u-boot.git/arch/powerpc/include/asm/fsl_secure_boot.h, branch v2016.11 Unnamed repository; edit this file 'description' to name the repository. Convert CONFIG_SPL_DRIVERS_MISC_SUPPORT to Kconfig 2016-09-16T21:27:08+00:00 Simon Glass sjg@chromium.org 2016-09-13T05:18:34+00:00 d3662dff78e94d8d836fc61b84ce46fef91b9aa7 Move this option to Kconfig and tidy up existing uses. Signed-off-by: Simon Glass <sjg@chromium.org> 
Move this option to Kconfig and tidy up existing uses.

Signed-off-by: Simon Glass <sjg@chromium.org>
Convert CONFIG_SPL_HASH_SUPPORT to Kconfig 2016-09-16T21:27:07+00:00 Simon Glass sjg@chromium.org 2016-09-13T05:18:32+00:00 d3e7e2b2ce844ffe76eb658b05bb5cfc0be28efe Move this option to Kconfig and tidy up existing uses. Signed-off-by: Simon Glass <sjg@chromium.org> 
Move this option to Kconfig and tidy up existing uses.

Signed-off-by: Simon Glass <sjg@chromium.org>
Convert CONFIG_SPL_CRYPTO_SUPPORT to Kconfig 2016-09-16T21:27:07+00:00 Simon Glass sjg@chromium.org 2016-09-13T05:18:31+00:00 dbdaeee43c0f159d32dba28de684c1aba5d20673 Move this option to Kconfig and tidy up existing uses. Signed-off-by: Simon Glass <sjg@chromium.org> 
Move this option to Kconfig and tidy up existing uses.

Signed-off-by: Simon Glass <sjg@chromium.org>
Move existing use of CONFIG_SPL_RSA to Kconfig 2016-09-16T21:03:45+00:00 Simon Glass sjg@chromium.org 2016-09-13T05:18:29+00:00 d3c1f467378259514e9e37f72808315adc16ede9 A few boards define this in a header file which is incorrect. It means that Kconfig options that rely on this cannot be used. Move it. Signed-off-by: Simon Glass <sjg@chromium.org> 
A few boards define this in a header file which is incorrect. It means that
Kconfig options that rely on this cannot be used. Move it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Move existing use of CONFIG_SPL_DM to Kconfig 2016-09-16T21:03:41+00:00 Simon Glass sjg@chromium.org 2016-09-13T05:18:28+00:00 3433a693a9cf143b6e5f0d7190b4df4d1c82418e A few boards define this in a header file which is incorrect. It means that Kconfig options that rely on this cannot be used. Move it. Note that quite a few boards defined this options but do not appear to actually use SPL: BSC9132QDS_NOR_DDRCLK100_SECURE BSC9132QDS_NOR_DDRCLK133_SECURE BSC9132QDS_SDCARD_DDRCLK100_SECURE BSC9132QDS_SDCARD_DDRCLK133_SECURE BSC9132QDS_SPIFLASH_DDRCLK100_SECURE BSC9132QDS_SPIFLASH_DDRCLK133_SECURE C29XPCIE_NOR_SECBOOT P1010RDB-PA_36BIT_NAND_SECBOOT P1010RDB-PA_36BIT_SPIFLASH_SECBOOT P1010RDB-PA_NAND_SECBOOT P1010RDB-PA_NOR_SECBOOT P1010RDB-PB_36BIT_NOR_SECBOOT P1010RDB-PB_36BIT_SPIFLASH_SECBOOT P1010RDB-PB_NAND_SECBOOT P1010RDB-PB_NOR_SECBOOT P3041DS_SECURE_BOOT P4080DS_SECURE_BOOT P5020DS_NAND_SECURE_BOOT P5040DS_SECURE_BOOT T1023RDB_SECURE_BOOT T1024QDS_DDR4_SECURE_BOOT T1024QDS_SECURE_BOOT T1024RDB_SECURE_BOOT T1040RDB_SECURE_BOOT T1042D4RDB_SECURE_BOOT T1042RDB_SECURE_BOOT T2080QDS_SECURE_BOOT T2080RDB_SECURE_BOOT T4160QDS_SECURE_BOOT T4240QDS_SECURE_BOOT ls1021aqds_nor_SECURE_BOOT ls1021atwr_nor_SECURE_BOOT ls1043ardb_SECURE_BOOT For these boards CONFIG_SPL_DM will no-longer be defined in SPL. But since they apparently don't have an SPL, this should not matter. Signed-off-by: Simon Glass <sjg@chromium.org> 
A few boards define this in a header file which is incorrect. It means that
Kconfig options that rely on this cannot be used. Move it.

