ARM-software · ruchi393 · Feb 20, 2019 · Mar 6, 2019 · Feb 20, 2019 · Feb 20, 2019
diff --git a/docs/plat/ls1043a.rst b/docs/plat/ls1043a.rst
diff --git a/docs/plat/nxp/nxp-layerscape-tb.rst b/docs/plat/nxp/nxp-layerscape-tb.rst
@@ -0,0 +1,81 @@
+TRUSTED_BOARD_BOOT option can be enabled by specifying
+TRUSTED_BOARD_BOOT=1 on command line during make
+
+By default the build considers that with TRUSTED_BOARD_BOOT option,
+boot is being booted with secure boot i.e either SB_EN=1 or ITS=1.
+This would mean that bl2.bin would get signed and header would be
+embedded in the "bl2_<boot_src>_sec.pbl"
+To explicity disable secure boot, use option SECURE_BOOT=false from
+command line
+
+2 options are provided for TRUSTED_BOARD_BOOT:
+-------------------------------------------------------------------------
+Option 1:
+CoT using X 509 certificates
+-------------------------------------------------------------------------
+
+This CoT is as provided by ARM.
+To use this option user needs to specify mbedtld dir path in
+MBEDTLS_DIR.
+GENERATE_COT=1 adds the certificates to the FIP image
+
+ROTPK for x.509 certificates is generated and embedded in bl2.bin
+and verified as part of CoT by Boot ROM during secure boot.
+
+Typical command line to build this option
+
+ make PLAT=<plat> all fip pbl SPD=opteed BL32=tee.bin BL33=u-boot.bin \
+      RCW = <secure bot RCW>	\
+      TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 MBEDTLS_DIR=<mbedtls dir path>
+
+-------------------------------------------------------------------------
+Option 2:
+CoT using traditional CSF headers.
+-------------------------------------------------------------------------
+
+This option is automatically selected when TRUSTED_BOARD_BOOT is set
+but MBEDTLS_DIR path is not specified.
+
+CSF header is embedded to each of the BL31, BL32 and  BL33 image.
+
+To generate CSF header, path of CST repository needs to be specified
+as CST_DIR
+
+Default input files for CSF header generation is added in this repo.
+Default input file requires user to generate RSA key pair named
+srk.pri and srk.pub and add them in ATF repo. The keys can be generated
+using gen_keys tool of CST.
+
+To change the input file , user can use the options
+BL33_INPUT_FILE, BL32_INPUT_FILE, BL31_INPUT_FILE
+
+There are 2 paths in secure boot flow :
+1. development Mode (sb_en = 1, its = 0)
+In this flow , even on ROTPK comparison failure, flow would continue.
+However SNVS is transitioned to non-secure state
+
+2. Production mode (ITS =1)
+Any failure is fatal failure
+
+TRUSTED_BOARD_BOOT can be enabled in non secure boot flow also. ROTPK
+would be ignored in that case and failures won't result in snvs transition.
+
+1. Generate the SRK Key Pair.
+From CST
+./gen_keys <key_sz>
+ Copy srk.pri/srk.pub to TF-A repo
+
+(To change the key/key-names change the requierd input file in
+drivers/nxp/csf_hdr_parser/
+
+(For more details of CST refer to NXP QorIQ LSDK documentation)
+
+2. make PLAT=<plat> all fip pbl SPD=opteed BL32=tee.bin BL33=u-boot.bin \
+      RCW = <secure bot RCW>	\
+      TRUSTED_BOARD_BOOT=1 CST_DIR=<cst dir path>
+
+To use user provided input files :
+make PLAT=<plat> all fip pbl SPD=opteed BL32=tee.bin BL33=u-boot.bin \
+      RCW = <secure bot RCW>	\
+      TRUSTED_BOARD_BOOT=1 CST_DIR=<cst dir path> BL33_INPUT_FILE=<ip file> BL32_INPUT_FILE=<ip_file> \
+      BL31_INPUT_FILE = <ip file>
diff --git a/docs/plat/nxp/nxp-layerscape.rst b/docs/plat/nxp/nxp-layerscape.rst
@@ -0,0 +1,177 @@
+NXP SoCs - Overview
+=====================
+
+The QorIQ family of ARM based SoCs that are supported on TF-A are:
+
+LS1043ARDB:
+	Platform Name:
+	a. ls1043ardb (Board details can be fetched from the link: `ls1043ardb`_)
+
+
+Table of Supported Boot-Modes by each platform:
+==============================================
+
+                    |  SD   |  QSPI | NOR   | NAND  | eMMC  | Flexspi-NOR | Flexspi-NAND |
+------------------------------------------------------------------------------------------
+1.| ls1043ardb      | yes   |       |  yes  |  yes  |       |             |              |
+------------------------------------------------------------------------------------------
+2.| ls1043aqds      | yes   | yes   |  yes  |  yes  |       |             |              |
+------------------------------------------------------------------------------------------
+
+
+Boot Sequence
+=============
+                          Secure World        |   Normal World
+EL0                                           |
+                                              |
+EL1                           BL32(Tee OS)    |   kernel
+                               ^ |            |     ^
+		               | |            |     |
+EL2                            | |            |   BL33(u-boot)
+	                       | |            |    ^
+                               | v            |   /
+EL3        BootROM --> BL2 --> BL31 -------------/
+
+
+How to build
+============
+
+Code Locations
+--------------
+
+-  OP-TEE:
+   `link <https://source.codeaurora.org/external/qoriq/qoriq-components/optee_os>`__
+
+-  U-Boot:
+   `link <https://source.codeaurora.org/external/qoriq/qoriq-components/u-boot>`__
+
+-  RCW:
+   `link <https://source.codeaurora.org/external/qoriq/qoriq-components/rcw>`__
+
+-  CST:
+   `link <https://source.codeaurora.org/external/qoriq/qoriq-components/cst>`__
+
+Build Procedure
+---------------
+
+-  Fetch all the above repositories into local host.
