Merge branch 'master' of git://git.denx.de/u-boot-fsl-qoriq

arch/arm/cpu/armv8/fsl-layerscape/soc.c

@@ -151,7 +151,14 @@ static void erratum_a009203(void)
 #endif
 #endif
 }
-
+void bypass_smmu(void)
+{
+	u32 val;
+	val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK);
+	out_le32(SMMU_SCR0, val);
+	val = (in_le32(SMMU_NSCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK);
+	out_le32(SMMU_NSCR0, val);
+}
 void fsl_lsch3_early_init_f(void)
 {
 	erratum_a008751();
@@ -160,6 +167,15 @@ void fsl_lsch3_early_init_f(void)
 	erratum_a009203();
 	erratum_a008514();
 	erratum_a008336();
+#ifdef CONFIG_CHAIN_OF_TRUST
+	/* In case of Secure Boot, the IBR configures the SMMU
+	* to allow only Secure transactions.
+	* SMMU must be reset in bypass mode.
+	* Set the ClientPD bit and Clear the USFCFG Bit
+	*/
+	if (fsl_check_boot_mode_secure() == 1)
+		bypass_smmu();
+#endif
 }
 
 #ifdef CONFIG_SCSI_AHCI_PLAT
@@ -240,7 +256,7 @@ void fsl_lsch2_early_init_f(void)
 	init_early_memctl_regs();	/* tighten IFC timing */
 #endif
 
-#ifdef CONFIG_FSL_QSPI
+#if defined(CONFIG_FSL_QSPI) && !defined(CONFIG_QSPI_BOOT)
 	out_be32(&scfg->qspi_cfg, SCFG_QSPI_CLKSEL);
 #endif
 	/* Make SEC reads and writes snoopable */

arch/arm/dts/fsl-ls1043a-qds.dtsi

@@ -28,8 +28,10 @@
 		#address-cells = <1>;
 		#size-cells = <1>;
 		compatible = "spi-flash";
-		reg = <0>;
 		spi-max-frequency = <1000000>; /* input clock */
+		spi-cpol;
+		spi-cpha;
+		reg = <0>;
 	};
 
 	dflash1: sst25wf040b {
@@ -37,6 +39,8 @@
 		#size-cells = <1>;
 		compatible = "spi-flash";
 		spi-max-frequency = <3500000>;
+		spi-cpol;
+		spi-cpha;
 		reg = <1>;
 	};
 
@@ -45,6 +49,8 @@
 		#size-cells = <1>;
 		compatible = "spi-flash";
 		spi-max-frequency = <3500000>;
+		spi-cpol;
+		spi-cpha;
 		reg = <2>;
 	};
 };

arch/arm/include/asm/arch-fsl-layerscape/config.h

@@ -67,6 +67,24 @@
 /* SMMU Defintions */
 #define SMMU_BASE			0x05000000 /* GR0 Base */
 
+/* SFP */
+#define CONFIG_SYS_FSL_SFP_VER_3_4
+#define CONFIG_SYS_FSL_SFP_LE
+#define CONFIG_SYS_FSL_SRK_LE
+
+/* SEC */
+#define CONFIG_SYS_FSL_SEC_LE
+#define CONFIG_SYS_FSL_SEC_COMPAT	5
+
+/* Security Monitor */
+#define CONFIG_SYS_FSL_SEC_MON_LE
+
+/* Secure Boot */
+#define CONFIG_ESBC_HDR_LS
+
+/* DCFG - GUR */
+#define CONFIG_SYS_FSL_CCSR_GUR_LE
+
 /* Cache Coherent Interconnect */
 #define CCI_MN_BASE			0x04000000
 #define CCI_MN_RNF_NODEID_LIST		0x180

arch/arm/include/asm/arch-fsl-layerscape/cpu.h

@@ -12,6 +12,7 @@ static struct cpu_type cpu_type_list[] = {
 	CPU_TYPE_ENTRY(LS2085, LS2085, 8),
 	CPU_TYPE_ENTRY(LS2045, LS2045, 4),
 	CPU_TYPE_ENTRY(LS1043, LS1043, 4),
+	CPU_TYPE_ENTRY(LS1023, LS1023, 2),
 	CPU_TYPE_ENTRY(LS2040, LS2040, 4),
 };
 

arch/arm/include/asm/arch-fsl-layerscape/immap_lsch3.h

@@ -73,6 +73,32 @@
 #define AHCI_BASE_ADDR1				(CONFIG_SYS_IMMR + 0x02200000)
 #define AHCI_BASE_ADDR2				(CONFIG_SYS_IMMR + 0x02210000)
 
