rtyler
/
lx2160a_build
mirror of https://github.com/SolidRun/lx2160a_build
1
0
Fork 0
Code Issues Releases Wiki Activity

lx2160acex7: secure boot: add more secure bits and fixes 

This patch adds most of the fixes to enable secure boot on the LX2160A
COM express -

1. The atf patches fixes the efuse fip fuse loading, and setting of ppwm
register and then gpio handling
2. The u-boot patches adds the secureboot defconfig, and then SVR_WO_E
mask fix
3. Patches for runme.sh script; for building the secure image run with
'SECURE=true ./runme.sh'

The missing piece is u-boot esbc validate code that completes the chain
of trust boot (COT).

Signed-off-by: Rabeeh Khoury <rabeeh@solid-run.com>
This commit is contained in:
Rabeeh Khoury 2021-01-24 13:16:01 +02:00
parent bb841013f1
commit 5b09619d8c
8 changed files with 507 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
patches/atf/0005-plat-nxp-efuse-io-storage-must-be-checked-first.patch Normal file
View File

@ -0,0 +1,50 @@
From 0c8cc68d022a3edf8dba5d168916f94a7110b4c6 Mon Sep 17 00:00:00 2001
From: Rabeeh Khoury <rabeeh@solid-run.com>
Date: Sun, 24 Jan 2021 12:45:26 +0200
Subject: [PATCH] plat: nxp: efuse io storage must be checked first
This patch comes to fix an assertion bug when searching for the fuse provisioning
FIP.
The assert occurs when calling plat_get_alt_image_source() that asserts
in plat/nxp/common/ddr_io_storage.c
assert(image_id < ARRAY_SIZE(ddr_policies));
Signed-off-by: Rabeeh Khoury <rabeeh@solid-run.com>
---
plat/nxp/common/ls_io_storage.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/plat/nxp/common/ls_io_storage.c b/plat/nxp/common/ls_io_storage.c
index af661e956..2bc81f5b3 100644
--- a/plat/nxp/common/ls_io_storage.c
+++ b/plat/nxp/common/ls_io_storage.c
@@ -450,6 +450,12 @@ int plat_get_image_source(unsigned int image_id, uintptr_t *dev_handle,
int result;
const struct plat_io_policy *policy;
+ if ((image_id >= FUSE_FIP_IMAGE_ID) && (image_id <= FUSE_UP_IMAGE_ID)) {
+ NOTICE("Trying FUSE IO FIRST\n");
+ result = plat_get_fuse_image_source(image_id, dev_handle,
+ image_spec);
+ return result;
+ }
if (image_id < ARRAY_SIZE(policies)) {
policy = &policies[image_id];
@@ -464,12 +470,6 @@ int plat_get_image_source(unsigned int image_id, uintptr_t *dev_handle,
image_spec);
}
- if (result != 0) {
- VERBOSE("Trying FUSE IO\n");
- result = plat_get_fuse_image_source(image_id, dev_handle,
- image_spec);
- }
-
return result;
}
--
2.25.1

184
patches/atf/0006-plat-nxp-sfp-driver-GPIO-fixes-and-PPWM-setting.patch Normal file
View File

