From e91f1deca57da2265394e0f87947c7ef4653809a Mon Sep 17 00:00:00 2001 From: Stuart Yoder Date: Wed, 2 Mar 2016 16:37:13 -0600 Subject: armv8: ls2080a: Update fdt path for fsl-mc node The fsl-mc node has been moved under /soc, so update the path references accordingly. Backwards compatibility is retained for /fsl-mc. Delete backwards compatibility for the completely obsolete /fsl,dprc@0. Signed-off-by: Stuart Yoder Reviewed-by: York Sun diff --git a/board/freescale/ls2080a/ls2080a.c b/board/freescale/ls2080a/ls2080a.c index 7bce8b0..ace0d79 100644 --- a/board/freescale/ls2080a/ls2080a.c +++ b/board/freescale/ls2080a/ls2080a.c @@ -87,14 +87,14 @@ void fdt_fixup_board_enet(void *fdt) { int offset; - offset = fdt_path_offset(fdt, "/fsl-mc"); + offset = fdt_path_offset(fdt, "/soc/fsl-mc"); /* * TODO: Remove this when backward compatibility - * with old DT node (fsl,dprc@0) is no longer needed. + * with old DT node (/fsl-mc) is no longer needed. */ if (offset < 0) - offset = fdt_path_offset(fdt, "/fsl,dprc@0"); + offset = fdt_path_offset(fdt, "/fsl-mc"); if (offset < 0) { printf("%s: ERROR: fsl-mc node not found in device tree (error %d)\n", diff --git a/board/freescale/ls2080aqds/ls2080aqds.c b/board/freescale/ls2080aqds/ls2080aqds.c index aa256a2..f3925e2 100644 --- a/board/freescale/ls2080aqds/ls2080aqds.c +++ b/board/freescale/ls2080aqds/ls2080aqds.c @@ -258,10 +258,10 @@ void fdt_fixup_board_enet(void *fdt) { int offset; - offset = fdt_path_offset(fdt, "/fsl-mc"); + offset = fdt_path_offset(fdt, "/soc/fsl-mc"); if (offset < 0) - offset = fdt_path_offset(fdt, "/fsl,dprc@0"); + offset = fdt_path_offset(fdt, "/fsl-mc"); if (offset < 0) { printf("%s: ERROR: fsl-mc node not found in device tree (error %d)\n", diff --git a/board/freescale/ls2080ardb/ls2080ardb.c b/board/freescale/ls2080ardb/ls2080ardb.c index 12638df..844d9f5 100644 --- a/board/freescale/ls2080ardb/ls2080ardb.c +++ b/board/freescale/ls2080ardb/ls2080ardb.c @@ -228,10 +228,10 @@ void fdt_fixup_board_enet(void *fdt) { int offset; - offset = fdt_path_offset(fdt, "/fsl-mc"); + offset = fdt_path_offset(fdt, "/soc/fsl-mc"); if (offset < 0) - offset = fdt_path_offset(fdt, "/fsl,dprc@0"); + offset = fdt_path_offset(fdt, "/fsl-mc"); if (offset < 0) { printf("%s: ERROR: fsl-mc node not found in device tree (error %d)\n", -- cgit v0.10.2 From ad6767b6e9744eb210e9dd815ee68ebdca15151f Mon Sep 17 00:00:00 2001 From: Qianyu Gong Date: Tue, 15 Mar 2016 16:35:57 +0800 Subject: armv8/ls1043a: Update env settings for booting kernel Signed-off-by: Gong Qianyu Reviewed-by: York Sun diff --git a/include/configs/ls1043a_common.h b/include/configs/ls1043a_common.h index ea25aad..fd243b1 100644 --- a/include/configs/ls1043a_common.h +++ b/include/configs/ls1043a_common.h @@ -245,13 +245,13 @@ "ramdisk_size=0x2000000\0" \ "fdt_high=0xffffffffffffffff\0" \ "initrd_high=0xffffffffffffffff\0" \ - "kernel_start=0x61200000\0" \ - "kernel_load=0x807f0000\0" \ - "kernel_size=0x1000000\0" \ + "kernel_start=0x61100000\0" \ + "kernel_load=0xa0000000\0" \ + "kernel_size=0x2800000\0" \ "console=ttyAMA0,38400n8\0" #define CONFIG_BOOTARGS "console=ttyS0,115200 root=/dev/ram0 " \ - "earlycon=uart8250,0x21c0500,115200" + "earlycon=uart8250,mmio,0x21c0500" #define CONFIG_BOOTCOMMAND "cp.b $kernel_start $kernel_load " \ "$kernel_size && bootm $kernel_load" #define CONFIG_BOOTDELAY 10 -- cgit v0.10.2 From 258b8c93ec25a7fd8e099b28a1149574935b255e Mon Sep 17 00:00:00 2001 From: Qianyu Gong Date: Wed, 16 Mar 2016 18:01:52 +0800 Subject: armv8: fsl-layerscape: Skip reconfigure QSPI clock when booting from QSPI The qspi_cfg register is set by PBI when booting from QSPI. No need to changing it again. Signed-off-by: Gong Qianyu Reviewed-by: York Sun diff --git a/arch/arm/cpu/armv8/fsl-layerscape/soc.c b/arch/arm/cpu/armv8/fsl-layerscape/soc.c index 213ce3a..bf04742 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/soc.c +++ b/arch/arm/cpu/armv8/fsl-layerscape/soc.c @@ -240,7 +240,7 @@ void fsl_lsch2_early_init_f(void) init_early_memctl_regs(); /* tighten IFC timing */ #endif -#ifdef CONFIG_FSL_QSPI +#if defined(CONFIG_FSL_QSPI) && !defined(CONFIG_QSPI_BOOT) out_be32(&scfg->qspi_cfg, SCFG_QSPI_CLKSEL); #endif /* Make SEC reads and writes snoopable */ -- cgit v0.10.2 From cd7b3fbcf46844230ad664884c18d0281a4a31d7 Mon Sep 17 00:00:00 2001 From: Prabhakar Kushwaha Date: Fri, 18 Mar 2016 16:15:29 +0530 Subject: driver: net: fsl-mc: Free dflt_dpio pointer after its usage Free dflt_dpio pointer after its usage during error handling Signed-off-by: Prabhakar Kushwaha Reported-by: Jose Rivera Reviewed-by: York Sun diff --git a/drivers/net/fsl-mc/mc.c b/drivers/net/fsl-mc/mc.c index f83bd0c..d2b8b5c 100644 --- a/drivers/net/fsl-mc/mc.c +++ b/drivers/net/fsl-mc/mc.c @@ -747,11 +747,11 @@ static int dpio_init(void) err_get_swp_init: dpio_disable(dflt_mc_io, MC_CMD_NO_FLAGS, dflt_dpio->dpio_handle); err_get_enable: - free(dflt_dpio); err_get_attr: dpio_close(dflt_mc_io, MC_CMD_NO_FLAGS, dflt_dpio->dpio_handle); dpio_destroy(dflt_mc_io, MC_CMD_NO_FLAGS, dflt_dpio->dpio_handle); err_create: + free(dflt_dpio); err_malloc: return err; } -- cgit v0.10.2 From b576d325acbcbe05d712e3a995b4ce6689eb96c5 Mon Sep 17 00:00:00 2001 From: Prabhakar Kushwaha Date: Fri, 18 Mar 2016 16:16:03 +0530 Subject: driver: net: fsl-mc: Check NULL before pointer dereference NULL pointer should be checked before any dereference. This patch move memest after the NULL pointer check. Signed-off-by: Prabhakar Kushwaha Reported-by: Jose Rivera Acked-by: Joe Hershberger Reviewed-by: York Sun diff --git a/drivers/net/fsl-mc/dpio/qbman_sys.h b/drivers/net/fsl-mc/dpio/qbman_sys.h index 235d641..7a537fb 100644 --- a/drivers/net/fsl-mc/dpio/qbman_sys.h +++ b/drivers/net/fsl-mc/dpio/qbman_sys.h @@ -255,11 +255,11 @@ static inline int qbman_swp_sys_init(struct qbman_swp_sys *s, s->addr_cena = d->cena_bar; s->addr_cinh = d->cinh_bar; s->cena = (void *)valloc(CONFIG_SYS_PAGE_SIZE); - memset((void *)s->cena, 0x00, CONFIG_SYS_PAGE_SIZE); if (!s->cena) { printf("Could not allocate page for cena shadow\n"); return -1; } + memset((void *)s->cena, 0x00, CONFIG_SYS_PAGE_SIZE); #ifdef QBMAN_CHECKING /* We should never be asked to initialise for a portal that isn't in -- cgit v0.10.2 From 3808190af0d753c152633736e953f7ffa3bbc1b2 Mon Sep 17 00:00:00 2001 From: Saksham Jain Date: Wed, 23 Mar 2016 16:24:32 +0530 Subject: armv8: ls2080: Add SFP Configs for LS2080 In LS2080, SFP has version 3.4. It is in little endian. The base address is 0x01e80200. SFP is used in Secure Boot to read fuses. Signed-off-by: Aneesh Bansal Signed-off-by: Saksham Jain Reviewed-by: York Sun diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h b/arch/arm/include/asm/arch-fsl-layerscape/config.h index bfaece2..35d5908 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/config.