diff options
| author | Eric Sun <jian.sun@freescale.com> | 2012-07-13 15:27:10 +0800 |
|---|---|---|
| committer | Justin Waters <justin.waters@timesys.com> | 2012-09-12 11:05:52 -0400 |
| commit | 2d74e107dd5f7a520b83b8061223797b4c244dd0 (patch) | |
| tree | 1119747233ecb05416adf517bce26c64051b150d | |
| parent | 020ca8245b30204b200de3a925c010955363f6b7 (diff) | |
ENGR00217114-1 MX6 U-Boot, Secure Boot, one code base for MX6Q/DL/SL
Move the secure boot related implementation code from mx6q_arm2.c to
mx6/generic.c. In this way the HAB feature can be shared by all MX6
platforms
Signed-off-by: Eric Sun <jian.sun@freescale.com>
| -rw-r--r-- | board/freescale/mx6q_arm2/flash_header.S | 2 | ||||
| -rw-r--r-- | board/freescale/mx6q_arm2/mx6q_arm2.c | 170 | ||||
| -rw-r--r-- | board/freescale/mx6sl_arm2/flash_header.S | 8 | ||||
| -rw-r--r-- | board/freescale/mx6sl_arm2/mx6sl_arm2.c | 9 | ||||
| -rw-r--r-- | board/freescale/mx6sl_arm2/u-boot.lds | 7 | ||||
| -rw-r--r-- | cpu/arm_cortexa8/mx6/generic.c | 177 | ||||
| -rw-r--r-- | include/configs/mx6dl_arm2.h | 2 | ||||
| -rw-r--r-- | include/configs/mx6sl_arm2.h | 2 |
8 files changed, 206 insertions, 171 deletions
diff --git a/board/freescale/mx6q_arm2/flash_header.S b/board/freescale/mx6q_arm2/flash_header.S index b2e416784a..ee67d52dfc 100644 --- a/board/freescale/mx6q_arm2/flash_header.S +++ b/board/freescale/mx6q_arm2/flash_header.S @@ -52,7 +52,7 @@ self_ptr: .word ivt_header #ifdef CONFIG_SECURE_BOOT app_code_csf: .word __hab_data #else -app_code_csf: .word 0 +app_code_csf: .word 0x0 #endif reserv2: .word 0x0 diff --git a/board/freescale/mx6q_arm2/mx6q_arm2.c b/board/freescale/mx6q_arm2/mx6q_arm2.c index fa2b79c545..1e0c8a1d04 100644 --- a/board/freescale/mx6q_arm2/mx6q_arm2.c +++ b/board/freescale/mx6q_arm2/mx6q_arm2.c @@ -1196,176 +1196,6 @@ int board_late_init(void) return 0; } -#ifdef CONFIG_SECURE_BOOT -/* -------- start of HAB API updates ------------*/ -#define hab_rvt_report_event ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT) -#define hab_rvt_report_status ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS) -#define hab_rvt_authenticate_image \ - ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE) -#define hab_rvt_entry ((hab_rvt_entry_t *) HAB_RVT_ENTRY) -#define hab_rvt_exit ((hab_rvt_exit_t *) HAB_RVT_EXIT) -#define hab_rvt_clock_init HAB_RVT_CLOCK_INIT - -/* - * +------------+ 0x0 (0x10800000) - - * | Header | | - * +------------+ 0x40 | - * | | | - * | | | - * | | | - * | | | - * | Image Data | | - * . | | - * . | > Stuff to be authenticated ------+ - * . | | | - * | | | | - * | | | | - * +------------+ | | - * | | | | - * | Fill Data | | | - * | | | | - * +------------+ 0x003F_DFE0 | | - * | IVT | | | - * +------------+ 0x003F_E000 - | - * | | | - * | CSF DATA | <--------------------------------------------------------+ - * | | - * +------------+ - * | | - * | Fill Data | - * | | - * +------------+ 0x0040_0000 - */ - -#define DDR_UIMAGE_START 0x10800000 -#define DDR_UIMAGE_LENGTH 0x400000 -#define DDR_IVT_OFFSET 0x3FDFE0 -#define DDR_UIMAGE_IVT_START (DDR_UIMAGE_START + DDR_IVT_OFFSET) - -#define OCOTP_CFG5_OFFSET 0x460 - -int check_hab_enable(void) -{ - u32 reg = 0; - int result = 0; - - reg = readl(IMX_OTP_BASE + OCOTP_CFG5_OFFSET); - if ((reg & 0x2) == 0x2) - result = 1; - - return