#
d678a59d |
|
18-May-2024 |
Tom Rini <trini@konsulko.com> |
Revert "Merge patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet"" When bringing in the series 'arm: dts: am62-beagleplay: Fix Beagleplay Ethernet"' I failed to notice that b4 noticed it was based on next and so took that as the base commit and merged that part of next to master. This reverts commit c8ffd1356d42223cbb8c86280a083cc3c93e6426, reversing changes made to 2ee6f3a5f7550de3599faef9704e166e5dcace35. Reported-by: Jonas Karlman <jonas@kwiboo.se> Signed-off-by: Tom Rini <trini@konsulko.com> |
#
dcd59134 |
|
01-May-2024 |
Tom Rini <trini@konsulko.com> |
crypto: Remove <common.h> and add needed includes Remove <common.h> from this driver directory and when needed add missing include files directly. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
6cc04547 |
|
28-Oct-2022 |
Tom Rini <trini@konsulko.com> |
global: Migrate CONFIG_SYS_FSL* symbols to the CFG_SYS namespace Migrate all of COFIG_SYS_FSL* to the CFG_SYS namespace. Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
185f812c |
|
19-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
doc: replace @return by Return: Sphinx expects Return: and not @return to indicate a return value. find . -name '*.c' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; find . -name '*.h' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
#
cb0db5b9 |
|
10-Aug-2021 |
Horia Geantă <horia.geanta@nxp.com> |
crypto/fsl: fix missed dma_addr_t -> caam_dma_addr_t conversion One of the "dma_addr_t" instances was left out when converting to "caam_dma_addr_t". Fixes: 2ff17d2f74c5 ("crypto: fsl: refactor for 32 bit version CAAM support on ARM64") Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
2ff17d2f |
|
25-Mar-2021 |
Ye Li <ye.li@nxp.com> |
crypto: fsl: refactor for 32 bit version CAAM support on ARM64 Previous patch "MLK-18044-4: crypto: caam: Fix pointer size to 32bit for i.MX8M" breaks the 64 bits CAAM. Since i.MX CAAM are all 32 bits no matter the ARM arch (32 or 64), to adapt and not break 64 bits CAAM support, add a new config CONFIG_CAAM_64BIT and new relevant type "caam_dma_addr_t". This config is default enabled when CONFIG_PHYS_64BIT is set except for iMX8M. Signed-off-by: Ye Li <ye.li@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> |
#
a018e6e4 |
|
25-Mar-2021 |
Aymen Sghaier <aymen.sghaier@nxp.com> |
crypto: caam: Fix pointer size to 32bit for i.MX8M The CAAM block used in i.MX8M is 32 bits address size but when the flag PHYS_64BIT is enabled for armv8, the CAAM driver will try to use a wrong pointer size. This patch fixes this issue. Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> |
#
940d36d5 |
|
25-Mar-2021 |
Aymen Sghaier <aymen.sghaier@nxp.com> |
crypto: caam: Add CAAM support to i.MX8M platforms This patch enable CAAM support for i.MX8M platforms. Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> |
#
b5438002 |
|
25-Mar-2021 |
Franck LENORMAND <franck.lenormand@nxp.com> |
caam: enable support for iMX7ULP Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> |
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
b980f9e2 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: instantiate the RNG with prediciton resistance If it is already instantiated tear it down first and then reinstanciate it again with prediction resistance. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
c269a970 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: don't regenerate secure keys The secure keys (TDKEK, JDKEK, TDSK) can only be generated once after a POR. Otherwise the RNG4 will throw an error. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
32e4b65d |
|
27-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
crypto/fsl: correct printf() statement. The sequence of arguments should match the format string. For printing unsigned numbers we should use %u. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
90526e9f |
|
10-May-2020 |
Simon Glass <sjg@chromium.org> |
common: Drop net.h from common header Move this header out of the common header. Network support is used in quite a few places but it still does not warrant blanket inclusion. Note that this net.h header itself has quite a lot in it. It could be split into the driver-mode support, functions, structures, checksumming, etc. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1eb69ae4 |
|
14-Nov-2019 |
Simon Glass <sjg@chromium.org> |
common: Move ARM cache operations out of common.h These functions are CPU-related and do not use driver model. Move them to cpu_func.h Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com> Reviewed-by: Tom Rini <trini@konsulko.com> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
dfaec760 |
|
25-Jan-2018 |
Lukas Auer <lukas.auer@aisec.fraunhofer.de> |
crypto/fsl: instantiate all rng state handles Extend the instantiate_rng() function and the corresponding CAAM job descriptor to instantiate all RNG state handles. This moves the RNG instantiation code in line with the CAAM kernel driver. Previously, only the first state handle was instantiated. The second one was instantiated by the CAAM kernel driver. This works if the kernel runs in secure mode, but fails in non-secure mode since the kernel driver uses DEC0 directly instead of over the job ring interface. Instantiating all RNG state handles in u-boot removes the need for using DEC0 in the kernel driver, making it possible to use the CAAM in non-secure mode. Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de> Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Reviewed-by: York Sun <york.sun@nxp.com> |
#
511fc86d |
|
17-Apr-2017 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
arm: ls1046ardb: Add SD secure boot target - Add SD secure boot target for ls1046ardb. - Change the u-boot size defined by a macro for copying the main U-Boot by SPL to also include the u-boot Secure Boot header size as header is appended to u-boot image. So header will also be copied from SD to DDR. - CONFIG_MAX_SPL_SIZE is limited to 90KB. SPL is copied to OCRAM (128K) where 32K are reserved for use by boot ROM and 6K for the header. - Reduce the size of CAAM driver for SPL Blobification functions and descriptors, that are not required at the time of SPL are disabled. Further error code conversion to strings is disabled for SPL build. Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com> |
#
fc0b5948 |
|
07-Sep-2016 |
Robert P. J. Day <rpjday@crashcourse.ca> |
Various, accumulated typos collected from around the tree. Fix various misspellings of: * deprecated * partition * preceding,preceded * preparation * its versus it's * export * existing * scenario * redundant * remaining * value * architecture Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Reviewed-by: Jagan Teki <jteki@openedev.com> Reviewed-by: Stefan Roese <sr@denx.de> |
#
f91e65a7 |
|
02-Feb-2016 |
Ulises Cardenas <raul.casas@nxp.com> |
imx: Refactoring CAAM Job Ring structure and Secure Memory for imx7 Refactored data structure for CAAM's job ring and Secure Memory to support i.MX7. The new memory map use macros to resolve SM's offset by version. This will solve the versioning issue caused by the new version of secure memory of i.MX7 Signed-off-by: Ulises Cardenas <raul.casas@nxp.com> Reviewed-by: Stefano Babic <sbabic@denx.de> |
#
0200020b |
|
27-Feb-2015 |
Raul Cardenas <Ulises.Cardenas@freescale.com> |
imx6: Added DEK blob generator command Freescale's SEC block has built-in Data Encryption Key(DEK) Blob Protocol which provides a method for protecting a DEK for non-secure memory storage. SEC block protects data in a data structure called a Secret Key Blob, which provides both confidentiality and integrity protection. Every time the blob encapsulation is executed, a AES-256 key is randomly generated to encrypt the DEK. This key is encrypted with the OTP Secret key from SoC. The resulting blob consists of the encrypted AES-256 key, the encrypted DEK, and a 16-bit MAC. During decapsulation, the reverse process is performed to get back the original DEK. A caveat to the blob decapsulation process, is that the DEK is decrypted in secure-memory and can only be read by FSL SEC HW. The DEK is used to decrypt data during encrypted boot. Commands added -------------- dek_blob - encapsulating DEK as a cryptgraphic blob Commands Syntax --------------- dek_blob src dst len Encapsulate and create blob of a len-bits DEK at address src and store the result at address dst. Signed-off-by: Raul Cardenas <Ulises.Cardenas@freescale.com> Signed-off-by: Nitin Garg <nitin.garg@freescale.com> Signed-off-by: Ulises Cardenas <ulises.cardenas@freescale.com> Signed-off-by: Ulises Cardenas-B45798 <Ulises.Cardenas@freescale.com> |
#
34276478 |
|
23-Jan-2015 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
DM: crypto/fsl - Add Freescale rsa DM driver Driver added for RSA Modular Exponentiation using Freescale Hardware Accelerator CAAM. The driver uses UCLASS_MOD_EXP Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> |
#
c5de15cb |
|
07-Oct-2014 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
crypto/fsl: Add command for encapsulating/decapsulating blobs Freescale's SEC block has built-in Blob Protocol which provides a method for protecting user-defined data across system power cycles. SEC block protects data in a data structure called a Blob, which provides both confidentiality and integrity protection. Encapsulating data as a blob Each time that the Blob Protocol is used to protect data, a different randomly generated key is used to encrypt the data. This random key is itself encrypted using a key which is derived from SoC's non volatile secret key and a 16 bit Key identifier. The resulting encrypted key along with encrypted data is called a blob. The non volatile secure key is available for use only during secure boot. During decapsulation, the reverse process is performed to get back the original data. Commands added -------------- blob enc - encapsulating data as a cryptgraphic blob blob dec - decapsulating cryptgraphic blob to get the data Commands Syntax --------------- blob enc src dst len km Encapsulate and create blob of data $len bytes long at address $src and store the result at address $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. blob dec src dst len km Decapsulate the blob of data at address $src and store result of $len byte at addr $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> |
#
b9eebfad |
|
15-Oct-2014 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
fsl_sec: Add hardware accelerated SHA256 and SHA1 SHA-256 and SHA-1 accelerated using SEC hardware in Freescale SoC's The driver for SEC (CAAM) IP is based on linux drivers/crypto/caam. The platforms needto add the MACRO CONFIG_FSL_CAAM inorder to enable initialization of this hardware IP. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> |
#
dcd59134 |
|
01-May-2024 |
