powerpc/p4080: Add support for secure boot flow
Pre u-boot Flow:
1. User loads the u-boot image in flash
2. PBL/Configuration word is used to create LAW for Flash at 0xc0000000
(Please note that ISBC expects all these addresses, images to be
validated, entry point etc within 0 - 3.5G range)
3. ISBC validates the u-boot image, and passes control to u-boot
at 0xcffffffc.
Changes in u-boot:
1. Temporarily map CONFIG_SYS_MONITOR_BASE to the 1M
CONFIG_SYS_PBI_FLASH_WINDOW in AS=1.
(The CONFIG_SYS_PBI_FLASH_WINDOW is the address map for the flash
created by PBL/configuration word within 0 - 3.5G memory range. The
u-boot image at this address has been validated by ISBC code)
2. Remove TLB entries for 0 - 3.5G created by ISBC code
3. Remove the LAW entry for the CONFIG_SYS_PBI_FLASH_WINDOW created by
PBL/configuration word after switch to AS = 1
Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Kuldip Giroh <kuldip.giroh@freescale.com>
Acked-by: Wood Scott-B07421 <B07421@freescale.com>
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init.c b/arch/powerpc/cpu/mpc85xx/cpu_init.c
index 27f836c..e2c5b6f 100644
--- a/arch/powerpc/cpu/mpc85xx/cpu_init.c
+++ b/arch/powerpc/cpu/mpc85xx/cpu_init.c
@@ -226,7 +226,9 @@
#ifdef CONFIG_SYS_DCSRBAR_PHYS
ccsr_gur_t *gur = (void *)(CONFIG_SYS_MPC85xx_GUTS_ADDR);
#endif
-
+#if defined(CONFIG_SECURE_BOOT)
+ struct law_entry law;
+#endif
#ifdef CONFIG_MPC8548
ccsr_local_ecm_t *ecm = (void *)(CONFIG_SYS_MPC85xx_ECM_ADDR);
uint svr = get_svr();
@@ -244,6 +246,13 @@
disable_tlb(14);
disable_tlb(15);
+#if defined(CONFIG_SECURE_BOOT)
+ /* Disable the LAW created for NOR flash by the PBI commands */
+ law = find_law(CONFIG_SYS_PBI_FLASH_BASE);
+ if (law.index != -1)
+ disable_law(law.index);
+#endif
+
#ifdef CONFIG_CPM2
config_8560_ioports((ccsr_cpm_t *)CONFIG_SYS_MPC85xx_CPM_ADDR);
#endif
diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init_early.c b/arch/powerpc/cpu/mpc85xx/cpu_init_early.c
index a04f5c1..4ef3c9a 100644
--- a/arch/powerpc/cpu/mpc85xx/cpu_init_early.c
+++ b/arch/powerpc/cpu/mpc85xx/cpu_init_early.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2009 Freescale Semiconductor, Inc
+ * Copyright 2009-2011 Freescale Semiconductor, Inc
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
@@ -149,5 +149,13 @@
#endif
invalidate_tlb(1);
+
+#if defined(CONFIG_SECURE_BOOT)
+ /* Disable the TLBs created by ISBC */
+ for (i = CONFIG_SYS_ISBC_START_TLB;
+ i < CONFIG_SYS_ISBC_START_TLB + CONFIG_SYS_ISBC_NUM_TLBS; i++)
+ disable_tlb(i);
+#endif
+
init_tlbs();
}
diff --git a/arch/powerpc/cpu/mpc85xx/start.S b/arch/powerpc/cpu/mpc85xx/start.S
index d89d18c..5e0d78d 100644
--- a/arch/powerpc/cpu/mpc85xx/start.S
+++ b/arch/powerpc/cpu/mpc85xx/start.S
@@ -83,6 +83,45 @@
_start_e500:
+#if defined(CONFIG_SECURE_BOOT) && defined(CONFIG_E500MC)
+ /* ISBC uses L2 as stack.
