summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSaksham Jain <saksham.jain@nxp.com>2016-03-23 16:24:35 +0530
committerYork Sun <york.sun@nxp.com>2016-03-29 08:46:20 -0700
commitfcfdb6d580ab108f4496f1ef7bd7ed260488ffde (patch)
tree70cb92552f03796c42b6b4eb311d6038dab99bcb
parentfd6dbc98a73207ff961f1f83ea833654d98354c3 (diff)
downloadu-boot-fcfdb6d580ab108f4496f1ef7bd7ed260488ffde.tar.gz
armv8: ls2080rdb: ls2080qds: Add secure boot support
Sec_init has been called at the beginning to initialize SEC Block (CAAM) which is used by secure boot validation later for both ls2080a qds and rdb. 64-bit address in ESBC Header has been enabled. Secure boot defconfigs are created for boards (NOR boot). Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
Diffstat
-rw-r--r--arch/arm/include/asm/fsl_secure_boot.h9
-rw-r--r--board/freescale/ls2080aqds/MAINTAINERS6
-rw-r--r--board/freescale/ls2080aqds/ls2080aqds.c5
-rw-r--r--board/freescale/ls2080ardb/MAINTAINERS6
-rw-r--r--board/freescale/ls2080ardb/ls2080ardb.c5
-rw-r--r--configs/ls2080aqds_SECURE_BOOT_defconfig20
-rw-r--r--configs/ls2080ardb_SECURE_BOOT_defconfig20
-rw-r--r--configs/ls2085aqds_SECURE_BOOT_defconfig20
-rw-r--r--configs/ls2085ardb_SECURE_BOOT_defconfig20
-rw-r--r--include/configs/ls2080aqds.h2
-rw-r--r--include/configs/ls2080ardb.h2
11 files changed, 111 insertions, 4 deletions
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index 4eb3b156c8..b745194c73 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -18,7 +18,9 @@
#ifdef CONFIG_CHAIN_OF_TRUST
#define CONFIG_CMD_ESBC_VALIDATE
#define CONFIG_CMD_BLOB
+#define CONFIG_CMD_HASH
#define CONFIG_FSL_SEC_MON
+#define CONFIG_SHA_HW_ACCEL
#define CONFIG_SHA_PROG_HW_ACCEL
#define CONFIG_RSA_FREESCALE_EXP
@@ -42,8 +44,11 @@
#endif
-#ifdef CONFIG_LS1043A
-/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit */
+#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A) ||\
+ defined(CONFIG_LS2085A)
+/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit
+ * Similiarly for LS2080 and LS2085
+ */
#define CONFIG_ESBC_ADDR_64BIT
#endif
diff --git a/board/freescale/ls2080aqds/MAINTAINERS b/board/freescale/ls2080aqds/MAINTAINERS
index 6f99ad0d91..558cef1190 100644
--- a/board/freescale/ls2080aqds/MAINTAINERS
+++ b/board/freescale/ls2080aqds/MAINTAINERS
@@ -8,3 +8,9 @@ F: configs/ls2080aqds_defconfig
F: configs/ls2080aqds_nand_defconfig
F: configs/ls2085aqds_defconfig
F: configs/ls2085aqds_nand_defconfig
+
+LS2080A_SECURE_BOOT BOARD
+M: Saksham Jain <saksham.jain@nxp.freescale.com>
+S: Maintained
+F: configs/ls2080aqds_SECURE_BOOT_defconfig
+F: configs/ls2085aqds_SECURE_BOOT_defconfig
diff --git a/board/freescale/ls2080aqds/ls2080aqds.c b/board/freescale/ls2080aqds/ls2080aqds.c
index f3925e25a3..e1a521d080 100644
--- a/board/freescale/ls2080aqds/ls2080aqds.c
+++ b/board/freescale/ls2080aqds/ls2080aqds.c
@@ -19,6 +19,7 @@
#include <rtc.h>
#include <asm/arch/soc.h>
#include <hwconfig.h>
+#include <fsl_sec.h>
#include "../common/qixis.h"
#include "ls2080aqds_qixis.h"
@@ -248,7 +249,9 @@ int arch_misc_init(void)
#ifdef CONFIG_FSL_DEBUG_SERVER
debug_server_init();
#endif
-
+#ifdef CONFIG_FSL_CAAM
+ sec_init();
+#endif
return 0;
}
#endif
diff --git a/board/freescale/ls2080ardb/MAINTAINERS b/board/freescale/ls2080ardb/MAINTAINERS
index c9f3459f78..0817711d08 100644
--- a/board/freescale/ls2080ardb/MAINTAINERS
+++ b/board/freescale/ls2080ardb/MAINTAINERS
@@ -8,3 +8,9 @@ F: configs/ls2080ardb_defconfig
F: configs/ls2080ardb_nand_defconfig
F: configs/ls2085ardb_defconfig
F: configs/ls2085ardb_nand_defconfig
+
+LS2080A_SECURE_BOOT BOARD
+M: Saksham Jain <saksham.jain@nxp.freescale.com>
+S: Maintained