+/* SFP */
+#define CONFIG_SYS_SFP_ADDR		(CONFIG_SYS_IMMR + 0x00e80200)
+
+/* SEC */
+#define CONFIG_SYS_FSL_SEC_ADDR		(CONFIG_SYS_IMMR + 0x07000000)
+#define CONFIG_SYS_FSL_JR0_ADDR		(CONFIG_SYS_IMMR + 0x07010000)
+
+/* Security Monitor */
+#define CONFIG_SYS_SEC_MON_ADDR		(CONFIG_SYS_IMMR + 0x00e90000)
+
+/* MMU 500 */
+#define SMMU_SCR0			(SMMU_BASE + 0x0)
+#define SMMU_SCR1			(SMMU_BASE + 0x4)
+#define SMMU_SCR2			(SMMU_BASE + 0x8)
+#define SMMU_SACR			(SMMU_BASE + 0x10)
+#define SMMU_IDR0			(SMMU_BASE + 0x20)
+#define SMMU_IDR1			(SMMU_BASE + 0x24)
+
+#define SMMU_NSCR0			(SMMU_BASE + 0x400)
+#define SMMU_NSCR2			(SMMU_BASE + 0x408)
+#define SMMU_NSACR			(SMMU_BASE + 0x410)
+
+#define SCR0_CLIENTPD_MASK		0x00000001
+#define SCR0_USFCFG_MASK		0x00000400
+
+
 /* PCIe */
 #define CONFIG_SYS_PCIE1_ADDR			(CONFIG_SYS_IMMR + 0x2400000)
 #define CONFIG_SYS_PCIE2_ADDR			(CONFIG_SYS_IMMR + 0x2500000)
@@ -154,6 +180,10 @@ struct ccsr_gur {
 	u8	res_008[0x20-0x8];
 	u32	gpporcr1;	/* General-purpose POR configuration */
 	u32	gpporcr2;	/* General-purpose POR configuration 2 */
+#define FSL_CHASSIS3_DCFG_FUSESR_VID_SHIFT	25
+#define FSL_CHASSIS3_DCFG_FUSESR_VID_MASK	0x1F
+#define FSL_CHASSIS3_DCFG_FUSESR_ALTVID_SHIFT	20
+#define FSL_CHASSIS3_DCFG_FUSESR_ALTVID_MASK	0x1F
 	u32	dcfg_fusesr;	/* Fuse status register */
 	u32	gpporcr3;
 	u32	gpporcr4;
@@ -209,6 +239,8 @@ struct ccsr_gur {
 #define	FSL_CHASSIS3_RCWSR28_SRDS1_PRTCL_SHIFT	16
 #define	FSL_CHASSIS3_RCWSR28_SRDS2_PRTCL_MASK	0xFF000000
 #define	FSL_CHASSIS3_RCWSR28_SRDS2_PRTCL_SHIFT	24
+#define RCW_SB_EN_REG_INDEX	9
+#define RCW_SB_EN_MASK		0x00000400
 
 	u8	res_180[0x200-0x180];
 	u32	scratchrw[32];	/* Scratch Read/Write */

arch/arm/include/asm/arch-fsl-layerscape/soc.h

@@ -41,7 +41,8 @@ struct cpu_type {
 	{ .name = #n, .soc_ver = SVR_##v, .num_cores = (nc)}
 
 #define SVR_WO_E		0xFFFFFE
-#define SVR_LS1043		0x879204
+#define SVR_LS1043		0x879200
+#define SVR_LS1023		0x879208
 #define SVR_LS2045		0x870120
 #define SVR_LS2080		0x870110
 #define SVR_LS2085		0x870100

arch/arm/include/asm/fsl_secure_boot.h

@@ -18,7 +18,9 @@
 #ifdef CONFIG_CHAIN_OF_TRUST
 #define CONFIG_CMD_ESBC_VALIDATE
 #define CONFIG_CMD_BLOB
+#define CONFIG_CMD_HASH
 #define CONFIG_FSL_SEC_MON
+#define CONFIG_SHA_HW_ACCEL
 #define CONFIG_SHA_PROG_HW_ACCEL
 #define CONFIG_RSA_FREESCALE_EXP
 
@@ -35,21 +37,61 @@
  * The feature is only applicable in case of NOR boot and is
  * not applicable in case of RAMBOOT (NAND, SD, SPI).
  */
+#ifndef CONFIG_ESBC_HDR_LS
+/* Current Key EXT feature not available in LS ESBC Header */
 #define CONFIG_FSL_ISBC_KEY_EXT
 #endif
 
-#ifdef CONFIG_LS1043A
-/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit */
+#endif
+
+#if defined(CONFIG_LS1043A) || defined(CONFIG_LS2080A) ||\
+	defined(CONFIG_LS2085A)
+/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit
+ * Similiarly for LS2080 and LS2085
+ */
 #define CONFIG_ESBC_ADDR_64BIT
 #endif
 
+#if defined(CONFIG_LS2080A) || defined(CONFIG_LS2085A)
+#define CONFIG_EXTRA_ENV \
+	"setenv fdt_high 0xa0000000;"	\
+	"setenv initrd_high 0xcfffffff;"	\
+	"setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';"
+#else
 #define CONFIG_EXTRA_ENV \
 	"setenv fdt_high 0xcfffffff;"	\
 	"setenv initrd_high 0xcfffffff;"	\
 	"setenv hwconfig \'fsl_ddr:ctlr_intlv=null,bank_intlv=null\';"
+#endif
 
-/* The address needs to be modified according to NOR memory map */
-#define CONFIG_BOOTSCRIPT_HDR_ADDR	0x600a0000
+/* Copying Bootscript and Header to DDR from NOR for LS2 and for rest, from
+ * Non-XIP Memory (Nand/SD)*/
+#if defined(CONFIG_SYS_RAMBOOT) || defined(CONFIG_LS2080A) ||\
+	defined(CONFIG_LS2085A)
+#define CONFIG_BOOTSCRIPT_COPY_RAM
+#endif
+/* The address needs to be modified according to NOR and DDR memory map */
+#if defined(CONFIG_LS2080A) || defined(CONFIG_LS2085A)
+#define CONFIG_BS_HDR_ADDR_FLASH	0x583920000
+#define CONFIG_BS_ADDR_FLASH		0x583900000
+#define CONFIG_BS_HDR_ADDR_RAM		0xa3920000
+#define CONFIG_BS_ADDR_RAM		0xa3900000
+#else
+#define CONFIG_BS_HDR_ADDR_FLASH	0x600a0000
+#define CONFIG_BS_ADDR_FLASH		0x60060000
+#define CONFIG_BS_HDR_ADDR_RAM		0xa0060000
+#define CONFIG_BS_ADDR_RAM		0xa0060000
+#endif
+
+#ifdef CONFIG_BOOTSCRIPT_COPY_RAM
+#define CONFIG_BOOTSCRIPT_HDR_ADDR	CONFIG_BS_HDR_ADDR_RAM
+#define CONFIG_BS_HDR_SIZE		0x00002000
+#define CONFIG_BOOTSCRIPT_ADDR		CONFIG_BS_ADDR_RAM
+#define CONFIG_BS_SIZE			0x00001000
+#else
+#define CONFIG_BOOTSCRIPT_HDR_ADDR	CONFIG_BS_HDR_ADDR_FLASH
+/* BS_HDR_SIZE, BOOTSCRIPT_ADDR and BS_SIZE are not required */
+#endif
 
