u-boot.git/arch/powerpc/include/asm/fsl_secure_boot.h, branch v2016.03 Unnamed repository; edit this file 'description' to name the repository. secure_boot: enable chain of trust for PowerPC platforms 2016-01-27T16:12:56+00:00 Aneesh Bansal aneesh.bansal@nxp.com 2016-01-22T11:07:27+00:00 d0a6d7ce55ec40d23ad96b549d596afd8f70735c Chain of Trust is enabled for PowerPC platforms for Secure Boot. CONFIG_BOARD_LATE_INIT is defined. In board_late_init(), fsl_setenv_chain_of_trust() is called which will perform the following: - If boot mode is non-secure, return (No Change) - If boot mode is secure, set the following environmet variables: bootdelay = 0 (To disable Boot Prompt) bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script) Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com> 
Chain of Trust is enabled for PowerPC platforms for Secure Boot.
CONFIG_BOARD_LATE_INIT is defined.
In board_late_init(), fsl_setenv_chain_of_trust() is called which
will perform the following:
- If boot mode is non-secure, return (No Change)
- If boot mode is secure, set the following environmet variables:
   bootdelay = 0 (To disable Boot Prompt)
   bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
secure_boot: split the secure boot functionality in two parts 2016-01-27T16:12:32+00:00 Aneesh Bansal aneesh.bansal@nxp.com 2016-01-22T11:07:24+00:00 bdc22074c511def222f93d1a9d94ec95c462c062 There are two phases in Secure Boot 1. ISBC: In BootROM, validate the BootLoader (U-Boot). 2. ESBC: In U-Boot, continuing the Chain of Trust by validating and booting LINUX. For ESBC phase, there is no difference in SoC's based on ARM or PowerPC cores. But the exit conditions after ISBC phase i.e. entry conditions for U-Boot are different for ARM and PowerPC. PowerPC: If Secure Boot is executed, a separate U-Boot target is required which must be compiled with a diffrent Text Base as compared to Non-Secure Boot. There are some LAW and TLB settings which are required specifically for Secure Boot scenario. ARM: ARM based SoC's have a fixed memory map and exit conditions from BootROM are same irrespective of boot mode (Secure or Non-Secure). Thus the current Secure Boot functionlity has been split into two parts: CONFIG_CHAIN_OF_TRUST This will have the following functionality as part of U-Boot: 1. Enable commands like esbc_validate, esbc_halt 2. Change the environment settings based on bootmode, determined at run time: - If bootmode is non-secure, no change - If bootmode is secure, set the following: - bootdelay = 0 (Don't give boot prompt) - bootcmd = Validate and execute the bootscript. CONFIG_SECURE_BOOT This is defined only for creating a different compile time target for secure boot. Traditionally, both these functionalities were defined under CONFIG_SECURE_BOOT. This patch is aimed at removing the requirement for a separate Secure Boot target for ARM based SoC's. CONFIG_CHAIN_OF_TRUST will be defined and boot mode will be determine at run time. Another Security Requirement for running CHAIN_OF_TRUST is that U-Boot environemnt must not be picked from flash/external memory. This cannot be done based on bootmode at run time in current U-Boot architecture. Once this dependency is resolved, no separate SECURE_BOOT target will be required for ARM based SoC's. Currently, the only code under CONFIG_SECURE_BOOT for ARM SoC's is defining CONFIG_ENV_IS_NOWHERE Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com> 
There are two phases in Secure Boot
1. ISBC: In BootROM, validate the BootLoader (U-Boot).
2. ESBC: In U-Boot, continuing the Chain of Trust by
         validating and booting LINUX.

For ESBC phase, there is no difference in SoC's based on ARM or
PowerPC cores.

But the exit conditions after ISBC phase i.e. entry conditions for
U-Boot are different for ARM and PowerPC.
PowerPC:

If Secure Boot is executed, a separate U-Boot target is required
which must be compiled with a diffrent Text Base as compared to
Non-Secure Boot. There are some LAW and TLB settings which are
required specifically for Secure Boot scenario.

ARM:
ARM based SoC's have a fixed memory map and exit conditions from
BootROM are same irrespective of boot mode (Secure or Non-Secure).

