u-boot.git/arch/arm/include/asm/fsl_secure_boot.h, branch v2016.09 Unnamed repository; edit this file 'description' to name the repository. SECURE_BOOT: Enable SD as a source for bootscript 2016-07-26T16:01:43+00:00 Sumit Garg sumit.garg@nxp.com 2016-06-14T17:52:39+00:00 69d4b48c84b9c2b762066c5a68406a53e49ea2f3 Add support for reading bootscript and bootscript header from SD. Also renamed macros *_FLASH to *_DEVICE to represent SD alongwith NAND and NOR flash. Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <york.sun@nxp.com> 
Add support for reading bootscript and bootscript header from SD. Also
renamed macros *_FLASH to *_DEVICE to represent SD alongwith NAND and
NOR flash.

Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: York Sun <york.sun@nxp.com>
SECURE_BOOT: Enable chain of trust in SPL framework 2016-07-26T16:01:35+00:00 Sumit Garg sumit.garg@nxp.com 2016-06-14T17:52:38+00:00 028ac8c73355ab1340ed7ce179f08cbbae841034 Override jump_to_image_no_args function to include validation of u-boot image using spl_validate_uboot before jumping to u-boot image. Also define macros in SPL framework to enable crypto operations. Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <york.sun@nxp.com> 
Override jump_to_image_no_args function to include validation of
u-boot image using spl_validate_uboot before jumping to u-boot image.
Also define macros in SPL framework to enable crypto operations.

Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: York Sun <york.sun@nxp.com>
armv8: LS2080A: Consolidate LS2080A and LS2085A 2016-04-06T17:26:46+00:00 York Sun york.sun@nxp.com 2016-04-04T18:41:26+00:00 3c1d218a1d3048fb576677c47eab43049d0b7778 LS2080A is the primary SoC, and LS2085A is a personality with AIOP and DPAA DDR. The RDB and QDS boards support both personality. By detecting the SVR at runtime, a single image per board can support both SoCs. It gives users flexibility to swtich SoC without the need to reprogram the board. Signed-off-by: York Sun <york.sun@nxp.com> CC: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com> Reviewed-by: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com> 
LS2080A is the primary SoC, and LS2085A is a personality with AIOP
and DPAA DDR. The RDB and QDS boards support both personality. By
detecting the SVR at runtime, a single image per board can support
both SoCs. It gives users flexibility to swtich SoC without the need
to reprogram the board.

Signed-off-by: York Sun <york.sun@nxp.com>
CC: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>
Reviewed-by: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>
armv8: ls2080: Change env variable "fdt_high" 2016-03-29T15:46:21+00:00 Saksham Jain saksham.jain@nxp.com 2016-03-23T10:54:38+00:00 bef238cb1e87f36bfbc7495b9eb933d06ce278ec "fdt_high" env variable was set to 0xcfffffff for secure boot. Change it to 0xa0000000 for LS2080 to be consistent with non-secure boot targets. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com> 
"fdt_high" env variable was set to 0xcfffffff for secure boot.
Change it to 0xa0000000 for LS2080 to be consistent with non-secure
boot targets.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
armv8: fsl-lsch3: Copy Bootscript and header from NOR to DDR 2016-03-29T15:46:21+00:00 Saksham Jain saksham.jain@nxp.com 2016-03-23T10:54:37+00:00 3f701cc50a2e329e8437330bdd7316b48bd06cb8 To unify steps for secure boot for xip (eg. NOR) and non-xip memories (eg. NAND, SD), bootscipts and its header are copied to main memory. Validation and execution are performed from there. For other ARM Platforms (ls1043 and ls1020), to avoid disruption of existing users, this copy step is not used for NOR boot. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com> 
To unify steps for secure boot for xip (eg. NOR) and non-xip memories
(eg. NAND, SD), bootscipts and its header are copied to main memory.
Validation and execution are performed from there.

For other ARM Platforms (ls1043 and ls1020), to avoid disruption of
existing users, this copy step is not used for NOR boot.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
armv8: ls2080: Add bootscript header addr for secure boot 2016-03-29T15:46:21+00:00 Saksham Jain saksham.jain@nxp.com 2016-03-23T10:54:36+00:00 216e93a18565c53818c1aee7664401f994b3f3eb During secure boot, Linux image along with other images are validated using bootscript. This bootscript also needs to be validated before it executes. This requires a header for bootscript. When secure boot is enabled, default bootcmd is changed to first validate bootscript using the header and then execute the script. For ls2080, NOR memory map is different from other ARM SoCs. So a new address on NOR is used for this bootscript header (0x583920000). The Bootscript address is mentioned in this header along with addresses of other images. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com> 
During secure boot, Linux image along with other images are validated
using bootscript. This bootscript also needs to be validated before
it executes. This requires a header for bootscript.

When secure boot is enabled, default bootcmd is changed to first
validate bootscript using the header and then execute the script.

