From b8bf0adc12f833f759cd69f88d83cd950c0b52cd Mon Sep 17 00:00:00 2001 From: Shaveta Leekha Date: Mon, 19 Jan 2015 12:46:54 +0530 Subject: powerpc/mpc85xx: Add DSP side awareness for Freescale Heterogeneous SoCs The code provides framework for heterogeneous multicore chips based on StarCore and Power Architecture which are chasis-2 compliant, like B4860 and B4420 It will make u-boot recognize all non-ppc cores and peripherals like SC3900/DSP CPUs, MAPLE, CPRI and print their configuration in u-boot logs. Example boot logs of B4860QDS: U-Boot 2015.01-00232-geef6e36-dirty (Jan 19 2015 - 11:58:45) CPU0: B4860E, Version: 2.2, (0x86880022) Core: e6500, Version: 2.0, (0x80400120) Clock Configuration: CPU0:1600 MHz, CPU1:1600 MHz, CPU2:1600 MHz, CPU3:1600 MHz, DSP CPU0:1200 MHz, DSP CPU1:1200 MHz, DSP CPU2:1200 MHz, DSP CPU3:1200 MHz, DSP CPU4:1200 MHz, DSP CPU5:1200 MHz, CCB:666.667 MHz, DDR:933.333 MHz (1866.667 MT/s data rate) (Asynchronous), IFC:166.667 MHz CPRI:600 MHz MAPLE:600 MHz, MAPLE-ULB:800 MHz, MAPLE-eTVPE:1000 MHz FMAN1: 666.667 MHz QMAN: 333.333 MHz Top level changes include: (1) Top level CONFIG to identify HETEROGENUOUS clusters (2) CONFIGS for SC3900/DSP components (3) Global structures like "cpu_type" and "MPC85xx_SYS_INFO" updated for dsp cores and other components (3) APIs to get DSP num cores and their Mask like: cpu_dsp_mask, cpu_num_dspcores etc same as that of PowerPC (5) Code to fetch and print SC cores and other heterogenous device's frequencies (6) README added for the same Signed-off-by: Shaveta Leekha Reviewed-by: York Sun --- include/common.h | 2 ++ include/e500.h | 11 +++++++++++ 2 files changed, 13 insertions(+) (limited to 'include') diff --git a/include/common.h b/include/common.h index 77c55c6f26d..6df05b8bb1a 100644 --- a/include/common.h +++ b/include/common.h @@ -553,7 +553,9 @@ static inline int cpumask_next(int cpu, unsigned int mask) iter++, cpu = cpumask_next(cpu, mask)) \ int cpu_numcores (void); +int cpu_num_dspcores(void); u32 cpu_mask (void); +u32 cpu_dsp_mask(void); int is_core_valid (unsigned int); int probecpu (void); int checkcpu (void); diff --git a/include/e500.h b/include/e500.h index 5884a224d24..255f46bf1e5 100644 --- a/include/e500.h +++ b/include/e500.h @@ -11,6 +11,9 @@ typedef struct { unsigned long freq_processor[CONFIG_MAX_CPUS]; +#ifdef CONFIG_HETROGENOUS_CLUSTERS + unsigned long freq_processor_dsp[CONFIG_MAX_DSP_CPUS]; +#endif unsigned long freq_systembus; unsigned long freq_ddrbus; unsigned long freq_localbus; @@ -24,6 +27,14 @@ typedef struct #ifdef CONFIG_SYS_DPAA_PME unsigned long freq_pme; #endif +#ifdef CONFIG_SYS_CPRI + unsigned long freq_cpri; +#endif +#ifdef CONFIG_SYS_MAPLE + unsigned long freq_maple; + unsigned long freq_maple_ulb; + unsigned long freq_maple_etvpe; +#endif #ifdef CONFIG_SYS_FSL_SINGLE_SOURCE_CLK unsigned char diff_sysclk; #endif -- cgit v1.2.3 From 2372e283e56c5edc09f1c900c4b806d78a38d177 Mon Sep 17 00:00:00 2001 From: vijay rai Date: Tue, 3 Feb 2015 13:02:41 +0000 Subject: mpc85xx/t104xrdb : remove raw timing parameter This board uses DDR DIMM. Reading SPD provides more flexibility. Raw timing parameter code should be removed after debugging. Signed-off-by: Vijay Rai Reviewed-by: York Sun --- include/configs/T104xRDB.h | 1 - 1 file changed, 1 deletion(-) (limited to 'include') diff --git a/include/configs/T104xRDB.h b/include/configs/T104xRDB.h index d47f1be6851..52633181ad4 100644 --- a/include/configs/T104xRDB.h +++ b/include/configs/T104xRDB.h @@ -220,7 +220,6 @@ #define CONFIG_CHIP_SELECTS_PER_CTRL (2 * CONFIG_DIMM_SLOTS_PER_CTLR) #define CONFIG_DDR_SPD -#define CONFIG_SYS_DDR_RAW_TIMING #define CONFIG_SYS_FSL_DDR3 #define CONFIG_SYS_SPD_BUS_NUM 0 -- cgit v1.2.3 From a2e225e65df3d0fe0ddefec77a3db05b881d1e68 Mon Sep 17 00:00:00 2001 From: gaurav rana Date: Fri, 27 Feb 2015 09:43:49 +0530 Subject: fsl_sfp : Move ccsr_sfp_regs definition to common include Freescale sfp has been used for mpc8xxx. It will be used for ARM-based SoC as well. This patch moves the CCSR defintion of sfp_regs to common include. This patch also defines ccsr_sfp_regs definition for newer versions of SFP. Signed-off-by: Ruchika Gupta Signed-off-by: Gaurav Rana Reviewed-by: York Sun --- include/fsl_sfp.h | 85 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 include/fsl_sfp.h (limited to 'include') diff --git a/include/fsl_sfp.h b/include/fsl_sfp.h new file mode 100644 index 00000000000..353a123ee55 --- /dev/null +++ b/include/fsl_sfp.h @@ -0,0 +1,85 @@ +/* + * Copyright 2015 Freescale Semiconductor, Inc. + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#ifndef _FSL_SFP_SNVS_ +#define _FSL_SFP_SNVS_ + +#include +#include +#include + +#ifdef CONFIG_SYS_FSL_SRK_LE +#define srk_in32(a) in_le32(a) +#else +#define srk_in32(a) in_be32(a) +#endif + +#ifdef CONFIG_SYS_FSL_SFP_LE +#define sfp_in32(a) in_le32(a) +#define sfp_out32(a, v) out_le32(a, v) +#define sfp_in16(a) in_le16(a) +#elif defined(CONFIG_SYS_FSL_SFP_BE) +#define sfp_in32(a) in_be32(a) +#define sfp_out32(a, v) out_be32(a, v) +#define sfp_in16(a) in_be16(a) +#else +#error Neither CONFIG_SYS_FSL_SFP_LE nor CONFIG_SYS_FSL_SFP_BE is defined +#endif + +/* Number of SRKH registers */ +#define NUM_SRKH_REGS 8 + +#ifdef CONFIG_SYS_FSL_SFP_VER_3_2 +struct ccsr_sfp_regs { + u32 ospr; /* 0x200 */ + u32 ospr1; /* 0x204 */ + u32 reserved1[4]; + u32 fswpr; /* 0x218 FSL Section Write Protect */ + u32 fsl_uid; /* 0x21c FSL UID 0 */ + u32 fsl_uid_1; /* 0x220 FSL UID 0 */ + u32 reserved2[12]; + u32 srk_hash[8]; /* 0x254 Super Root Key Hash */ + u32 oem_uid; /* 0x274 OEM UID 0*/ + u32 oem_uid_1; /* 0x278 OEM UID 1*/ + u32 oem_uid_2; /* 0x27c OEM UID 2*/ + u32 oem_uid_3; /* 0x280 OEM UID 3*/ + u32 oem_uid_4; /* 0x284 OEM UID 4*/ + u32 reserved3[8]; +}; +#elif defined(CONFIG_SYS_FSL_SFP_VER_3_0) +struct ccsr_sfp_regs { + u32 ospr; /* 0x200 */ + u32 reserved0[14]; + u32 srk_hash[NUM_SRKH_REGS]; /* 0x23c Super Root Key Hash */ + u32 oem_uid; /* 0x9c OEM Unique ID */ + u8 reserved2[0x04]; + u32 ovpr; /* 0xA4 Intent To Secure */ + u8 reserved4[0x08]; + u32 fsl_uid; /* 0xB0 FSL Unique ID */ + u8 reserved5[0x04]; + u32 fsl_spfr0; /* Scratch Pad Fuse Register 0 */ + u32 fsl_spfr1; /* Scratch Pad Fuse Register 1 */ + +}; +#else +struct ccsr_sfp_regs { + u8 reserved0[0x40]; + u32 ospr; /* 0x40 OEM Security Policy Register */ + u8 reserved2[0x38]; + u32 srk_hash[8]; /* 0x7c Super Root Key Hash */ + u32 oem_uid; /* 0x9c OEM Unique ID */ + u8 reserved4[0x4]; + u32 ovpr; /* 0xA4 OEM Validation Policy Register */ + u8 reserved8[0x8]; + u32 fsl_uid; /* 0xB0 FSL Unique ID */ +}; +#endif +#define ITS_MASK 0x00000004 +#define ITS_BIT 2 +#define OSPR_KEY_REVOC_SHIFT 13 +#define OSPR_KEY_REVOC_MASK 0x0000e000 + +#endif -- cgit v1.2.3 From fe78378d7df90541c09b279b67ce79ebbdca93d5 Mon Sep 17 00:00:00 2001 From: gaurav rana Date: Fri, 27 Feb 2015 09:44:22 +0530 Subject: fsl_sec_mon: Add driver for Security Monitor block of Freescale MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Security Monitor is the SOC’s central reporting point for security-relevant events such as the success or failure