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h @@ -67,6 +67,10 @@ /* SMMU Defintions */ #define SMMU_BASE 0x05000000 /* GR0 Base */ +/* SFP */ +#define CONFIG_SYS_FSL_SFP_VER_3_4 +#define CONFIG_SYS_FSL_SFP_LE + /* Cache Coherent Interconnect */ #define CCI_MN_BASE 0x04000000 #define CCI_MN_RNF_NODEID_LIST 0x180 diff --git a/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch3.h b/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch3.h index 081519a..6f1b144 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch3.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch3.h @@ -73,6 +73,9 @@ #define AHCI_BASE_ADDR1 (CONFIG_SYS_IMMR + 0x02200000) #define AHCI_BASE_ADDR2 (CONFIG_SYS_IMMR + 0x02210000) +/* SFP */ +#define CONFIG_SYS_SFP_ADDR (CONFIG_SYS_IMMR + 0x00e80200) + /* PCIe */ #define CONFIG_SYS_PCIE1_ADDR (CONFIG_SYS_IMMR + 0x2400000) #define CONFIG_SYS_PCIE2_ADDR (CONFIG_SYS_IMMR + 0x2500000) diff --git a/include/fsl_sfp.h b/include/fsl_sfp.h index 353a123..2976a2c 100644 --- a/include/fsl_sfp.h +++ b/include/fsl_sfp.h @@ -32,7 +32,8 @@ /* Number of SRKH registers */ #define NUM_SRKH_REGS 8 -#ifdef CONFIG_SYS_FSL_SFP_VER_3_2 +#if defined(CONFIG_SYS_FSL_SFP_VER_3_2) || \ + defined(CONFIG_SYS_FSL_SFP_VER_3_4) struct ccsr_sfp_regs { u32 ospr; /* 0x200 */ u32 ospr1; /* 0x204 */ -- cgit v0.10.2 From 2827d64774e7de9680ccd0b283856cc28f78a17f Mon Sep 17 00:00:00 2001 From: Saksham Jain Date: Wed, 23 Mar 2016 16:24:33 +0530 Subject: armv8: ls2080: Add configs for SEC, SecMon, SRK and DCFG Add configs for various IPs used during secure boot. Add address and endianness for SEC and Security Monitor. SRK are fuses in SFP (fuses for public key's hash). These are stored in little endian format. Signed-off-by: Aneesh Bansal Signed-off-by: Saksham Jain Reviewed-by: York Sun diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h b/arch/arm/include/asm/arch-fsl-layerscape/config.h index 35d5908..00916f5 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/config.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h @@ -70,6 +70,16 @@ /* SFP */ #define CONFIG_SYS_FSL_SFP_VER_3_4 #define CONFIG_SYS_FSL_SFP_LE +#define CONFIG_SYS_FSL_SRK_LE + +/* SEC */ +#define CONFIG_SYS_FSL_SEC_LE +#define CONFIG_SYS_FSL_SEC_COMPAT 5 + +/* Security Monitor */ +#define CONFIG_SYS_FSL_SEC_MON_LE + + /* Cache Coherent Interconnect */ #define CCI_MN_BASE 0x04000000 diff --git a/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch3.h b/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch3.h index 6f1b144..e8e3b91 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch3.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch3.h @@ -76,6 +76,14 @@ /* SFP */ #define CONFIG_SYS_SFP_ADDR (CONFIG_SYS_IMMR + 0x00e80200) +/* SEC */ +#define CONFIG_SYS_FSL_SEC_ADDR (CONFIG_SYS_IMMR + 0x07000000) +#define CONFIG_SYS_FSL_JR0_ADDR (CONFIG_SYS_IMMR + 0x07010000) + +/* Security Monitor */ +#define CONFIG_SYS_SEC_MON_ADDR (CONFIG_SYS_IMMR + 0x00e90000) + + /* PCIe */ #define CONFIG_SYS_PCIE1_ADDR (CONFIG_SYS_IMMR + 0x2400000) #define CONFIG_SYS_PCIE2_ADDR (CONFIG_SYS_IMMR + 0x2500000) @@ -212,6 +220,8 @@ struct ccsr_gur { #define FSL_CHASSIS3_RCWSR28_SRDS1_PRTCL_SHIFT 16 #define FSL_CHASSIS3_RCWSR28_SRDS2_PRTCL_MASK 0xFF000000 #define FSL_CHASSIS3_RCWSR28_SRDS2_PRTCL_SHIFT 24 +#define RCW_SB_EN_REG_INDEX 9 +#define RCW_SB_EN_MASK 0x00000400 u8 res_180[0x200-0x180]; u32 scratchrw[32]; /* Scratch Read/Write */ -- cgit v0.10.2 From fd6dbc98a73207ff961f1f83ea833654d98354c3 Mon Sep 17 00:00:00 2001 From: Saksham Jain Date: Wed, 23 Mar 2016 16:24:34 +0530 Subject: armv8: fsl-lsch3: Add new header for secure boot For secure boot, a header is used to identify key table, signature and image address. A new header structure is added for lsch3. Currently key extension (IE) feature is not supported. Single key feature is not supported. Keys must be in table format. Hence, SRK (key table) must be present. Max key number has increase from 4 to 8. The 8th key is irrevocable. A new barker Code is used. Signed-off-by: Aneesh Bansal Signed-off-by: Saksham Jain Reviewed-by: York Sun diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h b/arch/arm/include/asm/arch-fsl-layerscape/config.h index 00916f5..cc25811 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/config.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h @@ -79,7 +79,8 @@ /* Security Monitor */ #define CONFIG_SYS_FSL_SEC_MON_LE - +/* Secure Boot */ +#define CONFIG_ESBC_HDR_LS /* Cache Coherent Interconnect */ #define CCI_MN_BASE 0x04000000 diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index a32a1d7..4eb3b15 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -35,9 +35,13 @@ * The feature is only applicable in case of NOR boot and is * not applicable in case of RAMBOOT (NAND, SD, SPI). */ +#ifndef CONFIG_ESBC_HDR_LS +/* Current Key EXT feature not available in LS ESBC Header */ #define CONFIG_FSL_ISBC_KEY_EXT #endif +#endif + #ifdef CONFIG_LS1043A /* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit */ #define CONFIG_ESBC_ADDR_64BIT diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c index 8fd6dd6..c12b9c9 100644 --- a/board/freescale/common/fsl_validate.c +++ b/board/freescale/common/fsl_validate.c @@ -35,7 +35,13 @@ static const u8 hash_identifier[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, }; static u8 hash_val[SHA256_BYTES]; + +#ifdef CONFIG_ESBC_HDR_LS +/* New Barker Code for LS ESBC Header */ +static const u8 barker_code[ESBC_BARKER_LEN] = { 0x12, 0x19, 0x20, 0x01 }; +#else static const u8 barker_code[ESBC_BARKER_LEN] = { 0x68, 0x39, 0x27, 0x81 }; +#endif void branch_to_self(void) __attribute__ ((noreturn)); @@ -157,10 +163,15 @@ static int get_ie_info_addr(u32 *ie_addr) /* This function checks srk_table_flag in header and set/reset srk_flag.*/ static u32 check_srk(struct fsl_secboot_img_priv *img) { +#ifdef CONFIG_ESBC_HDR_LS + /* In LS, No SRK Flag as SRK is always present*/ + return 1; +#else if (img->hdr.len_kr.srk_table_flag & SRK_FLAG) return 1; return 0; +#endif } /* This function returns ospr's key_revoc values.