LS102A ref manual dictates that ICID have to be written to the MSB
of the ICID register, not to the LSB.
Signed-off-by: Vincent Siles <vincent.siles@provenrun.com>
Mix usage of uint32_t and u32 fixed in favor of u32.
Signed-off-by: Vincent Siles <vincent.siles@provenrun.com>
Reviewed-by: York Sun <york.sun@nxp.com>
On the LS102x boards, in order to initialize the ICID values of
masters, the dev_stream_id array holds absolute offsets from the
base of SCFG.
In ls102xa_config_ssmu_stream_id, the base pointer is cast to
uint32_t * before adding the offset, leading to an invalid address.
Casting it to void * solves the issue.
Signed-off-by: Vincent Siles <vincent.siles@provenrun.com>
Reviewed-by: York Sun <york.sun@nxp.com>
This patch enable VID support for ls2080ardb platform.
It uses the common VID driver.
Signed-off-by: Rai Harninder <harninder.rai@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Use a pointer to pass image address to fsl_secboot_validate(),
instead of using environmental variable "img_addr".
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
In case of fatal failure during secure boot execution (e.g. header
not found), reset is asserted to stop execution. If the RESET_REQ
is not tied to HRESET, this allows the execution to continue.
Add esbh_halt() after the reset to make sure execution stops.
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
For secure boot, a header is used to identify key table, signature
and image address. A new header structure is added for lsch3.
Currently key extension (IE) feature is not supported. Single key
feature is not supported. Keys must be in table format. Hence, SRK
(key table) must be present. Max key number has increase from 4 to
8. The 8th key is irrevocable. A new barker Code is used.
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
IR chip is on one of the channels on multiplexed I2C-bus.
Reset to default channel after accessing.
Signed-off-by: Wenbin Song <wenbin.song@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
As the QE firmware struct is shared with Fman, move the header file
out of drivers/qe/.
Signed-off-by: Gong Qianyu <Qianyu.Gong@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
In case of error while executing esbc_validate command, SNVS
transition and issue of reset is required only for secure-boot.
If boot mode is non-secure, this is not required.
Similarly, esbc_halt command which puts the core in Spin Loop
is applicable only for Secure Boot.
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Chain of Trust is enabled for ARM platforms (LS1021 and LS1043).
In board_late_init(), fsl_setenv_chain_of_trust() is called which
will perform the following:
- If boot mode is non-secure, return (No Change)
- If boot mode is secure, set the following environmet variables:
bootdelay = 0 (To disable Boot Prompt)
bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
A function is created to detrmine if the boot mode is secure
or non-secure for differnt SoC's.
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
The fuse status register provides the values from on-chip
voltage ID efuses programmed at the factory. These values
define the voltage requirements for the chip. u-boot reads
FUSESR and translates the values into the appropriate
commands to set the voltage output value of an external
voltage regulator.
Signed-off-by: Ying Zhang <b40530@freescale.com>
Reviewed-by: York Sun <york.sun@nxp.com>
IR chip on all the boards are required to be used in Intel mode
to support VID. VDD will not be adjusted if IR chip is used in
other modes.
Signed-off-by: Ying Zhang <b40530@freescale.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Some images to be validated are relocated to a dynamic
address at run time. So, these addresses cannot be known
befor hand while signing the images and creating the header
offline.
So, support is required to pass the image address to the
validate function as an argument.
If an address is provided to the function, the address
field in Header is not read and is treated as a reserved
field.
Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
The code for image hash calculation, hash calculation from
RSA signature and comparison of hashes has been mobed to a
separate function.
Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Separate functions are created for reading and checking the
sanity of Public keys:
- read_validate_single_key
- read_validate_ie_tbl
- read_validate_srk_table
Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
The prototype and defination of function fsl_secboot_validate
has been changed to support calling this function from another
function within u-boot.
Only two aruments needed:
1) header address - Mandatory
2) SHA256 string - optional
Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
1.Use "qixis_reset sd" to boot from SD
2.Use "qixis_reset sd_qspi" to boot from SD with QSPI support
3.Use "qixis_reset qspi" to boot from QSPI flash
On some SoCs such as LS1021A and LS1043A, IFC and QSPI could be
pin-multiplexed. So the switches are different between SD boot with
IFC support and SD boot with QSPI support. The default booting from
SD is with IFC support.
Once QSPI is enabled(IFC disabled), only use I2C to access QIXIS.
Signed-off-by: Gong Qianyu <Qianyu.Gong@freescale.com>
Reviewed-by: York Sun <york.sun@nxp.com>
This will allow the implementation to make use of data in the block_dev
structure beyond the base device number. This will be useful so that eMMC
block devices can encompass the HW partition ID rather than treating this
out-of-band. Equally, the existence of the priv field is crying out for
this patch to exist.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
According to the Coverity result, a unsigned int variable is used fo less-
than-zero comparison, the result is never true. Need to fix the variable
type to signed int.
