04 Sep, 2017
1 commit
-
When enabling CONFIG_CMD_BLOB and/or CONFIG_CMD_DEKBLOB, the build fails
with a linker error:
...
LD u-boot
arch/arm/mach-imx/built-in.o: In function `blob_encap_dek':
/home/clemens/dev/u-boot/arch/arm/mach-imx/cmd_dek.c:46: undefined
reference to `blob_dek'This is due to an error in the Makefile, resulting in obj-yy/obj-yn/..
and fsl_blob.o is therefore not linked.Fix it by splitting it up into two obj-y lines.
Signed-off-by: Clemens Gruber
Reviewed-by: Fabio Estevam
23 May, 2017
1 commit
-
This converts the following to Kconfig:
CONFIG_CMD_HASHSigned-off-by: Simon Glass
Reviewed-by: Tom Rini
[trini: Rework slightly, enable on some boards again]
Signed-off-by: Tom Rini
22 May, 2017
1 commit
-
Commit 94e3c8c4fd7b ("crypto/fsl - Add progressive hashing support
using hardware acceleration.") created entries for CONFIG_SHA1,
CONFIG_SHA256, CONFIG_SHA_HW_ACCEL, and CONFIG_SHA_PROG_HW_ACCEL.
However, no defconfig has migrated to it. Complete the move by first
adding additional logic to various Kconfig files to select this when
required and then use the moveconfig tool. In many cases we can select
these because they are required to implement other drivers. We also
correct how we include the various hashing algorithms in SPL.This commit was generated as follows (after Kconfig additions):
[1] tools/moveconfig.py -y SHA1 SHA256 SHA_HW_ACCEL
[2] tools/moveconfig.py -y SHA_PROG_HW_ACCELNote:
We cannot move SHA_HW_ACCEL and SHA_PROG_HW_ACCEL simultaneously
because there is dependency between them.Cc: Poonam Aggrwal
Cc: Naveen Burmi
Cc: Po Liu
Cc: Shengzhou Liu
Cc: Priyanka Jain
Cc: Shaohui Xie
Cc: Chunhe Lan
Cc: Chander Kashyap
Cc: Steve Rae
Cc: Dirk Eibach
Cc: Feng Li
Cc: Alison Wang
Cc: Sumit Garg
Cc: Mingkai Hu
Cc: York Sun
Cc: Prabhakar Kushwaha
Cc: Jaehoon Chung
Cc: Akshay Saraswat
Cc: Heiko Schocher
Cc: Jagan Teki
Signed-off-by: Tom Rini
Reviewed-by: Simon Glass
Signed-off-by: Tom Rini
18 Apr, 2017
4 commits
-
'A || (!A && B)' is equivalent to 'A || B'.
Let's reduce the complexity of the statement in start_jr0().The problem was indicated by cppcheck.
Signed-off-by: Heinrich Schuchardt
Reviewed-by: York Sun
Reviewed-by: Simon Glass -
Use CONFIG_ARCH_LS2080A instead.
Signed-off-by: York Sun
-
- Add SD secure boot target for ls1046ardb.
- Change the u-boot size defined by a macro for copying the main
U-Boot by SPL to also include the u-boot Secure Boot header size
as header is appended to u-boot image. So header will also be
copied from SD to DDR.
- CONFIG_MAX_SPL_SIZE is limited to 90KB. SPL is copied to OCRAM
(128K) where 32K are reserved for use by boot ROM and 6K for the
header.
- Reduce the size of CAAM driver for SPL Blobification functions
and descriptors, that are not required at the time of SPL are
disabled. Further error code conversion to strings is disabled
for SPL build.Signed-off-by: Vinitha Pillai
Signed-off-by: Sumit Garg
Signed-off-by: Ruchika Gupta
Reviewed-by: York Sun
05 Jan, 2017
2 commits
-
Use Kconfig option to set little- or big-endian access to secure
boot and trust architecture.Signed-off-by: York Sun
-
Instead of define CONFIG_SYS_FSL_SEC_COMPAT in header files for PowerPC
and ARM SoCs, move it to Kconfig under the driver.Signed-off-by: York Sun
24 Nov, 2016
1 commit
-
Replace CONFIG_PPC_C29X with ARCH_C29X in Kconfig and clean up existing
macros.Signed-off-by: York Sun
07 Oct, 2016
1 commit
-
Fix various misspellings of:
* deprecated
* partition
* preceding,preceded
* preparation
* its versus it's
* export
* existing
* scenario
* redundant
* remaining
* value
* architectureSigned-off-by: Robert P. J. Day
Reviewed-by: Jagan Teki
Reviewed-by: Stefan Roese
24 Sep, 2016
2 commits
-
Now, include/linux/errno.h is a wrapper of .
