|
|
|
/*
|
|
|
|
* Copyright 2015 Freescale Semiconductor, Inc.
|
|
|
|
*
|
|
|
|
* SPDX-License-Identifier: GPL-2.0+
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef __FSL_SECURE_BOOT_H
|
|
|
|
#define __FSL_SECURE_BOOT_H
|
|
|
|
|
|
|
|
#ifdef CONFIG_SECURE_BOOT
|
secure_boot: split the secure boot functionality in two parts
There are two phases in Secure Boot
1. ISBC: In BootROM, validate the BootLoader (U-Boot).
2. ESBC: In U-Boot, continuing the Chain of Trust by
validating and booting LINUX.
For ESBC phase, there is no difference in SoC's based on ARM or
PowerPC cores.
But the exit conditions after ISBC phase i.e. entry conditions for
U-Boot are different for ARM and PowerPC.
PowerPC:
If Secure Boot is executed, a separate U-Boot target is required
which must be compiled with a diffrent Text Base as compared to
Non-Secure Boot. There are some LAW and TLB settings which are
required specifically for Secure Boot scenario.
ARM:
ARM based SoC's have a fixed memory map and exit conditions from
BootROM are same irrespective of boot mode (Secure or Non-Secure).
Thus the current Secure Boot functionlity has been split into
two parts:
CONFIG_CHAIN_OF_TRUST
This will have the following functionality as part of U-Boot:
1. Enable commands like esbc_validate, esbc_halt
2. Change the environment settings based on bootmode, determined
at run time:
- If bootmode is non-secure, no change
- If bootmode is secure, set the following:
- bootdelay = 0 (Don't give boot prompt)
- bootcmd = Validate and execute the bootscript.
CONFIG_SECURE_BOOT
This is defined only for creating a different compile time target
for secure boot.
Traditionally, both these functionalities were defined under
CONFIG_SECURE_BOOT. This patch is aimed at removing the requirement
for a separate Secure Boot target for ARM based SoC's.
CONFIG_CHAIN_OF_TRUST will be defined and boot mode will be
determine at run time.
Another Security Requirement for running CHAIN_OF_TRUST is that
U-Boot environemnt must not be picked from flash/external memory.
This cannot be done based on bootmode at run time in current U-Boot
architecture. Once this dependency is resolved, no separate
SECURE_BOOT target will be required for ARM based SoC's.
Currently, the only code under CONFIG_SECURE_BOOT for ARM SoC's is
defining CONFIG_ENV_IS_NOWHERE
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
9 years ago
|
|
|
|
|
|
|
#ifndef CONFIG_FIT_SIGNATURE
|
|
|
|
#define CONFIG_CHAIN_OF_TRUST
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef CONFIG_CHAIN_OF_TRUST
|
|
|
|
#define CONFIG_CMD_ESBC_VALIDATE
|
|
|
|
#define CONFIG_FSL_SEC_MON
|
|
|
|
#define CONFIG_SHA_HW_ACCEL
|
|
|
|
#define CONFIG_SHA_PROG_HW_ACCEL
|
|
|
|
#define CONFIG_RSA_FREESCALE_EXP
|
|
|
|
|
|
|
|
#ifndef CONFIG_FSL_CAAM
|
|
|
|
#define CONFIG_FSL_CAAM
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#define CONFIG_SPL_BOARD_INIT
|
|
|
|
#ifdef CONFIG_SPL_BUILD
|
|
|
|
/*
|
|
|
|
* Define the key hash for U-Boot here if public/private key pair used to
|
|
|
|
* sign U-boot are different from the SRK hash put in the fuse
|
|
|
|
* Example of defining KEY_HASH is
|
|
|
|
* #define CONFIG_SPL_UBOOT_KEY_HASH \
|
|
|
|
* "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
|
|
|
|
* else leave it defined as NULL
|
|
|
|
*/
|
|
|
|
|
|
|
|
#define CONFIG_SPL_UBOOT_KEY_HASH NULL
|
|
|
|
#endif /* ifdef CONFIG_SPL_BUILD */
|
|
|
|
|
|
|
|
#ifndef CONFIG_SPL_BUILD
|
|
|
|
#define CONFIG_CMD_BLOB
|
|
|
|
#define CONFIG_CMD_HASH
|
|
|
|
#define CONFIG_KEY_REVOCATION
|
|
|
|
#ifndef CONFIG_SYS_RAMBOOT
|
|
|
|
/* The key used for verification of next level images
|
|
|
|
* is picked up from an Extension Table which has
|
|
|
|
* been verified by the ISBC (Internal Secure boot Code)
|
|
|
|
* in boot ROM of the SoC.
