Re: [U-Boot] [PATCH v3 0/7] Determine Boot mode at run time
On Wed, Jan 27, 2016 at 07:18:13AM +, Aneesh Bansal wrote: > > -Original Message- > > From: Tom Rini [mailto:tr...@konsulko.com] > > Sent: Monday, January 25, 2016 9:06 PM > > To: Aneesh Bansal > > Cc: u-boot@lists.denx.de; Ruchika Gupta > > Subject: Re: [U-Boot] [PATCH v3 0/7] Determine Boot mode at run time > > > > On Fri, Jan 22, 2016 at 04:37:21PM +0530, Aneesh Bansal wrote: > > > > > There are two phases in Secure Boot > > > 1. ISBC: In BootROM, validate the BootLoader (U-Boot). > > > 2. ESBC: In U-Boot, continuing the Chain of Trust by > > > validating and booting LINUX. > > > > > > For ESBC phase, there is no difference in SoC's based on ARM or > > > PowerPC cores. > > > > > > But the exit conditions after ISBC phase i.e. entry conditions for > > > U-Boot are different for ARM and PowerPC. > > > PowerPC: > > > > > > If Secure Boot is executed, a separate U-Boot target is required which > > > must be compiled with a diffrent Text Base as compared to Non-Secure Boot. > > > There are some LAW and TLB settings which are required specifically > > > for Secure Boot scenario. > > > > > > ARM: > > > > > > ARM based SoC's have a fixed memory map and exit conditions from > > > BootROM are same irrespective of boot mode (Secure or Non-Secure). > > > > > > This patchset is aimed at removing the requirement for a separate > > > Secure Boot target for ARM based SoC's. > > > > > > Another Security Requirement for running CHAIN_OF_TRUST is that U-Boot > > > environemnt must not be picked from flash/external memory. This cannot > > > be done based on bootmode at run time in current U-Boot architecture. > > > Once this dependency is resolved, no separate SECURE_BOOT target will be > > required for ARM based SoC's. > > > > > > Currently, the only code under CONFIG_SECURE_BOOT for ARM SoC's is > > > defining CONFIG_ENV_IS_NOWHERE > > > > > > The patches have been tested on LS1043, LS1021, P3041 and T1024. > > > > > > The patch set is dependent on following: > > > http://patchwork.ozlabs.org/patch/553826/ > > > > > > Aneesh Bansal (7): > > > include/configs: make secure boot header file include uniform > > > include/configs: move definition of CONFIG_CMD_BLOB > > > SECURE_BOOT: split the secure boot functionality in two parts > > > create function to determine boot mode > > > enable chain of trust for ARM platforms > > > enable chain of trust for PowerPC platforms > > > SECURE_BOOT: change error handler for esbc_validate > > > > > > arch/arm/cpu/armv8/fsl-layerscape/soc.c| 6 ++ > > > .../include/asm/arch-fsl-layerscape/immap_lsch2.h | 3 + > > > arch/arm/include/asm/arch-ls102xa/immap_ls102xa.h | 2 + > > > arch/arm/include/asm/fsl_secure_boot.h | 20 +++- > > > arch/powerpc/cpu/mpc85xx/cpu_init.c| 14 +++ > > > arch/powerpc/include/asm/fsl_secure_boot.h | 47 ++--- > > > arch/powerpc/include/asm/immap_85xx.h | 3 + > > > board/freescale/common/Makefile| 1 + > > > board/freescale/common/cmd_esbc_validate.c | 7 +- > > > board/freescale/common/fsl_chain_of_trust.c| 70 + > > > board/freescale/common/fsl_validate.c | 7 ++ > > > board/freescale/ls1021aqds/ls1021aqds.c| 4 + > > > board/freescale/ls1021atwr/ls1021atwr.c| 4 + > > > include/config_fsl_chain_trust.h | 101 > > > ++ > > > include/config_fsl_secboot.h | 116 > > > - > > > include/configs/B4860QDS.h | 4 - > > > include/configs/BSC9132QDS.h | 4 - > > > include/configs/P1010RDB.h | 4 - > > > include/configs/P2041RDB.h | 4 - > > > include/configs/T102xQDS.h | 10 +- > > > include/configs/T102xRDB.h | 10 +- > > > include/configs/T1040QDS.h | 3 - > > > include/configs/T104xRDB.h | 3 - > > > include/configs/T208xQDS.h | 4 - > > > include/configs/T208xRDB.h | 4 - >
Re: [U-Boot] [PATCH v3 0/7] Determine Boot mode at run time
