diff options
author | Mario Six <mario.six@gdsys.cc> | 2017-01-11 16:01:00 +0100 |
---|---|---|
committer | Stefan Roese <sr@denx.de> | 2017-02-01 09:04:18 +0100 |
commit | a1b6b0a9c1f91756b93e6d804837dc178d79d39e (patch) | |
tree | e66ce37c0d31f8ce1dac414cb470e1d2037a77f9 /arch/arm/mach-mvebu/include | |
parent | 4991b4f7f1e55fed161462cefca7fe483fd3e477 (diff) | |
download | u-boot-a1b6b0a9c1f91756b93e6d804837dc178d79d39e.tar.gz u-boot-a1b6b0a9c1f91756b93e6d804837dc178d79d39e.tar.xz u-boot-a1b6b0a9c1f91756b93e6d804837dc178d79d39e.zip |
arm: mvebu: Implement secure boot
The patch implements secure booting for the mvebu architecture.
This includes:
- The addition of secure headers and all needed signatures and keys in
mkimage
- Commands capable of writing the board's efuses to both write the
needed cryptographic data and enable the secure booting mechanism
- The creation of convenience text files containing the necessary
commands to write the efuses
The KAK and CSK keys are expected to reside in the files kwb_kak.key and
kwb_csk.key (OpenSSL 2048 bit private keys) in the top-level directory.
Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Roese <sr@denx.de>
Diffstat (limited to 'arch/arm/mach-mvebu/include')
-rw-r--r-- | arch/arm/mach-mvebu/include/mach/cpu.h | 2 | ||||
-rw-r--r-- | arch/arm/mach-mvebu/include/mach/efuse.h | 69 |
2 files changed, 71 insertions, 0 deletions
diff --git a/arch/arm/mach-mvebu/include/mach/cpu.h b/arch/arm/mach-mvebu/include/mach/cpu.h index 66f7680fb3..d241eea956 100644 --- a/arch/arm/mach-mvebu/include/mach/cpu.h +++ b/arch/arm/mach-mvebu/include/mach/cpu.h @@ -36,7 +36,9 @@ enum cpu_target { CPU_TARGET_ETH01 = 0x7, CPU_TARGET_PCIE13 = 0x8, CPU_TARGET_SASRAM = 0x9, + CPU_TARGET_SATA01 = 0xa, /* A38X */ CPU_TARGET_NAND = 0xd, + CPU_TARGET_SATA23_DFX = 0xe, /* A38X */ }; enum cpu_attrib { diff --git a/arch/arm/mach-mvebu/include/mach/efuse.h b/arch/arm/mach-mvebu/include/mach/efuse.h new file mode 100644 index 0000000000..ef693e6749 --- /dev/null +++ b/arch/arm/mach-mvebu/include/mach/efuse.h @@ -0,0 +1,69 @@ +/* + * Copyright (C) 2015 Reinhard Pfau <reinhard.pfau@gdsys.cc> + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#ifndef _MVEBU_EFUSE_H +#define _MVEBU_EFUSE_H + +#include <common.h> + +struct efuse_val { + union { + struct { + u8 d[8]; + } bytes; + struct { + u16 d[4]; + } words; + struct { + u32 d[2]; + } dwords; + }; + u32 lock; +}; + +#if defined(CONFIG_ARMADA_38X) + +enum efuse_line { + EFUSE_LINE_SECURE_BOOT = 24, + EFUSE_LINE_PUBKEY_DIGEST_0 = 26, + EFUSE_LINE_PUBKEY_DIGEST_1 = 27, + EFUSE_LINE_PUBKEY_DIGEST_2 = 28, + EFUSE_LINE_PUBKEY_DIGEST_3 = 29, + EFUSE_LINE_PUBKEY_DIGEST_4 = 30, + EFUSE_LINE_CSK_0_VALID = 31, + EFUSE_LINE_CSK_1_VALID = 32, + EFUSE_LINE_CSK_2_VALID = 33, + EFUSE_LINE_CSK_3_VALID = 34, + EFUSE_LINE_CSK_4_VALID = 35, + EFUSE_LINE_CSK_5_VALID = 36, + EFUSE_LINE_CSK_6_VALID = 37, + EFUSE_LINE_CSK_7_VALID = 38, + EFUSE_LINE_CSK_8_VALID = 39, + EFUSE_LINE_CSK_9_VALID = 40, + EFUSE_LINE_CSK_10_VALID = 41, + EFUSE_LINE_CSK_11_VALID = 42, + EFUSE_LINE_CSK_12_VALID = 43, + EFUSE_LINE_CSK_13_VALID = 44, + EFUSE_LINE_CSK_14_VALID = 45, + EFUSE_LINE_CSK_15_VALID = 46, + EFUSE_LINE_FLASH_ID = 47, + EFUSE_LINE_BOX_ID = 48, + + EFUSE_LINE_MIN = 0, + EFUSE_LINE_MAX = 63, +}; + +#endif + +int mvebu_efuse_init_hw(void); + +int mvebu_read_efuse(int nr, struct efuse_val *val); + +int mvebu_write_efuse(int nr, struct efuse_val *val); + +int mvebu_lock_efuse(int nr); + +#endif |