@ -0,0 +1,184 @@
From 3defdf44c45a8952aed737562148621e55836286 Mon Sep 17 00:00:00 2001
From: Rabeeh Khoury <rabeeh@solid-run.com>
Date: Sun, 24 Jan 2021 12:58:57 +0200
Subject: [PATCH] plat: nxp: sfp driver: GPIO fixes and PPWM setting
The patch fixes the following bugs -
1. Since input buffer in GPIO is not enabled, the value would be always
'0'. This patch fixes it by ignoring the checking of the value but a
more proper way would be setting the input enable and then performing
the read checking.
2. Move the POVDD GPIO enable/disable exactly when needed, which is
around the efuse blowing command. Otherwise the machine can be lefted
with POVDD enabled (for instance when checking for hamming code, or
checking if efuses already blown or not).
3. Set PPWM strobe to match 800MHz LX2 fabric clock (covers 700MHz case
too)
Signed-off-by: Rabeeh Khoury <rabeeh@solid-run.com>
---
plat/nxp/drivers/sfp/sfp.c | 101 ++++++++++++++++++++-----------------
1 file changed, 54 insertions(+), 47 deletions(-)
diff --git a/plat/nxp/drivers/sfp/sfp.c b/plat/nxp/drivers/sfp/sfp.c
index f5de2318b..d3e7b002d 100644
--- a/plat/nxp/drivers/sfp/sfp.c
+++ b/plat/nxp/drivers/sfp/sfp.c
@@ -56,9 +56,10 @@ static int set_gpio_bitnum(uint8_t * gpio_base_addr, uint32_t bit_num)
val = sfp_read32(gpdat);
+#if 0 /* Reading from GPIO is not functional without enabling the input buffer (register 0x18). For now ignore it */
if (!(val & bit_num))
return ERROR_GPIO_SET_FAIL;
-
+#endif
/*
* Add delay so that Efuse gets the power when GPIO is enabled.
*/
@@ -93,9 +94,10 @@ static int reset_gpio_bitnum(uint8_t * gpio_base_addr, uint32_t bit_num)
val = sfp_read32(gpdat);
+#if 0
if (val & bit_num)
return ERROR_GPIO_RESET_FAIL;
-
+#endif
return 0;
}
@@ -433,46 +435,6 @@ int provision_fuses(unsigned long long fuse_scr_addr)
if (memcmp(fuse_hdr->barker, barker, sizeof(barker)))
return error_handler(ERROR_FUSE_BARKER);
- /* Check if GPIO pin to be set for POVDD */
- if ((fuse_hdr->flags >> FLAG_POVDD_SHIFT) & 0x1) {
- /*
- * Subtract 1 from fuse_hdr povdd_gpio value as
- * for 0x1 value, bit 0 is to be set
- * for 0x20 value i.e 32, bit 31 i.e. 0x1f is to be set.
- * 0x1f - 0x00 : GPIO_1
- * 0x3f - 0x20 : GPIO_2
- * 0x5f - 0x40 : GPIO_3
- * 0x7f - 0x60 : GPIO_4
- */
- povdd_gpio_val = (fuse_hdr->povdd_gpio - 1) & GPIO_SEL_MASK;
-
- /* Right shift by 5 to divide by 32 */
- gpio_num = povdd_gpio_val >> 5;
- bit_num = 1 << (31 - (povdd_gpio_val & GPIO_BIT_MASK));
-
- switch (gpio_num) {
- case 0:
- gpio = (uint8_t *)NXP_GPIO1_ADDR;
- break;
- case 1:
- gpio = (uint8_t *)NXP_GPIO2_ADDR;
- break;
- case 2:
- gpio = (uint8_t *)NXP_GPIO3_ADDR;