Tom Rini <trini@konsulko.com> |
crypto: Remove <common.h> and add needed includes Remove <common.h> from this driver directory and when needed add missing include files directly. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
6cc04547 |
|
28-Oct-2022 |
Tom Rini <trini@konsulko.com> |
global: Migrate CONFIG_SYS_FSL* symbols to the CFG_SYS namespace Migrate all of COFIG_SYS_FSL* to the CFG_SYS namespace. Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
185f812c |
|
19-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
doc: replace @return by Return: Sphinx expects Return: and not @return to indicate a return value. find . -name '*.c' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; find . -name '*.h' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
#
cb0db5b9 |
|
10-Aug-2021 |
Horia Geantă <horia.geanta@nxp.com> |
crypto/fsl: fix missed dma_addr_t -> caam_dma_addr_t conversion One of the "dma_addr_t" instances was left out when converting to "caam_dma_addr_t". Fixes: 2ff17d2f74c5 ("crypto: fsl: refactor for 32 bit version CAAM support on ARM64") Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
2ff17d2f |
|
25-Mar-2021 |
Ye Li <ye.li@nxp.com> |
crypto: fsl: refactor for 32 bit version CAAM support on ARM64 Previous patch "MLK-18044-4: crypto: caam: Fix pointer size to 32bit for i.MX8M" breaks the 64 bits CAAM. Since i.MX CAAM are all 32 bits no matter the ARM arch (32 or 64), to adapt and not break 64 bits CAAM support, add a new config CONFIG_CAAM_64BIT and new relevant type "caam_dma_addr_t". This config is default enabled when CONFIG_PHYS_64BIT is set except for iMX8M. Signed-off-by: Ye Li <ye.li@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> |
#
a018e6e4 |
|
25-Mar-2021 |
Aymen Sghaier <aymen.sghaier@nxp.com> |
crypto: caam: Fix pointer size to 32bit for i.MX8M The CAAM block used in i.MX8M is 32 bits address size but when the flag PHYS_64BIT is enabled for armv8, the CAAM driver will try to use a wrong pointer size. This patch fixes this issue. Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> |
#
940d36d5 |
|
25-Mar-2021 |
Aymen Sghaier <aymen.sghaier@nxp.com> |
crypto: caam: Add CAAM support to i.MX8M platforms This patch enable CAAM support for i.MX8M platforms. Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> |
#
b5438002 |
|
25-Mar-2021 |
Franck LENORMAND <franck.lenormand@nxp.com> |
caam: enable support for iMX7ULP Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> |
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
b980f9e2 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: instantiate the RNG with prediciton resistance If it is already instantiated tear it down first and then reinstanciate it again with prediction resistance. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
c269a970 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: don't regenerate secure keys The secure keys (TDKEK, JDKEK, TDSK) can only be generated once after a POR. Otherwise the RNG4 will throw an error. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
32e4b65d |
|
27-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
crypto/fsl: correct printf() statement. The sequence of arguments should match the format string. For printing unsigned numbers we should use %u. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
90526e9f |
|
10-May-2020 |
Simon Glass <sjg@chromium.org> |
common: Drop net.h from common header Move this header out of the common header. Network support is used in quite a few places but it still does not warrant blanket inclusion. Note that this net.h header itself has quite a lot in it. It could be split into the driver-mode support, functions, structures, checksumming, etc. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1eb69ae4 |
|
14-Nov-2019 |
Simon Glass <sjg@chromium.org> |
common: Move ARM cache operations out of common.h These functions are CPU-related and do not use driver model. Move them to cpu_func.h Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com> Reviewed-by: Tom Rini <trini@konsulko.com> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
dfaec760 |
|
25-Jan-2018 |
Lukas Auer <lukas.auer@aisec.fraunhofer.de> |
crypto/fsl: instantiate all rng state handles Extend the instantiate_rng() function and the corresponding CAAM job descriptor to instantiate all RNG state handles. This moves the RNG instantiation code in line with the CAAM kernel driver. Previously, only the first state handle was instantiated. The second one was instantiated by the CAAM kernel driver. This works if the kernel runs in secure mode, but fails in non-secure mode since the kernel driver uses DEC0 directly instead of over the job ring interface. Instantiating all RNG state handles in u-boot removes the need for using DEC0 in the kernel driver, making it possible to use the CAAM in non-secure mode. Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de> Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Reviewed-by: York Sun <york.sun@nxp.com> |
#
511fc86d |
|
17-Apr-2017 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
arm: ls1046ardb: Add SD secure boot target - Add SD secure boot target for ls1046ardb. - Change the u-boot size defined by a macro for copying the main U-Boot by SPL to also include the u-boot Secure Boot header size as header is appended to u-boot image. So header will also be copied from SD to DDR. - CONFIG_MAX_SPL_SIZE is limited to 90KB. SPL is copied to OCRAM (128K) where 32K are reserved for use by boot ROM and 6K for the header. - Reduce the size of CAAM driver for SPL Blobification functions and descriptors, that are not required at the time of SPL are disabled. Further error code conversion to strings is disabled for SPL build. Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com> |
#
fc0b5948 |
|
07-Sep-2016 |
Robert P. J. Day <rpjday@crashcourse.ca> |
Various, accumulated typos collected from around the tree. Fix various misspellings of: * deprecated * partition * preceding,preceded * preparation * its versus it's * export * existing * scenario * redundant * remaining * value * architecture Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Reviewed-by: Jagan Teki <jteki@openedev.com> Reviewed-by: Stefan Roese <sr@denx.de> |
#
f91e65a7 |
|
02-Feb-2016 |
Ulises Cardenas <raul.casas@nxp.com> |
imx: Refactoring CAAM Job Ring structure and Secure Memory for imx7 Refactored data structure for CAAM's job ring and Secure Memory to support i.MX7. The new memory map use macros to resolve SM's offset by version. This will solve the versioning issue caused by the new version of secure memory of i.MX7 Signed-off-by: Ulises Cardenas <raul.casas@nxp.com> Reviewed-by: Stefano Babic <sbabic@denx.de> |
#
0200020b |
|
27-Feb-2015 |
Raul Cardenas <Ulises.Cardenas@freescale.com> |
imx6: Added DEK blob generator command Freescale's SEC block has built-in Data Encryption Key(DEK) Blob Protocol which provides a method for protecting a DEK for non-secure memory storage. SEC block protects data in a data structure called a Secret Key Blob, which provides both confidentiality and integrity protection. Every time the blob encapsulation is executed, a AES-256 key is randomly generated to encrypt the DEK. This key is encrypted with the OTP Secret key from SoC. The resulting blob consists of the encrypted AES-256 key, the encrypted DEK, and a 16-bit MAC. During decapsulation, the reverse process is performed to get back the original DEK. A caveat to the blob decapsulation process, is that the DEK is decrypted in secure-memory and can only be read by FSL SEC HW. The DEK is used to decrypt data during encrypted boot. Commands added -------------- dek_blob - encapsulating DEK as a cryptgraphic blob Commands Syntax --------------- dek_blob src dst len Encapsulate and create blob of a len-bits DEK at address src and store the result at address dst. Signed-off-by: Raul Cardenas <Ulises.Cardenas@freescale.com> Signed-off-by: Nitin Garg <nitin.garg@freescale.com> Signed-off-by: Ulises Cardenas <ulises.cardenas@freescale.com> Signed-off-by: Ulises Cardenas-B45798 <Ulises.Cardenas@freescale.com> |
#
34276478 |
|
23-Jan-2015 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
DM: crypto/fsl - Add Freescale rsa DM driver Driver added for RSA Modular Exponentiation using Freescale Hardware Accelerator CAAM. The driver uses UCLASS_MOD_EXP Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> |
#
c5de15cb |
|
07-Oct-2014 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
crypto/fsl: Add command for encapsulating/decapsulating blobs Freescale's SEC block has built-in Blob Protocol which provides a method for protecting user-defined data across system power cycles. SEC block protects data in a data structure called a Blob, which provides both confidentiality and integrity protection. Encapsulating data as a blob Each time that the Blob Protocol is used to protect data, a different randomly generated key is used to encrypt the data. This random key is itself encrypted using a key which is derived from SoC's non volatile secret key and a 16 bit Key identifier. The resulting encrypted key along with encrypted data is called a blob. The non volatile secure key is available for use only during secure boot. During decapsulation, the reverse process is performed to get back the original data. Commands added -------------- blob enc - encapsulating data as a cryptgraphic blob blob dec - decapsulating cryptgraphic blob to get the data Commands Syntax --------------- blob enc src dst len km Encapsulate and create blob of data $len bytes long at address $src and store the result at address $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. blob dec src dst len km Decapsulate the blob of data at address $src and store result of $len byte at addr $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> |
#
b9eebfad |
|
15-Oct-2014 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
fsl_sec: Add hardware accelerated SHA256 and SHA1 SHA-256 and SHA-1 accelerated using SEC hardware in Freescale SoC's The driver for SEC (CAAM) IP is based on linux drivers/crypto/caam. The platforms needto add the MACRO CONFIG_FSL_CAAM inorder to enable initialization of this hardware IP. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> |
#
6cc04547 |
|
28-Oct-2022 |
Tom Rini <trini@konsulko.com> |
global: Migrate CONFIG_SYS_FSL* symbols to the CFG_SYS namespace Migrate all of COFIG_SYS_FSL* to the CFG_SYS namespace. Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
185f812c |
|
19-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
doc: replace @return by Return: Sphinx expects Return: and not @return to indicate a return value. find . -name '*.c' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; find . -name '*.h' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
#
cb0db5b9 |
|
10-Aug-2021 |
Horia Geantă <horia.geanta@nxp.com> |