Replace all include directives for with
.is supposed to be included from when
arch-headers fall back into generic implementation. Generally, they
should not be directly included from .c files.Signed-off-by: Masahiro Yamada
[trini: Add drivers/usb/host/xhci-rockchip.c]
Signed-off-by: Tom Rini -
Now, arch/${ARCH}/include/asm/errno.h and include/linux/errno.h have
the same content. (both just wrap )Replace all include directives for with .
Signed-off-by: Masahiro Yamada
[trini: Fixup include/clk.]
Signed-off-by: Tom Rini
03 Aug, 2016
1 commit
-
Update blob cmd to accept 64bit source, key modifier and destination
addresses. Also correct output result print format for fsl specific
implementation of blob cmd.Signed-off-by: Sumit Garg
Reviewed-by: York Sun
27 Jul, 2016
1 commit
-
Enable rsa signature verification in SPL framework before relocation for
verification of main u-boot.Reviewed-by: Aneesh Bansal
Signed-off-by: Sumit Garg
Reviewed-by: Simon Glass
Reviewed-by: York Sun
22 Jul, 2016
1 commit
-
As part of Chain of Trust for Secure boot, the SPL U-Boot will validate
the next level U-boot image. Add a new function spl_validate_uboot to
perform the validation.Enable hardware crypto operations in SPL using SEC block.
In case of Secure Boot, PAMU is not bypassed. For allowing SEC block
access to CPC configured as SRAM, configure PAMU.Reviewed-by: Ruchika Gupta
Signed-off-by: Aneesh Bansal
Signed-off-by: Sumit Garg
Reviewed-by: Simon Glass
Reviewed-by: York Sun
16 Jul, 2016
1 commit
-
Fix a number of typos, including:
* "compatble" -> "compatible"
* "eanbeld" -> "enabled"
* "envrionment" -> "environment"
* "FTD" -> "FDT" (for "flattened device tree")
* "ommitted" -> "omitted"
* "overriden" -> "overridden"
* "partiton" -> "partition"
* "propogate" -> "propagate"
* "resourse" -> "resource"
* "rest in piece" -> "rest in peace"
* "suport" -> "support"
* "varible" -> "variable"Signed-off-by: Robert P. J. Day
13 Jun, 2016
1 commit
-
This allows a board to configure verified boot within the SPL using
a FIT or FIT with external data. It also allows the SPL to perform
signature verification without needing relocation.The board configuration will need to add the following feature defines:
CONFIG_SPL_CRYPTO_SUPPORT
CONFIG_SPL_HASH_SUPPORT
CONFIG_SPL_SHA256In this example, SHA256 is the only selected hashing algorithm.
And the following booleans:
CONFIG_SPL=y
CONFIG_SPL_DM=y
CONFIG_SPL_LOAD_FIT=y
CONFIG_SPL_FIT=y
CONFIG_SPL_OF_CONTROL=y
CONFIG_SPL_OF_LIBFDT=y
CONFIG_SPL_FIT_SIGNATURE=ySigned-off-by: Teddy Reed
Acked-by: Simon Glass
Acked-by: Andreas Dannenberg
Acked-by: Sumit Garg
18 May, 2016
1 commit
-
For SoCs that contain multiple SEC engines, each of them needs
to be initialized (by means of initializing among others the
random number generator).Signed-off-by: Alex Porosanu
Reviewed-by: York Sun
07 Apr, 2016
1 commit
-
LS2080A is the primary SoC, and LS2085A is a personality with AIOP
and DPAA DDR. The RDB and QDS boards support both personality. By
detecting the SVR at runtime, a single image per board can support
both SoCs. It gives users flexibility to swtich SoC without the need
to reprogram the board.Signed-off-by: York Sun
CC: Prabhakar Kushwaha
Reviewed-by: Prabhakar Kushwaha
29 Mar, 2016
2 commits
-
This commit solves CAAM coherency issue on ls2080. When caches are
enabled and CAAM's DMA's AXI transcations are not made cacheable,
Core reads/writes data from/to caches and CAAM does from main memory.
