else
ppaact = memalign(PAMU_TABLE_ALIGNMENT, ppaact_size);
if (!ppaact)
return -1;
+#endif
memset(ppaact, 0, ppaact_size);
/* Allocate space for Secondary PAACT Table */
+#if (defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_SPAACT_ADDR))
+ sec = (void *)CONFIG_SPL_SPAACT_ADDR;
+#else
sec = memalign(PAMU_TABLE_ALIGNMENT, spaact_size);
if (!sec)
return -1;
+#endif
memset(sec, 0, spaact_size);
ppaact_phys = virt_to_phys((void *)ppaact);
i++;
#endif
+#if (defined(CONFIG_SPL_BUILD) && (CONFIG_SYS_INIT_L3_VADDR))
+ tbl->start_addr[i] =
+ (uint64_t)virt_to_phys((void *)CONFIG_SYS_INIT_L3_VADDR);
+ tbl->size[i] = 256 * 1024; /* 256K CPC flash */
+ tbl->end_addr[i] = tbl->start_addr[i] + tbl->size[i] - 1;
+
+ i++;
+#endif
debug("PAMU address\t\t\tsize\n");
for (j = 0; j < i ; j++)
debug("%llx \t\t\t%llx\n", tbl->start_addr[j], tbl->size[j]);
#ifdef CONFIG_CHAIN_OF_TRUST
+#ifdef CONFIG_SPL_BUILD
+#define CONFIG_SPL_DM 1
+#define CONFIG_SPL_CRYPTO_SUPPORT
+#define CONFIG_SPL_HASH_SUPPORT
+#define CONFIG_SPL_RSA
+#define CONFIG_SPL_DRIVERS_MISC_SUPPORT
+/*
+ * PPAACT and SPAACT table for PAMU must be placed on DDR after DDR init
+ * due to space crunch on CPC and thus malloc will not work.
+ */
+#define CONFIG_SPL_PPAACT_ADDR 0x2e000000
+#define CONFIG_SPL_SPAACT_ADDR 0x2f000000
+#define CONFIG_SPL_JR0_LIODN_S 454
+#define CONFIG_SPL_JR0_LIODN_NS 458
+/*
+ * Define the key hash for U-Boot here if public/private key pair used to
+ * sign U-boot are different from the SRK hash put in the fuse
+ * Example of defining KEY_HASH is
+ * #define CONFIG_SPL_UBOOT_KEY_HASH \
+ * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
+ * else leave it defined as NULL
+ */
+
+#define CONFIG_SPL_UBOOT_KEY_HASH NULL
+#endif /* ifdef CONFIG_SPL_BUILD */
+
#define CONFIG_CMD_ESBC_VALIDATE
#define CONFIG_CMD_BLOB
#define CONFIG_FSL_SEC_MON
#define CONFIG_FSL_CAAM
#endif
-/* fsl_setenv_chain_of_trust() must be called from
+#ifndef CONFIG_SPL_BUILD
+/*
+ * fsl_setenv_chain_of_trust() must be called from
* board_late_init()
*/
#ifndef CONFIG_BOARD_LATE_INIT
#endif /* #ifdef CONFIG_BOOTSCRIPT_COPY_RAM */
#include <config_fsl_chain_trust.h>
+#endif /* #ifndef CONFIG_SPL_BUILD */
#endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
#endif
#include <common.h>
#include <fsl_validate.h>
+#include <fsl_secboot_err.h>
#include <fsl_sfp.h>
+#include <dm/root.h>
+
+#ifdef CONFIG_ADDR_MAP
+#include <asm/mmu.h>
+#endif
+
+#ifdef CONFIG_FSL_CORENET
+#include <asm/fsl_pamu.h>
+#endif
#ifdef CONFIG_LS102XA
#include <asm/arch/immap_ls102xa.h>
return 0;
}
+#ifndef CONFIG_SPL_BUILD
int fsl_setenv_chain_of_trust(void)
{
/* Check Boot Mode
setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD);
return 0;
}
+#endif
+
+#ifdef CONFIG_SPL_BUILD
+void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr)
+{
+ int res;
+
+ /*
+ * Check Boot Mode
+ * If Boot Mode is Non-Secure, skip validation
+ */
+ if (fsl_check_boot_mode_secure() == 0)
+ return;
+
+ printf("SPL: Validating U-Boot image\n");
+
+#ifdef CONFIG_ADDR_MAP
+ init_addr_map();
+#endif
+
+#ifdef CONFIG_FSL_CORENET
+ if (pamu_init() < 0)
+ fsl_secboot_handle_error(ERROR_ESBC_PAMU_INIT);
+#endif
+
+#ifdef CONFIG_FSL_CAAM
+ if (sec_init() < 0)
+ fsl_secboot_handle_error(ERROR_ESBC_SEC_INIT);
+#endif
+
+/*
+ * dm_init_and_scan() is called as part of common SPL framework, so no
+ * need to call it again but in case of powerpc platforms which currently
+ * do not use common SPL framework, so need to call this function here.
