Obtain from TAMP backup register information about image authorization
status and partition id used for booting. Store this info in
environmental variables ("boot_auth" and "boot_part" correspondingly).
Image authorization supported values:
0x0 - No authentication done
0x1 - Authentication done and failed
0x2 - Authentication done and succeeded
These values are stored to TAMP backup register by Trusted Firmware-A [1].
Testing:
STM32MP> print boot_part
boot_part=1
STM32MP> print boot_auth
boot_auth=2
[1] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?h=refs/heads/integration&id=ab2b325c1ab895e626d4e11a9f26b9e7c968f8d8
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Co-developed-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
While 23e20b2fa6 ("arm: stm32mp: Fix compilation issue when
SYS_DCACHE_OFF and/or SYS_DCACHE_SYS are enabled") tried fixing
this issue, fix it really by adding #if checks for SYS_ICACHE_OFF
and SYS_DCACHE_OFF.
Cc: Patrice Chotard <patrice.chotard@foss.st.com>
Cc: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Bhupesh Sharma <bhupesh.sharma@linaro.org>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
This old patch was marked as deferred. Bring it back to life, to continue
towards the removal of common.h
Move this out of the common header and include it only where needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
In all these cases, the index on the LHS is immediately afterwards
used to access the array appearing in the ARRAY_SIZE() on the RHS - so
if that index is equal to the array size, we'll access
one-past-the-end of the array.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
The ROM API table pointer is no longer accessible from U-Boot, fix
this by passing the ROM API pointer through. This makes it possible
for U-Boot to call ROM API functions to authenticate payload like
signed fitImages.
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Marek Vasut <marex@denx.de>
The STM32MP15xx platform currently comes with two incompatible
implementations of save_boot_params() weak function override.
Factor the save_boot_params() implementation into common cpu.c
code and provide accessors to read out both ROM API table address
and DT address from any place in the code instead.
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Marek Vasut <marex@denx.de>
Add support of several MAC address in OTP (3 32bits OTP word for
2 MAC address) for SOCs in STM32MP13x family: STM32MP133 and STM32MP135.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Introduce the code in mach-stm32mp and the configuration file
stm32mp13_defconfig for the new STM32MP family.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Move code and defines only needed for CONFIG_STM32MP15x in stm32mp15x.c
when low level init without TFABOOT is supported.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
As the get_otp() helper function in bsec are common for all STM32MP family,
move this function in bsec driver
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Handle correctly the silicon revision = REV_ID[15:0] of Device Version
and the associated device marking, A to Z on STMicroelectronics STM32MP
SOCs.
This patch prepare the introduction of next STM32MP family,
with STM32MP13x Rev.Z for REV_ID = 1.1.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com>
We should avoid #ifdef in C modules and the unused functions
are eliminated by the linker.
Use the more readable IS_ENABLE() instead.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
In some part of STM32MP15 support the CONFIG_TFABOOT can be replaced
by other config: CONFIG_ARMV7_PSCI and CONFIG_ARM_SMCCC.
This patch also simplifies the code in cpu.c, stm32mp1_ram.c and
clk_stml32mp1.c as execution of U-Boot in sysram (boot without SPL and
without TFA) is not supported: the associated initialization code is
present only in SPL.
This cleanup patch is a preliminary step to support SPL load of OP-TEE
in secure world, with SPL in secure world and U-Boot in no-secure world.
Reported-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Currently the upper OTP (after 57) are shadowed in U-Boot proper,
when TFABOOT is not used.
This choice cause an issue when U-Boot is not executed after SPL,
so this BSEC initialization is moved in SPL and no more executed in U-Boot,
so it is still executed only one time.
After this patch this BSEC initialization is done in FSBL: SPL or TF-A.
To force this initialization in all the case, the probe of the BSEC
driver is forced in SPL in the arch st32mp function: spl_board_init().
Even if today BSEC driver is already probed in STM32MP15x clock driver
clk_stm32mp1.c because get_cpu_type() is called in
stm32mp1_get_max_opp_freq() function.
Reported-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
When the TAMP register 20 have an invalid value (0x0 for example after
TAMPER error) the "boot_device" U-Boot env variable have no value and
no error is displayed in U-Boot log.
The STM32MP boot command bootcmd_stm32mp failed with strange trace:
"Boot over !"
and the next command in bootcmd_stm32mp failed with few indication:
if test ${boot_device} = serial || test ${boot_device} = usb;
then stm32prog ${boot_device} ${boot_instance};
As it is difficult to investigate, the current patch avoids this issue:
- change the debug message to error: "unexpected boot mode" is displayed
- display trace "Boot over invalid!" in bootcmd_stm32mp
- execute "run distro_bootcmd" to try all the possible target
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Use the device sequence number in boot_instance variable
and no more the SDMMC instance provided by ROM code/TF-A.