+F: configs/ls2080ardb_SECURE_BOOT_defconfig
+F: configs/ls2085ardb_SECURE_BOOT_defconfig
diff --git a/board/freescale/ls2080ardb/ls2080ardb.c b/board/freescale/ls2080ardb/ls2080ardb.c
index 844d9f5a09..ec4b74c272 100644
--- a/board/freescale/ls2080ardb/ls2080ardb.c
+++ b/board/freescale/ls2080ardb/ls2080ardb.c
@@ -18,6 +18,7 @@
#include <environment.h>
#include <i2c.h>
#include <asm/arch/soc.h>
+#include <fsl_sec.h>
#include "../common/qixis.h"
#include "ls2080ardb_qixis.h"
@@ -218,7 +219,9 @@ int arch_misc_init(void)
#ifdef CONFIG_FSL_DEBUG_SERVER
debug_server_init();
#endif
-
+#ifdef CONFIG_FSL_CAAM
+ sec_init();
+#endif
return 0;
}
#endif
diff --git a/configs/ls2080aqds_SECURE_BOOT_defconfig b/configs/ls2080aqds_SECURE_BOOT_defconfig
new file mode 100644
index 0000000000..408d1ee1e7
--- /dev/null
+++ b/configs/ls2080aqds_SECURE_BOOT_defconfig
@@ -0,0 +1,20 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS2080AQDS=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-qds"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2080A, SECURE_BOOT"
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_OF_CONTROL=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_SYS_NS16550=y
+CONFIG_FSL_DSPI=y
+CONFIG_RSA=y
diff --git a/configs/ls2080ardb_SECURE_BOOT_defconfig b/configs/ls2080ardb_SECURE_BOOT_defconfig
new file mode 100644
index 0000000000..dde3311653
--- /dev/null
+++ b/configs/ls2080ardb_SECURE_BOOT_defconfig
@@ -0,0 +1,20 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS2080ARDB=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-rdb"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2080A, SECURE_BOOT"
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_OF_CONTROL=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_SYS_NS16550=y
+CONFIG_FSL_DSPI=y
+CONFIG_RSA=y
diff --git a/configs/ls2085aqds_SECURE_BOOT_defconfig b/configs/ls2085aqds_SECURE_BOOT_defconfig
new file mode 100644
index 0000000000..f13ee41c77
--- /dev/null
+++ b/configs/ls2085aqds_SECURE_BOOT_defconfig
@@ -0,0 +1,20 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS2080AQDS=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-qds"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2085A, SECURE_BOOT"
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_OF_CONTROL=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_SYS_NS16550=y
+CONFIG_FSL_DSPI=y
+CONFIG_RSA=y
diff --git a/configs/ls2085ardb_SECURE_BOOT_defconfig b/configs/ls2085ardb_SECURE_BOOT_defconfig
new file mode 100644
index 0000000000..aa6650849c
--- /dev/null
+++ b/configs/ls2085ardb_SECURE_BOOT_defconfig
@@ -0,0 +1,20 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS2080ARDB=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-rdb"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2085A, SECURE_BOOT"
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_OF_CONTROL=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_SYS_NS16550=y
+CONFIG_FSL_DSPI=y
+CONFIG_RSA=y
diff --git a/include/configs/ls2080aqds.h b/include/configs/ls2080aqds.h
index dab38208f5..91fad0a0cd 100644
--- a/include/configs/ls2080aqds.h
+++ b/include/configs/ls2080aqds.h
@@ -399,4 +399,6 @@ unsigned long get_board_ddr_clk(void);
#define CONFIG_USB_STORAGE
#define CONFIG_CMD_EXT2
+#include <asm/fsl_secure_boot.h>
+
#endif /* __LS2_QDS_H */
diff --git a/include/configs/ls2080ardb.h b/include/configs/ls2080ardb.h
index 59a3f66310..ce1d90098f 100644
--- a/include/configs/ls2080ardb.h
+++ b/include/configs/ls2080ardb.h
@@ -363,4 +363,6 @@ unsigned long get_board_sys_clk(void);
#define CONFIG_PHY_AQUANTIA
#endif
+#include <asm/fsl_secure_boot.h>
+
#endif /* __LS2_RDB_H */
View Lorry Controller Status