- Add SD secure boot target for ls1046ardb.
- Change the u-boot size defined by a macro for copying the main
U-Boot by SPL to also include the u-boot Secure Boot header size
as header is appended to u-boot image. So header will also be
copied from SD to DDR.
- CONFIG_MAX_SPL_SIZE is limited to 90KB. SPL is copied to OCRAM
(128K) where 32K are reserved for use by boot ROM and 6K for the
header.
- Reduce the size of CAAM driver for SPL Blobification functions
and descriptors, that are not required at the time of SPL are
disabled. Further error code conversion to strings is disabled
for SPL build.
Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
/* For SD boot address and size are assigned in terms of sector
* offset and no. of sectors respectively.
*/
-#if defined(CONFIG_LS1043A)
+#if defined(CONFIG_LS1043A) || defined(CONFIG_ARCH_LS1046A)
#define CONFIG_BS_HDR_ADDR_DEVICE 0x00000920
#else
#define CONFIG_BS_HDR_ADDR_DEVICE 0x00000900
F: configs/ls1046ardb_sdcard_defconfig
F: configs/ls1046ardb_emmc_defconfig
+LS1046A_SECURE_BOOT BOARD
+M: Ruchika Gupta <ruchika.gupta@nxp.com>
+S: Maintained
+F: configs/ls1046ardb_SECURE_BOOT_defconfig
+F: configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig
+
M: Sumit Garg <sumit.garg@nxp.com>
S: Maintained
F: configs/ls1046ardb_qspi_SECURE_BOOT_defconfig
--- /dev/null
+CONFIG_ARM=y
+CONFIG_TARGET_LS1046ARDB=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls1046a-rdb"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_SYS_EXTRA_OPTIONS="RAMBOOT_PBL,SPL_FSL_PBL"
+CONFIG_SECURE_BOOT=y
+CONFIG_SD_BOOT=y
+CONFIG_BOOTDELAY=10
+CONFIG_SPL=y
+CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
+CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x110
+CONFIG_HUSH_PARSER=y
+# CONFIG_CMD_IMLS is not set
+CONFIG_CMD_GPT=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_MII=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_CACHE=y
+CONFIG_CMD_EXT2=y
+CONFIG_CMD_FAT=y
+# CONFIG_SPL_EFI_PARTITION is not set
+CONFIG_OF_CONTROL=y
+CONFIG_DM=y
+CONFIG_SPL_DM=y
+CONFIG_SPI_FLASH=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_PCIE_LAYERSCAPE=y
+CONFIG_SYS_NS16550=y
+CONFIG_DM_SPI=y
+CONFIG_FSL_QSPI=y
+CONFIG_USB=y
+CONFIG_DM_USB=y
+CONFIG_RSA=y
+CONFIG_SPL_RSA=y
+CONFIG_SPL_CRYPTO_SUPPORT=y
+CONFIG_SPL_HASH_SUPPORT=y
append_store(desc, dma_addr_out, storelen,
LDST_CLASS_2_CCB | LDST_SRCDST_BYTE_CONTEXT);
}
-
+#ifndef CONFIG_SPL_BUILD
void inline_cnstr_jobdesc_blob_encap(uint32_t *desc, uint8_t *key_idnfr,
uint8_t *plain_txt, uint8_t *enc_blob,
uint32_t in_sz)
append_operation(desc, OP_TYPE_DECAP_PROTOCOL | OP_PCLID_BLOB);
}
-
+#endif
/*
* Descriptor to instantiate RNG State Handle 0 in normal mode and
* load the JDKEK, TDKEK and TDSK registers
{
struct result *x = arg;
x->status = status;
+#ifndef CONFIG_SPL_BUILD
caam_jr_strstatus(status);
+#endif
x->done = 1;
}
return 0;
}
-
+int sec_reset(void)
+{
+ return sec_reset_idx(0);
+}
+#ifndef CONFIG_SPL_BUILD
static int instantiate_rng(uint8_t sec_idx)
{
struct result op;
return ret;
}
-int sec_reset(void)
-{
- return sec_reset_idx(0);
-}
-
static u8 get_rng_vid(uint8_t sec_idx)
{
ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx);
return ret;
}
-
+#endif
int sec_init_idx(uint8_t sec_idx)
{
ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx);
pamu_enable();
#endif
-
+#ifndef CONFIG_SPL_BUILD
if (get_rng_vid(sec_idx) >= 4) {
if (rng_init(sec_idx) < 0) {
printf("SEC%u: RNG instantiation failed\n", sec_idx);
}
printf("SEC%u: RNG instantiated\n", sec_idx);
}
-
+#endif
return ret;
}
#define CONFIG_SYS_SPL_MALLOC_START (CONFIG_SPL_BSS_START_ADDR + \
CONFIG_SPL_BSS_MAX_SIZE)
#define CONFIG_SYS_SPL_MALLOC_SIZE 0x100000
-#define CONFIG_SYS_MONITOR_LEN 0xa0000
+
+#ifdef CONFIG_SECURE_BOOT
+#define CONFIG_U_BOOT_HDR_SIZE (16 << 10)
+/*
+ * HDR would be appended at end of image and copied to DDR along
+ * with U-Boot image. Here u-boot max. size is 512K. So if binary
+ * size increases then increase this size in case of secure boot as
+ * it uses raw u-boot image instead of fit image.
+ */
+#define CONFIG_SYS_MONITOR_LEN (0x100000 + CONFIG_U_BOOT_HDR_SIZE)
+#else
+#define CONFIG_SYS_MONITOR_LEN 0x100000
+#endif /* ifdef CONFIG_SECURE_BOOT */
#endif
/* NAND SPL */
#define CONFIG_SPL_NAND_SUPPORT
#define CONFIG_SPL_DRIVERS_MISC_SUPPORT
#define CONFIG_SPL_TEXT_BASE 0x10000000
-#define CONFIG_SPL_MAX_SIZE 0x1d000 /* 116 KiB */
+#define CONFIG_SPL_MAX_SIZE 0x17000 /* 90 KiB */
#define CONFIG_SPL_STACK 0x1001f000
#define CONFIG_SYS_NAND_U_BOOT_DST CONFIG_SYS_TEXT_BASE
#define CONFIG_SYS_NAND_U_BOOT_START CONFIG_SYS_TEXT_BASE
projects / u-boot / commitdiff