 #include <config_fsl_chain_trust.h>
 #endif /* #ifdef CONFIG_CHAIN_OF_TRUST */

board/freescale/common/cmd_esbc_validate.c

@@ -8,7 +8,7 @@
 #include <command.h>
 #include <fsl_validate.h>
 
-static int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
+int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
 				char * const argv[])
 {
 	if (fsl_check_boot_mode_secure() == 0) {
@@ -29,6 +29,8 @@ static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag, int argc,
 	char *hash_str = NULL;
 	uintptr_t haddr;
 	int ret;
+	uintptr_t img_addr = 0;
+	char buf[20];
 
 	if (argc < 2)
 		return cmd_usage(cmdtp);
@@ -43,7 +45,15 @@ static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag, int argc,
 	 * part of header. So, the function is called
 	 * by passing this argument as 0.
 	 */
-	ret = fsl_secboot_validate(haddr, hash_str, 0);
+	ret = fsl_secboot_validate(haddr, hash_str, &img_addr);
+
+	/* Need to set "img_addr" even if validation failure.
+	 * Required when SB_EN in RCW set and non-fatal error
+	 * to continue U-Boot
+	 */
+	sprintf(buf, "%lx", img_addr);
+	setenv("img_addr", buf);
+
 	if (ret)
 		return 1;
 

board/freescale/common/fsl_validate.c

@@ -35,7 +35,13 @@ static const u8 hash_identifier[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60,
 		};
 
 static u8 hash_val[SHA256_BYTES];
+
+#ifdef CONFIG_ESBC_HDR_LS
+/* New Barker Code for LS ESBC Header */
+static const u8 barker_code[ESBC_BARKER_LEN] = { 0x12, 0x19, 0x20, 0x01 };
+#else
 static const u8 barker_code[ESBC_BARKER_LEN] = { 0x68, 0x39, 0x27, 0x81 };
+#endif
 
 void branch_to_self(void) __attribute__ ((noreturn));
 
@@ -157,10 +163,15 @@ static int get_ie_info_addr(u32 *ie_addr)
 /* This function checks srk_table_flag in header and set/reset srk_flag.*/
 static u32 check_srk(struct fsl_secboot_img_priv *img)
 {
+#ifdef CONFIG_ESBC_HDR_LS
+	/* In LS, No SRK Flag as SRK is always present*/
+	return 1;
+#else
 	if (img->hdr.len_kr.srk_table_flag & SRK_FLAG)
 		return 1;
 
 	return 0;
+#endif
 }
 
 /* This function returns ospr's key_revoc values.*/
@@ -223,6 +234,7 @@ static u32 read_validate_srk_tbl(struct fsl_secboot_img_priv *img)
 }
 #endif
 
+#ifndef CONFIG_ESBC_HDR_LS
 static u32 read_validate_single_key(struct fsl_secboot_img_priv *img)
 {
 	struct fsl_secboot_img_hdr *hdr = &img->hdr;
@@ -238,6 +250,7 @@ static u32 read_validate_single_key(struct fsl_secboot_img_priv *img)
 
 	return 0;
 }
+#endif /* CONFIG_ESBC_HDR_LS */
 
 #if defined(CONFIG_FSL_ISBC_KEY_EXT)
 static u32 read_validate_ie_tbl(struct fsl_secboot_img_priv *img)
@@ -312,6 +325,8 @@ static void fsl_secboot_header_verification_failure(void)
 
 	printf("Generating reset request\n");
 	do_reset(NULL, 0, 0, NULL);
+	/* If reset doesn't coocur, halt execution */
+	do_esbc_halt(NULL, 0, 0, NULL);
 }
 
 /*
@@ -342,6 +357,9 @@ static void fsl_secboot_image_verification_failure(void)
 
 			printf("Generating reset request\n");
 			do_reset(NULL, 0, 0, NULL);
+			/* If reset doesn't coocur, halt execution */
+			do_esbc_halt(NULL, 0, 0, NULL);
+
 		} else {
 			change_sec_mon_state(HPSR_SSM_ST_TRUST,
 					     HPSR_SSM_ST_NON_SECURE);
@@ -388,6 +406,7 @@ void fsl_secboot_handle_error(int error)
 	case ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD:
 	case ERROR_ESBC_CLIENT_HEADER_SG_ESBC_EP:
 	case ERROR_ESBC_CLIENT_HEADER_SG_ENTIRES_BAD:
+	case ERROR_KEY_TABLE_NOT_FOUND:
 #ifdef CONFIG_KEY_REVOCATION
 	case ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED:
 	case ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY:
@@ -536,15 +555,22 @@ static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img)
 	if (!key_hash && check_ie(img))
 		key_hash = 1;
 #endif
-	if (!key_hash)
+#ifndef CONFIG_ESBC_HDR_LS
+/* No single key support in LS ESBC header */
+	if (!key_hash) {
 		ret = algo->hash_update(algo, ctx,
 			img->img_key, img->hdr.key_len, 0);
+		key_hash = 1;
+	}
+#endif
 	if (ret)
 		return ret;
+	if (!key_hash)
+		return ERROR_KEY_TABLE_NOT_FOUND;
 