> -Original Message- > From: Tom Rini [mailto:tr...@konsulko.com] > Sent: Monday, January 25, 2016 9:06 PM > To: Aneesh Bansal > Cc: u-boot@lists.denx.de; Ruchika Gupta > Subject: Re: [U-Boot] [PATCH v3 0/7] Determine Boot mode at run time > > On Fri, Jan 22, 2016 at 04:37:21PM +0530, Aneesh Bansal wrote: > > > There are two phases in Secure Boot > > 1. ISBC: In BootROM, validate the BootLoader (U-Boot). > > 2. ESBC: In U-Boot, continuing the Chain of Trust by > > validating and booting LINUX. > > > > For ESBC phase, there is no difference in SoC's based on ARM or > > PowerPC cores. > > > > But the exit conditions after ISBC phase i.e. entry conditions for > > U-Boot are different for ARM and PowerPC. > > PowerPC: > > > > If Secure Boot is executed, a separate U-Boot target is required which > > must be compiled with a diffrent Text Base as compared to Non-Secure Boot. > > There are some LAW and TLB settings which are required specifically > > for Secure Boot scenario. > > > > ARM: > > > > ARM based SoC's have a fixed memory map and exit conditions from > > BootROM are same irrespective of boot mode (Secure or Non-Secure). > > > > This patchset is aimed at removing the requirement for a separate > > Secure Boot target for ARM based SoC's. > > > > Another Security Requirement for running CHAIN_OF_TRUST is that U-Boot > > environemnt must not be picked from flash/external memory. This cannot > > be done based on bootmode at run time in current U-Boot architecture. > > Once this dependency is resolved, no separate SECURE_BOOT target will be > required for ARM based SoC's. > > > > Currently, the only code under CONFIG_SECURE_BOOT for ARM SoC's is > > defining CONFIG_ENV_IS_NOWHERE > > > > The patches have been tested on LS1043, LS1021, P3041 and T1024. > > > > The patch set is dependent on following: > > http://patchwork.ozlabs.org/patch/553826/ > > > > Aneesh Bansal (7): > > include/configs: make secure boot header file include uniform > > include/configs: move definition of CONFIG_CMD_BLOB > > SECURE_BOOT: split the secure boot functionality in two parts > > create function to determine boot mode > > enable chain of trust for ARM platforms > > enable chain of trust for PowerPC platforms > > SECURE_BOOT: change error handler for esbc_validate > > > > arch/arm/cpu/armv8/fsl-layerscape/soc.c| 6 ++ > > .../include/asm/arch-fsl-layerscape/immap_lsch2.h | 3 + > > arch/arm/include/asm/arch-ls102xa/immap_ls102xa.h | 2 + > > arch/arm/include/asm/fsl_secure_boot.h | 20 +++- > > arch/powerpc/cpu/mpc85xx/cpu_init.c| 14 +++ > > arch/powerpc/include/asm/fsl_secure_boot.h | 47 ++--- > > arch/powerpc/include/asm/immap_85xx.h | 3 + > > board/freescale/common/Makefile| 1 + > > board/freescale/common/cmd_esbc_validate.c | 7 +- > > board/freescale/common/fsl_chain_of_trust.c| 70 + > > board/freescale/common/fsl_validate.c | 7 ++ > > board/freescale/ls1021aqds/ls1021aqds.c| 4 + > > board/freescale/ls1021atwr/ls1021atwr.c| 4 + > > include/config_fsl_chain_trust.h | 101 ++ > > include/config_fsl_secboot.h | 116 > > - > > include/configs/B4860QDS.h | 4 - > > include/configs/BSC9132QDS.h | 4 - > > include/configs/P1010RDB.h | 4 - > > include/configs/P2041RDB.h | 4 - > > include/configs/T102xQDS.h | 10 +- > > include/configs/T102xRDB.h | 10 +- > > include/configs/T1040QDS.h | 3 - > > include/configs/T104xRDB.h | 3 - > > include/configs/T208xQDS.h | 4 - > > include/configs/T208xRDB.h | 4 - > > include/configs/T4240QDS.h | 4 - > > include/configs/T4240RDB.h | 9 -- > > include/configs/corenet_ds.h | 4 - > > include/configs/ls1021aqds.h | 5 +- > > include/configs/ls1021atwr.h | 5 +- > > include/configs/ls1043a_common.h | 8 ++ > > include/configs/ls1043aqds.h | 2 + > &
Re: [U-Boot] [PATCH v3 0/7] Determine Boot mode at run time
