Blame - board/freescale/common/fsl_chain_of_trust.c - filogic/uboot

blob: 7ffb315bc9352b2644c913323bfc890ffa2f12f5 [file] [log] [blame]

Tom Rini	10e4779	2018-05-06 17:58:06 -0400	[diff] [blame]	1	// SPDX-License-Identifier: GPL-2.0+
Aneesh Bansal	c4713ec	2016-01-22 16:37:25 +0530	[diff] [blame]	2	/*
				3	* Copyright 2015 Freescale Semiconductor, Inc.
Aneesh Bansal	c4713ec	2016-01-22 16:37:25 +0530	[diff] [blame]	4	*/
				5
				6	#include <common.h>
Simon Glass	11c89f3	2017-05-17 17:18:03 -0600	[diff] [blame]	7	#include <dm.h>
Simon Glass	5e6201b	2019-08-01 09:46:51 -0600	[diff] [blame]	8	#include <env.h>
Ovidiu Panait	7dbb021	2022-01-01 19:13:29 +0200	[diff] [blame]	9	#include <init.h>
Aneesh Bansal	c4713ec	2016-01-22 16:37:25 +0530	[diff] [blame]	10	#include <fsl_validate.h>
Sumit Garg	f6d96cb	2016-07-14 12:27:51 -0400	[diff] [blame]	11	#include <fsl_secboot_err.h>
Aneesh Bansal	c4713ec	2016-01-22 16:37:25 +0530	[diff] [blame]	12	#include <fsl_sfp.h>
Simon Glass	0f2af88	2020-05-10 11:40:05 -0600	[diff] [blame]	13	#include <log.h>
Sumit Garg	f6d96cb	2016-07-14 12:27:51 -0400	[diff] [blame]	14	#include <dm/root.h>
				15
Sumit Garg	bdddd6e	2016-06-14 13:52:38 -0400	[diff] [blame]	16	#if defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_FRAMEWORK)
				17	#include <spl.h>
				18	#endif
				19
Sumit Garg	f6d96cb	2016-07-14 12:27:51 -0400	[diff] [blame]	20	#ifdef CONFIG_FSL_CORENET
				21	#include <asm/fsl_pamu.h>
				22	#endif
Aneesh Bansal	c4713ec	2016-01-22 16:37:25 +0530	[diff] [blame]	23
York Sun	c4f047c	2017-03-27 11:41:03 -0700	[diff] [blame]	24	#ifdef CONFIG_ARCH_LS1021A
Aneesh Bansal	c4713ec	2016-01-22 16:37:25 +0530	[diff] [blame]	25	#include <asm/arch/immap_ls102xa.h>
				26	#endif
				27
				28	#if defined(CONFIG_MPC85xx)
				29	#define CONFIG_DCFG_ADDR CONFIG_SYS_MPC85xx_GUTS_ADDR
				30	#else
				31	#define CONFIG_DCFG_ADDR CONFIG_SYS_FSL_GUTS_ADDR
				32	#endif
				33
				34	#ifdef CONFIG_SYS_FSL_CCSR_GUR_LE
				35	#define gur_in32(a) in_le32(a)
				36	#else
				37	#define gur_in32(a) in_be32(a)
				38	#endif
				39
				40	/* Check the Boot Mode. If Secure, return 1 else return 0 */
				41	int fsl_check_boot_mode_secure(void)
				42	{
				43	uint32_t val;
				44	struct ccsr_sfp_regs sfp_regs = (void )(CONFIG_SYS_SFP_ADDR);
				45	struct ccsr_gur __iomem gur = (void )(CONFIG_DCFG_ADDR);
				46
				47	val = sfp_in32(&sfp_regs->ospr) & ITS_MASK;
				48	if (val == ITS_MASK)
				49	return 1;
				50
				51	#if defined(CONFIG_FSL_CORENET) \|\| !defined(CONFIG_MPC85xx)
				52	/* For PBL based platforms check the SB_EN bit in RCWSR */
				53	val = gur_in32(&gur->rcwsr[RCW_SB_EN_REG_INDEX - 1]) & RCW_SB_EN_MASK;
				54	if (val == RCW_SB_EN_MASK)
				55	return 1;
				56	#endif
				57
				58	#if defined(CONFIG_MPC85xx) && !defined(CONFIG_FSL_CORENET)
				59	/* For Non-PBL Platforms, check the Device Status register 2*/
				60	val = gur_in32(&gur->pordevsr2) & MPC85xx_PORDEVSR2_SBC_MASK;
				61	if (val != MPC85xx_PORDEVSR2_SBC_MASK)
				62	return 1;
				63
				64	#endif
				65	return 0;
				66	}
Aneesh Bansal	39d5b3b	2016-01-22 16:37:26 +0530	[diff] [blame]	67
Sumit Garg	f6d96cb	2016-07-14 12:27:51 -0400	[diff] [blame]	68	#ifndef CONFIG_SPL_BUILD
Aneesh Bansal	39d5b3b	2016-01-22 16:37:26 +0530	[diff] [blame]	69	int fsl_setenv_chain_of_trust(void)
				70	{
				71	/* Check Boot Mode
				72	* If Boot Mode is Non-Secure, no changes are required
				73	*/
				74	if (fsl_check_boot_mode_secure() == 0)
				75	return 0;
				76
				77	/* If Boot mode is Secure, set the environment variables
				78	* bootdelay = 0 (To disable Boot Prompt)
