SECURE_BOOT : enable esbc_validate command for powerpc and arm platforms.

esbc_validate command uses various IP Blocks: Security Monitor, CAAM block and SFP registers. Hence the respective CONFIG's are enabled. Apart from these CONFIG_SHA_PROG_HW_ACCEL and CONFIG_RSA are also enabled. Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-02-27 09:46:17 +05:30 · 2015-02-27 09:46:17 +05:30 · e04916a721
commit e04916a721
parent 47151e4bcc
5 changed files with 67 additions and 1 deletions
--- a/arch/arm/include/asm/arch-ls102xa/config.h
+++ b/arch/arm/include/asm/arch-ls102xa/config.h
@ -27,6 +27,8 @@
 #define CONFIG_SYS_FSL_SCFG_ADDR		(CONFIG_SYS_IMMR + 0x00570000)
 #define CONFIG_SYS_FSL_SEC_ADDR			(CONFIG_SYS_IMMR + 0x700000)
 #define CONFIG_SYS_FSL_JR0_ADDR			(CONFIG_SYS_IMMR + 0x710000)
+#define CONFIG_SYS_SEC_MON_ADDR			(CONFIG_SYS_IMMR + 0x00e90000)
+#define CONFIG_SYS_SFP_ADDR			(CONFIG_SYS_IMMR + 0x00e80200)
 #define CONFIG_SYS_FSL_SERDES_ADDR		(CONFIG_SYS_IMMR + 0x00ea0000)
 #define CONFIG_SYS_FSL_GUTS_ADDR		(CONFIG_SYS_IMMR + 0x00ee0000)
 #define CONFIG_SYS_FSL_LS1_CLK_ADDR		(CONFIG_SYS_IMMR + 0x00ee1000)
@ -95,7 +97,25 @@
 #define CONFIG_SYS_FSL_DSPI_BE
 #define CONFIG_SYS_FSL_QSPI_BE
 #define CONFIG_SYS_FSL_DCU_BE
+#define CONFIG_SYS_FSL_SEC_MON_LE
 #define CONFIG_SYS_FSL_SEC_LE
+#define CONFIG_SYS_FSL_SFP_VER_3_2
+#define CONFIG_SYS_FSL_SFP_BE
+#define CONFIG_SYS_FSL_SRK_LE
+#define CONFIG_KEY_REVOCATION
+#define CONFIG_FSL_ISBC_KEY_EXT
+
+#ifdef CONFIG_SECURE_BOOT
+#define CONFIG_CMD_ESBC_VALIDATE
+#define CONFIG_FSL_SEC_MON
+#define CONFIG_SHA_PROG_HW_ACCEL
+#define CONFIG_DM
+#define CONFIG_RSA
+#define CONFIG_RSA_FREESCALE_EXP
+#ifndef CONFIG_FSL_CAAM
+#define CONFIG_FSL_CAAM
+#endif
+#endif

 #define DCU_LAYER_MAX_NUM			16

--- a/arch/powerpc/include/asm/config_mpc85xx.h
+++ b/arch/powerpc/include/asm/config_mpc85xx.h
@ -26,6 +26,7 @@
 #define CONFIG_SYS_FSL_IFC_BE
 #define CONFIG_SYS_FSL_SEC_BE
 #define CONFIG_SYS_FSL_SFP_BE
+#define CONFIG_SYS_FSL_SEC_MON_BE

 /* Number of TLB CAM entries we have on FSL Book-E chips */
 #if defined(CONFIG_E500MC)
--- a/arch/powerpc/include/asm/fsl_secure_boot.h
+++ b/arch/powerpc/include/asm/fsl_secure_boot.h
@ -6,6 +6,19 @@

 #ifndef __FSL_SECURE_BOOT_H
 #define __FSL_SECURE_BOOT_H
+#include <asm/config_mpc85xx.h>
+
+#ifdef CONFIG_SECURE_BOOT
+#define CONFIG_CMD_ESBC_VALIDATE
+#define CONFIG_FSL_SEC_MON
+#define CONFIG_SHA_PROG_HW_ACCEL
+#define CONFIG_DM
+#define CONFIG_RSA
+#define CONFIG_RSA_FREESCALE_EXP
+#ifndef CONFIG_FSL_CAAM
+#define CONFIG_FSL_CAAM
+#endif
+#endif