After this patch we don't need to define the mmc alias in
device tree, for example:
mmc0 = &sdmmc1;
mmc1 = &sdmmc2;
mmc2 = &sdmmc3;
to have a correct mapping between the ROM code boot device =
"${boot_device}${boot_instance}" and the MMC device in U-Boot.
With this patch the 'mmc0' device (used in mmc commands) is
always used when only one instance sdmmc is activated in device
tree, even if it is only the sdmmc2 or sdmmc3.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
No more map the reserved region with "no-map" property by marking
the corresponding TLB entries with invalid entry (=0) to avoid
speculative access.
The device tree parsing done in lmb_init_and_reserve() takes a
long time when it is executed without data cache, so it is called in
enable_caches() before to disable it.
This patch fixes an issue where predictive read access on secure DDR
OP-TEE reserved area are caught by firewall.
Series-cc: marex
Series-cc: pch
Series-cc: marek.bykowski@gmail.com
Series-cc: Ard Biesheuvel <ardb@kernel.org>
Series-cc: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Add Engicam i.Core STM32MP1 SoM
Add FIP header support for STM32programmer
Update uart number when no serial device found for STM32MP1
Remove board_check_usb_power function when ADC flag is not set
Update SPL size limitation for STM32MP1
Set soc_type, soc_pkg, soc_rev env variables for STM32MP1
-----BEGIN PGP SIGNATURE-----
iQJQBAABCgA6FiEEXyrViUccKBz9c35Jysd4L3sz/6YFAmBwTr0cHHBhdHJpY2Uu
Y2hvdGFyZEBmb3NzLnN0LmNvbQAKCRDKx3gvezP/plSwD/9SAhxTYqAblFZqZmJj
Lu+F5fwuXXd8S5LwqNeIKULv+UhJngClkE4HdjSl6T0yR10v6YkPNRDVj4+1gzBd
wZizmCsnqqDW0QGsTO5AVo+oTwhX4RHkvxEF7BjOqtVuoMZGiozE53+29QORHTnZ
+j8CYAeORf9wvGAi5y+Wr8ICqP6HwPJPNlta4S8iYC867BM38R9evBqynlaZaWPE
8FhaXwbAj9ZR9ifCiO+7ObgfXGDT63ejCecjE+539m3FWlBrn+/AWLsg4zF037Dw
DcV324pnVFP4AIOVsuc9hF7luAYctoXQcNHt1QbD3gmWqPQAgpH8Llfq5cMyudza
/m/112Y7fuLxO3F14DzZSj5l3ims0XG56Yg7zBwN6exDPr3iWA4UwTSH9lRJDnBq
aJyvLfAFAvz+X15oePjrQrVp7c+6MigeY2nmhVCWV53Yrl+/TnnekQXlHJ3TsHED
bPW5/LarLge18uACTZvLzYruIvDSU3INPP1W0vUu7YMDwuEp21K1GSspN7yA0yDK
nrWXxmYJGVWanAEvW//zuuqUhxtNjAb/qIQl0UgjFN9cDT5vJZ7oY3nWOwP+0V2a
o+qrRxBTWSVliOShYpfjyHRsASRna2QLLUNQaBeoUqZBKNnFvuw4LZzmqNvV+Idj
+XWRCiSDJnf1zRrMwFLvZZ+UTQ==
=4VxR
-----END PGP SIGNATURE-----
Merge tag 'u-boot-stm32-20210409' of https://source.denx.de/u-boot/custodians/u-boot-stm
Add rt-thread art-pi board support based on STM32H750 SoC
Add Engicam i.Core STM32MP1 SoM
Add FIP header support for STM32programmer
Update uart number when no serial device found for STM32MP1
Remove board_check_usb_power function when ADC flag is not set
Update SPL size limitation for STM32MP1
Set soc_type, soc_pkg, soc_rev env variables for STM32MP1
Split up get_soc_name(), clean the decoding up a bit, and set up
environment variables which contain the SoC type, package, revision.
This is useful on SoMs, where multiple SoC options are populated.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Patrick Delaunay <patrick.delaunay@st.com>
Cc: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Replace the remaining printf in setup_boot_mode() by log macro
to handle filtering for log features.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Align the uart number in the trace of setup_boot_mode() with the name of
the uart/usart device (start at 1) and not with the instance value
(start at 0), i.e. the serial device sequence number and the index in
serial_addr[].
