Add some SOC level codes and build configurations to use HAB lib for
CONFIG_IMX_HAB (secure boot), like adding the SEC_CONFIG fuse, enable
fuse driver, CAAM clock function, and add CAAM secure RAM to MMU table.
The FSL_CAAM is temporally not enabled for iMX8M when CONFIG_IMX_HAB is set,
because we don't need the CAAM driver for SPL.
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The imx8mm has changed the address of rvt_hab, use new address for imx8mm.
The authentication procedure is same as imx8mq. In u-boot, the authentication
uses SIP call to trap ATF to run HAB authenticate.
Users need to add CONFIG_SECURE_BOOT=y to defconfig to enable the feature.
Signed-off-by: Ye Li <ye.li@nxp.com>
Acked-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
When building 32-bit targets with CONFIG_SECURE_BOOT and DEBUG enabled
the following warnings are displayed:
arch/arm/mach-imx/hab.c:840:41: warning: format '%lx' expects argument \
of type 'long unsigned int', but argument 3 has type 'uint32_t \
{aka unsigned int}' [-Wformat=]
printf("HAB check target 0x%08x-0x%08lx fail\n",
~~~~^
%08x
ddr_start, ddr_start + bytes);
arch/arm/mach-imx/hab.c:845:45: warning: format '%x' expects argument \
of type 'unsigned int', but argument 3 has type 'ulong \
{aka long unsigned int}' [-Wformat=]
printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr);
~^
%lx
Fix warnings by providing the correct data type.
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
When booting in low power or dual boot modes the M4 binary is
authenticated by the M4 ROM code.
Add an option in hab_status command so users can retrieve M4 HAB
failure and warning events.
=> hab_status m4
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!
Add command documentation in mx6_mx7_secure_boot.txt guide.
As HAB M4 API cannot be called from A7 core the code is parsing
the M4 HAB persistent memory region. The HAB persistent memory
stores HAB events, public keys and others HAB related information.
The HAB persistent memory region addresses and sizes can be found
in AN12263 "HABv4 RVT Guidelines and Recommendations".
Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The HABv4 implementation in ROM checks if HAB major version
in IVT header is 4.x.
The current implementation in hab.c code is only validating
HAB v4.0 and HAB v4.1 and may be incompatible with newer
HABv4 versions.
Modify verify_ivt_header() function to align with HABv4
implementation in ROM code.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Add ability for hab_status command to show All HAB events and not just
HAB failure events
Signed-off-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Currently it's not possible to authenticate additional boot images in HAB
open configuration.
The hab.c code is checking if the SEC_CONFIG[1] fuse is programmed prior
to calling the hab_authenticate_image() API function. Users cannot check
if their additional boot images has been correctly signed prior to closing
their device.
Enable hab.c to authenticate additional boot images in open mode so HAB
events can be retrieved through get_hab_status() function.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Modify to use hab_rvt_failsafe function for failsafe ROM API, not
directly call its ROM address. This function will wrap the sip call for iMX8M
platforms.
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Calling csf_is_valid() with an un-signed image may lead to data abort
as the CSF pointer could be pointing to a garbage address when accessed
in HAB_HDR_LEN(*(const struct hab_hdr *)(ulong)ivt_initial->csf).
Authenticate image from DDR location 0x80800000...
Check CSF for Write Data command before authenticating image
data abort
pc : [<fff5494c>] lr : [<fff54910>]
reloc pc : [<8780294c>] lr : [<87802910>]
sp : fdf45dc8 ip : 00000214 fp : 00000000
r10: fffb6170 r9 : fdf4fec0 r8 : 00722020
r7 : 80f20000 r6 : 80800000 r5 : 80800000 r4 : 00720000
r3 : 17a5aca3 r2 : 00000000 r1 : 80f2201f r0 : 00000019
Flags: NzcV IRQs off FIQs off Mode SVC_32
Resetting CPU ...
resetting ...
