xref: /openbmc/u-boot/arch/powerpc/include/asm/fsl_secure_boot.h (revision 7aa1a40876a0da0fadf360a352bba0adf8624904)
1 /*
2  * Copyright 2010-2011 Freescale Semiconductor, Inc.
3  *
4  * SPDX-License-Identifier:	GPL-2.0+
5  */
6 
7 #ifndef __FSL_SECURE_BOOT_H
8 #define __FSL_SECURE_BOOT_H
9 #include <asm/config_mpc85xx.h>
10 
11 #ifdef CONFIG_SECURE_BOOT
12 
13 #ifndef CONFIG_FIT_SIGNATURE
14 #define CONFIG_CHAIN_OF_TRUST
15 #endif
16 
17 #if defined(CONFIG_FSL_CORENET)
18 #define CONFIG_SYS_PBI_FLASH_BASE		0xc0000000
19 #elif defined(CONFIG_TARGET_BSC9132QDS)
20 #define CONFIG_SYS_PBI_FLASH_BASE		0xc8000000
21 #elif defined(CONFIG_TARGET_C29XPCIE)
22 #define CONFIG_SYS_PBI_FLASH_BASE		0xcc000000
23 #else
24 #define CONFIG_SYS_PBI_FLASH_BASE		0xce000000
25 #endif
26 #define CONFIG_SYS_PBI_FLASH_WINDOW		0xcff80000
27 
28 #if defined(CONFIG_TARGET_B4860QDS) || \
29 	defined(CONFIG_TARGET_B4420QDS) || \
30 	defined(CONFIG_TARGET_T4160QDS) || \
31 	defined(CONFIG_TARGET_T4240QDS) || \
32 	defined(CONFIG_T2080QDS) || \
33 	defined(CONFIG_T2080RDB) || \
34 	defined(CONFIG_T1040QDS) || \
35 	defined(CONFIG_T104xD4QDS) || \
36 	defined(CONFIG_TARGET_T1040RDB) || \
37 	defined(CONFIG_TARGET_T1040D4RDB) || \
38 	defined(CONFIG_TARGET_T1042RDB) || \
39 	defined(CONFIG_TARGET_T1042D4RDB) || \
40 	defined(CONFIG_TARGET_T1042RDB_PI) || \
41 	defined(CONFIG_ARCH_T1023) || \
42 	defined(CONFIG_ARCH_T1024)
43 #ifndef CONFIG_SYS_RAMBOOT
44 #define CONFIG_SYS_CPC_REINIT_F
45 #endif
46 #define CONFIG_KEY_REVOCATION
47 #undef CONFIG_SYS_INIT_L3_ADDR
48 #define CONFIG_SYS_INIT_L3_ADDR			0xbff00000
49 #endif
50 
51 #if defined(CONFIG_RAMBOOT_PBL)
52 #undef CONFIG_SYS_INIT_L3_ADDR
53 #ifdef CONFIG_SYS_INIT_L3_VADDR
54 #define CONFIG_SYS_INIT_L3_ADDR	\
55 			(CONFIG_SYS_INIT_L3_VADDR & ~0xFFF00000) | \
56 					0xbff00000
57 #else
58 #define CONFIG_SYS_INIT_L3_ADDR		0xbff00000
59 #endif
60 #endif
61 
62 #if defined(CONFIG_TARGET_C29XPCIE)
63 #define CONFIG_KEY_REVOCATION
64 #endif
65 
66 #if defined(CONFIG_ARCH_P3041)	||	\
67 	defined(CONFIG_ARCH_P4080) ||	\
68 	defined(CONFIG_ARCH_P5020) ||	\
69 	defined(CONFIG_ARCH_P5040) ||	\
70 	defined(CONFIG_ARCH_P2041)
71 	#define	CONFIG_FSL_TRUST_ARCH_v1
72 #endif
73 
74 #if defined(CONFIG_FSL_CORENET) && !defined(CONFIG_SYS_RAMBOOT)
75 /* The key used for verification of next level images
76  * is picked up from an Extension Table which has
77  * been verified by the ISBC (Internal Secure boot Code)
78  * in boot ROM of the SoC.