Fixes: f49eb16c17 ("stm32mp: stm32prog: replace alias by serial
device sequence number")
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Fix following compilation issue when SYS_DCACHE_OFF and/or SYS_DCACHE_SYS
are enabled :
arch/arm/mach-stm32mp/cpu.c: In function ‘early_enable_caches’:
arch/arm/mach-stm32mp/cpu.c:223:10: error: ‘volatile struct arch_global_data’ has no member named ‘tlb_size’
223 | gd->arch.tlb_size = PGTABLE_SIZE;
| ^
arch/arm/mach-stm32mp/cpu.c:224:10: error: ‘volatile struct arch_global_data’ has no member named ‘tlb_addr’
224 | gd->arch.tlb_addr = (unsigned long)&early_tlb;
| ^
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
The command "stm32prog serial <dev>" can directly use the device sequence
number of serial uclass as this sequence number is egual to alias when it
exist; this assumption simplify the code and avoid access to gd->fdt_blob
and the device tree parsing.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
When serial instance is not found in device tree, the console
should be enabled and the error should be indicated.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Add CONFIG_CMD_STM32PROG_SERIAL and CONFIG_CMD_STM32PROG_USB to
independently select the support of UART or USB communication for
STM32CubeProgrammer.
For serial boot over UART, user can deactivate CONFIG_CMD_STM32PROG_SERIAL
to use U-Boot console of binary loaded by UART (for board bring-up for
example).
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Overidde the weak function dram_bank_mmu_setup() to set the DDR
(preloc case) or the SYSRAM (in SPL case) executable before to enable
the MMU and configure DACR.
This weak function is called in dcache_enable/mmu_setup.
This patchs avoids a permission access issue when the DDR is marked
executable (by calling mmu_set_region_dcache_behaviour with
DCACHE_DEFAULT_OPTION) after MMU setup and domain access permission
activation with DACR in dcache_enable.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Move this out of the common header and include it only where needed. In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly. Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Change debug and pr_ macro to log macro and define LOG_CATEGORY.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
In the spirit of using the same base name for all of these related macros,
rename this to have the operation at the end. This is not widely used so
the impact is fairly small.
Signed-off-by: Simon Glass <sjg@chromium.org>
Correct the ALIGN macro usage in mmu_set_region_dcache_behaviour
call: the address must use ALIGN_DOWN and size can use ALIGN macro.
With STM32_SYSRAM_BASE=0x2FFC0000 and MMU_SECTION_SIZE=0x100000 for
STM32MP15x the computed address was 30000000 instead of 2ff00000.
Fixes: 43fe9d2fda ("stm32mp1: mmu_set_region_dcache_behaviour")
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
In pre-reloc stage, U-Boot marks cacheable the DDR limited by
the new config CONFIG_DDR_CACHEABLE_SIZE.
This patch allows to avoid any speculative access to DDR protected by
firewall and used by OP-TEE; the "no-map" reserved memory
node in DT are assumed after this limit:
STM32_DDR_BASE + DDR_CACHEABLE_SIZE.
Without security, in basic boot, the value is equal to STM32_DDR_SIZE.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Remove the unnecessary inversion on the eth_env_set_enetaddr() result which
only make complex the code of setup_mac_address() and display an invalid
value in the associated pr_err.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Marek Vasut <marex@denx.de>
Since commit d877f8fd0f ("arm: provide a function for boards init
code to modify MMU virtual-physical map") the parameter of
mmu_set_region_dcache_behaviour need to be MMU_SECTION_SIZE
aligned.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
As the dbgmcu_init use the function bsec_dbgswenable which is based
on the DM and DT, its call can't be done before the spl is initialized
(driver model, DT and malloc) in board_init_f::spl_early_init().
This function call is moved later in spl_board_init().
Fixes: bd3f60d29c ("arm: stm32mp: protect DBGMCU_IDC access with BSEC")
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
As debugger must be totally closed on Sec closed chip,
the DBGMCU_IDC register is no more accessible (self
hosted debug is disabled with OTP).
This patch adds a function bsec_dbgswenable() to check
if the DBGMCU registers are available before to access them:
BSEC_DENABLE.DBGSWENABLE = self hosted debug status.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.
Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.
Signed-off-by: Simon Glass <sjg@chromium.org>
Activate the data cache in SPL and in U-Boot before relocation.
