K3 GP devices allows booting the secure binaries on them by bypassing
the x509 header on them.
ATF and OPTEE firewalling required the rproc_load to be called before
authentication. This change caused the failure for GP devices that
strips off the headers. The boot vector had been set before the headers
were stripped off causing the runtime stripping to fail and stripping
becoming in-effective.
Separate out the secure binary check on GP/HS devices so that the
boot_vector could be stripped before calling rproc_load. This allows
keeping the authentication later when the cluster is on along with
allowing the stripping of the binaries in case of gp devices.
Fixes: 1e00e9be62 ("arm: mach-k3: common: re-locate authentication for atf/optee")
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
K3 devices have some firewalls set up by ROM that we usually remove so
that the development is easy in HS devices.
While removing the firewalls disabling a background region before
disabling the foreground regions keeps the firewall in a state where all
the transactions will be blacklisted until all the regions are disabled.
This causes a race for some other entity trying to access that memory
region before all the firewalls are disabled and causes an exception.
Since the background regions configured by ROM are in such a manner
that they allow all transactions, don't touch the background regions at
all.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Reviewed-by: Kamlesh Gurudasani <kamlesh@ti.com>
Allow non fitImage bootflow on Field Securable (HS-FS) devices in
addition to GP, force fitImage boot only on Security enforced (HS-SE)
devices where signed images are necessary to maintain chain of trust.
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Reviewed-by: Kamlesh Gurudasani <kamlesh@ti.com>
For setting up the master firewalls present in the K3 SoCs, the arm64
clusters need to be powered on.
Re-locates the code for atf/optee authentication.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
This matches how it was done for pre-K3 TI platforms and it allows
us to move the forward declaration out of sys_proto.h.
It also removes the need for K3_BOARD_DETECT as one is free to simply
override the weak function in their board files as needed.
Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>
This function is the same for each device when it needs to shutdown
the R5 core. Move this to the common section and move the remaining
device specific ID list to the device hardware include.
Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>
This belongs in the J721e specific file as it is the only place
this is used. Any board level users should use the SOC driver.
While here, move the J721e and J7200 SoC IDs out of sys_proto.h
and into hardware.h. Use a macro borrowed from Rockchip and add
the rest of the SoC IDs for completeness and later use.
Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>
The MSMC fixup is something we do based on SoC, not based on the board.
So this fixup does not belong in the board files. Move this to the
mach-k3 common file so that it does not have to be done in each board
that uses these SoCs.
We use ft_system_setup() here instead of ft_board_setup() since it is no
longer board level. Enable OF_SYSTEM_SETUP in the configurations that use
this to keep functionality the same.
Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>
The fs_loader device is used to pull in settings via the chosen node.
However, there was no library function for this, so arria10 was doing it
explicitly. This function subsumes that, and uses ofnode_get_chosen_node
instead of navigating the device tree directly. Because fs_loader pulls
its config from the environment by default, it's fine to create a device
with nothing backing it at all. Doing this allows enabling
CONFIG_FS_LOADER without needing to modify the device tree.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
The rest of the unmigrated CONFIG symbols in the CONFIG_SYS_SDRAM
namespace do not easily transition to Kconfig. In many cases they likely
should come from the device tree instead. Move these out of CONFIG
namespace and in to CFG namespace.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This matches what we did for pre-K3 devices. This allows us to build
boot commands that can check for our device type at runtime.
Signed-off-by: Andrew Davis <afd@ti.com>
We can skip the image authentication check at runtime if the device is GP.
This reduces the delta between GP and HS U-Boot builds. End goal is
to re-unify the two build types into one build that can run on all
device types.
Signed-off-by: Andrew Davis <afd@ti.com>
K3 SoCs are available in a number of device types such as
GP, HS-FS, EMU, etc. Like OMAP SoCs we can detect this at runtime
and should print this out as part of the SoC information line.
We add this as part of the common.c file as it will be used
to also modify our security state early in the device boot.
Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
The spl_enable_dcache() function calls dram_init_banksize()
to get the total memory size. Normally the dram_init_banksize()
setups the memory banks, while the total size is reported
by ddr_init(). This worked so far for K3 since we set the
gd->ram_size in dram_init_banksize() as well.
Signed-off-by: Georgi Vlaev <g-vlaev@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Probe toplevel AM65 CPSW NUSS driver from misc_init_r() when driver
is enabled. Since driver is modeled as UCLASS_MISC, we need to
explicitly probe the driver. Use common misc_init_r() that entire
K3 family of SoCs.
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
With Device Manager firmware in an elf file form, we cannot load the FIT
image to the exact same address as any of the executable sections of the
elf file itself is located.
However, the device tree descriptions for the ARMV8 bootloader/OS
includes DDR regions only the final sections in DDR where the Device
Manager firmware is actually executing out of.
As the R5 uC is usually operating at a slower rate than an ARMv8 MPU,
by starting the Armv8 ahead of parsing the elf and copying the correct
sections to the required memories creates a race condition where the
ARMv8 could overwrite the elf image loaded from the FIT image prior to
the R5 completing parsing and putting the correct sections of elf in
the required memory locations. OR create rather obscure debug conditions
where data in the section is being modified by ARMV8 OS while the elf
copy is in progress.
To prevent all these conditions, lets make sure that the elf parse and
copy operations are completed ahead of ARMv8 being released to execute.
We will pay a penalty of elf copy time, but that is a valid tradeoff in
comparison to debug of alternate scenarios.
Signed-off-by: Nishanth Menon <nm@ti.com>
Add a weak release_resources_for_core_shutdown() stub implementation
that can be overridden by actual implementation if a SoC supports that
function.
Signed-off-by: Suman Anna <s-anna@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
The mach-k3 common code defined a weak start_non_linux_remote_cores()
function so that the proper implementation can be plugged in the
SoC-specific source files. This won't be needed anymore, so remove the
the common code.
Signed-off-by: Suman Anna <s-anna@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Link: https://lore.kernel.org/r/20210726211311.5977-4-s-anna@ti.com
Only start-up the non-linux remote cores if we are running in legacy
boot mode. HSM rearch is not yet supporting this.
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>
Add callback routines for parsing the firmware info from FIT image, and
use the data to boot up ATF and the MCU R5 firmware.
Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>
Historically, the reset_cpu() function had an `addr` parameter which was
meant to pass in an address of the reset vector location, where the CPU
should reset to. This feature is no longer used anywhere in U-Boot as
all reset_cpu() implementations now ignore the passed value. Generic
code has been added which always calls reset_cpu() with `0` which means
this feature can no longer be used easily anyway.
Over time, many implementations seem to have "misunderstood" the
existence of this parameter as a way to customize/parameterize the reset
(e.g. COLD vs WARM resets). As this is not properly supported, the
code will almost always not do what it is intended to (because all
call-sites just call reset_cpu() with 0).
To avoid confusion and to clean up the codebase from unused left-overs
of the past, remove the `addr` parameter entirely. Code which intends
to support different kinds of resets should be rewritten as a sysreset
driver instead.
This transformation was done with the following coccinelle patch:
@@
expression argvalue;
@@
- reset_cpu(argvalue)
+ reset_cpu()
@@
identifier argname;
type argtype;
@@
- reset_cpu(argtype argname)
+ reset_cpu(void)
{ ... }
Signed-off-by: Harald Seiler <hws@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Move this out of the common header and include it only where needed. In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly. Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
In the spirit of using the same base name for all of these related macros,
rename this to have the operation at the end. This is not widely used so
the impact is fairly small.
Signed-off-by: Simon Glass <sjg@chromium.org>
Detect if sysfw is already loaded by ROM and pass this information to
sysfw loader. Based on this information sysfw loader either loads the
sysfw image from boot media or just receives the boot notification
message form sysfw.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Suman Anna <s-anna@ti.com>
The J7200 SoC is a part of the K3 Multicore SoC architecture platform.
It is targeted for automotive gateway, vehicle compute systems,
Vehicle-to-Vehicle (V2V) and Vehicle-to-Everything (V2X) applications.
The SoC aims to meet the complex processing needs of modern embedded
products.
Some highlights of this SoC are:
* Dual Cortex-A72s in a single cluster, two clusters of lockstep
capable dual Cortex-R5F MCUs and a Centralized Device Management and
Security Controller (DMSC).
* Configurable L3 Cache and IO-coherent architecture with high data
throughput capable distributed DMA architecture under NAVSS.
* Integrated Ethernet switch supporting up to a total of 4 external ports
in addition to legacy Ethernet switch of up to 2 ports.
* Upto 1 PCIe-GEN3 controller, 1 USB3.0 Dual-role device subsystems,
20 MCANs, 3 McASP, eMMC and SD, OSPI/HyperBus memory controller, I3C and
I2C, eCAP/eQEP, eHRPWM among other peripherals.
