subject:"Re\: \[U\-Boot\] \[PATCH\] arm64\: ls1043ardb\: Add distro secure boot support"

Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support

2017-09-01 Thread Sumit Garg

> -Original Message-
> From: York Sun
> Sent: Friday, September 01, 2017 4:38 AM
> To: Sumit Garg ; u-boot@lists.denx.de
> Cc: Ruchika Gupta ; Prabhakar Kushwaha
> ; Mingkai Hu ;
> Shengzhou Liu 
> Subject: Re: [PATCH] arm64: ls1043ardb: Add distro secure boot support
> 
> On 06/04/2017 11:54 PM, Sumit Garg wrote:
> > Enable validation of boot.scr script prior to its execution dependent
> > on "secureboot" flag in environment. Disable fall back option to
> > nor/qspi boot in case of secure boot. Also enable "secureboot=y"
> > flag in environment for ARM based platforms instead of bootcmd.
> >
> > Signed-off-by: Sumit Garg 
> > Tested-by: Vinitha Pillai 
> > ---
> >   board/freescale/common/fsl_chain_of_trust.c |  6 ++
> >   configs/ls1043ardb_SECURE_BOOT_defconfig|  1 +
> >   configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig |  1 +
> >   include/configs/ls1043a_common.h| 23 
> > +-
> -
> >   4 files changed, 29 insertions(+), 2 deletions(-)
> >
> > diff --git a/board/freescale/common/fsl_chain_of_trust.c
> > b/board/freescale/common/fsl_chain_of_trust.c
> > index 438e781..609e2b2 100644
> > --- a/board/freescale/common/fsl_chain_of_trust.c
> > +++ b/board/freescale/common/fsl_chain_of_trust.c
> > @@ -80,7 +80,13 @@ int fsl_setenv_chain_of_trust(void)
> >  * bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot
> script)
> >  */
> > setenv("bootdelay", "0");
> > +
> > +#ifdef CONFIG_ARM
> > +   setenv("secureboot", "y");
> > +#else
> > setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD);
> > +#endif
> > +
> > return 0;
> >   }
> >   #endif
> > diff --git a/configs/ls1043ardb_SECURE_BOOT_defconfig
> > b/configs/ls1043ardb_SECURE_BOOT_defconfig
> > index 861d49b..3f535cc 100644
> > --- a/configs/ls1043ardb_SECURE_BOOT_defconfig
> > +++ b/configs/ls1043ardb_SECURE_BOOT_defconfig
> > @@ -40,3 +40,4 @@ CONFIG_USB_STORAGE=y
> >   CONFIG_RSA=y
> >   CONFIG_SPL_RSA=y
> >   CONFIG_RSA_SOFTWARE_EXP=y
> > +CONFIG_DISTRO_DEFAULTS=y
> > diff --git a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> > b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> > index 5f9b21d..2d57e79 100644
> > --- a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> > +++ b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> > @@ -56,3 +56,4 @@ CONFIG_RSA=y
> >   CONFIG_SPL_RSA=y
> >   CONFIG_SPL_CRYPTO_SUPPORT=y
> >   CONFIG_SPL_HASH_SUPPORT=y
> > +CONFIG_DISTRO_DEFAULTS=y
> > diff --git a/include/configs/ls1043a_common.h
> > b/include/configs/ls1043a_common.h
> > index e8a756f..6e30427 100644
> > --- a/include/configs/ls1043a_common.h
> > +++ b/include/configs/ls1043a_common.h
> > @@ -282,6 +282,7 @@
> > "fdt_addr=0x64f0\0"  \
> > "kernel_addr=0x6500\0"  \
> > "scriptaddr=0x8000\0"  \
> > +   "scripthdraddr=0x8008\0"\
> > "fdtheader_addr_r=0x8010\0" \
> > "kernelheader_addr_r=0x8020\0"  \
> > "kernel_addr_r=0x8100\0"\
> > @@ -292,6 +293,7 @@
> > "mtdparts=" MTDPARTS_DEFAULT "\0"   \
> > BOOTENV \
> > "boot_scripts=ls1043ardb_boot.scr\0"\
> > +   "boot_script_hdr=hdr_ls1043ardb_bs.out\0"   \
> > "scan_dev_for_boot_part="  \
> >  "part list ${devtype} ${devnum} devplist; "   \
> >  "env exists devplist || setenv devplist 1; "  \ @@ -302,6
> > +304,21 @@
> >   "run scan_dev_for_boot; " \
> >   "fi; "   \
> >   "done\0"\
> > +   "scan_dev_for_boot="  \
> > +   "echo Scanning ${devtype} "   \
> > +   "${devnum}:${distro_bootpart}...; "  \
> > +   "for prefix in ${boot_prefixes}; do " \
> > +   "run scan_dev_for_scripts; "  \
> > +   "done;"   \
> > +   "\0"  \
> > +   "boot_a_script="  \
> > +   "load ${devtype} ${devnum}:${distro_bootpart} "  \
> > +   "${scriptaddr} ${prefix}${script}; "\
> > +   "env exists secureboot && load ${devtype} " \
> > +   "${devnum}:${distro_bootpart} " \
> > +   "${scripthdraddr} ${prefix}${boot_script_hdr} " \
> > +   "&& esbc_validate ${scripthdraddr};"\
> > +   "source ${scriptaddr}\0"  \
> > "installer=load mmc 0:2 $load_addr "  \
> >"/flex_installer_arm64.itb; "  \
> >"bootm $load_addr#ls1043ardb\0"\
> > @@ -315,9 +332,11 @@
> >
> >   #undef CONFIG_BOOTCOMMAND
> >   #if defined(CONFIG_QSPI_BOOT)

Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support

2017-08-31 Thread York Sun

On 06/04/2017 11:54 PM, Sumit Garg wrote:
> Enable validation of boot.scr script prior to its execution dependent
> on "secureboot" flag in environment. Disable fall back option to
> nor/qspi boot in case of secure boot. Also enable "secureboot=y"
> flag in environment for ARM based platforms instead of bootcmd.
> 
> Signed-off-by: Sumit Garg 
> Tested-by: Vinitha Pillai 
> ---
>   board/freescale/common/fsl_chain_of_trust.c |  6 ++
>   configs/ls1043ardb_SECURE_BOOT_defconfig|  1 +
>   configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig |  1 +
>   include/configs/ls1043a_common.h| 23 +--
>   4 files changed, 29 insertions(+), 2 deletions(-)
> 
> diff --git a/board/freescale/common/fsl_chain_of_trust.c 
> b/board/freescale/common/fsl_chain_of_trust.c
> index 438e781..609e2b2 100644
> --- a/board/freescale/common/fsl_chain_of_trust.c
> +++ b/board/freescale/common/fsl_chain_of_trust.c
> @@ -80,7 +80,13 @@ int fsl_setenv_chain_of_trust(void)
>* bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)
>*/
>   setenv("bootdelay", "0");
> +
> +#ifdef CONFIG_ARM
> + setenv("secureboot", "y");
> +#else
>   setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD);
> +#endif
> +
>   return 0;
>   }
>   #endif
> diff --git a/configs/ls1043ardb_SECURE_BOOT_defconfig 
> b/configs/ls1043ardb_SECURE_BOOT_defconfig
> index 861d49b..3f535cc 100644
> --- a/configs/ls1043ardb_SECURE_BOOT_defconfig
> +++ b/configs/ls1043ardb_SECURE_BOOT_defconfig
> @@ -40,3 +40,4 @@ CONFIG_USB_STORAGE=y
>   CONFIG_RSA=y
>   CONFIG_SPL_RSA=y
>   CONFIG_RSA_SOFTWARE_EXP=y
> +CONFIG_DISTRO_DEFAULTS=y
> diff --git a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig 
> b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> index 5f9b21d..2d57e79 100644
> --- a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> +++ b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> @@ -56,3 +56,4 @@ CONFIG_RSA=y
>   CONFIG_SPL_RSA=y
>   CONFIG_SPL_CRYPTO_SUPPORT=y
>   CONFIG_SPL_HASH_SUPPORT=y
> +CONFIG_DISTRO_DEFAULTS=y
> diff --git a/include/configs/ls1043a_common.h 
> b/include/configs/ls1043a_common.h
> index e8a756f..6e30427 100644
> --- a/include/configs/ls1043a_common.h
> +++ b/include/configs/ls1043a_common.h