|
|
|
|
* The feature is only applicable in case of NOR boot and is
|
|
|
|
* not applicable in case of RAMBOOT (NAND, SD, SPI).
|
|
|
|
*/
|
|
|
|
#ifndef CONFIG_ESBC_HDR_LS
|
|
|
|
/* Current Key EXT feature not available in LS ESBC Header */
|
|
|
|
#define CONFIG_FSL_ISBC_KEY_EXT
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A)
|
|
|
|
/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit
|
|
|
|
* Similiarly for LS2080
|
|
|
|
*/
|
|
|
|
#define CONFIG_ESBC_ADDR_64BIT
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef CONFIG_LS2080A
|
|
|
|
#define CONFIG_EXTRA_ENV \
|
|
|
|
"setenv fdt_high 0xa0000000;" \
|
|
|
|
"setenv initrd_high 0xcfffffff;" \
|
|
|
|
"setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';"
|
|
|
|
#else
|
|
|
|
#define CONFIG_EXTRA_ENV \
|
|
|
|
"setenv fdt_high 0xffffffff;" \
|
|
|
|
"setenv initrd_high 0xffffffff;" \
|
|
|
|
"setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/* Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from
|
|
|
|
* Non-XIP Memory (Nand/SD)*/
|
|
|
|
#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_LS2080A) || \
|
|
|
|
defined(CONFIG_SD_BOOT)
|
|
|
|
#define CONFIG_BOOTSCRIPT_COPY_RAM
|
|
|
|
#endif
|
|
|
|
/* The address needs to be modified according to NOR, NAND, SD and
|
|
|
|
* DDR memory map
|
|
|
|
*/
|
|
|
|
#ifdef CONFIG_LS2080A
|
|
|
|
#define CONFIG_BS_HDR_ADDR_DEVICE 0x583920000
|
|
|
|
#define CONFIG_BS_ADDR_DEVICE 0x583900000
|
|
|
|
#define CONFIG_BS_HDR_ADDR_RAM 0xa3920000
|
|
|
|
#define CONFIG_BS_ADDR_RAM 0xa3900000
|
|
|
|
#define CONFIG_BS_HDR_SIZE 0x00002000
|
|
|
|
#define CONFIG_BS_SIZE 0x00001000
|
|
|
|
#else
|
|
|
|
#ifdef CONFIG_SD_BOOT
|
|
|
|
/* For SD boot address and size are assigned in terms of sector
|
|
|
|
* offset and no. of sectors respectively.
|
|
|
|
*/
|
|
|
|
#define CONFIG_BS_HDR_ADDR_DEVICE 0x00000800
|
|
|
|
#define CONFIG_BS_ADDR_DEVICE 0x00000840
|
|
|
|
#define CONFIG_BS_HDR_SIZE 0x00000010
|
|
|
|
#define CONFIG_BS_SIZE 0x00000008
|
|
|
|
#else
|
|
|
|
#define CONFIG_BS_HDR_ADDR_DEVICE 0x600a0000
|
|
|
|
#define CONFIG_BS_ADDR_DEVICE 0x60060000
|
|
|
|
#define CONFIG_BS_HDR_SIZE 0x00002000
|
|
|
|
#define CONFIG_BS_SIZE 0x00001000
|
|
|
|
#endif /* #ifdef CONFIG_SD_BOOT */
|
|
|
|
#define CONFIG_BS_HDR_ADDR_RAM 0x81000000
|
|
|
|
#define CONFIG_BS_ADDR_RAM 0x81020000
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
|
|
|
|
#define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_RAM
|
|
|
|
#define CONFIG_BOOTSCRIPT_ADDR CONFIG_BS_ADDR_RAM
|
|
|
|
#else
|
|
|
|
#define CONFIG_BOOTSCRIPT_HDR_ADDR CONFIG_BS_HDR_ADDR_DEVICE
|
|
|
|
/* BOOTSCRIPT_ADDR is not required */
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef CONFIG_FSL_LS_PPA
|
|
|
|
#ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP
|
|
|
|
#ifdef CONFIG_LS1043A
|
|
|
|
#define CONFIG_SYS_LS_PPA_ESBC_ADDR 0x600c0000
|
|
|
|
#endif
|
|
|
|
#else
|
|
|
|
#error "No CONFIG_SYS_LS_PPA_FW_IN_xxx defined"
|
|
|
|
#endif /* ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP */
|
|
|
|
|
|
|
|
/* Define the key hash here if SRK used for signing PPA image is
|
|
|
|
* different from SRK hash put in SFP used for U-Boot.
|
|
|
|
* Example
|
|
|
|
* #define CONFIG_PPA_KEY_HASH \
|
|
|
|
* "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
|
|
|
|
*/
|
|
|
|
#define CONFIG_PPA_KEY_HASH NULL
|
|
|
|
#endif /* ifdef CONFIG_FSL_LS_PPA */
|
|
|
|
|
secure_boot: split the secure boot functionality in two parts
There are two phases in Secure Boot
1. ISBC: In BootROM, validate the BootLoader (U-Boot).
2. ESBC: In U-Boot, continuing the Chain of Trust by
validating and booting LINUX.