of boot software validation and the detection of potential security compromises. The API's for transition of Security states have been added which will be used in case of SECURE BOOT. Signed-off-by: Ruchika Gupta Signed-off-by: Gaurav Rana Reviewed-by: York Sun --- include/fsl_sec_mon.h | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 include/fsl_sec_mon.h (limited to 'include') diff --git a/include/fsl_sec_mon.h b/include/fsl_sec_mon.h new file mode 100644 index 00000000000..b6794cefcc5 --- /dev/null +++ b/include/fsl_sec_mon.h @@ -0,0 +1,58 @@ +/* + * Common internal memory map for some Freescale SoCs + * + * Copyright 2015 Freescale Semiconductor, Inc. + * SPDX-License-Identifier: GPL-2.0+ + */ + +#ifndef __FSL_SEC_MON_H +#define __FSL_SEC_MON_H + +#include +#include + +#ifdef CONFIG_SYS_FSL_SEC_MON_LE +#define sec_mon_in32(a) in_le32(a) +#define sec_mon_out32(a, v) out_le32(a, v) +#define sec_mon_in16(a) in_le16(a) +#define sec_mon_clrbits32 clrbits_le32 +#define sec_mon_setbits32 setbits_le32 +#elif defined(CONFIG_SYS_FSL_SEC_MON_BE) +#define sec_mon_in32(a) in_be32(a) +#define sec_mon_out32(a, v) out_be32(a, v) +#define sec_mon_in16(a) in_be16(a) +#define sec_mon_clrbits32 clrbits_be32 +#define sec_mon_setbits32 setbits_be32 +#else +#error Neither CONFIG_SYS_FSL_SEC_MON_LE nor CONFIG_SYS_FSL_SEC_MON_BE defined +#endif + +struct ccsr_sec_mon_regs { + u8 reserved0[0x04]; + u32 hp_com; /* 0x04 SEC_MON_HP Command Register */ + u8 reserved2[0x0c]; + u32 hp_stat; /* 0x08 SEC_MON_HP Status Register */ +}; + +#define HPCOMR_SW_SV 0x100 /* Security Violation bit */ +#define HPCOMR_SW_FSV 0x200 /* Fatal Security Violation bit */ +#define HPCOMR_SSM_ST 0x1 /* SSM_ST field in SEC_MON command */ +#define HPSR_SSM_ST_CHECK 0x900 /* SEC_MON is in check state */ +#define HPSR_SSM_ST_NON_SECURE 0xb00 /* SEC_MON is in non secure state */ +#define HPSR_SSM_ST_TRUST 0xd00 /* SEC_MON is in trusted state */ +#define HPSR_SSM_ST_SOFT_FAIL 0x300 /* SEC_MON is in soft fail state */ +#define HPSR_SSM_ST_MASK 0xf00 /* Mask for SSM_ST field */ + +/* + * SEC_MON read. This specifies the possible reads + * from the SEC_MON + */ +enum { + SEC_MON_SSM_ST, + SEC_MON_SW_FSV, + SEC_MON_SW_SV, +}; + +int change_sec_mon_state(uint32_t initial_state, uint32_t final_state); + +#endif /* __FSL_SEC_MON_H */ -- cgit v1.2.3 From 47151e4bcc10d87247e0a4809e6761b4477aa80b Mon Sep 17 00:00:00 2001 From: gaurav rana Date: Fri, 27 Feb 2015 09:45:35 +0530 Subject: SECURE BOOT: Add command for validation of images 1. esbc_validate command is meant for validating header and signature of images (Boot Script and ESBC uboot client). SHA-256 and RSA operations are performed using SEC block in HW. This command works on both PBL based and Non PBL based Freescale platforms. Command usage: esbc_validate img_hdr_addr [pub_key_hash] 2. ESBC uboot client can be linux. Additionally, rootfs and device tree blob can also be signed. 3. In the event of header or signature failure in validation, ITS and ITF bits determine further course of action. 4. In case of soft failure, appropriate error is dumped on console. 5. In case of hard failure, SoC is issued RESET REQUEST after dumping error on the console. 