From aa36c84edfcfd8c7d0348511e7b0fbb43514cd35 Mon Sep 17 00:00:00 2001 From: Sumit Garg Date: Thu, 14 Jul 2016 12:27:52 -0400 Subject: [PATCH] powerpc/mpc85xx: T104x: Add nand secure boot target For mpc85xx SoCs, the core begins execution from address 0xFFFFFFFC. In non-secure boot scenario from NAND, this address will map to CPC configured as SRAM. But in case of secure boot, this default address always maps to IBR (Internal Boot ROM). The IBR code requires that the bootloader(U-boot) must lie in 0 to 3.5G address space i.e. 0x0 - 0xDFFFFFFF. For secure boot target from NAND, the text base for SPL is kept same as non-secure boot target i.e. 0xFFFx_xxxx but the SPL U-boot binary will be copied to CPC configured as SRAM with address in 0-3.5G(0xBFFC_0000) As a the virtual and physical address of CPC would be different. The virtual address 0xFFFx_xxxx needs to be mapped to physical address 0xBFFx_xxxx. Create a new PBI file to configure CPC as SRAM with address 0xBFFC0000 and update DCFG SCRTACH1 register with location of Header required for secure boot. The changes are similar to commit 467a40dfe35f48d830f01a72617207d03ca85b4d powerpc/mpc85xx: SECURE BOOT- NAND secure boot target for P3041 While P3041 has a 1MB CPC and does not require SPL. On T104x, CPC is only 256K and thus SPL framework is used. The changes are only applicable for SPL U-Boot running out of CPC SRAM and not the next level U-Boot loaded on DDR. Reviewed-by: Ruchika Gupta Reviewed-by: Simon Glass Signed-off-by: Aneesh Bansal Signed-off-by: Sumit Garg Reviewed-by: York Sun --- arch/powerpc/cpu/mpc85xx/cpu_init.c | 4 +- arch/powerpc/cpu/mpc85xx/start.S | 12 ++++-- arch/powerpc/include/asm/fsl_secure_boot.h | 10 ++++- board/freescale/t104xrdb/t104x_pbi_sb.cfg | 38 +++++++++++++++++++ board/freescale/t104xrdb/tlb.c | 15 +++++++- .../T1042RDB_PI_NAND_SECURE_BOOT_defconfig | 30 +++++++++++++++ include/configs/T104xRDB.h | 29 +++++++++++++- 7 files changed, 130 insertions(+), 8 deletions(-) create mode 100644 board/freescale/t104xrdb/t104x_pbi_sb.cfg create mode 100644 configs/T1042RDB_PI_NAND_SECURE_BOOT_defconfig diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init.c b/arch/powerpc/cpu/mpc85xx/cpu_init.c index 61f5639e0d..ace42799f7 100644 --- a/arch/powerpc/cpu/mpc85xx/cpu_init.c +++ b/arch/powerpc/cpu/mpc85xx/cpu_init.c @@ -439,7 +439,7 @@ ulong cpu_init_f(void) #ifdef CONFIG_SYS_DCSRBAR_PHYS ccsr_gur_t *gur = (void *)(CONFIG_SYS_MPC85xx_GUTS_ADDR); #endif -#if defined(CONFIG_SECURE_BOOT) +#if defined(CONFIG_SECURE_BOOT) && !defined(CONFIG_SYS_RAMBOOT) struct