T4240RDB supports booting from 2 nor banks(default and altbank). The
corresponding defconfig can only have one entry defined and therefore,
extend cs4340_get_fw_addr() function to overwrite firmware address which
will be later used in cortina firmware.
Signed-off-by: Kuldeep Singh <kuldeep.singh@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
T2080RDB supports booting from 2 nor banks(default and altbank). The
corresponding defconfig can only have one entry defined and therefore,
extend cs4340_get_fw_addr() function to overwrite firmware address which
will be later used in cortina firmware.
Signed-off-by: Kuldeep Singh <kuldeep.singh@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
LS2088A-RDB supports TFA boot source and has 2 nor banks(default and
altbank) and QSPI as boot source. The corresponding defconfig can only
have one entry defined and therefore, extend cs4340_get_fw_addr()
function to overwrite firmware address which will be later used in
cortina firmware.
Signed-off-by: Kuldeep Singh <kuldeep.singh@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
Add support for boards supporting TFA boot separately in cortina
firmware. Please note, a weak function is defined to retrieve firmware
address values as CONFIG_CORTINA_FW_ADDR is now defined in defconfig and
can only have one possible value defined. This weak function will help
in overwrting the values to get proper addresses as per boot source.
Signed-off-by: Kuldeep Singh <kuldeep.singh@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
Use moveconfig.py script to convert below defines to Kconfig and move
these entries to defconfigs.
CONFIG_CORTINA_FW_ADDR
CONFIG_CORTINA_FW_LENGTH
Signed-off-by: Kuldeep Singh <kuldeep.singh@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
Add PHY_CORTINA as default option in SYS_MMC_ENV_DEV Kconfig entry as
PHY_CORTINA require SYS_MMC_ENV_DEV value similar to FMAN_ENET or QE.
This helps in resolving compilation failure.
Signed-off-by: Kuldeep Singh <kuldeep.singh@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
NXP platforms expect custom bootcmd and mcinitcmd to be
updated as per boot source with default environment.
Check env variable fsl_bootcmd_mcinitcmd_set to prepare
bootcmd and mcinitcmd
Fixes: cbf77d2018 (armv8: fsl-layerscape: Fix automatic
setting of bootmcd with TF-A)
Signed-off-by: Wasim Khan <wasim.khan@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
Free dynamically allocated memory before every return statement
in calc_img_key_hash() and calc_esbchdr_esbc_hash() function.
Verified the secure boot changes using ls1046afrwy board.
Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
Starting with board revision D, the MISCCSR CPLD register needs to be
configured to enable Power-on Reset for software reset commands.
Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
LX2160A-RDB/QDS has micron mt35xu512aba flash which requires flag
CONFIG_SPI_FLASH_MT35XU on to probe flash successfully.
Signed-off-by: Kuldeep Singh <kuldeep.singh@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
This board doesn't use the MTD subsystem in u-boot, thus there is no
need to specify the partitions. They are outdated anyway. Just drop
them.
Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
This symbol was largely migrated, except for one case. Update it.
Cc: Priyanka Jain <priyanka.jain@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
Import linux commit 007773e16a6f ("spi: nxp-fspi: Ensure width is
respected in spi-mem operations") to fix SPI access on boards which
don't have all SPI I/O lines connected to the flash.
Since commit 71025f013c ("mtd: spi-nor-core: Rework hwcaps selection")
u-boot figures out the capabilities by looking at spi_mem_supports_op().
The FlexSPI driver doesn't take the board layout into account. Fix that.
Fixes: 383fded70c ("spi: nxp_fspi: new driver for the FlexSPI controller")
Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Pratyush Yadav <p.yadav@ti.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
The USB recovery mode is used by Toradex to load the Toradex Easy
Installer image which supports further system images installation.
Prepare for loading and launching the Toradex Easy Installer if the
USB Recovery mode is activated.
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
Highlights:
- Handle TF-A boot with FIP for STM32MP1
- Fix board_get_usable_ram_top(0) for STM32MP1
- DT alignement with kernel v5.14 for STM32MP1
- SPI-NOR DT update for DHSOM
- Add UCLASS API for ECDSA singnature and implement it for STM32MP1
This test verifies that ECDSA_UCLASS is implemented, and that
ecdsa_verify() works as expected. The definition of "expected" is
"does not find a device, and returns -ENODEV".
The lack of a hardware-independent ECDSA implementation prevents us
from having one in the sandbox, for now.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
FIT signatures can now be implemented with ECDSA. The assumption that
all FIT images are signed with RSA is no longer valid. Thus, instead
of 'select'ing RSA, only 'imply' it. This doesn't change the defaults,
but allows one to explicitly disable RSA support.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
The STM32MP ROM provides several service. One of them is the ability
to verify ecdsa256 signatures. Hook the ROM API into the ECDSA uclass.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Implement the crypto_algo .verify() function for ecdsa256. Because
it backends on UCLASS_ECDSA, this change is focused on parsing the
keys from devicetree and passing this information to the specific
UCLASS driver.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Define a UCLASS API for verifying ECDSA signatures. Unlike
UCLASS_MOD_EXP, which focuses strictly on modular exponentiation,
the ECDSA class focuses on verification. This is done so that it
better aligns with mach-specific implementations, such as stm32mp.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
The SPI NOR is a bit further away from the SoC on DHCOR than on DHCOM,
which causes additional signal delay. At 108 MHz, this delay triggers
a sporadic issue where the first bit of RX data is not received by the
QSPI controller.