*/ @@ -223,6 +234,7 @@ static u32 read_validate_srk_tbl(struct fsl_secboot_img_priv *img) } #endif +#ifndef CONFIG_ESBC_HDR_LS static u32 read_validate_single_key(struct fsl_secboot_img_priv *img) { struct fsl_secboot_img_hdr *hdr = &img->hdr; @@ -238,6 +250,7 @@ static u32 read_validate_single_key(struct fsl_secboot_img_priv *img) return 0; } +#endif /* CONFIG_ESBC_HDR_LS */ #if defined(CONFIG_FSL_ISBC_KEY_EXT) static u32 read_validate_ie_tbl(struct fsl_secboot_img_priv *img) @@ -388,6 +401,7 @@ void fsl_secboot_handle_error(int error) case ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD: case ERROR_ESBC_CLIENT_HEADER_SG_ESBC_EP: case ERROR_ESBC_CLIENT_HEADER_SG_ENTIRES_BAD: + case ERROR_KEY_TABLE_NOT_FOUND: #ifdef CONFIG_KEY_REVOCATION case ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED: case ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY: @@ -536,11 +550,18 @@ static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img) if (!key_hash && check_ie(img)) key_hash = 1; #endif - if (!key_hash) +#ifndef CONFIG_ESBC_HDR_LS +/* No single key support in LS ESBC header */ + if (!key_hash) { ret = algo->hash_update(algo, ctx, img->img_key, img->hdr.key_len, 0); + key_hash = 1; + } +#endif if (ret) return ret; + if (!key_hash) + return ERROR_KEY_TABLE_NOT_FOUND; /* Update hash for actual Image */ ret = algo->hash_update(algo, ctx, @@ -626,8 +647,6 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) u8 *k, *s; u32 ret = 0; -#ifdef CONFIG_KEY_REVOCATION -#endif int key_found = 0; /* check barker code */ @@ -671,13 +690,17 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) key_found = 1; } #endif - +#ifndef CONFIG_ESBC_HDR_LS +/* Single Key Feature not available in LS ESBC Header */ if (key_found == 0) { ret = read_validate_single_key(img); if (ret != 0) return ret; key_found = 1; } +#endif + if (!key_found) + return ERROR_KEY_TABLE_NOT_FOUND; /* check signaure */ if (get_key_len(img) == 2 * hdr->sign_len) { @@ -691,10 +714,12 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) } memcpy(&img->img_sign, esbc + hdr->psign, hdr->sign_len); - +/* No SG support in LS-CH3 */ +#ifndef CONFIG_ESBC_HDR_LS /* No SG support */ if (hdr->sg_flag) return ERROR_ESBC_CLIENT_HEADER_SG; +#endif /* modulus most significant bit should be set */ k = (u8 *)&img->img_key; diff --git a/include/fsl_secboot_err.h b/include/fsl_secboot_err.h index afc50a8..95d890b 100644 --- a/include/fsl_secboot_err.h +++ b/include/fsl_secboot_err.h @@ -29,6 +29,7 @@ #define ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN 0x18 #define ERROR_IE_TABLE_NOT_FOUND 0x19 #define ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN 0x20 +#define ERROR_KEY_TABLE_NOT_FOUND 0x21 #define ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1 0x40 #define ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2 0x80 #define ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD 0x100 @@ -121,6 +122,8 @@ static const struct fsl_secboot_errcode fsl_secboot_errcodes[] = { "Wrong IE public key len in header" }, { ERROR_IE_TABLE_NOT_FOUND, "Information about IE Table missing" }, + { ERROR_KEY_TABLE_NOT_FOUND, + "No Key/ Key Table Found in header"}, { ERROR_ESBC_CLIENT_MAX, "NULL" } }; diff --git a/include/fsl_validate.h b/include/fsl_validate.h index 83efcf4..f812c1a 100644 --- a/include/fsl_validate.h +++ b/include/fsl_validate.h @@ -21,14 +21,6 @@ extern struct jobring jr; -#ifdef CONFIG_KEY_REVOCATION -/* Srk table and key revocation check */ -#define SRK_FLAG 0x01 -#define UNREVOCABLE_KEY 4 -#define ALIGN_REVOC_KEY 3 -#define MAX_KEY_ENTRIES 4 -#endif - /* Barker code size in bytes */ #define ESBC_BARKER_LEN 4 /* barker code length in ESBC uboot client */ /* header */ @@ -39,6 +31,47 @@ extern struct jobring jr; /* Maximum number of SG entries allowed */ #define MAX_SG_ENTRIES 8 +/* Different Header Struct for LS-CH3 */ +#ifdef CONFIG_ESBC_HDR_LS +struct fsl_secboot_img_hdr { + u8 barker[ESBC_BARKER_LEN]; /* barker code */ + u32 srk_tbl_off; + struct { + u8 num_srk; + u8 srk_sel; + u8 reserve; + u8 ie_flag; + } len_kr; + + u32 uid_flag; + + u32 psign; /* signature offset */ + u32 sign_len; /* length of the signature in bytes */ + + u64 pimg64; /* 64 bit pointer to ESBC Image */ + u32 img_size; /* ESBC client image size in bytes */ + u32 ie_key_sel; + + u32 fsl_uid_0; + u32 fsl_uid_1; + u32 oem_uid_0; + u32 oem_uid_1; + u32 oem_uid_2; + u32 oem_uid_3; + u32 oem_uid_4; + u32 reserved1[3]; +}; + +#ifdef CONFIG_KEY_REVOCATION +/* Srk table and key revocation check */ +#define UNREVOCABLE_KEY 8 +#define ALIGN_REVOC_KEY 7 +#define MAX_KEY_ENTRIES 8 +#endif + + +#else /* CONFIG_ESBC_HDR_LS */ + /* * ESBC uboot client header structure. * The struct contain the following fields @@ -109,6 +142,17 @@ struct fsl_secboot_img_hdr { u32 ie_key_sel; }; +#ifdef CONFIG_KEY_REVOCATION +/* Srk table and key revocation check */ +#define SRK_FLAG 0x01 +#define UNREVOCABLE_KEY 4 +#define ALIGN_REVOC_KEY 3 +#define MAX_KEY_ENTRIES 4 +#endif + +#endif /* CONFIG_ESBC_HDR_LS */ + + #if defined(CONFIG_FSL_ISBC_KEY_EXT) struct ie_key_table { u32 key_len; -- cgit v0.10.2 From fcfdb6d580ab108f4496f1ef7bd7ed260488ffde Mon Sep 17 00:00:00 2001 From: Saksham Jain Date: Wed, 23 Mar 2016 16:24:35 +0530 Subject: armv8: ls2080rdb: ls2080qds: Add secure boot support Sec_init has been called at the beginning to initialize SEC Block (CAAM) which is used by secure boot validation later for both ls2080a qds and rdb. 64-bit address in ESBC Header has been enabled. Secure boot defconfigs are created for boards (NOR boot). Signed-off-by: Saksham Jain Reviewed-by: York Sun diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index 4eb3b15..b745194 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -18,7 +18,9 @@ #ifdef CONFIG_CHAIN_OF_TRUST #define CONFIG_CMD_ESBC_VALIDATE #define CONFIG_CMD_BLOB +#define CONFIG_CMD_HASH #define CONFIG_FSL_SEC_MON +#define CONFIG_SHA_HW_ACCEL #define CONFIG_SHA_PROG_HW_ACCEL #define CONFIG_RSA_FREESCALE_EXP @@ -42,8 +44,11 @@ #endif -#ifdef CONFIG_LS1043A -/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit */ +#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A) ||\ + defined(CONFIG_LS2085A) +/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit + * Similiarly for LS2080 and LS2085 + */ #define CONFIG_ESBC_ADDR_64BIT #endif diff --git a/board/freescale/ls2080aqds/MAINTAINERS b/board/freescale/ls2080aqds/MAINTAINERS index 6f99ad0..558cef1 100644 --- a/board/freescale/ls2080aqds/MAINTAINERS +++ b/board/freescale/ls2080aqds/MAINTAINERS @@ -8,3 +8,9 @@ F: configs/ls2080aqds_defconfig F: configs/ls2080aqds_nand_defconfig