To avoid such errors during authentication process, validate IVT structure
by calling validate_ivt function which checks the following values in an IVT:
IVT_HEADER = 0x4X2000D1
ENTRY != 0x0
RES1 = 0x0
DCD = 0x0 /* Recommended */
SELF != 0x0 /* Absoulute address of IVT */
CSF != 0x0
RES2 = 0x0
This commit also checks if Image's start address is 4 byte aligned.
commit "0088d127 MLK-14945 HAB: Check if IVT valid before authenticating image"
removed as this patch addresses the issue.
Signed-off-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
There are some changes to support ARM64 i.MX8M platform in this patches:
1. The hab_rvt base and function vectors are different as i.MX6/7
2. Need to bypass an workaround for i.MX6 to fix problem in MMU.
3. The x18 register needed save & restore before calling any HAB API. According
to ARM procedure call spec, the x18 is caller saved when it is used as
temporary register. So calling HAB API may scratch this register, and
cause crash once accessing the gd pointer.
On ARMv7, the r9 is callee saved when it is used as variable register. So
no need to save & restore it.
4. Add SEC_CONFIG fuse for iMX8M
When current EL is not EL3, the direct calling to HAB will fail because
CAAM/SNVS can't initialize at non-secure mode. In this case, we use
SIP call to run the HAB in ATF.
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
When loading kernel image, the image size is parsed from header, so it
does not include the CSF and IVT.
Add back the authenticate_image function to wrap the imx_hab_authenticate_image
with calculating IVT offset and full image size.
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Prior instantiating RNG we have to ensure if the CAAM job rings are
available. Avoid hardcoded job ring max size and use the definition at
fsl_sec.h
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Prior calling sec_in32() we have to ensure CAAM clock is enabled, the
function sec_in32() is reading CAAM registers and if CAAM clock is disabled
the system will hang.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The CAAM output ring size register offset is currently defined in fsl_sec.h
as FSL_CAAM_ORSR_JRa_OFFSET, use this definition to avoid hardcoded value in
i.MX common code.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
This code was originally developed by Raul Cardenas <raul.casas@nxp.com>
and modified to be applied in U-Boot imx_v2017.03.
More information about the initial submission can be seen
in the link below:
https://lists.denx.de/pipermail/u-boot/2016-February/245273.html
i.MX7D has an a protection feature for Manufacturing process.
This feature uses asymmetric encryption to sign and verify
authenticated software handled between parties. This command
enables the use of such feature.
The private key is unique and generated once per device.
And it is stored in secure memory and only accessible by CAAM.
Therefore, the public key generation and signature functions
are the only functions available for the user.
The manufacturing-protection authentication process can be used to
authenticate the chip to the OEM's server.
Command usage:
Print the public key for the device.
- mfgprot pubk
Generates Signature over given data.
- mfgprot sign <data_address> <data_size>
Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
i.MX8MQ B2 is using same value in OCOTP_READ_FUSE_DATA like B1, so
we have to check the ROM verision to distinguish the revision.
As we have checked the B1 rev for sticky bits work around in
secure boot. So it won't apply on B2.
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The value of Unique ID in uboot and kernel is different for iMX8MP:
serial#=02e1444a0002aaff
root@imx8mpevk:/sys/devices/soc0# cat soc_uid
D699300002E1444A
The reason is that Fuse Addresses of Unique ID of iMX8MP are 0x420 and
0x430.
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Alice Guo <alice.guo@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
For dual core and single core iMX8M parts, the thermal node and PMU node
in kernel DTB also needs update to remove the refers to deleted core nodes.
Otherwise both driver will fail to work.
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
There are 3 part numbers for 11x11 i.MX8MNano with different core number
configuration: UltraLite Quad/Dual/Solo
Comparing with i.MX8MN Lite parts, they have MIPI DSI disabled. So
checking the MIPI DSI disable fuse to recognize these parts.
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Add dedicated defconfigs for iMX8MN low drive mode which set the VDD_SOC
and VDD_DRAM to 0.8v, DDR at 1600MTS (800Mhz clock) and GPU at 200Mhz.