For ls2080, NOR memory map is different from other ARM SoCs. So a new
address on NOR is used for this bootscript header (0x583920000). The
Bootscript address is mentioned in this header along with addresses of
other images.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
armv8: ls2080rdb: ls2080qds: Add secure boot support 2016-03-29T15:46:20+00:00 Saksham Jain saksham.jain@nxp.com 2016-03-23T10:54:35+00:00 fcfdb6d580ab108f4496f1ef7bd7ed260488ffde Sec_init has been called at the beginning to initialize SEC Block (CAAM) which is used by secure boot validation later for both ls2080a qds and rdb. 64-bit address in ESBC Header has been enabled. Secure boot defconfigs are created for boards (NOR boot). Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com> 
Sec_init has been called at the beginning to initialize SEC Block
(CAAM) which is used by secure boot validation later for both ls2080a
qds and rdb. 64-bit address in ESBC Header has been enabled. Secure
boot defconfigs are created for boards (NOR boot).

Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
armv8: fsl-lsch3: Add new header for secure boot 2016-03-29T15:46:20+00:00 Saksham Jain saksham.jain@nxp.com 2016-03-23T10:54:34+00:00 fd6dbc98a73207ff961f1f83ea833654d98354c3 For secure boot, a header is used to identify key table, signature and image address. A new header structure is added for lsch3. Currently key extension (IE) feature is not supported. Single key feature is not supported. Keys must be in table format. Hence, SRK (key table) must be present. Max key number has increase from 4 to 8. The 8th key is irrevocable. A new barker Code is used. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com> 
For secure boot, a header is used to identify key table, signature
and image address. A new header structure is added for lsch3.

Currently key extension (IE) feature is not supported. Single key
feature is not supported. Keys must be in table format. Hence, SRK
(key table) must be present. Max key number has increase from 4 to
8. The 8th key is irrevocable. A new barker Code is used.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Kconfig: Move CONFIG_FIT and related options to Kconfig 2016-03-14T23:18:07+00:00 Simon Glass sjg@chromium.org 2016-02-23T05:55:43+00:00 73223f0e1bd0e37925ae1b7f21b51733145571dc There are already two FIT options in Kconfig but the CONFIG options are still in the header files. We need to do a proper move to fix this. Move these options to Kconfig and tidy up board configuration: CONFIG_FIT CONFIG_OF_BOARD_SETUP CONFIG_OF_SYSTEM_SETUP CONFIG_FIT_SIGNATURE CONFIG_FIT_BEST_MATCH CONFIG_FIT_VERBOSE CONFIG_OF_STDOUT_VIA_ALIAS CONFIG_RSA Unfortunately the first one is a little complicated. We need to make sure this option is not enabled in SPL by this change. Also this option is enabled automatically in the host builds by defining CONFIG_FIT in the image.h file. To solve this, add a new IMAGE_USE_FIT #define which can be used in files that are built on the host but must also build for U-Boot and SPL. Note: Masahiro's moveconfig.py script is amazing. Signed-off-by: Simon Glass <sjg@chromium.org> [trini: Add microblaze change, various configs/ re-applies] Signed-off-by: Tom Rini <trini@konsulko.com> 
There are already two FIT options in Kconfig but the CONFIG options are
still in the header files. We need to do a proper move to fix this.

Move these options to Kconfig and tidy up board configuration:

   CONFIG_FIT
   CONFIG_OF_BOARD_SETUP
   CONFIG_OF_SYSTEM_SETUP
   CONFIG_FIT_SIGNATURE
   CONFIG_FIT_BEST_MATCH
   CONFIG_FIT_VERBOSE
   CONFIG_OF_STDOUT_VIA_ALIAS
   CONFIG_RSA

Unfortunately the first one is a little complicated. We need to make sure
this option is not enabled in SPL by this change. Also this option is
enabled automatically in the host builds by defining CONFIG_FIT in the
image.h file. To solve this, add a new IMAGE_USE_FIT #define which can
be used in files that are built on the host but must also build for U-Boot
and SPL.

Note: Masahiro's moveconfig.py script is amazing.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Add microblaze change, various configs/ re-applies]
Signed-off-by: Tom Rini <trini@konsulko.com>
freescale: Remove CONFIG_DM from header files 2016-03-14T18:21:27+00:00 Simon Glass sjg@chromium.org 2016-02-23T05:55:41+00:00 9e971632cd6dae4fc2b30c600ff5650ecf8944f1 Kconfig options must defined in the defconfig files. Since RSA_SOFTWARE_EXP relies on CONFIG_DM, unless it is set in kconfig we cannot enable RSA. Remove the hacks which enable CONFIG_DM in header files and update the defconfig. Signed-off-by: Simon Glass <sjg@chromium.org> 
Kconfig options must defined in the defconfig files. Since RSA_SOFTWARE_EXP
relies on CONFIG_DM, unless it is set in kconfig we cannot enable RSA.
Remove the hacks which enable CONFIG_DM in header files and update the
defconfig.

Signed-off-by: Simon Glass <sjg@chromium.org>