> @@ -282,6 +282,7 @@
>   "fdt_addr=0x64f0\0"  \
>   "kernel_addr=0x6500\0"  \
>   "scriptaddr=0x8000\0"  \
> + "scripthdraddr=0x8008\0"\
>   "fdtheader_addr_r=0x8010\0" \
>   "kernelheader_addr_r=0x8020\0"  \
>   "kernel_addr_r=0x8100\0"\
> @@ -292,6 +293,7 @@
>   "mtdparts=" MTDPARTS_DEFAULT "\0"   \
>   BOOTENV \
>   "boot_scripts=ls1043ardb_boot.scr\0"\
> + "boot_script_hdr=hdr_ls1043ardb_bs.out\0"   \
>   "scan_dev_for_boot_part="  \
>"part list ${devtype} ${devnum} devplist; "   \
>"env exists devplist || setenv devplist 1; "  \
> @@ -302,6 +304,21 @@
> "run scan_dev_for_boot; " \
> "fi; "   \
> "done\0"\
> + "scan_dev_for_boot="  \
> + "echo Scanning ${devtype} "   \
> + "${devnum}:${distro_bootpart}...; "  \
> + "for prefix in ${boot_prefixes}; do " \
> + "run scan_dev_for_scripts; "  \
> + "done;"   \
> + "\0"  \
> + "boot_a_script="  \
> + "load ${devtype} ${devnum}:${distro_bootpart} "  \
> + "${scriptaddr} ${prefix}${script}; "\
> + "env exists secureboot && load ${devtype} " \
> + "${devnum}:${distro_bootpart} " \
> + "${scripthdraddr} ${prefix}${boot_script_hdr} " \
> + "&& esbc_validate ${scripthdraddr};"\
> + "source ${scriptaddr}\0"  \
>   "installer=load mmc 0:2 $load_addr "  \
>  "/flex_installer_arm64.itb; "  \
>  "bootm $load_addr#ls1043ardb\0"\
> @@ -315,9 +332,11 @@
>   
>   #undef CONFIG_BOOTCOMMAND
>   #if defined(CONFIG_QSPI_BOOT) || defined(CONFIG_SD_BOOT_QSPI)
> -#define CONFIG_BOOTCOMMAND "run distro_bootcmd;run qspi_bootcmd"
> +#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot"   
> \
> +"&& esbc_halt; run qspi_bootcmd;"
>   #else
> -#define CONFIG_BOOTCOMMAND "run distro_bootcmd;run nor_bootcmd"
> +#define CONFIG_BOOTCOMMAND "run distro_bootcmd; env exists secureboot"   
> \
> +"&& esbc_halt; run nor_bootcmd;"
>   #endif
>   
>   #define CONFIG_BOOTARGS

Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support

2017-08-07 Thread York Sun

On 06/04/2017 11:54 PM, Sumit Garg wrote:
> Enable validation of boot.scr script prior to its execution dependent
> on "secureboot" flag in environment. Disable fall back option to
> nor/qspi boot in case of secure boot. Also enable "secureboot=y"
> flag in environment for ARM based platforms instead of bootcmd.
> 
> Signed-off-by: Sumit Garg 
> Tested-by: Vinitha Pillai 
> ---

Applied to fsl-qoriq master. Thanks.

