From e04916a721a2069fc770412c57974d02e153ad18 Mon Sep 17 00:00:00 2001 From: gaurav rana Date: Fri, 27 Feb 2015 09:46:17 +0530 Subject: SECURE_BOOT : enable esbc_validate command for powerpc and arm platforms. esbc_validate command uses various IP Blocks: Security Monitor, CAAM block and SFP registers. Hence the respective CONFIG's are enabled. Apart from these CONFIG_SHA_PROG_HW_ACCEL and CONFIG_RSA are also enabled. Signed-off-by: Gaurav Rana Reviewed-by: York Sun --- arch/powerpc/include/asm/config_mpc85xx.h | 1 + arch/powerpc/include/asm/fsl_secure_boot.h | 35 ++++++++++++++++++++++++++++++ arch/powerpc/include/asm/immap_85xx.h | 6 ++++- 3 files changed, 41 insertions(+), 1 deletion(-) (limited to 'arch/powerpc') diff --git a/arch/powerpc/include/asm/config_mpc85xx.h b/arch/powerpc/include/asm/config_mpc85xx.h index cb0f44199d..69e05923f6 100644 --- a/arch/powerpc/include/asm/config_mpc85xx.h +++ b/arch/powerpc/include/asm/config_mpc85xx.h @@ -26,6 +26,7 @@ #define CONFIG_SYS_FSL_IFC_BE #define CONFIG_SYS_FSL_SEC_BE #define CONFIG_SYS_FSL_SFP_BE +#define CONFIG_SYS_FSL_SEC_MON_BE /* Number of TLB CAM entries we have on FSL Book-E chips */ #if defined(CONFIG_E500MC) diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h index b4c0c99b39..49f6814383 100644 --- a/arch/powerpc/include/asm/fsl_secure_boot.h +++ b/arch/powerpc/include/asm/fsl_secure_boot.h @@ -6,6 +6,19 @@ #ifndef __FSL_SECURE_BOOT_H #define __FSL_SECURE_BOOT_H +#include + +#ifdef CONFIG_SECURE_BOOT +#define CONFIG_CMD_ESBC_VALIDATE +#define CONFIG_FSL_SEC_MON +#define CONFIG_SHA_PROG_HW_ACCEL +#define CONFIG_DM +#define CONFIG_RSA +#define CONFIG_RSA_FREESCALE_EXP +#ifndef CONFIG_FSL_CAAM +#define CONFIG_FSL_CAAM +#endif +#endif #ifdef CONFIG_SECURE_BOOT #if defined(CONFIG_FSL_CORENET) @@ -28,9 +41,31 @@ defined(CONFIG_PPC_T1023) || \ defined(CONFIG_PPC_T1024) #define CONFIG_SYS_CPC_REINIT_F +#define CONFIG_KEY_REVOCATION #undef CONFIG_SYS_INIT_L3_ADDR #define CONFIG_SYS_INIT_L3_ADDR 0xbff00000 #endif +#if defined(CONFIG_C29XPCIE) +#define CONFIG_KEY_REVOCATION +#endif + +#if defined(CONFIG_PPC_P3041) || \ + defined(CONFIG_PPC_P4080) || \ + defined(CONFIG_PPC_P5020) || \ + defined(CONFIG_PPC_P5040) || \ + defined(CONFIG_PPC_P2041) + #define CONFIG_FSL_TRUST_ARCH_v1 +#endif + +#if defined(CONFIG_FSL_CORENET) +/* The key used for verification of next level images + * is picked up from an Extension Table which has + * been verified by the ISBC (Internal Secure boot Code) + * in boot ROM of the SoC + */ +#define CONFIG_FSL_ISBC_KEY_EXT +#endif + #endif #endif diff --git a/arch/powerpc/include/asm/immap_85xx.h b/arch/powerpc/include/asm/immap_85xx.h index f89b90b724..0c9d85ec96 100644 --- a/arch/powerpc/include/asm/immap_85xx.h +++ b/arch/powerpc/include/asm/immap_85xx.h @@ -2883,6 +2883,7 @@ struct ccsr_pman { #define CONFIG_SYS_MPC85xx_SATA2_OFFSET 0x221000 #define CONFIG_SYS_FSL_SEC_OFFSET 0x300000 #define CONFIG_SYS_FSL_JR0_OFFSET 0x301000 +#define CONFIG_SYS_SEC_MON_OFFSET 0x314000 #define CONFIG_SYS_FSL_CORENET_PME_OFFSET 0x316000 #define CONFIG_SYS_FSL_QMAN_OFFSET 0x318000 #define CONFIG_SYS_FSL_BMAN_OFFSET 0x31a000 @@ -2950,7 +2951,7 @@ struct ccsr_pman { #endif #define CONFIG_SYS_MPC85xx_SERDES2_OFFSET 0xE3100 #define CONFIG_SYS_MPC85xx_SERDES1_OFFSET 0xE3000 -#define CONFIG_SYS_SNVS_OFFSET 0xE6000 +#define CONFIG_SYS_SEC_MON_OFFSET 0xE6000 #define CONFIG_SYS_SFP_OFFSET 0xE7000 #define CONFIG_SYS_MPC85xx_CPM_OFFSET 0x80000 #define CONFIG_SYS_FSL_QMAN_OFFSET 0x88000 @@ -3080,6 +3081,9 @@ struct ccsr_pman { #define CONFIG_SYS_SFP_ADDR \ (CONFIG_SYS_IMMR + CONFIG_SYS_SFP_OFFSET) +#define CONFIG_SYS_SEC_MON_ADDR \ + (CONFIG_SYS_IMMR + CONFIG_SYS_SEC_MON_OFFSET) + #define TSEC_BASE_ADDR (CONFIG_SYS_IMMR + CONFIG_SYS_TSEC1_OFFSET) #define MDIO_BASE_ADDR (CONFIG_SYS_IMMR + CONFIG_SYS_MDIO1_OFFSET) -- cgit v1.2.1