+ * Disable L2 cache here so that u-boot can enable it later
+ * as part of it's normal flow
+ */
+
+ /* Check if L2 is enabled */
+ mfspr r3, SPRN_L2CSR0
+ lis r2, L2CSR0_L2E@h
+ ori r2, r2, L2CSR0_L2E@l
+ and. r4, r3, r2
+ beq l2_disabled
+
+ mfspr r3, SPRN_L2CSR0
+ /* Flush L2 cache */
+ lis r2,(L2CSR0_L2FL)@h
+ ori r2, r2, (L2CSR0_L2FL)@l
+ or r3, r2, r3
+ sync
+ isync
+ mtspr SPRN_L2CSR0,r3
+ isync
+1:
+ mfspr r3, SPRN_L2CSR0
+ and. r1, r3, r2
+ bne 1b
+
+ mfspr r3, SPRN_L2CSR0
+ lis r2, L2CSR0_L2E@h
+ ori r2, r2, L2CSR0_L2E@l
+ andc r4, r3, r2
+ sync
+ isync
+ mtspr SPRN_L2CSR0,r4
+ isync
+
+l2_disabled:
+#endif
+
/* clear registers/arrays not reset by hardware */
/* L1 */
@@ -516,7 +555,7 @@
lis r6,FSL_BOOKE_MAS0(1, 15, 0)@h
ori r6,r6,FSL_BOOKE_MAS0(1, 15, 0)@l
-#ifndef CONFIG_SYS_RAMBOOT
+#if !defined(CONFIG_SYS_RAMBOOT) && !defined(CONFIG_SECURE_BOOT)
/* create a temp mapping in AS=1 to the 4M boot window */
lis r7,FSL_BOOKE_MAS1(1, 1, 0, 1, BOOKE_PAGESZ_4M)@h
ori r7,r7,FSL_BOOKE_MAS1(1, 1, 0, 1, BOOKE_PAGESZ_4M)@l
@@ -527,6 +566,20 @@
/* The 85xx has the default boot window 0xff800000 - 0xffffffff */
lis r9,FSL_BOOKE_MAS3(0xffc00000, 0, (MAS3_SX|MAS3_SW|MAS3_SR))@h
ori r9,r9,FSL_BOOKE_MAS3(0xffc00000, 0, (MAS3_SX|MAS3_SW|MAS3_SR))@l
+#elif !defined(CONFIG_SYS_RAMBOOT) && defined(CONFIG_SECURE_BOOT)
+ /* create a temp mapping in AS = 1 for Flash mapping
+ * created by PBL for ISBC code
+ */
+ lis r7,FSL_BOOKE_MAS1(1, 1, 0, 1, BOOKE_PAGESZ_1M)@h
+ ori r7,r7,FSL_BOOKE_MAS1(1, 1, 0, 1, BOOKE_PAGESZ_1M)@l
+
+ lis r8,FSL_BOOKE_MAS2(CONFIG_SYS_MONITOR_BASE, (MAS2_I|MAS2_G))@h
+ ori r8,r8,FSL_BOOKE_MAS2(CONFIG_SYS_MONITOR_BASE, (MAS2_I|MAS2_G))@l
+
+ lis r9,FSL_BOOKE_MAS3(CONFIG_SYS_PBI_FLASH_WINDOW, 0,
+ (MAS3_SX|MAS3_SW|MAS3_SR))@h
+ ori r9,r9,FSL_BOOKE_MAS3(CONFIG_SYS_PBI_FLASH_WINDOW, 0,
+ (MAS3_SX|MAS3_SW|MAS3_SR))@l
#else
/*
* create a temp mapping in AS=1 to the 1M CONFIG_SYS_MONITOR_BASE space, the main
diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h
new file mode 100644
index 0000000..d1c1967
--- /dev/null
+++ b/arch/powerpc/include/asm/fsl_secure_boot.h
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2010-2011 Freescale Semiconductor, Inc.