6. KEY REVOCATION Feature: QorIQ platforms like B4/T4 have support of srk key table and key revocation in ISBC code in Silicon. The srk key table allows the user to have a key table with multiple keys and revoke any key in case of particular key gets compromised. In case the ISBC code uses the key revocation and srk key table to verify the u-boot code, the subsequent chain of trust should also use the same. 6. ISBC KEY EXTENSION Feature: This feature allows large number of keys to be used for esbc validation of images. A set of public keys is being signed and validated by ISBC which can be further used for esbc validation of images. Signed-off-by: Ruchika Gupta Signed-off-by: Gaurav Rana Reviewed-by: York Sun --- include/fsl_secboot_err.h | 128 +++++++++++++++++++++++++++++ include/fsl_validate.h | 199 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 327 insertions(+) create mode 100644 include/fsl_secboot_err.h create mode 100644 include/fsl_validate.h (limited to 'include') diff --git a/include/fsl_secboot_err.h b/include/fsl_secboot_err.h new file mode 100644 index 00000000000..afc50a80caf --- /dev/null +++ b/include/fsl_secboot_err.h @@ -0,0 +1,128 @@ +/* + * Copyright 2015 Freescale Semiconductor, Inc. + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#ifndef _FSL_SECBOOT_ERR_H +#define _FSL_SECBOOT_ERR_H + +#define ERROR_ESBC_PAMU_INIT 0x100000 +#define ERROR_ESBC_SEC_RESET 0x200000 +#define ERROR_ESBC_SEC_INIT 0x400000 +#define ERROR_ESBC_SEC_DEQ 0x800000 +#define ERROR_ESBC_SEC_DEQ_TO 0x1000000 +#define ERROR_ESBC_SEC_ENQ 0x2000000 +#define ERROR_ESBC_SEC_JOBQ_STATUS 0x4000000 +#define ERROR_ESBC_CLIENT_CPUID_NO_MATCH 0x1 +#define ERROR_ESBC_CLIENT_HDR_LOC 0x2 +#define ERROR_ESBC_CLIENT_HEADER_BARKER 0x4 +#define ERROR_ESBC_CLIENT_HEADER_KEY_LEN 0x8 +#define ERROR_ESBC_CLIENT_HEADER_SIG_LEN 0x10 +#define ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED 0x11 +#define ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY 0x12 +#define ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM 0x13 +#define ERROR_ESBC_CLIENT_HEADER_INV_SRK_ENTRY_KEYLEN 0x14 +#define ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED 0x15 +#define ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY 0x16 +#define ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM 0x17 +#define ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN 0x18 +#define ERROR_IE_TABLE_NOT_FOUND 0x19 +#define ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN 0x20 +#define ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1 0x40 +#define ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2 0x80 +#define ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD 0x100 +#define ERROR_ESBC_CLIENT_HEADER_SG_ESBC_EP 0x200 +#define ERROR_ESBC_CLIENT_HASH_COMPARE_KEY 0x400 +#define ERROR_ESBC_CLIENT_HASH_COMPARE_EM 0x800 +#define ERROR_ESBC_CLIENT_SSM_TRUSTSTS 0x1000 +#define ERROR_ESBC_CLIENT_BAD_ADDRESS 0x2000 +#define ERROR_ESBC_CLIENT_MISC 0x4000 +#define ERROR_ESBC_CLIENT_HEADER_SG_ENTIRES_BAD 0x8000 +#define ERROR_ESBC_CLIENT_HEADER_SG 0x10000 +#define ERROR_ESBC_CLIENT_HEADER_IMG_SIZE 0x20000 +#define ERROR_ESBC_WRONG_CMD 0x40000 +#define ERROR_ESBC_MISSING_BOOTM 0x80000 +#define ERROR_ESBC_CLIENT_MAX 0x0 + +struct fsl_secboot_errcode { + int errcode; + const char *name; +}; + +static const struct fsl_secboot_errcode fsl_secboot_errcodes[] = { + { ERROR_ESBC_PAMU_INIT, + "Error in initializing PAMU"}, + { ERROR_ESBC_SEC_RESET, + "Error in resetting Job ring of SEC"}, + { ERROR_ESBC_SEC_INIT, + "Error in initializing SEC"}, + { ERROR_ESBC_SEC_ENQ, + "Error in enqueue operation by SEC"}, + { ERROR_ESBC_SEC_DEQ_TO, + "Dequeue operation by SEC is timed out"}, + { ERROR_ESBC_SEC_DEQ, + "Error in dequeue operation by SEC"}, + { ERROR_ESBC_SEC_JOBQ_STATUS, + "Error in status of the job submitted to SEC"}, + { ERROR_ESBC_CLIENT_CPUID_NO_MATCH, + "Current