- break;
- case 3:
- gpio = (uint8_t *)NXP_GPIO4_ADDR;
- break;
- default:
- ret = ERROR_POVDD_GPIO_FAIL;
- return error_handler(ret);
- }
-
- ret = set_gpio_bitnum(gpio, bit_num);
- if (ret != 0)
- return error_handler(ret);
- }
-
/*
* Check for Write Protect (WP) fuse. If blown then do
* no fuse provisioning.
@@ -480,6 +442,9 @@ int provision_fuses(unsigned long long fuse_scr_addr)
if (sfp_read32(&sfp_ccsr_regs->ospr) & 0x1)
return 0;
+ /* Configure PPWM to match 800MHz platform clock */
+ sfp_write32((void *)SFP_SFPCR_ADDR, 0x960);
+
/* Check if SRKH to be blown or not */
if ((fuse_hdr->flags >> FLAG_SRKH_SHIFT) & 0x1) {
INFO("Fuse: Program SRKH\n");
@@ -530,6 +495,48 @@ int provision_fuses(unsigned long long fuse_scr_addr)
if (ret != 0)
return error_handler(ret);
}
+
+ /* Check if GPIO pin to be set for POVDD */
+ if ((fuse_hdr->flags >> FLAG_POVDD_SHIFT) & 0x1) {
+ /*
+ * Subtract 1 from fuse_hdr povdd_gpio value as
+ * for 0x1 value, bit 0 is to be set
+ * for 0x20 value i.e 32, bit 31 i.e. 0x1f is to be set.
+ * 0x1f - 0x00 : GPIO_1
+ * 0x3f - 0x20 : GPIO_2
+ * 0x5f - 0x40 : GPIO_3
+ * 0x7f - 0x60 : GPIO_4
+ */
+ NOTICE("POVDD_GPIO = %d\n",fuse_hdr->povdd_gpio);
+ povdd_gpio_val = (fuse_hdr->povdd_gpio - 1) & GPIO_SEL_MASK;
+
+ /* Right shift by 5 to divide by 32 */
+ gpio_num = povdd_gpio_val >> 5;
+ bit_num = 1 << (31 - (povdd_gpio_val & GPIO_BIT_MASK));
+
+ switch (gpio_num) {
+ case 0:
+ gpio = (uint8_t *)NXP_GPIO1_ADDR;
+ break;
+ case 1:
+ gpio = (uint8_t *)NXP_GPIO2_ADDR;
+ break;
+ case 2:
+ gpio = (uint8_t *)NXP_GPIO3_ADDR;
+ break;
+ case 3:
+ gpio = (uint8_t *)NXP_GPIO4_ADDR;
+ break;
+ default:
+ ret = ERROR_POVDD_GPIO_FAIL;
+ return error_handler(ret);
+ }
+
+ ret = set_gpio_bitnum(gpio, bit_num);
+ if (ret != 0)
+ return error_handler(ret);
+ }
+
/* Program SFP fuses from mirror registers */
sfp_write32((void *)SFP_INGR_ADDR, SFP_INGR_PROGFB_CMD);
@@ -538,17 +545,17 @@ int provision_fuses(unsigned long long fuse_scr_addr)
ingr = sfp_read32(SFP_INGR_ADDR);
} while (ingr & SFP_INGR_PROGFB_CMD);
- /* Check for SFP fuse programming error */
- sfp_cmd_status = sfp_read32(SFP_INGR_ADDR) & SFP_INGR_ERROR_MASK;
- if (sfp_cmd_status != 0)
- return error_handler(ERROR_PROGFB_CMD);
-
/* Reset the gpio pin set to enable povdd */
if ((fuse_hdr->flags >> FLAG_POVDD_SHIFT) & 0x1) {
ret = reset_gpio_bitnum(gpio, bit_num);
if (ret != 0)
return error_handler(ret);
}
+ /* Check for SFP fuse programming error */
+ sfp_cmd_status = sfp_read32(SFP_INGR_ADDR) & SFP_INGR_ERROR_MASK;
+ if (sfp_cmd_status != 0)
+ return error_handler(ERROR_PROGFB_CMD);
+
return 0;
}
--
2.25.1