York

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support

2017-06-18 Thread Sumit Garg

> -Original Message-
> From: York Sun
> Sent: Wednesday, June 14, 2017 2:13 AM
> To: Sumit Garg ; u-boot@lists.denx.de
> Cc: Ruchika Gupta ; Prabhakar Kushwaha
> ; Mingkai Hu ;
> Shengzhou Liu 
> Subject: Re: [PATCH] arm64: ls1043ardb: Add distro secure boot support
> 
> On 06/04/2017 11:54 PM, Sumit Garg wrote:
> > Enable validation of boot.scr script prior to its execution dependent
> > on "secureboot" flag in environment. Disable fall back option to
> > nor/qspi boot in case of secure boot. Also enable "secureboot=y"
> > flag in environment for ARM based platforms instead of bootcmd.
> >
> > Signed-off-by: Sumit Garg 
> > Tested-by: Vinitha Pillai 
> > ---
> 
> Can you add the steps to board README or a general README file to describe
> the steps to make distro boot on these boards? I don't think it is common
> knowledge yet. Last time when I tried on LS2080ARDB, it took me quite some
> effort to sort it out.
> 
> York
 
As per my understanding DISTRO boot is common feature in u-boot and we have
enabled it on our boards. Please refer to "doc/README.distro".

Sumit
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support

2017-06-13 Thread York Sun

On 06/04/2017 11:54 PM, Sumit Garg wrote:
> Enable validation of boot.scr script prior to its execution dependent
> on "secureboot" flag in environment. Disable fall back option to
> nor/qspi boot in case of secure boot. Also enable "secureboot=y"
> flag in environment for ARM based platforms instead of bootcmd.
> 
> Signed-off-by: Sumit Garg 
> Tested-by: Vinitha Pillai 
> ---

Can you add the steps to board README or a general README file to 
describe the steps to make distro boot on these boards? I don't think it 
is common knowledge yet. Last time when I tried on LS2080ARDB, it took 
me quite some effort to sort it out.

York
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support

2017-06-05 Thread Sumit Garg

> -Original Message-
> From: Sumit Garg [mailto:sumit.g...@nxp.com]
> Sent: Monday, June 05, 2017 11:52 PM
> To: u-boot@lists.denx.de
> Cc: york sun ; Ruchika Gupta ;
> Prabhakar Kushwaha ; Mingkai Hu
> ; Shengzhou Liu ; Sumit
> Garg 
> Subject: [PATCH] arm64: ls1043ardb: Add distro secure boot support
> 
> Enable validation of boot.scr script prior to its execution dependent on
> "secureboot" flag in environment. Disable fall back option to nor/qspi boot in
> case of secure boot. Also enable "secureboot=y"
> flag in environment for ARM based platforms instead of bootcmd.
> 
> Signed-off-by: Sumit Garg 
> Tested-by: Vinitha Pillai 
> ---

Forgot to add dependency on https://patchwork.ozlabs.org/patch/767352/ patch. 

