From 6525ac8b91220342e476cedd4bd7e71fc6542a47 Mon Sep 17 00:00:00 2001 From: Evert Pap Date: Thu, 22 Sep 2016 10:09:53 +0200 Subject: Add secure boot support for simc-t1040 diff --git a/board/scalys/common/Makefile b/board/scalys/common/Makefile index 92c36e7..df3ebb8 100644 --- a/board/scalys/common/Makefile +++ b/board/scalys/common/Makefile @@ -9,3 +9,4 @@ obj-y += board_configuration_data.o ifdef CONFIG_SECURE_BOOT obj-$(CONFIG_CMD_ESBC_VALIDATE) += fsl_validate.o cmd_esbc_validate.o endif +obj-$(CONFIG_CHAIN_OF_TRUST) += fsl_chain_of_trust.o diff --git a/board/scalys/common/fsl_chain_of_trust.c b/board/scalys/common/fsl_chain_of_trust.c new file mode 100644 index 0000000..dea231b --- /dev/null +++ b/board/scalys/common/fsl_chain_of_trust.c @@ -0,0 +1,158 @@ +/* + * Copyright 2015 Freescale Semiconductor, Inc. + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include +#include +#include +#include +#include + +#if defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_FRAMEWORK) +#include +#endif + +#ifdef CONFIG_ADDR_MAP +#include +#endif + +#ifdef CONFIG_FSL_CORENET +#include +#endif + +#ifdef CONFIG_LS102XA +#include +#endif + +#if defined(CONFIG_MPC85xx) +#define CONFIG_DCFG_ADDR CONFIG_SYS_MPC85xx_GUTS_ADDR +#else +#define CONFIG_DCFG_ADDR CONFIG_SYS_FSL_GUTS_ADDR +#endif + +#ifdef CONFIG_SYS_FSL_CCSR_GUR_LE +#define gur_in32(a) in_le32(a) +#else +#define gur_in32(a) in_be32(a) +#endif + +/* Check the Boot Mode. If Secure, return 1 else return 0 */ +int fsl_check_boot_mode_secure(void) +{ + uint32_t val; + struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); + struct ccsr_gur __iomem *gur = (void *)(CONFIG_DCFG_ADDR); + + val = sfp_in32(&sfp_regs->ospr) & ITS_MASK; + if (val == ITS_MASK) + return 1; + +#if defined(CONFIG_FSL_CORENET) || !defined(CONFIG_MPC85xx) + /* For PBL based platforms check the SB_EN bit in RCWSR */ + val = gur_in32(&gur->rcwsr[RCW_SB_EN_REG_INDEX - 1]) & RCW_SB_EN_MASK; + if (val == RCW_SB_EN_MASK) + return 1; +#endif + +#if defined(CONFIG_MPC85xx) && !defined(CONFIG_FSL_CORENET) + /* For Non-PBL Platforms, check the Device Status register 2*/ + val = gur_in32(&gur->pordevsr2) & MPC85xx_PORDEVSR2_SBC_MASK; + if (val != MPC85xx_PORDEVSR2_SBC_MASK) + return 1; + +#endif + return 0; +} + +#ifndef CONFIG_SPL_BUILD +int fsl_setenv_chain_of_trust(void) +{ + /* Check Boot Mode + * If Boot Mode is Non-Secure, no changes are required + */ + if (fsl_check_boot_mode_secure() == 0) + return 0; + + /* If Boot mode is Secure, set the environment variables + * bootdelay = 0 (To disable Boot Prompt) + * bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script) + */ + setenv("bootdelay", "0"); + setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD); + return 0; +} +#endif + +#ifdef CONFIG_SPL_BUILD +void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr) +{ + int res; + + /* + * Check Boot Mode + * If Boot Mode is