+
+-  Prepare AARCH64 toolchain and set the environment variable "CROSS_COMPILE".
+   .. code:: shell
+
+       CROSS_COMPILE=.../bin/aarch64-linux-gnu-
+
+-  Build RCW. Refer README from the respective cloned folder for more details.
+
+-  Build CST in case of secure-boot. Refer README from the respective cloned folder for more details.
+
+-  Build u-boot and OPTee firstly, and get binary images: u-boot.bin and tee.bin
+   For u-boot you can use the <platform>_tfa_defconfig for build
+
+-  Below are the steps to build TF-A images for the supported platforms.
+
+BUILD BL2:
+
+-To compile
+   .. code:: shell
+
+       make PLAT=<platform_name>ardb bl2 BOOT_MODE=<any_one_of_the_supported_boot_mode_by_the_platform> pbl RCW_PATH=<RCW_file_name_with_path>
+
+BUILD FIP:
+
+-To compile without OPTEE and without Trusted Board Boot.
+   .. code:: shell
+
+	make PLAT=<platform_name> fip BOOT_MODE=<any_one_of_the_supported_boot_mode_by_the_platform> BL33=u-boot-dtb.bin
+
+-To compile with OPTEE and without Trusted Board Boot.
+   .. code:: shell
+
+	make PLAT=<platform_name> fip BOOT_MODE=<any_one_of_the_supported_boot_mode_by_the_platform> BL33=u-boot-dtb.bin SPD=opteed BL32=<tee.bin>
+
+-To compile with Trusted Board Boot.
+	Refer the readme at ./plat/nxp/README.TRUSTED_BOOT
+
+
+Deploy ATF Images
+-----------------
+Note: The size in the standard uboot commands for copy to nor, qspi, nand or sd
+should be modified based on the binary size of the image to be copied.
+
+-  Deploy ATF images on Nor flash Alt Bank from U-Boot prompt.
+
+   .. code:: shell
+
+       => tftp 82000000  $path/bl2_nor.pbl;
+       =>pro off all;era 64000000 +$filesize;cp.b 82000000 64000000 $filesize
+
+       => tftp 82000000  $path/fip.bin;
+       =>pro off all;era 64100000 +$filesize;cp.b 82000000 64100000 $filesize
+
+    Then change to Alt bank and boot up ATF:
+
+    .. code:: shell
+
+       => cpld reset altbank
+
+-  Deploy ATF images on SD card from U-Boot prompt.
+
+   .. code:: shell
+
+       => tftp 82000000 $path/bl2_sd.pbl
+       => mmc write 82000000 8 150
+
+       => tftp 82000000  $path/fip.bin; mmc write 82000000 800 B00
+
+    Then change to SD boot and boot up ATF:
+
+    .. code:: shell
+
+       => cpld reset sd (For platforms with cpld as FPGA)
+       or
+       => qixis reset sd (For platforms with Qixis)
+
+       Please refer to the board manual for the right command.
+
+-  Deploy ATF images on NAND car from U-Boot prompt.
+
+   .. code:: shell
+
+	=> tftp 82000000 $path/bl2_nand.pbl
+	=> nand erase 0x0 0x100000;nand write 0x82000000 0x0 0x100000;
+	=> tftp 82000000  $path/fip.bin
+	=> nand erase 0x100000 0x100000;nand write 0x82000000 0x100000 0x100000;
+    Then change to SD boot and boot up ATF:
+
+    .. code:: shell
+
+	=> cpld reset nand
+        or
+        => qixis reset nand (For platforms with Qixis)
+
+-  Deploy ATF images on QSPI flash from U-Boot prompt.
+
+   .. code:: shell
+
+       => tftp 82000000 $path/bl2_qspi.pbl
+       => sf erase 0x0 0x40000; sf write 0x80000000 0x0 0x40000;
+
+
+       => tftp 82000000  $path/fip.bin;
+       => sf erase 0x100000 0x100000; sf write 0x80000000 0x100000 0x100000;
+
+        Note : Please select the flash you want to write to by doing sf probe
+        as required on the platform.
+
+    Then change to QSPI boot and boot up ATF:
+
+    .. code:: shell
+
+       => cpld reset qspi (For platforms with cpld as FPGA)
+       or
+       => qixis reset qspi (For platforms with Qixis)
+
+For trusted boot, please refer to docs/plat/nxp-layerscape-tb.rst
+
+.. _ls1043ardb:https://www.nxp.com/support/developer-resources/software-development-tools/qoriq-developer-resources/qoriq-ls1043a-reference-design-board:LS1043A-RDB
+
diff --git a/drivers/nxp/crypto/caam/caam.mk b/drivers/nxp/crypto/caam/caam.mk
@@ -0,0 +1,11 @@
+#
+# Copyright 2018-2019 NXP
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+SEC_DRIVERS_PATH	:=	drivers/nxp/crypto/caam
+
+SEC_SOURCES +=  $(wildcard $(SEC_DRIVERS_PATH)/src/*.c)
+
+PLAT_INCLUDES			+= -I$(SEC_DRIVERS_PATH)/include