armv8/ls1043ardb: add SECURE BOOT target for NOR

LS1043ARDB Secure Boot Target from NOR has been added.
- Configs defined to enable esbc_validate.
- ESBC Address in header is made 64 bit.
- SMMU is re-configured in Bypass mode.

Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>

3 files changed, 44 insertions, 13 deletions

diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c
index 73b6718db9..b510c71c40 100644
--- a/board/freescale/common/fsl_validate.c
+++ b/board/freescale/common/fsl_validate.c
@@ -15,7 +15,7 @@
 #include <u-boot/rsa-mod-exp.h>
 #include <hash.h>
 #include <fsl_secboot_err.h>
-#ifndef CONFIG_MPC85xx
+#ifdef CONFIG_LS102XA
 #include <asm/arch/immap_ls102xa.h>
 #endif
 
@@ -99,7 +99,8 @@ int get_csf_base_addr(u32 *csf_addr, u32 *flash_base_addr)
 	struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR);
 	u32 csf_hdr_addr = in_be32(&gur->scratchrw[0]);
 
-	if (memcmp((u8 *)csf_hdr_addr, barker_code, ESBC_BARKER_LEN))
+	if (memcmp((u8 *)(uintptr_t)csf_hdr_addr,
+		   barker_code, ESBC_BARKER_LEN))
 		return -1;
 
 	*csf_addr = csf_hdr_addr;
@@ -117,7 +118,7 @@ static int get_ie_info_addr(u32 *ie_addr)
 	if (get_csf_base_addr(&csf_addr, &flash_base_addr))
 		return -1;
 
-	hdr = (struct fsl_secboot_img_hdr *)csf_addr;
+	hdr = (struct fsl_secboot_img_hdr *)(uintptr_t)csf_addr;
 
 	/* For SoC's with Trust Architecture v1 with corenet bus
 	 * the sg table field in CSF header has absolute address
@@ -130,7 +131,7 @@ static int get_ie_info_addr(u32 *ie_addr)
 		 (((u32)hdr->psgtable & ~(CONFIG_SYS_PBI_FLASH_BASE)) +
 		  flash_base_addr);
 #else
-	sg_tbl = (struct fsl_secboot_sg_table *)(csf_addr +
+	sg_tbl = (struct fsl_secboot_sg_table *)(uintptr_t)(csf_addr +
 						 (u32)hdr->psgtable);
 #endif
 
@@ -379,8 +380,8 @@ static int calc_img_key_hash(struct fsl_secboot_img_priv *img)
 #ifdef CONFIG_KEY_REVOCATION
 	if (check_srk(img)) {
 		ret = algo->hash_update(algo, ctx,
-			(u8 *)(img->ehdrloc + img->hdr.srk_tbl_off),
-			img->hdr.len_kr.num_srk * sizeof(struct srk_table), 1);
+		      (u8 *)(uintptr_t)(img->ehdrloc + img->hdr.srk_tbl_off),
+		      img->hdr.len_kr.num_srk * sizeof(struct srk_table), 1);
 		srk = 1;
 	}
 #endif
@@ -438,8 +439,8 @@ static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img)
 #ifdef CONFIG_KEY_REVOCATION
 	if (check_srk(img)) {
 		ret = algo->hash_update(algo, ctx,
-			(u8 *)(img->ehdrloc + img->hdr.srk_tbl_off),
-			img->hdr.len_kr.num_srk * sizeof(struct srk_table), 0);
+		      (u8 *)(uintptr_t)(img->ehdrloc + img->hdr.srk_tbl_off),
+		      img->hdr.len_kr.num_srk * sizeof(struct srk_table), 0);
 		key_hash = 1;
 	}
 #endif
@@ -454,8 +455,13 @@ static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img)
 		return ret;
 
 	/* Update hash for actual Image */
+#ifdef CONFIG_ESBC_ADDR_64BIT
 	ret = algo->hash_update(algo, ctx,
-			(u8 *)img->hdr.pimg, img->hdr.img_size, 1);
+		(u8 *)(uintptr_t)img->hdr.pimg64, img->hdr.img_size, 1);
+#else
+	ret = algo->hash_update(algo, ctx,
+		(u8 *)(uintptr_t)img->hdr.pimg, img->hdr.img_size, 1);
+#endif
 	if (ret)
 		return ret;
 