result; -} - -void display_event(uint8_t *event_data, size_t bytes) -{ - uint32_t i; - if ((event_data) && (bytes > 0)) { - for (i = 0; i < bytes; i++) { - if (i == 0) - printf("\t0x%02x", event_data[i]); - else if ((i % 8) == 0) - printf("\n\t0x%02x", event_data[i]); - else - printf(" 0x%02x", event_data[i]); - } - } -} - -int get_hab_status(void) -{ - uint32_t index = 0; /* Loop index */ - uint8_t event_data[128]; /* Event data buffer */ - size_t bytes = sizeof(event_data); /* Event size in bytes */ - hab_config_t config = 0; - hab_state_t state = 0; - - /* Check HAB status */ - if (hab_rvt_report_status(&config, &state) != HAB_SUCCESS) { - printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n", - config, state); - - /* Display HAB Error events */ - while (hab_rvt_report_event(HAB_FAILURE, index, event_data, - &bytes) == HAB_SUCCESS) { - printf("\n"); - printf("--------- HAB Event %d -----------------\n", - index + 1); - printf("event data:\n"); - display_event(event_data, bytes); - printf("\n"); - bytes = sizeof(event_data); - index++; - } - } - /* Display message if no HAB events are found */ - else { - printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n", - config, state); - printf("No HAB Events Found!\n\n"); - } - return 0; -} - -void hab_caam_clock_enable(void) -{ - u32 reg = 0; - - reg = readl(CCM_BASE_ADDR + CLKCTL_CCGR0); /* CCGR0 */ - reg |= 0x3F00; /*CG4 ~ CG6, enable CAAM clocks*/ - writel(reg, CCM_BASE_ADDR + CLKCTL_CCGR0); -} - - -void hab_caam_clock_disable(void) -{ - u32 reg = 0; - - reg = readl(CCM_BASE_ADDR + CLKCTL_CCGR0); /* CCGR0 */ - reg &= ~0x3F00; /*CG4 ~ CG6, disable CAAM clocks*/ - writel(reg, CCM_BASE_ADDR + CLKCTL_CCGR0); -} - -uint32_t authenticate_image(ulong start) -{ - uint32_t load_addr = 0; - size_t bytes; - ptrdiff_t ivt_offset = DDR_IVT_OFFSET; - int result = 0; - - if (check_hab_enable() == 1) { - printf("\nAuthenticate uImage from DDR location 0x%lx...\n", - start); - - hab_caam_clock_enable(); - - if (hab_rvt_entry() == HAB_SUCCESS) { - start = DDR_UIMAGE_START; - bytes = DDR_UIMAGE_LENGTH; - load_addr = (uint32_t)hab_rvt_authenticate_image( - HAB_CID_UBOOT, - ivt_offset, (void **)&start, - (size_t *)&bytes, NULL); - if (hab_rvt_exit() != HAB_SUCCESS) { - printf("hab exit function fail\n"); - load_addr = 0; - } - } else - printf("hab entry function fail\n"); - - hab_caam_clock_disable(); - - get_hab_status(); - } - - if ((!check_hab_enable()) || (load_addr != 0)) - result = 1; - - return result; -} -/* ----------- end of HAB API updates ------------*/ -#endif - - #ifdef CONFIG_MXC_FEC static int phy_read(char *devname, unsigned char addr, unsigned char reg, unsigned short *pdata) diff --git a/board/freescale/mx6sl_arm2/flash_header.S b/board/freescale/mx6sl_arm2/flash_header.S index 6519511e0b..9421700d07 100644 --- a/board/freescale/mx6sl_arm2/flash_header.S +++ b/board/freescale/mx6sl_arm2/flash_header.S @@ -49,11 +49,19 @@ reserv1: .word 0x0 dcd_ptr: .word dcd_hdr boot_data_ptr: .word boot_data self_ptr: .word ivt_header +#ifdef CONFIG_SECURE_BOOT +app_code_csf: .word __hab_data +#else app_code_csf: .word 0x0 +#endif reserv2: .word 0x0 boot_data: .word TEXT_BASE +#ifdef CONFIG_SECURE_BOOT +image_len: .word __hab_data_end - TEXT_BASE +#else image_len: .word _end_of_copy - TEXT_BASE + CONFIG_FLASH_HEADER_OFFSET +#endif plugin: .word 0x0 /* !!!! Need update Len field after adding ddr script !!!!!!!!!!!!!!!!!*/ diff --git a/board/freescale/mx6sl_arm2/mx6sl_arm2.c b/board/freescale/mx6sl_arm2/mx6sl_arm2.c index 13428cb590..5ccca457fc 100644 --- a/board/freescale/mx6sl_arm2/mx6sl_arm2.c +++ b/board/freescale/mx6sl_arm2/mx6sl_arm2.c @@ -25,6 +25,9 @@ #include <asm/arch/mx6.h> #include <asm/arch/mx6_pins.h> #include <asm/arch/mx6sl_pins.h> +#if defined(CONFIG_SECURE_BOOT) +#include <asm/arch/mx6_secure.h> +#endif #include <asm/arch/iomux-v3.h> #include <asm/arch/regs-anadig.h> #include <asm/errno.h> @@ -1080,6 +1083,12 @@ int checkboard(void) printf("UNKNOWN\n"); break; } + +#ifdef CONFIG_SECURE_BOOT + if (check_hab_enable() == 1) + get_hab_status(); +#endif + return 0; } diff --git a/board/freescale/mx6sl_arm2/u-boot.lds b/board/freescale/mx6sl_arm2/u-boot.lds index ae64f121d5..0bd13f6165 100644 --- a/board/freescale/mx6sl_arm2/u-boot.lds +++ b/board/freescale/mx6sl_arm2/u-boot.lds @@ -66,6 +66,13 @@ SECTIONS .u_boot_cmd : { *(.u_boot_cmd) } __u_boot_cmd_end = .; + /* Original Size is 0x27..., enlarge to 0x2F000 */ + . = TEXT_BASE + 0x2F000; + __hab_data = .; + . = . + 0x2000; + __hab_data_end = .; + /* End of Hab Data, Place it before BSS section */ + . = ALIGN(4); _end_of_copy = .; /* end_of ROM copy code here */ __bss_start = .; diff --git a/cpu/arm_cortexa8/mx6/generic.c b/cpu/arm_cortexa8/mx6/generic.c index a762498d4c..c84459402b 100644 --- a/cpu/arm_cortexa8/mx6/generic.c +++ b/cpu/arm_cortexa8/mx6/generic.c @@ -47,6 +47,10 @@ #include <usb/regs-usbphy-mx6.h> +#if defined(CONFIG_SECURE_BOOT) +#include <asm/arch/mx6_secure.h> +#endif + enum pll_clocks { CPU_PLL1, /* System PLL */ BUS_PLL2, /* System Bus PLL*/ @@ -1208,6 +1212,179 @@ U_BOOT_CMD( ""); #endif +#ifdef CONFIG_SECURE_BOOT +/* -------- start of HAB API updates ------------*/ +#define hab_rvt_report_event ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT) +#define hab_rvt_report_status ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS) +#define hab_rvt_authenticate_image \ + ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE) +#define hab_rvt_entry ((hab_rvt_entry_t *) HAB_RVT_ENTRY) +#define hab_rvt_exit ((hab_rvt_exit_t *) HAB_RVT_EXIT) +#define hab_rvt_clock_init HAB_RVT_CLOCK_INIT + +/* + * +------------+ 0x0 (DDR_UIMAGE_START) - + * | Header | | + * +------------+ 0x40 | + * | | | + * | | | + * | | | + * | | | + * | Image Data | | + * . | | + * . | > Stuff to be authenticated ----+ + * . | | | + * | | | | + * | | | | + * +------------+ | | + * | | | | + * | Fill Data | | | + * | | | | + * +------------+ 0x003F_DFE0 | | + * | IVT | | | + * +------------+ 0x003F_E000 - | + * | | | + * | CSF DATA | <---------------------------------------------------------+ + * | | + * +------------+ + * | | + * | Fill Data | + * | | + * +------------+ 0x0040_0000 + */ + +#ifndef CONFIG_MX6SL +#define DDR_UIMAGE_START 0x10800000 +#else +#define DDR_UIMAGE_START 0x80800000 +#endif + +#define DDR_UIMAGE_LENGTH 0x400000 +#define DDR_IVT_OFFSET 0x3FDFE0 +#define OCOTP_CFG5_OFFSET 0x460 + +int check_hab_enable(void) +{ + u32 reg = 0; + int result = 0; + + reg = readl(IMX_OTP_BASE + OCOTP_CFG5_OFFSET); + if ((reg & 0x2) == 0x2) + result = 1; + + return result; +} + +void display_event(uint8_t *event_data, size_t