From e81495224f732f17ae6f379baf23b90cd1d5cb5f Mon Sep 17 00:00:00 2001 From: York Sun Date: Fri, 4 Dec 2015 11:57:07 -0800 Subject: Reserve secure memory Secure memory is at the end of memory, separated and reserved from OS, tracked by gd->secure_ram. Secure memory can host MMU tables, security monitor, etc. This is different from PRAM used to reserve private memory. PRAM offers memory at the top of u-boot memory, not necessarily the real end of memory for systems with very large DDR. Using the end of memory simplifies MMU setup and avoid memory fragmentation. "bdinfo" command shows gd->secure_ram value if this memory is marked as secured. Signed-off-by: York Sun --- common/board_f.c | 9 +++++++++ common/cmd_bdinfo.c | 6 ++++++ 2 files changed, 15 insertions(+) (limited to 'common') diff --git a/common/board_f.c b/common/board_f.c index b40735438b3..bd5a4862480 100644 --- a/common/board_f.c +++ b/common/board_f.c @@ -324,6 +324,15 @@ static int setup_dest_addr(void) * Ram is setup, size stored in gd !! */ debug("Ram size: %08lX\n", (ulong)gd->ram_size); +#ifdef CONFIG_SYS_MEM_RESERVE_SECURE + /* Reserve memory for secure MMU tables, and/or security monitor */ + gd->ram_size -= CONFIG_SYS_MEM_RESERVE_SECURE; + /* + * Record secure memory location. Need recalcuate if memory splits + * into banks, or the ram base is not zero. + */ + gd->secure_ram = gd->ram_size; +#endif #if defined(CONFIG_SYS_MEM_TOP_HIDE) /* * Subtract specified amount of memory to hide so that it won't diff --git a/common/cmd_bdinfo.c b/common/cmd_bdinfo.c index adda55a2630..deed6d82555 100644 --- a/common/cmd_bdinfo.c +++ b/common/cmd_bdinfo.c @@ -382,6 +382,12 @@ static int do_bdinfo(cmd_tbl_t *cmdtp, int flag, int argc, print_num("-> size", bd->bi_dram[i].size); } +#ifdef CONFIG_SYS_MEM_RESERVE_SECURE + if (gd->secure_ram & MEM_RESERVE_SECURE_SECURED) { + print_num("Secure ram", + gd->secure_ram & MEM_RESERVE_SECURE_ADDR_MASK); + } +#endif #if defined(CONFIG_CMD_NET) && !defined(CONFIG_DM_ETH) print_eths(); #endif -- cgit v1.3.1 From aabd7ddb889aec3c6c4139974f66a44e2ce46ba5 Mon Sep 17 00:00:00 2001 From: York Sun Date: Mon, 7 Dec 2015 11:05:29 -0800 Subject: common: Rewrite hiding the end of memory As the name may be confusing, the CONFIG_SYS_MEM_TOP_HIDE reserves some memory from the end of ram, tracked by gd->ram_size. It is not always the top of u-boot visible memory. Rewrite the macro with a weak function to provide flexibility for complex calcuation. Legacy use of this macro is still supported. Signed-off-by: York Sun Reviewed-by: Simon Glass --- README | 2 +- common/board_f.c | 23 +++++++++++++++-------- 2 files changed, 16 insertions(+), 9 deletions(-) (limited to 'common') diff --git a/README b/README index 6ea1af2678e..4aa2aaeb23e 100644 --- a/README +++ b/README @@ -3877,7 +3877,7 @@ Configuration Settings: the RAM base is not zero, or RAM is divided into banks, this variable needs to be recalcuated to get the address. -- CONFIG_SYS_MEM_TOP_HIDE (PPC only): +- CONFIG_SYS_MEM_TOP_HIDE: If CONFIG_SYS_MEM_TOP_HIDE is defined in the board config header, this specified memory area will get subtracted from the top (end) of RAM and won't get "touched" at all by U-Boot. By diff --git a/common/board_f.c b/common/board_f.c index bd5a4862480..8094ac4efe0 100644 --- a/common/board_f.c +++ b/common/board_f.c @@ -317,6 +317,15 @@ __weak ulong board_get_usable_ram_top(ulong total_size) return gd->ram_top; } +__weak phys_size_t board_reserve_ram_top(phys_size_t ram_size) +{ +#ifdef CONFIG_SYS_MEM_TOP_HIDE + return ram_size - CONFIG_SYS_MEM_TOP_HIDE; +#else + return ram_size; +#endif +} + static int setup_dest_addr(void) { debug("Monitor len: %08lX\n", gd->mon_len); @@ -333,19 +342,17 @@ static int setup_dest_addr(void) */ gd->secure_ram = gd->ram_size; #endif -#if defined(CONFIG_SYS_MEM_TOP_HIDE) /* * Subtract specified amount of memory to hide so that it won't * get "touched" at all by U-Boot. By fixing up gd->ram_size * the Linux kernel should now get passed the now "corrected" - * memory size and won't touch it either. This should work - * for arch/ppc and arch/powerpc. Only Linux board ports in - * arch/powerpc with bootwrapper support, that recalculate the - * memory size from the SDRAM controller setup will have to - * get fixed. + * memory size and won't touch it either. This has been used + * by arch/powerpc exclusively. Now ARMv8 takes advantage of + * thie mechanism. If memory is split into banks, addresses + * need to be calculated. */ - gd->ram_size -= CONFIG_SYS_MEM_TOP_HIDE; -#endif + gd->ram_size = board_reserve_ram_top(gd->ram_size); + #ifdef CONFIG_SYS_SDRAM_BASE gd->ram_top = CONFIG_SYS_SDRAM_BASE; #endif -- cgit v1.3.1 From 9711f52806655bcfa28fe5594b91fed430beb72e Mon Sep 17 00:00:00 2001 From: Aneesh Bansal Date: Tue, 8 Dec 2015 13:54:29 +0530 Subject: armv8/ls1043ardb: add SECURE BOOT target for NOR LS1043ARDB Secure Boot Target from NOR has been added. - Configs defined to enable esbc_validate. - ESBC Address in header is made 64 bit. - SMMU is re-configured in Bypass mode. Signed-off-by: Aneesh Bansal Reviewed-by: York Sun --- arch/arm/include/asm/arch-fsl-layerscape/config.h | 4 +-- .../include/asm/arch-fsl-layerscape/immap_lsch2.h | 2 +- arch/arm/include/asm/fsl_secure_boot.h | 6 +++- board/freescale/common/fsl_validate.c | 34 ++++++++++++++-------- board/freescale/ls1043ardb/MAINTAINERS | 5 ++++ board/freescale/ls1043ardb/ls1043ardb.c | 18 +++++++++++- common/cmd_blob.c | 6 ++-- configs/ls1043ardb_SECURE_BOOT_defconfig | 9 ++++++ include/configs/ls1043ardb.h | 10 +++++++ include/fsl_validate.h | 9 +++++- 10 files changed, 82 insertions(+), 21 deletions(-) create mode 100644 configs/ls1043ardb_SECURE_BOOT_defconfig (limited to 'common') diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h b/arch/arm/include/asm/arch-fsl-layerscape/config.h index b39281260d9..6e5224ea1c9 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/config.