crypto/fsl: fix missed dma_addr_t -> caam_dma_addr_t conversion One of the "dma_addr_t" instances was left out when converting to "caam_dma_addr_t". Fixes: 2ff17d2f74c5 ("crypto: fsl: refactor for 32 bit version CAAM support on ARM64") Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
2ff17d2f |
|
25-Mar-2021 |
Ye Li <ye.li@nxp.com> |
crypto: fsl: refactor for 32 bit version CAAM support on ARM64 Previous patch "MLK-18044-4: crypto: caam: Fix pointer size to 32bit for i.MX8M" breaks the 64 bits CAAM. Since i.MX CAAM are all 32 bits no matter the ARM arch (32 or 64), to adapt and not break 64 bits CAAM support, add a new config CONFIG_CAAM_64BIT and new relevant type "caam_dma_addr_t". This config is default enabled when CONFIG_PHYS_64BIT is set except for iMX8M. Signed-off-by: Ye Li <ye.li@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> |
#
a018e6e4 |
|
25-Mar-2021 |
Aymen Sghaier <aymen.sghaier@nxp.com> |
crypto: caam: Fix pointer size to 32bit for i.MX8M The CAAM block used in i.MX8M is 32 bits address size but when the flag PHYS_64BIT is enabled for armv8, the CAAM driver will try to use a wrong pointer size. This patch fixes this issue. Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> |
#
940d36d5 |
|
25-Mar-2021 |
Aymen Sghaier <aymen.sghaier@nxp.com> |
crypto: caam: Add CAAM support to i.MX8M platforms This patch enable CAAM support for i.MX8M platforms. Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> |
#
b5438002 |
|
25-Mar-2021 |
Franck LENORMAND <franck.lenormand@nxp.com> |
caam: enable support for iMX7ULP Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> |
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
b980f9e2 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: instantiate the RNG with prediciton resistance If it is already instantiated tear it down first and then reinstanciate it again with prediction resistance. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
c269a970 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: don't regenerate secure keys The secure keys (TDKEK, JDKEK, TDSK) can only be generated once after a POR. Otherwise the RNG4 will throw an error. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
32e4b65d |
|
27-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
crypto/fsl: correct printf() statement. The sequence of arguments should match the format string. For printing unsigned numbers we should use %u. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
90526e9f |
|
10-May-2020 |
Simon Glass <sjg@chromium.org> |
common: Drop net.h from common header Move this header out of the common header. Network support is used in quite a few places but it still does not warrant blanket inclusion. Note that this net.h header itself has quite a lot in it. It could be split into the driver-mode support, functions, structures, checksumming, etc. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1eb69ae4 |
|
14-Nov-2019 |
Simon Glass <sjg@chromium.org> |
common: Move ARM cache operations out of common.h These functions are CPU-related and do not use driver model. Move them to cpu_func.h Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com> Reviewed-by: Tom Rini <trini@konsulko.com> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
dfaec760 |
|
25-Jan-2018 |
Lukas Auer <lukas.auer@aisec.fraunhofer.de> |
crypto/fsl: instantiate all rng state handles Extend the instantiate_rng() function and the corresponding CAAM job descriptor to instantiate all RNG state handles. This moves the RNG instantiation code in line with the CAAM kernel driver. Previously, only the first state handle was instantiated. The second one was instantiated by the CAAM kernel driver. This works if the kernel runs in secure mode, but fails in non-secure mode since the kernel driver uses DEC0 directly instead of over the job ring interface. Instantiating all RNG state handles in u-boot removes the need for using DEC0 in the kernel driver, making it possible to use the CAAM in non-secure mode. Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de> Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Reviewed-by: York Sun <york.sun@nxp.com> |
#
511fc86d |
|
17-Apr-2017 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
arm: ls1046ardb: Add SD secure boot target - Add SD secure boot target for ls1046ardb. - Change the u-boot size defined by a macro for copying the main U-Boot by SPL to also include the u-boot Secure Boot header size as header is appended to u-boot image. So header will also be copied from SD to DDR. - CONFIG_MAX_SPL_SIZE is limited to 90KB. SPL is copied to OCRAM (128K) where 32K are reserved for use by boot ROM and 6K for the header. - Reduce the size of CAAM driver for SPL Blobification functions and descriptors, that are not required at the time of SPL are disabled. Further error code conversion to strings is disabled for SPL build. Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com> |
#
fc0b5948 |
|
07-Sep-2016 |
Robert P. J. Day <rpjday@crashcourse.ca> |
Various, accumulated typos collected from around the tree. Fix various misspellings of: * deprecated * partition * preceding,preceded * preparation * its versus it's * export * existing * scenario * redundant * remaining * value * architecture Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Reviewed-by: Jagan Teki <jteki@openedev.com> Reviewed-by: Stefan Roese <sr@denx.de> |
#
f91e65a7 |
|
02-Feb-2016 |
Ulises Cardenas <raul.casas@nxp.com> |
imx: Refactoring CAAM Job Ring structure and Secure Memory for imx7 Refactored data structure for CAAM's job ring and Secure Memory to support i.MX7. The new memory map use macros to resolve SM's offset by version. This will solve the versioning issue caused by the new version of secure memory of i.MX7 Signed-off-by: Ulises Cardenas <raul.casas@nxp.com> Reviewed-by: Stefano Babic <sbabic@denx.de> |
#
0200020b |
|
27-Feb-2015 |
Raul Cardenas <Ulises.Cardenas@freescale.com> |
imx6: Added DEK blob generator command Freescale's SEC block has built-in Data Encryption Key(DEK) Blob Protocol which provides a method for protecting a DEK for non-secure memory storage. SEC block protects data in a data structure called a Secret Key Blob, which provides both confidentiality and integrity protection. Every time the blob encapsulation is executed, a AES-256 key is randomly generated to encrypt the DEK. This key is encrypted with the OTP Secret key from SoC. The resulting blob consists of the encrypted AES-256 key, the encrypted DEK, and a 16-bit MAC. During decapsulation, the reverse process is performed to get back the original DEK. A caveat to the blob decapsulation process, is that the DEK is decrypted in secure-memory and can only be read by FSL SEC HW. The DEK is used to decrypt data during encrypted boot. Commands added -------------- dek_blob - encapsulating DEK as a cryptgraphic blob Commands Syntax --------------- dek_blob src dst len Encapsulate and create blob of a len-bits DEK at address src and store the result at address dst. Signed-off-by: Raul Cardenas <Ulises.Cardenas@freescale.com> Signed-off-by: Nitin Garg <nitin.garg@freescale.com> Signed-off-by: Ulises Cardenas <ulises.cardenas@freescale.com> Signed-off-by: Ulises Cardenas-B45798 <Ulises.Cardenas@freescale.com> |
#
34276478 |
|
23-Jan-2015 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
DM: crypto/fsl - Add Freescale rsa DM driver Driver added for RSA Modular Exponentiation using Freescale Hardware Accelerator CAAM. The driver uses UCLASS_MOD_EXP Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> |
#
c5de15cb |
|
07-Oct-2014 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
crypto/fsl: Add command for encapsulating/decapsulating blobs Freescale's SEC block has built-in Blob Protocol which provides a method for protecting user-defined data across system power cycles. SEC block protects data in a data structure called a Blob, which provides both confidentiality and integrity protection. Encapsulating data as a blob Each time that the Blob Protocol is used to protect data, a different randomly generated key is used to encrypt the data. This random key is itself encrypted using a key which is derived from SoC's non volatile secret key and a 16 bit Key identifier. The resulting encrypted key along with encrypted data is called a blob. The non volatile secure key is available for use only during secure boot. During decapsulation, the reverse process is performed to get back the original data. Commands added -------------- blob enc - encapsulating data as a cryptgraphic blob blob dec - decapsulating cryptgraphic blob to get the data Commands Syntax --------------- blob enc src dst len km Encapsulate and create blob of data $len bytes long at address $src and store the result at address $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. blob dec src dst len km Decapsulate the blob of data at address $src and store result of $len byte at addr $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> |
#
b9eebfad |
|
15-Oct-2014 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
fsl_sec: Add hardware accelerated SHA256 and SHA1 SHA-256 and SHA-1 accelerated using SEC hardware in Freescale SoC's The driver for SEC (CAAM) IP is based on linux drivers/crypto/caam. The platforms needto add the MACRO CONFIG_FSL_CAAM inorder to enable initialization of this hardware IP. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> |
#
185f812c |
|
19-Jan-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
doc: replace @return by Return: Sphinx expects Return: and not @return to indicate a return value. find . -name '*.c' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; find . -name '*.h' -exec \ sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \; Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> |
#
cb0db5b9 |
|
10-Aug-2021 |
Horia Geantă <horia.geanta@nxp.com> |
crypto/fsl: fix missed dma_addr_t -> caam_dma_addr_t conversion One of the "dma_addr_t" instances was left out when converting to "caam_dma_addr_t". Fixes: 2ff17d2f74c5 ("crypto: fsl: refactor for 32 bit version CAAM support on ARM64") Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
2ff17d2f |
|
25-Mar-2021 |
Ye Li <ye.li@nxp.com> |
crypto: fsl: refactor for 32 bit version CAAM support on ARM64 Previous patch "MLK-18044-4: crypto: caam: Fix pointer size to 32bit for i.MX8M" breaks the 64 bits CAAM. Since i.MX CAAM are all 32 bits no matter the ARM arch (32 or 64), to adapt and not break 64 bits CAAM support, add a new config CONFIG_CAAM_64BIT and new relevant type "caam_dma_addr_t". This config is default enabled when CONFIG_PHYS_64BIT is set except for iMX8M. Signed-off-by: Ye Li <ye.li@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> |
#
a018e6e4 |
|
25-Mar-2021 |
Aymen Sghaier <aymen.sghaier@nxp.com> |