				79	* bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)
				80	*/
Udit Agarwal	9bca662	2019-06-11 09:37:49 +0000	[diff] [blame]	81	env_set("bootdelay", "-2");
Sumit Garg	9cbcc4d	2017-06-05 23:51:51 +0530	[diff] [blame]	82
				83	#ifdef CONFIG_ARM
Simon Glass	6a38e41	2017-08-03 12:22:09 -0600	[diff] [blame]	84	env_set("secureboot", "y");
Sumit Garg	9cbcc4d	2017-06-05 23:51:51 +0530	[diff] [blame]	85	#else
Simon Glass	6a38e41	2017-08-03 12:22:09 -0600	[diff] [blame]	86	env_set("bootcmd", CONFIG_CHAIN_BOOT_CMD);
Sumit Garg	9cbcc4d	2017-06-05 23:51:51 +0530	[diff] [blame]	87	#endif
				88
Aneesh Bansal	39d5b3b	2016-01-22 16:37:26 +0530	[diff] [blame]	89	return 0;
				90	}
Sumit Garg	f6d96cb	2016-07-14 12:27:51 -0400	[diff] [blame]	91	#endif
				92
				93	#ifdef CONFIG_SPL_BUILD
				94	void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr)
				95	{
				96	int res;
				97
				98	/*
				99	* Check Boot Mode
				100	* If Boot Mode is Non-Secure, skip validation
				101	*/
				102	if (fsl_check_boot_mode_secure() == 0)
				103	return;
				104
				105	printf("SPL: Validating U-Boot image\n");
				106
				107	#ifdef CONFIG_ADDR_MAP
				108	init_addr_map();
				109	#endif
				110
				111	#ifdef CONFIG_FSL_CORENET
				112	if (pamu_init() < 0)
				113	fsl_secboot_handle_error(ERROR_ESBC_PAMU_INIT);
				114	#endif
				115
				116	#ifdef CONFIG_FSL_CAAM
				117	if (sec_init() < 0)
				118	fsl_secboot_handle_error(ERROR_ESBC_SEC_INIT);
				119	#endif
				120
				121	/*
				122	* dm_init_and_scan() is called as part of common SPL framework, so no
				123	* need to call it again but in case of powerpc platforms which currently
				124	* do not use common SPL framework, so need to call this function here.
				125	*/
				126	#if defined(CONFIG_SPL_DM) && (!defined(CONFIG_SPL_FRAMEWORK))
Sumit Garg	bdddd6e	2016-06-14 13:52:38 -0400	[diff] [blame]	127	dm_init_and_scan(true);
Sumit Garg	f6d96cb	2016-07-14 12:27:51 -0400	[diff] [blame]	128	#endif
				129	res = fsl_secboot_validate(hdr_addr, CONFIG_SPL_UBOOT_KEY_HASH,
				130	&img_addr);
				131
				132	if (res == 0)
				133	printf("SPL: Validation of U-boot successful\n");
				134	}
Sumit Garg	bdddd6e	2016-06-14 13:52:38 -0400	[diff] [blame]	135
				136	#ifdef CONFIG_SPL_FRAMEWORK
				137	/* Override weak funtion defined in SPL framework to enable validation
				138	* of main u-boot image before jumping to u-boot image.
				139	*/
				140	void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image)
				141	{
				142	typedef void __noreturn (*image_entry_noargs_t)(void);
				143	uint32_t hdr_addr;
				144
				145	image_entry_noargs_t image_entry =
				146	(image_entry_noargs_t)(unsigned long)spl_image->entry_point;
				147
				148	hdr_addr = (spl_image->entry_point + spl_image->size -
				149	CONFIG_U_BOOT_HDR_SIZE);
				150	spl_validate_uboot(hdr_addr, (uintptr_t)spl_image->entry_point);
				151	/*
				152	* In case of failure in validation, spl_validate_uboot would
				153	* not return back in case of Production environment with ITS=1.
				154	* Thus U-Boot will not start.
				155	* In Development environment (ITS=0 and SB_EN=1), the function
				156	* may return back in case of non-fatal failures.
				157	*/
				158
Tom Rini	f1c2fc0	2017-01-11 10:45:48 -0500	[diff] [blame]	159	debug("image entry point: 0x%lX\n", spl_image->entry_point);
Sumit Garg	bdddd6e	2016-06-14 13:52:38 -0400	[diff] [blame]	160	image_entry();
				161	}
				162	#endif /* ifdef CONFIG_SPL_FRAMEWORK */
Sumit Garg	f6d96cb	2016-07-14 12:27:51 -0400	[diff] [blame]	163	#endif /* ifdef CONFIG_SPL_BUILD */