The commit b583348ca8 ("image: fit: Align hash output buffers") places
the hash output buffer at the .bss section. However, AST2600 by default
executes SPL in the NOR flash XIP way. This results in the hash output
cannot be written to the buffer as it is located at the R/X only region.
We need to move the .bss section out of the SPL body to the DRAM space,
where hash output can be written to. This patch includes:
- Define the .bss section base and size
- A new SPL linker script is added with a separate .bss region specified
- Enable CONFIG_SPL_SEPARATE_BSS kconfig option
Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Reviewed-by: Neal Liu <neal_liu@aspeedtech.com>
Asking if the alias we found actually points at the device tree node
we passed in (in the guise of its offset from blob) can be done simply
by asking if the fdt_path_offset() of the alias' path is identical to
offset.
In fact, the current method suffers from the possibility of false
negatives: dtc does not necessarily emit a phandle property for a node
just because it is referenced in /aliases; it only emits a phandle
property for a node if it is referenced in <angle brackets>
somewhere. So if both the node we passed in and the alias node we're
considering don't have phandles, fdt_get_phandle() returns 0 for both.
Since the proper check is so simple, there's no reason to hide that
behind a config option (and if one really wanted that, it should be
called something else because there's no need to involve phandle in
the check).
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Acked-by: Aswath Govindraju <a-govindraju@ti.com>
This converts the following to Kconfig:
CONFIG_SPL_BSS_MAX_SIZE
CONFIG_SPL_MAX_FOOTPRINT
Note that the da850evm platforms were violating the "only use one" rule
here, and so now hard-code their BSS limit.
Signed-off-by: Tom Rini <trini@konsulko.com>
This converts the following to Kconfig:
CONFIG_BOOTP_MAY_FAIL
CONFIG_BOOTP_VENDOREX
CONFIG_BOOTP_BOOTFILESIZE
CONFIG_BOOTP_NISDOMAIN
CONFIG_BOOTP_TIMEOFFSET
Cc: Ramon Fried <rfried.dev@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
AST2600 leverages the FIT hash/signature verification to fulfill
secure boot trust chain. To improve the performance and save SW
code size for those crypto operations, the two HW crypto engine,
HACE and ACRY, are enabled.
However, both of the engines can only access to data stored in
DRAM space. Therefore, we need to move the FIT image into DRAM
before the booting.
This patch update the CONFIG_BOOTCOMMAND to execute the pre-defined
ENV variable which consists of FIT image copy to memory and booting.
Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Enable SPL FIT image load and verification support.
The HW accelerated SHA is also available with the
newly added support of the HACE HW hash engine.
The SPL thumb build is also enabled to keep the binary
less than 64KB to fit into the Aspeed secure boot design.
Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Reviewed-by: Joel Stanley <joel@jms.id.au>
This converts the following to Kconfig:
CONFIG_SYS_MALLOC_LEN
Signed-off-by: Tom Rini <trini@konsulko.com>
Acked-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Rick Chen <rick@andestech.com>
Now that we have consistent usage, migrate this symbol to Kconfig.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Rick Chen <rick@andestech.com>
Add the default configuration for the AST2600 EVB.
Signed-off-by: Chia-Wei, Wang <chiawei_wang@aspeedtech.com>
Reviewed-by: Ryan Chen <ryan_chen@aspeedtech.com>