powerpc/mpc85xx: SECURE BOOT- NAND secure boot target for P3041
Secure Boot Target is added for NAND for P3041.
For mpc85xx SoCs, the core begins execution from address 0xFFFFFFFC.
In case of secure boot, this default address maps to Boot ROM.
The Boot ROM code requires that the bootloader(U-boot) must lie
in 0 to 3.5G address space i.e. 0x0 - 0xDFFFFFFF.
In case of NAND Secure Boot, CONFIG_SYS_RAMBOOT is enabled and CPC is
configured as SRAM. U-Boot binary will be located on SRAM configured
at address 0xBFF00000.
In the U-Boot code, TLB entries are created to map the virtual address
0xFFF00000 to physical address 0xBFF00000 of CPC configured as SRAM.
Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
diff --git a/Makefile b/Makefile
index 54ef2cd..a95d0e3 100644
--- a/Makefile
+++ b/Makefile
@@ -738,8 +738,12 @@
ifeq ($(CONFIG_SPL_FSL_PBL),y)
ALL-$(CONFIG_RAMBOOT_PBL) += u-boot-with-spl-pbl.bin
else
+ifneq ($(CONFIG_SECURE_BOOT), y)
+# For Secure Boot The Image needs to be signed and Header must also
+# be included. So The image has to be built explicitly
ALL-$(CONFIG_RAMBOOT_PBL) += u-boot.pbl
endif
+endif
ALL-$(CONFIG_SPL) += spl/u-boot-spl.bin
ALL-$(CONFIG_SPL_FRAMEWORK) += u-boot.img
ALL-$(CONFIG_TPL) += tpl/u-boot-tpl.bin
diff --git a/arch/powerpc/cpu/mpc85xx/start.S b/arch/powerpc/cpu/mpc85xx/start.S
index e61d8e0..a70fb71 100644
--- a/arch/powerpc/cpu/mpc85xx/start.S
+++ b/arch/powerpc/cpu/mpc85xx/start.S
@@ -1052,6 +1052,17 @@
CONFIG_SYS_MONITOR_BASE & 0xfff00000, MAS2_I|MAS2_G, \
CONFIG_SYS_PBI_FLASH_WINDOW & 0xfff00000, MAS3_SX|MAS3_SW|MAS3_SR, \
0, r6
+
+#elif defined(CONFIG_RAMBOOT_PBL) && defined(CONFIG_SECURE_BOOT)
+ /* create a temp mapping in AS = 1 for mapping CONFIG_SYS_MONITOR_BASE
+ * to L3 Address configured by PBL for ISBC code
+ */
+ create_tlb1_entry 15, \
+ 1, BOOKE_PAGESZ_1M, \
+ CONFIG_SYS_MONITOR_BASE & 0xfff00000, MAS2_I|MAS2_G, \
+ CONFIG_SYS_INIT_L3_ADDR & 0xfff00000, MAS3_SX|MAS3_SW|MAS3_SR, \
+ 0, r6
+
#else
/*
* create a temp mapping in AS=1 to the 1M CONFIG_SYS_MONITOR_BASE space, the main
diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h
index 7810ae2..442853c 100644
--- a/arch/powerpc/include/asm/fsl_secure_boot.h
+++ b/arch/powerpc/include/asm/fsl_secure_boot.h
@@ -48,6 +48,11 @@
#define CONFIG_SYS_INIT_L3_ADDR 0xbff00000
#endif
+#if defined(CONFIG_RAMBOOT_PBL)
+#undef CONFIG_SYS_INIT_L3_ADDR
+#define CONFIG_SYS_INIT_L3_ADDR 0xbff00000
+#endif
+
#if defined(CONFIG_C29XPCIE)
#define CONFIG_KEY_REVOCATION
#endif
diff --git a/board/freescale/common/p_corenet/tlb.c b/board/freescale/common/p_corenet/tlb.c
index 8148e46..56e4f63 100644
--- a/board/freescale/common/p_corenet/tlb.c
+++ b/board/freescale/common/p_corenet/tlb.c
@@ -43,6 +43,8 @@
/* TLB 1 */
/* *I*** - Covers boot page */
#if defined(CONFIG_SYS_RAMBOOT) && defined(CONFIG_SYS_INIT_L3_ADDR)
+
+#if !defined(CONFIG_SECURE_BOOT)
/*
* *I*G - L3SRAM. When L3 is used as 1M SRAM, the address of the
* SRAM is at 0xfff00000, it covered the 0xfffff000.
