]> git.sur5r.net Git - u-boot/commitdiff
powerpc/mpc85xx: SECURE BOOT- NAND secure boot target for P3041
authorAneesh Bansal <aneesh.bansal@freescale.com>
Tue, 16 Jun 2015 05:06:00 +0000 (10:36 +0530)
committerYork Sun <yorksun@freescale.com>
Fri, 31 Jul 2015 15:50:18 +0000 (08:50 -0700)
Secure Boot Target is added for NAND for P3041.
For mpc85xx SoCs, the core begins execution from address 0xFFFFFFFC.
In case of secure boot, this default address maps to Boot ROM.
The Boot ROM code requires that the bootloader(U-boot) must lie
in 0 to 3.5G address space i.e. 0x0 - 0xDFFFFFFF.

In case of NAND Secure Boot, CONFIG_SYS_RAMBOOT is enabled and CPC is
configured as SRAM. U-Boot binary will be located on SRAM configured
at address 0xBFF00000.
In the U-Boot code, TLB entries are created to map the virtual address
0xFFF00000 to physical address 0xBFF00000 of CPC configured as SRAM.

Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
Makefile
arch/powerpc/cpu/mpc85xx/start.S
arch/powerpc/include/asm/fsl_secure_boot.h
board/freescale/common/p_corenet/tlb.c
board/freescale/corenet_ds/MAINTAINERS
configs/P3041DS_NAND_SECURE_BOOT_defconfig [new file with mode: 0644]
include/configs/corenet_ds.h

index 54ef2cd1a04c6f15f423cdb50ea7dc173cde68f6..a95d0e33866d2480768e8242724d20c0675d0a01 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -738,8 +738,12 @@ ALL-$(CONFIG_ONENAND_U_BOOT) += u-boot-onenand.bin
 ifeq ($(CONFIG_SPL_FSL_PBL),y)
 ALL-$(CONFIG_RAMBOOT_PBL) += u-boot-with-spl-pbl.bin
 else
+ifneq ($(CONFIG_SECURE_BOOT), y)
+# For Secure Boot The Image needs to be signed and Header must also
+# be included. So The image has to be built explicitly
 ALL-$(CONFIG_RAMBOOT_PBL) += u-boot.pbl
 endif
+endif
 ALL-$(CONFIG_SPL) += spl/u-boot-spl.bin
 ALL-$(CONFIG_SPL_FRAMEWORK) += u-boot.img
 ALL-$(CONFIG_TPL) += tpl/u-boot-tpl.bin
index e61d8e0fc2b3e3da10cfec92275ea4fb0da4907f..a70fb711c7bbbe579af1a148c4a43004e68cd710 100644 (file)
@@ -1052,6 +1052,17 @@ create_init_ram_area:
                CONFIG_SYS_MONITOR_BASE & 0xfff00000, MAS2_I|MAS2_G, \
                CONFIG_SYS_PBI_FLASH_WINDOW & 0xfff00000, MAS3_SX|MAS3_SW|MAS3_SR, \
                0, r6
+
+#elif defined(CONFIG_RAMBOOT_PBL) && defined(CONFIG_SECURE_BOOT)
+       /* create a temp mapping in AS = 1 for mapping CONFIG_SYS_MONITOR_BASE
+        * to L3 Address configured by PBL for ISBC code
+       */
+       create_tlb1_entry 15, \
+               1, BOOKE_PAGESZ_1M, \
+               CONFIG_SYS_MONITOR_BASE & 0xfff00000, MAS2_I|MAS2_G, \
+               CONFIG_SYS_INIT_L3_ADDR & 0xfff00000, MAS3_SX|MAS3_SW|MAS3_SR, \
+               0, r6
+
 #else
        /*
         * create a temp mapping in AS=1 to the 1M CONFIG_SYS_MONITOR_BASE space, the main
index 7810ae214737c8d8b5ed55387ce41829110ba8ed..442853c239154dfe535fbb39b166250e5bf91cae 100644 (file)
 #define CONFIG_SYS_INIT_L3_ADDR                        0xbff00000
 #endif
 