* One hardware accelerator block containing AES/DES/SHA/MD5 called SA2UL
management.
See J7200 Technical Reference Manual (SPRUIU1, June 2020)
for further details: https://www.ti.com/lit/pdf/spruiu1
Add support for detection J7200 SoC
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Suman Anna <s-anna@ti.com>
Add an api soc_is_j721e(), and use it to enable certain functionality
that is available only on j721e. This detection is needed when DT is not
available.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Suman Anna <s-anna@ti.com>
mmr_unlock api is common for all k3 devices. Move it to a common
location.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Suman Anna <s-anna@ti.com>
Replace the function spl_board_prepare_for_boot_linux by the correct
name of the weak function spl_board_prepare_for_linux defined in spl.h.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
- Enable DM_ETH on omap3_logic board
- Enable Caches in SPL for K3 platforms
- Enable backup boot mode support for J721E
- Update the DDR timings for AM654 EVM
- Add automated tests for RX-51
Add support for enabling dcache already in SPL. It accelerates the boot
and resolves the risk to run into unaligned 64-bit accesses.
Based on original patch by Lokesh Vulta.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Acked-by: Lokesh Vutla <lokeshvutla@ti.com>
Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.
Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.
Signed-off-by: Simon Glass <sjg@chromium.org>
JTAG ID register is defined by IEEE 1149.1 for device identification.
Use this JTAG ID register for identifying AM65x[0] and J721E[1] devices
instead of using SoC specific registers.
[0] http://www.ti.com/lit/ug/spruid7e/spruid7e.pdf
[1] http://www.ti.com/lit/ug/spruil1a/spruil1a.pdf
Reported-by: Grygorii Strashko <grygorii.strashko@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Add a separate function for printing sysfw version so that it can be
called independently of k3_sysfw_loader.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
MCU Domain rf50 is currently shutting down after loading the ATF.
Load elf firmware and jump to firmware post loading ATF.
ROM doesn't enable ATCM memory, so make sure that firmware that
is being loaded doesn't use ATCM memory or override SPL.
Signed-off-by: Keerthy <j-keerthy@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Add MAIN domain R5FSS0 remoteproc support from spl. This enables
loading the elf firmware in SPL and starting the remotecore.
In order to start the core, there should be a file with path
"/lib/firmware/j7-main-r5f0_0-fw" under filesystem
of respective boot mode.
Signed-off-by: Keerthy <j-keerthy@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
[Guard start_non_linux_remote_cores under CONFIG_FS_LOADER]
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Data manual mentions the new silicon revisions as SR instead of PG. Use
the same nomenclature inside U-Boot as well.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
K3 J721E:
* DMA support.
* MMC and ADMA support.
* EEPROM support.
* J721e High Security EVM support.
* USB DT nodes
K3 AM654:
* Fixed boot due to pmic probe error.
* USB support and DT nodes.
* ADMA support
DRA7xx/AM57xx:
* BBAI board support
* Clean up of net platform code under board/ti
AM33/AM43/Davinci:
* Reduce SPL size for omap3 boards.
* SPL DT support for da850-lcdk
* PLL divider fix for AM335x
ROM configures certain firewalls based on its usage, which includes
the one in front of boot peripherals. In specific case of boot
peripherals, ROM does not open up the full address space corresponding
to the peripherals. Like in OSPI, ROM only configures the firewall region
for 32 bit address space and mark 64bit address space flash regions
as in-accessible.
When security-cfg is initialized by sysfw, all the non-configured
firewalls are kept in bypass state using a global setting. Since ROM
configured firewalls for certain peripherals, these will not be touched.
So when bootloader touches any of the address space that ROM marked as
in-accessible, system raises a firewall exception causing boot hang.
It would have been ideal if sysfw cleans up the ROM configured boot
peripheral firewalls. Given the memory overhead to store this
information provided by ROM and the boot time increase in re configuring
the firewalls, it is concluded to clean this up in bootloaders.
So disable all the firewalls that ROM doesn't open up the full address
space.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Signed-off-by: Venkateswara Rao Mandela <venkat.mandela@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Not finding a node that we try to disable does not always need to be
fatal to boot but should at least print out a warning. Return error
from fdt_disable_node as it did fail to disable the node, but only
warn in the case of disabling the TRNG as this will not prevent boot.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>