54
patches/atf/0007-lx2160a-clear-secmon-PGD-bit-on-every-power-on.patch.not-needed Normal file
View File

@ -0,0 +1,54 @@
From 66b3579e26dacafe343ea03eec6d6722ddb601af Mon Sep 17 00:00:00 2001
From: Rabeeh Khoury <rabeeh@solid-run.com>
Date: Sun, 24 Jan 2021 13:02:50 +0200
Subject: [PATCH] lx2160a: clear secmon PGD bit on every power on
PGD (power glitch detected) will be set to '1' on every power on when
there is no battery to the SecMon_LP state machine.
This patch is developed and added as precatuion for a secmon boot
failure due to this; but it has no effect at all.
This patch will be marked as not-needed in the lx2160a_build project,
but will be kept there for documentation purposes.
Signed-off-by: Rabeeh Khoury <rabeeh@solid-run.com>
---
plat/nxp/common/include/lsch3.h | 3 +++
plat/nxp/soc-lx2160/aarch64/lx2160.S | 7 +++++++
2 files changed, 10 insertions(+)
diff --git a/plat/nxp/common/include/lsch3.h b/plat/nxp/common/include/lsch3.h
index 000499fe8..7b5a13cfc 100644
--- a/plat/nxp/common/include/lsch3.h
+++ b/plat/nxp/common/include/lsch3.h
@@ -88,6 +88,9 @@
#define SECMON_HPCOMR_OFFSET 0x4
#define SECMON_HPCOMR_NPSWAEN 0x80000000
+#define SECMON_LPSR_OFFSET 0x4c
+#define SECMON_LPSR_PGD_MASK 0x8
+
/* System Counter Offset and Bit Mask */
#define SYS_COUNTER_CNTCR_OFFSET 0x0
#define SYS_COUNTER_CNTCR_EN 0x00000001
diff --git a/plat/nxp/soc-lx2160/aarch64/lx2160.S b/plat/nxp/soc-lx2160/aarch64/lx2160.S
index 83f58897c..3e3c446b4 100644
--- a/plat/nxp/soc-lx2160/aarch64/lx2160.S
+++ b/plat/nxp/soc-lx2160/aarch64/lx2160.S
@@ -1769,6 +1769,13 @@ initSecMon:
// write back
str w0, [x1, #SECMON_HPCOMR_OFFSET]
+ // read the register lpsr and clear pgd (triggered on every PORESET#)
+ ldr x1, =NXP_SNVS_ADDR
+ ldr w0, [x1, #SECMON_LPSR_OFFSET]
+ // turn off pgd
+ orr w0, w0, #SECMON_LPSR_PGD_MASK
+ // write back
+ str w0, [x1, #SECMON_LPSR_OFFSET]
ret
/*---------------------------------------------------------------------------*/
--
2.25.1

37
patches/atf/0008-lx2160acex7-add-timer-based-counter.patch Normal file
View File

@ -0,0 +1,37 @@
From ef78945177f74ec0b1a4295a6a5aa3dd04c2003d Mon Sep 17 00:00:00 2001
From: Rabeeh Khoury <rabeeh@solid-run.com>
Date: Sun, 24 Jan 2021 13:05:12 +0200
Subject: [PATCH] lx2160acex7: add timer based counter
Signed-off-by: Rabeeh Khoury <rabeeh@solid-run.com>
---
plat/nxp/soc-lx2160/lx2160acex7/platform_def.h | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/plat/nxp/soc-lx2160/lx2160acex7/platform_def.h b/plat/nxp/soc-lx2160/lx2160acex7/platform_def.h
index 614f03423..4f5433b66 100644
--- a/plat/nxp/soc-lx2160/lx2160acex7/platform_def.h
+++ b/plat/nxp/soc-lx2160/lx2160acex7/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2019 SolidRun ltd.
+ * Copyright 2019-21 SolidRun ltd.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -22,6 +22,12 @@
#if defined(IMAGE_BL2)
#define SEC_MEM_NON_COHERENT
#endif
+
+#if defined(IMAGE_BL31)
+#define LS_SYS_TIMCTL_BASE 0x2890000
+#define PLAT_LS_NSTIMER_FRAME_ID 0
+#define LS_CONFIG_CNTACR 1
+#endif
/* Special value used to verify platform parameters from BL2 to BL31 */
/* TBD -- Check and get back if this value is same for all platforms */
--
2.25.1

25
patches/atf/0009-plat-nxp-add-tool-print-when-choosing-autodetect-mod.patch Normal file
View File

@ -0,0 +1,25 @@
From 930d5e90e791dc357d271e1d71c78affe848625b Mon Sep 17 00:00:00 2001
From: Rabeeh Khoury <rabeeh@solid-run.com>
Date: Sun, 24 Jan 2021 13:05:46 +0200
Subject: [PATCH] plat: nxp: add tool print when choosing autodetect mode
Signed-off-by: Rabeeh Khoury <rabeeh@solid-run.com>
---
plat/nxp/tools/create_pbl.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/plat/nxp/tools/create_pbl.c b/plat/nxp/tools/create_pbl.c
index 7ee085757..1b067823d 100644
--- a/plat/nxp/tools/create_pbl.c
+++ b/plat/nxp/tools/create_pbl.c
@@ -142,6 +142,7 @@ char *boot_src_string[] = {
"FLXSPI_NOR_BOOT",
"FLXSPI_NAND_BOOT",
"FLXSPI_NAND4K_BOOT",
+ "AUTODETECT"
};
enum stop_command {
--
2.25.1