This forces data flushes to synchronize various data structures. But
even if any data in proximity of these structures is read by core,
these structures again are fetched in caches.To avoid this problem, either all the data that CAAM accesses can be
made cache line aligned or CAAM transcations can be made cacheable.So, this commit makes CAAM transcations as write back with write and
read allocate.Signed-off-by: Saksham Jain
Reviewed-by: York Sun -
When MMU is disabled, 64-bit write must be aligned at 64-bit
boundary. Becaue the memory location is not guaranteed to be 64-bit
aligned, the 64-bit write needs to be split into two 32-bit writes
to avoid the alignment exception.Signed-off-by: Aneesh Bansal
Signed-off-by: Saksham Jain
Reviewed-by: York Sun
22 Mar, 2016
3 commits
-
Structures are defined for PDB (Protocol Data Blcks) for various
operations. These structure will be used to add PDB data while
creating the PDB descriptors.Signed-off-by: Ruchika Gupta
Signed-off-by: Aneesh Bansal
CC: Ulises Cardenas
Reviewed-by: York Sun -
Construct APIs are added to create Protocol Descriptors for
CAAM block.Signed-off-by: Ruchika Gupta
Signed-off-by: Aneesh Bansal
CC: Ulises Cardenas
Reviewed-by: York Sun -
When CAAM runs a descriptor and an error occurs, a non-zero
value is set in Output Status Register. The if condition should
check the status for a non-zero value.Signed-off-by: Aneesh Bansal
Reviewed-by: York Sun
25 Feb, 2016
2 commits
-
PAMU driver basic support for usage in Secure Boot.
In secure boot PAMU is not in bypass mode. Hence to use
any peripheral (SEC Job ring in our case), PAMU has to be
configured.The patch reverts commit 7cad2e38d61e27ea59fb7944f7e647e97ef292d3.
The Header file pamu.h and few functions in driver have been derived
from Freescale Libos.Signed-off-by: Ruchika Gupta
Signed-off-by: Aneesh Bansal
Reviewed-by: York Sun -
The output ring needs to be invalidated before enqueuing the job to SEC.
While allocation of space to output ring, it should be taken care that the
size is cacheline size aligned inorder to prevent invalidating valid data.The patch also correct the method of aligning end of structs while flushing caches
Since start = align(start_of_struct), it is incorrect to assign
end = align(start + struct_size). It should instead be,
end = align(start_of_struct + struct_size).Signed-off-by: Saksham Jain
Signed-off-by: Ruchika Gupta
Reviewed-by: York Sun
21 Feb, 2016
1 commit
-
Refactored data structure for CAAM's job ring and Secure Memory
to support i.MX7.The new memory map use macros to resolve SM's offset by version.
This will solve the versioning issue caused by the new version of
secure memory of i.MX7Signed-off-by: Ulises Cardenas
Reviewed-by: Stefano Babic
15 Dec, 2015
1 commit
-
For Setting and clearing the bits in SEC Block registers
sec_clrbits32() and sec_setbits32() are used which work as
per endianness of CAAM block.
So these must be used with SEC register address as argument.
If the value is read in a local variable, then the functions
will not behave correctly where endianness of CAAM and core is
different.Signed-off-by: Aneesh Bansal
CC: Alex Porosanu
Reviewed-by: York Sun
30 Oct, 2015
1 commit
-
The SEC driver code has been cleaned up to work for 64 bit
physical addresses and systems where endianess of SEC block
is different from the Core.
Changes:
1. Descriptor created on Core is modified as per SEC block
endianness before the job is submitted.
2. The read/write of physical addresses to Job Rings will
be depend on endianness of SEC block as 32 bit low and
high part of the 64 bit address will vary.