Note that quite a few boards defined this options but do not appear to
actually use SPL:

	BSC9132QDS_NOR_DDRCLK100_SECURE
	BSC9132QDS_NOR_DDRCLK133_SECURE
	BSC9132QDS_SDCARD_DDRCLK100_SECURE
	BSC9132QDS_SDCARD_DDRCLK133_SECURE
	BSC9132QDS_SPIFLASH_DDRCLK100_SECURE
	BSC9132QDS_SPIFLASH_DDRCLK133_SECURE
	C29XPCIE_NOR_SECBOOT
	P1010RDB-PA_36BIT_NAND_SECBOOT
	P1010RDB-PA_36BIT_SPIFLASH_SECBOOT
	P1010RDB-PA_NAND_SECBOOT
	P1010RDB-PA_NOR_SECBOOT
	P1010RDB-PB_36BIT_NOR_SECBOOT
	P1010RDB-PB_36BIT_SPIFLASH_SECBOOT
	P1010RDB-PB_NAND_SECBOOT
	P1010RDB-PB_NOR_SECBOOT
	P3041DS_SECURE_BOOT
	P4080DS_SECURE_BOOT
	P5020DS_NAND_SECURE_BOOT
	P5040DS_SECURE_BOOT
	T1023RDB_SECURE_BOOT
	T1024QDS_DDR4_SECURE_BOOT
	T1024QDS_SECURE_BOOT
	T1024RDB_SECURE_BOOT
	T1040RDB_SECURE_BOOT
	T1042D4RDB_SECURE_BOOT
	T1042RDB_SECURE_BOOT
	T2080QDS_SECURE_BOOT
	T2080RDB_SECURE_BOOT
	T4160QDS_SECURE_BOOT
	T4240QDS_SECURE_BOOT
	ls1021aqds_nor_SECURE_BOOT
	ls1021atwr_nor_SECURE_BOOT
	ls1043ardb_SECURE_BOOT

For these boards CONFIG_SPL_DM will no-longer be defined in SPL. But since
they apparently don't have an SPL, this should not matter.

Signed-off-by: Simon Glass <sjg@chromium.org>
arm: fsl: Adjust ordering of #ifndef CONFIG_SPL_BUILD 2016-09-16T21:03:37+00:00 Simon Glass sjg@chromium.org 2016-09-13T05:18:23+00:00 b63f8a4336a691964529d9cdc38ad32f716b3fa7 The secure boot header files incorrectly define SPL options only if CONFIG_SPL_BUILD is defined. This means that the options are only enabled in an SPL build, and not with a normal 'make xxx_defconfig'. This means that moveconfig.py cannot work, since it sees the options as disabled even when they may be manually enabled in an SPL build. Fix this by changing the order. Signed-off-by: Simon Glass <sjg@chromium.org> 
The secure boot header files incorrectly define SPL options only if
CONFIG_SPL_BUILD is defined. This means that the options are only enabled
in an SPL build, and not with a normal 'make xxx_defconfig'. This means
that moveconfig.py cannot work, since it sees the options as disabled even
when they may be manually enabled in an SPL build.

Fix this by changing the order.

Signed-off-by: Simon Glass <sjg@chromium.org>
SECURE_BOOT: Enable SD as a source for bootscript 2016-07-26T16:01:43+00:00 Sumit Garg sumit.garg@nxp.com 2016-06-14T17:52:39+00:00 69d4b48c84b9c2b762066c5a68406a53e49ea2f3 Add support for reading bootscript and bootscript header from SD. Also renamed macros *_FLASH to *_DEVICE to represent SD alongwith NAND and NOR flash. Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <york.sun@nxp.com> 
Add support for reading bootscript and bootscript header from SD. Also
renamed macros *_FLASH to *_DEVICE to represent SD alongwith NAND and
NOR flash.

Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: York Sun <york.sun@nxp.com>
powerpc/mpc85xx: T104x: Add nand secure boot target 2016-07-21T18:09:34+00:00 Sumit Garg sumit.garg@nxp.com 2016-07-14T16:27:52+00:00 aa36c84edfcfd8c7d0348511e7b0fbb43514cd35 For mpc85xx SoCs, the core begins execution from address 0xFFFFFFFC. In non-secure boot scenario from NAND, this address will map to CPC configured as SRAM. But in case of secure boot, this default address always maps to IBR (Internal Boot ROM). The IBR code requires that the bootloader(U-boot) must lie in 0 to 3.5G address space i.e. 0x0 - 0xDFFFFFFF. For secure boot target from NAND, the text base for SPL is kept same as non-secure boot target i.e. 0xFFFx_xxxx but the SPL U-boot binary will be copied to CPC configured as SRAM with address in 0-3.5G(0xBFFC_0000) As a the virtual and physical address of CPC would be different. The virtual address 0xFFFx_xxxx needs to be mapped to physical address 0xBFFx_xxxx. Create a new PBI file to configure CPC as SRAM with address 0xBFFC0000 and update DCFG SCRTACH1 register with location of Header required for secure boot. The changes are similar to commit 467a40dfe35f48d830f01a72617207d03ca85b4d powerpc/mpc85xx: SECURE BOOT- NAND secure boot target for P3041 While P3041 has a 1MB CPC and does not require SPL. On T104x, CPC is only 256K and thus SPL framework is used. The changes are only applicable for SPL U-Boot running out of CPC SRAM and not the next level U-Boot loaded on DDR. Reviewed-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com> 
For mpc85xx SoCs, the core begins execution from address 0xFFFFFFFC.
In non-secure boot scenario from NAND, this address will map to CPC
configured as SRAM. But in case of secure boot, this default address
always maps to IBR (Internal Boot ROM).
The IBR code requires that the bootloader(U-boot) must lie in 0 to 3.5G
address space i.e. 0x0 - 0xDFFFFFFF.

