Commit graph

47881 commits

Author SHA1 Message Date
Simon Glass
34ba7d777d test: Run buildman tests
Update the test script to run the buildman tests also.

Signed-off-by: Simon Glass <sjg@chromium.org>
2018-01-15 18:29:21 -07:00
Simon Glass
adb5b61612 test: Run patman tests
Update the test script to run the patman tests also.

Signed-off-by: Simon Glass <sjg@chromium.org>
2018-01-15 18:29:21 -07:00
Simon Glass
72d8172be0 test: Run binman tests
Update the test script to run the binman tests also.

Signed-off-by: Simon Glass <sjg@chromium.org>
2018-01-15 18:29:21 -07:00
Tom Rini
8e9801c283 Merge git://git.denx.de/u-boot-imx 2018-01-15 16:44:18 -05:00
Rob Clark
a970ee2257 db410c: on aarch64 the fdtfile is in per-vendor subdirectory
Signed-off-by: Rob Clark <robdclark@gmail.com>
2018-01-15 16:29:04 -05:00
Rob Clark
35bdd839d0 db410c: add reserved-memory node to dts
If lk lights up display and populates simple-framebuffer node, it will
also setup a reserved-memory node (needed by simplefb on linux).  But
it isn't clever enough to cope when the reserved-memory node is not
present.

Signed-off-by: Rob Clark <robdclark@gmail.com>
2018-01-15 16:29:04 -05:00
Jorge Ramirez-Ortiz
9337dfb434 db410c: use the device tree parsed by the lk loader.
We dont need to keep copies of the properties that we are going to
fixup since we will be using the dtb provided by the firmware.

Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
2018-01-15 16:29:03 -05:00
Rob Clark
3b595da441 fdtdec: allow board to provide fdt for CONFIG_OF_SEPARATE
Similar to CONFIG_OF_BOARD, but in this case the fdt is still built by
u-boot build.  This allows the board to patch the fdt, etc.

In the specific case of dragonboard 410c, we pass the u-boot generated
fdt to the previous stage of bootloader (by embedding it in the
u-boot.img that is loaded by lk/aboot), which patches the fdt and passes
it back to u-boot.

Signed-off-by: Rob Clark <robdclark@gmail.com>
[trini: Update board_fdt_blob_setup #if check]
Signed-off-by: Tom Rini <trini@konsulko.com>
2018-01-15 16:29:03 -05:00
Jorge Ramirez-Ortiz
0689eb7470 db410c: replace reset driver with psci
this should be the norm for armv8 platforms.

Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
2018-01-15 16:29:03 -05:00
Jorge Ramirez-Ortiz
e2beb872f7 db410c: update wlan and bt mac addresses from firmware
The firmware that runs before u-boot modifies u-boot's device tree
adding the local-mac-address and local-bd-address properties for the
compatibles "qcom,wcnss-bt" and "qcom,wcnss-wlan".

This commit reads that firmware, retrieves the properties and fixups
the device tree that is passed to the kernel before booting.

Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
2018-01-15 16:29:03 -05:00
Jorge Ramirez-Ortiz
5bef39982a db410c: configs: increase gunzip buffer size for the kernel
the kernel fails to boot when it goes over the limit.

Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
2018-01-15 16:29:03 -05:00
Jorge Ramirez-Ortiz
100fb0bd99 db820c: stop autoboot when vol- pressed
Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
2018-01-15 16:29:02 -05:00
Jorge Ramirez-Ortiz
e0cc0b6c6d db820c: enable pmic gpios for pm8994
Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
2018-01-15 16:29:02 -05:00
Jorge Ramirez-Ortiz
4b684a6b82 db820c: add qualcomm dragonboard 820C support
This commit adds support for 96Boards Dragonboard820C.

The board is based on APQ8086 Qualcomm Soc, complying with the
96Boards specification.

Features
 - 4x Kyro CPU (64 bit) up to 2.15GHz
 - USB2.0
 - USB3.0
 - ISP
 - Qualcomm Hexagon DSP
 - SD 3.0 (UHS-I)
 - UFS 2.0
 - Qualcomm Adreno 530 GPU
 - GPS
 - BT 4.2
 - Wi-Fi 2.4GHz, 5GHz (802.11ac)
 - PCIe 2.0
 - MIPI-CSI, MIPI-DSI
 - I2S

U-Boot boots chained from LK (LK implements the fastboot protocol) in
64-bit mode.

For detailed build instructions see readme.txt in the board directory.

Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
2018-01-15 16:29:02 -05:00
Jorge Ramirez-Ortiz
7c75f7f1b2 arm: mach-snapdragon: refactor clock driver
In preparation to add support for the Dragonboard820c (APQ8096),
refactor the current Snapdragon clock driver.

No new functionality has been added.

Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
2018-01-15 16:29:02 -05:00
Jorge Ramirez-Ortiz
1087a7942c env: enable accessing the environment in an EXT4 partition
For example to store the environment in a file named "/uboot.env" in MMC
"0", where partition "1" contains the EXT4 filesystem, the following
configs should be added to the board's default config:

  CONFIG_ENV_IS_IN_EXT4=y
  CONFIG_ENV_EXT4_DEVICE_AND_PART="0:1"
  CONFIG_ENV_EXT4_FILE="/uboot.env"
  CONFIG_ENV_EXT4_INTERFACE="mmc"

Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
[trini: Fix some line over 80 chars issues]
Signed-off-by: Tom Rini <trini@konsulko.com>
2018-01-15 16:28:57 -05:00
Rob Clark
f2006808f0 dm: core: parse chosen node
This is the node that would contain, for example, the framebuffer setup
by an earlier stage.

Signed-off-by: Rob Clark <robdclark@gmail.com>
2018-01-15 11:35:38 -05:00
Jorge Ramirez-Ortiz
42091fa9e8 poplar: configs: increase gunzip buffer size for the kernel
Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
2018-01-15 11:35:37 -05:00
Jorge Ramirez-Ortiz
210d959294 spmi: msm: display the PMIC Arb version (debug)
Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
2018-01-15 11:35:37 -05:00
Tom Rini
3dde8f2037 Merge git://git.denx.de/u-boot-mmc 2018-01-14 22:26:38 -05:00
Bryan O'Donoghue
9587b0d611 arm: imx: hab: Add hab_failsafe console command
hab_failsafe when called puts the part into BootROM recovery mode.
This will allow u-boot scripts to script the dropping down into recovery
mode.

=> hab_failsafe

Shows the i.MX7 appear as "hiddev0,hidraw5: USB HID v1.10 Device [Freescale
SemiConductor Inc  SP Blank ULT1] " in a Linux dmesg thus allowing download
of a new image via the BootROM USB download protocol routine.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
317956e82c arm: imx: hab: Implement hab_rvt_failsafe
This patch implements the basic callback hooks for
hab_rvt_check_failsafe for BootROM code using the older BootROM address
layout - in my test case the i.MX7. Code based on new BootROM callbacks
will just do nothing and there's definitely a TODO to implement that extra
functionality on the alternative BootROM API.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
aeae70fac5 arm: imx: hab: Define rvt_failsafe()
The hab_rvt_failsafe() callback according to the HABv4 documentation:

"This function provides a safe path when image authentication has failed
and all possible boot paths have been exhausted. It is intended for use by
post-ROM boot stage components, via the ROM Vector Table."

Once invoked the part will drop down to its BootROM USB recovery mode.
Should it be the case that the part is in secure boot mode - only an
appropriately signed binary will be accepted by the ROM and subsequently
executed.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
07eefaf16e arm: imx: hab: Make imx_hab_is_enabled global
It will be helpful to boot commands to know if the HAB is enabled. Export
imx_hab_is_enabled() now to facilitate further work with this data-point in
a secure-boot context.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
4467ae6c28 arm: imx: hab: Make authenticate_image() return zero on open boards
The BootROM will not successfully process a HAB image passed by u-boot
unless the board has been set into locked mode. Some of the existing usages
of authenticate_image() expect and rely on unlocked boards doing the
following

1. Not calling into the BootROM authenticate_image() callback
2. Returning a pass status for authenticate_image() calls anyway

A previous patch removed the necessity to call into imx_hab_is_enabled()
twice. This patch ensures the reliance on authenticate_image() returning
zero is maintained.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Suggested-by: Breno Matheus Lima <brenomatheus@gmail.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
e5b30e4ac1 arm: imx: hab: Rename is_hab_enabled imx_hab_is_enabled
Understanding if the HAB is enabled is something that we want to
interrogate and report on outside of the HAB layer. First step to that is
renaming the relevant function to match the previously introduced external
naming convention imx_hab_function()

The name imx_hab_is_hab_enabled() is a tautology. A more logical name is
imx_hab_is_enabled().