crypto: caam: Fix pointer size to 32bit for i.MX8M The CAAM block used in i.MX8M is 32 bits address size but when the flag PHYS_64BIT is enabled for armv8, the CAAM driver will try to use a wrong pointer size. This patch fixes this issue. Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> |
#
940d36d5 |
|
25-Mar-2021 |
Aymen Sghaier <aymen.sghaier@nxp.com> |
crypto: caam: Add CAAM support to i.MX8M platforms This patch enable CAAM support for i.MX8M platforms. Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> |
#
b5438002 |
|
25-Mar-2021 |
Franck LENORMAND <franck.lenormand@nxp.com> |
caam: enable support for iMX7ULP Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> |
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
b980f9e2 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: instantiate the RNG with prediciton resistance If it is already instantiated tear it down first and then reinstanciate it again with prediction resistance. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
c269a970 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: don't regenerate secure keys The secure keys (TDKEK, JDKEK, TDSK) can only be generated once after a POR. Otherwise the RNG4 will throw an error. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
32e4b65d |
|
27-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
crypto/fsl: correct printf() statement. The sequence of arguments should match the format string. For printing unsigned numbers we should use %u. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
90526e9f |
|
10-May-2020 |
Simon Glass <sjg@chromium.org> |
common: Drop net.h from common header Move this header out of the common header. Network support is used in quite a few places but it still does not warrant blanket inclusion. Note that this net.h header itself has quite a lot in it. It could be split into the driver-mode support, functions, structures, checksumming, etc. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1eb69ae4 |
|
14-Nov-2019 |
Simon Glass <sjg@chromium.org> |
common: Move ARM cache operations out of common.h These functions are CPU-related and do not use driver model. Move them to cpu_func.h Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com> Reviewed-by: Tom Rini <trini@konsulko.com> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
dfaec760 |
|
25-Jan-2018 |
Lukas Auer <lukas.auer@aisec.fraunhofer.de> |
crypto/fsl: instantiate all rng state handles Extend the instantiate_rng() function and the corresponding CAAM job descriptor to instantiate all RNG state handles. This moves the RNG instantiation code in line with the CAAM kernel driver. Previously, only the first state handle was instantiated. The second one was instantiated by the CAAM kernel driver. This works if the kernel runs in secure mode, but fails in non-secure mode since the kernel driver uses DEC0 directly instead of over the job ring interface. Instantiating all RNG state handles in u-boot removes the need for using DEC0 in the kernel driver, making it possible to use the CAAM in non-secure mode. Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de> Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Reviewed-by: York Sun <york.sun@nxp.com> |
#
511fc86d |
|
17-Apr-2017 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
arm: ls1046ardb: Add SD secure boot target - Add SD secure boot target for ls1046ardb. - Change the u-boot size defined by a macro for copying the main U-Boot by SPL to also include the u-boot Secure Boot header size as header is appended to u-boot image. So header will also be copied from SD to DDR. - CONFIG_MAX_SPL_SIZE is limited to 90KB. SPL is copied to OCRAM (128K) where 32K are reserved for use by boot ROM and 6K for the header. - Reduce the size of CAAM driver for SPL Blobification functions and descriptors, that are not required at the time of SPL are disabled. Further error code conversion to strings is disabled for SPL build. Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com> |
#
fc0b5948 |
|
07-Sep-2016 |
Robert P. J. Day <rpjday@crashcourse.ca> |
Various, accumulated typos collected from around the tree. Fix various misspellings of: * deprecated * partition * preceding,preceded * preparation * its versus it's * export * existing * scenario * redundant * remaining * value * architecture Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Reviewed-by: Jagan Teki <jteki@openedev.com> Reviewed-by: Stefan Roese <sr@denx.de> |
#
f91e65a7 |
|
02-Feb-2016 |
Ulises Cardenas <raul.casas@nxp.com> |
imx: Refactoring CAAM Job Ring structure and Secure Memory for imx7 Refactored data structure for CAAM's job ring and Secure Memory to support i.MX7. The new memory map use macros to resolve SM's offset by version. This will solve the versioning issue caused by the new version of secure memory of i.MX7 Signed-off-by: Ulises Cardenas <raul.casas@nxp.com> Reviewed-by: Stefano Babic <sbabic@denx.de> |
#
0200020b |
|
27-Feb-2015 |
Raul Cardenas <Ulises.Cardenas@freescale.com> |
imx6: Added DEK blob generator command Freescale's SEC block has built-in Data Encryption Key(DEK) Blob Protocol which provides a method for protecting a DEK for non-secure memory storage. SEC block protects data in a data structure called a Secret Key Blob, which provides both confidentiality and integrity protection. Every time the blob encapsulation is executed, a AES-256 key is randomly generated to encrypt the DEK. This key is encrypted with the OTP Secret key from SoC. The resulting blob consists of the encrypted AES-256 key, the encrypted DEK, and a 16-bit MAC. During decapsulation, the reverse process is performed to get back the original DEK. A caveat to the blob decapsulation process, is that the DEK is decrypted in secure-memory and can only be read by FSL SEC HW. The DEK is used to decrypt data during encrypted boot. Commands added -------------- dek_blob - encapsulating DEK as a cryptgraphic blob Commands Syntax --------------- dek_blob src dst len Encapsulate and create blob of a len-bits DEK at address src and store the result at address dst. Signed-off-by: Raul Cardenas <Ulises.Cardenas@freescale.com> Signed-off-by: Nitin Garg <nitin.garg@freescale.com> Signed-off-by: Ulises Cardenas <ulises.cardenas@freescale.com> Signed-off-by: Ulises Cardenas-B45798 <Ulises.Cardenas@freescale.com> |
#
34276478 |
|
23-Jan-2015 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
DM: crypto/fsl - Add Freescale rsa DM driver Driver added for RSA Modular Exponentiation using Freescale Hardware Accelerator CAAM. The driver uses UCLASS_MOD_EXP Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> |
#
c5de15cb |
|
07-Oct-2014 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
crypto/fsl: Add command for encapsulating/decapsulating blobs Freescale's SEC block has built-in Blob Protocol which provides a method for protecting user-defined data across system power cycles. SEC block protects data in a data structure called a Blob, which provides both confidentiality and integrity protection. Encapsulating data as a blob Each time that the Blob Protocol is used to protect data, a different randomly generated key is used to encrypt the data. This random key is itself encrypted using a key which is derived from SoC's non volatile secret key and a 16 bit Key identifier. The resulting encrypted key along with encrypted data is called a blob. The non volatile secure key is available for use only during secure boot. During decapsulation, the reverse process is performed to get back the original data. Commands added -------------- blob enc - encapsulating data as a cryptgraphic blob blob dec - decapsulating cryptgraphic blob to get the data Commands Syntax --------------- blob enc src dst len km Encapsulate and create blob of data $len bytes long at address $src and store the result at address $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. blob dec src dst len km Decapsulate the blob of data at address $src and store result of $len byte at addr $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> |
#
b9eebfad |
|
15-Oct-2014 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
fsl_sec: Add hardware accelerated SHA256 and SHA1 SHA-256 and SHA-1 accelerated using SEC hardware in Freescale SoC's The driver for SEC (CAAM) IP is based on linux drivers/crypto/caam. The platforms needto add the MACRO CONFIG_FSL_CAAM inorder to enable initialization of this hardware IP. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> |
#
cb0db5b9 |
|
10-Aug-2021 |
Horia Geantă <horia.geanta@nxp.com> |
crypto/fsl: fix missed dma_addr_t -> caam_dma_addr_t conversion One of the "dma_addr_t" instances was left out when converting to "caam_dma_addr_t". Fixes: 2ff17d2f74c5 ("crypto: fsl: refactor for 32 bit version CAAM support on ARM64") Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
2ff17d2f |
|
25-Mar-2021 |
Ye Li <ye.li@nxp.com> |
crypto: fsl: refactor for 32 bit version CAAM support on ARM64 Previous patch "MLK-18044-4: crypto: caam: Fix pointer size to 32bit for i.MX8M" breaks the 64 bits CAAM. Since i.MX CAAM are all 32 bits no matter the ARM arch (32 or 64), to adapt and not break 64 bits CAAM support, add a new config CONFIG_CAAM_64BIT and new relevant type "caam_dma_addr_t". This config is default enabled when CONFIG_PHYS_64BIT is set except for iMX8M. Signed-off-by: Ye Li <ye.li@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> |
#
a018e6e4 |
|
25-Mar-2021 |
Aymen Sghaier <aymen.sghaier@nxp.com> |
crypto: caam: Fix pointer size to 32bit for i.MX8M The CAAM block used in i.MX8M is 32 bits address size but when the flag PHYS_64BIT is enabled for armv8, the CAAM driver will try to use a wrong pointer size. This patch fixes this issue. Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> |
#
940d36d5 |
|
25-Mar-2021 |
Aymen Sghaier <aymen.sghaier@nxp.com> |
crypto: caam: Add CAAM support to i.MX8M platforms This patch enable CAAM support for i.MX8M platforms. Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> |
#
b5438002 |
|
25-Mar-2021 |
Franck LENORMAND <franck.lenormand@nxp.com> |
caam: enable support for iMX7ULP Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> |
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
b980f9e2 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: instantiate the RNG with prediciton resistance If it is already instantiated tear it down first and then reinstanciate it again with prediction resistance. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
c269a970 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: don't regenerate secure keys The secure keys (TDKEK, JDKEK, TDSK) can only be generated once after a POR. Otherwise the RNG4 will throw an error. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
32e4b65d |
|
27-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
crypto/fsl: correct printf() statement. The sequence of arguments should match the format string. For printing unsigned numbers we should use %u. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
90526e9f |
|
10-May-2020 |
