diff options
| author | Wei Liang Lim <weiliang.lim@starfivetech.com> | 2021-10-07 11:15:08 +0300 |
|---|---|---|
| committer | Wei Liang Lim <weiliang.lim@starfivetech.com> | 2023-10-18 09:13:01 +0300 |
| commit | 6c2c53708d7cb3b3440a1b2c5ab020a322fb64c0 (patch) | |
| tree | b52f0700ff999f198cd0952a3c28ebbbcf7faaad | |
| parent | d6920e1532354b34310958e767e5484d857267eb (diff) | |
| download | u-boot-6c2c53708d7cb3b3440a1b2c5ab020a322fb64c0.tar.xz | |
Enabling Dubhe FPGA secure boot
| -rwxr-xr-x | arch/riscv/dts/Makefile | 1 | ||||
| -rw-r--r-- | arch/riscv/dts/dubhe-fpga-u-boot.dtsi | 72 | ||||
| -rw-r--r-- | arch/riscv/dts/dubhe_fpga.dts | 72 | ||||
| -rw-r--r-- | arch/riscv/dts/dubhe_fpga_secure.dts | 266 | ||||
| -rw-r--r-- | configs/starfive_dubhe_fpga_secure_defconfig | 47 | ||||
| -rw-r--r-- | tools/binman/etype/arg.py | 39 |
6 files changed, 425 insertions, 72 deletions
diff --git a/arch/riscv/dts/Makefile b/arch/riscv/dts/Makefile index 5b6bf2e588..f829340756 100755 --- a/arch/riscv/dts/Makefile +++ b/arch/riscv/dts/Makefile @@ -11,6 +11,7 @@ dtb-$(CONFIG_TARGET_STARFIVE_VISIONFIVE2) += jh7110-starfive-visionfive-2.dtb dtb-$(CONFIG_TARGET_TH1520_LPI4A) += th1520-lichee-pi-4a.dtb include $(srctree)/scripts/Makefile.dts dtb-$(CONFIG_TARGET_STARFIVE_DUBHE_FPGA) += dubhe_fpga.dtb +dtb-$(CONFIG_TARGET_STARFIVE_DUBHE_FPGA) += $(shell echo $(CONFIG_DEFAULT_DEVICE_TREE)).dtb targets += $(dtb-y) diff --git a/arch/riscv/dts/dubhe-fpga-u-boot.dtsi b/arch/riscv/dts/dubhe-fpga-u-boot.dtsi index deadbee6a2..267a40401a 100644 --- a/arch/riscv/dts/dubhe-fpga-u-boot.dtsi +++ b/arch/riscv/dts/dubhe-fpga-u-boot.dtsi @@ -47,78 +47,6 @@ }; }; -&binman { - kernel_fit { - filename = "kernel.itb"; - fit { - description = "FIT with Linux kernel image and FDT"; - #address-cells = <1>; - images { - kernel { - description = "Linux kernel"; - type = "kernel"; - arch = "riscv"; - os = "linux"; - compression = "none"; - load = <0x80200000>; - entry = <0x80200000>; - kernel_blob: blob-ext { - filename = "Image"; - }; - }; - fdt_kernel { - description = "Linux kernel device tree binary"; - type = "flat_dt"; - arch = "riscv"; - compression = "none"; - load = <0x88000000>; - fdt_kernel_blob: blob-ext { - filename = "dubhe_fpga_linux.dtb"; - }; - }; - }; - - configurations { - default = "conf"; - conf { - description = "Starfive Dubhe FPGA"; - kernel = "kernel"; - fdt = "fdt_kernel"; - }; - }; - }; - }; - - QSPI_Image_binary { - filename = "QSPI-Image.bin"; - pad-byte = <0xff>; - - bootcopier_blob: blob-ext@0 { - filename = "dubhe_fpga_bootcode.bin"; - offset = <0x0>; - }; - - bootjump_blob: blob-ext@1 { - filename = "dubhe_fpga_bootjump.bin"; - offset = <0x1000>; - }; - - u-boot-spl { - offset = <0x2000>; - }; - - qspi_ubootproper_opensbi_blob: blob-ext@2 { - filename = "u-boot.itb"; - offset = <0x22000>; - }; - - qspi_kernel_blob: blob-ext@3 { - filename = "kernel.itb"; - offset = <0x400000>; - }; - }; -}; - &uart0 { u-boot,dm-spl; }; diff --git a/arch/riscv/dts/dubhe_fpga.dts