F: configs/ls2085aqds_defconfig F: configs/ls2085aqds_nand_defconfig + +LS2080A_SECURE_BOOT BOARD +M: Saksham Jain +S: Maintained +F: configs/ls2080aqds_SECURE_BOOT_defconfig +F: configs/ls2085aqds_SECURE_BOOT_defconfig diff --git a/board/freescale/ls2080aqds/ls2080aqds.c b/board/freescale/ls2080aqds/ls2080aqds.c index f3925e2..e1a521d 100644 --- a/board/freescale/ls2080aqds/ls2080aqds.c +++ b/board/freescale/ls2080aqds/ls2080aqds.c @@ -19,6 +19,7 @@ #include #include #include +#include #include "../common/qixis.h" #include "ls2080aqds_qixis.h" @@ -248,7 +249,9 @@ int arch_misc_init(void) #ifdef CONFIG_FSL_DEBUG_SERVER debug_server_init(); #endif - +#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif return 0; } #endif diff --git a/board/freescale/ls2080ardb/MAINTAINERS b/board/freescale/ls2080ardb/MAINTAINERS index c9f3459..0817711d 100644 --- a/board/freescale/ls2080ardb/MAINTAINERS +++ b/board/freescale/ls2080ardb/MAINTAINERS @@ -8,3 +8,9 @@ F: configs/ls2080ardb_defconfig F: configs/ls2080ardb_nand_defconfig F: configs/ls2085ardb_defconfig F: configs/ls2085ardb_nand_defconfig + +LS2080A_SECURE_BOOT BOARD +M: Saksham Jain +S: Maintained +F: configs/ls2080ardb_SECURE_BOOT_defconfig +F: configs/ls2085ardb_SECURE_BOOT_defconfig diff --git a/board/freescale/ls2080ardb/ls2080ardb.c b/board/freescale/ls2080ardb/ls2080ardb.c index 844d9f5..ec4b74c 100644 --- a/board/freescale/ls2080ardb/ls2080ardb.c +++ b/board/freescale/ls2080ardb/ls2080ardb.c @@ -18,6 +18,7 @@ #include #include #include +#include #include "../common/qixis.h" #include "ls2080ardb_qixis.h" @@ -218,7 +219,9 @@ int arch_misc_init(void) #ifdef CONFIG_FSL_DEBUG_SERVER debug_server_init(); #endif - +#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif return 0; } #endif diff --git a/configs/ls2080aqds_SECURE_BOOT_defconfig b/configs/ls2080aqds_SECURE_BOOT_defconfig new file mode 100644 index 0000000..408d1ee --- /dev/null +++ b/configs/ls2080aqds_SECURE_BOOT_defconfig @@ -0,0 +1,20 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS2080AQDS=y +# CONFIG_SYS_MALLOC_F is not set +CONFIG_DM_SPI=y +CONFIG_DM_SPI_FLASH=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-qds" +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2080A, SECURE_BOOT" +# CONFIG_CMD_SETEXPR is not set +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_NETDEVICES=y +CONFIG_E1000=y +CONFIG_SYS_NS16550=y +CONFIG_FSL_DSPI=y +CONFIG_RSA=y diff --git a/configs/ls2080ardb_SECURE_BOOT_defconfig b/configs/ls2080ardb_SECURE_BOOT_defconfig new file mode 100644 index 0000000..dde3311 --- /dev/null +++ b/configs/ls2080ardb_SECURE_BOOT_defconfig @@ -0,0 +1,20 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS2080ARDB=y +# CONFIG_SYS_MALLOC_F is not set +CONFIG_DM_SPI=y +CONFIG_DM_SPI_FLASH=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-rdb" +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2080A, SECURE_BOOT" +# CONFIG_CMD_SETEXPR is not set +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_NETDEVICES=y +CONFIG_E1000=y +CONFIG_SYS_NS16550=y +CONFIG_FSL_DSPI=y +CONFIG_RSA=y diff --git a/configs/ls2085aqds_SECURE_BOOT_defconfig b/configs/ls2085aqds_SECURE_BOOT_defconfig new file mode 100644 index 0000000..f13ee41 --- /dev/null +++ b/configs/ls2085aqds_SECURE_BOOT_defconfig @@ -0,0 +1,20 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS2080AQDS=y +# CONFIG_SYS_MALLOC_F is not set +CONFIG_DM_SPI=y +CONFIG_DM_SPI_FLASH=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-qds" +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2085A, SECURE_BOOT" +# CONFIG_CMD_SETEXPR is not set +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_NETDEVICES=y +CONFIG_E1000=y +CONFIG_SYS_NS16550=y +CONFIG_FSL_DSPI=y +CONFIG_RSA=y diff --git a/configs/ls2085ardb_SECURE_BOOT_defconfig b/configs/ls2085ardb_SECURE_BOOT_defconfig new file mode 100644 index 0000000..aa66508 --- /dev/null +++ b/configs/ls2085ardb_SECURE_BOOT_defconfig @@ -0,0 +1,20 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS2080ARDB=y +# CONFIG_SYS_MALLOC_F is not set +CONFIG_DM_SPI=y +CONFIG_DM_SPI_FLASH=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-rdb" +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2085A, SECURE_BOOT" +# CONFIG_CMD_SETEXPR is not set +CONFIG_OF_CONTROL=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DM=y +CONFIG_NETDEVICES=y +CONFIG_E1000=y +CONFIG_SYS_NS16550=y +CONFIG_FSL_DSPI=y +CONFIG_RSA=y diff --git a/include/configs/ls2080aqds.h b/include/configs/ls2080aqds.h index dab3820..91fad0a 100644 --- a/include/configs/ls2080aqds.h +++ b/include/configs/ls2080aqds.h @@ -399,4 +399,6 @@ unsigned long get_board_ddr_clk(void); #define CONFIG_USB_STORAGE #define CONFIG_CMD_EXT2 +#include + #endif /* __LS2_QDS_H */ diff --git a/include/configs/ls2080ardb.h b/include/configs/ls2080ardb.h index 59a3f66..ce1d900 100644 --- a/include/configs/ls2080ardb.h +++ b/include/configs/ls2080ardb.h @@ -363,4 +363,6 @@ unsigned long get_board_sys_clk(void); #define CONFIG_PHY_AQUANTIA #endif +#include + #endif /* __LS2_RDB_H */ -- cgit v0.10.2 From 216e93a18565c53818c1aee7664401f994b3f3eb Mon Sep 17 00:00:00 2001 From: Saksham Jain Date: Wed, 23 Mar 2016 16:24:36 +0530 Subject: armv8: ls2080: Add bootscript header addr for secure boot During secure boot, Linux image along with other images are validated using bootscript. This bootscript also needs to be validated before it executes. This requires a header for bootscript. When secure boot is enabled, default bootcmd is changed to first validate bootscript using the header and then execute the script. For ls2080, NOR memory map is different from other ARM SoCs. So a new address on NOR is used for this bootscript header (0x583920000). The Bootscript address is mentioned in this header along with addresses of other images. Signed-off-by: Aneesh Bansal Signed-off-by: Saksham Jain Reviewed-by: York Sun diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index b745194..5575934 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -58,7 +58,11 @@ "setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';" /* The address needs to be modified according to NOR memory map */ +#if defined(CONFIG_LS2080A) || defined(CONFIG_LS2085A) +#define CONFIG_BOOTSCRIPT_HDR_ADDR 0x583920000 +#else #define CONFIG_BOOTSCRIPT_HDR_ADDR 0x600a0000 +#endif #include #endif /* #ifdef CONFIG_CHAIN_OF_TRUST */ -- cgit v0.10.2 From 3f701cc50a2e329e8437330bdd7316b48bd06cb8 Mon Sep 17 00:00:00 2001 From: Saksham Jain Date: Wed, 23 Mar 2016 