Simon Glass <sjg@chromium.org> |
common: Drop net.h from common header Move this header out of the common header. Network support is used in quite a few places but it still does not warrant blanket inclusion. Note that this net.h header itself has quite a lot in it. It could be split into the driver-mode support, functions, structures, checksumming, etc. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1eb69ae4 |
|
14-Nov-2019 |
Simon Glass <sjg@chromium.org> |
common: Move ARM cache operations out of common.h These functions are CPU-related and do not use driver model. Move them to cpu_func.h Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com> Reviewed-by: Tom Rini <trini@konsulko.com> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
dfaec760 |
|
25-Jan-2018 |
Lukas Auer <lukas.auer@aisec.fraunhofer.de> |
crypto/fsl: instantiate all rng state handles Extend the instantiate_rng() function and the corresponding CAAM job descriptor to instantiate all RNG state handles. This moves the RNG instantiation code in line with the CAAM kernel driver. Previously, only the first state handle was instantiated. The second one was instantiated by the CAAM kernel driver. This works if the kernel runs in secure mode, but fails in non-secure mode since the kernel driver uses DEC0 directly instead of over the job ring interface. Instantiating all RNG state handles in u-boot removes the need for using DEC0 in the kernel driver, making it possible to use the CAAM in non-secure mode. Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de> Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Reviewed-by: York Sun <york.sun@nxp.com> |
#
511fc86d |
|
17-Apr-2017 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
arm: ls1046ardb: Add SD secure boot target - Add SD secure boot target for ls1046ardb. - Change the u-boot size defined by a macro for copying the main U-Boot by SPL to also include the u-boot Secure Boot header size as header is appended to u-boot image. So header will also be copied from SD to DDR. - CONFIG_MAX_SPL_SIZE is limited to 90KB. SPL is copied to OCRAM (128K) where 32K are reserved for use by boot ROM and 6K for the header. - Reduce the size of CAAM driver for SPL Blobification functions and descriptors, that are not required at the time of SPL are disabled. Further error code conversion to strings is disabled for SPL build. Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com> |
#
fc0b5948 |
|
07-Sep-2016 |
Robert P. J. Day <rpjday@crashcourse.ca> |
Various, accumulated typos collected from around the tree. Fix various misspellings of: * deprecated * partition * preceding,preceded * preparation * its versus it's * export * existing * scenario * redundant * remaining * value * architecture Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Reviewed-by: Jagan Teki <jteki@openedev.com> Reviewed-by: Stefan Roese <sr@denx.de> |
#
f91e65a7 |
|
02-Feb-2016 |
Ulises Cardenas <raul.casas@nxp.com> |
imx: Refactoring CAAM Job Ring structure and Secure Memory for imx7 Refactored data structure for CAAM's job ring and Secure Memory to support i.MX7. The new memory map use macros to resolve SM's offset by version. This will solve the versioning issue caused by the new version of secure memory of i.MX7 Signed-off-by: Ulises Cardenas <raul.casas@nxp.com> Reviewed-by: Stefano Babic <sbabic@denx.de> |
#
0200020b |
|
27-Feb-2015 |
Raul Cardenas <Ulises.Cardenas@freescale.com> |
imx6: Added DEK blob generator command Freescale's SEC block has built-in Data Encryption Key(DEK) Blob Protocol which provides a method for protecting a DEK for non-secure memory storage. SEC block protects data in a data structure called a Secret Key Blob, which provides both confidentiality and integrity protection. Every time the blob encapsulation is executed, a AES-256 key is randomly generated to encrypt the DEK. This key is encrypted with the OTP Secret key from SoC. The resulting blob consists of the encrypted AES-256 key, the encrypted DEK, and a 16-bit MAC. During decapsulation, the reverse process is performed to get back the original DEK. A caveat to the blob decapsulation process, is that the DEK is decrypted in secure-memory and can only be read by FSL SEC HW. The DEK is used to decrypt data during encrypted boot. Commands added -------------- dek_blob - encapsulating DEK as a cryptgraphic blob Commands Syntax --------------- dek_blob src dst len Encapsulate and create blob of a len-bits DEK at address src and store the result at address dst. Signed-off-by: Raul Cardenas <Ulises.Cardenas@freescale.com> Signed-off-by: Nitin Garg <nitin.garg@freescale.com> Signed-off-by: Ulises Cardenas <ulises.cardenas@freescale.com> Signed-off-by: Ulises Cardenas-B45798 <Ulises.Cardenas@freescale.com> |
#
34276478 |
|
23-Jan-2015 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
DM: crypto/fsl - Add Freescale rsa DM driver Driver added for RSA Modular Exponentiation using Freescale Hardware Accelerator CAAM. The driver uses UCLASS_MOD_EXP Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> |
#
c5de15cb |
|
07-Oct-2014 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
crypto/fsl: Add command for encapsulating/decapsulating blobs Freescale's SEC block has built-in Blob Protocol which provides a method for protecting user-defined data across system power cycles. SEC block protects data in a data structure called a Blob, which provides both confidentiality and integrity protection. Encapsulating data as a blob Each time that the Blob Protocol is used to protect data, a different randomly generated key is used to encrypt the data. This random key is itself encrypted using a key which is derived from SoC's non volatile secret key and a 16 bit Key identifier. The resulting encrypted key along with encrypted data is called a blob. The non volatile secure key is available for use only during secure boot. During decapsulation, the reverse process is performed to get back the original data. Commands added -------------- blob enc - encapsulating data as a cryptgraphic blob blob dec - decapsulating cryptgraphic blob to get the data Commands Syntax --------------- blob enc src dst len km Encapsulate and create blob of data $len bytes long at address $src and store the result at address $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. blob dec src dst len km Decapsulate the blob of data at address $src and store result of $len byte at addr $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> |
#
b9eebfad |
|
15-Oct-2014 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
fsl_sec: Add hardware accelerated SHA256 and SHA1 SHA-256 and SHA-1 accelerated using SEC hardware in Freescale SoC's The driver for SEC (CAAM) IP is based on linux drivers/crypto/caam. The platforms needto add the MACRO CONFIG_FSL_CAAM inorder to enable initialization of this hardware IP. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> |
#
2ff17d2f |
|
25-Mar-2021 |
Ye Li <ye.li@nxp.com> |
crypto: fsl: refactor for 32 bit version CAAM support on ARM64 Previous patch "MLK-18044-4: crypto: caam: Fix pointer size to 32bit for i.MX8M" breaks the 64 bits CAAM. Since i.MX CAAM are all 32 bits no matter the ARM arch (32 or 64), to adapt and not break 64 bits CAAM support, add a new config CONFIG_CAAM_64BIT and new relevant type "caam_dma_addr_t". This config is default enabled when CONFIG_PHYS_64BIT is set except for iMX8M. Signed-off-by: Ye Li <ye.li@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> |
#
a018e6e4 |
|
25-Mar-2021 |
Aymen Sghaier <aymen.sghaier@nxp.com> |
crypto: caam: Fix pointer size to 32bit for i.MX8M The CAAM block used in i.MX8M is 32 bits address size but when the flag PHYS_64BIT is enabled for armv8, the CAAM driver will try to use a wrong pointer size. This patch fixes this issue. Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> |
#
940d36d5 |
|
25-Mar-2021 |
Aymen Sghaier <aymen.sghaier@nxp.com> |
crypto: caam: Add CAAM support to i.MX8M platforms This patch enable CAAM support for i.MX8M platforms. Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> |
#
b5438002 |
|
25-Mar-2021 |
Franck LENORMAND <franck.lenormand@nxp.com> |
caam: enable support for iMX7ULP Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> |
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
b980f9e2 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: instantiate the RNG with prediciton resistance If it is already instantiated tear it down first and then reinstanciate it again with prediction resistance. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
c269a970 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: don't regenerate secure keys The secure keys (TDKEK, JDKEK, TDSK) can only be generated once after a POR. Otherwise the RNG4 will throw an error. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
32e4b65d |
|
27-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
crypto/fsl: correct printf() statement. The sequence of arguments should match the format string. For printing unsigned numbers we should use %u. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
90526e9f |
|
10-May-2020 |
Simon Glass <sjg@chromium.org> |
common: Drop net.h from common header Move this header out of the common header. Network support is used in quite a few places but it still does not warrant blanket inclusion. Note that this net.h header itself has quite a lot in it. It could be split into the driver-mode support, functions, structures, checksumming, etc. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1eb69ae4 |
|
14-Nov-2019 |
Simon Glass <sjg@chromium.org> |
common: Move ARM cache operations out of common.h These functions are CPU-related and do not use driver model. Move them to cpu_func.h Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com> Reviewed-by: Tom Rini <trini@konsulko.com> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
dfaec760 |
|
25-Jan-2018 |
Lukas Auer <lukas.auer@aisec.fraunhofer.de> |
crypto/fsl: instantiate all rng state handles Extend the instantiate_rng() function and the corresponding CAAM job descriptor to instantiate all RNG state handles. This moves the RNG instantiation code in line with the CAAM kernel driver. Previously, only the first state handle was instantiated. The second one was instantiated by the CAAM kernel driver. This works if the kernel runs in secure mode, but fails in non-secure mode since the kernel driver uses DEC0 directly instead of over the job ring interface. Instantiating all RNG state handles in u-boot removes the need for using DEC0 in the kernel driver, making it possible to use the CAAM in non-secure mode. Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de> Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Reviewed-by: York Sun <york.sun@nxp.com> |
#
511fc86d |
|
17-Apr-2017 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