core is not boot core i.e core0" }, + { ERROR_ESBC_CLIENT_HDR_LOC, + "Header address not in allowed memory range" }, + { ERROR_ESBC_CLIENT_HEADER_BARKER, + "Wrong barker code in header" }, + { ERROR_ESBC_CLIENT_HEADER_KEY_LEN, + "Wrong public key length in header" }, + { ERROR_ESBC_CLIENT_HEADER_SIG_LEN, + "Wrong signature length in header" }, + { ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN, + "Public key length not twice of signature length" }, + { ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1, + "Public key Modulus most significant bit not set" }, + { ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2, + "Public key Modulus in header not odd" }, + { ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD, + "Signature not less than modulus" }, + { ERROR_ESBC_CLIENT_HEADER_SG_ESBC_EP, + "Entry point not in allowed space or one of the SG entries" }, + { ERROR_ESBC_CLIENT_HASH_COMPARE_KEY, + "Public key hash comparison failed" }, + { ERROR_ESBC_CLIENT_HASH_COMPARE_EM, + "RSA verification failed" }, + { ERROR_ESBC_CLIENT_SSM_TRUSTSTS, + "SNVS not in TRUSTED state" }, + { ERROR_ESBC_CLIENT_BAD_ADDRESS, + "Bad address error" }, + { ERROR_ESBC_CLIENT_MISC, + "Miscallaneous error" }, + { ERROR_ESBC_CLIENT_HEADER_SG, + "No SG support" }, + { ERROR_ESBC_CLIENT_HEADER_IMG_SIZE, + "Invalid Image size" }, + { ERROR_ESBC_WRONG_CMD, + "Unknown cmd/Wrong arguments. Core in infinite loop"}, + { ERROR_ESBC_MISSING_BOOTM, + "Bootm command missing from bootscript" }, + { ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED, + "Selected key is revoked" }, + { ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY, + "Wrong key entry" }, + { ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM, + "Wrong key is selected" }, + { ERROR_ESBC_CLIENT_HEADER_INV_SRK_ENTRY_KEYLEN, + "Wrong srk public key len in header" }, + { ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED, + "Selected IE key is revoked" }, + { ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY, + "Wrong key entry in IE Table" }, + { ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM, + "Wrong IE key is selected" }, + { ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN, + "Wrong IE public key len in header" }, + { ERROR_IE_TABLE_NOT_FOUND, + "Information about IE Table missing" }, + { ERROR_ESBC_CLIENT_MAX, "NULL" } +}; + +void fsl_secboot_handle_error(int error); +#endif diff --git a/include/fsl_validate.h b/include/fsl_validate.h new file mode 100644 index 00000000000..c4605349a67 --- /dev/null +++ b/include/fsl_validate.h @@ -0,0 +1,199 @@ +/* + * Copyright 2015 Freescale Semiconductor, Inc. + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#ifndef _FSL_VALIDATE_H_ +#define _FSL_VALIDATE_H_ + +#include +#include +#include +#include + +#define WORD_SIZE 4 + +/* Minimum and maximum size of RSA signature length in bits */ +#define KEY_SIZE 4096 +#define KEY_SIZE_BYTES (KEY_SIZE/8) +#define KEY_SIZE_WORDS (KEY_SIZE_BYTES/(WORD_SIZE)) + +extern struct jobring jr; + +#ifdef CONFIG_KEY_REVOCATION +/* Srk table and key revocation check */ +#define SRK_FLAG 0x01 +#define UNREVOCABLE_KEY 4 +#define ALIGN_REVOC_KEY 3 +#define MAX_KEY_ENTRIES 4 +#endif + +/* Barker code size in bytes */ +#define ESBC_BARKER_LEN 4 /* barker code length in ESBC uboot client */ + /* header */ + +/* No-error return values */ +#define ESBC_VALID_HDR 0 /* header is valid */ + +/* Maximum number of SG entries allowed */ +#define MAX_SG_ENTRIES 8 + +/* + * ESBC uboot client header structure. + * The struct contain the