From e1741c512c66c468f3c3399aff451ae428cd6824 Mon Sep 17 00:00:00 2001
From: Daisuke Nojiri <dnojiri@chromium.org>
Date: Mon, 9 Feb 2015 18:15:17 -0800
Subject: broadcom/cygnus: add secimage and sign bootblock

secimage is a tool which adds a header and signature to the binary
first loaded by the soc. ARM core frequency is set to 1 Ghz.

BUG=chrome-os-partner:36421
BRANCH=broadcom-firmware
TEST=booted b0 board

Change-Id: Ia08600d45c47ee4f08d253980036916e44b0044a
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: 36284d1b242c26b0b5aac2894f7ed1790da1ef15
Original-Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Original-Reviewed-on: https://chrome-internal-review.googlesource.com/197155
Original-Reviewed-by: Scott Branden <sbranden@broadcom.com>
Original-Reviewed-by: Julius Werner <jwerner@chromium.org>
Original-Commit-Queue: Daisuke Nojiri <dnojiri@google.com>
Original-Tested-by: Daisuke Nojiri <dnojiri@google.com>
Original-Change-Id: Iaddd24006b368c8f37e075cb51e151e985029f3b
Original-Reviewed-on: https://chromium-review.googlesource.com/264417
Reviewed-on: http://review.coreboot.org/9914
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
---
 src/soc/broadcom/cygnus/Makefile.inc | 41 +++++++++++++++++++++++++++++++++++-
 1 file changed, 40 insertions(+), 1 deletion(-)

(limited to 'src/soc/broadcom')

diff --git a/src/soc/broadcom/cygnus/Makefile.inc b/src/soc/broadcom/cygnus/Makefile.inc
index a1459c0790..dce4e3d0b1 100644
--- a/src/soc/broadcom/cygnus/Makefile.inc
+++ b/src/soc/broadcom/cygnus/Makefile.inc
@@ -57,6 +57,45 @@ ramstage-$(CONFIG_DRIVERS_UART) += ns16550.c
 
 CPPFLAGS_common += -Isrc/soc/broadcom/cygnus/include/
 
-$(objcbfs)/bootblock.bin: $(objcbfs)/bootblock.elf
+$(objcbfs)/bootblock.tmp: $(objcbfs)/bootblock.elf
 	@printf "    OBJCOPY    $(subst $(obj)/,,$(@))\n"
 	$(OBJCOPY_bootblock) -O binary $< $@
+
+ifneq ($(V),1)
+redirect := > /dev/null
+endif
+
+# Options used in the command line:
+# -out: path of the output file
+# -config: path to the file containing unauth header
+# -hmac: path to the file containing hmac for sha256
+# -bl: boot image file, ie. input file
+#
+# Authenticated header parameters:
+#
+# SBIConfiguration				/* Indicates SBI config */
+#   SYMMETRIC				0x0040
+#
+# CustomerID;			/* Customer ID */
+#   TYPE				bits [31-28]
+#     PRODUCTION			0x6
+#     DEVELOPMENT			0x9
+#   CUSTOMER_ID				bits [27-0]
+#
+# ProductID;			/* Product ID */
+#
+# CustomerRevisionID;		/* Customer Revision ID */
+#
+# SBIUsage			/* Boot Image Usage */
+#   NONE		0 	/* All purposes */
+#   SLEEP		1
+#   DEEP_SLEEP		2
+#   EXCEPTION		4
+$(objcbfs)/bootblock.bin: $(objcbfs)/bootblock.tmp \
+		$(objutil)/broadcom/secimage/secimage \
+		util/broadcom/unauth.cfg \
+		util/broadcom/khmacsha256
+	@printf "    SIGN       $(subst $(obj)/,,$(@))\n"
+	$(objutil)/broadcom/secimage/secimage -out $@ \
+		-config util/broadcom/unauth.cfg \
+		-hmac util/broadcom/khmacsha256 -bl $<
-- 
cgit v1.2.3