Thus the current Secure Boot functionlity has been split into
two parts:
CONFIG_CHAIN_OF_TRUST
This will have the following functionality as part of U-Boot:
1. Enable commands like esbc_validate, esbc_halt
2. Change the environment settings based on bootmode, determined
   at run time:
     - If bootmode is non-secure, no change
     - If bootmode is secure, set the following:
         - bootdelay = 0 (Don't give boot prompt)
         - bootcmd = Validate and execute the bootscript.

CONFIG_SECURE_BOOT
This is defined only for creating a different compile time target
for secure boot.

Traditionally, both these functionalities were defined under
CONFIG_SECURE_BOOT. This patch is aimed at removing the requirement
for a separate Secure Boot target for ARM based SoC's.
CONFIG_CHAIN_OF_TRUST will be defined and boot mode will be
determine at run time.

Another Security Requirement for running CHAIN_OF_TRUST is that
U-Boot environemnt must not be picked from flash/external memory.
This cannot be done based on bootmode at run time in current U-Boot
architecture. Once this dependency is resolved, no separate
SECURE_BOOT target will be required for ARM based SoC's.

Currently, the only code under CONFIG_SECURE_BOOT for ARM SoC's is
defining CONFIG_ENV_IS_NOWHERE

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
secure_boot: include/configs: move definition of CONFIG_CMD_BLOB 2016-01-27T16:12:26+00:00 Aneesh Bansal aneesh.bansal@nxp.com 2016-01-22T11:07:23+00:00 74eecd820f251c6700c828d662a600c01651217f CONFIG_CMD_BLOB must be defined in case of Secure Boot. It was earlier defined in all config files. The definition has been moved to a common file which is included by all configs. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com> 
CONFIG_CMD_BLOB must be defined in case of Secure Boot. It was
earlier defined in all config files. The definition has been
moved to a common file which is included by all configs.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
SECURE_BOOT: Disable IE Key feature for RAMBOOT 2015-09-02T02:38:02+00:00 Aneesh Bansal aneesh.bansal@freescale.com 2015-07-31T08:40:03+00:00 2ed948f466b2715a82c25ca25f5839c9bbaea6e3 ISBC Key Extension feature is not applicable for RAMBOOT as there is no way to retrieve the CSF Header and validated IE Key table from SRAM once CPC has been disabled. The feature is only applicable in case of NOR SECURE BOOT. Code Cleanup: The SECURE_BOOT specific defines have been moved from arch-ls102xa/config.h to arm/include/asm/fsl_secure_boot.h Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> 
ISBC Key Extension feature is not applicable for RAMBOOT
as there is no way to retrieve the CSF Header and validated
IE Key table from SRAM once CPC has been disabled.
The feature is only applicable in case of NOR SECURE BOOT.
Code Cleanup:
The SECURE_BOOT specific defines have been moved from
arch-ls102xa/config.h to
arm/include/asm/fsl_secure_boot.h

Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
powerpc/mpc85xx: SECURE BOOT-Copy Boot Script on RAM 2015-07-31T15:50:18+00:00 Aneesh Bansal aneesh.bansal@freescale.com 2015-06-16T05:06:43+00:00 5050f6f0e56af0e02c3e362d9af2b628d6c8da12 For running Chain of Trust when doing Secure Boot from NAND, the Bootscript header and bootscript must be copied from NAND to RAM(DDR). The addresses and commands for the same have been defined. Signed-off-by: Saksham Jain <saksham@freescale.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> 
For running Chain of Trust when doing Secure Boot from NAND,
the Bootscript header and bootscript must be copied from NAND
to RAM(DDR).
The addresses and commands for the same have been defined.

Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
powerpc/mpc85xx: SECURE BOOT- NAND secure boot target for P3041 2015-07-31T15:50:18+00:00 Aneesh Bansal aneesh.bansal@freescale.com 2015-06-16T05:06:00+00:00 467a40dfe35f48d830f01a72617207d03ca85b4d Secure Boot Target is added for NAND for P3041. For mpc85xx SoCs, the core begins execution from address 0xFFFFFFFC. In case of secure boot, this default address maps to Boot ROM. The Boot ROM code requires that the bootloader(U-boot) must lie in 0 to 3.5G address space i.e. 0x0 - 0xDFFFFFFF. In case of NAND Secure Boot, CONFIG_SYS_RAMBOOT is enabled and CPC is configured as SRAM. U-Boot binary will be located on SRAM configured at address 0xBFF00000. In the U-Boot code, TLB entries are created to map the virtual address 0xFFF00000 to physical address 0xBFF00000 of CPC configured as SRAM. Signed-off-by: Saksham Jain <saksham@freescale.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> 
Secure Boot Target is added for NAND for P3041.
For mpc85xx SoCs, the core begins execution from address 0xFFFFFFFC.
In case of secure boot, this default address maps to Boot ROM.
The Boot ROM code requires that the bootloader(U-boot) must lie
in 0 to 3.5G address space i.e. 0x0 - 0xDFFFFFFF.

