Fman microcode is executable code (AFAICT) loaded into a
coprocessor. As such, if verified boot is enabled, it must be verified
like other executable code. However, this is not currently done.
This commit adds verified boot functionality by encapsulating the
microcode in a FIT, which can then be signed/verified as normal. By
default we allow fallback to unencapsulated firmware, but if
CONFIG_FIT_SIGNATURE is enabled, then we make it mandatory. Because
existing Layerscape do not use this config (instead enabling
CONFIG_CHAIN_OF_TRUST), this should not break any existing boards.
An example (mildly-abbreviated) its is provided below:
/ {
#address-cells = <1>;
images {
firmware {
data = /incbin/(/path/to/firmware);
type = "firmware";
arch = "arm64";
compression = "none";
signature {
algo = "sha256,rsa2048";
key-name-hint = "your key name";
};
};
};
configurations {
default = "conf";
conf {
description = "Load FMAN microcode";
fman = "firmware";
};
};
};
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Several ethernet drivers load firmware from FIT images. Convert them to
use the fit_get_data helpers.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
This converts the FIT loading process of the fpga command to use
fit_get_data_node.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
This reduces sec_firmware_get_data to a single call to
fit_get_data_conf_prop. I think sec_firmware_check_copy_loadable could also
be converted, but it does not map as straightforwardly, so I have left it
for a future cleanup.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Several different firmware users have repetitive code to extract the
firmware data from a FIT. Add some helper functions to reduce the amount
of repetition. fit_conf_get_prop_node (eventually) calls
fdt_check_node_offset_, so we can avoid an explicit if. In general, this
version avoids printing on error because the callers are typically
library functions, and because the FIT code generally has (debug)
prints of its own. One difference in these helpers is that they use
fit_image_get_data_and_size instead of fit_image_get_data, as the former
handles external data correctly.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The config to use for FIT images can be better specified by enabling
CONFIG_MULTI_DTB_FIT and implementing board_fit_config_name_match.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Correctly calculate offsets between SPL and proper U-Boot when new config
option CONFIG_FSL_PREPBL_ESDHC_BOOT_SECTOR for generating eSDHC boot sector
is enabled. Otherwise SPL would not be able to boot proper U-Boot.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
CPLD in load_default mode ignores watchdog reset signal. It does not reset
board when watchdog triggers reset signal.
Detect load_default mode by GPIO7 - LOAD_DEFAULT_N and delete watchdog
max6370 node from device to prevent registering driver for non-working
watchdog.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
All *boot env commands overrides default boot source location via i2c.
After board reset without power off, BootROM then starts booting U-Boot
from this specified location instead of the default one.
Add new env command defboot which reverts boot location to the default
value, which in most cases is configurable by HW DIP switches.
And add new env commands norlowerboot, norupperboot, sd2boot to boot from
other locations. norlowerboot would instruct BootROM to boot from lower NOR
bank, norupperboot from upper NOR bank and sd2boot from SD card with
alternative configuration.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Removes hwlocks properties from stm32mp151 pinctrl node. These locks
could be used for other purpose, depending on board and software
configuration hence do not enforce their use to protect pinctrl
devices.
This patch is an alignment with Linux device tree with v6.0 as the
hwsem support wasn’t yet added in pincontrol in kernel. It avoids
issues when the Linux kernel is started with the U-Boot device tree.
Cc: Patrice Chotard <patrice.chotard@foss.st.com>
Cc: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Perform long overdue conversion of ad-hoc FMC2 EBI bus initialization
to upstream FMC2 EBI driver. No functional change.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Patrice Chotard <patrice.chotard@foss.st.com>
Cc: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
SYS_HZ_CLOCK was wrongly set to 1GHz whereas it's set to 750MHz
by default by bootrom.
Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reviewed-by: Grzegorz Szymaszek <gszymaszek@short.pl>
Since commit 5bc6f8c2a97e("video: stm32: remove test on CONFIG_DM_REGULATOR")
backlight was broken with the following message at boot:
stm32-display-dsi dsi@40016c00: Warning: cannot get phy dsi supply
stm32_display display-controller@40016800: panel panel enable backlight error -38
DM_REGULATOR flag must be enabled to fix this issue
Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Since commit ef4ce6df32 "video: stm32: stm32_ltdc: fix data enable polarity"
The panel display output wasn't functional anymore.
Device tree display-timings de-active property value must be updated
to 1.
Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Handle the input clock of RCC USB_PHY_48, provided by USBPHYC
and named "ck_usbo_48m".