In arch_cpu_init(), the function early_enable_caches() sets the early
TLB, early_tlb[] located .init section, and set cacheable:
- for SPL, all the SYSRAM
- for U-Boot, all the DDR
After relocation, the function enable_caches() (called by board_r)
reconfigures the MMU with new TLB location (reserved in
board_f.c::reserve_mmu) and re-enable the data cache.
This patch allows to reduce the execution time, particularly
- for the device tree parsing in U-Boot pre-reloc stage
(dm_extended_scan_fd =>dm_scan_fdt)
- in I2C timing computation in SPL (stm32_i2c_choose_solution())
For example, the result on STM32MP157C-DK2 board is:
1,6s gain for trusted boot chain with TF-A
2,2s gain for basic boot chain with SPL
For information, as TLB is added in .data section, the binary size
increased and the SPL load time by ROM code increased (30ms on DK2).
But early malloc can't be used for TLB because arch_cpu_init()
is executed before the early poll initialization done in spl_common_init()
called by spl_early_init() So it too late for this use case.
And if I initialize the MMU and the cache after this function it is
too late, as dm_init_and_scan and fdt parsing is also called in
spl_common_init().
And .BSS can be used in board_init_f(): only stack and global can use
before BSS init done in board_init_r().
So .data is the better solution without hardcoded location but if you
have size issue for SPL you can deactivate cache for SPL only
(with CONFIG_SPL_SYS_DCACHE_OFF).
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Add a function get_cpu_dev to get the DEV_ID present
in DBGMCU_IDC register.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Manage BOOT_FLASH_SPINAND, with boot_device="spi-nand"
and treat this value in bootcmd_stm32mp.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Activate ARCH_SUPPORT_TFABOOT and replace the arch stm32mp
specific config CONFIG_STM32MP1_TRUSTED by the generic CONFIG_TFABOOT
introduced by the commit 535d76a121 ("armv8: layerscape: Add TFABOOT
support").
This config CONFIG_TFABOOT is activated for the trusted boot chain,
when U-Boot is loaded by TF-A.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
The STM32MP1 series is available in 3 different lines which are pin-to-pin
compatible:
- STM32MP157: Dual Cortex-A7 cores, Cortex-M4 core @ 209 MHz,
3D GPU, DSI display interface and CAN FD
- STM32MP153: Dual Cortex-A7 cores, Cortex-M4 core @ 209 MHz
and CAN FD
- STM32MP151: Single Cortex-A7 core, Cortex-M4 core @ 209 MHz
Each line comes with a security option (cryptography & secure boot)
& a Cortex-A frequency option :
- A : Cortex-A7 @ 650 MHz
- C : Secure Boot + HW Crypto + Cortex-A7 @ 650 MHz
- D : Cortex-A7 @ 800 MHz
- F : Secure Boot + HW Crypto + Cortex-A7 @ 800 MHz
This patch adds the support of STM32MP15xD and STM32MP15xF in U-Boot.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Acked-by: Patrice Chotard <patrice.chotard@st.com>
Add a function get_soc_name to get a string with the full name
of the SOC "STM32MP15xxx Rev.x"
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Acked-by: Patrice Chotard <patrice.chotard@st.com>
Add BSEC lock access (read / write) at 0xC0000000 offset of misc driver.
The write access only available for Trusted boot mode, based on new
SMC STM32_SMC_WRLOCK_OTP.
With the fuse command, the permanent lock status is accessed with
0x10000000 offset (0xC0000000 - 0x8000000 for OTP sense/program
divided by u32 size), for example:
Read lock status of fuse 57 (0x39)
STM32MP> fuse sense 0 0x10000039 1
Sensing bank 0:
Word 0x10000039: 00000000
Set permanent lock of fuse 57 (0x39)
STM32MP> fuse prog 0 0x10000039 1
Sensing bank 0:
Word 0x10000039: 00000000
WARNING: the OTP lock is updated only after reboot
WARING: Programming lock or fuses is an irreversible operation!
This may brick your system.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Acked-by: Patrice Chotard <patrice.chotard@st.com>
Add support for Rev.Z of STM32MP15x cpu.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Let board code override setup_mac_address(), which is useful e.g. if the
board derives the MAC address from another source, like an I2C EEPROM.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Patrick Delaunay <patrick.delaunay@st.com>
Cc: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@st.com>
Reset ResourceTableAddress and CoprocessorState at cold boot, preserve
these values at standby wakeup.
Signed-off-by: Fabien Dessenne <fabien.dessenne@st.com>
Acked-by: Patrick Delaunay <patrick.delaunay@st.com>