 	/* Update hash for actual Image */
 	ret = algo->hash_update(algo, ctx,
-		(u8 *)img->img_addr, img->img_size, 1);
+		(u8 *)(*(img->img_addr_ptr)), img->img_size, 1);
 	if (ret)
 		return ret;
 
@@ -620,14 +646,11 @@ static void construct_img_encoded_hash_second(struct fsl_secboot_img_priv *img)
  */
 static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img)
 {
-	char buf[20];
 	struct fsl_secboot_img_hdr *hdr = &img->hdr;
 	void *esbc = (u8 *)(uintptr_t)img->ehdrloc;
 	u8 *k, *s;
 	u32 ret = 0;
 
-#ifdef CONFIG_KEY_REVOCATION
-#endif
 	int  key_found = 0;
 
 	/* check barker code */
@@ -637,17 +660,14 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img)
 	/* If Image Address is not passed as argument to function,
 	 * then Address and Size must be read from the Header.
 	 */
-	if (img->img_addr == 0) {
+	if (*(img->img_addr_ptr) == 0) {
 	#ifdef CONFIG_ESBC_ADDR_64BIT
-		img->img_addr = hdr->pimg64;
+		*(img->img_addr_ptr) = hdr->pimg64;
 	#else
-		img->img_addr = hdr->pimg;
+		*(img->img_addr_ptr) = hdr->pimg;
 	#endif
 	}
 
-	sprintf(buf, "%lx", img->img_addr);
-	setenv("img_addr", buf);
-
 	if (!hdr->img_size)
 		return ERROR_ESBC_CLIENT_HEADER_IMG_SIZE;
 
@@ -671,13 +691,17 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img)
 		key_found = 1;
 	}
 #endif
-
+#ifndef CONFIG_ESBC_HDR_LS
+/* Single Key Feature not available in LS ESBC Header */
 	if (key_found == 0) {
 		ret = read_validate_single_key(img);
 		if (ret != 0)
 			return ret;
 		key_found = 1;
 	}
+#endif
+	if (!key_found)
+		return ERROR_KEY_TABLE_NOT_FOUND;
 
 	/* check signaure */
 	if (get_key_len(img) == 2 * hdr->sign_len) {
@@ -691,10 +715,12 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img)
 	}
 
 	memcpy(&img->img_sign, esbc + hdr->psign, hdr->sign_len);
-
+/* No SG support in LS-CH3 */
+#ifndef CONFIG_ESBC_HDR_LS
 	/* No SG support */
 	if (hdr->sg_flag)
 		return ERROR_ESBC_CLIENT_HEADER_SG;
+#endif
 
 	/* modulus most significant bit should be set */
 	k = (u8 *)&img->img_key;
@@ -784,9 +810,17 @@ static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img)
 
 	return 0;
 }
-
+/* haddr - Address of the header of image to be validated.
+ * arg_hash_str - Option hash string. If provided, this
+ * overides the key hash in the SFP fuses.
+ * img_addr_ptr - Optional pointer to address of image to be validated.
+ * If non zero addr, this overides the addr of image in header,
+ * otherwise updated to image addr in header.
+ * Acts as both input and output of function.
+ * This pointer shouldn't be NULL.
+ */
 int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
-			uintptr_t img_addr)
+			uintptr_t *img_addr_ptr)
 {
 	struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR);
 	ulong hash[SHA256_BYTES/sizeof(ulong)];
@@ -839,7 +873,7 @@ int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
 	/* Update the information in Private Struct */
 	hdr = &img->hdr;
 	img->ehdrloc = haddr;
-	img->img_addr = img_addr;
+	img->img_addr_ptr = img_addr_ptr;
 	esbc = (u8 *)img->ehdrloc;
 
 	memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr));

board/freescale/common/vid.c

@@ -10,6 +10,8 @@
 #include <asm/io.h>
 #ifdef CONFIG_LS1043A
 #include <asm/arch/immap_lsch2.h>
+#elif defined(CONFIG_FSL_LSCH3)
+#include <asm/arch/immap_lsch3.h>
 #else
 #include <asm/immap_85xx.h>
 #endif
@@ -285,7 +287,7 @@ static int set_voltage(int i2caddress, int vdd)
 int adjust_vdd(ulong vdd_override)
 {
 	int re_enable = disable_interrupts();
-#ifdef CONFIG_LS1043A
+#if defined(CONFIG_LS1043A) || defined(CONFIG_FSL_LSCH3)
 	struct ccsr_gur *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR);
 #else
 	ccsr_gur_t __iomem *gur =
@@ -362,7 +364,11 @@ int adjust_vdd(ulong vdd_override)
 	}
 
