Implement dw_spi_get_clk function to override its weak
implementation in designware_spi.c driver.
We need this change to get rid of cm_get_spi_controller_clk_hz
function and clock_manager.h include in designware_spi.c driver.
Reviewed-by: Marek Vasut <marex@denx.de>
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Reviewed-by: Jagan Teki <jagan@openedev.com>
This prevents the following ENOMEM:
Error binding driver 'bmips_cpu': -12
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Convert these configuration options to Kconfig, update board defconfigs
and drop them from whitelist.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
Pull out u-boot extras into dtsi files to make synchronization of DTS
from Linux kernel as easy as a simple copy. All the U-Boot extras are
now in *-u-boot.dts* files instead.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
Import the RCar Gen3 DTS and headers from upstream Linux kernel v4.14,
commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 . This includes both M3
and H3 ULCB and Salvator-X boards.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
Adopt the Linux DT bindings and clean-up duplicate
and unused values.
Fix indentation of the QSPI node in the keystone k2g
device tree.
Tested on TI K2G platform:
Tested-by: Vignesh R <vigneshr@ti.com>
Tested on a socfpga-cyclonev board:
Tested-by: Simon Goldschmidt <sgoldschmidt@de.pepperl-fuchs.com>
Signed-off-by: Jason Rush <jarush@gmail.com>
Reviewed-by: Jagan Teki <jagan@openedev.com>
Acked-by: Simon Goldschmidt <sgoldschmidt@de.pepperl-fuchs.com>
Acked-by: Marek Vasut <marex@denx.de>
Erratum NO. FE-9144572: The device SPI interface supports frequencies of
up to 50 MHz. However, due to this erratum, when the device core clock
is 250 MHz and the SPI interfaces is configured for 50MHz SPI clock and
CPOL=CPHA=1 there might occur data corruption on reads from the SPI
device.
Implement the workaround by setting the TMISO_SAMPLE value to 0x2
in the timing1 register.
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Jagan Teki <jagan@openedev.com>
This driver manages the high speed SPI controller present on this SoC.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Reviewed-by: Jagan Teki <jagan@openedev.com>
This driver manages the SPI controller present on this SoC.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Reviewed-by: Jagan Teki <jagan@openedev.com>
This driver manages the low speed SPI controller present on this SoC.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Reviewed-by: Jagan Teki <jagan@openedev.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This driver manages the SPI controller present on this SoC.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Reviewed-by: Jagan Teki <jagan@openedev.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This driver manages the SPI controller present on this SoC.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Reviewed-by: Jagan Teki <jagan@openedev.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This driver manages the SPI controller present on this SoC.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Reviewed-by: Jagan Teki <jagan@openedev.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This driver manages the SPI controller present on this SoC.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Reviewed-by: Jagan Teki <jagan@openedev.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
wait_for_bit callers use the 32 bit LE version
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Reviewed-by: Jagan Teki <jagan@openedev.com>
Change all coldfire arch files to use CONFIG_DISPLAY_CPUINFO.
Signed-off-by: Angelo Dureghello <angelo@sysam.it>
Reviewed-by: Tom Rini <trini@konsulko.com>
---
Changes for v2:
- update common/Kconfig to add M68K to the default y list
The current GPL only licensing on the device trees makes it very
impractical for other software components licensed under another
license.
To make it easier to reuse them, re-license the the device trees for
Freescale (now NXP) SoCs and boards under GPLv2+/X11 dual license.
Same trend is followed in linux.
Cc: Priyanka Jain <priyanka.jain@nxp.com>
Cc: Mingkai Hu <mingkai.hu@nxp.com>
Cc: York Sun <york.sun@nxp.com>
Signed-off-by: Pankaj Bansal <pankaj.bansal@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Adds a VID specific API in init_sequence_f and spl code flow
namely init_func_vid which is required to adjust core voltage.
VID specific code is required in spl, hence moving flag CONFIG_VID
out of spl flags.
Signed-off-by: Ashish Kumar <Ashish.Kumar@nxp.com>
Signed-off-by: Rajesh Bhagat <rajesh.bhagat@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Restructures common driver to support LTC3882 voltage regulator
chip.
Signed-off-by: Ashish Kumar <Ashish.Kumar@nxp.com>
Signed-off-by: Rajesh Bhagat <rajesh.bhagat@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Adds SERDES voltage and reset SERDES lanes API and makes
enable/disable DDR controller support 0.9V API common.
Signed-off-by: Ashish Kumar <Ashish.Kumar@nxp.com>
Signed-off-by: Rajesh Bhagat <rajesh.bhagat@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
This time around we have a lot of EFI patches from Heinrich.
Highlights are:
- Allow EFI applications to register as drivers
- Allow exposure of U-Boot block devices from an EFI payload
- Compatibility improvements
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABAgAGBQJaZwoHAAoJECszeR4D/txgKU0QAMRg5zm95ClGRBjxVbAW7M73
T7pHQBbsoaddfK0zOAltLo5wOLhLNJPb93L0gxjChx6o5PDV6iFISAYRnJiQsVyj
XI5Ve2XV8DRBMdaKVxeq1Z7syjYllhdkzBeQbitw6TfIDy+qeA/x/Z1Jz6gYnTDh
ZmbP0HrTk59Vg80ZLa4XcBumqesfBnUAEDFx9sYX9T8/7bx3QWQfwAJ3XHYKkDmM
aaXFq/02/z0ZgDPinkG00AIkKme+QRAFCd+leACkDGPR9pAC4mf6df/006a0Sl/s
qw5j5J06yOZ0ykTxwmREsGg62IqCTPA51mSiBvWS37vZeUUO0WhyysuUvQ5YVv+U
UII5YN/0PGVGVZ4hM1s3yEijEf48n1YncASRyYVfCtJjC/WJ2IUlthH85MEBrrn4
IqVHeoLJg5/a3T2Tdo83q/AD9saFshaVsT42C04JB07/29SKjNjZ9sUMMBatOlAP
HleCy3jgodwB4kF1Tld6oeakvuc0xOhCOckD3rWUhsi9eN9liZiv7AlXFiXxPUgz
tWcJtluaZ/vhXXJWdCqwf2KIq0fmawgBUsSwLByPrZKTp9OojGsA52Ro6jAuu2Mq
vKqZhRpSF7DtAhALcex5V2uwCc5npehTTXIHYG/bmzBQWrEWfBlYA7dSjMiuQbuD
0+1EicqsGp8Chr1H37bC
=XZ4q
-----END PGP SIGNATURE-----
Merge tag 'signed-efi-next' of git://github.com/agraf/u-boot
Patch queue for efi - 2018-01-23
This time around we have a lot of EFI patches from Heinrich.
Highlights are:
- Allow EFI applications to register as drivers
- Allow exposure of U-Boot block devices from an EFI payload
- Compatibility improvements
This converts the following to Kconfig:
CONFIG_SOC_DA8XX
CONFIG_SOC_DA850
CONFIG_DA850_LOWLEVEL
CONFIG_MACH_DAVINCI_DA850_EVM
CONFIG_SYS_DA850_PLL_INIT
CONFIG_SYS_DA850_DDR_INIT
Signed-off-by: Adam Ford <aford173@gmail.com>
Reviewed-by: David Lechner <david@lechnology.com>
[trini: Rework CONFIG_SYS_DA850_PLL_INIT so it's selected on SOC_DA8XX]
Signed-off-by: Tom Rini <trini@konsulko.com>
This pair of tests checks the StartImage boot service.
Each test loads an EFI application into memory and starts it.
One returns by calling the Exit boot service. The other returns directly.
The tests are not built on x86_64 because the relocation code for the efi
binary cannot be created.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Move system flags from defconfig to mach-stm32/Kconfig
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Vikas Manocha <vikas.manocha@st.com>
Now this driver is used across stm32f4, stm32f7 and stm32h7
SoCs family, give it a generic name.
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Vikas Manocha <vikas.manocha@st.com>
This adds support for '-machine virt' on AArch64. This is rather simple:
we just add TARGET_QEMU_ARM_xxBIT to select a few different Kconfig
symbols, provide the ARMv8 memory map from the board file and add a new
defconfig based on the 32-bit defconfig.
Signed-off-by: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
Reviewed-by: Tom Rini <trini@konsulko.com>
The signing certificate name is always 15 chars long, but need not be
null terminated. One solution is then to use printf precision modifiers
to only print this many chars ("%.15s"), but tiny printf does not support
this, so lets just drop printing the cert name for now.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Fix the size calculation in the verify boot. The header size
should be subtracted from the image size, not be assigned to
the image size.
Fixes: 0830d72bb9 ("arm: am33xx: security: adds auth support for encrypted images")
Signed-off-by: Madan Srinivas <madans@ti.com>
Signed-off-by: Dan Murphy <dmurphy@ti.com>
Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
This commit adds OMAP3 BeagleBoard devicetree files from
Linux v4.15-rc5. This includes standard OMAP34XX board revisions as
well as the 'xM' which is OMAP36XX.
Signed-off-by: Derald D. Woods <woods.technical@gmail.com>
DRA762 comes in two packages:
- ABZ: Pin compatible package with DRA742 with DDR@1333MHz
- ACD: High performance(OPP_PLUS) package with new IPs
Both the above packages uses the same IDCODE hence needs to
differentiate using package information in DIE_ID_2.
Add support for the same. Also update clock, ddr, emif information.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Keystone and DRA7 based TI platforms uses same
EMIF memory controller. cmd_ddr3 command is customized
for keystone platforms, make it generic so that it can
be re used for DRA7 platforms.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Move cmd_ddr3 to cmd/ti in order to make
it build for non-keystone TI platforms.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
[trini: Rename to ddr3.c not cmd_ddr3.c]
Signed-off-by: Tom Rini <trini@konsulko.com>
For data integrity, the EMIF1 supports ECC on the data
written or read from the SDRAM. Add support for enabling
ECC support in EMIF1.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Krunal Bhargav <k-bhargav@ti.com>
This is a slight difference in emif_ddr_phy_status register offsets for
DRA7xx EMIF and older versions. And ecc registers are available only
in DRA7xx EMIC. Add support for this difference and ecc registers.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Add support for simple memory fill operation. With large data sizes
it is much faster to use EDMA for memory fill rather than CPU.
Signed-off-by: Tero Kristo <t-kristo@ti.com>
DPLL DRR doesn't have an M4 divider. But the clock driver is trying
to configure M4 divider as 4(writing into a reserved register).
Fixing it by making M4 divider as -1.
Reported-by: Steve Kipisz <s-kipisz2@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Added support for K2G EVM with FlipChip SoC of which
ARM/DDR3 runs at 1GHz/1066 MT/s. The patch is also
backward compatible with old revision EVM and EVM
with WireBond SoC. Their ARM/DDR3 run at 600MHz/800 MT/s.
The new SoC supports 2 different speeds at 1GHz and 600MHz.
Modyfied the CPU Name to show which SoC is used in the EVM.
Modified the DDR3 configuration to reflect New SoC supports
2 different CPU and DDR3 speeds, 1GHz/1066MT and 600MHz/800MT.
Added new inline function board_it_k2g_g1() for the new FlipChip 1GHz,
and set the u-boot env variable board_name accordingly.
Modified findfdt script in u-boot environment variable to include new k2g board type.
Signed-off-by: Rex Chang <rchang@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
MCAN can be accessed via DCAN1 or DCAN2. Determining which DCAN instance
to use if any at all is done through
CTRL_CORE_CONTROL_SPARE_RW.SEL_ALT_MCAN. Since general pinmuxing is
handled in U-boot. Handle this additional pinmuxing requirement in U-boot
to ensure that MCAN is used by default via the DCAN1 pins.
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Vignesh R <vigneshr@ti.com>
[fcooper@ti.com: Update commit message and use DCAN1 not DCAN2 for MCAN]
Signed-off-by: Franklin S Cooper Jr <fcooper@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Faiz Abbas <faiz_abbas@ti.com>
omap_hsmmc driver uses "|" in a couple of places for disabling a bit.
While it's okay to use it in "mmc_reg_out" (since mmc_reg_out has a
_mask_ argument to take care of resetting a bit), it's incorrectly used
for resetting flags in "omap_hsmmc_send_cmd".
Fix it here by using "&= ~()" to reset a bit.
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
The omap hsmmc host controller can have the ADMA2 feature. It brings better
read and write throughput.
On most SOC, the capability is read from the hl_hwinfo register. On OMAP3,
DMA support is compiled out.
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
This is useful to make sure no stale data exists in caches after bootloaders.
The worst thing could be some lines of cache were locked in a bootloader
for example during DDR recalibration and never unlocked. This may lead
to really unpredictable issues later down the line.
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
We'd like to keep IOC HW at the same state as t is right after reset when we
start Linux kernel so there will be no re-configuration of IOC on the go.
The point is U-Boot doesn't benefit a lot from IOC as it doesn't do a
lot of DMA operations especially on multiple cores simultaneously.
At the same time re-configuration of IOC in run-time might become quite
a tricky experience because we need to make sure there're no DMA
trannsactions in flight otherwise unexpected consequencses might affect
us much later and debugging those kinds of issues will be a real
nightmare.
That said let's make our life easier a little bit.
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Previous SLC management implementation is broken. Seems like it was
never sufficiently tested probably because most of the time IOC was used
instead (i.e. no manual cache operations were done).
Now if we disable IOC in U-boot we'll get a lot of errors while using
DMA-enabled peripherals.
This time we fix it by substitution of broken per-line SLC operations
region operations as it is done in the Linux kernel (we took it from
v4.14 which is the latest stable as of today).
Among other things this implementation might be a bit faster because
instead of iteration over each and every cache line we're taking care
about entire region in one go.
Main changes:
* Replaced __slc_line_op (per line operations) by __slc_rgn_op
(region operations).
* Reworked __slc_entire_op to get rid of __after_slc_op and
__before_slc_op functions.
Note flush fix (flush only instead of flush-n-inv when OP_FLUSH is
used, see [1] for more details) is already incorporated here.
* Added SLC invalidation to invalidate_icache_all().
* Added (start >= end) check to invalidate_dcache_range() and
flush_dcache_range() as some buggy drivers pass region start == end.
* Added read-out of MMU BCR so we may know if PAE40 exists in HW and then
act on a particular AUX regs accordingly.
[1] http://lists.infradead.org/pipermail/linux-snps-arc/2018-January/003357.html
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Align the base address defined in header files with the base address used
in the DTS. This will facilitate the introduction of the DMA support.
Of all HSMMC users, only omap3 doesn't have the 0x100 reserved region at
the top. This region will be used to determine if the controller supports
DMA transfers
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
This reverts commit 46831c1a4c.
This reserved area at the beginning of struct hsmm, will be used later to
support ADMA
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Remove the unit address from the config node name when U-Boot deals with
secure firmware FIT images.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Fix all occurences in various documentation files where this was not
observed, to not give bad examples to the reader.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
If lk lights up display and populates simple-framebuffer node, it will
also setup a reserved-memory node (needed by simplefb on linux). But
it isn't clever enough to cope when the reserved-memory node is not
present.
Signed-off-by: Rob Clark <robdclark@gmail.com>
The firmware that runs before u-boot modifies u-boot's device tree
adding the local-mac-address and local-bd-address properties for the
compatibles "qcom,wcnss-bt" and "qcom,wcnss-wlan".
This commit reads that firmware, retrieves the properties and fixups
the device tree that is passed to the kernel before booting.
Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
This commit adds support for 96Boards Dragonboard820C.
The board is based on APQ8086 Qualcomm Soc, complying with the
96Boards specification.
Features
- 4x Kyro CPU (64 bit) up to 2.15GHz
- USB2.0
- USB3.0
- ISP
- Qualcomm Hexagon DSP
- SD 3.0 (UHS-I)
- UFS 2.0
- Qualcomm Adreno 530 GPU
- GPS
- BT 4.2
- Wi-Fi 2.4GHz, 5GHz (802.11ac)
- PCIe 2.0
- MIPI-CSI, MIPI-DSI
- I2S
U-Boot boots chained from LK (LK implements the fastboot protocol) in
64-bit mode.
For detailed build instructions see readme.txt in the board directory.
Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
In preparation to add support for the Dragonboard820c (APQ8096),
refactor the current Snapdragon clock driver.
No new functionality has been added.
Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
The SP805-WDT module on LS1088A requires configuration of PMU's
PCTBENR register to enable watchdog counter decrement and reset
signal generation. The watchdog clock needs to be enabled first.
Signed-off-by: Zhang Ying-22455 <ying.zhang22455@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
LS1012A-2G5RDB belongs to LS1012A family with features 2 2.5G SGMII
PFE MAC, SATA, USB 2.0/3.0, WiFi DDR, eMMC, QuadSPI, UART.
Signed-off-by: Bhaskar Upadhaya <Bhaskar.Upadhaya@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Align boards belonging to LS1012A, LS2080A SoC at one place.
Signed-off-by: Bhaskar Upadhaya <Bhaskar.Upadhaya@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
hab_failsafe when called puts the part into BootROM recovery mode.
This will allow u-boot scripts to script the dropping down into recovery
mode.
=> hab_failsafe
Shows the i.MX7 appear as "hiddev0,hidraw5: USB HID v1.10 Device [Freescale
SemiConductor Inc SP Blank ULT1] " in a Linux dmesg thus allowing download
of a new image via the BootROM USB download protocol routine.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
This patch implements the basic callback hooks for
hab_rvt_check_failsafe for BootROM code using the older BootROM address
layout - in my test case the i.MX7. Code based on new BootROM callbacks
will just do nothing and there's definitely a TODO to implement that extra
functionality on the alternative BootROM API.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
The hab_rvt_failsafe() callback according to the HABv4 documentation:
"This function provides a safe path when image authentication has failed
and all possible boot paths have been exhausted. It is intended for use by
post-ROM boot stage components, via the ROM Vector Table."
Once invoked the part will drop down to its BootROM USB recovery mode.
Should it be the case that the part is in secure boot mode - only an
appropriately signed binary will be accepted by the ROM and subsequently
executed.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
It will be helpful to boot commands to know if the HAB is enabled. Export
imx_hab_is_enabled() now to facilitate further work with this data-point in
a secure-boot context.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
The BootROM will not successfully process a HAB image passed by u-boot
unless the board has been set into locked mode. Some of the existing usages
of authenticate_image() expect and rely on unlocked boards doing the
following
1. Not calling into the BootROM authenticate_image() callback
2. Returning a pass status for authenticate_image() calls anyway
A previous patch removed the necessity to call into imx_hab_is_enabled()
twice. This patch ensures the reliance on authenticate_image() returning
zero is maintained.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Suggested-by: Breno Matheus Lima <brenomatheus@gmail.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Understanding if the HAB is enabled is something that we want to
interrogate and report on outside of the HAB layer. First step to that is
renaming the relevant function to match the previously introduced external
naming convention imx_hab_function()
The name imx_hab_is_hab_enabled() is a tautology. A more logical name is
imx_hab_is_enabled().
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Tidy up the HAB namespace a bit by prefixing external functions with
imx_hab. All external facing functions past this point will be prefixed in
the same way to make the fact we are doing IMX HAB activities clear from
reading the code. authenticate_image() could mean anything
imx_hab_authenticate_image() is on the other hand very explicit.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
There is no need to export these functions and data structures externally.
Make them all static now.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
The current flow of authenticate_image() will print the HAB event log even
if we reject an element of the IVT header before ever calling into the ROM.
This can be confusing.
This patch changes the flow of the code so that the HAB event log is only
printed out if we have called into the ROM and received some sort of status
code.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Suggested-by: Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Add a hab_rvt_check_target() step to authenticate_image() as a sanity
check for the target memory region authenticate_image() will run over,
prior to making the BootROM authentication callback itself.
This check is recommended by the HAB documentation so it makes sense to
adhere to the guidance and perform that check as directed.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
This patch implements the basic callback hooks for hab_rvt_check_target()
for BootROM code using the older BootROM address layout - in my test case
the i.MX7. Code based on new BootROM callbacks will just have HAB_SUCCESS
as a result code. Adding support for the new BootROM callbacks is a TODO.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
The hab_rvt_check_target() callback according to the HABv4 documentation:
"This function reports whether or not a given target region is allowed for
either peripheral configuration or image loading in memory. It is intended
for use by post-ROM boot stage components, via the ROM Vector Table, in
order to avoid configuring security-sensitive peripherals, or loading
images over sensitive memory regions or outside recognized memory devices
in the address map."