Signed-off-by: Ye Li <ye.li@nxp.com>
Acked-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Add support for iMX8MN LPDDR4 EVK board which uses 2GB LPDDR4 and
PCA9450B PMIC.
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Update hwpartition usage
Check bootbus's arguments
workaround for erratum A-011334 for fsl_esdhc driver
add pulse width detection workaround for fsl_esdhc driver
Use alias num before checking mmc index when creating device
HS400 mode on the LS1028A SoC isn't reliable. The linux driver has a
workaroung for the pulse width detection. Apply this workaround in
u-boot, too.
This will make HS400 mode work reliably on the LS1028A SoC.
Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
LS1028A SoCs are restricted in what divider values are allowed for HS400
mode. This is basically a port from the corresponding linux driver.
Signed-off-by: Michael Walle <michael@walle.cc>
The static ethernet link type config code is no more needed because now handled by
the meson8b glue driver, delete it.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
The ethernet memory power domain is handled by the meson-ee-pwrc driver,
delete the static code.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Trusted Firmware now adds the /reserved-memory subnode to the DT at
runtime[1], putting in the right values.
Drop our hard-coded version, as this might clash with the actual values
(which have also changed), and rely on TF-A to add the node.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/7770
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Jagan Teki <jagan@amarulasolutions.com>
Loading Trusted-Firmware's BL31 at 16KB into DRAM was originally a hack
to allow sharing more code with the other SoCs (which use this offset
in SRAM). However there is no longer a reason for that, as the
problematic macros have been properly separated there.
The latest (and hopefully final) TF-A code drop now changes the load
address to the beginning of DRAM, which is also more easily protected
by the Trustzone memory controller (code to be done).
Adjust the load address of BL31 now, to avoid any issues with
incompatible versions later on (the TF-A patches are about to be merged).
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Samuel Holland <samuel@sholland.org>
-----BEGIN PGP SIGNATURE-----
iQFQBAABCgA6FiEEqxhEmNJ6d7ZdeFLIHrMeAg6sL8gFAmBi3oscHGV1Z2VuLmhy
aXN0ZXZAbWljcm9jaGlwLmNvbQAKCRAesx4CDqwvyKr+CACDQJT4hGCDwc7XFjOw
RN0aGRC6eGF4q3kL4VjBazCM1SBNs3vdVZV+bnYl3ioSNzy43K7CyFqqUlJH7CJV
dakvNn71xVoQD3Xw3+I4ALibbD/tlli4vwMOeN4KlWCIdNrRrtUOQpli0M0BVDkL
0IWMDf6OLAfw1uytubsQBVitFBQoiuE3ihSphoyTOFwQdI+xsMue5uVq+O0kDqU4
gotBzmoSq5LONyNSdpHxXqujU4oXkuOr/TsVTOoRtEkQ63zVbfNWOg951is+UaHa
F7f6W+cWdlb+HBs6TFb+Gva0TMmyWIH05jyIS52k6uFVM0tyFCOJFeZp81cjPP4L
O3KI
=ywRG
-----END PGP SIGNATURE-----
Merge tag 'u-boot-atmel-2021.07-a' of https://source.denx.de/u-boot/custodians/u-boot-atmel into next
First set of u-boot-atmel features for 2021.07 cycle:
This small feature set includes the implementation of the slew rate for
the PIO4 pin controller device, and a fix for arm926ejs-based
microprocessors that avoids a crash.