arm: ls1046ardb: Add SD secure boot target - Add SD secure boot target for ls1046ardb. - Change the u-boot size defined by a macro for copying the main U-Boot by SPL to also include the u-boot Secure Boot header size as header is appended to u-boot image. So header will also be copied from SD to DDR. - CONFIG_MAX_SPL_SIZE is limited to 90KB. SPL is copied to OCRAM (128K) where 32K are reserved for use by boot ROM and 6K for the header. - Reduce the size of CAAM driver for SPL Blobification functions and descriptors, that are not required at the time of SPL are disabled. Further error code conversion to strings is disabled for SPL build. Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com> |
#
fc0b5948 |
|
07-Sep-2016 |
Robert P. J. Day <rpjday@crashcourse.ca> |
Various, accumulated typos collected from around the tree. Fix various misspellings of: * deprecated * partition * preceding,preceded * preparation * its versus it's * export * existing * scenario * redundant * remaining * value * architecture Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Reviewed-by: Jagan Teki <jteki@openedev.com> Reviewed-by: Stefan Roese <sr@denx.de> |
#
f91e65a7 |
|
02-Feb-2016 |
Ulises Cardenas <raul.casas@nxp.com> |
imx: Refactoring CAAM Job Ring structure and Secure Memory for imx7 Refactored data structure for CAAM's job ring and Secure Memory to support i.MX7. The new memory map use macros to resolve SM's offset by version. This will solve the versioning issue caused by the new version of secure memory of i.MX7 Signed-off-by: Ulises Cardenas <raul.casas@nxp.com> Reviewed-by: Stefano Babic <sbabic@denx.de> |
#
0200020b |
|
27-Feb-2015 |
Raul Cardenas <Ulises.Cardenas@freescale.com> |
imx6: Added DEK blob generator command Freescale's SEC block has built-in Data Encryption Key(DEK) Blob Protocol which provides a method for protecting a DEK for non-secure memory storage. SEC block protects data in a data structure called a Secret Key Blob, which provides both confidentiality and integrity protection. Every time the blob encapsulation is executed, a AES-256 key is randomly generated to encrypt the DEK. This key is encrypted with the OTP Secret key from SoC. The resulting blob consists of the encrypted AES-256 key, the encrypted DEK, and a 16-bit MAC. During decapsulation, the reverse process is performed to get back the original DEK. A caveat to the blob decapsulation process, is that the DEK is decrypted in secure-memory and can only be read by FSL SEC HW. The DEK is used to decrypt data during encrypted boot. Commands added -------------- dek_blob - encapsulating DEK as a cryptgraphic blob Commands Syntax --------------- dek_blob src dst len Encapsulate and create blob of a len-bits DEK at address src and store the result at address dst. Signed-off-by: Raul Cardenas <Ulises.Cardenas@freescale.com> Signed-off-by: Nitin Garg <nitin.garg@freescale.com> Signed-off-by: Ulises Cardenas <ulises.cardenas@freescale.com> Signed-off-by: Ulises Cardenas-B45798 <Ulises.Cardenas@freescale.com> |
#
34276478 |
|
23-Jan-2015 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
DM: crypto/fsl - Add Freescale rsa DM driver Driver added for RSA Modular Exponentiation using Freescale Hardware Accelerator CAAM. The driver uses UCLASS_MOD_EXP Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> |
#
c5de15cb |
|
07-Oct-2014 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
crypto/fsl: Add command for encapsulating/decapsulating blobs Freescale's SEC block has built-in Blob Protocol which provides a method for protecting user-defined data across system power cycles. SEC block protects data in a data structure called a Blob, which provides both confidentiality and integrity protection. Encapsulating data as a blob Each time that the Blob Protocol is used to protect data, a different randomly generated key is used to encrypt the data. This random key is itself encrypted using a key which is derived from SoC's non volatile secret key and a 16 bit Key identifier. The resulting encrypted key along with encrypted data is called a blob. The non volatile secure key is available for use only during secure boot. During decapsulation, the reverse process is performed to get back the original data. Commands added -------------- blob enc - encapsulating data as a cryptgraphic blob blob dec - decapsulating cryptgraphic blob to get the data Commands Syntax --------------- blob enc src dst len km Encapsulate and create blob of data $len bytes long at address $src and store the result at address $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. blob dec src dst len km Decapsulate the blob of data at address $src and store result of $len byte at addr $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> |
#
b9eebfad |
|
15-Oct-2014 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
fsl_sec: Add hardware accelerated SHA256 and SHA1 SHA-256 and SHA-1 accelerated using SEC hardware in Freescale SoC's The driver for SEC (CAAM) IP is based on linux drivers/crypto/caam. The platforms needto add the MACRO CONFIG_FSL_CAAM inorder to enable initialization of this hardware IP. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> |
#
ea95f214 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: add RNG support Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
b980f9e2 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: instantiate the RNG with prediciton resistance If it is already instantiated tear it down first and then reinstanciate it again with prediction resistance. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
c269a970 |
|
27-Jun-2020 |
Michael Walle <michael@walle.cc> |
crypto/fsl: don't regenerate secure keys The secure keys (TDKEK, JDKEK, TDSK) can only be generated once after a POR. Otherwise the RNG4 will throw an error. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
32e4b65d |
|
27-Jun-2020 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
crypto/fsl: correct printf() statement. The sequence of arguments should match the format string. For printing unsigned numbers we should use %u. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> |
#
90526e9f |
|
10-May-2020 |
Simon Glass <sjg@chromium.org> |
common: Drop net.h from common header Move this header out of the common header. Network support is used in quite a few places but it still does not warrant blanket inclusion. Note that this net.h header itself has quite a lot in it. It could be split into the driver-mode support, functions, structures, checksumming, etc. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1eb69ae4 |
|
14-Nov-2019 |
Simon Glass <sjg@chromium.org> |
common: Move ARM cache operations out of common.h These functions are CPU-related and do not use driver model. Move them to cpu_func.h Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com> Reviewed-by: Tom Rini <trini@konsulko.com> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
dfaec760 |
|
25-Jan-2018 |
Lukas Auer <lukas.auer@aisec.fraunhofer.de> |
crypto/fsl: instantiate all rng state handles Extend the instantiate_rng() function and the corresponding CAAM job descriptor to instantiate all RNG state handles. This moves the RNG instantiation code in line with the CAAM kernel driver. Previously, only the first state handle was instantiated. The second one was instantiated by the CAAM kernel driver. This works if the kernel runs in secure mode, but fails in non-secure mode since the kernel driver uses DEC0 directly instead of over the job ring interface. Instantiating all RNG state handles in u-boot removes the need for using DEC0 in the kernel driver, making it possible to use the CAAM in non-secure mode. Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de> Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Reviewed-by: York Sun <york.sun@nxp.com> |
#
511fc86d |
|
17-Apr-2017 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
arm: ls1046ardb: Add SD secure boot target - Add SD secure boot target for ls1046ardb. - Change the u-boot size defined by a macro for copying the main U-Boot by SPL to also include the u-boot Secure Boot header size as header is appended to u-boot image. So header will also be copied from SD to DDR. - CONFIG_MAX_SPL_SIZE is limited to 90KB. SPL is copied to OCRAM (128K) where 32K are reserved for use by boot ROM and 6K for the header. - Reduce the size of CAAM driver for SPL Blobification functions and descriptors, that are not required at the time of SPL are disabled. Further error code conversion to strings is disabled for SPL build. Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com> |
#
fc0b5948 |
|
07-Sep-2016 |
Robert P. J. Day <rpjday@crashcourse.ca> |
Various, accumulated typos collected from around the tree. Fix various misspellings of: * deprecated * partition * preceding,preceded * preparation * its versus it's * export * existing * scenario * redundant * remaining * value * architecture Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Reviewed-by: Jagan Teki <jteki@openedev.com> Reviewed-by: Stefan Roese <sr@denx.de> |
#
f91e65a7 |
|
02-Feb-2016 |
Ulises Cardenas <raul.casas@nxp.com> |
imx: Refactoring CAAM Job Ring structure and Secure Memory for imx7 Refactored data structure for CAAM's job ring and Secure Memory to support i.MX7. The new memory map use macros to resolve SM's offset by version. This will solve the versioning issue caused by the new version of secure memory of i.MX7 Signed-off-by: Ulises Cardenas <raul.casas@nxp.com> Reviewed-by: Stefano Babic <sbabic@denx.de> |
#
0200020b |
|
27-Feb-2015 |
Raul Cardenas <Ulises.Cardenas@freescale.com> |
imx6: Added DEK blob generator command Freescale's SEC block has built-in Data Encryption Key(DEK) Blob Protocol which provides a method for protecting a DEK for non-secure memory storage. SEC block protects data in a data structure called a Secret Key Blob, which provides both confidentiality and integrity protection. Every time the blob encapsulation is executed, a AES-256 key is randomly generated to encrypt the DEK. This key is encrypted with the OTP Secret key from SoC. The resulting blob consists of the encrypted AES-256 key, the encrypted DEK, and a 16-bit MAC. During decapsulation, the reverse process is performed to get back the original DEK. A caveat to the blob decapsulation process, is that the DEK is decrypted in secure-memory and can only be read by FSL SEC HW. The DEK is used to decrypt data during encrypted boot. Commands added -------------- dek_blob - encapsulating DEK as a cryptgraphic blob Commands Syntax --------------- dek_blob src dst len Encapsulate and create blob of a len-bits DEK at address src and store the result at address dst. Signed-off-by: Raul Cardenas <Ulises.Cardenas@freescale.com> Signed-off-by: Nitin Garg <nitin.garg@freescale.com> Signed-off-by: Ulises Cardenas <ulises.cardenas@freescale.com> Signed-off-by: Ulises Cardenas-B45798 <Ulises.Cardenas@freescale.com> |
#
34276478 |
|