30
patches/u-boot-LSDK-20.12/0031-lx2160a-modify-SVR_WO_E-mask.patch Normal file
View File

@ -0,0 +1,30 @@
From e4ad857ceb0d05568473b63c501fa9d567e1c47c Mon Sep 17 00:00:00 2001
From: Rabeeh Khoury <rabeeh@solid-run.com>
Date: Sun, 24 Jan 2021 12:26:56 +0200
Subject: [PATCH] lx2160a: modify SVR_WO_E mask
In LX2120A bit 12 of the SVR (bit 4 when 8 bit shifter right) is the
indicatation of FD/CAN support. This patch fixes the detection issue for
LX2 family of SoCs but unfortunately it breaks other layerscape devices.
Signed-off-by: Rabeeh Khoury <rabeeh@solid-run.com>
---
arch/arm/include/asm/arch-fsl-layerscape/soc.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/include/asm/arch-fsl-layerscape/soc.h b/arch/arm/include/asm/arch-fsl-layerscape/soc.h
index 10359ec9ac..3c5a0f687b 100644
--- a/arch/arm/include/asm/arch-fsl-layerscape/soc.h
+++ b/arch/arm/include/asm/arch-fsl-layerscape/soc.h
@@ -77,7 +77,7 @@ enum boot_src {
enum boot_src get_boot_src(void);
#endif
#endif
-#define SVR_WO_E 0xFFFFFE
+#define SVR_WO_E 0xFFFFEE
#define SVR_MAJ(svr) (((svr) >> 4) & 0xf)
#define SVR_MIN(svr) (((svr) >> 0) & 0xf)
--
2.25.1

118
patches/u-boot-LSDK-20.12/0032-lx2160acex7-add-secureboot-defconfig.patch Normal file
View File