 	/* get the voltage ID from fuse status register */
+#ifdef CONFIG_FSL_LSCH3
+	fusesr = in_le32(&gur->dcfg_fusesr);
+#else
 	fusesr = in_be32(&gur->dcfg_fusesr);
+#endif
 	/*
 	 * VID is used according to the table below
 	 *                ---------------------------------------
@@ -387,6 +393,13 @@ int adjust_vdd(ulong vdd_override)
 		vid = (fusesr >> FSL_CHASSIS2_DCFG_FUSESR_VID_SHIFT) &
 			FSL_CHASSIS2_DCFG_FUSESR_VID_MASK;
 	}
+#elif defined(CONFIG_FSL_LSCH3)
+	vid = (fusesr >> FSL_CHASSIS3_DCFG_FUSESR_ALTVID_SHIFT) &
+		FSL_CHASSIS3_DCFG_FUSESR_ALTVID_MASK;
+	if ((vid == 0) || (vid == FSL_CHASSIS3_DCFG_FUSESR_ALTVID_MASK)) {
+		vid = (fusesr >> FSL_CHASSIS3_DCFG_FUSESR_VID_SHIFT) &
+			FSL_CHASSIS3_DCFG_FUSESR_VID_MASK;
+	}
 #else
 	vid = (fusesr >> FSL_CORENET_DCFG_FUSESR_ALTVID_SHIFT) &
 		FSL_CORENET_DCFG_FUSESR_ALTVID_MASK;

board/freescale/ls2080a/ls2080a.c

@@ -87,14 +87,14 @@ void fdt_fixup_board_enet(void *fdt)
 {
 	int offset;
 
-	offset = fdt_path_offset(fdt, "/fsl-mc");
+	offset = fdt_path_offset(fdt, "/soc/fsl-mc");
 
 	/*
 	 * TODO: Remove this when backward compatibility
-	 * with old DT node (fsl,dprc@0) is no longer needed.
+	 * with old DT node (/fsl-mc) is no longer needed.
 	 */
 	if (offset < 0)
-		offset = fdt_path_offset(fdt, "/fsl,dprc@0");
+		offset = fdt_path_offset(fdt, "/fsl-mc");
 
 	if (offset < 0) {
 		printf("%s: ERROR: fsl-mc node not found in device tree (error %d)\n",

board/freescale/ls2080aqds/MAINTAINERS

@@ -8,3 +8,9 @@ F:	configs/ls2080aqds_defconfig
 F:	configs/ls2080aqds_nand_defconfig
 F:	configs/ls2085aqds_defconfig
 F:	configs/ls2085aqds_nand_defconfig
+
+LS2080A_SECURE_BOOT BOARD
+M:	Saksham Jain <saksham.jain@nxp.freescale.com>
+S:	Maintained
+F:	configs/ls2080aqds_SECURE_BOOT_defconfig
+F:	configs/ls2085aqds_SECURE_BOOT_defconfig

board/freescale/ls2080aqds/ls2080aqds.c

@@ -19,6 +19,7 @@
 #include <rtc.h>
 #include <asm/arch/soc.h>
 #include <hwconfig.h>
+#include <fsl_sec.h>
 
 #include "../common/qixis.h"
 #include "ls2080aqds_qixis.h"
@@ -248,7 +249,9 @@ int arch_misc_init(void)
 #ifdef CONFIG_FSL_DEBUG_SERVER
 	debug_server_init();
 #endif
-
+#ifdef CONFIG_FSL_CAAM
+	sec_init();
+#endif
 	return 0;
 }
 #endif
@@ -258,10 +261,10 @@ void fdt_fixup_board_enet(void *fdt)
 {
 	int offset;
 
-	offset = fdt_path_offset(fdt, "/fsl-mc");
+	offset = fdt_path_offset(fdt, "/soc/fsl-mc");
 
 	if (offset < 0)
-		offset = fdt_path_offset(fdt, "/fsl,dprc@0");
+		offset = fdt_path_offset(fdt, "/fsl-mc");
 
 	if (offset < 0) {
 		printf("%s: ERROR: fsl-mc node not found in device tree (error %d)\n",

board/freescale/ls2080ardb/MAINTAINERS

@@ -8,3 +8,9 @@ F:	configs/ls2080ardb_defconfig
 F:	configs/ls2080ardb_nand_defconfig
 F:	configs/ls2085ardb_defconfig
 F:	configs/ls2085ardb_nand_defconfig
+
+LS2080A_SECURE_BOOT BOARD
+M:	Saksham Jain <saksham.jain@nxp.freescale.com>
+S:	Maintained
+F:	configs/ls2080ardb_SECURE_BOOT_defconfig
+F:	configs/ls2085ardb_SECURE_BOOT_defconfig

board/freescale/ls2080ardb/ls2080ardb.c

@@ -18,9 +18,11 @@
 #include <environment.h>
 #include <i2c.h>
 #include <asm/arch/soc.h>
+#include <fsl_sec.h>
 
 #include "../common/qixis.h"
 #include "ls2080ardb_qixis.h"
+#include "../common/vid.h"
 
 #define PIN_MUX_SEL_SDHC	0x00
 #define PIN_MUX_SEL_DSPI	0x0a
@@ -122,6 +124,11 @@ int select_i2c_ch_pca9547(u8 ch)
 	return 0;
 }
 
+int i2c_multiplexer_select_vid_channel(u8 channel)
+{
+	return select_i2c_ch_pca9547(channel);
+}
+
 int config_board_mux(int ctrl_type)
 {
 	u8 reg5;
@@ -188,6 +195,9 @@ int misc_init_r(void)
 	if (hwconfig("sdhc"))
 		config_board_mux(MUX_TYPE_SDHC);
 
+	if (adjust_vdd(0))
+		printf("Warning: Adjusting core voltage failed.\n");
+
 	return 0;
 }
 
@@ -218,7 +228,9 @@ int arch_misc_init(void)
 #ifdef CONFIG_FSL_DEBUG_SERVER
 	debug_server_init();
 #endif
-
+#ifdef CONFIG_FSL_CAAM
+	sec_init();
+#endif
 	return 0;
 }
 #endif
@@ -228,10 +240,10 @@ void fdt_fixup_board_enet(void *fdt)
 {
 	int offset;
 