On Fri, Jan 22, 2016 at 04:37:21PM +0530, Aneesh Bansal wrote: > There are two phases in Secure Boot > 1. ISBC: In BootROM, validate the BootLoader (U-Boot). > 2. ESBC: In U-Boot, continuing the Chain of Trust by > validating and booting LINUX. > > For ESBC phase, there is no difference in SoC's based on ARM or PowerPC > cores. > > But the exit conditions after ISBC phase i.e. entry conditions for > U-Boot are different for ARM and PowerPC. > PowerPC: > > If Secure Boot is executed, a separate U-Boot target is required which > must be compiled with a diffrent Text Base as compared to Non-Secure Boot. > There are some LAW and TLB settings which are required specifically for > Secure Boot scenario. > > ARM: > > ARM based SoC's have a fixed memory map and exit conditions from BootROM > are same irrespective of boot mode (Secure or Non-Secure). > > This patchset is aimed at removing the requirement for a separate Secure Boot > target for ARM based SoC's. > > Another Security Requirement for running CHAIN_OF_TRUST is that U-Boot > environemnt > must not be picked from flash/external memory. This cannot be done based on > bootmode > at run time in current U-Boot architecture. Once this dependency is resolved, > no separate > SECURE_BOOT target will be required for ARM based SoC's. > > Currently, the only code under CONFIG_SECURE_BOOT for ARM SoC's is defining > CONFIG_ENV_IS_NOWHERE > > The patches have been tested on LS1043, LS1021, P3041 and T1024. > > The patch set is dependent on following: > http://patchwork.ozlabs.org/patch/553826/ > > Aneesh Bansal (7): > include/configs: make secure boot header file include uniform > include/configs: move definition of CONFIG_CMD_BLOB > SECURE_BOOT: split the secure boot functionality in two parts > create function to determine boot mode > enable chain of trust for ARM platforms > enable chain of trust for PowerPC platforms > SECURE_BOOT: change error handler for esbc_validate > > arch/arm/cpu/armv8/fsl-layerscape/soc.c| 6 ++ > .../include/asm/arch-fsl-layerscape/immap_lsch2.h | 3 + > arch/arm/include/asm/arch-ls102xa/immap_ls102xa.h | 2 + > arch/arm/include/asm/fsl_secure_boot.h | 20 +++- > arch/powerpc/cpu/mpc85xx/cpu_init.c| 14 +++ > arch/powerpc/include/asm/fsl_secure_boot.h | 47 ++--- > arch/powerpc/include/asm/immap_85xx.h | 3 + > board/freescale/common/Makefile| 1 + > board/freescale/common/cmd_esbc_validate.c | 7 +- > board/freescale/common/fsl_chain_of_trust.c| 70 + > board/freescale/common/fsl_validate.c | 7 ++ > board/freescale/ls1021aqds/ls1021aqds.c| 4 + > board/freescale/ls1021atwr/ls1021atwr.c| 4 + > include/config_fsl_chain_trust.h | 101 ++ > include/config_fsl_secboot.h | 116 > - > include/configs/B4860QDS.h | 4 - > include/configs/BSC9132QDS.h | 4 - > include/configs/P1010RDB.h | 4 - > include/configs/P2041RDB.h | 4 - > include/configs/T102xQDS.h | 10 +- > include/configs/T102xRDB.h | 10 +- > include/configs/T1040QDS.h | 3 - > include/configs/T104xRDB.h | 3 - > include/configs/T208xQDS.h | 4 - > include/configs/T208xRDB.h | 4 - > include/configs/T4240QDS.h | 4 - > include/configs/T4240RDB.h | 9 -- > include/configs/corenet_ds.h | 4 - > include/configs/ls1021aqds.h | 5 +- > include/configs/ls1021atwr.h | 5 +- > include/configs/ls1043a_common.h | 8 ++ > include/configs/ls1043aqds.h | 2 + > include/configs/ls1043ardb.h | 8 -- > include/fsl_validate.h | 2 + > 34 files changed, 299 insertions(+), 203 deletions(-) > create mode 100644 board/freescale/common/fsl_chain_of_trust.c > create mode 100644 include/config_fsl_chain_trust.h > delete mode 100644 include/config_fsl_secboot.h Looking at the config file changes, I think we need to move a bunch of this stuff to Kconfig so that we can get these consistent and correct each time. -- Tom signature.asc Description: Digital signature ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot