marvell/mvmap2315: Compose BOOTBLOCK region

This patch adds a Makefile rule for mvmap2315 to install a BDB and
bootblock code in the BOOTBLOCK region. The resulting BDB has a
header and data both signed by a RSA-4096 key.

BUG=chrome-os-partner:57889
BRANCH=none
TEST=emerge-rotor coreboot and examined the output binary. Booted
coreboot.rom.

Change-Id: I1e20a09b12f8f8ed4d095aa588e3eb930f359fc5
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-on: https://review.coreboot.org/16747
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>

src/soc/marvell/mvmap2315/Makefile.inc

@@ -63,4 +63,77 @@ romstage-y += wdt.c
 
 CPPFLAGS_common += -Isrc/soc/marvell/mvmap2315/include/
 
-endif
+#
+# Common Boot Flow parameters
+#
+BOOTBLOCK_REGION_SIZE = 131072
+BOOTBLOCK_TYPE = 1
+BOOTBLOCK_PARTITION = 1
+BOOTBLOCK_LOAD_ADDRESS = 0xe000c000
+BDB = $(obj)/bdb.bin
+BDB_LOAD_ADDRESS = 0xe0000000
+DATA_VERSION = 2
+
+#
+# Keys used to create BDB
+#
+KEYDIR = $(VBOOT_SOURCE)/tests/testkeys
+BDBKEY_PUB = $(KEYDIR)/bdbkey.keyb
+BDBKEY_PRI = $(KEYDIR)/bdbkey.pem
+BDBKEY_DIGEST = $(VBOOT_SOURCE)/tests/testdata/bdbkey_digest.bin
+# Use bdbkeys because mvmap2315's bootROM doesn't support RSA3072b with
+# exponent 3 and the algorithms for BDB key and data key have to match.
+DATAKEY_PUB = $(KEYDIR)/bdbkey.keyb
+DATAKEY_PRI = $(KEYDIR)/bdbkey.pem
+
+# Calculate bootblock.raw.bin's size and offset
+.PHONY: bootblock_offset
+bootblock_offset: $(objcbfs)/bootblock.raw.bin
+	$(eval BOOTBLOCK_SIZE = $(call file-size, $<))
+	$(eval BOOTBLOCK_OFFSET = $(call int-subtract, \
+		$(BOOTBLOCK_REGION_SIZE) $(BOOTBLOCK_SIZE)))
+
+#
+# Create BDB
+#
+# TODO: Verify sign algorithms of the BDB key and data key are supported
+$(BDB): $(objcbfs)/bootblock.raw.bin $(FUTILITY) bootblock_offset \
+		$(BDBKEY_PRI) $(BDBKEY_PUB) $(DATAKEY_PRI) $(DATAKEY_PUB) \
+		$(VBOOT_SOURCE)/tests/testdata/bdbkey_digest.bin
+	$(FUTILITY) bdb --create $@.tmp \
+		--bdbkey_pri $(BDBKEY_PRI) --bdbkey_pub $(BDBKEY_PUB) \
+		--datakey_pri $(DATAKEY_PRI) --datakey_pub $(DATAKEY_PUB) \
+		--load_address $(BDB_LOAD_ADDRESS)
+	$(FUTILITY) bdb --add $@.tmp \
+		--data $< \
+		--offset $(BOOTBLOCK_OFFSET) \
+		--partition $(BOOTBLOCK_PARTITION) \
+		--type $(BOOTBLOCK_TYPE) \
+		--load_address $(BOOTBLOCK_LOAD_ADDRESS)
+	$(FUTILITY) bdb --resign $@.tmp \
+		--datakey_pri $(DATAKEY_PRI) \
+		--data_version $(DATA_VERSION)
+	$(FUTILITY) bdb --verify $@.tmp --key_digest $(BDBKEY_DIGEST)
+	mv $@.tmp $@
+
+#
+# Create custom bootblock.bin
+#
+# This overrides generic pattern rule *.raw.bin -> *.bin for bootblock.bin.
+# bootblock.bin is structured as follows:
+#   +------------------+
+#   |      BDB         |
+#   +------------------+
+#   | 000............0 |
+#   +------------------+
+#   |bootblock.raw.bin |
+#   +------------------+
+# And this will be placed in BOOTBLOCK region.
+$(objcbfs)/bootblock.bin: $(objcbfs)/bootblock.raw.bin $(BDB) bootblock_offset
+	dd if=/dev/zero bs=1 count=$(BOOTBLOCK_REGION_SIZE) of=$@.tmp
+	dd if=$(BDB) bs=1 count=$(call file-size, $(BDB)) conv=notrunc of=$@.tmp
+	dd if=$(objcbfs)/bootblock.raw.bin bs=1 count=$(BOOTBLOCK_SIZE) \
+		seek=$(BOOTBLOCK_OFFSET) conv=notrunc of=$@.tmp
+	mv $@.tmp $@
+
+endif