diff options
author | Udit Agarwal <udit.agarwal@nxp.com> | 2017-02-09 21:36:11 +0530 |
---|---|---|
committer | York Sun <york.sun@nxp.com> | 2017-03-28 09:03:04 -0700 |
commit | ac55dadb1cb6a350604affd84e19006984933fa0 (patch) | |
tree | 34f3ef01b3639fd4dc939a102ede6804bf4f45e5 /include/fsl_validate.h | |
parent | 6d7b9e78f531210fd4dc99d12e81b0df8d8cdae0 (diff) | |
download | u-boot-ac55dadb1cb6a350604affd84e19006984933fa0.tar.gz |
fsl: Secure Boot: Enable IE (Key extention) Feature
For validating images from uboot (Such as Kernel Image), either keys
from SoC fuses can be used or keys from a verified table of public
keys can be used. The latter feature is called IE Key Extension
Feature.
For Layerscape Chasis 3 based platforms, IE table is validated by
Bootrom and address of this table is written in scratch registers 13
and 14 via PBI commands.
Following are the steps describing usage of this feature:
1) Verify IE Table in ISBC phase using keys stored in fuses.
2) Install IE table. (To be used across verification of multiple
images stored in a static global structure.)
3) Use keys from IE table, to verify further images.
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Diffstat (limited to 'include/fsl_validate.h')
-rw-r--r-- | include/fsl_validate.h | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/include/fsl_validate.h b/include/fsl_validate.h index c350938d1f..452c6df83f 100644 --- a/include/fsl_validate.h +++ b/include/fsl_validate.h @@ -40,8 +40,8 @@ struct fsl_secboot_img_hdr { u8 num_srk; u8 srk_sel; u8 reserve; - u8 ie_flag; } len_kr; + u8 ie_flag; u32 uid_flag; @@ -69,6 +69,11 @@ struct fsl_secboot_img_hdr { #define MAX_KEY_ENTRIES 8 #endif +#if defined(CONFIG_FSL_ISBC_KEY_EXT) +#define IE_FLAG_MASK 0x1 +#define SCRATCH_IE_LOW_ADR 13 +#define SCRATCH_IE_HIGH_ADR 14 +#endif #else /* CONFIG_ESBC_HDR_LS */ @@ -150,6 +155,10 @@ struct fsl_secboot_img_hdr { #define MAX_KEY_ENTRIES 4 #endif +#if defined(CONFIG_FSL_ISBC_KEY_EXT) +#define IE_FLAG_MASK 0xFFFFFFFF +#endif + #endif /* CONFIG_ESBC_HDR_LS */ @@ -202,6 +211,17 @@ struct fsl_secboot_sg_table { }; #endif +/* ESBC global structure. + * Data to be used across verification of different images. + * Stores follwoing Data: + * IE Table + */ +struct fsl_secboot_glb { +#if defined(CONFIG_FSL_ISBC_KEY_EXT) + uintptr_t ie_addr; + struct ie_key_info ie_tbl; +#endif +}; /* * ESBC private structure. * Private structure used by ESBC to store following fields @@ -213,7 +233,7 @@ struct fsl_secboot_sg_table { */ struct fsl_secboot_img_priv { uint32_t hdr_location; - u32 ie_addr; + uintptr_t ie_addr; u32 key_len; struct fsl_secboot_img_hdr hdr; |