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
57f6548606 arm: imx: hab: Prefix authenticate_image with imx_hab
Tidy up the HAB namespace a bit by prefixing external functions with
imx_hab. All external facing functions past this point will be prefixed in
the same way to make the fact we are doing IMX HAB activities clear from
reading the code. authenticate_image() could mean anything
imx_hab_authenticate_image() is on the other hand very explicit.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
58bebfb753 arm: imx: hab: Make internal functions and data static
There is no need to export these functions and data structures externally.
Make them all static now.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
2c6c68d282 arm: imx: hab: Print HAB event log only after calling ROM
The current flow of authenticate_image() will print the HAB event log even
if we reject an element of the IVT header before ever calling into the ROM.
This can be confusing.

This patch changes the flow of the code so that the HAB event log is only
printed out if we have called into the ROM and received some sort of status
code.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Suggested-by: Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
b7c3cae7d3 arm: imx: hab: Add a hab_rvt_check_target to image auth
Add a hab_rvt_check_target() step to authenticate_image() as a sanity
check for the target memory region authenticate_image() will run over,
prior to making the BootROM authentication callback itself.

This check is recommended by the HAB documentation so it makes sense to
adhere to the guidance and perform that check as directed.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
c0a55b7344 arm: imx: hab: Implement hab_rvt_check_target
This patch implements the basic callback hooks for hab_rvt_check_target()
for BootROM code using the older BootROM address layout - in my test case
the i.MX7. Code based on new BootROM callbacks will just have HAB_SUCCESS
as a result code. Adding support for the new BootROM callbacks is a TODO.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
1addedadc4 arm: imx: hab: Define rvt_check_target()
The hab_rvt_check_target() callback according to the HABv4 documentation:

"This function reports whether or not a given target region is allowed for
 either peripheral configuration or image loading in memory. It is intended
 for use by post-ROM boot stage components, via the ROM Vector Table, in
 order to avoid configuring security-sensitive peripherals, or loading
 images over sensitive memory regions or outside recognized memory devices
 in the address map."

It is a useful function to support as a precursor to calling into
authenticate_image() to validate the target memory region is good.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
824ef302f3 arm: imx: hab: Print additional IVT elements during debug
This patch enables printout of the IVT entry, dcd and csf data fields.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
fd15fe5f84 arm: imx: hab: Print CSF based on IVT descriptor
The IVT gives the absolute address of the CSF. There is no requirement for
the CSF to be located adjacent to the IVT so lets use the address provided
in the IVT header instead of the hard-coded fixed CSF offset currently in
place.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
04099e9ced arm: imx: hab: Only call ROM once headers are verified
Previous patches added IVT header verification steps. We shouldn't call
hab_rvt_entry() until we have done the basic header verification steps.

This patch changes the time we make the hab_rvt_entry() call so that it
only takes place if we are happy with the IVT header sanity checks.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
e59eb9e00f arm: imx: hab: Verify IVT self matches calculated address
The IVT is a self-describing structure which contains a self field. The
self field is the absolute physical base address the IVT ought to be at in
memory. Use the IVT self field to validate the calculated ivt_addr bugging
out if the two values differ.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
49b6d05882 arm: imx: hab: Add IVT header verification
The IVT header contains a magic number, fixed length and one of two version
identifiers. Validate these settings before doing anything with a putative
IVT binary.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
cd2d46003c arm: imx: hab: Add IVT header definitions
The various i.MX BootROMs containing the High Assurance Boot (HAB) block
rely on a data structure called the Image Vector Table (IVT) to describe to
the BootROM where to locate various data-structures used by HAB during
authentication.

This patch adds a definition of the IVT header for use in later patches,
where we will break the current incorrect dependence on fixed offsets in
favour of an IVT described parsing of incoming binaries.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
c5800b2541 arm: imx: hab: Fix authenticate_image input parameters
u-boot command "hab_auth_img" tells a user that it takes

- addr - image hex address
- offset - hex offset of IVT in the image

but in fact the callback hab_auth_img makes to authenticate_image treats
the second 'offset' parameter as an image length.

Furthermore existing code requires the IVT header to be appended to the end
of the image which is not actually a requirement of HABv4.

This patch fixes this situation by

1: Adding a new parameter to hab_auth_img
   - addr   : image hex address
   - length : total length of the image
   - offset : offset of IVT from addr

2: Updates the existing call into authenticate_image() in
   arch/arm/mach-imx/spl.c:jump_to_image_no_args() to pass
   addr, length and IVT offset respectively.

This allows then hab_auth_img to actually operate the way it was specified
in the help text and should still allow existing code to work.

It has the added advantage that the IVT header doesn't have to be appended
to an image given to HAB - it can be prepended for example.

Note prepending the IVT is what u-boot will do when making an IVT for the
BootROM. It should be possible for u-boot properly authenticate images
made by mkimage via HAB.