Signed-off-by: Ye.Li <B37916@freescale.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Cc: Przemyslaw Marczak <p.marczak@samsung.com>
Cc: Stefano Babic <sbabic@denx.de>
Reviewed-by: Stefano Babic <sbabic@denx.de>
LS1043ARDB Secure Boot Target from NOR has been added.
- Configs defined to enable esbc_validate.
- ESBC Address in header is made 64 bit.
- SMMU is re-configured in Bypass mode.
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
When creating phy-handle property, an unsigned int value is created by
fdt_create_phandle, and memcpy is used to get the value, since DTS is
big endian, the value cannot be used directly on little endian SoCs,
it should be converted by cpu_to_fdt32.
Signed-off-by: Shaohui Xie <Shaohui.Xie@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
LS1043AQDS Specification:
-------------------------
Memory subsystem:
* 2GByte DDR4 DIMM
* 128 Mbyte NOR flash single-chip memory
* 512 Mbyte NAND flash
* 16 Mbyte high-speed SPI flash
* SD connector to interface with the SD memory card
Ethernet:
* Two RGMII ports
* XFI 10G port
* SGMII
* QSGMII with 4x 1G ports
PCIe: supports Gen 1 and Gen 2
SATA 3.0: one SATA 3.0 port
USB 3.0: two micro AB connector and one type A connector
UART: supports two UARTs up to 115200 bps for console
Signed-off-by: Shaohui Xie <Shaohui.Xie@freescale.com>
Signed-off-by: Mingkai Hu <Mingkai.Hu@freescale.com>
Signed-off-by: Hou Zhiqiang <B48286@freescale.com>
Signed-off-by: Gong Qianyu <Qianyu.Gong@freescale.com>
[York Sun: Add CONFIG_SYS_NS16550=y in defconfig]
Reviewed-by: York Sun <yorksun@freescale.com>
When detecting SDHC Adapter Card Type 2(SD/MMC Legacy Adapter Card),
enable EVDD automatic control via SDHC_VS. This could support SD card
IO voltage switching for UHS-1 speed mode.
Signed-off-by: Yangbo Lu <yangbo.lu@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
If adapter card type identification is supported for platform, we would
enable dat[4:7] for eMMC4.5 Adapter Card.
Signed-off-by: Yangbo Lu <yangbo.lu@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
It will take more than 1s when wake up from deep sleep. Most of the
time is spent on outputing information. This patch reduced the deep
sleep latency by:
1. avoid outputing system informaton
2. remove flush cache after DDR restore
3. skip reloading second stage uboot binary when SD boot
Signed-off-by: Tang Yuantian <Yuantian.Tang@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
The ITS bit was being read incorrectly beacause of operator
precedence. The same ahs been corrected.
Signed-off-by: Lawish Deshmukh <lawish.deshmukh@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
Signed-off-by: Hou Zhiqiang <B48286@freescale.com>
Signed-off-by: Shaohui Xie <Shaohui.Xie@freescale.com>
Signed-off-by: Mingkai Hu <Mingkai.Hu@freescale.com>
Signed-off-by: Gong Qianyu <Qianyu.Gong@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
Config Security Level Register is different between different SoCs,
so put the CSL register definition into the arch specific directory.
Signed-off-by: Mingkai Hu <Mingkai.Hu@freescale.com>
Signed-off-by: Hou Zhiqiang <B48286@freescale.com>
Signed-off-by: Gong Qianyu <Qianyu.Gong@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
For the Chain of Trust, the esbc_validate command supports
32 bit fields for location of the image. In the header structure
definition, these were declared as pointers which made them
64 bit on a 64 bit core.
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
If enable DM PMIC and REGULATOR, we should not use original power
framework. So need to comment out the pfuze code for original power
framework, when CONFIG_DM_PMIC_PFUZE100 defined.
Signed-off-by: Peng Fan <Peng.Fan@freescale.com>
Cc: Przemyslaw Marczak <p.marczak@samsung.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Stefano Babic <sbabic@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Secure Boot Target is added for NAND for P3041.
For mpc85xx SoCs, the core begins execution from address 0xFFFFFFFC.
In case of secure boot, this default address maps to Boot ROM.
The Boot ROM code requires that the bootloader(U-boot) must lie
in 0 to 3.5G address space i.e. 0x0 - 0xDFFFFFFF.
In case of NAND Secure Boot, CONFIG_SYS_RAMBOOT is enabled and CPC is
configured as SRAM. U-Boot binary will be located on SRAM configured
at address 0xBFF00000.