b/arch/riscv/dts/dubhe_fpga.dts index 21a487b4e7..56cd3d2a03 100644 --- a/arch/riscv/dts/dubhe_fpga.dts +++ b/arch/riscv/dts/dubhe_fpga.dts @@ -86,3 +86,75 @@ &uart0 { status = "okay"; }; + +&binman { + kernel_fit { + filename = "kernel.itb"; + fit { + description = "FIT with Linux kernel image and FDT"; + #address-cells = <1>; + images { + kernel { + description = "Linux kernel"; + type = "kernel"; + arch = "riscv"; + os = "linux"; + compression = "none"; + load = <0x80200000>; + entry = <0x80200000>; + kernel_blob: blob-ext { + filename = "Image"; + }; + }; + fdt_kernel { + description = "Linux kernel device tree binary"; + type = "flat_dt"; + arch = "riscv"; + compression = "none"; + load = <0x88000000>; + fdt_kernel_blob: blob-ext { + filename = "dubhe_fpga_linux.dtb"; + }; + }; + }; + + configurations { + default = "conf"; + conf { + description = "Starfive Dubhe FPGA"; + kernel = "kernel"; + fdt = "fdt_kernel"; + }; + }; + }; + }; + + QSPI_Image_binary { + filename = "QSPI-Image.bin"; + pad-byte = <0xff>; + + bootcopier_blob: blob-ext@0 { + filename = "dubhe_fpga_bootcode.bin"; + offset = <0x0>; + }; + + bootjump_blob: blob-ext@1 { + filename = "dubhe_fpga_bootjump.bin"; + offset = <0x1000>; + }; + + u-boot-spl { + offset = <0x2000>; + }; + + qspi_ubootproper_opensbi_blob: blob-ext@2 { + filename = "u-boot.itb"; + offset = <0x22000>; + }; + + qspi_kernel_blob: blob-ext@3 { + filename = "kernel.itb"; + offset = <0x400000>; + }; + }; +};
\ No newline at end of file diff --git a/arch/riscv/dts/dubhe_fpga_secure.dts b/arch/riscv/dts/dubhe_fpga_secure.dts new file mode 100644 index 0000000000..5bfd84c75d --- /dev/null +++ b/arch/riscv/dts/dubhe_fpga_secure.dts @@ -0,0 +1,266 @@ +// SPDX-License-Identifier: (GPL-2.0 OR MIT) +/* Copyright (c) 2021 StarFive Technology Co., Ltd. */ + +#include "dubhe.dtsi" +#include "dubhe-fpga-u-boot.dtsi" + +/ { + model = "StarFive Dubhe FPGA"; + + aliases { + serial0 = &uart0; + }; + + chosen { + bootargs = "console=ttySIF0,115200 earlycon=sbi root=/dev/mmcblk0p2 rw rootfstype=ext4 rootwait"; + }; + + cpus { + timebase-frequency = <25000000>; + + }; + + memory@80000000 { + device_type = "memory"; + reg = <0x0 0x80000000 0x2 0x0>; + }; + + soc { + }; + + binman: binman { + multiple-images; + }; +}; + +&spi0 { + status = "okay"; + mmc@0 { + compatible = "mmc-spi-slot"; + reg = <0>; + spi-max-frequency = <20000000>; + voltage-ranges = <3300 3300>; + disable-wp; + }; +}; + +&qspi1 { + status = "okay"; + + flash@0 { + compatible = "jedec,spi-nor"; + reg = <0>; + spi-max-frequency = <20000000>; + m25p,fast-read; + spi-tx-bus-width = <1>; + spi-rx-bus-width = <1>; + + partitions { + compatible = "fixed-partitions"; + #address-cells = <1>; + #size-cells = <1>; + + partition@0 { + reg = <0x000000 0x1000>; + label = "boot copier"; + /*read-only;*/ + }; + + partition@1000 { + reg = <0x1000 0x1000>; + label = "boot jump"; + /*read-only;*/ + }; + + partition@2000 { + reg = <0x2000 0x2000>; + label = "DTB"; + }; + + partition@4000 { + reg = <0x4000 0x7ffc000>; + label = "FW_payload (OpenSBI and Linux)"; + }; + }; + }; + +}; + +&uart0 { + status = "okay"; +}; + +&binman { + + kernel_fit { + filename = "kernel_sign.itb"; + fit { + description = "FIT with Linux kernel image and FDT"; + #address-cells = <1>; + images { + kernel { + description = "Linux kernel"; + type = "kernel"; + arch = "riscv"; + os = "linux"; + compression = "none"; + load = <0x80200000>; + entry = <0x80200000>; + kernel_blob: blob-ext { + filename = "Image"; + }; + hash { + algo = "sha256"; + }; + }; + fdt_kernel { + description = "Linux kernel device tree binary"; + type = "flat_dt"; + arch = "riscv"; + compression = "none"; + load = <0x88000000>; + fdt_kernel_blob: blob-ext { + filename = "dubhe_fpga_linux.dtb"; + }; + hash { + algo = "sha256"; + }; + }; + }; + + configurations { + default = "conf"; + conf { + description = "Starfive Dubhe FPGA"; + kernel = "kernel"; + fdt = "fdt_kernel"; + signature { + algo = "sha256,rsa4096"; + key-name-hint = "starfive_linux"; + sign-images = "fdt", "kernel"; + }; + }; + }; + }; + }; + + kernel_fit_sign { + arg { + args = "mkimage -k ../starfive_key/linux_key -K u-boot.dtb -r -F kernel_sign.itb"; + }; + }; + + uboot_fit { + filename = "u-boot_sign.itb"; + + fit { + description = "Configuration to load OpenSBI before U-Boot"; + #address-cells = <1>; + fit,fdt-list = "of-list"; + + images { + uboot { + description = "U-Boot"; + type = "standalone"; + os = "U-Boot"; + arch = "riscv"; + compression = "none"; + load = <CONFIG_SYS_TEXT_BASE>; + + uboot_blob: blob-ext { + filename = "u-boot-nodtb.bin"; + }; + hash { + algo = "sha256"; + }; + }; + + opensbi { + description = "OpenSBI fw_dynamic Firmware"; + type = "firmware"; + os = "opensbi"; + arch = "riscv"; + compression = "none"; + load = <CONFIG_SPL_OPENSBI_LOAD_ADDR>; + entry = <CONFIG_SPL_OPENSBI_LOAD_ADDR>; + + opensbi_blob: opensbi { + filename = "fw_dynamic.bin"; + }; + hash { + algo = "sha256"; + }; + }; + + fdt { + description = "U-Boot proper device tree binary"; //"NAME"; + type = "flat_dt"; + arch = "riscv"; + compression = "none"; + fdt_blob: blob-ext { + filename = "u-boot.dtb"; + }; + hash { + algo = "sha256"; + }; + }; + }; + + configurations { + default = "conf"; + conf { + description = "Starfive Dubhe FPGA"; //"NAME"; + firmware = "opensbi"; + loadables = "uboot"; + fdt = "fdt"; + signature { + algo = "sha256,rsa4096"; + key-name-hint = "starfive_uboot"; + sign-images = "fdt", "firmware", "loadables"; + }; + }; + }; + }; + }; + + uboot_fit_sign { + arg { + args = "mkimage -k ../starfive_key/uboot_key -K spl/u-boot-spl.dtb -r -F u-boot_sign.itb"; + }; + }; + + uboot_spl_key { + arg { + args = "make spl/u-boot-spl"; + }; + }; + + QSPI_Image_binary { + filename = "QSPI-Image-signed.bin"; + pad-byte = <0xff>; + + bootcopier_blob: blob-ext@0 { + filename = "dubhe_fpga_bootcode.bin"; + offset = <0x0>; + }; + + bootjump_blob: blob-ext@1 { + filename = "dubhe_fpga_bootjump.bin"; + offset = <0x1000>; + }; + + u-boot-spl { + offset = <0x2000>; + }; + + qspi_ubootproper_opensbi_blob: blob-ext@2 { + filename = "u-boot_sign.itb"; + offset = <0x22000>; + }; + + qspi_kernel_blob: blob-ext@3 { + filename = "kernel_sign.itb"; + offset = <0x400000>; + }; + }; +}; diff --git a/configs/starfive_dubhe_fpga_secure_defconfig b/configs/starfive_dubhe_fpga_secure_defconfig new file mode 100644 index 0000000000..8a3a2aaa64 --- /dev/null +++ b/configs/starfive_dubhe_fpga_secure_defconfig @@ -0,0 +1,47 @@ +CONFIG_RISCV=y +CONFIG_SYS_MALLOC_F_LEN=0x3000 +CONFIG_NR_DRAM_BANKS=1 +CONFIG_SPL_DM_SPI=y +CONFIG_DEFAULT_DEVICE_TREE="dubhe_fpga_secure" +CONFIG_SPL=y +CONFIG_SPL_SPI_FLASH_SUPPORT=y +CONFIG_SPL_SPI_SUPPORT=y +CONFIG_TARGET_STARFIVE_DUBHE_FPGA=y +CONFIG_ARCH_RV64I=y +CONFIG_RISCV_SMODE=y +# CONFIG_SPL_SMP is not set +CONFIG_FIT=y +CONFIG_USE_BOOTARGS=y +CONFIG_BOOTARGS="console=ttySIF0,115200 earlycon=sbi root=/dev/mmcblk0p2 rw rootfstype=ext4 rootwait" +CONFIG_USE_BOOTCOMMAND=y +CONFIG_BOOTCOMMAND="echo Dubhe FPGA booting from serial flash...; sf probe 1:0; sf read 0x84000000 0x400000 0x1200000; bootm 0x84000000" +CONFIG_SPL_SEPARATE_BSS=y +CONFIG_SPL_DM_SPI_FLASH=y +CONFIG_SPL_SPI_LOAD=y +CONFIG_SYS_SPI_U_BOOT_OFFS=0x22000 +CONFIG_CMD_MTD=y +CONFIG_CMD_MTDPARTS=y +CONFIG_SYS_RELOC_GD_ENV_ADDR=y +CONFIG_SPL_CLK=y +CONFIG_DM_MTD=y +CONFIG_SF_DEFAULT_BUS=1 +CONFIG_SF_DEFAULT_SPEED=20000000 +CONFIG_SPI_FLASH_BAR=y +CONFIG_SPI_FLASH_GIGADEVICE=y +CONFIG_SPI_FLASH_ISSI=y +CONFIG_SPI_FLASH_MACRONIX=y +CONFIG_SPI_FLASH_SPANSION=y +CONFIG_SPI_FLASH_STMICRO=y +CONFIG_SPI_FLASH_WINBOND=y +CONFIG_SPI_FLASH_MTD=y +CONFIG_RAM=y +CONFIG_SPL_RAM=y +CONFIG_SPI=y +CONFIG_SPI_SIFIVE=y +CONFIG_FIT_SIGNATURE=y +CONFIG_SPL_FIT=y +CONFIG_SPL_FIT_PRINT=y +CONFIG_SPL_FIT_SIGNATURE=y +CONFIG_RSA=y +CONFIG_SPL_RSA=y +CONFIG_SHA256=y
\ No newline at end of file diff --git a/tools/binman/etype/arg.py b/tools/binman/etype/arg.py new file mode 100644 index 0000000000..8aff881509 --- /dev/null +++ b/tools/binman/etype/arg.py @@ -0,0 +1,39 @@ +# SPDX-License-Identifier: GPL-2.0+ +# Copyright (c) 2016 Google, Inc +# Written by Simon Glass <sjg@chromium.org> +# +# Entry-type module for producing an image using mkimage +# + +from collections import OrderedDict + +from binman.entry import Entry +from dtoc import fdt_util +from patman import tools + +class Entry_arg(Entry): + """Executing command specified in args + + Properties / Entry arguments: + - args: arguments to pass + + e.g.:: + + arg { + args = "mkimage -k ../starfive_key/linux_key -K u-boot.dtb -r -F kernel_sign.itb"; + }; + + """ + def __init__(self, section, etype, node): + super().__init__(section, etype, node) + self._args = fdt_util.GetString(self._node, 'args').split(' ') + #self._mkimage_entries = OrderedDict() + #self.align_default = None + + def ObtainContents(self): + uniq = self.GetUniqueName() + output_fname = tools.GetOutputFilename('arg-out.%s' % uniq) + tools.Run('touch', 'arg-out.%s' % uniq); + tools.Run(*self._args, output_fname) + self.SetContents(tools.ReadFile(output_fname)) + return True |