broadcom/cygnus: add secimage and sign bootblock

secimage is a tool which adds a header and signature to the binary first loaded by the soc. ARM core frequency is set to 1 Ghz. BUG=chrome-os-partner:36421 BRANCH=broadcom-firmware TEST=booted b0 board Change-Id: Ia08600d45c47ee4f08d253980036916e44b0044a Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Original-Commit-Id: 36284d1b242c26b0b5aac2894f7ed1790da1ef15 Original-Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Original-Reviewed-on: https://chrome-internal-review.googlesource.com/197155 Original-Reviewed-by: Scott Branden <sbranden@broadcom.com> Original-Reviewed-by: Julius Werner <jwerner@chromium.org> Original-Commit-Queue: Daisuke Nojiri <dnojiri@google.com> Original-Tested-by: Daisuke Nojiri <dnojiri@google.com> Original-Change-Id: Iaddd24006b368c8f37e075cb51e151e985029f3b Original-Reviewed-on: https://chromium-review.googlesource.com/264417 Reviewed-on: http://review.coreboot.org/9914 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2015-02-09 18:15:17 -08:00
parent cb6bb3bc47
commit e1741c512c
12 changed files with 679 additions and 2 deletions
--- a/src/soc/broadcom/cygnus/Makefile.inc
+++ b/src/soc/broadcom/cygnus/Makefile.inc
@ -57,6 +57,45 @@ ramstage-$(CONFIG_DRIVERS_UART) += ns16550.c

 CPPFLAGS_common += -Isrc/soc/broadcom/cygnus/include/

-$(objcbfs)/bootblock.bin: $(objcbfs)/bootblock.elf
+$(objcbfs)/bootblock.tmp: $(objcbfs)/bootblock.elf
 	@printf "    OBJCOPY    $(subst $(obj)/,,$(@))\n"
 	$(OBJCOPY_bootblock) -O binary $< $@
+
+ifneq ($(V),1)
+redirect := > /dev/null
+endif
+
+# Options used in the command line:
+# -out: path of the output file
+# -config: path to the file containing unauth header
+# -hmac: path to the file containing hmac for sha256
+# -bl: boot image file, ie. input file
+#
+# Authenticated header parameters:
+#
+# SBIConfiguration				/* Indicates SBI config */
+#   SYMMETRIC				0x0040
+#
+# CustomerID;			/* Customer ID */
+#   TYPE				bits [31-28]
+#     PRODUCTION			0x6
+#     DEVELOPMENT			0x9
+#   CUSTOMER_ID				bits [27-0]
+#
+# ProductID;			/* Product ID */
+#
+# CustomerRevisionID;		/* Customer Revision ID */
+#
+# SBIUsage			/* Boot Image Usage */
+#   NONE		0 	/* All purposes */
+#   SLEEP		1
+#   DEEP_SLEEP		2
+#   EXCEPTION		4
+$(objcbfs)/bootblock.bin: $(objcbfs)/bootblock.tmp \
+		$(objutil)/broadcom/secimage/secimage \
+		util/broadcom/unauth.cfg \
+		util/broadcom/khmacsha256
+	@printf "    SIGN       $(subst $(obj)/,,$(@))\n"
+	$(objutil)/broadcom/secimage/secimage -out $@ \
+		-config util/broadcom/unauth.cfg \
+		-hmac util/broadcom/khmacsha256 -bl $<