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
ck_usbo_48m is generated by usbphyc PLL and used by OTG controller
for Full-Speed use cases with dedicated Full-Speed transceiver.
ck_usbo_48m is available as soon as the PLL is enabled.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Add the counter of the PLL user n_pll_cons managed by the 2 functions
stm32_usbphyc_pll_enable / stm32_usbphyc_pll_disable.
This counter allow to remove the function stm32_usbphyc_is_init
and it is a preliminary step for ck_usbo_48m introduction.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
The tests on CONFIG_DM_REGULATOR, added to avoid compilation issues, can
now be removed, they are no more needed since the commit 16cc5ad0b4
("power: regulator: add dummy helper").
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Simplify the package parsing code for STM32MP15X as package can be
affected with get_cpu_package() result.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
P1/P2 RDB boards have external max6370 watchdog connected to CPLD and this
watchdog is not deactivated on board reset. So if it is active during board
reset, it can trigger another reset when CPU is booting U-Boot. To prevent
possible infinite reset loop caused by external watchdog, turn it off
before reset.
Do it via a new board_reset_prepare() callback which is called from
do_reset() function before any reset sequence.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
CPLD's system reset register is buggy and requires workaround in U-Boot.
So use this kind of board reset only when there is no other reset option.
Introduce a new board_reset_last() callback which is last-stage
board-specific reset and implement CPLD's system reset in this new
board_reset_last() callback instead of board_reset() callback.
Fixes: 20fb58fc5a ("board: freescale: p1_p2_rdb_pc: Implement board_reset()")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
If watchdog timer was already set to non-disabled value then it means that
watchdog timer was already activated, has already expired and caused CPU
reset. If this happened then due to CPLD firmware bug, writing to wd_cfg
register has no effect and therefore it is not possible to reactivate
watchdog timer again. Watchdog starts working again after CPU reset via
non-watchdog method.
Implement this workaround (reset CPU when it was reset by watchdog) to make
watchdog usable again. Watchdog timer logic on these P1/P2 RDB boards is
connected to CPLD, not to SoC itself.
Note that reset does not occur immediately after calling do_reset(), but
after few ms later as real reset is done by CPLD. So it is normal that
function do_reset() returns. Therefore hangs after calling do_reset() to
prevent CPU execution of the rest U-Boot code.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
CPLD's system reset register on P1/P2 RDB boards is not autocleared after
flipping it. If this register is set to one in 100ms after reset starts
then CPLD triggers another CPU reset.
This means that trying to reset board via CPLD system reset register cause
reboot loop. To prevent this reboot loop, the only workaround is to try to
clear CPLD's system reset register as early as possible. U-Boot is already
doing it in its board_early_init_f() function, which seems to be enough as
register is cleared prior CPLD triggers another reset.
But board_early_init_f() is not called from SPL and therefore usage of SPL
can cause reboot loop.
To prevent reboot loop when using SPL, call board_early_init_f() function
in SPL too. For accessing CPLD memory space it is needed to have CPLD entry
in TLB.
With this change it is possible to trigger board reset via CPLD's system
reset register on P2020 RDB board.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
System reset via the SRST extension in the SBI should be the default.
The driver checks if the extension is available when probing.
So there is no risk in enabling it.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Format the KVM implementation number in a human readable form.
With the patch output of the sbi command for Linux 5.19.1 looks like:
=> sbi
SBI 0.3
KVM 5.19.1
Machine:
Vendor ID 0
Architecture ID 7005c
Implementation ID 7005c
Extensions:
SBI Base Functionality
Timer Extension
IPI Extension
RFENCE Extension
Hart State Management Extension
System Reset Extension
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
This commit sychronizes the header file for FU740 PRCI clocks with the
one from Linux 5.19.
The constant values are the same, but all constant names are changed
(most are just prefixed with FU740_).
Signed-off-by: Icenowy Zheng <uwu@icenowy.me>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
If ethernet connected to SFP, like this:
&enetc_port0 {
phy-connection-type = "sgmii";
sfp = <&sfp0>;
managed = "in-band-status";
status = "okay";
};
Then enetc_config_phy returns -ENODEV and the memory containing the mdio interface is freed.
It's better to unregister and free mdio resources.
Signed-off-by: Siarhei Yasinski <siarhei.yasinski@sintecs.eu>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
In both the Freescale DDR controller and the SPD spec, bank address bits
are stored as the number of bank address bits minus 2. For example, if a
chip had 8 banks (3 total bank address bits), the value of
bank_addr_bits would be 1. This is rather surprising for users
configuring their memory manually, since they can't set bank_addr_bits
to the actual number of bank address bits. Rectify this.
There is at least one example of this kind of mistake already, in
board/freescale/t102xrdb/ddr.c. The documented MT40A512M8HX has two bank
address bits, but bank_addr_bits was set to 2, implying 4 bank address
bits. Such a value is reserved in BA_BITS_CS, but I suspect the
controller simply ignores the top bit, making this kind of mistake
harmless, if misleading.