79  * The feature is only applicable in case of NOR boot and is
80  * not applicable in case of RAMBOOT (NAND, SD, SPI).
81  */
82 #define CONFIG_FSL_ISBC_KEY_EXT
83 #endif
84 #endif /* #ifdef CONFIG_SECURE_BOOT */
85 
86 #ifdef CONFIG_CHAIN_OF_TRUST
87 #ifdef CONFIG_SPL_BUILD
88 /*
89  * PPAACT and SPAACT table for PAMU must be placed on DDR after DDR init
90  * due to space crunch on CPC and thus malloc will not work.
91  */
92 #define CONFIG_SPL_PPAACT_ADDR		0x2e000000
93 #define CONFIG_SPL_SPAACT_ADDR		0x2f000000
94 #define CONFIG_SPL_JR0_LIODN_S		454
95 #define CONFIG_SPL_JR0_LIODN_NS		458
96 /*
97  * Define the key hash for U-Boot here if public/private key pair used to
98  * sign U-boot are different from the SRK hash put in the fuse
99  * Example of defining KEY_HASH is
100  * #define CONFIG_SPL_UBOOT_KEY_HASH \
101  *      "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
102  * else leave it defined as NULL
103  */
104 
105 #define CONFIG_SPL_UBOOT_KEY_HASH	NULL
106 #endif /* ifdef CONFIG_SPL_BUILD */
107 
108 #define CONFIG_CMD_ESBC_VALIDATE
109 #define CONFIG_CMD_BLOB
110 #define CONFIG_FSL_SEC_MON
111 #define CONFIG_SHA_PROG_HW_ACCEL
112 #define CONFIG_RSA_FREESCALE_EXP
113 
114 #ifndef CONFIG_FSL_CAAM
115 #define CONFIG_FSL_CAAM
116 #endif
117 
118 #ifndef CONFIG_SPL_BUILD
119 /*
120  * fsl_setenv_chain_of_trust() must be called from
121  * board_late_init()
122  */
123 #ifndef CONFIG_BOARD_LATE_INIT
124 #define CONFIG_BOARD_LATE_INIT
125 #endif
126 
127 /* If Boot Script is not on NOR and is required to be copied on RAM */
128 #ifdef CONFIG_BOOTSCRIPT_COPY_RAM
129 #define CONFIG_BS_HDR_ADDR_RAM		0x00010000
130 #define CONFIG_BS_HDR_ADDR_DEVICE	0x00800000
131 #define CONFIG_BS_HDR_SIZE		0x00002000
132 #define CONFIG_BS_ADDR_RAM		0x00012000
133 #define CONFIG_BS_ADDR_DEVICE		0x00802000
134 #define CONFIG_BS_SIZE			0x00001000
135 
136 #define CONFIG_BOOTSCRIPT_HDR_ADDR	CONFIG_BS_HDR_ADDR_RAM
137 #else
138 
139 /* The bootscript header address is different for B4860 because the NOR
140  * mapping is different on B4 due to reduced NOR size.
141  */
142 #if defined(CONFIG_TARGET_B4860QDS) || defined(CONFIG_TARGET_B4420QDS)
143 #define CONFIG_BOOTSCRIPT_HDR_ADDR	0xecc00000
144 #elif defined(CONFIG_FSL_CORENET)
145 #define CONFIG_BOOTSCRIPT_HDR_ADDR	0xe8e00000
146 #elif defined(CONFIG_TARGET_BSC9132QDS)
147 #define CONFIG_BOOTSCRIPT_HDR_ADDR	0x88020000
148 #elif defined(CONFIG_TARGET_C29XPCIE)
149 #define CONFIG_BOOTSCRIPT_HDR_ADDR	0xec020000
150 #else
151 #define CONFIG_BOOTSCRIPT_HDR_ADDR	0xee020000
152 #endif
153 
154 #endif /* #ifdef CONFIG_BOOTSCRIPT_COPY_RAM */
155 
156 #include <config_fsl_chain_trust.h>
157 #endif /* #ifndef CONFIG_SPL_BUILD */
158 #endif /* #ifdef CONFIG_CHAIN_OF_TRUST */
159 #endif
160