In case of NAND Secure Boot, CONFIG_SYS_RAMBOOT is enabled and CPC is
configured as SRAM. U-Boot binary will be located on SRAM configured
at address 0xBFF00000.
In the U-Boot code, TLB entries are created to map the virtual address
0xFFF00000 to physical address 0xBFF00000 of CPC configured as SRAM.

Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
powerpc/T104xD4: Add Secure boot support for T104xD4RDB platforms 2015-07-28T21:41:14+00:00 gaurav rana gaurav.rana@freescale.com 2015-03-26T10:22:47+00:00 e622d9ed3b4a44cd5646654ba12dd6894fd49382 defconfig files are added and SFP version for these platforms is updated. Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> 
defconfig files are added and SFP version for these platforms
is updated.

Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
Add bootscript support to esbc_validate. 2015-04-21T17:19:19+00:00 gaurav rana gaurav.rana@freescale.com 2015-03-10T08:38:50+00:00 98cb0efde8aaed200750e6d75fa8e5fc01dcd8f4 1. Default environment will be used for secure boot flow which can't be edited or saved. 2. Command for secure boot is predefined in the default environment which will run on autoboot (and autoboot is the only option allowed in case of secure boot) and it looks like this: #define CONFIG_SECBOOT \ "setenv bs_hdraddr 0xe8e00000;" \ "esbc_validate $bs_hdraddr;" \ "source $img_addr;" \ "esbc_halt;" #endif 3. Boot Script can contain esbc_validate commands and bootm command. Uboot source command used in default secure boot command will run the bootscript. 4. Command esbc_halt added to ensure either bootm executes after validation of images or core should just spin. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> 
1. Default environment will be used for secure boot flow
 which can't be edited or saved.
2. Command for secure boot is predefined in the default
 environment which will run on autoboot (and autoboot is
 the only option allowed in case of secure boot) and it
 looks like this:
 #define CONFIG_SECBOOT \
 "setenv bs_hdraddr 0xe8e00000;"                 \
 "esbc_validate $bs_hdraddr;"                    \
 "source $img_addr;"                             \
 "esbc_halt;"
 #endif
3. Boot Script can contain esbc_validate commands and bootm command.
 Uboot source command used in default secure boot command will
 run the bootscript.
4. Command esbc_halt added to ensure either bootm executes
 after validation of images or core should just spin.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
SECURE_BOOT : enable esbc_validate command for powerpc and arm platforms. 2015-03-05T20:04:59+00:00 gaurav rana gaurav.rana@freescale.com 2015-02-27T04:16:17+00:00 e04916a721a2069fc770412c57974d02e153ad18 esbc_validate command uses various IP Blocks: Security Monitor, CAAM block and SFP registers. Hence the respective CONFIG's are enabled. Apart from these CONFIG_SHA_PROG_HW_ACCEL and CONFIG_RSA are also enabled. Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> 
esbc_validate command uses various IP Blocks: Security Monitor, CAAM block
and SFP registers. Hence the respective CONFIG's are enabled.

Apart from these CONFIG_SHA_PROG_HW_ACCEL and CONFIG_RSA are also enabled.

Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
powerpc/mpc85xx: Define PBI Flash Base for C29XPCIE Secure Boot 2015-01-16T17:30:12+00:00 Aneesh Bansal aneesh.bansal@freescale.com 2014-12-12T10:05:04+00:00 b3f0f63223ce42592499d71dcbd4d9ac18fb3e10 CONFIG_SYS_PBI_FLASH_BASE is defined for Secure Boot on C29X Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> 
CONFIG_SYS_PBI_FLASH_BASE is defined for Secure Boot on C29X

Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>