+ *
+ * See file CREDITS for list of people who contributed to this
+ * project.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston,
+ * MA 02111-1307 USA
+ */
+
+#ifndef __FSL_SECURE_BOOT_H
+#define __FSL_SECURE_BOOT_H
+
+/* Starting TLB number for the TLB entried for 3.5 G space created by ISBC */
+#if defined(CONFIG_FSL_CORENET)
+#define CONFIG_SYS_ISBC_START_TLB 3
+#else
+#define CONFIG_SYS_ISBC_START_TLB 0
+#endif
+
+/* Number fo TLB's created by ISBC */
+#define CONFIG_SYS_ISBC_NUM_TLBS 5
+
+#if defined(CONFIG_FSL_CORENET)
+#define CONFIG_SYS_PBI_FLASH_BASE 0xc0000000
+#else
+#define CONFIG_SYS_PBI_FLASH_BASE 0xce000000
+#endif
+#define CONFIG_SYS_PBI_FLASH_WINDOW 0xcff80000
+
+#endif
diff --git a/arch/powerpc/include/asm/immap_85xx.h b/arch/powerpc/include/asm/immap_85xx.h
index 0dd57f3..135e2d8 100644
--- a/arch/powerpc/include/asm/immap_85xx.h
+++ b/arch/powerpc/include/asm/immap_85xx.h
@@ -2396,6 +2396,8 @@
#define CONFIG_SYS_MPC85xx_ESDHC_OFFSET 0x2e000
#define CONFIG_SYS_MPC85xx_SERDES2_OFFSET 0xE3100
#define CONFIG_SYS_MPC85xx_SERDES1_OFFSET 0xE3000
+#define CONFIG_SYS_SNVS_OFFSET 0xE6000
+#define CONFIG_SYS_SFP_OFFSET 0xE7000
#define CONFIG_SYS_MPC85xx_CPM_OFFSET 0x80000
#define CONFIG_SYS_FSL_QMAN_OFFSET 0x88000
#define CONFIG_SYS_FSL_BMAN_OFFSET 0x8a000
diff --git a/boards.cfg b/boards.cfg
index acbf664..ebf4240 100644
--- a/boards.cfg
+++ b/boards.cfg
@@ -670,6 +670,7 @@
P3041DS_SPIFLASH powerpc mpc85xx corenet_ds freescale - P3041DS:RAMBOOT_PBL,SPIFLASH,SYS_TEXT_BASE=0xFFF80000
P4080DS powerpc mpc85xx corenet_ds freescale
P4080DS_SDCARD powerpc mpc85xx corenet_ds freescale - P4080DS:RAMBOOT_PBL,SDCARD,SYS_TEXT_BASE=0xFFF80000
+P4080DS_SECURE_BOOT powerpc mpc85xx corenet_ds freescale - P4080DS:SECURE_BOOT
P4080DS_SPIFLASH powerpc mpc85xx corenet_ds freescale - P4080DS:RAMBOOT_PBL,SPIFLASH,SYS_TEXT_BASE=0xFFF80000
P5020DS powerpc mpc85xx corenet_ds freescale
P5020DS_NAND powerpc mpc85xx corenet_ds freescale - P5020DS:RAMBOOT_PBL,NAND,SYS_TEXT_BASE=0xFFF80000
diff --git a/include/configs/corenet_ds.h b/include/configs/corenet_ds.h
index ca3229b..d5fc19b 100644
--- a/include/configs/corenet_ds.h
+++ b/include/configs/corenet_ds.h
@@ -698,4 +698,8 @@
#define CONFIG_BOOTCOMMAND CONFIG_HDBOOT
+#ifdef CONFIG_SECURE_BOOT
+#include <asm/fsl_secure_boot.h>
+#endif
+
#endif /* __CONFIG_H */