There are two options of addressing this problem, either by using the
DLYB block to compensate the extra delay, or by reducing the QSPI bus
clock frequency. The former requires calibration and that is overly
complex for SPL, so opt for the second option. This incurs 20ms delay
during boot, when SPL loads U-Boot to DRAM.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Patrice Chotard <patrice.chotard@foss.st.com>
Cc: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
The DHSOM SPI NOR is using 4k erase blocks, make use of it
and define the default environment sector size to 4k.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Patrice Chotard <patrice.chotard@foss.st.com>
Cc: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Device tree alignment with Linux kernel v5.14-rc3
- ARM: dts: stm32: move stmmac axi config in ethernet node on stm32mp15
- ARM: dts: stm32: Configure qspi's mdma transfer to block for stm32mp151
- ARM: dts: stm32: add a new DCMI pins group on stm32mp15
- ARM: dts: stm32: fix ltdc pinctrl on microdev2.0-of7
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
The function board_get_usable_ram_top can be called after relocation
with total_size = 0 to get the uppermost pointer that is valid to access
in U-Boot.
When total_size = 0, the reserved memory should be not take in account
with lmb library and 'gd->ram_base + gd->ram_size' can be used.
It is the case today in lib/efi_loader/efi_memory.c:efi_add_known_memory()
and this patch avoids that the reserved memory for OP-TEE is not part of
the EFI available memory regions.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
The MTD tee partitions used to save the OP-TEE binary are needed when
TF-A doesn't use the FIP container to load binaries.
This patch puts under CONFIG_STM32MP15x_STM32IMAGE flag the associated
code in U-Boot binary and prepare the code cleanup when
CONFIG_STM32MP15x_STM32IMAGE support will be removed after TF-A migration
to FIP support.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
TF-A for STM32MP15 now supports the FIP: it is a packaging format which
includes the secure monitor, u-boot-nodtb.bin and u-boot.dtb
This FIP file is loaded by FSBL = TF-A BL2.
This patch updates the board documentation to use this FIP file and no
more u-boot.stm32 (with STM32 image header) which is no more generated.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Add TF-A FIP support for trusted boot on STM32MP15x,
when STM32MP15x_STM32IMAGE is not activated.
With FIP support the SSBL partition is named "fip" and its size is 4MB,
so the ENV partition name in device tree (for SD card or eMMC)
or offset in defconfig (CONFIG_ENV_OFFSET / CONFIG_ENV_OFFSET_REDUND)
need to be modified.
With FIP the TEE MTD partitions are removed because the OP-TEE binray are
included in the FIP containers.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
With FIP support in TF-A (when CONFIG_STM32MP15x_STM32IMAGE
is not activated), the DT nodes needed by OP-TEE are added by OP-TEE
firmware in U-Boot device tree, present in FIP.
These nodes are only required in trusted boot, when TF-A load the file
u-boot.stm32, including the U-Boot device tree with STM32IMAGE header,
in this case OP-TEE can't update the U-Boot device tree.
Moreover in trusted boot mode with FIP, as the OP-TEE nodes are present
in U-Boot device tree only when needed the function
stm32_fdt_disable_optee can be removed.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
By default for trusted boot with TF-A, U-Boot (u-boot-nodtb)
is located in FIP container with its device tree and with
the secure monitor (provided by TF-A or OP-TEE).
The FIP file is loaded by TF-A BL2 and each components is
extracted at the final location.
This patch add CONFIG_STM32MP15x_STM32IMAGE to request the
STM32 image generation for SOC STM32MP15x
when FIP container is not used (u-boot.stm32 is loaded by TF-A
as done previously to keep the backward compatibility).
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Add the support of the BSEC clock used by the STM32MP misc driver
since the commit 622c956cad ("stm32mp: bsec: manage clock when present
in device tree") even if this clock is not yet defined in kernel device
tree stm32mp151.dtsi.