Non-Secure, skip validation + */ + if (fsl_check_boot_mode_secure() == 0) + return; + + printf("SPL: Validating U-Boot image\n"); + +#ifdef CONFIG_ADDR_MAP + init_addr_map(); +#endif + +#ifdef CONFIG_FSL_CORENET + if (pamu_init() < 0) + fsl_secboot_handle_error(ERROR_ESBC_PAMU_INIT); +#endif + +#ifdef CONFIG_FSL_CAAM + if (sec_init() < 0) + fsl_secboot_handle_error(ERROR_ESBC_SEC_INIT); +#endif + +/* + * dm_init_and_scan() is called as part of common SPL framework, so no + * need to call it again but in case of powerpc platforms which currently + * do not use common SPL framework, so need to call this function here. + */ +#if defined(CONFIG_SPL_DM) && (!defined(CONFIG_SPL_FRAMEWORK)) + dm_init_and_scan(true); +#endif + res = fsl_secboot_validate(hdr_addr, CONFIG_SPL_UBOOT_KEY_HASH, + &img_addr); + + if (res == 0) + printf("SPL: Validation of U-boot successful\n"); +} + +#ifdef CONFIG_SPL_FRAMEWORK +/* Override weak funtion defined in SPL framework to enable validation + * of main u-boot image before jumping to u-boot image. + */ +void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) +{ + typedef void __noreturn (*image_entry_noargs_t)(void); + uint32_t hdr_addr; + + image_entry_noargs_t image_entry = + (image_entry_noargs_t)(unsigned long)spl_image->entry_point; + + hdr_addr = (spl_image->entry_point + spl_image->size - + CONFIG_U_BOOT_HDR_SIZE); + spl_validate_uboot(hdr_addr, (uintptr_t)spl_image->entry_point); + /* + * In case of failure in validation, spl_validate_uboot would + * not return back in case of Production environment with ITS=1. + * Thus U-Boot will not start. + * In Development environment (ITS=0 and SB_EN=1), the function + * may return back in case of non-fatal failures. + */ + + debug("image entry point: 0x%X\n", spl_image->entry_point); + image_entry(); +} +#endif /* ifdef CONFIG_SPL_FRAMEWORK */ +#endif /* ifdef CONFIG_SPL_BUILD */ diff --git a/board/scalys/simc-t10xx/simc-t1040_nand_secure_rcw.cfg b/board/scalys/simc-t10xx/simc-t1040_nand_secure_rcw.cfg new file mode 100644 index 0000000..6a69289 --- /dev/null +++ b/board/scalys/simc-t10xx/simc-t1040_nand_secure_rcw.cfg @@ -0,0 +1,14 @@ +#PBL preamble and RCW header +AA55AA55 010E0100 +# +0A0C000C 0C000000 00000000 00000000 +# HOLDOFF E8705000 +# core 0 enabled E8305000 +# PBL disabled F8505000 +# PBL enabled E8705000 + +#Holdoff enabled, PBL enabled No secure boot E8505000 +#Holdoff enabled, PBL enabled with secure boot E8705000 +81000002 00400002 E8305000 21000000 +00000000 CAFEBABE 00000000 00030FFC +00000314 0014500C 00000000 00000000 \ No newline at end of file diff --git a/board/scalys/simc-t10xx/simc-t10xx_nand_secure_pbi.cfg b/board/scalys/simc-t10xx/simc-t10xx_nand_secure_pbi.cfg new file mode 100644 index 0000000..19dd100 --- /dev/null +++ b/board/scalys/simc-t10xx/simc-t10xx_nand_secure_pbi.cfg @@ -0,0 +1,46 @@ +#PBI commands +#Software Workaround for errata A-007662 to train PCIe2 