3. The 32 bit low and high part of the 64 bit address in
descriptor will vary depending on endianness of SEC.Signed-off-by: Aneesh Bansal
Reviewed-by: York Sun
13 Aug, 2015
2 commits
-
gpio.h - Added missing copyright in few files.
rsa-mod-exp.h - Corrected copyright in the file.
fsl_sec.h - Added missing license in files
drivers/crypto/fsl/Makefile - Removed the incomplete GPLv2 license and replaced it with GPLv2+ licenseSigned-off-by: Ruchika Gupta
-
The menuconfig for drivers are getting more and more cluttered
and unreadable because too many entries are displayed in a single
flat menu. Use hierarchic menu for each category.Signed-off-by: Masahiro Yamada
Reviewed-by: Simon Glass
[trini: Update to apply again in a few places, drop USB hunk]
Signed-off-by: Tom Rini
04 Aug, 2015
5 commits
-
Signed-off-by: Horia Geantă
Acked-by: Ruchika Gupta
Reviewed-by: York Sun -
HW coherency won't work properly for CAAM write transactions
if AWCACHE is left to default (POR) value - 4'b0001.
It has to be programmed to 4'b0010.For platforms that have HW coherency support:
-PPC-based: the update has no effect; CAAM coherency already works
due to the IOMMU (PAMU) driver setting the correct memory coherency
attributes
-ARM-based: the update fixes cache coherency issues,
since IOMMU (SMMU) driver is not programmed to behave similar to PAMUFixes: b9eebfade974c ("fsl_sec: Add hardware accelerated SHA256 and SHA1")
Signed-off-by: Horia Geantă
Reviewed-by: Aneesh Bansal
Reviewed-by: Mingkai Hu
Acked-by: Ruchika Gupta
Reviewed-by: York Sun -
Use fdt_setprop_u32() instead of fdt_setprop().
Fixes: 0181937fa371a ("crypto/fsl: Add fixup for crypto node")
Signed-off-by: Horia Geantă
Reviewed-by: Mingkai Hu
Acked-by: Ruchika Gupta
Reviewed-by: York Sun -
The sampling of the oscillator can be done in multiple modes for
generating the entropy value. By default, this is set to von
Neumann. This patch changes the sampling to raw data, since it
has been discovered that the generated entropy has a better
'quality'.Signed-off-by: Alex Porosanu
Acked-by: Ruchika Gupta
Reviewed-by: York Sun -
The rtfrqmax & rtfrqmin set the bounds of the expected frequency of the
oscillator, when SEC runs at its maximum frequency. For certain platforms
(f.i. T2080), the oscillator is very fast and thus if the SEC runs at
a lower than normal frequency, the ring oscillator is incorrectly detected
as being out of bounds.This patch effectively disables the maximum frequency check, by setting a
high enough maximum allowable frequency for the oscillator. The reasoning
behind this is that usually a broken oscillator will run too slow
(i.e. not run at all) rather than run too fast.Signed-off-by: Alex Porosanu
Acked-by: Ruchika Gupta
Reviewed-by: York Sun
06 Mar, 2015
2 commits
-
Remove dependency of rsa_mod_exp from CONFIG_FIT_SIGNATURE.
As rsa modular exponentiation is an independent module
and can be invoked independently.Signed-off-by: Gaurav Rana
Acked-by: Simon Glass
Reviewed-by: York Sun
02 Mar, 2015
1 commit
-
Freescale's SEC block has built-in Data Encryption
Key(DEK) Blob Protocol which provides a method for
protecting a DEK for non-secure memory storage.
SEC block protects data in a data structure called
a Secret Key Blob, which provides both confidentiality
and integrity protection.
Every time the blob encapsulation is executed,
a AES-256 key is randomly generated to encrypt the DEK.
This key is encrypted with the OTP Secret key
from SoC. The resulting blob consists of the encrypted
AES-256 key, the encrypted DEK, and a 16-bit MAC.During decapsulation, the reverse process is performed
to get back the original DEK. A caveat to the blob
decapsulation process, is that the DEK is decrypted
in secure-memory and can only be read by FSL SEC HW.
The DEK is used to decrypt data during encrypted boot.Commands added
--------------
dek_blob - encapsulating DEK as a cryptgraphic blobCommands Syntax
---------------
dek_blob src dst lenEncapsulate and create blob of a len-bits DEK at
address src and store the result at address dst.Signed-off-by: Raul Cardenas
Signed-off-by: Nitin GargSigned-off-by: Ulises Cardenas
Signed-off-by: Ulises Cardenas-B45798