-	offset = fdt_path_offset(fdt, "/fsl-mc");
+	offset = fdt_path_offset(fdt, "/soc/fsl-mc");
 
 	if (offset < 0)
-		offset = fdt_path_offset(fdt, "/fsl,dprc@0");
+		offset = fdt_path_offset(fdt, "/fsl-mc");
 
 	if (offset < 0) {
 		printf("%s: ERROR: fsl-mc node not found in device tree (error %d)\n",

configs/ls2080aqds_SECURE_BOOT_defconfig

@@ -0,0 +1,20 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS2080AQDS=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-qds"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2080A, SECURE_BOOT"
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_OF_CONTROL=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_SYS_NS16550=y
+CONFIG_FSL_DSPI=y
+CONFIG_RSA=y

configs/ls2080ardb_SECURE_BOOT_defconfig

@@ -0,0 +1,20 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS2080ARDB=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-rdb"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2080A, SECURE_BOOT"
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_OF_CONTROL=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_SYS_NS16550=y
+CONFIG_FSL_DSPI=y
+CONFIG_RSA=y

configs/ls2085aqds_SECURE_BOOT_defconfig

@@ -0,0 +1,20 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS2080AQDS=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-qds"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2085A, SECURE_BOOT"
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_OF_CONTROL=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_SYS_NS16550=y
+CONFIG_FSL_DSPI=y
+CONFIG_RSA=y

configs/ls2085ardb_SECURE_BOOT_defconfig

@@ -0,0 +1,20 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LS2080ARDB=y
+# CONFIG_SYS_MALLOC_F is not set
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-ls2080a-rdb"
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_SYS_EXTRA_OPTIONS="SYS_FSL_DDR4, LS2085A, SECURE_BOOT"
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_OF_CONTROL=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_NETDEVICES=y
+CONFIG_E1000=y
+CONFIG_SYS_NS16550=y
+CONFIG_FSL_DSPI=y
+CONFIG_RSA=y

drivers/crypto/fsl/desc_constr.h

@@ -112,10 +112,9 @@ static inline void append_ptr(u32 *desc, dma_addr_t ptr)
 #ifdef CONFIG_PHYS_64BIT
 	/* The Position of low and high part of 64 bit address
 	 * will depend on the endianness of CAAM Block */
-	union ptr_addr_t ptr_addr;
-	ptr_addr.m_halfs.high = (u32)(ptr >> 32);
-	ptr_addr.m_halfs.low = (u32)ptr;
-	*offset = ptr_addr.m_whole;
+	union ptr_addr_t *ptr_addr = (union ptr_addr_t *)offset;
+	ptr_addr->m_halfs.high = (u32)(ptr >> 32);
+	ptr_addr->m_halfs.low = (u32)ptr;
 #else
 	*offset = ptr;
 #endif

drivers/crypto/fsl/jr.c

@@ -543,7 +543,20 @@ int sec_init(void)
 	uint32_t liodn_s;
 #endif
 
+	/*
+	 * Modifying CAAM Read/Write Attributes
+	 * For LS2080A and LS2085A
+	 * For AXI Write - Cacheable, Write Back, Write allocate
+	 * For AXI Read - Cacheable, Read allocate
+	 * Only For LS2080a and LS2085a, to solve CAAM coherency issues
+	 */
+#if defined(CONFIG_LS2080A) || defined(CONFIG_LS2085A)
+	mcr = (mcr & ~MCFGR_AWCACHE_MASK) | (0xb << MCFGR_AWCACHE_SHIFT);
+	mcr = (mcr & ~MCFGR_ARCACHE_MASK) | (0x6 << MCFGR_ARCACHE_SHIFT);
+#else
 	mcr = (mcr & ~MCFGR_AWCACHE_MASK) | (0x2 << MCFGR_AWCACHE_SHIFT);
+#endif
+
 #ifdef CONFIG_PHYS_64BIT
 	mcr |= (1 << MCFGR_PS_SHIFT);
 #endif

drivers/crypto/fsl/jr.h

@@ -23,6 +23,9 @@
 #define MCFGR_PS_SHIFT          16
 #define MCFGR_AWCACHE_SHIFT	8
 #define MCFGR_AWCACHE_MASK	(0xf << MCFGR_AWCACHE_SHIFT)
+#define MCFGR_ARCACHE_SHIFT	12
+#define MCFGR_ARCACHE_MASK	(0xf << MCFGR_ARCACHE_SHIFT)
+
 #define JR_INTMASK	  0x00000001
 #define JRCR_RESET                  0x01
 #define JRINT_ERR_HALT_INPROGRESS   0x4

drivers/net/fsl-mc/dpio/qbman_sys.h

@@ -255,11 +255,11 @@ static inline int qbman_swp_sys_init(struct qbman_swp_sys *s,
 	s->addr_cena = d->cena_bar;
 	s->addr_cinh = d->cinh_bar;
 	s->cena = (void *)valloc(CONFIG_SYS_PAGE_SIZE);
-	memset((void *)s->cena, 0x00, CONFIG_SYS_PAGE_SIZE);
 	if (!s->cena) {
 		printf("Could not allocate page for cena shadow\n");
 		return -1;
 	}
+	memset((void *)s->cena, 0x00, CONFIG_SYS_PAGE_SIZE);
 