For ESBC phase, there is no difference in SoC's based on ARM or
PowerPC cores.
But the exit conditions after ISBC phase i.e. entry conditions for
U-Boot are different for ARM and PowerPC.
PowerPC:
If Secure Boot is executed, a separate U-Boot target is required
which must be compiled with a diffrent Text Base as compared to
Non-Secure Boot. There are some LAW and TLB settings which are
required specifically for Secure Boot scenario.
ARM:
ARM based SoC's have a fixed memory map and exit conditions from
BootROM are same irrespective of boot mode (Secure or Non-Secure).
Thus the current Secure Boot functionlity has been split into
two parts:
CONFIG_CHAIN_OF_TRUST
This will have the following functionality as part of U-Boot:
1. Enable commands like esbc_validate, esbc_halt
2. Change the environment settings based on bootmode, determined
at run time:
- If bootmode is non-secure, no change
- If bootmode is secure, set the following:
- bootdelay = 0 (Don't give boot prompt)
- bootcmd = Validate and execute the bootscript.
CONFIG_SECURE_BOOT
This is defined only for creating a different compile time target
for secure boot.
Traditionally, both these functionalities were defined under
CONFIG_SECURE_BOOT. This patch is aimed at removing the requirement
for a separate Secure Boot target for ARM based SoC's.
CONFIG_CHAIN_OF_TRUST will be defined and boot mode will be
determine at run time.
Another Security Requirement for running CHAIN_OF_TRUST is that
U-Boot environemnt must not be picked from flash/external memory.
This cannot be done based on bootmode at run time in current U-Boot
architecture. Once this dependency is resolved, no separate
SECURE_BOOT target will be required for ARM based SoC's.
Currently, the only code under CONFIG_SECURE_BOOT for ARM SoC's is
defining CONFIG_ENV_IS_NOWHERE
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
9 years ago
|
|
|
#include <config_fsl_chain_trust.h>
|
|
|
|
#endif /* #ifndef CONFIG_SPL_BUILD */
|
secure_boot: split the secure boot functionality in two parts
There are two phases in Secure Boot
1. ISBC: In BootROM, validate the BootLoader (U-Boot).
2. ESBC: In U-Boot, continuing the Chain of Trust by
validating and booting LINUX.
For ESBC phase, there is no difference in SoC's based on ARM or
PowerPC cores.
But the exit conditions after ISBC phase i.e. entry conditions for
U-Boot are different for ARM and PowerPC.
PowerPC:
If Secure Boot is executed, a separate U-Boot target is required
which must be compiled with a diffrent Text Base as compared to
Non-Secure Boot. There are some LAW and TLB settings which are
required specifically for Secure Boot scenario.
ARM:
ARM based SoC's have a fixed memory map and exit conditions from
BootROM are same irrespective of boot mode (Secure or Non-Secure).
Thus the current Secure Boot functionlity has been split into
two parts:
CONFIG_CHAIN_OF_TRUST
This will have the following functionality as part of U-Boot:
1. Enable commands like esbc_validate, esbc_halt
2. Change the environment settings based on bootmode, determined
at run time:
- If bootmode is non-secure, no change
- If bootmode is secure, set the following:
- bootdelay = 0 (Don't give boot prompt)
- bootcmd = Validate and execute the bootscript.
CONFIG_SECURE_BOOT
This is defined only for creating a different compile time target
for secure boot.
Traditionally, both these functionalities were defined under
CONFIG_SECURE_BOOT. This patch is aimed at removing the requirement
for a separate Secure Boot target for ARM based SoC's.
CONFIG_CHAIN_OF_TRUST will be defined and boot mode will be
determine at run time.
Another Security Requirement for running CHAIN_OF_TRUST is that
U-Boot environemnt must not be picked from flash/external memory.
This cannot be done based on bootmode at run time in current U-Boot
architecture. Once this dependency is resolved, no separate
SECURE_BOOT target will be required for ARM based SoC's.
Currently, the only code under CONFIG_SECURE_BOOT for ARM SoC's is
defining CONFIG_ENV_IS_NOWHERE
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
9 years ago
|
|
|
#endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
|
|
|
|
#endif
|