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h @@ -153,8 +153,8 @@ #define CONFIG_SYS_FSL_PCIE_COMPAT "fsl,qoriq-pcie-v2.4" #define CONFIG_SYS_FSL_SFP_VER_3_2 -#define CONFIG_SYS_FSL_SNVS_LE -#define CONFIG_SYS_FSL_SEC_LE +#define CONFIG_SYS_FSL_SEC_MON_BE +#define CONFIG_SYS_FSL_SEC_BE #define CONFIG_SYS_FSL_SFP_BE #define CONFIG_SYS_FSL_SRK_LE #define CONFIG_KEY_REVOCATION diff --git a/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch2.h b/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch2.h index 83caa918bd4..e7def3ac4a2 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch2.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/immap_lsch2.h @@ -38,7 +38,7 @@ #define CONFIG_SYS_PCIE3_ADDR (CONFIG_SYS_IMMR + 0x2600000) #define CONFIG_SYS_FSL_SEC_ADDR (CONFIG_SYS_IMMR + 0x700000) #define CONFIG_SYS_FSL_JR0_ADDR (CONFIG_SYS_IMMR + 0x710000) -#define CONFIG_SYS_SNVS_ADDR (CONFIG_SYS_IMMR + 0xe90000) +#define CONFIG_SYS_SEC_MON_ADDR (CONFIG_SYS_IMMR + 0xe90000) #define CONFIG_SYS_SFP_ADDR (CONFIG_SYS_IMMR + 0xe80200) #define CONFIG_SYS_FSL_TIMER_ADDR 0x02b00000 diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index f2d4c3c5f99..806302bc610 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -11,13 +11,17 @@ #define CONFIG_CMD_ESBC_VALIDATE #define CONFIG_FSL_SEC_MON #define CONFIG_SHA_PROG_HW_ACCEL -#define CONFIG_DM #define CONFIG_RSA #define CONFIG_RSA_FREESCALE_EXP + #ifndef CONFIG_FSL_CAAM #define CONFIG_FSL_CAAM #endif +#ifndef CONFIG_DM +#define CONFIG_DM +#endif + #define CONFIG_KEY_REVOCATION #ifndef CONFIG_SYS_RAMBOOT /* The key used for verification of next level images diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c index 73b6718db9c..b510c71c409 100644 --- a/board/freescale/common/fsl_validate.c +++ b/board/freescale/common/fsl_validate.c @@ -15,7 +15,7 @@ #include #include #include -#ifndef CONFIG_MPC85xx +#ifdef CONFIG_LS102XA #include #endif @@ -99,7 +99,8 @@ int get_csf_base_addr(u32 *csf_addr, u32 *flash_base_addr) struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR); u32 csf_hdr_addr = in_be32(&gur->scratchrw[0]); - if (memcmp((u8 *)csf_hdr_addr, barker_code, ESBC_BARKER_LEN)) + if (memcmp((u8 *)(uintptr_t)csf_hdr_addr, + barker_code, ESBC_BARKER_LEN)) return -1; *csf_addr = csf_hdr_addr; @@ -117,7 +118,7 @@ static int get_ie_info_addr(u32 *ie_addr) if (get_csf_base_addr(&csf_addr, &flash_base_addr)) return -1; - hdr = (struct fsl_secboot_img_hdr *)csf_addr; + hdr = (struct fsl_secboot_img_hdr *)(uintptr_t)csf_addr; /* For SoC's with Trust Architecture v1 with corenet bus * the sg table field in CSF header has absolute address @@ -130,7 +131,7 @@ static int get_ie_info_addr(u32 *ie_addr) (((u32)hdr->psgtable & ~(CONFIG_SYS_PBI_FLASH_BASE)) + flash_base_addr); #else - sg_tbl = (struct fsl_secboot_sg_table *)(csf_addr + + sg_tbl = (struct fsl_secboot_sg_table *)(uintptr_t)(csf_addr + (u32)hdr->psgtable); #endif @@ -379,8 +380,8 @@ static int calc_img_key_hash(struct fsl_secboot_img_priv *img) #ifdef CONFIG_KEY_REVOCATION if (check_srk(img)) { ret = algo->hash_update(algo, ctx, - (u8 *)(img->ehdrloc + img->hdr.srk_tbl_off), - img->hdr.len_kr.num_srk * sizeof(struct srk_table), 1); + (u8 *)(uintptr_t)(img->ehdrloc + img->hdr.srk_tbl_off), + img->hdr.len_kr.num_srk * sizeof(struct srk_table), 1); srk = 1; } #endif @@ -438,8 +439,8 @@ static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img) #ifdef CONFIG_KEY_REVOCATION if (check_srk(img)) { ret = algo->hash_update(algo, ctx, - (u8 *)(img->ehdrloc + img->hdr.srk_tbl_off), - img->hdr.len_kr.num_srk * sizeof(struct srk_table), 0); + (u8 *)(uintptr_t)(img->ehdrloc + img->hdr.srk_tbl_off), + img->hdr.len_kr.num_srk * sizeof(struct srk_table), 0); key_hash = 1; } #endif @@ -454,8 +455,13 @@ static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img) return ret; /* Update hash for actual Image */ +#ifdef CONFIG_ESBC_ADDR_64BIT ret = algo->hash_update(algo, ctx, - (u8 *)img->hdr.pimg, img->hdr.img_size, 1); + (u8 *)(uintptr_t)img->hdr.pimg64, img->hdr.img_size, 1); +#else + ret = algo->hash_update(algo, ctx, + (u8 *)(uintptr_t)img->hdr.pimg, img->hdr.img_size, 1); +#endif if (ret) return ret; @@ -533,7 +539,7 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) { char buf[20]; struct fsl_secboot_img_hdr *hdr = &img->hdr; - void *esbc = (u8 *)img->ehdrloc; + void *esbc = (u8 *)(uintptr_t)img->ehdrloc; u8 *k, *s; #ifdef CONFIG_KEY_REVOCATION u32 ret; @@ -549,7 +555,11 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) if (memcmp(hdr->barker, barker_code, ESBC_BARKER_LEN)) return ERROR_ESBC_CLIENT_HEADER_BARKER; +#ifdef CONFIG_ESBC_ADDR_64BIT + sprintf(buf, "%llx", hdr->pimg64); +#else sprintf(buf, "%x", hdr->pimg); +#endif setenv("img_addr", buf); if (!hdr->img_size) @@ -594,7 +604,7 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) if (!key_found && check_ie(img)) { if (get_ie_info_addr(&img->ie_addr)) return ERROR_IE_TABLE_NOT_FOUND; - ie_info = (struct ie_key_info *)img->ie_addr; + ie_info = (struct ie_key_info *)(uintptr_t)img->ie_addr; if (ie_info->num_keys == 0 || ie_info->num_keys > 32) return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY; @@ -748,7 +758,7 @@ int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc, hdr = &img->hdr; img->ehdrloc = addr; - esbc = (u8 *)img->ehdrloc; + esbc = (u8 *)(uintptr_t)img->ehdrloc; memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr)); diff --git a/board/freescale/ls1043ardb/MAINTAINERS b/board/freescale/ls1043ardb/MAINTAINERS index efca5bf2455..84ffb638d8e 100644 --- a/board/freescale/ls1043ardb/MAINTAINERS +++ b/board/freescale/ls1043ardb/MAINTAINERS @@ -7,3 +7,8 @@ F: include/configs/ls1043ardb.h F: configs/ls1043ardb_defconfig F: configs/ls1043ardb_nand_defconfig F: configs/ls1043ardb_sdcard_defconfig + +LS1043A_SECURE_BOOT BOARD +M: Aneesh Bansal +S: Maintained +F: configs/ls1043ardb_SECURE_BOOT_defconfig diff --git a/board/freescale/ls1043ardb/ls1043ardb.c b/board/freescale/ls1043ardb/ls1043ardb.c index 4556ea8ad11..c8f723a1085 100644 --- a/board/freescale/ls1043ardb/ls1043ardb.c +++ b/board/freescale/ls1043ardb/ls1043ardb.c @@ -18,6 +18,8 @@ #include #include #include +#include +#include #include "cpld.h" DECLARE_GLOBAL_DATA_PTR; @@ -123,7 +125,21 @@ int config_board_mux(void) int misc_init_r(void) { config_board_mux(); - +#ifdef CONFIG_SECURE_BOOT + /* In case of Secure Boot, the IBR configures the SMMU + * to allow only Secure transactions. + * SMMU must be reset in bypass mode. + * Set the ClientPD bit and Clear the USFCFG Bit + */ + u32 val; + val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK); + out_le32(SMMU_SCR0, val); + val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK); + out_le32(SMMU_NSCR0, val); +#endif +#ifdef CONFIG_FSL_CAAM + return sec_init(); +#endif return 0; } #endif diff --git a/common/cmd_blob.c b/common/cmd_blob.c index d3f22a1afc9..ac8b268e0b8 100644 --- a/common/cmd_blob.c +++ b/common/cmd_blob.c @@ -73,9 +73,9 @@ static int do_blob(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) len = simple_strtoul(argv[4], NULL, 16); key_addr = simple_strtoul(argv[5], NULL, 16); - km_ptr = (uint8_t *)key_addr; - src_ptr = (uint8_t *)src_addr; - dst_ptr = (uint8_t *)dst_addr; + km_ptr = (uint8_t *)(uintptr_t)key_addr; + src_ptr = (uint8_t *)(uintptr_t)src_addr; + dst_ptr = (uint8_t *)(uintptr_t)dst_addr; if (enc) ret = blob_encap(km_ptr, src_ptr, dst_ptr, len); diff --git a/configs/ls1043ardb_SECURE_BOOT_defconfig b/configs/ls1043ardb_SECURE_BOOT_defconfig new file mode 100644 index 00000000000..d9d6c97809e --- /dev/null +++ b/configs/ls1043ardb_SECURE_BOOT_defconfig @@ -0,0 +1,9 @@ +CONFIG_ARM=y +CONFIG_TARGET_LS1043ARDB=y +CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, SECURE_BOOT" +CONFIG_SYS_NS16550=y +CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1043a-rdb" +CONFIG_OF_CONTROL=y +CONFIG_DM=y +CONFIG_SPI_FLASH=y +CONFIG_DM_SPI=y \ No newline at end of file diff --git a/include/configs/ls1043ardb.h b/include/configs/ls1043ardb.h index 683407499a5..585114f3d58 100644 --- a/include/configs/ls1043ardb.h +++ b/include/configs/ls1043ardb.h @@ -291,4 +291,14 @@ #define CONFIG_CMD_EXT2 #endif +#ifdef CONFIG_SECURE_BOOT +#define CONFIG_CMD_HASH +#define CONFIG_SHA_HW_ACCEL +#define CONFIG_CMD_BLOB +/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit */ +#define CONFIG_ESBC_ADDR_64BIT +#endif + +#include + #endif /* __LS1043ARDB_H__ */ diff --git a/include/fsl_validate.h b/include/fsl_validate.h index 92dd98bb615..a62dc74e694 100644 --- a/include/fsl_validate.h +++ b/include/fsl_validate.h @@ -83,7 +83,9 @@ struct fsl_secboot_img_hdr { u32 sign_len; /* length of the signature in bytes */ union { u32 psgtable; /* ptr to SG table */ +#ifndef CONFIG_ESBC_ADDR_64BIT u32 pimg; /* ptr to ESBC client image */ +#endif }; union { u32 sg_entries; /* no of entries in SG table */ @@ -97,7 +99,12 @@ struct fsl_secboot_img_hdr { u32 reserved1[2]; u32 fsl_uid_1; u32 oem_uid_1; - u32 reserved2[2]; + union { + u32 reserved2[2]; +#ifdef CONFIG_ESBC_ADDR_64BIT + u64 pimg64; /* 64 bit pointer to ESBC Image */ +#endif + }; u32 ie_flag; u32 ie_key_sel; }; -- cgit v1.3.1