bytes) +{ + uint32_t i; + if ((event_data) && (bytes > 0)) { + for (i = 0; i < bytes; i++) { + if (i == 0) + printf("\t0x%02x", event_data[i]); + else if ((i % 8) == 0) + printf("\n\t0x%02x", event_data[i]); + else + printf(" 0x%02x", event_data[i]); + } + } +} + +int get_hab_status(void) +{ + uint32_t index = 0; /* Loop index */ + uint8_t event_data[128]; /* Event data buffer */ + size_t bytes = sizeof(event_data); /* Event size in bytes */ + hab_config_t config = 0; + hab_state_t state = 0; + + /* Check HAB status */ + if (hab_rvt_report_status(&config, &state) != HAB_SUCCESS) { + printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n", + config, state); + + /* Display HAB Error events */ + while (hab_rvt_report_event(HAB_FAILURE, index, event_data, + &bytes) == HAB_SUCCESS) { + printf("\n"); + printf("--------- HAB Event %d -----------------\n", + index + 1); + printf("event data:\n"); + display_event(event_data, bytes); + printf("\n"); + bytes = sizeof(event_data); + index++; + } + } + /* Display message if no HAB events are found */ + else { + printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n", + config, state); + printf("No HAB Events Found!\n\n"); + } + return 0; +} + +void hab_caam_clock_enable(void) +{ + u32 reg = 0; + + reg = readl(CCM_BASE_ADDR + CLKCTL_CCGR0); /* CCGR0 */ + reg |= 0x3F00; /*CG4 ~ CG6, enable CAAM clocks*/ + writel(reg, CCM_BASE_ADDR + CLKCTL_CCGR0); +} + + +void hab_caam_clock_disable(void) +{ + u32 reg = 0; + + reg = readl(CCM_BASE_ADDR + CLKCTL_CCGR0); /* CCGR0 */ + reg &= ~0x3F00; /*CG4 ~ CG6, disable CAAM clocks*/ + writel(reg, CCM_BASE_ADDR + CLKCTL_CCGR0); +} + +uint32_t authenticate_image(void) +{ + uint32_t load_addr = 0; + size_t bytes; + ptrdiff_t ivt_offset = DDR_IVT_OFFSET; + int result = 0; + ulong start; + + if (check_hab_enable() == 1) { + printf("\nAuthenticate uImage from DDR location 0x%lx...\n", + DDR_UIMAGE_START); + + hab_caam_clock_enable(); + + if (hab_rvt_entry() == HAB_SUCCESS) { + start = DDR_UIMAGE_START; + bytes = DDR_UIMAGE_LENGTH; + load_addr = (uint32_t)hab_rvt_authenticate_image( + HAB_CID_UBOOT, + ivt_offset, (void **)&start, + (size_t *)&bytes, NULL); + if (hab_rvt_exit() != HAB_SUCCESS) { + printf("hab exit function fail\n"); + load_addr = 0; + } + } else + printf("hab entry function fail\n"); + + hab_caam_clock_disable(); + + get_hab_status(); + } + + if ((!check_hab_enable()) || (load_addr != 0)) + result = 1; + + return result; +} +/* ----------- end of HAB API updates ------------*/ +#endif + #ifdef CONFIG_ANDROID_RECOVERY struct reco_envs supported_reco_envs[BOOT_DEV_NUM] = { diff --git a/include/configs/mx6dl_arm2.h b/include/configs/mx6dl_arm2.h index 15abcabf6c..9b10aaab1f 100644 --- a/include/configs/mx6dl_arm2.h +++ b/include/configs/mx6dl_arm2.h @@ -35,6 +35,8 @@ #define CONFIG_FLASH_HEADER_OFFSET 0x400 #define CONFIG_MX6_CLK32 32768 +#define CONFIG_SECURE_BOOT + #define CONFIG_SKIP_RELOCATE_UBOOT #define CONFIG_ARCH_CPU_INIT diff --git a/include/configs/mx6sl_arm2.h b/include/configs/mx6sl_arm2.h index a7117c42f2..ae23783c44 100644 --- a/include/configs/mx6sl_arm2.h +++ b/include/configs/mx6sl_arm2.h @@ -31,6 +31,8 @@ #define CONFIG_FLASH_HEADER_OFFSET 0x400 #define CONFIG_MX6_CLK32 32768 +#define CONFIG_SECURE_BOOT + #include <asm/arch/mx6.h> #define CONFIG_SKIP_RELOCATE_UBOOT |