+#if defined(CONFIG_RAMBOOT_PBL)
+#undef CONFIG_SYS_INIT_L3_ADDR
+#define CONFIG_SYS_INIT_L3_ADDR                        0xbff00000
+#endif
+
 #if defined(CONFIG_C29XPCIE)
 #define CONFIG_KEY_REVOCATION
 #endif
index 8148e46efa6728cb9216a173bbc8f3a96c33dbfc..56e4f633483f054880332750e2ceb0198bcc8ae0 100644 (file)
@@ -43,6 +43,8 @@ struct fsl_e_tlb_entry tlb_table[] = {
        /* TLB 1 */
        /* *I*** - Covers boot page */
 #if defined(CONFIG_SYS_RAMBOOT) && defined(CONFIG_SYS_INIT_L3_ADDR)
+
+#if !defined(CONFIG_SECURE_BOOT)
        /*
         * *I*G - L3SRAM. When L3 is used as 1M SRAM, the address of the
         * SRAM is at 0xfff00000, it covered the 0xfffff000.
@@ -50,6 +52,19 @@ struct fsl_e_tlb_entry tlb_table[] = {
        SET_TLB_ENTRY(1, CONFIG_SYS_INIT_L3_ADDR, CONFIG_SYS_INIT_L3_ADDR,
                        MAS3_SX|MAS3_SW|MAS3_SR, MAS2_I|MAS2_G,
                        0, 0, BOOKE_PAGESZ_1M, 1),
+#else
+       /*
+        * *I*G - L3SRAM. When L3 is used as 1M SRAM, in case of Secure Boot
+        * the physical address of the SRAM is at CONFIG_SYS_INIT_L3_ADDR,
+        * and virtual address is CONFIG_SYS_MONITOR_BASE
+        */
+
+       SET_TLB_ENTRY(1, CONFIG_SYS_MONITOR_BASE & 0xfff00000,
+                       CONFIG_SYS_INIT_L3_ADDR & 0xfff00000,
+                       MAS3_SX|MAS3_SW|MAS3_SR, MAS2_I|MAS2_G,
+                       0, 0, BOOKE_PAGESZ_1M, 1),
+#endif
+
 #elif defined(CONFIG_SRIO_PCIE_BOOT_SLAVE)
        /*
         * SRIO_PCIE_BOOT-SLAVE. When slave boot, the address of the
index 745847cdbaa34802faffe39f64e2660db5ebd417..6855446ca82a03bbb77be9d3d57ef28a6cfac9fe 100644 (file)
@@ -28,3 +28,8 @@ F:    configs/P5040DS_NAND_defconfig
 F:     configs/P5040DS_SDCARD_defconfig
 F:     configs/P5040DS_SPIFLASH_defconfig
 F:     configs/P5040DS_SECURE_BOOT_defconfig
+
+CORENET_DS_SECURE_BOOT BOARD
+M:     Aneesh Bansal <aneesh.bansal@freescale.com>
+S:     Maintained
+F:     configs/P3041DS_NAND_SECURE_BOOT_defconfig
diff --git a/configs/P3041DS_NAND_SECURE_BOOT_defconfig b/configs/P3041DS_NAND_SECURE_BOOT_defconfig
new file mode 100644 (file)
index 0000000..2f18bc1
--- /dev/null
@@ -0,0 +1,5 @@
+CONFIG_SYS_EXTRA_OPTIONS="RAMBOOT_PBL,NAND,SECURE_BOOT,SYS_TEXT_BASE=0xFFF40000"
+CONFIG_PPC=y
+CONFIG_MPC85xx=y
+CONFIG_TARGET_P3041DS=y
+CONFIG_SPI_FLASH=y
index 88750e057e8fd0a4834f2fe1de10d52d2fd8996e..7c8b73d06c3d186f1868b4dfbc8ccf34b85d7215 100644 (file)
 #include "../board/freescale/common/ics307_clk.h"
 
 #ifdef CONFIG_RAMBOOT_PBL
+#ifdef CONFIG_SECURE_BOOT
+#define CONFIG_RAMBOOT_TEXT_BASE       CONFIG_SYS_TEXT_BASE
+#define CONFIG_RESET_VECTOR_ADDRESS    0xfffffffc
+#ifdef CONFIG_NAND
+#define CONFIG_RAMBOOT_NAND
+#endif
+#else
 #define CONFIG_RAMBOOT_TEXT_BASE       CONFIG_SYS_TEXT_BASE
 #define CONFIG_RESET_VECTOR_ADDRESS    0xfffffffc
 #define CONFIG_SYS_FSL_PBL_PBI board/freescale/corenet_ds/pbi.cfg
@@ -29,6 +36,7 @@
 #define CONFIG_SYS_FSL_PBL_RCW board/freescale/corenet_ds/rcw_p5040ds.cfg
 #endif
 #endif
+#endif
 
 #ifdef CONFIG_SRIO_PCIE_BOOT_SLAVE
 /* Set 1M boot space */