following fields + * barker code + * public key offset + * pub key length + * signature offset + * length of the signature + * ptr to SG table + * no of entries in SG table + * esbc ptr + * size of esbc + * esbc entry point + * Scatter gather flag + * UID flag + * FSL UID + * OEM UID + * Here, pub key is modulus concatenated with exponent + * of equal length + */ +struct fsl_secboot_img_hdr { + u8 barker[ESBC_BARKER_LEN]; /* barker code */ + union { + u32 pkey; /* public key offset */ +#ifdef CONFIG_KEY_REVOCATION + u32 srk_tbl_off; +#endif + }; + + union { + u32 key_len; /* pub key length in bytes */ +#ifdef CONFIG_KEY_REVOCATION + struct { + u32 srk_table_flag:8; + u32 srk_sel:8; + u32 num_srk:16; + } len_kr; +#endif + }; + + u32 psign; /* signature offset */ + u32 sign_len; /* length of the signature in bytes */ + union { + struct fsl_secboot_sg_table *psgtable; /* ptr to SG table */ + u8 *pimg; /* ptr to ESBC client image */ + }; + union { + u32 sg_entries; /* no of entries in SG table */ + u32 img_size; /* ESBC client image size in bytes */ + }; + ulong img_start; /* ESBC client entry point */ + u32 sg_flag; /* Scatter gather flag */ + u32 uid_flag; + u32 fsl_uid_0; + u32 oem_uid_0; + u32 reserved1[2]; + u32 fsl_uid_1; + u32 oem_uid_1; + u32 reserved2[2]; + u32 ie_flag; + u32 ie_key_sel; +}; + +#if defined(CONFIG_FSL_ISBC_KEY_EXT) +struct ie_key_table { + u32 key_len; + u8 pkey[2 * KEY_SIZE_BYTES]; +}; + +struct ie_key_info { + uint32_t key_revok; + uint32_t num_keys; + struct ie_key_table ie_key_tbl[32]; +}; +#endif + +#ifdef CONFIG_KEY_REVOCATION +struct srk_table { + u32 key_len; + u8 pkey[2 * KEY_SIZE_BYTES]; +}; +#endif + +/* + * SG table. + */ +#if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET) +/* + * This struct contains the following fields + * length of the segment + * source address + */ +struct fsl_secboot_sg_table { + u32 len; /* length of the segment in bytes */ + ulong src_addr; /* ptr to the data segment */ +}; +#else +/* + * This struct contains the following fields + * length of the segment + * Destination Target ID + * source address + * destination address + */ +struct fsl_secboot_sg_table { + u32 len; + u32 trgt_id; + ulong src_addr; + ulong dst_addr; +}; +#endif + +/* + * ESBC private structure. + * Private structure used by ESBC to store following fields + * ESBC client key + * ESBC client key hash + * ESBC client Signature + * Encoded hash recovered from signature + * Encoded hash of ESBC client header plus ESBC client image + */ +struct fsl_secboot_img_priv { + uint32_t hdr_location; + ulong ie_addr; + u32 key_len; + struct fsl_secboot_img_hdr hdr; + + u8 img_key[2 * KEY_SIZE_BYTES]; /* ESBC client key */ + u8 img_key_hash[32]; /* ESBC client key hash */ + +#ifdef CONFIG_KEY_REVOCATION + struct srk_table srk_tbl[MAX_KEY_ENTRIES]; +#endif + u8 img_sign[KEY_SIZE_BYTES]; /* ESBC client signature */ + + u8 img_encoded_hash[KEY_SIZE_BYTES]; /* EM wrt RSA PKCSv1.5 */ + /* Includes hash recovered after + * signature verification + */ + + u8 img_encoded_hash_second[KEY_SIZE_BYTES];/* EM' wrt RSA PKCSv1.5 */ + /* Includes hash of + * ESBC client header plus + * ESBC client image + */ + + struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */ + u32 ehdrloc; /* ESBC client location */ +}; + +int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc, + char * const argv[]); +int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc, + char * const argv[]); +int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc, + char * const argv[]); + +#endif -- cgit v1.2.3