It is a useful function to support as a precursor to calling into
authenticate_image() to validate the target memory region is good.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
This patch enables printout of the IVT entry, dcd and csf data fields.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
The IVT gives the absolute address of the CSF. There is no requirement for
the CSF to be located adjacent to the IVT so lets use the address provided
in the IVT header instead of the hard-coded fixed CSF offset currently in
place.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Previous patches added IVT header verification steps. We shouldn't call
hab_rvt_entry() until we have done the basic header verification steps.
This patch changes the time we make the hab_rvt_entry() call so that it
only takes place if we are happy with the IVT header sanity checks.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
The IVT is a self-describing structure which contains a self field. The
self field is the absolute physical base address the IVT ought to be at in
memory. Use the IVT self field to validate the calculated ivt_addr bugging
out if the two values differ.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
The IVT header contains a magic number, fixed length and one of two version
identifiers. Validate these settings before doing anything with a putative
IVT binary.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
The various i.MX BootROMs containing the High Assurance Boot (HAB) block
rely on a data structure called the Image Vector Table (IVT) to describe to
the BootROM where to locate various data-structures used by HAB during
authentication.
This patch adds a definition of the IVT header for use in later patches,
where we will break the current incorrect dependence on fixed offsets in
favour of an IVT described parsing of incoming binaries.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
u-boot command "hab_auth_img" tells a user that it takes
- addr - image hex address
- offset - hex offset of IVT in the image
but in fact the callback hab_auth_img makes to authenticate_image treats
the second 'offset' parameter as an image length.
Furthermore existing code requires the IVT header to be appended to the end
of the image which is not actually a requirement of HABv4.
This patch fixes this situation by
1: Adding a new parameter to hab_auth_img
- addr : image hex address
- length : total length of the image
- offset : offset of IVT from addr
2: Updates the existing call into authenticate_image() in
arch/arm/mach-imx/spl.c:jump_to_image_no_args() to pass
addr, length and IVT offset respectively.
This allows then hab_auth_img to actually operate the way it was specified
in the help text and should still allow existing code to work.
It has the added advantage that the IVT header doesn't have to be appended
to an image given to HAB - it can be prepended for example.
Note prepending the IVT is what u-boot will do when making an IVT for the
BootROM. It should be possible for u-boot properly authenticate images
made by mkimage via HAB.
This patch is the first step in making that happen subsequent patches will
focus on removing hard-coded offsets to the IVT, which again is not
mandated to live at the end of a .imx image.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
CSF_PAD_SIZE should be defined in hab.h, move it to that location now.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
The size of the IVT header should be defined in hab.h move it there now.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
The current code disjoins an entire block of code on hab_entry pass/fail
resulting in a large chunk of authenticate_image being offset to the right.
Fix this by checking hab_entry() pass/failure and exiting the function
directly if in an error state.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
There is no need to call is_enabled() twice in authenticate_image - it does
nothing but add an additional layer of indentation.
We can check for is_enabled() at the start of the function and return the
result code directly.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
authenticate_image returns 1 for success and 0 for failure. That result
code is mapped directly to the result code for the command line function
hab_auth_img - which means when hab_auth_img succeeds it is returning
CMD_RET_FAILURE (1) instead of CMD_RET_SUCCESS (0).
This patch fixes this behaviour by making authenticate_image() return 0 for
success and 1 for failure. Both users of authenticate_image() as a result
have some minimal churn. The upshot is once done when hab_auth_img is
called from the command line we set $? in the standard way for scripting
functions to act on.
Fixes: 36c1ca4d46 ("imx: Support i.MX6 High Assurance Boot
authentication")
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Both usages of authenticate_image treat the result code as a simple binary.
The command line usage of authenticate_image directly returns the result
code of authenticate_image as a success/failure code.
Right now when calling hab_auth_img and test the result code in a shell a
passing hab_auth_img will appear to the shell as a fail.
The first step in fixing this behaviour is to fix-up the result code return
by authenticate_image() itself, subsequent patches fix the interpretation
of authenticate_image so that zero will return CMD_RET_SUCCESS and non-zero
will return CMD_RET_FAILURE.
The first step is fixing the return type in authenticate_image() so do that
now.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
In the presence of potentially fragemented memory, we cannot hard-code
addresses into environment variables such as kernel_addr_r. Instead, we
must calculate those addresses at run-time based on available memory
locations. Implement the code to perform such runtime calculation, based
on requirements described in environment variables, to allow the user
full control over the allocation.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