 #ifdef CONFIG_SECURE_BOOT
 #if defined(CONFIG_FSL_CORENET)
@ -28,9 +41,31 @@
 	defined(CONFIG_PPC_T1023) || \
 	defined(CONFIG_PPC_T1024)
 #define CONFIG_SYS_CPC_REINIT_F
+#define CONFIG_KEY_REVOCATION
 #undef CONFIG_SYS_INIT_L3_ADDR
 #define CONFIG_SYS_INIT_L3_ADDR			0xbff00000
 #endif

+#if defined(CONFIG_C29XPCIE)
+#define CONFIG_KEY_REVOCATION
+#endif
+
+#if defined(CONFIG_PPC_P3041)	||	\
+	defined(CONFIG_PPC_P4080) ||	\
+	defined(CONFIG_PPC_P5020) ||	\
+	defined(CONFIG_PPC_P5040) ||	\
+	defined(CONFIG_PPC_P2041)
+	#define	CONFIG_FSL_TRUST_ARCH_v1
+#endif
+
+#if defined(CONFIG_FSL_CORENET)
+/* The key used for verification of next level images
+ * is picked up from an Extension Table which has
+ * been verified by the ISBC (Internal Secure boot Code)
+ * in boot ROM of the SoC
+ */
+#define CONFIG_FSL_ISBC_KEY_EXT
+#endif
+
 #endif
 #endif
--- a/arch/powerpc/include/asm/immap_85xx.h
+++ b/arch/powerpc/include/asm/immap_85xx.h
@ -2883,6 +2883,7 @@ struct ccsr_pman {
 #define CONFIG_SYS_MPC85xx_SATA2_OFFSET		0x221000
 #define CONFIG_SYS_FSL_SEC_OFFSET		0x300000
 #define CONFIG_SYS_FSL_JR0_OFFSET		0x301000
+#define CONFIG_SYS_SEC_MON_OFFSET		0x314000
 #define CONFIG_SYS_FSL_CORENET_PME_OFFSET	0x316000
 #define CONFIG_SYS_FSL_QMAN_OFFSET		0x318000
 #define CONFIG_SYS_FSL_BMAN_OFFSET		0x31a000
@ -2950,7 +2951,7 @@ struct ccsr_pman {
 #endif
 #define CONFIG_SYS_MPC85xx_SERDES2_OFFSET	0xE3100
 #define CONFIG_SYS_MPC85xx_SERDES1_OFFSET	0xE3000
-#define CONFIG_SYS_SNVS_OFFSET			0xE6000
+#define CONFIG_SYS_SEC_MON_OFFSET		0xE6000
 #define CONFIG_SYS_SFP_OFFSET			0xE7000
 #define CONFIG_SYS_MPC85xx_CPM_OFFSET		0x80000
 #define CONFIG_SYS_FSL_QMAN_OFFSET		0x88000
@ -3080,6 +3081,9 @@ struct ccsr_pman {
 #define CONFIG_SYS_SFP_ADDR  \
 	(CONFIG_SYS_IMMR + CONFIG_SYS_SFP_OFFSET)

+#define CONFIG_SYS_SEC_MON_ADDR  \
+	(CONFIG_SYS_IMMR + CONFIG_SYS_SEC_MON_OFFSET)
+
 #define TSEC_BASE_ADDR		(CONFIG_SYS_IMMR + CONFIG_SYS_TSEC1_OFFSET)
 #define MDIO_BASE_ADDR		(CONFIG_SYS_IMMR + CONFIG_SYS_MDIO1_OFFSET)

--- a/board/freescale/common/Makefile
+++ b/board/freescale/common/Makefile
@ -72,4 +72,10 @@ obj-$(CONFIG_P5020DS)	+= p_corenet/
 obj-$(CONFIG_P5040DS)	+= p_corenet/

 obj-$(CONFIG_LS102XA_NS_ACCESS)	+= ns_access.o
+
+ifdef CONFIG_SECURE_BOOT
+obj-y += fsl_validate.o
+obj-$(CONFIG_CMD_ESBC_VALIDATE) += cmd_esbc_validate.o
+endif
+
 endif