-Sumit

>  board/freescale/common/fsl_chain_of_trust.c |  6 ++
>  configs/ls1043ardb_SECURE_BOOT_defconfig|  1 +
>  configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig |  1 +
>  include/configs/ls1043a_common.h| 23 +--
>  4 files changed, 29 insertions(+), 2 deletions(-)
> 
> diff --git a/board/freescale/common/fsl_chain_of_trust.c
> b/board/freescale/common/fsl_chain_of_trust.c
> index 438e781..609e2b2 100644
> --- a/board/freescale/common/fsl_chain_of_trust.c
> +++ b/board/freescale/common/fsl_chain_of_trust.c
> @@ -80,7 +80,13 @@ int fsl_setenv_chain_of_trust(void)
>* bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot
> script)
>*/
>   setenv("bootdelay", "0");
> +
> +#ifdef CONFIG_ARM
> + setenv("secureboot", "y");
> +#else
>   setenv("bootcmd", CONFIG_CHAIN_BOOT_CMD);
> +#endif
> +
>   return 0;
>  }
>  #endif
> diff --git a/configs/ls1043ardb_SECURE_BOOT_defconfig
> b/configs/ls1043ardb_SECURE_BOOT_defconfig
> index 861d49b..3f535cc 100644
> --- a/configs/ls1043ardb_SECURE_BOOT_defconfig
> +++ b/configs/ls1043ardb_SECURE_BOOT_defconfig
> @@ -40,3 +40,4 @@ CONFIG_USB_STORAGE=y
>  CONFIG_RSA=y
>  CONFIG_SPL_RSA=y
>  CONFIG_RSA_SOFTWARE_EXP=y
> +CONFIG_DISTRO_DEFAULTS=y
> diff --git a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> index 5f9b21d..2d57e79 100644
> --- a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> +++ b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
> @@ -56,3 +56,4 @@ CONFIG_RSA=y
>  CONFIG_SPL_RSA=y
>  CONFIG_SPL_CRYPTO_SUPPORT=y
>  CONFIG_SPL_HASH_SUPPORT=y
> +CONFIG_DISTRO_DEFAULTS=y
> diff --git a/include/configs/ls1043a_common.h
> b/include/configs/ls1043a_common.h
> index e8a756f..6e30427 100644
> --- a/include/configs/ls1043a_common.h
> +++ b/include/configs/ls1043a_common.h
> @@ -282,6 +282,7 @@
>   "fdt_addr=0x64f0\0"  \
>   "kernel_addr=0x6500\0"  \
>   "scriptaddr=0x8000\0"  \
> + "scripthdraddr=0x8008\0"\
>   "fdtheader_addr_r=0x8010\0" \
>   "kernelheader_addr_r=0x8020\0"  \
>   "kernel_addr_r=0x8100\0"\
> @@ -292,6 +293,7 @@
>   "mtdparts=" MTDPARTS_DEFAULT "\0"   \
>   BOOTENV \
>   "boot_scripts=ls1043ardb_boot.scr\0"\
> + "boot_script_hdr=hdr_ls1043ardb_bs.out\0"   \
>   "scan_dev_for_boot_part="  \
>"part list ${devtype} ${devnum} devplist; "   \
>"env exists devplist || setenv devplist 1; "  \ @@ -302,6 +304,21 
> @@
> "run scan_dev_for_boot; " \
> "fi; "   \
> "done\0"\
> + "scan_dev_for_boot="  \
> + "echo Scanning ${devtype} "   \
> + "${devnum}:${distro_bootpart}...; "  \
> + "for prefix in ${boot_prefixes}; do " \
> + "run scan_dev_for_scripts; "  \
> + "done;"   \
> + "\0"  \
> + "boot_a_script="  \
> + "load ${devtype} ${devnum}:${distro_bootpart} "  \
> + "${scriptaddr} ${prefix}${script}; "\
> + "env exists secureboot && load ${devtype} " \
> + "${devnum}:${distro_bootpart} " \
> + "${scripthdraddr} ${prefix}${boot_script_hdr} " \
> + "&& esbc_validate ${scripthdraddr};"\
> + "source ${scriptaddr}\0"  \
>   "installer=load mmc 0:2 $load_addr "  \
>  "/flex_installer_arm64.itb; "  \
>  "bootm $load_addr#ls1043ardb\0"\
> @@ -315,9 +332,11 @@
> 
>  #undef CONFIG_BOOTCOMMAND
>  #if defined(CONFIG_QSPI_BOOT) || defined(CONFIG_SD_BOOT_QSPI) -
>

Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support

Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support

Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support

Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support

Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support

Re: [U-Boot] [PATCH] arm64: ls1043ardb: Add distro secure boot support

6 matches

Site Navigation

Mail list logo

Footer information