This patch avoids issue for basic boot when this secure clock are not
provided by secure world with SCMI.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Documentation:
* Require Sphinx >= 2.4.4 for 'make htmldocs'
* Move devicetree documentation to restructured text and update it
* Document stm32mp1 devicetree bindings
UEFI
* Extend measurement to UEFI variables and ExitBootServices()
* Support Uri() node in devicetree to text protocol
* Add Linux magic token to RISC-V EFI test binaries
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmEYlbcACgkQxIHbvCwF
GsRP6g/8C1HWK4ZKJspHBt3ib09XwiJHTTVym//Crqo1+J32scS32Uktx6PvOODD
axmE60cSblDKL3+1uVRMRF2rEGta3pjYyPe/ie7VhqvFU5c7BxHbBSAe0fKTXWtR
7DVFKn4f0Yv1k3MD/WV/3L9LXEJeOC+UHANNUYfQsuC42kPhq3wZTrHJdJeqr2R3
VBaxk/xpMXsHkMZF+xmhPd6BtaYC6CMw57HHRYlKCOZbIYaV/ncdR1/am2/Yx+cF
w9hPVStZynp0E6oykbNiClIrpg7XknkS6Pf70UC9ZbX2mc3vOoXf/ZfC0Wgx/aBf
ifIszIKXlhHY/1bzwR6hLP8TjOGKZzF/rjgF95N8KJWVccyYWYbyO30WTvFmD4/D
LXd0hH2olXGE8ZumvWtyHuHTel6kO4FVn1Wk+symofH8Wsj29o0ZjvhJoCgQRu4+
Ngm3JMVcO7DCkPc+tCCahZL1N06qdsUg2d7j/uM/M92A/X3lkUMRP2HsySHuE7Gg
3Oc3hcazauxiz0gygAWFGbGqs9wrPnkPcRsrn8cQkjyK9a4JVsJfjUwKO3ZvTjVr
ID24pQhEeim0elDOaOCxceCoes3zIgVAW058r3/jN+MaCSzIIWEG9plPIdvAejGi
SjNYK+aWnoWrAVG6rsXO+EhWj49qekvB4XKSb3JV1Z9KP9WAN7E=
=GyC+
-----END PGP SIGNATURE-----
Merge tag 'efi-2021-10-rc2-2' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2021-10-rc2-2
Documentation:
* Require Sphinx >= 2.4.4 for 'make htmldocs'
* Move devicetree documentation to restructured text and update it
* Document stm32mp1 devicetree bindings
UEFI
* Extend measurement to UEFI variables and ExitBootServices()
* Support Uri() node in devicetree to text protocol
* Add Linux magic token to RISC-V EFI test binaries
Refactor efi_append_scrtm_version() to use common
function for adding eventlog and extending PCR.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
TCG PC Client PFP spec requires to measure
"Exit Boot Services Invocation" if ExitBootServices() is invoked.
Depending upon the return code from the ExitBootServices() call,
"Exit Boot Services Returned with Success" or "Exit Boot Services
Returned with Failure" is also measured.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Swap two ifs in efi_exit_boot_services().
efi_tcg2_notify_exit_boot_services must have EFIAPI signature.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
TCG PC Client PFP spec requires to measure "Boot####"
and "BootOrder" variables, EV_SEPARATOR event prior
to the Ready to Boot invocation.
Since u-boot does not implement Ready to Boot event,
these measurements are performed when efi_start_image() is called.
TCG spec also requires to measure "Calling EFI Application from
Boot Option" for each boot attempt, and "Returning from EFI
Application from Boot Option" if a boot device returns control
back to the Boot Manager.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
TCG PC Client PFP spec requires to measure the secure
boot policy before validating the UEFI image.
This commit adds the secure boot variable measurement
of "SecureBoot", "PK", "KEK", "db", "dbx", "dbt", and "dbr".
Note that this implementation assumes that secure boot
variables are pre-configured and not be set/updated in runtime.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Add the Linux magic to the EFI file header to allow running our test
programs with GRUB's linux command.
MajorImageVersion = 1 indicates a kernel that can consume the
EFI_LOAD_FILE2_PROTOCOL. This allows to dump the GRUB provided intird with
our initrddump.efi tool.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
iPXE used Uri() device path nodes. So we should support them in the
device path to text protocol.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
With device tree binding migration to yaml it is difficult to synchronize
the binding from Linux kernel to U-Boot.
Instead of maintaining the same dt bindings, this patch adds in the U-Boot
documentation the path to the device tree bindings in Linux kernel for
STMicroelectronics devices, when they are used without modification.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com>
Add links for referenced text files.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This question comes up every now and then with people coming from Linux.
Add some notes about it so we can point to it in the mailing list.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This file is about 10 years old and the updates have not covered
everything that has changed, particularly in the last few years. Update
the information and add mention of the u-boot.dtsi files.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fix typos.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Move this to rST format, largely unchanged to start with. Add an index
for this topic, as well as an empty intro.
Note this patch does not include updates! Is it just a conversion to the
new format. See the next patch.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchart <xypron.glpk@gmx.de>
Adjust the Latex formatting to match Linux v5.13.1:
* add Latex margins
* reformat the code in doc/conf.py to match Linux
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Now that the spi-nor fix has been made in u-boot/master via:
commit 87e7219f9c ("mtd: spi-nor: Respect flash's hwcaps in spi_nor_adjust_hwcaps()")
enable CONFIG_SPI_FLASH_SMART_HWCAPS on Intel Crown Bay again.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Update SeaBIOS build instructions using exact command that involves
"make olddefconfig", and mention SeaBIOS release 1.14.0 has been
used for testing.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