 #ifdef QBMAN_CHECKING
 	/* We should never be asked to initialise for a portal that isn't in

drivers/net/fsl-mc/mc.c

@@ -747,11 +747,11 @@ static int dpio_init(void)
 err_get_swp_init:
 	dpio_disable(dflt_mc_io, MC_CMD_NO_FLAGS, dflt_dpio->dpio_handle);
 err_get_enable:
-	free(dflt_dpio);
 err_get_attr:
 	dpio_close(dflt_mc_io, MC_CMD_NO_FLAGS, dflt_dpio->dpio_handle);
 	dpio_destroy(dflt_mc_io, MC_CMD_NO_FLAGS, dflt_dpio->dpio_handle);
 err_create:
+	free(dflt_dpio);
 err_malloc:
 	return err;
 }

include/config_fsl_chain_trust.h

@@ -44,11 +44,18 @@
  *	 "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b"
  */
 
+#ifdef CONFIG_BOOTARGS
+#define CONFIG_SET_BOOTARGS	"setenv bootargs \'" CONFIG_BOOTARGS" \';"
+#else
+#define CONFIG_SET_BOOTARGS	"setenv bootargs \'root=/dev/ram "	\
+				"rw console=ttyS0,115200 ramdisk_size=600000\';"
+#endif
+
+
 #ifdef CONFIG_BOOTSCRIPT_KEY_HASH
 #define CONFIG_SECBOOT \
 	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
-	"setenv bootargs \'root=/dev/ram rw console=ttyS0,115200 "	\
-	"ramdisk_size=600000\';"	\
+	CONFIG_SET_BOOTARGS	\
 	CONFIG_EXTRA_ENV	\
 	"esbc_validate $bs_hdraddr " \
 	  __stringify(CONFIG_BOOTSCRIPT_KEY_HASH)";" \
@@ -57,16 +64,13 @@
 #else
 #define CONFIG_SECBOOT \
 	"setenv bs_hdraddr " __stringify(CONFIG_BOOTSCRIPT_HDR_ADDR)";" \
-	"setenv bootargs \'root=/dev/ram rw console=ttyS0,115200 "	\
-	"ramdisk_size=600000\';"	\
+	CONFIG_SET_BOOTARGS	\
 	CONFIG_EXTRA_ENV	\
 	"esbc_validate $bs_hdraddr;" \
 	"source $img_addr;"	\
 	"esbc_halt\0"
 #endif
 
-/* For secure boot flow, default environment used will be used */
-#if defined(CONFIG_SYS_RAMBOOT)
 #ifdef CONFIG_BOOTSCRIPT_COPY_RAM
 #define CONFIG_BS_COPY_ENV \
 	"setenv bs_hdr_ram " __stringify(CONFIG_BS_HDR_ADDR_RAM)";" \
@@ -76,14 +80,19 @@
 	"setenv bs_flash " __stringify(CONFIG_BS_ADDR_FLASH)";" \
 	"setenv bs_size " __stringify(CONFIG_BS_SIZE)";"
 
+/* For secure boot flow, default environment used will be used */
+#if defined(CONFIG_SYS_RAMBOOT)
 #if defined(CONFIG_RAMBOOT_NAND)
 #define CONFIG_BS_COPY_CMD \
 	"nand read $bs_hdr_ram $bs_hdr_flash $bs_hdr_size ;" \
 	"nand read $bs_ram $bs_flash $bs_size ;"
 #endif /* CONFIG_RAMBOOT_NAND */
-#endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
-
+#else
+#define CONFIG_BS_COPY_CMD \
+	"cp.b $bs_hdr_flash $bs_hdr_ram  $bs_hdr_size ;" \
+	"cp.b $bs_flash $bs_ram  $bs_size ;"
 #endif
+#endif /* CONFIG_BOOTSCRIPT_COPY_RAM */
 
 #ifndef CONFIG_BS_COPY_ENV
 #define CONFIG_BS_COPY_ENV

include/configs/ls1043a_common.h

@@ -245,13 +245,13 @@
 	"ramdisk_size=0x2000000\0"		\
 	"fdt_high=0xffffffffffffffff\0"		\
 	"initrd_high=0xffffffffffffffff\0"	\
-	"kernel_start=0x61200000\0"		\
-	"kernel_load=0x807f0000\0"		\
-	"kernel_size=0x1000000\0"		\
+	"kernel_start=0x61100000\0"		\
+	"kernel_load=0xa0000000\0"		\
+	"kernel_size=0x2800000\0"		\
 	"console=ttyAMA0,38400n8\0"
 
 #define CONFIG_BOOTARGS			"console=ttyS0,115200 root=/dev/ram0 " \
-					"earlycon=uart8250,0x21c0500,115200"
+					"earlycon=uart8250,mmio,0x21c0500"
 #define CONFIG_BOOTCOMMAND		"cp.b $kernel_start $kernel_load "     \
 					"$kernel_size && bootm $kernel_load"
 #define CONFIG_BOOTDELAY		10

include/configs/ls2080aqds.h

@@ -399,4 +399,6 @@ unsigned long get_board_ddr_clk(void);
 #define CONFIG_USB_STORAGE
 #define CONFIG_CMD_EXT2
 