+ */
+#if defined(CONFIG_SPL_DM) && (!defined(CONFIG_SPL_FRAMEWORK))
+ dm_init_and_scan(false);
+#endif
+ res = fsl_secboot_validate(hdr_addr, CONFIG_SPL_UBOOT_KEY_HASH,
+ &img_addr);
+
+ if (res == 0)
+ printf("SPL: Validation of U-boot successful\n");
+}
+#endif /* ifdef CONFIG_SPL_BUILD */
sec_out32(&sec->mcfgr, mcr);
#ifdef CONFIG_FSL_CORENET
+#ifdef CONFIG_SPL_BUILD
+ /*
+ * For SPL Build, Set the Liodns in SEC JR0 for
+ * creating PAMU entries corresponding to these.
+ * For normal build, these are set in set_liodns().
+ */
+ liodn_ns = CONFIG_SPL_JR0_LIODN_NS & JRNSLIODN_MASK;
+ liodn_s = CONFIG_SPL_JR0_LIODN_S & JRSLIODN_MASK;
+
+ liodnr = sec_in32(&sec->jrliodnr[0].ls) &
+ ~(JRNSLIODN_MASK | JRSLIODN_MASK);
+ liodnr = liodnr |
+ (liodn_ns << JRNSLIODN_SHIFT) |
+ (liodn_s << JRSLIODN_SHIFT);
+ sec_out32(&sec->jrliodnr[0].ls, liodnr);
+#else
liodnr = sec_in32(&sec->jrliodnr[0].ls);
liodn_ns = (liodnr & JRNSLIODN_MASK) >> JRNSLIODN_SHIFT;
liodn_s = (liodnr & JRSLIODN_MASK) >> JRSLIODN_SHIFT;
+#endif
#endif
ret = jr_init(sec_idx);
#include <asm/io.h>
#include <fsl_ifc.h>
#include <linux/mtd/nand.h>
+#ifdef CONFIG_CHAIN_OF_TRUST
+#include <fsl_validate.h>
+#endif
static inline int is_blank(uchar *addr, int page_size)
{
*/
flush_cache(CONFIG_SYS_NAND_U_BOOT_DST, CONFIG_SYS_NAND_U_BOOT_SIZE);
#endif
+
+#ifdef CONFIG_CHAIN_OF_TRUST
+ /*
+ * U-Boot header is appended at end of U-boot image, so
+ * calculate U-boot header address using U-boot header size.
+ */
+#define CONFIG_U_BOOT_HDR_ADDR \
+ ((CONFIG_SYS_NAND_U_BOOT_START + \
+ CONFIG_SYS_NAND_U_BOOT_SIZE) - \
+ CONFIG_U_BOOT_HDR_SIZE)
+ spl_validate_uboot(CONFIG_U_BOOT_HDR_ADDR,
+ CONFIG_SYS_NAND_U_BOOT_START);
+ /*
+ * In case of failure in validation, spl_validate_uboot would
+ * not return back in case of Production environment with ITS=1.
+ * Thus U-Boot will not start.
+ * In Development environment (ITS=0 and SB_EN=1), the function
+ * may return back in case of non-fatal failures.
+ */
+#endif
+
uboot = (void *)CONFIG_SYS_NAND_U_BOOT_START;
uboot();
}
int fsl_check_boot_mode_secure(void);
int fsl_setenv_chain_of_trust(void);
+
+/*
+ * This function is used to validate the main U-boot binary from
+ * SPL just before passing control to it using QorIQ Trust
+ * Architecture header (appended to U-boot image).
+ */
+void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr);
#endif
projects / oweals / u-boot.git / commitdiff