23-Jan-2015 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
DM: crypto/fsl - Add Freescale rsa DM driver Driver added for RSA Modular Exponentiation using Freescale Hardware Accelerator CAAM. The driver uses UCLASS_MOD_EXP Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> |
#
c5de15cb |
|
07-Oct-2014 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
crypto/fsl: Add command for encapsulating/decapsulating blobs Freescale's SEC block has built-in Blob Protocol which provides a method for protecting user-defined data across system power cycles. SEC block protects data in a data structure called a Blob, which provides both confidentiality and integrity protection. Encapsulating data as a blob Each time that the Blob Protocol is used to protect data, a different randomly generated key is used to encrypt the data. This random key is itself encrypted using a key which is derived from SoC's non volatile secret key and a 16 bit Key identifier. The resulting encrypted key along with encrypted data is called a blob. The non volatile secure key is available for use only during secure boot. During decapsulation, the reverse process is performed to get back the original data. Commands added -------------- blob enc - encapsulating data as a cryptgraphic blob blob dec - decapsulating cryptgraphic blob to get the data Commands Syntax --------------- blob enc src dst len km Encapsulate and create blob of data $len bytes long at address $src and store the result at address $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. blob dec src dst len km Decapsulate the blob of data at address $src and store result of $len byte at addr $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> |
#
b9eebfad |
|
15-Oct-2014 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
fsl_sec: Add hardware accelerated SHA256 and SHA1 SHA-256 and SHA-1 accelerated using SEC hardware in Freescale SoC's The driver for SEC (CAAM) IP is based on linux drivers/crypto/caam. The platforms needto add the MACRO CONFIG_FSL_CAAM inorder to enable initialization of this hardware IP. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> |
#
90526e9f |
|
10-May-2020 |
Simon Glass <sjg@chromium.org> |
common: Drop net.h from common header Move this header out of the common header. Network support is used in quite a few places but it still does not warrant blanket inclusion. Note that this net.h header itself has quite a lot in it. It could be split into the driver-mode support, functions, structures, checksumming, etc. Signed-off-by: Simon Glass <sjg@chromium.org> |
#
1eb69ae4 |
|
14-Nov-2019 |
Simon Glass <sjg@chromium.org> |
common: Move ARM cache operations out of common.h These functions are CPU-related and do not use driver model. Move them to cpu_func.h Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com> Reviewed-by: Tom Rini <trini@konsulko.com> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
dfaec760 |
|
25-Jan-2018 |
Lukas Auer <lukas.auer@aisec.fraunhofer.de> |
crypto/fsl: instantiate all rng state handles Extend the instantiate_rng() function and the corresponding CAAM job descriptor to instantiate all RNG state handles. This moves the RNG instantiation code in line with the CAAM kernel driver. Previously, only the first state handle was instantiated. The second one was instantiated by the CAAM kernel driver. This works if the kernel runs in secure mode, but fails in non-secure mode since the kernel driver uses DEC0 directly instead of over the job ring interface. Instantiating all RNG state handles in u-boot removes the need for using DEC0 in the kernel driver, making it possible to use the CAAM in non-secure mode. Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de> Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Reviewed-by: York Sun <york.sun@nxp.com> |
#
511fc86d |
|
17-Apr-2017 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
arm: ls1046ardb: Add SD secure boot target - Add SD secure boot target for ls1046ardb. - Change the u-boot size defined by a macro for copying the main U-Boot by SPL to also include the u-boot Secure Boot header size as header is appended to u-boot image. So header will also be copied from SD to DDR. - CONFIG_MAX_SPL_SIZE is limited to 90KB. SPL is copied to OCRAM (128K) where 32K are reserved for use by boot ROM and 6K for the header. - Reduce the size of CAAM driver for SPL Blobification functions and descriptors, that are not required at the time of SPL are disabled. Further error code conversion to strings is disabled for SPL build. Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com> |
#
fc0b5948 |
|
07-Sep-2016 |
Robert P. J. Day <rpjday@crashcourse.ca> |
Various, accumulated typos collected from around the tree. Fix various misspellings of: * deprecated * partition * preceding,preceded * preparation * its versus it's * export * existing * scenario * redundant * remaining * value * architecture Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Reviewed-by: Jagan Teki <jteki@openedev.com> Reviewed-by: Stefan Roese <sr@denx.de> |
#
f91e65a7 |
|
02-Feb-2016 |
Ulises Cardenas <raul.casas@nxp.com> |
imx: Refactoring CAAM Job Ring structure and Secure Memory for imx7 Refactored data structure for CAAM's job ring and Secure Memory to support i.MX7. The new memory map use macros to resolve SM's offset by version. This will solve the versioning issue caused by the new version of secure memory of i.MX7 Signed-off-by: Ulises Cardenas <raul.casas@nxp.com> Reviewed-by: Stefano Babic <sbabic@denx.de> |
#
0200020b |
|
27-Feb-2015 |
Raul Cardenas <Ulises.Cardenas@freescale.com> |
imx6: Added DEK blob generator command Freescale's SEC block has built-in Data Encryption Key(DEK) Blob Protocol which provides a method for protecting a DEK for non-secure memory storage. SEC block protects data in a data structure called a Secret Key Blob, which provides both confidentiality and integrity protection. Every time the blob encapsulation is executed, a AES-256 key is randomly generated to encrypt the DEK. This key is encrypted with the OTP Secret key from SoC. The resulting blob consists of the encrypted AES-256 key, the encrypted DEK, and a 16-bit MAC. During decapsulation, the reverse process is performed to get back the original DEK. A caveat to the blob decapsulation process, is that the DEK is decrypted in secure-memory and can only be read by FSL SEC HW. The DEK is used to decrypt data during encrypted boot. Commands added -------------- dek_blob - encapsulating DEK as a cryptgraphic blob Commands Syntax --------------- dek_blob src dst len Encapsulate and create blob of a len-bits DEK at address src and store the result at address dst. Signed-off-by: Raul Cardenas <Ulises.Cardenas@freescale.com> Signed-off-by: Nitin Garg <nitin.garg@freescale.com> Signed-off-by: Ulises Cardenas <ulises.cardenas@freescale.com> Signed-off-by: Ulises Cardenas-B45798 <Ulises.Cardenas@freescale.com> |
#
34276478 |
|
23-Jan-2015 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
DM: crypto/fsl - Add Freescale rsa DM driver Driver added for RSA Modular Exponentiation using Freescale Hardware Accelerator CAAM. The driver uses UCLASS_MOD_EXP Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> |
#
c5de15cb |
|
07-Oct-2014 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
crypto/fsl: Add command for encapsulating/decapsulating blobs Freescale's SEC block has built-in Blob Protocol which provides a method for protecting user-defined data across system power cycles. SEC block protects data in a data structure called a Blob, which provides both confidentiality and integrity protection. Encapsulating data as a blob Each time that the Blob Protocol is used to protect data, a different randomly generated key is used to encrypt the data. This random key is itself encrypted using a key which is derived from SoC's non volatile secret key and a 16 bit Key identifier. The resulting encrypted key along with encrypted data is called a blob. The non volatile secure key is available for use only during secure boot. During decapsulation, the reverse process is performed to get back the original data. Commands added -------------- blob enc - encapsulating data as a cryptgraphic blob blob dec - decapsulating cryptgraphic blob to get the data Commands Syntax --------------- blob enc src dst len km Encapsulate and create blob of data $len bytes long at address $src and store the result at address $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. blob dec src dst len km Decapsulate the blob of data at address $src and store result of $len byte at addr $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> |
#
b9eebfad |
|
15-Oct-2014 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
fsl_sec: Add hardware accelerated SHA256 and SHA1 SHA-256 and SHA-1 accelerated using SEC hardware in Freescale SoC's The driver for SEC (CAAM) IP is based on linux drivers/crypto/caam. The platforms needto add the MACRO CONFIG_FSL_CAAM inorder to enable initialization of this hardware IP. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> |
#
1eb69ae4 |
|
14-Nov-2019 |
Simon Glass <sjg@chromium.org> |
common: Move ARM cache operations out of common.h These functions are CPU-related and do not use driver model. Move them to cpu_func.h Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com> Reviewed-by: Tom Rini <trini@konsulko.com> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> |
#
dfaec760 |
|
25-Jan-2018 |
Lukas Auer <lukas.auer@aisec.fraunhofer.de> |
crypto/fsl: instantiate all rng state handles Extend the instantiate_rng() function and the corresponding CAAM job descriptor to instantiate all RNG state handles. This moves the RNG instantiation code in line with the CAAM kernel driver. Previously, only the first state handle was instantiated. The second one was instantiated by the CAAM kernel driver. This works if the kernel runs in secure mode, but fails in non-secure mode since the kernel driver uses DEC0 directly instead of over the job ring interface. Instantiating all RNG state handles in u-boot removes the need for using DEC0 in the kernel driver, making it possible to use the CAAM in non-secure mode. Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de> Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Reviewed-by: York Sun <york.sun@nxp.com> |
#
511fc86d |
|
17-Apr-2017 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
arm: ls1046ardb: Add SD secure boot target - Add SD secure boot target for ls1046ardb. - Change the u-boot size defined by a macro for copying the main U-Boot by SPL to also include the u-boot Secure Boot header size as header is appended to u-boot image. So header will also be copied from SD to DDR. - CONFIG_MAX_SPL_SIZE is limited to 90KB. SPL is copied to OCRAM (128K) where 32K are reserved for use by boot ROM and 6K for the header. - Reduce the size of CAAM driver for SPL Blobification functions and descriptors, that are not required at the time of SPL are disabled. Further error code conversion to strings is disabled for SPL build. Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com> |