16:24:37 +0530 Subject: armv8: fsl-lsch3: Copy Bootscript and header from NOR to DDR To unify steps for secure boot for xip (eg. NOR) and non-xip memories (eg. NAND, SD), bootscipts and its header are copied to main memory. Validation and execution are performed from there. For other ARM Platforms (ls1043 and ls1020), to avoid disruption of existing users, this copy step is not used for NOR boot. Signed-off-by: Aneesh Bansal Signed-off-by: Saksham Jain Reviewed-by: York Sun diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index 5575934..4d04eea 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -57,11 +57,33 @@ "setenv initrd_high 0xcfffffff;" \ "setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';" -/* The address needs to be modified according to NOR memory map */ +/* Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from + * Non-XIP Memory (Nand/SD)*/ +#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_LS2080A) ||\ + defined(CONFIG_LS2085A) +#define CONFIG_BOOTSCRIPT_COPY_RAM +#endif +/* The address needs to be modified according to NOR and DDR memory map */ #if defined(CONFIG_LS2080A) || defined(CONFIG_LS2085A) -#define CONFIG_BOOTSCRIPT_HDR_ADDR 0x583920000 +#define CONFIG_BS_HDR_ADDR_FLASH 0x583920000 +#define CONFIG_BS_ADDR_FLASH 0x583900000 +#define CONFIG_BS_HDR_ADDR_RAM 0xa3920000 +#define CONFIG_BS_ADDR_RAM 0xa3900000 +#else +#define CONFIG_BS_HDR_ADDR_FLASH 0x600a0000 +#define CONFIG_BS_ADDR_FLASH 0x60060000 +#define CONFIG_BS_HDR_ADDR_RAM 0xa0060000 +#define CONFIG_BS_ADDR_RAM 0xa0060000 +#endif + +#ifdef CONFIG_BOOTSCRIPT_COPY_RAM +#define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_RAM +#define CONFIG_BS_HDR_SIZE 0x00002000 +#define CONFIG_BOOTSCRIPT_ADDR CONFIG_BS_ADDR_RAM +#define CONFIG_BS_SIZE 0x00001000 #else -#define CONFIG_BOOTSCRIPT_HDR_ADDR 0x600a0000 +#define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_FLASH +/* BS_HDR_SIZE, BOOTSCRIPT_ADDR and BS_SIZE are not required */ #endif #include diff --git a/include/config_fsl_chain_trust.h b/include/config_fsl_chain_trust.h index 45dda56..aa222bb 100644 --- a/include/config_fsl_chain_trust.h +++ b/include/config_fsl_chain_trust.h @@ -65,8 +65,6 @@ "esbc_halt\0" #endif -/* For secure boot flow, default environment used will be used */ -#if defined(CONFIG_SYS_RAMBOOT) #ifdef CONFIG_BOOTSCRIPT_COPY_RAM #define CONFIG_BS_COPY_ENV \ "setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \ @@ -76,14 +74,19 @@ "setenv bs_flash " __stringify(CONFIG_BS_ADDR_FLASH)";" \ "setenv bs_size " __stringify(CONFIG_BS_SIZE)";" +/* For secure boot flow, default environment used will be used */ +#if defined(CONFIG_SYS_RAMBOOT) #if defined(CONFIG_RAMBOOT_NAND) #define CONFIG_BS_COPY_CMD \ "nand read $bs_hdr_ram $bs_hdr_flash $bs_hdr_size ;" \ "nand read $bs_ram $bs_flash $bs_size ;" #endif /* CONFIG_RAMBOOT_NAND */ -#endif /* CONFIG_BOOTSCRIPT_COPY_RAM */ - +#else +#define CONFIG_BS_COPY_CMD \ + "cp.b $bs_hdr_flash $bs_hdr_ram $bs_hdr_size ;" \ + "cp.b $bs_flash $bs_ram $bs_size ;" #endif +#endif /* CONFIG_BOOTSCRIPT_COPY_RAM */ #ifndef CONFIG_BS_COPY_ENV #define CONFIG_BS_COPY_ENV -- cgit v0.10.2 From bef238cb1e87f36bfbc7495b9eb933d06ce278ec Mon Sep 17 00:00:00 2001 From: Saksham Jain Date: Wed, 23 Mar 2016 16:24:38 +0530 Subject: armv8: ls2080: Change env variable "fdt_high" "fdt_high" env variable was set to 0xcfffffff for secure boot. Change it to 0xa0000000 for LS2080 to be consistent with non-secure boot targets. Signed-off-by: Aneesh Bansal Signed-off-by: Saksham Jain Reviewed-by: York Sun diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index 4d04eea..d576f2e 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -52,10 +52,17 @@ #define CONFIG_ESBC_ADDR_64BIT #endif +#if defined(CONFIG_LS2080A) || defined(CONFIG_LS2085A) +#define CONFIG_EXTRA_ENV \ + "setenv fdt_high 0xa0000000;" \ + "setenv initrd_high 0xcfffffff;" \ + "setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';" +#else #define CONFIG_EXTRA_ENV \ "setenv fdt_high 0xcfffffff;" \ "setenv initrd_high 0xcfffffff;" \ "setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';" +#endif /* Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from * Non-XIP Memory (Nand/SD)*/ -- cgit v0.10.2 From 809d343a1a778e68d519c04e01118bd8eb990eff Mon Sep 17 00:00:00 2001 From: Saksham Jain Date: Wed, 23 Mar 2016 16:24:39 +0530 Subject: armv8: ls2080: Add config for endianess of CCSR GUR The GUR (DCFG) registers in CCSR space are in little endian format. Define a config CONFIG_SYS_FSL_CCSR_GUR_LE in arch/arm/include/asm/arch-fsl-layerscape/config.h Signed-off-by: Aneesh Bansal Signed-off-by: Saksham Jain Reviewed-by: York Sun diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h b/arch/arm/include/asm/arch-fsl-layerscape/config.h index cc25811..ceefe43 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/config.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h @@ -82,6 +82,9 @@ /* Secure Boot */ #define CONFIG_ESBC_HDR_LS +/* DCFG - GUR */ +#define CONFIG_SYS_FSL_CCSR_GUR_LE + /* Cache Coherent Interconnect */ #define CCI_MN_BASE 0x04000000 #define CCI_MN_RNF_NODEID_LIST 0x180 -- cgit v0.10.2 From 4a97a0c91d25763d7c3af5530c5e89f53fee7643 Mon Sep 17 00:00:00 2001 From: Saksham Jain Date: Wed, 23 Mar 2016 16:24:40 +0530 Subject: armv8: fsl-lsch3: Disable SMMU during secure boot During secure boot, SMMU is enabled on POR by SP bootrom. SMMU needs to be put in bypass mode in uboot to enable CAAM transcations to pass through. For non-secure boot, SP BootROM doesn't enable SMMU, which is in bypass mode out of reset. Signed-off-by: Aneesh Bansal Signed-off-by: Saksham Jain Reviewed-by: York Sun diff --git a/arch/arm/cpu/armv8/fsl-layerscape/soc.c b/arch/arm/cpu/armv8/fsl-layerscape/soc.c index bf04742..a76447e 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/soc.c +++ b/arch/arm/cpu/armv8/fsl-layerscape/soc.c @@ -151,7 +151,14 @@ static void erratum_a009203(void) #endif #endif } - +void bypass_smmu(void) +{ + u32 val; + val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK); + out_le32(SMMU_SCR0, val); + val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK); + out_le32(SMMU_NSCR0, val); +} void fsl_lsch3_early_init_f(void) { erratum_a008751(); @@ -160,6 +167,15 @@ void fsl_lsch3_early_init_f(void) erratum_a009203(); erratum_a008514(); erratum_a008336(); +#ifdef CONFIG_CHAIN_OF_TRUST + /* In case of Secure Boot, the IBR configures the SMMU + * to allow only Secure transactions. + * SMMU must be reset in bypass mode. + * Set the ClientPD bit and Clear the USFCFG Bit + */ + if (fsl_check_boot_mode_secure() == 1) + bypass_smmu(); +#endif } #ifdef CONFIG_SCSI_AHCI_PLAT diff --git a/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch3.h b/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch3.h index e8e3b91..4f0fdfd 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch3.