@@ -533,7 +539,7 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img)
 {
 	char buf[20];
 	struct fsl_secboot_img_hdr *hdr = &img->hdr;
-	void *esbc = (u8 *)img->ehdrloc;
+	void *esbc = (u8 *)(uintptr_t)img->ehdrloc;
 	u8 *k, *s;
 #ifdef CONFIG_KEY_REVOCATION
 	u32 ret;
@@ -549,7 +555,11 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img)
 	if (memcmp(hdr->barker, barker_code, ESBC_BARKER_LEN))
 		return ERROR_ESBC_CLIENT_HEADER_BARKER;
 
+#ifdef CONFIG_ESBC_ADDR_64BIT
+	sprintf(buf, "%llx", hdr->pimg64);
+#else
 	sprintf(buf, "%x", hdr->pimg);
+#endif
 	setenv("img_addr", buf);
 
 	if (!hdr->img_size)
@@ -594,7 +604,7 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img)
 	if (!key_found && check_ie(img)) {
 		if (get_ie_info_addr(&img->ie_addr))
 			return ERROR_IE_TABLE_NOT_FOUND;
-		ie_info = (struct ie_key_info *)img->ie_addr;
+		ie_info = (struct ie_key_info *)(uintptr_t)img->ie_addr;
 		if (ie_info->num_keys == 0 || ie_info->num_keys > 32)
 			return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY;
 
@@ -748,7 +758,7 @@ int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc,
 
 	hdr = &img->hdr;
 	img->ehdrloc = addr;
-	esbc = (u8 *)img->ehdrloc;
+	esbc = (u8 *)(uintptr_t)img->ehdrloc;
 
 	memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr));
 
diff --git a/board/freescale/ls1043ardb/MAINTAINERS b/board/freescale/ls1043ardb/MAINTAINERS
index efca5bf245..84ffb638d8 100644
--- a/board/freescale/ls1043ardb/MAINTAINERS
+++ b/board/freescale/ls1043ardb/MAINTAINERS
@@ -7,3 +7,8 @@ F:	include/configs/ls1043ardb.h
 F:	configs/ls1043ardb_defconfig
 F:	configs/ls1043ardb_nand_defconfig
 F:	configs/ls1043ardb_sdcard_defconfig
+
+LS1043A_SECURE_BOOT BOARD
+M:	Aneesh Bansal <aneesh.bansal@freescale.com>
+S:	Maintained
+F:	configs/ls1043ardb_SECURE_BOOT_defconfig
diff --git a/board/freescale/ls1043ardb/ls1043ardb.c b/board/freescale/ls1043ardb/ls1043ardb.c
index 4556ea8ad1..c8f723a108 100644
--- a/board/freescale/ls1043ardb/ls1043ardb.c
+++ b/board/freescale/ls1043ardb/ls1043ardb.c
@@ -18,6 +18,8 @@
 #include <fsl_csu.h>
 #include <fsl_esdhc.h>
 #include <fsl_ifc.h>
+#include <environment.h>
+#include <fsl_sec.h>
 #include "cpld.h"
 
 DECLARE_GLOBAL_DATA_PTR;
@@ -123,7 +125,21 @@ int config_board_mux(void)
 int misc_init_r(void)
 {
 	config_board_mux();
-
+#ifdef CONFIG_SECURE_BOOT
+	/* In case of Secure Boot, the IBR configures the SMMU
+	 * to allow only Secure transactions.
+	 * SMMU must be reset in bypass mode.
+	 * Set the ClientPD bit and Clear the USFCFG Bit
+	 */
+	u32 val;
+	val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK);
+	out_le32(SMMU_SCR0, val);
+	val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK);
+	out_le32(SMMU_NSCR0, val);
+#endif
+#ifdef CONFIG_FSL_CAAM
+	return sec_init();
+#endif
 	return 0;
 }
 #endif