#
fc0b5948 |
|
07-Sep-2016 |
Robert P. J. Day <rpjday@crashcourse.ca> |
Various, accumulated typos collected from around the tree. Fix various misspellings of: * deprecated * partition * preceding,preceded * preparation * its versus it's * export * existing * scenario * redundant * remaining * value * architecture Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Reviewed-by: Jagan Teki <jteki@openedev.com> Reviewed-by: Stefan Roese <sr@denx.de> |
#
f91e65a7 |
|
02-Feb-2016 |
Ulises Cardenas <raul.casas@nxp.com> |
imx: Refactoring CAAM Job Ring structure and Secure Memory for imx7 Refactored data structure for CAAM's job ring and Secure Memory to support i.MX7. The new memory map use macros to resolve SM's offset by version. This will solve the versioning issue caused by the new version of secure memory of i.MX7 Signed-off-by: Ulises Cardenas <raul.casas@nxp.com> Reviewed-by: Stefano Babic <sbabic@denx.de> |
#
0200020b |
|
27-Feb-2015 |
Raul Cardenas <Ulises.Cardenas@freescale.com> |
imx6: Added DEK blob generator command Freescale's SEC block has built-in Data Encryption Key(DEK) Blob Protocol which provides a method for protecting a DEK for non-secure memory storage. SEC block protects data in a data structure called a Secret Key Blob, which provides both confidentiality and integrity protection. Every time the blob encapsulation is executed, a AES-256 key is randomly generated to encrypt the DEK. This key is encrypted with the OTP Secret key from SoC. The resulting blob consists of the encrypted AES-256 key, the encrypted DEK, and a 16-bit MAC. During decapsulation, the reverse process is performed to get back the original DEK. A caveat to the blob decapsulation process, is that the DEK is decrypted in secure-memory and can only be read by FSL SEC HW. The DEK is used to decrypt data during encrypted boot. Commands added -------------- dek_blob - encapsulating DEK as a cryptgraphic blob Commands Syntax --------------- dek_blob src dst len Encapsulate and create blob of a len-bits DEK at address src and store the result at address dst. Signed-off-by: Raul Cardenas <Ulises.Cardenas@freescale.com> Signed-off-by: Nitin Garg <nitin.garg@freescale.com> Signed-off-by: Ulises Cardenas <ulises.cardenas@freescale.com> Signed-off-by: Ulises Cardenas-B45798 <Ulises.Cardenas@freescale.com> |
#
34276478 |
|
23-Jan-2015 |
Ruchika Gupta <ruchika.gupta@freescale.com> |
DM: crypto/fsl - Add Freescale rsa DM driver Driver added for RSA Modular Exponentiation using Freescale Hardware Accelerator CAAM. The driver uses UCLASS_MOD_EXP Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> |
#
c5de15cb |
|
07-Oct-2014 |
Ruchika Gupta <ruchika.gupta@freescale.com> |
crypto/fsl: Add command for encapsulating/decapsulating blobs Freescale's SEC block has built-in Blob Protocol which provides a method for protecting user-defined data across system power cycles. SEC block protects data in a data structure called a Blob, which provides both confidentiality and integrity protection. Encapsulating data as a blob Each time that the Blob Protocol is used to protect data, a different randomly generated key is used to encrypt the data. This random key is itself encrypted using a key which is derived from SoC's non volatile secret key and a 16 bit Key identifier. The resulting encrypted key along with encrypted data is called a blob. The non volatile secure key is available for use only during secure boot. During decapsulation, the reverse process is performed to get back the original data. Commands added -------------- blob enc - encapsulating data as a cryptgraphic blob blob dec - decapsulating cryptgraphic blob to get the data Commands Syntax --------------- blob enc src dst len km Encapsulate and create blob of data $len bytes long at address $src and store the result at address $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. blob dec src dst len km Decapsulate the blob of data at address $src and store result of $len byte at addr $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> |
#
b9eebfad |
|
15-Oct-2014 |
Ruchika Gupta <ruchika.gupta@freescale.com> |
fsl_sec: Add hardware accelerated SHA256 and SHA1 SHA-256 and SHA-1 accelerated using SEC hardware in Freescale SoC's The driver for SEC (CAAM) IP is based on linux drivers/crypto/caam. The platforms needto add the MACRO CONFIG_FSL_CAAM inorder to enable initialization of this hardware IP. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> |
#
83d290c5 |
|
06-May-2018 |
Tom Rini <trini@konsulko.com> |
SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
dfaec760 |
|
25-Jan-2018 |
Lukas Auer <lukas.auer@aisec.fraunhofer.de> |
crypto/fsl: instantiate all rng state handles Extend the instantiate_rng() function and the corresponding CAAM job descriptor to instantiate all RNG state handles. This moves the RNG instantiation code in line with the CAAM kernel driver. Previously, only the first state handle was instantiated. The second one was instantiated by the CAAM kernel driver. This works if the kernel runs in secure mode, but fails in non-secure mode since the kernel driver uses DEC0 directly instead of over the job ring interface. Instantiating all RNG state handles in u-boot removes the need for using DEC0 in the kernel driver, making it possible to use the CAAM in non-secure mode. Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de> Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Reviewed-by: York Sun <york.sun@nxp.com>
|
#
511fc86d |
|
17-Apr-2017 |
Ruchika Gupta <ruchika.gupta@nxp.com> |
arm: ls1046ardb: Add SD secure boot target - Add SD secure boot target for ls1046ardb. - Change the u-boot size defined by a macro for copying the main U-Boot by SPL to also include the u-boot Secure Boot header size as header is appended to u-boot image. So header will also be copied from SD to DDR. - CONFIG_MAX_SPL_SIZE is limited to 90KB. SPL is copied to OCRAM (128K) where 32K are reserved for use by boot ROM and 6K for the header. - Reduce the size of CAAM driver for SPL Blobification functions and descriptors, that are not required at the time of SPL are disabled. Further error code conversion to strings is disabled for SPL build. Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
|
#
fc0b5948 |
|
07-Sep-2016 |
Robert P. J. Day <rpjday@crashcourse.ca> |
Various, accumulated typos collected from around the tree. Fix various misspellings of: * deprecated * partition * preceding,preceded * preparation * its versus it's * export * existing * scenario * redundant * remaining * value * architecture Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Reviewed-by: Jagan Teki <jteki@openedev.com> Reviewed-by: Stefan Roese <sr@denx.de>
|
#
f91e65a7 |
|
02-Feb-2016 |
Ulises Cardenas <raul.casas@nxp.com> |
imx: Refactoring CAAM Job Ring structure and Secure Memory for imx7 Refactored data structure for CAAM's job ring and Secure Memory to support i.MX7. The new memory map use macros to resolve SM's offset by version. This will solve the versioning issue caused by the new version of secure memory of i.MX7 Signed-off-by: Ulises Cardenas <raul.casas@nxp.com> Reviewed-by: Stefano Babic <sbabic@denx.de>
|
#
0200020b |
|
27-Feb-2015 |
Raul Cardenas <Ulises.Cardenas@freescale.com> |
imx6: Added DEK blob generator command Freescale's SEC block has built-in Data Encryption Key(DEK) Blob Protocol which provides a method for protecting a DEK for non-secure memory storage. SEC block protects data in a data structure called a Secret Key Blob, which provides both confidentiality and integrity protection. Every time the blob encapsulation is executed, a AES-256 key is randomly generated to encrypt the DEK. This key is encrypted with the OTP Secret key from SoC. The resulting blob consists of the encrypted AES-256 key, the encrypted DEK, and a 16-bit MAC. During decapsulation, the reverse process is performed to get back the original DEK. A caveat to the blob decapsulation process, is that the DEK is decrypted in secure-memory and can only be read by FSL SEC HW. The DEK is used to decrypt data during encrypted boot. Commands added -------------- dek_blob - encapsulating DEK as a cryptgraphic blob Commands Syntax --------------- dek_blob src dst len Encapsulate and create blob of a len-bits DEK at address src and store the result at address dst. Signed-off-by: Raul Cardenas <Ulises.Cardenas@freescale.com> Signed-off-by: Nitin Garg <nitin.garg@freescale.com> Signed-off-by: Ulises Cardenas <ulises.cardenas@freescale.com> Signed-off-by: Ulises Cardenas-B45798 <Ulises.Cardenas@freescale.com>
|
#
34276478 |
|
23-Jan-2015 |
Ruchika Gupta <ruchika.gupta@freescale.com> |
DM: crypto/fsl - Add Freescale rsa DM driver Driver added for RSA Modular Exponentiation using Freescale Hardware Accelerator CAAM. The driver uses UCLASS_MOD_EXP Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org>
|
#
c5de15cb |
|
07-Oct-2014 |
Ruchika Gupta <ruchika.gupta@freescale.com> |
crypto/fsl: Add command for encapsulating/decapsulating blobs Freescale's SEC block has built-in Blob Protocol which provides a method for protecting user-defined data across system power cycles. SEC block protects data in a data structure called a Blob, which provides both confidentiality and integrity protection. Encapsulating data as a blob Each time that the Blob Protocol is used to protect data, a different randomly generated key is used to encrypt the data. This random key is itself encrypted using a key which is derived from SoC's non volatile secret key and a 16 bit Key identifier. The resulting encrypted key along with encrypted data is called a blob. The non volatile secure key is available for use only during secure boot. During decapsulation, the reverse process is performed to get back the original data. Commands added -------------- blob enc - encapsulating data as a cryptgraphic blob blob dec - decapsulating cryptgraphic blob to get the data Commands Syntax --------------- blob enc src dst len km Encapsulate and create blob of data $len bytes long at address $src and store the result at address $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. blob dec src dst len km Decapsulate the blob of data at address $src and store result of $len byte at addr $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
|
#
b9eebfad |
|
15-Oct-2014 |
Ruchika Gupta <ruchika.gupta@freescale.com> |
fsl_sec: Add hardware accelerated SHA256 and SHA1 SHA-256 and SHA-1 accelerated using SEC hardware in Freescale SoC's The driver for SEC (CAAM) IP is based on linux drivers/crypto/caam. The platforms needto add the MACRO CONFIG_FSL_CAAM inorder to enable initialization of this hardware IP. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
|