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch3.h @@ -83,6 +83,21 @@ /* Security Monitor */ #define CONFIG_SYS_SEC_MON_ADDR (CONFIG_SYS_IMMR + 0x00e90000) +/* MMU 500 */ +#define SMMU_SCR0 (SMMU_BASE + 0x0) +#define SMMU_SCR1 (SMMU_BASE + 0x4) +#define SMMU_SCR2 (SMMU_BASE + 0x8) +#define SMMU_SACR (SMMU_BASE + 0x10) +#define SMMU_IDR0 (SMMU_BASE + 0x20) +#define SMMU_IDR1 (SMMU_BASE + 0x24) + +#define SMMU_NSCR0 (SMMU_BASE + 0x400) +#define SMMU_NSCR2 (SMMU_BASE + 0x408) +#define SMMU_NSACR (SMMU_BASE + 0x410) + +#define SCR0_CLIENTPD_MASK 0x00000001 +#define SCR0_USFCFG_MASK 0x00000400 + /* PCIe */ #define CONFIG_SYS_PCIE1_ADDR (CONFIG_SYS_IMMR + 0x2400000) -- cgit v0.10.2 From 69b6a796f7a7cf2a7946e07e32346bf5595829d5 Mon Sep 17 00:00:00 2001 From: Saksham Jain Date: Wed, 23 Mar 2016 16:24:41 +0530 Subject: crypto/fsl: Correct 64-bit write when MMU disabled When MMU is disabled, 64-bit write must be aligned at 64-bit boundary. Becaue the memory location is not guaranteed to be 64-bit aligned, the 64-bit write needs to be split into two 32-bit writes to avoid the alignment exception. Signed-off-by: Aneesh Bansal Signed-off-by: Saksham Jain Reviewed-by: York Sun diff --git a/drivers/crypto/fsl/desc_constr.h b/drivers/crypto/fsl/desc_constr.h index 4ea93b0..7dad753 100644 --- a/drivers/crypto/fsl/desc_constr.h +++ b/drivers/crypto/fsl/desc_constr.h @@ -112,10 +112,9 @@ static inline void append_ptr(u32 *desc, dma_addr_t ptr) #ifdef CONFIG_PHYS_64BIT /* The Position of low and high part of 64 bit address * will depend on the endianness of CAAM Block */ - union ptr_addr_t ptr_addr; - ptr_addr.m_halfs.high = (u32)(ptr >> 32); - ptr_addr.m_halfs.low = (u32)ptr; - *offset = ptr_addr.m_whole; + union ptr_addr_t *ptr_addr = (union ptr_addr_t *)offset; + ptr_addr->m_halfs.high = (u32)(ptr >> 32); + ptr_addr->m_halfs.low = (u32)ptr; #else *offset = ptr; #endif -- cgit v0.10.2 From 8a6f83dcb8638e34c264e6ee8ee5699975de68a0 Mon Sep 17 00:00:00 2001 From: Saksham Jain Date: Wed, 23 Mar 2016 16:24:42 +0530 Subject: crypto/fsl: Make CAAM transactions cacheable This commit solves CAAM coherency issue on ls2080. When caches are enabled and CAAM's DMA's AXI transcations are not made cacheable, Core reads/writes data from/to caches and CAAM does from main memory. This forces data flushes to synchronize various data structures. But even if any data in proximity of these structures is read by core, these structures again are fetched in caches. To avoid this problem, either all the data that CAAM accesses can be made cache line aligned or CAAM transcations can be made cacheable. So, this commit makes CAAM transcations as write back with write and read allocate. Signed-off-by: Saksham Jain Reviewed-by: York Sun diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index 93c2471..3fc418a 100644 --- a/drivers/crypto/fsl/jr.c +++ b/drivers/crypto/fsl/jr.c @@ -543,7 +543,20 @@ int sec_init(void) uint32_t liodn_s; #endif + /* + * Modifying CAAM Read/Write Attributes + * For LS2080A and LS2085A + * For AXI Write - Cacheable, Write Back, Write allocate + * For AXI Read - Cacheable, Read allocate + * Only For LS2080a and LS2085a, to solve CAAM coherency issues + */ +#if defined(CONFIG_LS2080A) || defined(CONFIG_LS2085A) + mcr = (mcr & ~MCFGR_AWCACHE_MASK) | (0xb << MCFGR_AWCACHE_SHIFT); + mcr = (mcr & ~MCFGR_ARCACHE_MASK) | (0x6 << MCFGR_ARCACHE_SHIFT); +#else mcr = (mcr & ~MCFGR_AWCACHE_MASK) | (0x2 << MCFGR_AWCACHE_SHIFT); +#endif + #ifdef CONFIG_PHYS_64BIT mcr |= (1 << MCFGR_PS_SHIFT); #endif diff --git a/drivers/crypto/fsl/jr.h b/drivers/crypto/fsl/jr.h index 545d964..1642dbb 100644 --- a/drivers/crypto/fsl/jr.h +++ b/drivers/crypto/fsl/jr.h @@ -23,6 +23,9 @@ #define MCFGR_PS_SHIFT 16 #define MCFGR_AWCACHE_SHIFT 8 #define MCFGR_AWCACHE_MASK (0xf << MCFGR_AWCACHE_SHIFT) +#define MCFGR_ARCACHE_SHIFT 12 +#define MCFGR_ARCACHE_MASK (0xf << MCFGR_ARCACHE_SHIFT) + #define JR_INTMASK 0x00000001 #define JRCR_RESET 0x01 #define JRINT_ERR_HALT_INPROGRESS 0x4 -- cgit v0.10.2 From 2bfe4890856c94d939e193999dccdc75afc5c5bd Mon Sep 17 00:00:00 2001 From: Saksham Jain Date: Wed, 23 Mar 2016 16:24:43 +0530 Subject: SECURE_BOOT: Use default bootargs For secure boot, currently we were using fixed bootargs for all SoCs. This is not needed and we can use the bootargs which are used in non-secure boot. Signed-off-by: Aneesh Bansal Signed-off-by: Saksham Jain Reviewed-by: York Sun diff --git a/include/config_fsl_chain_trust.h b/include/config_fsl_chain_trust.h index aa222bb..566fd80 100644 --- a/include/config_fsl_chain_trust.h +++ b/include/config_fsl_chain_trust.h @@ -44,11 +44,18 @@ * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b" */ +#ifdef CONFIG_BOOTARGS +#define CONFIG_SET_BOOTARGS "setenv bootargs \'" CONFIG_BOOTARGS" \';" +#else +#define CONFIG_SET_BOOTARGS "setenv bootargs \'root=/dev/ram " \ + "rw console=ttyS0,115200 ramdisk_size=600000\';" +#endif + + #ifdef CONFIG_BOOTSCRIPT_KEY_HASH #define CONFIG_SECBOOT \ "setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \ - "setenv bootargs \'root=/dev/ram rw console=ttyS0,115200 " \ - "ramdisk_size=600000\';" \ + CONFIG_SET_BOOTARGS \ CONFIG_EXTRA_ENV \ "esbc_validate $bs_hdraddr " \ __stringify(CONFIG_BOOTSCRIPT_KEY_HASH)";" \ @@ -57,8 +64,7 @@ #else #define CONFIG_SECBOOT \ "setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \ - "setenv bootargs \'root=/dev/ram rw console=ttyS0,115200 " \ - "ramdisk_size=600000\';" \ + CONFIG_SET_BOOTARGS \ CONFIG_EXTRA_ENV \ "esbc_validate $bs_hdraddr;" \ "source $img_addr;" \ -- cgit v0.10.2 From c4666cf6954a28ade5a8550505d5bc25dc7f92d7 Mon Sep 17 00:00:00 2001 From: Saksham Jain Date: Wed, 23 Mar 2016 16:24:44 +0530 Subject: SECURE BOOT: Halt execution when secure boot fail In case of fatal failure during secure boot execution (e.g. header not found), reset is asserted to stop execution. If the RESET_REQ is not tied to HRESET, this allows the execution to continue. Add esbh_halt() after the reset to make sure execution stops. Signed-off-by: Aneesh Bansal Signed-off-by: Saksham Jain Reviewed-by: York Sun diff --git a/board/freescale/common/cmd_esbc_validate.c b/board/freescale/common/cmd_esbc_validate.c