In the U-Boot code, TLB entries are created to map the virtual address
0xFFF00000 to physical address 0xBFF00000 of CPC configured as SRAM.
Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
SYSTEM ID EPPROM always store SYSTEM version info in big endian format.
SoC with ARM or PowerPC core should read/write version info from eeprom
in BIG endian format.
So use cpu-specific APIs to read SYSTEM version.
Signed-off-by: Jaiprakash Singh <b44839 at freescale.com>
Signed-off-by: Prabhakar Kushwaha <prabhakar at freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
CONFIG_ARMV7_VIRT depends on CONFIG_ARMV7_NONSEC, thus doesn't need to
be taken into account additionally. CONFIG_ARMV7_PSCI is only set on
boards that support CONFIG_ARMV7_NONSEC, and it only works on those.
CC: Tang Yuantian <Yuantian.Tang@freescale.com>
CC: York Sun <yorksun@freescale.com>
CC: Steve Rae <srae@broadcom.com>
CC: Andre Przywara <andre.przywara@linaro.org>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Tested-by: Alison Wang <alison.wang@freescale.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
Add adapter card type identification support by reading
FPGA STAT_PRES1 register SDHC Card ID[0:2] bits. To use this function,
define CONFIG_FSL_ESDHC_ADAPTER_IDENT.
Signed-off-by: Yangbo Lu <yangbo.lu@freescale.com>
Cc: York Sun <yorksun@freescale.com>
Cc: Pantelis Antoniou <panto@antoniou-consulting.com>
[York Sun: resolve conflicts in README.fsl-esdhc]
Reviewed-by: York Sun <yorksun@freescale.com>
Function dp_ddr_restore is to restore the first 128-byte space
of DDR. However those codes may be optimized out by compiler
since the destination address is at 0x0. In order to avoid
compiler optimization, we restore the space from high address,
which is not at 0x0, to low address.
Signed-off-by: Tang Yuantian <Yuantian.Tang@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
Use "qixis_reset nand" to reset the board to boot from NAND.
Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: York Sun <yorksun@freescale.com>
Move the compilation of file fsl_validate.c in MACRO CONFIG_CMD_ESBC_VALIDATE.
This file should be compiled only when the above MACRO is defined
This caused a break in compilation of iMX platforms when compiling for SECURE_BOOT
Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
Muram will power off during deepsleep, and the microcode of qe
in muram will be lost, it should be reload when resume.
Signed-off-by: Zhao Qiang <B45475@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
Muram will power off during deepsleep, and the microcode of qe
in muram will be lost, it should be reload when resume.
Signed-off-by: Zhao Qiang <B45475@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
1. Default environment will be used for secure boot flow
which can't be edited or saved.
2. Command for secure boot is predefined in the default
environment which will run on autoboot (and autoboot is
the only option allowed in case of secure boot) and it
looks like this:
#define CONFIG_SECBOOT \
"setenv bs_hdraddr 0xe8e00000;" \
"esbc_validate $bs_hdraddr;" \
"source $img_addr;" \
"esbc_halt;"
#endif
3. Boot Script can contain esbc_validate commands and bootm command.
Uboot source command used in default secure boot command will
run the bootscript.
4. Command esbc_halt added to ensure either bootm executes
after validation of images or core should just spin.
Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
esbc_validate command uses various IP Blocks: Security Monitor, CAAM block
and SFP registers. Hence the respective CONFIG's are enabled.
Apart from these CONFIG_SHA_PROG_HW_ACCEL and CONFIG_RSA are also enabled.
Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
1. esbc_validate command is meant for validating header and
signature of images (Boot Script and ESBC uboot client).
SHA-256 and RSA operations are performed using SEC block in HW.
This command works on both PBL based and Non PBL based Freescale
platforms.
Command usage:
esbc_validate img_hdr_addr [pub_key_hash]
2. ESBC uboot client can be linux. Additionally, rootfs and device
tree blob can also be signed.
3. In the event of header or signature failure in validation,
ITS and ITF bits determine further course of action.
4. In case of soft failure, appropriate error is dumped on console.
5. In case of hard failure, SoC is issued RESET REQUEST after
dumping error on the console.
6. KEY REVOCATION Feature:
QorIQ platforms like B4/T4 have support of srk key table and key
revocation in ISBC code in Silicon.
The srk key table allows the user to have a key table with multiple
keys and revoke any key in case of particular key gets compromised.
In case the ISBC code uses the key revocation and srk key table to
verify the u-boot code, the subsequent chain of trust should also
use the same.
6. ISBC KEY EXTENSION Feature:
This feature allows large number of keys to be used for esbc validation
of images. A set of public keys is being signed and validated by ISBC
which can be further used for esbc validation of images.
Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>