There are several changes which happen in mainline kernel which should get
also to U-Boot. Here is the list of patches from the kernel:
- ARM: zynq: Fix leds subnode name for zc702/zybo-z7
- arm64: dts: zynqmp: Fix leds subnode name for zcu100/ultra96 v1
- arm64: dts: zynqmp: Fix u48 si5382 chip on zcu111
- arm64: dts: zynqmp: Wire up the DisplayPort subsystem
- arm64: dts: zynqmp: Add DisplayPort subsystem
- arm64: dts: zynqmp: Add DPDMA node
- arm64: dts: zynqmp: Enable phy driver for Sata on zcu102/zcu104/zcu106
- arm64: dts: zynqmp: Enable si5341 driver for zcu102/106/111
- arm64: dts: zynqmp: Add DT description for si5328 for zcu102/zcu106
- arm64: dts: zynqmp-zcu100-revC: correct interrupt flags
- arm64: dts: xilinx: align GPIO hog names with dtschema
- arm64: zynqmp: Add Xilinx AES node
- dt: bindings: dma: xilinx: dpdma: DT bindings for Xilinx DPDMA
but also some other changes have been done.
- Using only one compatible string for adxl345 on zturn
- Remove Xilinx internal DP bindings
- Remove USB3.0 serdes configurations
- Remove SATA serdes configuration for zc1232
- Resort nvmem_firmware
- Update nand compatible string
- Aling power-domains property for sd0/1
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
In zynqmp.dtsi file renamed "clk_sys" clock to "controller" and
"clk_flash" clock to "bus" as per upstreamed Arasan NAND driver.
This fixes NAND driver probe failure.
Signed-off-by: Amit Kumar Mahapatra <amit.kumar-mahapatra@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Update the following device tree properties for nand flash
- Set software ecc mode.
- Set bch as ecc algo.
- Set read block to 0.
Signed-off-by: Amit Kumar Mahapatra <amit.kumar-mahapatra@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
EMMC will have bus-width 8 and it is non-removable in general. These
are missing from dt node. Add bus-width and non-removable parameters
to emmc node.
Signed-off-by: Ashok Reddy Soma <ashok.reddy.soma@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Add initial support for NanoPi M4B, a minor revision of
the original NanoPi M4.
Commit details of rk3399-nanopi-m4b.dts sync from Linux 5.12-rc4:
"arm64: dts: rockchip: Add NanoPi M4B board"
(sha1: c7b03115003f7f337ab165542cee37148cf30a8a)
Signed-off-by: Alexandre Vicenzi <alexandre.vicenzi@suse.com>
Reviewed-by: Kever Yang <kever.yang@rock-cihps.com>
NanoPi R4s is SBC base on Rockchip RK3399 hexa-core processor with
dual-Core Cortex-A72 and Mali-T864 GPU with 4GiB(LPDDR4) of RAM, SD card support,
including 2 gigabit ethernet(RTL8211E 1Gbps - RTL8111H 1Gbps) and 2 USB 3.0 port.
port.It also has two GPIO headers which allows further peripherals to be used.
The devicetree file is taken of the rk3399 nanopi4 Linux kernel [1].
[1] e7a0959082
Signed-off-by: xiaobo <peterwillcn@gmail.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
A commit from last year re-imported the DTS files form the upstream kernel.
By doing so the VDD_LOG regulator in the board's DTS was dropped.
Let's restore this, but move it into the u-boot overlay to prevent this
issue in the future.
Fixes: 167efc2c7a ("arm64: dts: rk3399: Sync v5.7-rc1 from Linux")
Signed-off-by: Christoph Muellner <christoph.muellner@theobroma-systems.com>
Reviewed-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
This brings the actual rk3368-lion devicetree files from Linux 5.10
instead of using something separate.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
This is the state as of v5.10 + the recently added timer0 phandle
targetted at the 5.12 merge window.
With this the non-mainline nodes like the dmc move to a separate
rk3368-u-boot.dtsi that is included from the board-specific
-u-boot.dtsi files, similar to how rk3399 does this.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
With the STACK_R_ADDR at 0x600000 (6MB) we're competing with
with the loading address of either u-boot or atf parts, so move
that away to 0x4000000 (64MB) similar to rk3399.
Only lion currently sets that at all but not sheep the second
rk3368 board, so just move that to the Kconfig for rk3368 similar
to rk3399 as well.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
To prevent running out of memory, increase SYS_MALLOC_F_LEN to 0x4000
similar to what rk3399 uses.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>