In order to enable HAB, FSL_CAAM, ARCH_MISC_INIT and
SPL_CRYPTO should be enabled in Kconfig like other i.MX8M
boards.
This also needs to occur in the SPL so enable CONFIG_SPL_BOARD_INIT and
add a void spl_board_init function which calls arch_misc_init to probe
the CAAM driver.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Update RAM Timings for 2GB RAM based on DDR Controller Configuration
Spreadsheet revision 22. Including the update of the refresh
rate to workaround errata ERR050805.
Signed-off-by: Cem Tenruh <c.tenruh@phytec.de>
The csf_spl.txt and csf_fit.txt templates contain file paths which must
be edited for the location of your NXP CST generated key files.
Streamline the process of signing an image by assigning unique var names
to these which can be expended from env variables in the csf.sh script.
The following vars are used:
SRK_TABLE - full path to SRK_1_2_3_4_table.bin
CSF_KEY - full path to the CSF Key CSF1_1_sha256_4096_65537_v3_usr_crt.pem
IMG_KEY - full path to the IMG Key IMG1_1_sha256_4096_65537_v3_usr_crt.pem
Additionally provide an example of running the csf.sh script.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
The sec_in32 preprocessor is defined as follows in include/fsl_sec.h file:
When address "a" is calculated using math for ex: addition of base address and
an offset, then casting is applied only to the first address which in this
example is base address.
caam_ccbvid_reg = sec_in32(CONFIG_SYS_FSL_SEC_ADDR + CAAM_CCBVID_OFFSET)
resolves to:
caam_ccbvid_reg = in_le32((ulong *)(ulong)CONFIG_SYS_FSL_SEC_ADDR +
CAAM_CCBVID_OFFSET)
instead it should resolve to:
caam_ccbvid_reg = in_le32((ulong *)(ulong)(CONFIG_SYS_FSL_SEC_ADDR +
CAAM_CCBVID_OFFSET))
Thus add parenthesis around the address "a" so that however the address is
calculated, the casting is applied to the final calculated address.
Reviewed-by: Horia Geanta <horia.geanta@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
add support for SHA-256 secure hash algorithm using the ARM v8
SHA-256 instructions for verifying image hash.
Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Abstract common interfaces for AHAB authentication operations.
Then share some common codes for AHAB and SPL container authentication
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
If the container has image which conflicts with
spl_get_load_buffer address, there are processing failures.
Use malloc instead of spl_get_load_buffer.
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Nitin Garg <nitin.garg@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
1. Implement bootaux for the M4 boot on i.MX8QM and QXP. Users need to download
M4 image to any DDR address first. Then use the
"bootaux <M4 download DDR address> [M4 core id]" to boot CM4_0
or CM4_1, the default core id is 0 for CM4_0.
Since current M4 only supports running in TCM. The bootaux will copy
the M4 image from DDR to its TCML.
2. Implment bootaux for HIFI on QXP
command: bootaux 0x81000000 1
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The bootaux uses ulong to read private data and write to M4 TCM,
this cause problem on ARM64 platform where the ulong is 8bytes.
Fix it by using u32 to replace ulong.
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The current bootaux supports i.MX8M and i.MX93, but the name "_M4_"
implies that the SoCs have Cortex-M4. Actually i.MX8MM/Q use Cortex-M4,
i.MX8MN/P use Cortex-M7, i.MX93 use Cortex-M33, so use "_MCU_" in place
of "_M4_" to simplify the naming.
Signed-off-by: faqiang.zhu <faqiang.zhu@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Add the support for loading image from secondary container set on
iMX8QM B0, iMX8QXP C0.
Using the SCFW API to get container set index, if it is the secondary
boot, get the offset from fuse and apply to offset of current container
set beginning for loading.
Also override the emmc boot partition to check secondary boot and switch
to the other boot part.
This patch is modified from NXP downstream:
imx8: Fix the fuse used by secondary container offset
imx: container: Skip container set check for ROM API
imx8: spl: Support booting from secondary container set
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Checking container header tag and version is wrong, it causes to fail
to bypass invalid container
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Fix below coverity issues caused by get_idx function where "-1" is
compared with uint8_t "element"
343336 Unsigned compared with neg
343337 Operands don't affect result
Additional, this function returns "-1" will cause overflow to
event string array.
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
On the imx8ulp A1 SoC, the ELE RNG needs to be manually started.
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Extend the RX timeout value to 10s, because when authentication is failed
the ELE needs long time (>2s for 28M image) to return the result. Print
rx wait info per 1s.
Also correct TX and RX status registers in debug.
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
According to SRM, the Sentinel MU has 8 TR and 4 RR registers. All
of them are used for ELE message. So update TR count to 8 and fix a
typo in receive msg
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Fix Coverity (CID 21143558).
When tee_shm_register returns failure, the shm_input pointer is
invalid, should not free it. Same issue also exists on registering
shm_output.
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Add two ELE API: ele_return_lifecycle_update and ele_write_secure_fuse
Add two cmd: ahab_return_lifecycle and ahab_sec_fuse_prog
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Fix build warning:
warning: format ‘%x’ expects argument of type ‘unsigned int’, but argument 3
has type ‘u64’ {aka ‘long long unsigned int’} [-Wformat=]
printf("can't find memreg for image %d load address 0x%x, error %d\n",
warning: format ‘%lx’ expects argument of type ‘long unsigned int’, but
argument 3 has type ‘sc_faddr_t’ {aka ‘long long unsigned int’} [-Wformat=]
debug("memreg %u 0x%lx -- 0x%lx\n", mr, start, end);
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Per NXP requirement, we rename all the NXP EdgeLock Secure Enclave
code including comment, folder and API name to ELE to align.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The return value is int type, not sc_err_t(u8), correct the usage.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Tested-by: Oliver Graute <oliver.graute@kococonnector.com>
Reviewed-by: Oliver Graute <oliver.graute@kococonnector.com>
The return value is int type, not sc_err_t(u8), correct the usage.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Tested-by: Oliver Graute <oliver.graute@kococonnector.com>
Reviewed-by: Oliver Graute <oliver.graute@kococonnector.com>
Running a memtest in U-Boot and Linux shows that some Colibri iMX6
produce bitflips at temperatures above 60°C. This happens because the
RALAT and WALAT values on the Colibri iMX6 are too low. The problems
were introduced by commit 09dbac8174 ("mx6: ddr: Restore ralat/walat
in write level calibration") before the calibration process overwrote
the values and set them to the maximum value. With this commit, we make
sure that the RALAT and WALAT values are set to the maximum values
again. This has been proven to work for years.
Fixes: 09dbac8174 ("mx6: ddr: Restore ralat/walat in write level calibration")
Signed-off-by: Stefan Eichenberger <stefan.eichenberger@toradex.com>
Signed-off-by: Francesco Dolcini <francesco.dolcini@toradex.com>
As the serial devices are configured in the device tree, enable
DM_SERIAL in the non-SPL T1024RDB defconfigs.
Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Make sure the serial driver is initialized before relocation by tagging
the serial nodes with "bootph-all". Add these u-boot specific properties
to an *-u-boot.dtsi file.
Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Add the serial node descriptions similar to Linux v6.4 for the
t1024rdb board and its dependencies.
Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The serial clock is provided by the get_serial_clock() callback on PPC
under DM_SERIAL. Use the same method to compute the clock as for
non-DM_SERIAL use cases.
Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Call pci_init() to force PCI enumeration at probe time.
Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
As the serial devices are configured in the device tree, enable
DM_SERIAL in the non-SPL T1042D4RDB defconfigs.
Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Make sure the serial driver is initialized before relocation by tagging
the serial nodes with "bootph-all". Add these u-boot specific properties
to an *-u-boot.dtsi file.
Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Add the serial node descriptions similar to Linux v6.4 for the
t1042d4rdb board and its dependencies.
Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The serial clock is provided by the get_serial_clock() callback on PPC
under DM_SERIAL. Use the same method to compute the clock as for
non-DM_SERIAL use cases.
Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Call pci_init() to force PCI enumeration at probe time.
Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
As the serial devices are configured in the device tree, enable
DM_SERIAL in the non-SPL T4240RDB defconfig.
Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>