@@ -50,6 +52,19 @@
SET_TLB_ENTRY(1, CONFIG_SYS_INIT_L3_ADDR, CONFIG_SYS_INIT_L3_ADDR,
MAS3_SX|MAS3_SW|MAS3_SR, MAS2_I|MAS2_G,
0, 0, BOOKE_PAGESZ_1M, 1),
+#else
+ /*
+ * *I*G - L3SRAM. When L3 is used as 1M SRAM, in case of Secure Boot
+ * the physical address of the SRAM is at CONFIG_SYS_INIT_L3_ADDR,
+ * and virtual address is CONFIG_SYS_MONITOR_BASE
+ */
+
+ SET_TLB_ENTRY(1, CONFIG_SYS_MONITOR_BASE & 0xfff00000,
+ CONFIG_SYS_INIT_L3_ADDR & 0xfff00000,
+ MAS3_SX|MAS3_SW|MAS3_SR, MAS2_I|MAS2_G,
+ 0, 0, BOOKE_PAGESZ_1M, 1),
+#endif
+
#elif defined(CONFIG_SRIO_PCIE_BOOT_SLAVE)
/*
* SRIO_PCIE_BOOT-SLAVE. When slave boot, the address of the
diff --git a/board/freescale/corenet_ds/MAINTAINERS b/board/freescale/corenet_ds/MAINTAINERS
index 745847c..6855446 100644
--- a/board/freescale/corenet_ds/MAINTAINERS
+++ b/board/freescale/corenet_ds/MAINTAINERS
@@ -28,3 +28,8 @@
F: configs/P5040DS_SDCARD_defconfig
F: configs/P5040DS_SPIFLASH_defconfig
F: configs/P5040DS_SECURE_BOOT_defconfig
+
+CORENET_DS_SECURE_BOOT BOARD
+M: Aneesh Bansal <aneesh.bansal@freescale.com>
+S: Maintained
+F: configs/P3041DS_NAND_SECURE_BOOT_defconfig
diff --git a/configs/P3041DS_NAND_SECURE_BOOT_defconfig b/configs/P3041DS_NAND_SECURE_BOOT_defconfig
new file mode 100644
index 0000000..2f18bc1
--- /dev/null
+++ b/configs/P3041DS_NAND_SECURE_BOOT_defconfig
@@ -0,0 +1,5 @@
+CONFIG_SYS_EXTRA_OPTIONS="RAMBOOT_PBL,NAND,SECURE_BOOT,SYS_TEXT_BASE=0xFFF40000"
+CONFIG_PPC=y
+CONFIG_MPC85xx=y
+CONFIG_TARGET_P3041DS=y
+CONFIG_SPI_FLASH=y
diff --git a/include/configs/corenet_ds.h b/include/configs/corenet_ds.h
index 88750e0..7c8b73d 100644
--- a/include/configs/corenet_ds.h
+++ b/include/configs/corenet_ds.h
@@ -16,6 +16,13 @@
#include "../board/freescale/common/ics307_clk.h"
#ifdef CONFIG_RAMBOOT_PBL
+#ifdef CONFIG_SECURE_BOOT
+#define CONFIG_RAMBOOT_TEXT_BASE CONFIG_SYS_TEXT_BASE
+#define CONFIG_RESET_VECTOR_ADDRESS 0xfffffffc
+#ifdef CONFIG_NAND
+#define CONFIG_RAMBOOT_NAND
+#endif
+#else
#define CONFIG_RAMBOOT_TEXT_BASE CONFIG_SYS_TEXT_BASE
#define CONFIG_RESET_VECTOR_ADDRESS 0xfffffffc
#define CONFIG_SYS_FSL_PBL_PBI board/freescale/corenet_ds/pbi.cfg
@@ -29,6 +36,7 @@
#define CONFIG_SYS_FSL_PBL_RCW board/freescale/corenet_ds/rcw_p5040ds.cfg
#endif
#endif
+#endif
#ifdef CONFIG_SRIO_PCIE_BOOT_SLAVE
/* Set 1M boot space */