summaryrefslogtreecommitdiffstats
path: root/arch/arm/mach-mvebu/include
diff options
context:
space:
mode:
authorMario Six <mario.six@gdsys.cc>2017-01-11 16:01:00 +0100
committerStefan Roese <sr@denx.de>2017-02-01 09:04:18 +0100
commita1b6b0a9c1f91756b93e6d804837dc178d79d39e (patch)
treee66ce37c0d31f8ce1dac414cb470e1d2037a77f9 /arch/arm/mach-mvebu/include
parent4991b4f7f1e55fed161462cefca7fe483fd3e477 (diff)
downloadu-boot-a1b6b0a9c1f91756b93e6d804837dc178d79d39e.tar.gz
u-boot-a1b6b0a9c1f91756b93e6d804837dc178d79d39e.tar.xz
u-boot-a1b6b0a9c1f91756b93e6d804837dc178d79d39e.zip
arm: mvebu: Implement secure boot
The patch implements secure booting for the mvebu architecture. This includes: - The addition of secure headers and all needed signatures and keys in mkimage - Commands capable of writing the board's efuses to both write the needed cryptographic data and enable the secure booting mechanism - The creation of convenience text files containing the necessary commands to write the efuses The KAK and CSK keys are expected to reside in the files kwb_kak.key and kwb_csk.key (OpenSSL 2048 bit private keys) in the top-level directory. Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc> Signed-off-by: Mario Six <mario.six@gdsys.cc> Reviewed-by: Stefan Roese <sr@denx.de> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Stefan Roese <sr@denx.de>
Diffstat (limited to 'arch/arm/mach-mvebu/include')
-rw-r--r--arch/arm/mach-mvebu/include/mach/cpu.h2
-rw-r--r--arch/arm/mach-mvebu/include/mach/efuse.h69
2 files changed, 71 insertions, 0 deletions
diff --git a/arch/arm/mach-mvebu/include/mach/cpu.h b/arch/arm/mach-mvebu/include/mach/cpu.h
index 66f7680fb3..d241eea956 100644
--- a/arch/arm/mach-mvebu/include/mach/cpu.h
+++ b/arch/arm/mach-mvebu/include/mach/cpu.h
@@ -36,7 +36,9 @@ enum cpu_target {
CPU_TARGET_ETH01 = 0x7,
CPU_TARGET_PCIE13 = 0x8,
CPU_TARGET_SASRAM = 0x9,
+ CPU_TARGET_SATA01 = 0xa, /* A38X */
CPU_TARGET_NAND = 0xd,
+ CPU_TARGET_SATA23_DFX = 0xe, /* A38X */
};
enum cpu_attrib {
diff --git a/arch/arm/mach-mvebu/include/mach/efuse.h b/arch/arm/mach-mvebu/include/mach/efuse.h
new file mode 100644
index 0000000000..ef693e6749
--- /dev/null
+++ b/arch/arm/mach-mvebu/include/mach/efuse.h
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2015 Reinhard Pfau <reinhard.pfau@gdsys.cc>
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#ifndef _MVEBU_EFUSE_H
+#define _MVEBU_EFUSE_H
+
+#include <common.h>
+
+struct efuse_val {
+ union {
+ struct {
+ u8 d[8];
+ } bytes;
+ struct {
+ u16 d[4];
+ } words;
+ struct {
+ u32 d[2];
+ } dwords;
+ };
+ u32 lock;
+};
+
+#if defined(CONFIG_ARMADA_38X)
+
+enum efuse_line {
+ EFUSE_LINE_SECURE_BOOT = 24,
+ EFUSE_LINE_PUBKEY_DIGEST_0 = 26,
+ EFUSE_LINE_PUBKEY_DIGEST_1 = 27,
+ EFUSE_LINE_PUBKEY_DIGEST_2 = 28,
+ EFUSE_LINE_PUBKEY_DIGEST_3 = 29,
+ EFUSE_LINE_PUBKEY_DIGEST_4 = 30,
+ EFUSE_LINE_CSK_0_VALID = 31,
+ EFUSE_LINE_CSK_1_VALID = 32,
+ EFUSE_LINE_CSK_2_VALID = 33,
+ EFUSE_LINE_CSK_3_VALID = 34,
+ EFUSE_LINE_CSK_4_VALID = 35,
+ EFUSE_LINE_CSK_5_VALID = 36,
+ EFUSE_LINE_CSK_6_VALID = 37,
+ EFUSE_LINE_CSK_7_VALID = 38,
+ EFUSE_LINE_CSK_8_VALID = 39,
+ EFUSE_LINE_CSK_9_VALID = 40,
+ EFUSE_LINE_CSK_10_VALID = 41,
+ EFUSE_LINE_CSK_11_VALID = 42,
+ EFUSE_LINE_CSK_12_VALID = 43,
+ EFUSE_LINE_CSK_13_VALID = 44,
+ EFUSE_LINE_CSK_14_VALID = 45,
+ EFUSE_LINE_CSK_15_VALID = 46,
+ EFUSE_LINE_FLASH_ID = 47,
+ EFUSE_LINE_BOX_ID = 48,
+
+ EFUSE_LINE_MIN = 0,
+ EFUSE_LINE_MAX = 63,
+};
+
+#endif
+
+int mvebu_efuse_init_hw(void);
+
+int mvebu_read_efuse(int nr, struct efuse_val *val);
+
+int mvebu_write_efuse(int nr, struct efuse_val *val);
+
+int mvebu_lock_efuse(int nr);
+
+#endif