This patch is the first step in making that happen subsequent patches will
focus on removing hard-coded offsets to the IVT, which again is not
mandated to live at the end of a .imx image.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
08a81cad2f arm: imx: hab: Move CSF_PAD_SIZE to hab.h
CSF_PAD_SIZE should be defined in hab.h, move it to that location now.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
191d8bd509 arm: imx: hab: Move IVT_SIZE to hab.h
The size of the IVT header should be defined in hab.h move it there now.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
53c8a510e7 arm: imx: hab: Optimise flow of authenticate_image on hab_entry fail
The current code disjoins an entire block of code on hab_entry pass/fail
resulting in a large chunk of authenticate_image being offset to the right.

Fix this by checking hab_entry() pass/failure and exiting the function
directly if in an error state.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
d2c61800fc arm: imx: hab: Optimise flow of authenticate_image on is_enabled fail
There is no need to call is_enabled() twice in authenticate_image - it does
nothing but add an additional layer of indentation.

We can check for is_enabled() at the start of the function and return the
result code directly.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
9535b3975f arm: imx: hab: Fix authenticate_image result code
authenticate_image returns 1 for success and 0 for failure. That result
code is mapped directly to the result code for the command line function
hab_auth_img - which means when hab_auth_img succeeds it is returning
CMD_RET_FAILURE (1) instead of CMD_RET_SUCCESS (0).

This patch fixes this behaviour by making authenticate_image() return 0 for
success and 1 for failure. Both users of authenticate_image() as a result
have some minimal churn. The upshot is once done when hab_auth_img is
called from the command line we set $? in the standard way for scripting
functions to act on.

Fixes: 36c1ca4d46 ("imx: Support i.MX6 High Assurance Boot
authentication")

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
adbb051f08 arm: imx: hab: Make authenticate_image return int
Both usages of authenticate_image treat the result code as a simple binary.
The command line usage of authenticate_image directly returns the result
code of authenticate_image as a success/failure code.

Right now when calling hab_auth_img and test the result code in a shell a
passing hab_auth_img will appear to the shell as a fail.

The first step in fixing this behaviour is to fix-up the result code return
by authenticate_image() itself, subsequent patches fix the interpretation
of authenticate_image so that zero will return CMD_RET_SUCCESS and non-zero
will return CMD_RET_FAILURE.

The first step is fixing the return type in authenticate_image() so do that
now.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Tom Rini
18af965798 Merge git://git.denx.de/u-boot-tegra 2018-01-12 14:18:34 -05:00
Stephen Warren
5fed97af20 Makefile: ensure DTB doesn't overflow into initial stack
With CONFIG_SYS_INIT_SP_BSS_OFFSET enabled, the initial (pre-relocation)
stack is placed some distance after bss_start. The control DTB is appended
to the U-Boot binary at bss_start. If the DTB is too large, or the SP BSS
offset too small, then the initial stack could corrupt the DTB. Enhance
the Makefile to check whether this is likely to occur.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2018-01-12 10:12:32 -07:00
Stephen Warren
e43effc1d8 ARM: Tegra: p2771-0000: use calculate env var feature
Request that all environment variables containing hard-coded address be
calculated at boot time instead.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2018-01-12 10:12:32 -07:00
Stephen Warren
026a8b96bd ARM: Tegra186: calculate load addresses at boot
In the presence of potentially fragemented memory, we cannot hard-code
addresses into environment variables such as kernel_addr_r. Instead, we
must calculate those addresses at run-time based on available memory
locations. Implement the code to perform such runtime calculation, based
on requirements described in environment variables, to allow the user
full control over the allocation.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2018-01-12 10:12:32 -07:00
Stephen Warren
cdcf55584e ARM: Tegra186: don't map memory not in RAM banks
Tegra186 currently restricts its DRAM usage to entries in the /memory node
in the DTB passed to it. However, the MMU configuration always maps the
entire first 2GB of RAM. This could allow the CPU to speculatively access
RAM that isn't part of the in-use banks. This patch switches to runtime
construction of the table that's used to construct the MMU translation
tables, and thus prevents access to RAM that's not part of a valid bank.

Note: This patch is intended to prevent access to RAM regions which U-Boot
does not need to access, with the primary purpose of avoiding theoretical
speculative access to physical regions for which the HW will throw errors
(e.g. carve-outs that the CPU has no permission to access at a bus level,
bad ECC pages, etc.). In particular, this patch is not deliberately
related to the speculation-related security issues that were recently
announced. The apparent similarity is a coincidence.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2018-01-12 10:12:32 -07:00