+#include <asm/fsl_secure_boot.h>
+
 #endif /* __LS2_QDS_H */

include/configs/ls2080ardb.h

@@ -14,6 +14,22 @@
 
 #define CONFIG_DISPLAY_BOARDINFO
 
+#define I2C_MUX_CH_VOL_MONITOR		0xa
+#define I2C_VOL_MONITOR_ADDR		0x38
+#define CONFIG_VOL_MONITOR_IR36021_READ
+#define CONFIG_VOL_MONITOR_IR36021_SET
+
+#define CONFIG_VID_FLS_ENV		"ls2080ardb_vdd_mv"
+#ifndef CONFIG_SPL_BUILD
+#define CONFIG_VID
+#endif
+/* step the IR regulator in 5mV increments */
+#define IR_VDD_STEP_DOWN		5
+#define IR_VDD_STEP_UP			5
+/* The lowest and highest voltage allowed for LS2080ARDB */
+#define VDD_MV_MIN			819
+#define VDD_MV_MAX			1212
+
 #ifndef __ASSEMBLY__
 unsigned long get_board_sys_clk(void);
 #endif
@@ -363,4 +379,6 @@ unsigned long get_board_sys_clk(void);
 #define CONFIG_PHY_AQUANTIA
 #endif
 
+#include <asm/fsl_secure_boot.h>
+
 #endif /* __LS2_RDB_H */

include/fsl_secboot_err.h

@@ -29,6 +29,7 @@
 #define ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN		0x18
 #define ERROR_IE_TABLE_NOT_FOUND				0x19
 #define ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN	0x20
+#define ERROR_KEY_TABLE_NOT_FOUND				0x21
 #define ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1			0x40
 #define ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2			0x80
 #define ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD			0x100
@@ -121,6 +122,8 @@ static const struct fsl_secboot_errcode fsl_secboot_errcodes[] = {
 		"Wrong IE public key len in header" },
 	{ ERROR_IE_TABLE_NOT_FOUND,
 		"Information about IE Table missing" },
+	{ ERROR_KEY_TABLE_NOT_FOUND,
+		"No Key/ Key Table Found in header"},
 	{ ERROR_ESBC_CLIENT_MAX, "NULL" }
 };
 

include/fsl_sfp.h

@@ -32,7 +32,8 @@
 /* Number of SRKH registers */
 #define NUM_SRKH_REGS	8
 
-#ifdef CONFIG_SYS_FSL_SFP_VER_3_2
+#if	defined(CONFIG_SYS_FSL_SFP_VER_3_2) ||	\
+	defined(CONFIG_SYS_FSL_SFP_VER_3_4)
 struct ccsr_sfp_regs {
 	u32 ospr;		/* 0x200 */
 	u32 ospr1;		/* 0x204 */

include/fsl_validate.h

@@ -21,14 +21,6 @@
 
 extern struct jobring jr;
 
-#ifdef CONFIG_KEY_REVOCATION
-/* Srk table and key revocation check */
-#define SRK_FLAG	0x01
-#define UNREVOCABLE_KEY	4
-#define ALIGN_REVOC_KEY 3
-#define MAX_KEY_ENTRIES 4
-#endif
-
 /* Barker code size in bytes */
 #define ESBC_BARKER_LEN	4	/* barker code length in ESBC uboot client */
 				/* header */
@@ -39,6 +31,47 @@ extern struct jobring jr;
 /* Maximum number of SG entries allowed */
 #define MAX_SG_ENTRIES	8
 
+/* Different Header Struct for LS-CH3 */
+#ifdef CONFIG_ESBC_HDR_LS
+struct fsl_secboot_img_hdr {
+	u8 barker[ESBC_BARKER_LEN];	/* barker code */
+	u32 srk_tbl_off;
+	struct {
+		u8 num_srk;
+		u8 srk_sel;
+		u8 reserve;
+		u8 ie_flag;
+	} len_kr;
+
+	u32 uid_flag;
+
+	u32 psign;		/* signature offset */
+	u32 sign_len;		/* length of the signature in bytes */
+
+	u64 pimg64;		/* 64 bit pointer to ESBC Image */
+	u32 img_size;		/* ESBC client image size in bytes */
+	u32 ie_key_sel;
+
+	u32 fsl_uid_0;
+	u32 fsl_uid_1;
+	u32 oem_uid_0;
+	u32 oem_uid_1;
+	u32 oem_uid_2;
+	u32 oem_uid_3;
+	u32 oem_uid_4;
+	u32 reserved1[3];
+};
+
+#ifdef CONFIG_KEY_REVOCATION
+/* Srk table and key revocation check */
+#define UNREVOCABLE_KEY	8
+#define ALIGN_REVOC_KEY 7
+#define MAX_KEY_ENTRIES 8
+#endif
+
+
+#else /* CONFIG_ESBC_HDR_LS */
+
 /*
  * ESBC uboot client header structure.
  * The struct contain the following fields
@@ -109,6 +142,17 @@ struct fsl_secboot_img_hdr {
 	u32 ie_key_sel;
 };
 
+#ifdef CONFIG_KEY_REVOCATION
+/* Srk table and key revocation check */
+#define SRK_FLAG	0x01
+#define UNREVOCABLE_KEY	4
+#define ALIGN_REVOC_KEY 3
+#define MAX_KEY_ENTRIES 4
+#endif
+
+#endif /* CONFIG_ESBC_HDR_LS */
+
+
 #if defined(CONFIG_FSL_ISBC_KEY_EXT)
 struct ie_key_table {
 	u32 key_len;
@@ -194,12 +238,15 @@ struct fsl_secboot_img_priv {
 
 	struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES];	/* SG table */
 	uintptr_t ehdrloc;	/* ESBC Header location */
-	uintptr_t img_addr;	/* ESBC Image Location */
+	uintptr_t *img_addr_ptr;	/* ESBC Image Location */
 	uint32_t img_size;	/* ESBC Image Size */
 };
 
+int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
+				char * const argv[]);
+
 int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
-	uintptr_t img_loc);
+	uintptr_t *img_addr_ptr);
 int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,
 	char * const argv[]);
 int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,