controller in Gen2 speed +09250100 00000400 +09250108 00002000 +#Software Workaround for errata A-008007 to reset PVR register +09000010 0000000b +09000014 c0000000 +09000018 81d00017 +89020400 a1000000 +091380c0 000f0000 +89020400 00000000 +#Initialize CPC1 +09010000 00200400 +09138000 00000000 +091380c0 00000100 +#Configure CPC1 as 256KB SRAM +09010100 00000000 +09010104 bffc0007 +09010f00 08000000 +09010000 80000000 +#Configure LAW for CPC1 (LAW 13) +09000cd0 00000000 +09000cd4 bffc0000 +09000cd8 81000011 +#Configure alternate space +09000010 00000000 +09000014 bf000000 +09000018 81000000 +#Configure IFC controller +#(IFC_CSPR1) +09124010 ff8000c3 +# IFC_CSOR_NAND +09124130 0108a100 +#IFC_FTIM0_CS0_NAND to IFC_FTIM0_CS0_NAND +091241c0 181c080c +091241c4 3850141a +091241c8 03008028 +091241cc 28000000 +#Set IFC_CCR clkdiv to 6 (IFC clock to platform clock/6=83.3MHz) +0912444c 05008000 +#Flush PBL data (Wait 0xFFFFF cycles ) +091380c0 000fffff +#Write Scratch Registers to setup pointer to ESBC +090e0200 bffd0000 +#Flush PBL data (Wait 0xFFFFF cycles ) +091380c0 000fffff \ No newline at end of file diff --git a/board/scalys/simc-t10xx/tlb.c b/board/scalys/simc-t10xx/tlb.c index 1890034..fa2dccb 100644 --- a/board/scalys/simc-t10xx/tlb.c +++ b/board/scalys/simc-t10xx/tlb.c @@ -31,7 +31,8 @@ struct fsl_e_tlb_entry tlb_table[] = { /* TLB 1 */ /* *I*** - Covers boot page */ -#if defined(CONFIG_SYS_RAMBOOT) && defined(CONFIG_SYS_INIT_L3_ADDR) +#if defined(CONFIG_SYS_RAMBOOT) && defined(CONFIG_SYS_INIT_L3_ADDR) && \ + !defined(CONFIG_SECURE_BOOT) /* * *I*G - L3SRAM. When L3 is used as 256K SRAM, the address of the * SRAM is at 0xfffc0000, it covered the 0xfffff000. @@ -39,6 +40,18 @@ struct fsl_e_tlb_entry tlb_table[] = { SET_TLB_ENTRY(1, CONFIG_SYS_INIT_L3_ADDR, CONFIG_SYS_INIT_L3_ADDR, MAS3_SX|MAS3_SW|MAS3_SR, MAS2_I|MAS2_G, 0, 0, BOOKE_PAGESZ_256K, 1), + +#elif defined(CONFIG_SECURE_BOOT) && defined(CONFIG_SPL_BUILD) + /* + * *I*G - L3SRAM. When L3 is used as 256K SRAM, in case of Secure Boot + * the physical address of the SRAM is at 0xbffc0000, + * and virtual address is 0xfffc0000 + */ + + SET_TLB_ENTRY(1, CONFIG_SYS_INIT_L3_VADDR, + CONFIG_SYS_INIT_L3_ADDR, + MAS3_SX|MAS3_SW|MAS3_SR, MAS2_I|MAS2_G, + 0, 0, BOOKE_PAGESZ_256K, 1), #else SET_TLB_ENTRY(1, 0xfffff000, 0xfffff000, MAS3_SX|MAS3_SW|MAS3_SR, MAS2_I|MAS2_G, diff --git a/include/configs/simc-t10xx.h b/include/configs/simc-t10xx.h index 49550b7..860a851 100644 --- a/include/configs/simc-t10xx.h +++ b/include/configs/simc-t10xx.h @@ -11,6 +11,8 @@ #include +#define CONFIG_SECURE_BOOT + #define MPC85XX_GPIO_NR(port, pin) ((((port)-1)*32)+((pin)&31)) /* @@ -37,14 +39,30 @@ /* PBI commands are cpu independent for now */ +/*#define CONFIG_SYS_FSL_PBL_PBI $(SRCTREE)/board/scalys/simc-t10xx/simc-t10xx_pbi.cfg*/ + +#ifdef CONFIG_SECURE_BOOT +/* Secure boot enabled */ +#define CONFIG_SYS_FSL_PBL_PBI \ + $(SRCTREE)/board/scalys/simc-t10xx/simc-t10xx_nand_secure_pbi.cfg +#else +/* Secure boot disabled */ #define CONFIG_SYS_FSL_PBL_PBI $(SRCTREE)/board/scalys/simc-t10xx/simc-t10xx_pbi.cfg +#endif + + + /* Set the RCW config depending on the CPU type */ #if defined(CONFIG_PPC_T1022) #define CONFIG_SYS_FSL_PBL_RCW $(SRCTREE)/board/scalys/simc-t10xx/simc-t1022_rcw.cfg #elif defined(CONFIG_PPC_T1040) +#ifdef CONFIG_SECURE_BOOT +#define CONFIG_SYS_FSL_PBL_RCW $(SRCTREE)/board/scalys/simc-t10xx/simc-t1040_nand_secure_rcw.cfg +#else #define CONFIG_SYS_FSL_PBL_RCW $(SRCTREE)/board/scalys/simc-t10xx/simc-t1040_rcw.cfg #endif +#endif #define CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT #define CONFIG_SPL_ENV_SUPPORT @@ -76,7 +94,12 @@ #ifdef CONFIG_NAND #define CONFIG_SPL_NAND_SUPPORT -#define CONFIG_SYS_NAND_U_BOOT_SIZE (768 << 10) + + +#define CONFIG_SYS_NAND_U_BOOT_SIZE ( (2048-256) *1024) +#define CONFIG_U_BOOT_HDR_SIZE (16 << 10) + + #define CONFIG_SYS_NAND_U_BOOT_DST 0x30000000 #define CONFIG_SYS_NAND_U_BOOT_START 0x30000000 #define CONFIG_SYS_NAND_U_BOOT_OFFS (256 << 10) @@ -150,7 +173,7 @@ #define CONFIG_SYS_EXTRA_ENV_RELOC #define CONFIG_ENV_IS_IN_NAND #define CONFIG_ENV_SIZE 0x2000 -#define CONFIG_ENV_OFFSET 0x100000 /* Refer to mtdparts */ +#define CONFIG_ENV_OFFSET 0x200000 /* Refer to mtdparts */ #else #define CONFIG_ENV_IS_IN_FLASH #define CONFIG_ENV_ADDR (CONFIG_SYS_MONITOR_BASE - CONFIG_ENV_SECT_SIZE) @@ -533,11 +556,6 @@ #define CONFIG_SYS_DPAA_FMAN #define CONFIG_SYS_DPAA_PME -/* QE Connector is available on SiMC-T10x but not part of this development */ -#ifdef QE_CONNCECTOR -#define CONFIG_QE -#define CONFIG_U_QE -#endif /* Default address of microcode for the Linux Fman driver */ #if defined(CONFIG_SDCARD) @@ -550,7 +568,7 @@ #define CONFIG_SYS_FMAN_FW_ADDR (512 * 0x820) #elif defined(CONFIG_NAND) #define CONFIG_SYS_QE_FMAN_FW_IN_NAND -#define CONFIG_SYS_FMAN_FW_ADDR (0x140000) /* Refer to mtdparts */ +#define CONFIG_SYS_FMAN_FW_ADDR (0x240000) /* Refer to mtdparts: fman_ucode */ #else #define CONFIG_SYS_QE_FMAN_FW_IN_NOR #define CONFIG_SYS_FMAN_FW_ADDR 0xEFF00000 @@ -669,12 +687,13 @@ "spi0=spife110000.0" #define MTDPARTS_DEFAULT \ - "mtdparts=fff800000.flash:," \ - "1M@0x0(u-boot)," \ + "mtdparts=fff800000.flash:" \ + "2M@0x0(u-boot)," \ "256k(env)," \ "256k(fman_ucode)," \ - "0x3fdc0000(ubipart)," \ - "1M@0x3ff00000(bbt)ro}" + "256k(qe_ucode)," \ + "0x3fc80000(ubipart)," \ + "1M@0x3ff00000(bbt)ro" /* default location for tftp and bootm */ #define CONFIG_LOADADDR 1000000 @@ -702,7 +721,7 @@ "TFTP_PATH=\0" \ \ "mtdids=nand0=fff800000.flash\0" \ - "mtdparts=mtdparts=fff800000.flash:1M@0x0(u-boot),256k(env),256k(fman_ucode),0x3fdc0000(ubipart),1M@0x3ff00000(bbt)ro\0" \ + "mtdparts=" MTDPARTS_DEFAULT "\0" \ \ "setfans=i2c dev 0; i2c mw 0x2e 0x40 1;i2c mw 0x2e 0x7d 0x2;" \ "i2c mw 0x2e 0x5c 0xe0;i2c mw 0x2e 0x5d 0xe0;i2c mw 0x2e 0x5e 0xe0;" \ -- cgit v0.10.2