Merge git://git.denx.de/u-boot-fsl-qoriq

- Enable DHCP as boot-source in distro boot for NXP layerscape
platforms
- fix register layout for SEC on Layerscape architectures
- fixes related to DPAA2

Merge git://git.denx.de/u-boot-fsl-qoriq

- Enable DHCP as boot-source in distro boot for NXP layerscape
platforms
- fix register layout for SEC on Layerscape architectures
- fixes related to DPAA2 ethernet

show more ...

fsl_sec: fix register layout on Layerscape architectures

On Layerscape architectures the SEC memory map is 1MB and the
register blocks contained in it are 64KB aligned, not 4KB as
the ccsr_sec struc

fsl_sec: fix register layout on Layerscape architectures

On Layerscape architectures the SEC memory map is 1MB and the
register blocks contained in it are 64KB aligned, not 4KB as
the ccsr_sec structure currently assumes. Fix the layout of
the structure for these architectures.

Signed-off-by: Laurentiu Tudor <laurentiu.tudor@nxp.com>
Reviewed-by: Horia Geanta <horia.geanta@nxp.com>
Reviewed-by: Bharat Bhushan <bharat.bhushan@nxp.com>
Reviewed-by: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>

show more ...

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>

show more ...

Merge git://git.denx.de/u-boot-fsl-qoriq

crypto/fsl: instantiate all rng state handles

Extend the instantiate_rng() function and the corresponding CAAM job
descriptor to instantiate all RNG state handles. This moves the RNG
instantiation c

crypto/fsl: instantiate all rng state handles

Extend the instantiate_rng() function and the corresponding CAAM job
descriptor to instantiate all RNG state handles. This moves the RNG
instantiation code in line with the CAAM kernel driver.

Previously, only the first state handle was instantiated. The second
one was instantiated by the CAAM kernel driver. This works if the
kernel runs in secure mode, but fails in non-secure mode since the
kernel driver uses DEC0 directly instead of over the job ring
interface. Instantiating all RNG state handles in u-boot removes the
need for using DEC0 in the kernel driver, making it possible to use
the CAAM in non-secure mode.

Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: York Sun <york.sun@nxp.com>

show more ...

crypto/fsl: fix BLOB encapsulation and decapsulation

The blob_encap and blob_decap functions were not flushing the dcache
before passing data to CAAM/DMA and not invalidating the dcache when
getting

crypto/fsl: fix BLOB encapsulation and decapsulation

The blob_encap and blob_decap functions were not flushing the dcache
before passing data to CAAM/DMA and not invalidating the dcache when
getting data back.
Therefore, blob encapsulation and decapsulation failed with errors like
the following due to data cache incoherency:
"40000006: DECO: desc idx 0: Invalid KEY command"

To ensure coherency, we require the key_mod, src and dst buffers to be
aligned to the cache line size and flush/invalidate the memory regions.
The same requirements apply to the job descriptor.

Tested on an i.MX6Q board.

Reviewed-by: Sumit Garg <sumit.garg@nxp.com>
Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>

show more ...

crypto: Move CONFIG_SYS_FSL_SEC_LE and _BE to Kconfig

Use Kconfig option to set little- or big-endian access to secure
boot and trust architecture.

Signed-off-by: York Sun <york.sun@nxp.com>

Merge git://git.denx.de/u-boot-mpc85xx

powerpc: C29X: Move CONFIG_PPC_C29X to Kconfig option

Replace CONFIG_PPC_C29X with ARCH_C29X in Kconfig and clean up existing
macros.

Signed-off-by: York Sun <york.sun@nxp.com>

Merge branch 'master' of git://git.denx.de/u-boot

Signed-off-by: Stefano Babic <sbabic@denx.de>

Merge branch 'master' of git://git.denx.de/u-boot-fsl-qoriq

crypto/fsl: add support for multiple SEC engines initialization

For SoCs that contain multiple SEC engines, each of them needs
to be initialized (by means of initializing among others the
random num

crypto/fsl: add support for multiple SEC engines initialization

For SoCs that contain multiple SEC engines, each of them needs
to be initialized (by means of initializing among others the
random number generator).

Signed-off-by: Alex Porosanu <alexandru.porosanu@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>

show more ...

Merge branch 'master' of git://www.denx.de/git/u-boot-imx

imx: Refactoring CAAM Job Ring structure and Secure Memory for imx7

Refactored data structure for CAAM's job ring and Secure Memory
to support i.MX7.

The new memory map use macros to resolve SM's o

imx: Refactoring CAAM Job Ring structure and Secure Memory for imx7

Refactored data structure for CAAM's job ring and Secure Memory
to support i.MX7.

The new memory map use macros to resolve SM's offset by version.
This will solve the versioning issue caused by the new version of
secure memory of i.MX7

Signed-off-by: Ulises Cardenas <raul.casas@nxp.com>
Reviewed-by: Stefano Babic <sbabic@denx.de>

show more ...

Merge git://git.denx.de/u-boot

Merge branch 'master' of git://git.denx.de/u-boot-fsl-qoriq

crypto/fsl: SEC driver cleanup for 64 bit and endianness

The SEC driver code has been cleaned up to work for 64 bit
physical addresses and systems where endianess of SEC block
is different from the

crypto/fsl: SEC driver cleanup for 64 bit and endianness

The SEC driver code has been cleaned up to work for 64 bit
physical addresses and systems where endianess of SEC block
is different from the Core.
Changes:
1. Descriptor created on Core is modified as per SEC block
endianness before the job is submitted.
2. The read/write of physical addresses to Job Rings will
be depend on endianness of SEC block as 32 bit low and
high part of the 64 bit address will vary.
3. The 32 bit low and high part of the 64 bit address in
descriptor will vary depending on endianness of SEC.

Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>

show more ...

Correct License and Copyright information on few files

gpio.h - Added missing copyright in few files.
rsa-mod-exp.h - Corrected copyright in the file.
fsl_sec.h - Added missing license in files
driv

Correct License and Copyright information on few files

gpio.h - Added missing copyright in few files.
rsa-mod-exp.h - Corrected copyright in the file.
fsl_sec.h - Added missing license in files
drivers/crypto/fsl/Makefile - Removed the incomplete GPLv2 license and replaced it with GPLv2+ license

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>

show more ...

Merge branch 'master' of git://git.denx.de/u-boot-fsl-qoriq

drivers/crypto/fsl: enable raw data instead of von Neumann data

The sampling of the oscillator can be done in multiple modes for
generating the entropy value. By default, this is set to von
Neumann.

drivers/crypto/fsl: enable raw data instead of von Neumann data

The sampling of the oscillator can be done in multiple modes for
generating the entropy value. By default, this is set to von
Neumann. This patch changes the sampling to raw data, since it
has been discovered that the generated entropy has a better
'quality'.

Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com>
Acked-by: Ruchika Gupta<ruchika.gupta@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>

show more ...

drivers/crypto/fsl: change starting entropy delay value

The entropy delay (the length in system clocks of each
entropy sample) for the RNG4 block of CAAM is dependent
on the frequency of the SoC. By

drivers/crypto/fsl: change starting entropy delay value

The entropy delay (the length in system clocks of each
entropy sample) for the RNG4 block of CAAM is dependent
on the frequency of the SoC. By elaborate methods, it
has been determined that a good starting value for all
platforms integrating the CAAM IP is 3200. Using a
higher value has additional benefit of speeding up
the process of instantiating the RNG, since the entropy
delay will be increased and instantiation of the RNG
state handles will be reattempted by the driver. If the
starting value is low, for certain platforms, this can
lead to a quite lengthy process.
This patch changes the starting value of the length of
the entropy sample to 3200 system clocks.
In addition to this change, the attempted entropy delay
values are now printed on the console upon initialization
of the RNG block.

Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com>
Acked-by: Ruchika Gupta<ruchika.gupta@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>

show more ...

drivers/crypto/fsl: disable RNG oscillator maximum frequency check

The rtfrqmax & rtfrqmin set the bounds of the expected frequency of the
oscillator, when SEC runs at its maximum frequency. For cer

drivers/crypto/fsl: disable RNG oscillator maximum frequency check

The rtfrqmax & rtfrqmin set the bounds of the expected frequency of the
oscillator, when SEC runs at its maximum frequency. For certain platforms
(f.i. T2080), the oscillator is very fast and thus if the SEC runs at
a lower than normal frequency, the ring oscillator is incorrectly detected
as being out of bounds.

This patch effectively disables the maximum frequency check, by setting a
high enough maximum allowable frequency for the oscillator. The reasoning
behind this is that usually a broken oscillator will run too slow
(i.e. not run at all) rather than run too fast.

Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com>
Acked-by: Ruchika Gupta<ruchika.gupta@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>

show more ...

fsl_sec.h: Fix thinko

In 0200020 we added a number of tests for 'if
defined(CONFIG_SYS_FSL_SEC_LE) && !defined(CONFIG_MX6)' and
accidentally did one as 'ifdef defined...'

Signed-off-by: Tom Rini <t

fsl_sec.h: Fix thinko

In 0200020 we added a number of tests for 'if
defined(CONFIG_SYS_FSL_SEC_LE) && !defined(CONFIG_MX6)' and
accidentally did one as 'ifdef defined...'

Signed-off-by: Tom Rini <trini@konsulko.com>

show more ...

Merge branch 'master' of git://www.denx.de/git/u-boot-imx

imx6: Added DEK blob generator command

Freescale's SEC block has built-in Data Encryption
Key(DEK) Blob Protocol which provides a method for
protecting a DEK for non-secure memory storage.
SEC block

imx6: Added DEK blob generator command

Freescale's SEC block has built-in Data Encryption
Key(DEK) Blob Protocol which provides a method for
protecting a DEK for non-secure memory storage.
SEC block protects data in a data structure called
a Secret Key Blob, which provides both confidentiality
and integrity protection.
Every time the blob encapsulation is executed,
a AES-256 key is randomly generated to encrypt the DEK.
This key is encrypted with the OTP Secret key
from SoC. The resulting blob consists of the encrypted
AES-256 key, the encrypted DEK, and a 16-bit MAC.

During decapsulation, the reverse process is performed
to get back the original DEK. A caveat to the blob
decapsulation process, is that the DEK is decrypted
in secure-memory and can only be read by FSL SEC HW.
The DEK is used to decrypt data during encrypted boot.

Commands added
--------------
dek_blob - encapsulating DEK as a cryptgraphic blob

Commands Syntax
---------------
dek_blob src dst len

Encapsulate and create blob of a len-bits DEK at
address src and store the result at address dst.

Signed-off-by: Raul Cardenas <Ulises.Cardenas@freescale.com>
Signed-off-by: Nitin Garg <nitin.garg@freescale.com>

Signed-off-by: Ulises Cardenas <ulises.cardenas@freescale.com>

Signed-off-by: Ulises Cardenas-B45798 <Ulises.Cardenas@freescale.com>

show more ...