@ -0,0 +1,118 @@
From dd85c69ddd44f059092b7ba7aed54fadbfc87e7b Mon Sep 17 00:00:00 2001
From: Rabeeh Khoury <rabeeh@solid-run.com>
Date: Sun, 24 Jan 2021 12:30:17 +0200
Subject: [PATCH] lx2160acex7: add secureboot defconfig
This adds secureboot configuration to u-boot; but still without esbc
validate function.
i.e. the chain of trust boot is still not full supported
Signed-off-by: Rabeeh Khoury <rabeeh@solid-run.com>
---
configs/lx2160acex7_tfa_SECURE_BOOT_defconfig | 94 +++++++++++++++++++
1 file changed, 94 insertions(+)
create mode 100644 configs/lx2160acex7_tfa_SECURE_BOOT_defconfig
diff --git a/configs/lx2160acex7_tfa_SECURE_BOOT_defconfig b/configs/lx2160acex7_tfa_SECURE_BOOT_defconfig
new file mode 100644
index 0000000000..59298de9ac
--- /dev/null
+++ b/configs/lx2160acex7_tfa_SECURE_BOOT_defconfig
@@ -0,0 +1,94 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LX2160ACEX7=y
+CONFIG_TFABOOT=y
+CONFIG_SYS_TEXT_BASE=0x82000000
+CONFIG_SYS_MALLOC_F_LEN=0x6000
+CONFIG_NXP_ESBC=y
+CONFIG_ENV_SIZE=0x2000
+CONFIG_FSPI_AHB_EN_4BYTE=y
+CONFIG_NR_DRAM_BANKS=3
+CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT=y
+CONFIG_SEC_FIRMWARE_ARMV8_PSCI=y
+CONFIG_AHCI=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+# Uncomment the following to remove the countdown
+CONFIG_BOOTDELAY=10
+CONFIG_USE_BOOTARGS=y
+CONFIG_BOOTARGS="console=ttyAMA0,115200 earlycon=pl011,mmio32,0x21c0000 default_hugepagesz=1024m hugepagesz=1024m hugepages=2 pci=pcie_bus_perf"
+# CONFIG_USE_BOOTCOMMAND is not set
+CONFIG_MISC_INIT_R=y
+CONFIG_CMD_GREPENV=y
+CONFIG_CMD_EEPROM=y
+CONFIG_CMD_GPT=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_PCI=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_USB=y
+CONFIG_CMD_CACHE=y
+CONFIG_CMD_NVME=y
+CONFIG_NVME=y
+CONFIG_MP=y
+CONFIG_OF_CONTROL=y
+CONFIG_OF_BOARD_FIXUP=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-lx2160a-cex7"
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_SATA_CEVA=y
+CONFIG_DM_GPIO=y
+CONFIG_DM_I2C=y
+CONFIG_MISC=y
+CONFIG_I2C_SET_DEFAULT_BUS_NUM=y
+CONFIG_I2C_DEFAULT_BUS_NUMBER=0
+CONFIG_I2C_EEPROM=y
+CONFIG_I2C_MUX=y
+CONFIG_I2C_MUX_PCA954x=y
+CONFIG_DM_MMC=y
+CONFIG_FSL_ESDHC=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_SPI_FLASH=y
+CONFIG_SPI_FLASH_SPANSION=y
+CONFIG_SPI_FLASH_STMICRO=y
+CONFIG_SPI_FLASH_MICRON=y
+CONFIG_SPI_FLASH_WINBOND=y
+# CONFIG_SPI_FLASH_USE_4K_SECTORS is not set
+CONFIG_PHYLIB=y
+CONFIG_NETDEVICES=y
+CONFIG_PHY_GIGE=y
+CONFIG_CMD_NET=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_PXE=y
+CONFIG_CMD_MII=y
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_FAT=y
+CONFIG_CMD_EXT2=y
+CONFIG_CMD_TLV_EEPROM=y
+CONFIG_E1000=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_PCIE_LAYERSCAPE_GEN4=y
+CONFIG_PHY_ATHEROS=y
+CONFIG_PCIE_LAYERSCAPE=y
+CONFIG_DM_RTC=y
+CONFIG_RTC_PCF2127=y
+CONFIG_DM_SCSI=y
+CONFIG_DM_SERIAL=y
+CONFIG_SPI=y
+CONFIG_DM_SPI=y
+CONFIG_NXP_FSPI=y
+CONFIG_USB=y
+CONFIG_DM_USB=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_RSA=y
+CONFIG_SPL_RSA=y
+CONFIG_RSA_SOFTWARE_EXP=y
+CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
+CONFIG_CMD_DATE=y
+CONFIG_RTC_PCF2127=y
+CONFIG_CMD_MEMORY=y
+CONFIG_CMD_MEMTEST=y
+CONFIG_GIC_V3_ITS=y
--
2.25.1