index dfa3e21..375bc24 100644 --- a/board/freescale/common/cmd_esbc_validate.c +++ b/board/freescale/common/cmd_esbc_validate.c @@ -8,7 +8,7 @@ #include #include -static int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc, +int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { if (fsl_check_boot_mode_secure() == 0) { diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c index c12b9c9..95059c7 100644 --- a/board/freescale/common/fsl_validate.c +++ b/board/freescale/common/fsl_validate.c @@ -325,6 +325,8 @@ static void fsl_secboot_header_verification_failure(void) printf("Generating reset request\n"); do_reset(NULL, 0, 0, NULL); + /* If reset doesn't coocur, halt execution */ + do_esbc_halt(NULL, 0, 0, NULL); } /* @@ -355,6 +357,9 @@ static void fsl_secboot_image_verification_failure(void) printf("Generating reset request\n"); do_reset(NULL, 0, 0, NULL); + /* If reset doesn't coocur, halt execution */ + do_esbc_halt(NULL, 0, 0, NULL); + } else { change_sec_mon_state(HPSR_SSM_ST_TRUST, HPSR_SSM_ST_NON_SECURE); diff --git a/include/fsl_validate.h b/include/fsl_validate.h index f812c1a..ff6f6b7 100644 --- a/include/fsl_validate.h +++ b/include/fsl_validate.h @@ -242,6 +242,9 @@ struct fsl_secboot_img_priv { uint32_t img_size; /* ESBC Image Size */ }; +int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc, + char * const argv[]); + int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, uintptr_t img_loc); int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc, -- cgit v0.10.2 From 85bb38965431424d4e4a7b5030cc589a3401a988 Mon Sep 17 00:00:00 2001 From: Saksham Jain Date: Wed, 23 Mar 2016 16:24:45 +0530 Subject: SECURE BOOT: Change fsl_secboot_validate func to pass image addr Use a pointer to pass image address to fsl_secboot_validate(), instead of using environmental variable "img_addr". Signed-off-by: Aneesh Bansal Signed-off-by: Saksham Jain Reviewed-by: York Sun diff --git a/board/freescale/common/cmd_esbc_validate.c b/board/freescale/common/cmd_esbc_validate.c index 375bc24..cefe3cc 100644 --- a/board/freescale/common/cmd_esbc_validate.c +++ b/board/freescale/common/cmd_esbc_validate.c @@ -29,6 +29,8 @@ static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag, int argc, char *hash_str = NULL; uintptr_t haddr; int ret; + uintptr_t img_addr = 0; + char buf[20]; if (argc < 2) return cmd_usage(cmdtp); @@ -43,7 +45,15 @@ static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag, int argc, * part of header. So, the function is called * by passing this argument as 0. */ - ret = fsl_secboot_validate(haddr, hash_str, 0); + ret = fsl_secboot_validate(haddr, hash_str, &img_addr); + + /* Need to set "img_addr" even if validation failure. + * Required when SB_EN in RCW set and non-fatal error + * to continue U-Boot + */ + sprintf(buf, "%lx", img_addr); + setenv("img_addr", buf); + if (ret) return 1; diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c index 95059c7..64e4e30 100644 --- a/board/freescale/common/fsl_validate.c +++ b/board/freescale/common/fsl_validate.c @@ -570,7 +570,7 @@ static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img) /* Update hash for actual Image */ ret = algo->hash_update(algo, ctx, - (u8 *)img->img_addr, img->img_size, 1); + (u8 *)(*(img->img_addr_ptr)), img->img_size, 1); if (ret) return ret; @@ -646,7 +646,6 @@ static void construct_img_encoded_hash_second(struct fsl_secboot_img_priv *img) */ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) { - char buf[20]; struct fsl_secboot_img_hdr *hdr = &img->hdr; void *esbc = (u8 *)(uintptr_t)img->ehdrloc; u8 *k, *s; @@ -661,17 +660,14 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) /* If Image Address is not passed as argument to function, * then Address and Size must be read from the Header. */ - if (img->img_addr == 0) { + if (*(img->img_addr_ptr) == 0) { #ifdef CONFIG_ESBC_ADDR_64BIT - img->img_addr = hdr->pimg64; + *(img->img_addr_ptr) = hdr->pimg64; #else - img->img_addr = hdr->pimg; + *(img->img_addr_ptr) = hdr->pimg; #endif } - sprintf(buf, "%lx", img->img_addr); - setenv("img_addr", buf); - if (!hdr->img_size) return ERROR_ESBC_CLIENT_HEADER_IMG_SIZE; @@ -814,9 +810,17 @@ static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img) return 0; } - +/* haddr - Address of the header of image to be validated. + * arg_hash_str - Option hash string. If provided, this + * overides the key hash in the SFP fuses. + * img_addr_ptr - Optional pointer to address of image to be validated. + * If non zero addr, this overides the addr of image in header, + * otherwise updated to image addr in header. + * Acts as both input and output of function. + * This pointer shouldn't be NULL. + */ int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, - uintptr_t img_addr) + uintptr_t *img_addr_ptr) { struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); ulong hash[SHA256_BYTES/sizeof(ulong)]; @@ -869,7 +873,7 @@ int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, /* Update the information in Private Struct */ hdr = &img->hdr; img->ehdrloc = haddr; - img->img_addr = img_addr; + img->img_addr_ptr = img_addr_ptr; esbc = (u8 *)img->ehdrloc; memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr)); diff --git a/include/fsl_validate.h b/include/fsl_validate.h index ff6f6b7..a71e1ce 100644 --- a/include/fsl_validate.h +++ b/include/fsl_validate.h @@ -238,7 +238,7 @@ struct fsl_secboot_img_priv { struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */ uintptr_t ehdrloc; /* ESBC Header location */ - uintptr_t img_addr; /* ESBC Image Location */ + uintptr_t *img_addr_ptr; /* ESBC Image Location */ uint32_t img_size; /* ESBC Image Size */ }; @@ -246,7 +246,7 @@ int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]); int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, - uintptr_t img_loc); + uintptr_t *img_addr_ptr); int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]); int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc, -- cgit v0.10.2 From 16cee521384aa901a652fa3e4703e2d55518a9fe Mon Sep 17 00:00:00 2001 From: Mingkai Hu Date: Wed, 23 Mar 2016 19:10:42 +0800 Subject: armv8: fsl-layerscape: Fix LS1043A SVR register Signed-off-by: Mingkai Hu Signed-off-by: Gong Qianyu Reviewed-by: York Sun diff --git a/arch/arm/include/asm/arch-fsl-layerscape/soc.h b/arch/arm/include/asm/arch-fsl-layerscape/soc.h index ea78e15..512a8e0 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/soc.