law_entry law; #endif #ifdef CONFIG_MPC8548 @@ -459,7 +459,7 @@ ulong cpu_init_f(void) disable_tlb(14); disable_tlb(15); -#if defined(CONFIG_SECURE_BOOT) +#if defined(CONFIG_SECURE_BOOT) && !defined(CONFIG_SYS_RAMBOOT) /* Disable the LAW created for NOR flash by the PBI commands */ law = find_law(CONFIG_SYS_PBI_FLASH_BASE); if (law.index != -1) diff --git a/arch/powerpc/cpu/mpc85xx/start.S b/arch/powerpc/cpu/mpc85xx/start.S index 4c51225868..c3e12349f7 100644 --- a/arch/powerpc/cpu/mpc85xx/start.S +++ b/arch/powerpc/cpu/mpc85xx/start.S @@ -1069,17 +1069,23 @@ create_init_ram_area: #elif !defined(CONFIG_SYS_RAMBOOT) && defined(CONFIG_SECURE_BOOT) /* create a temp mapping in AS = 1 for Flash mapping * created by PBL for ISBC code - */ + */ create_tlb1_entry 15, \ 1, BOOKE_PAGESZ_1M, \ CONFIG_SYS_MONITOR_BASE & 0xfff00000, MAS2_I|MAS2_G, \ CONFIG_SYS_PBI_FLASH_WINDOW & 0xfff00000, MAS3_SX|MAS3_SW|MAS3_SR, \ 0, r6 -#elif defined(CONFIG_RAMBOOT_PBL) && defined(CONFIG_SECURE_BOOT) +/* + * For Targets without CONFIG_SPL like P3, P5 + * and for targets with CONFIG_SPL like T1, T2, T4, only for + * u-boot-spl i.e. CONFIG_SPL_BUILD + */ +#elif defined(CONFIG_RAMBOOT_PBL) && defined(CONFIG_SECURE_BOOT) && \ + (!defined(CONFIG_SPL) || defined(CONFIG_SPL_BUILD)) /* create a temp mapping in AS = 1 for mapping CONFIG_SYS_MONITOR_BASE * to L3 Address configured by PBL for ISBC code - */ + */ create_tlb1_entry 15, \ 1, BOOKE_PAGESZ_1M, \ CONFIG_SYS_MONITOR_BASE & 0xfff00000, MAS2_I|MAS2_G, \ diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h index 9420021d64..2e2d565ba4 100644 --- a/arch/powerpc/include/asm/fsl_secure_boot.h +++ b/arch/powerpc/include/asm/fsl_secure_boot.h @@ -35,7 +35,9 @@ defined(CONFIG_T104xD4RDB) || \ defined(CONFIG_PPC_T1023) || \ defined(CONFIG_PPC_T1024) +#ifndef CONFIG_SYS_RAMBOOT #define CONFIG_SYS_CPC_REINIT_F +#endif #define CONFIG_KEY_REVOCATION #undef CONFIG_SYS_INIT_L3_ADDR #define CONFIG_SYS_INIT_L3_ADDR 0xbff00000 @@ -43,7 +45,13 @@ #if defined(CONFIG_RAMBOOT_PBL) #undef CONFIG_SYS_INIT_L3_ADDR -#define CONFIG_SYS_INIT_L3_ADDR 0xbff00000 +#ifdef CONFIG_SYS_INIT_L3_VADDR +#define CONFIG_SYS_INIT_L3_ADDR \ + (CONFIG_SYS_INIT_L3_VADDR & ~0xFFF00000) | \ + 0xbff00000 +#else +#define CONFIG_SYS_INIT_L3_ADDR 0xbff00000 +#endif #endif #if defined(CONFIG_C29XPCIE) diff --git a/board/freescale/t104xrdb/t104x_pbi_sb.cfg b/board/freescale/t104xrdb/t104x_pbi_sb.cfg new file mode 100644 index 0000000000..98dc8e4c24 --- /dev/null +++ b/board/freescale/t104xrdb/t104x_pbi_sb.cfg @@ -0,0 +1,38 @@ +#PBI commands +#Software