14
runme.sh
View File

@ -37,6 +37,7 @@ ROOTDIR=`pwd`
PARALLEL=$(getconf _NPROCESSORS_ONLN) # Amount of parallel jobs for the builds
SPEED=2000_700_${DDR_SPEED}
TOOLS="tar git make 7z dd mkfs.ext4 parted mkdosfs mcopy dtc iasl mkimage e2cp truncate qemu-system-aarch64 cpio rsync bc bison flex python unzip"
BL2=bl2_auto
export PATH=$ROOTDIR/build/toolchain/gcc-linaro-7.4.1-2019.02-x86_64_aarch64-linux-gnu/bin:$PATH
export CROSS_COMPILE=aarch64-linux-gnu-
@ -263,15 +264,18 @@ export BL33=$ROOTDIR/build/u-boot/u-boot.bin
echo "Building atf"
cd $ROOTDIR/build/atf/
make PLAT=lx2160acex7 clean
make PLAT=lx2160acex7 distclean
if [ "x$SECURE" == "xtrue" ]; then
if [ ! -f "srk.pub" ] || [ ! -f "srk.pri" ]; then
echo "Create srk.pub and srk.pri pair via ./gen_keys 4096 under $ROOTDIR/build/cst and place them under $ROOTDIR/build/atf"
exit -1
fi
# Following is without COT
# With secure boot auto mode is not supported... yet.. only flexspi_nor or sd
# that are needed to be stated explicitly
BL2=bl2_flexspi_nor_sec; BOOT_MODE_VAR=flexspi_nor
cp tools/fiptool/ddr-phy-binary/lx2160a/*.bin .
make -j1 PLAT=lx2160acex7 all fip fip_ddr_sec fip_fuse pbl RCW=$ROOTDIR/build/rcw/lx2160acex7/RCW/template.bin TRUSTED_BOARD_BOOT=1 CST_DIR=$ROOTDIR/build/cst/ GENERATE_COT=0 BOOT_MODE=auto SECURE_BOOT=true FUSE_PROG=1 FUSE_PROV_FILE=$ROOTDIR/build/cst/fuse_scr.bin $ATF_DEBUG
make -j${PARALLEL} PLAT=lx2160acex7 all fip fip_ddr_sec fip_fuse pbl RCW=$ROOTDIR/build/rcw/lx2160acex7/RCW/template.bin TRUSTED_BOARD_BOOT=1 CST_DIR=$ROOTDIR/build/cst/ GENERATE_COT=0 BOOT_MODE=${BOOT_MODE_VAR} SECURE_BOOT=yes FUSE_PROG=1 FUSE_PROV_FILE=$ROOTDIR/build/cst/fuse_scr.bin $ATF_DEBUG
else
make -j${PARALLEL} PLAT=lx2160acex7 all fip pbl RCW=$ROOTDIR/build/rcw/lx2160acex7/RCW/template.bin TRUSTED_BOARD_BOOT=0 GENERATE_COT=0 BOOT_MODE=auto SECURE_BOOT=false
fi
@ -431,7 +435,7 @@ truncate -s 463M $ROOTDIR/images/tmp/boot.part
mkfs.ext4 -b 4096 -F $ROOTDIR/images/tmp/boot.part
\rm -rf $ROOTDIR/images/tmp/xspi_header.img
truncate -s 128K $ROOTDIR/images/tmp/xspi_header.img
dd if=$ROOTDIR/build/atf/build/lx2160acex7/${ATF_BUILD}/bl2_auto.pbl of=$ROOTDIR/images/tmp/xspi_header.img bs=512 conv=notrunc
dd if=$ROOTDIR/build/atf/build/lx2160acex7/${ATF_BUILD}/${BL2}.pbl of=$ROOTDIR/images/tmp/xspi_header.img bs=512 conv=notrunc
e2cp -G 0 -O 0 $ROOTDIR/images/tmp/xspi_header.img $ROOTDIR/images/tmp/boot.part:/
# PFE firmware at 0x100
@ -478,8 +482,8 @@ dd if=$ROOTDIR/build/linux/kernel-lx2160acex7.itb of=images/${IMG} bs=512 seek=3
# Ramdisk at 0x10000
# RCW+PBI+BL2 at block 8
dd if=$ROOTDIR/images/${IMG} of=$ROOTDIR/images/lx2160acex7_xspi_${SPEED}_${SERDES}-${REPO_PREFIX}.img bs=1M count=64
dd if=$ROOTDIR/build/atf/build/lx2160acex7/${ATF_BUILD}/bl2_auto.pbl of=images/lx2160acex7_xspi_${SPEED}_${SERDES}-${REPO_PREFIX}.img bs=512 conv=notrunc
dd if=$ROOTDIR/build/atf/build/lx2160acex7/${ATF_BUILD}/bl2_auto.pbl of=images/${IMG} bs=512 seek=8 conv=notrunc
dd if=$ROOTDIR/build/atf/build/lx2160acex7/${ATF_BUILD}/${BL2}.pbl of=images/lx2160acex7_xspi_${SPEED}_${SERDES}-${REPO_PREFIX}.img bs=512 conv=notrunc
dd if=$ROOTDIR/build/atf/build/lx2160acex7/${ATF_BUILD}/${BL2}.pbl of=images/${IMG} bs=512 seek=8 conv=notrunc
# Copy first 64MByte from image excluding MBR to ubuntu-core.img for eMMC boot
dd if=images/${IMG} of=$ROOTDIR/images/tmp/ubuntu-core.img bs=512 seek=1 skip=1 count=131071 conv=notrunc