For secure boot target from NAND, the text base for SPL is kept same as
non-secure boot target i.e. 0xFFFx_xxxx but the SPL U-boot binary will
be copied to CPC configured as SRAM with address in 0-3.5G(0xBFFC_0000)
As a the virtual and physical address of CPC would be different. The
virtual address 0xFFFx_xxxx needs to be mapped to physical address
0xBFFx_xxxx.

Create a new PBI file to configure CPC as SRAM with address 0xBFFC0000
and update DCFG SCRTACH1 register with location of Header required for
secure boot.

The changes are similar to
commit 467a40dfe35f48d830f01a72617207d03ca85b4d
    powerpc/mpc85xx: SECURE BOOT- NAND secure boot target for P3041

While P3041 has a 1MB CPC and does not require SPL. On T104x, CPC
is only 256K and thus SPL framework is used.
The changes are only applicable for SPL U-Boot running out of CPC SRAM
and not the next level U-Boot loaded on DDR.

Reviewed-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
powerpc/mpc85xx: SECURE BOOT- Enable chain of trust in SPL 2016-07-21T18:09:23+00:00 Sumit Garg sumit.garg@nxp.com 2016-07-14T16:27:51+00:00 8f01397ba76d1ee210bedbf031d807e8df34c482 As part of Chain of Trust for Secure boot, the SPL U-Boot will validate the next level U-boot image. Add a new function spl_validate_uboot to perform the validation. Enable hardware crypto operations in SPL using SEC block. In case of Secure Boot, PAMU is not bypassed. For allowing SEC block access to CPC configured as SRAM, configure PAMU. Reviewed-by: Ruchika Gupta <ruchika.gupta@nxp.com> Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <york.sun@nxp.com> 
As part of Chain of Trust for Secure boot, the SPL U-Boot will validate
the next level U-boot image. Add a new function spl_validate_uboot to
perform the validation.

Enable hardware crypto operations in SPL using SEC block.
In case of Secure Boot, PAMU is not bypassed. For allowing SEC block
access to CPC configured as SRAM, configure PAMU.

Reviewed-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: York Sun <york.sun@nxp.com>
Kconfig: Move CONFIG_FIT and related options to Kconfig 2016-03-14T23:18:07+00:00 Simon Glass sjg@chromium.org 2016-02-23T05:55:43+00:00 73223f0e1bd0e37925ae1b7f21b51733145571dc There are already two FIT options in Kconfig but the CONFIG options are still in the header files. We need to do a proper move to fix this. Move these options to Kconfig and tidy up board configuration: CONFIG_FIT CONFIG_OF_BOARD_SETUP CONFIG_OF_SYSTEM_SETUP CONFIG_FIT_SIGNATURE CONFIG_FIT_BEST_MATCH CONFIG_FIT_VERBOSE CONFIG_OF_STDOUT_VIA_ALIAS CONFIG_RSA Unfortunately the first one is a little complicated. We need to make sure this option is not enabled in SPL by this change. Also this option is enabled automatically in the host builds by defining CONFIG_FIT in the image.h file. To solve this, add a new IMAGE_USE_FIT #define which can be used in files that are built on the host but must also build for U-Boot and SPL. Note: Masahiro's moveconfig.py script is amazing. Signed-off-by: Simon Glass <sjg@chromium.org> [trini: Add microblaze change, various configs/ re-applies] Signed-off-by: Tom Rini <trini@konsulko.com> 
There are already two FIT options in Kconfig but the CONFIG options are
still in the header files. We need to do a proper move to fix this.

Move these options to Kconfig and tidy up board configuration:

   CONFIG_FIT
   CONFIG_OF_BOARD_SETUP
   CONFIG_OF_SYSTEM_SETUP
   CONFIG_FIT_SIGNATURE
   CONFIG_FIT_BEST_MATCH
   CONFIG_FIT_VERBOSE
   CONFIG_OF_STDOUT_VIA_ALIAS
   CONFIG_RSA

Unfortunately the first one is a little complicated. We need to make sure
this option is not enabled in SPL by this change. Also this option is
enabled automatically in the host builds by defining CONFIG_FIT in the
image.h file. To solve this, add a new IMAGE_USE_FIT #define which can
be used in files that are built on the host but must also build for U-Boot
and SPL.

Note: Masahiro's moveconfig.py script is amazing.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Add microblaze change, various configs/ re-applies]
Signed-off-by: Tom Rini <trini@konsulko.com>