Workaround for errata A-007662 to train PCIe2 controller in Gen2 speed +09250100 00000400 +09250108 00002000 +#Software Workaround for errata A-008007 to reset PVR register +09000010 0000000b +09000014 c0000000 +09000018 81d00017 +89020400 a1000000 +091380c0 000f0000 +89020400 00000000 +#Initialize CPC1 +09010000 00200400 +09138000 00000000 +091380c0 00000100 +#Configure CPC1 as 256KB SRAM +09010100 00000000 +09010104 bffc0007 +09010f00 081e000d +09010000 80000000 +#Configure LAW for CPC1 +09000cd0 00000000 +09000cd4 bffc0000 +09000cd8 81000011 +#Configure alternate space +09000010 00000000 +09000014 bf000000 +09000018 81000000 +#Configure SPI controller +09110000 80000403 +09110020 2d170008 +09110024 00100008 +09110028 00100008 +0911002c 00100008 +#Flush PBL data +091380c0 000FFFFF +090e0200 bffd0000 +091380c0 000FFFFF diff --git a/board/freescale/t104xrdb/tlb.c b/board/freescale/t104xrdb/tlb.c index 95c15aa596..7c0511e268 100644 --- a/board/freescale/t104xrdb/tlb.c +++ b/board/freescale/t104xrdb/tlb.c @@ -28,7 +28,8 @@ struct fsl_e_tlb_entry tlb_table[] = { /* TLB 1 */ /* *I*** - Covers boot page */ -#if defined(CONFIG_SYS_RAMBOOT) && defined(CONFIG_SYS_INIT_L3_ADDR) +#if defined(CONFIG_SYS_RAMBOOT) && defined(CONFIG_SYS_INIT_L3_ADDR) && \ + !defined(CONFIG_SECURE_BOOT) /* * *I*G - L3SRAM. When L3 is used as 256K SRAM, the address of the * SRAM is at 0xfffc0000, it covered the 0xfffff000. @@ -36,6 +37,18 @@ struct fsl_e_tlb_entry tlb_table[] = { SET_TLB_ENTRY(1, CONFIG_SYS_INIT_L3_ADDR, CONFIG_SYS_INIT_L3_ADDR, MAS3_SX|MAS3_SW|MAS3_SR, MAS2_I|MAS2_G, 0, 0, BOOKE_PAGESZ_256K, 1), + +#elif defined(CONFIG_SECURE_BOOT) && defined(CONFIG_SPL_BUILD) + /* + * *I*G - L3SRAM. When L3 is used as 256K SRAM, in case of Secure Boot + * the physical address of the SRAM is at 0xbffc0000, + * and virtual address is 0xfffc0000 + */ + + SET_TLB_ENTRY(1, CONFIG_SYS_INIT_L3_VADDR, + CONFIG_SYS_INIT_L3_ADDR, + MAS3_SX|MAS3_SW|MAS3_SR, MAS2_I|MAS2_G, + 0, 0, BOOKE_PAGESZ_256K, 1), #else SET_TLB_ENTRY(1, 0xfffff000, 0xfffff000, MAS3_SX|MAS3_SW|MAS3_SR, MAS2_I|MAS2_G, diff --git a/configs/T1042RDB_PI_NAND_SECURE_BOOT_defconfig b/configs/T1042RDB_PI_NAND_SECURE_BOOT_defconfig new file mode 100644 index 0000000000..2e162554c6 --- /dev/null +++ b/configs/T1042RDB_PI_NAND_SECURE_BOOT_defconfig @@ -0,0 +1,30 @@ +CONFIG_PPC=y +CONFIG_MPC85xx=y +CONFIG_TARGET_T104XRDB=y +CONFIG_SPL=y +CONFIG_FIT=y +CONFIG_FIT_VERBOSE=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_OF_STDOUT_VIA_ALIAS=y +CONFIG_SYS_EXTRA_OPTIONS="PPC_T1042,T1042RDB_PI,RAMBOOT_PBL,SPL_FSL_PBL,NAND,SECURE_BOOT" +CONFIG_BOOTDELAY=0 +CONFIG_HUSH_PARSER=y +CONFIG_CMD_GREPENV=y +CONFIG_CMD_MMC=y +CONFIG_CMD_SF=y +CONFIG_CMD_I2C=y +CONFIG_CMD_USB=y +CONFIG_CMD_DHCP=y +CONFIG_CMD_MII=y +CONFIG_CMD_PING=y +CONFIG_CMD_EXT2=y +CONFIG_CMD_FAT=y +CONFIG_SPI_FLASH=y +CONFIG_SPI_FLASH_STMICRO=y +CONFIG_NETDEVICES=y +CONFIG_E1000=y +CONFIG_SYS_NS16550=y +CONFIG_FSL_ESPI=y +CONFIG_OF_LIBFDT=y +CONFIG_RSA=y +CONFIG_DM=y diff --git a/include/configs/T104xRDB.h b/include/configs/T104xRDB.h index a8f4f742e6..2ec1962f5f 100644 --- a/include/configs/T104xRDB.h +++ b/include/configs/T104xRDB.h @@ -18,7 +18,14 @@ #include #ifdef CONFIG_RAMBOOT_PBL + +#ifndef CONFIG_SECURE_BOOT #define CONFIG_SYS_FSL_PBL_PBI $(SRCTREE)/board/freescale/t104xrdb/t104x_pbi.cfg +#else +#define CONFIG_SYS_FSL_PBL_PBI \ + $(SRCTREE)/board/freescale/t104xrdb/t104x_pbi_sb.cfg +#endif + #ifdef CONFIG_T1040RDB #define CONFIG_SYS_FSL_PBL_RCW $(SRCTREE)/board/freescale/t104xrdb/t1040_rcw.cfg #endif @@ -62,7 +69,17 @@ $(SRCTREE)/board/freescale/t104xrdb/t1042d4_rcw.cfg #ifdef CONFIG_NAND #define CONFIG_SPL_NAND_SUPPORT +#ifdef CONFIG_SECURE_BOOT +#define CONFIG_U_BOOT_HDR_SIZE (16 << 10) +/* + * HDR would be appended at end of image and copied to DDR along + * with U-Boot image. + */ +#define CONFIG_SYS_NAND_U_BOOT_SIZE ((768 << 10) + \ + CONFIG_U_BOOT_HDR_SIZE) +#else #define CONFIG_SYS_NAND_U_BOOT_SIZE (768 << 10) +#endif #define CONFIG_SYS_NAND_U_BOOT_DST 0x30000000 #define CONFIG_SYS_NAND_U_BOOT_START 0x30000000 #define CONFIG_SYS_NAND_U_BOOT_OFFS (256 << 10) @@ -161,6 +178,10 @@ $(SRCTREE)/board/freescale/t104xrdb/t1042d4_rcw.cfg #define CONFIG_ENV_SIZE 0x2000 #define CONFIG_ENV_OFFSET (512 * 0x800) #elif defined(CONFIG_NAND) +#ifdef CONFIG_SECURE_BOOT +#define CONFIG_RAMBOOT_NAND +#define CONFIG_BOOTSCRIPT_COPY_RAM +#endif #define CONFIG_SYS_EXTRA_ENV_RELOC #define CONFIG_ENV_IS_IN_NAND #define CONFIG_ENV_SIZE 0x2000 @@ -202,8 +223,14 @@ $(SRCTREE)/board/freescale/t104xrdb/t1042d4_rcw.cfg * Config the L3 Cache as L3 SRAM */ #define CONFIG_SYS_INIT_L3_ADDR 0xFFFC0000 +/* + * For Secure Boot CONFIG_SYS_INIT_L3_ADDR will be redefined and hence + * Physical address (CONFIG_SYS_INIT_L3_ADDR) and virtual address + * (CONFIG_SYS_INIT_L3_VADDR) will be different. + */ +#define CONFIG_SYS_INIT_L3_VADDR 0xFFFC0000 #define CONFIG_SYS_L3_SIZE 256 << 10 -#define CONFIG_SPL_GD_ADDR (CONFIG_SYS_INIT_L3_ADDR + 32 * 1024) +#define CONFIG_SPL_GD_ADDR (CONFIG_SYS_INIT_L3_VADDR + 32 * 1024) #ifdef CONFIG_RAMBOOT_PBL #define CONFIG_ENV_ADDR (CONFIG_SPL_GD_ADDR + 4 * 1024) #endif