Fixes: e8a7f1c32b ("powerpc/t1023rdb: Add T1023 RDB board support")
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The interactive mode uses large several tables of options which can be
configured. However, much of the contents of these tables are
repetetive. For example, no struct is larger than half a kilobyte, so
the offset only takes up 9 bits. Similarly, the size is only ever 4 or
8, and printhex is a boolean. Reduce the size of these fields. This
reduces the size of the options tables by around 10 KiB. However, the
largest contributor to the size of the options tables is the use of a
pointer for the strings. A better approach would be to use a separate
array of strings, and store an integer index in the options tables.
However, this would require a large re-architecting of this file.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The frequency of the system counter is static which is given by the
COUNTER_FREQUENCY option. Remove COUNTER_FREQUENCY_REAL.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Depending on the boot source, set different CLI prompts. This will help
the user to figure out in which mode the bootloader was started. There
are two special modes: failsafe and SDHC boot.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
During startup the SPL will print where the u-boot proper is read from.
Instead of using the default names, provide more user friendly names.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The board is able to boot from the following source:
- user-updateble SPI flash
- write-protected part of the same SPI flash
- eMMC
- SD card
Implement the needed function hooks to support all of these boot
sources.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
By default the OCRAM is marked as secure. While the SPL runs in EL3 and
thus can access it, DMA devices cannot. Mark the whole OCRAM as
non-secure.
This will fix MMC and SD card boot on LS1028A when using SPL instead of
TF-A.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
This adds the onkey, RTC and watchdog children to the DA9063 PMIC node,
fixes the compatible for qspi0's flash node to match the official DT
schema (it being an is25wp256 is discoverable, hence jedec,spi-nor is
the only compatible that should be present) and exposes the card detect
GPIO.
Note that the device trees still diverge in some places (including
important things like the PCIe controller's clock name) and should be
cleaned up so that a common device tree is used in both projects rather
than having different bindings. This patch does not attempt to do that,
merely expose important functionality present in Linux's that is not in
U-Boot's so that it can be used without the OS providing its own bundled
copy.
Signed-off-by: Jessica Clarke <jrtc27@jrtc27.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Adding some debug prints I can see:
MMC: mmc@fe320000: Got clock clock-controller@ff760000 76
mmc@fe310000: Got clock clock-controller@ff760000 77
Unknown clock 77
rockchip_dwmmc_get_mmc_clk: err=-2
mmc@fe310000: 3, mmc@fe320000: 1, mmc@fe330000: 0
According to kernel code the SDIO clock is identical to SDMMC clock
except for the con 16->15 change.
Add support for the clock to avoid the error.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
This new image is similar to u-boot-rockchip.bin except that it's
destined to be flashed on SPI-NOR flashes.
Cc: Quentin Schulz <foss+uboot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This prepares for the creation of a u-boot-rockchip-spi.bin image
similar to u-boot-rockchip.bin to the exception it's destined for
SPI-NOR flashes instead of MMC storage medium.
Cc: Quentin Schulz <foss+uboot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
By factoring SPL check in the first condition, this makes the checks a
bit less convoluted and more readable.
Cc: Quentin Schulz <foss+uboot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This allows to build u-boot-rockchip.bin binary with binman for Rockchip
ARM64 boards instead of the legacy Makefile way.
Cc: Quentin Schulz <foss+uboot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
idbloader.img content - currently created by way of Makefile - can be
created by binman directly.
So let's do that for Rockchip ARM platforms.
Cc: Quentin Schulz <foss+uboot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Binman mkimage entry generates temporary files so let's remove them
when calling `make clean`.
Fixes: 9b312e26fc ("rockchip: Enable building a SPI ROM image on jerry")
Cc: Quentin Schulz <foss+uboot@0leil.net>
Reported-by: Johan Jonker <jbx6244@gmail.com>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
mkimage entry currently creates a file whose name is derived from the
section name containing said entry.
Let's allow the user to define a filename for the mkimage-generated
binary by using the 'filename' DT property.
Cc: Quentin Schulz <foss+uboot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Some image types handled by mkimage require the datafiles to be passed
independently (-d data1:data2) for specific handling of each. A
concatenation of datafiles prior to passing them to mkimage wouldn't
work.
That is the case for rkspi for example which requires page alignment
and only writing 2KB every 4KB.
This adds the ability to tell binman to pass the datafiles without
prior concatenation to mkimage, by adding the multiple-data-files
boolean property to the mkimage node.
Cc: Quentin Schulz <foss+uboot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>