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/soc.h @@ -41,7 +41,7 @@ struct cpu_type { { .name = #n, .soc_ver = SVR_##v, .num_cores = (nc)} #define SVR_WO_E 0xFFFFFE -#define SVR_LS1043 0x879204 +#define SVR_LS1043 0x879200 #define SVR_LS2045 0x870120 #define SVR_LS2080 0x870110 #define SVR_LS2085 0x870100 -- cgit v0.10.2 From d91721d4ac90f45fbfbbf06d0fbb8b671a964693 Mon Sep 17 00:00:00 2001 From: Mingkai Hu Date: Wed, 23 Mar 2016 19:10:43 +0800 Subject: armv8: fsl-layerscape: Add LS1023A SVR Signed-off-by: Mingkai Hu Signed-off-by: Gong Qianyu Reviewed-by: York Sun diff --git a/arch/arm/include/asm/arch-fsl-layerscape/cpu.h b/arch/arm/include/asm/arch-fsl-layerscape/cpu.h index 93bbda3..f75faa6 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/cpu.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/cpu.h @@ -12,6 +12,7 @@ static struct cpu_type cpu_type_list[] = { CPU_TYPE_ENTRY(LS2085, LS2085, 8), CPU_TYPE_ENTRY(LS2045, LS2045, 4), CPU_TYPE_ENTRY(LS1043, LS1043, 4), + CPU_TYPE_ENTRY(LS1023, LS1023, 2), CPU_TYPE_ENTRY(LS2040, LS2040, 4), }; diff --git a/arch/arm/include/asm/arch-fsl-layerscape/soc.h b/arch/arm/include/asm/arch-fsl-layerscape/soc.h index 512a8e0..56989e1 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/soc.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/soc.h @@ -42,6 +42,7 @@ struct cpu_type { #define SVR_WO_E 0xFFFFFE #define SVR_LS1043 0x879200 +#define SVR_LS1023 0x879208 #define SVR_LS2045 0x870120 #define SVR_LS2080 0x870110 #define SVR_LS2085 0x870100 -- cgit v0.10.2 From 2ef846e45cf0dbb9fb7d183266e4d57446592177 Mon Sep 17 00:00:00 2001 From: Qianyu Gong Date: Wed, 23 Mar 2016 19:11:36 +0800 Subject: armv8/ls1043aqds: dts: Set SPI mode for DSPI Clock phase and polarity for DSPI flash need to be set. Signed-off-by: Gong Qianyu Reviewed-by: York Sun diff --git a/arch/arm/dts/fsl-ls1043a-qds.dtsi b/arch/arm/dts/fsl-ls1043a-qds.dtsi index 66efe67..2e9f1f9 100644 --- a/arch/arm/dts/fsl-ls1043a-qds.dtsi +++ b/arch/arm/dts/fsl-ls1043a-qds.dtsi @@ -28,8 +28,10 @@ #address-cells = <1>; #size-cells = <1>; compatible = "spi-flash"; - reg = <0>; spi-max-frequency = <1000000>; /* input clock */ + spi-cpol; + spi-cpha; + reg = <0>; }; dflash1: sst25wf040b { @@ -37,6 +39,8 @@ #size-cells = <1>; compatible = "spi-flash"; spi-max-frequency = <3500000>; + spi-cpol; + spi-cpha; reg = <1>; }; @@ -45,6 +49,8 @@ #size-cells = <1>; compatible = "spi-flash"; spi-max-frequency = <3500000>; + spi-cpol; + spi-cpha; reg = <2>; }; }; -- cgit v0.10.2 From ed2530d0963196a7175058ed9b5e6cbc29822f7f Mon Sep 17 00:00:00 2001 From: Rai Harninder Date: Wed, 23 Mar 2016 17:04:38 +0530 Subject: armv8/ls2080ardb: Enable VID support This patch enable VID support for ls2080ardb platform. It uses the common VID driver. Signed-off-by: Rai Harninder Reviewed-by: York Sun diff --git a/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch3.h b/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch3.h index 4f0fdfd..1d3b336 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch3.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch3.h @@ -180,6 +180,10 @@ struct ccsr_gur { u8 res_008[0x20-0x8]; u32 gpporcr1; /* General-purpose POR configuration */ u32 gpporcr2; /* General-purpose POR configuration 2 */ +#define FSL_CHASSIS3_DCFG_FUSESR_VID_SHIFT 25 +#define FSL_CHASSIS3_DCFG_FUSESR_VID_MASK 0x1F +#define FSL_CHASSIS3_DCFG_FUSESR_ALTVID_SHIFT 20 +#define FSL_CHASSIS3_DCFG_FUSESR_ALTVID_MASK 0x1F u32 dcfg_fusesr; /* Fuse status register */ u32 gpporcr3; u32 gpporcr4; diff --git a/board/freescale/common/vid.c b/board/freescale/common/vid.c index a6a132a..2f29795 100644 --- a/board/freescale/common/vid.c +++ b/board/freescale/common/vid.c @@ -10,6 +10,8 @@ #include #ifdef CONFIG_LS1043A #include +#elif defined(CONFIG_FSL_LSCH3) +#include #else #include #endif @@ -285,7 +287,7 @@ static int set_voltage(int i2caddress, int vdd) int adjust_vdd(ulong vdd_override) { int re_enable = disable_interrupts(); -#ifdef CONFIG_LS1043A +#if defined(CONFIG_LS1043A) || defined(CONFIG_FSL_LSCH3) struct ccsr_gur *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR); #else ccsr_gur_t __iomem *gur = @@ -362,7 +364,11 @@ int adjust_vdd(ulong vdd_override) } /* get the voltage ID from fuse status register */ +#ifdef CONFIG_FSL_LSCH3 + fusesr = in_le32(&gur->dcfg_fusesr); +#else fusesr = in_be32(&gur->dcfg_fusesr); +#endif /* * VID is used according to the table below * --------------------------------------- @@ -387,6 +393,13 @@ int adjust_vdd(ulong vdd_override) vid = (fusesr >> FSL_CHASSIS2_DCFG_FUSESR_VID_SHIFT) & FSL_CHASSIS2_DCFG_FUSESR_VID_MASK; } +#elif defined(CONFIG_FSL_LSCH3) + vid = (fusesr >> FSL_CHASSIS3_DCFG_FUSESR_ALTVID_SHIFT) & + FSL_CHASSIS3_DCFG_FUSESR_ALTVID_MASK; + if ((vid == 0) || (vid == FSL_CHASSIS3_DCFG_FUSESR_ALTVID_MASK)) { + vid = (fusesr >> FSL_CHASSIS3_DCFG_FUSESR_VID_SHIFT) & + FSL_CHASSIS3_DCFG_FUSESR_VID_MASK; + } #else vid = (fusesr >> FSL_CORENET_DCFG_FUSESR_ALTVID_SHIFT) & FSL_CORENET_DCFG_FUSESR_ALTVID_MASK; diff --git a/board/freescale/ls2080ardb/ls2080ardb.c b/board/freescale/ls2080ardb/ls2080ardb.c index ec4b74c..8201048 100644 --- a/board/freescale/ls2080ardb/ls2080ardb.c +++ b/board/freescale/ls2080ardb/ls2080ardb.c @@ -22,6 +22,7 @@ #include "../common/qixis.h" #include "ls2080ardb_qixis.h" +#include "../common/vid.h" #define PIN_MUX_SEL_SDHC 0x00 #define PIN_MUX_SEL_DSPI 0x0a @@ -123,6 +124,11 @@ int select_i2c_ch_pca9547(u8 ch) return 0; } +int i2c_multiplexer_select_vid_channel(u8 channel) +{ + return select_i2c_ch_pca9547(channel); +} + int config_board_mux(int ctrl_type) { u8 reg5; @@ -189,6 +195,9 @@ int misc_init_r(void) if (hwconfig("sdhc")) config_board_mux(MUX_TYPE_SDHC); + if (adjust_vdd(0)) + printf("Warning: Adjusting core voltage failed.\n"); + return 0; } diff --git a/include/configs/ls2080ardb.h b/include/configs/ls2080ardb.h index ce1d900..15a1172 100644 --- a/include/configs/ls2080ardb.h +++ b/include/configs/ls2080ardb.h @@ -14,6 +14,22 @@ #define CONFIG_DISPLAY_BOARDINFO +#define I2C_MUX_CH_VOL_MONITOR 0xa +#define I2C_VOL_MONITOR_ADDR 0x38 +#define CONFIG_VOL_MONITOR_IR36021_READ +#define CONFIG_VOL_MONITOR_IR36021_SET + +#define CONFIG_VID_FLS_ENV "ls2080ardb_vdd_mv" +#ifndef CONFIG_SPL_BUILD +#define CONFIG_VID +#endif +/* step the IR regulator in 5mV increments */ +#define IR_VDD_STEP_DOWN 5 +#define IR_VDD_STEP_UP 5 +/* The lowest and highest voltage allowed for LS2080ARDB */ +#define VDD_MV_MIN 819 +#define VDD_MV_MAX 1212 + #ifndef __ASSEMBLY__ unsigned long get_board_sys_clk(void); #endif -- cgit v0.10.2