Commit graph

74721 commits

Author SHA1 Message Date
Alfonso Sánchez-Beato
17f8cda505 efi_loader: set partition GUID in device path for SIG_TYPE_GUID
Previously, the GPT device GUID was being used instead of the partition,
which was incorrect.

Signed-off-by: Alfonso Sánchez-Beato <alfonso.sanchez-beato@canonical.com>

Let EFI_LOADER select CONFIG_PARTITION_UUIDS.
Use log_warning() instead of printf() for warning.
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-07-18 14:43:56 +02:00
Tom Rini
f929ce5072 Merge branch '2021-07-16-cleanup-image-support'
- A large rework of the logic around supporting various image
  types/formats and sharing between the host and target.
2021-07-17 11:39:50 -04:00
Tom Rini
d5dbc661c3 i.MX
----
 
 - mx7ulp : fix  WDOG
 - imx8 : Phytec
 - USB3 support for i.MX8
 
 CI: https://source.denx.de/u-boot/custodians/u-boot-imx/-/pipelines/8277
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQS2TmnA27QKhpKSZe309WXkmmjvpgUCYPLjyA8cc2JhYmljQGRl
 bnguZGUACgkQ9PVl5Jpo76aBtgCfUI2SbFwh7oydllrwb0lEvWegfNcAn1JpR3Zn
 H41xrXQqCBedYKxvuUUL
 =5wvR
 -----END PGP SIGNATURE-----

Merge tag 'u-boot-imx-20210717' of https://gitlab.denx.de/u-boot/custodians/u-boot-imx

i.MX
----

- mx7ulp : fix  WDOG
- imx8 : Phytec
- USB3 support for i.MX8

CI: https://source.denx.de/u-boot/custodians/u-boot-imx/-/pipelines/8277
2021-07-17 10:52:21 -04:00
Breno Lima
edf95bdedd mx7ulp: wdog: Wait for WDOG unlock and reconfiguration to complete
According to i.MX7ULP Reference Manual we should wait for WDOG unlock
and reconfiguration to complete.

Section "59.5.3 Configure Watchdog" provides the following example:

DisableInterrupts; //disable global interrupt
WDOG_CNT = 0xD928C520; //unlock watchdog
while(WDOG_CS[ULK]==0); //wait until registers are unlocked
WDOG_TOVAL = 256; //set timeout value
WDOG_CS = WDOG_CS_EN(1) | WDOG_CS_CLK(1) | WDOG_CS_INT(1) |
	  WDOG_CS_WIN(0) | WDOG_CS_UPDATE(1);
while(WDOG_CS[RCS]==0); //wait until new configuration takes effect
EnableInterrupts; //enable global interrupt

Update U-Boot WDOG driver to align with i.MX7ULP reference manual.

Use 32 bits accessing to CS register. According to RM, the bits in
this register only can write once after unlock. So using 8 bits access
will cause problem.

Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-07-17 14:59:56 +02:00
Breno Lima
c6ae713c7c mx7ulp: Update unlock and refresh sequences in sWDOG driver
According to i.MX7ULP Reference Manual the second word write for both
UNLOCK and REFRESH operations must occur in maximum 16 bus clock.

The current code is using writel() function which has a DMB barrier to
order the memory access. The DMB between two words write may introduce
some delay in certain circumstance, causing a WDOG timeout due to 16 bus
clock window requirement.

Replace writel() function by __raw_writel() to achieve a faster memory
access and avoid such issue.

Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
2021-07-17 14:59:56 +02:00
Ye Li
cb391e3399 imx8mq_evk: Enable the USB3.0 host port
Setup USB clock in board codes, and enable the DWC3 XHCI and
PHY drivers to make USB3.0 host port working on i.MX8MQ EVK.

Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Patrick Wildt <patrick@blueri.se>
2021-07-17 13:12:23 +02:00
Ye Li
4a837d433c arm: imx8mq: Add USB clock init function
Add clock function to setup relevant clocks for USB3.0 controllers and
PHYs on i.MX8MQ

Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Patrick Wildt <patrick@blueri.se>
Tested-by: Patrick Wildt <patrick@blueri.se>
2021-07-17 13:12:23 +02:00
Ye Li
4390e9f997 arm: dts: imx8mq: Add alias for two usb controllers
Add alias for two DWC3 usb controllers to fix the seq index.

Signed-off-by: Ye Li <ye.li@nxp.com>
Tested-by: Patrick Wildt <patrick@blueri.se>
2021-07-17 13:12:23 +02:00
Ye Li
4266dc1dff phy: phy-imx8mq-usb: Add USB PHY driver for i.MX8MQ
Add the USB PHY driver for i.MX8MQ to work with DWC3 USB controller.

Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Patrick Wildt <patrick@blueri.se>
Tested-by: Patrick Wildt <patrick@blueri.se>
2021-07-17 13:12:23 +02:00
Alexandru Gagniuc
cb9faa6f98 tools: Use a single target-independent config to enable OpenSSL
Host tool features, such as mkimage's ability to sign FIT images were
enabled or disabled based on the target configuration. However, this
misses the point of a target-agnostic host tool.

A target's ability to verify FIT signatures is independent of
mkimage's ability to create those signatures. In fact, u-boot's build
system doesn't sign images. The target code can be successfully built
without relying on any ability to sign such code.

Conversely, mkimage's ability to sign images does not require that
those images will only work on targets which support FIT verification.
Linking mkimage cryptographic features to target support for FIT
verification is misguided.

Without loss of generality, we can say that host features are and
should be independent of target features.

While we prefer that a host tool always supports the same feature set,
we recognize the following
  - some users prefer to build u-boot without a dependency on OpenSSL.
  - some distros prefer to ship mkimage without linking to OpenSSL

To allow these use cases, introduce a host-only Kconfig which is used
to select or deselect libcrypto support. Some mkimage features or some
host tools might not be available, but this shouldn't affect the
u-boot build.

I also considered setting the default of this config based on
FIT_SIGNATURE. While it would preserve the old behaviour it's also
contrary to the goals of this change. I decided to enable it by
default, so that the default build yields the most feature-complete
mkimage.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-07-16 15:39:29 -04:00
Alexandru Gagniuc
b9826bf0c1 image: Add support for relocating crypto_algos in linker lists
Function pointers from crypto_algos array are relocated, when
NEEDS_MANUAL_RELOC is set. This relocation doesn't happen if the algo
is placed in a linker list. Implement this relocation.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Michal Simek <michal.simek@xilinx.com>
2021-07-16 15:39:29 -04:00
Alexandru Gagniuc
8387dba471 image: Eliminate IMAGE_ENABLE_VERIFY_ECDSA macro
This macro is no longer needed for code flow or #ifdefs. Remove it.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-16 15:39:29 -04:00
Alexandru Gagniuc
8be1818a4f image: Eliminate IMAGE_ENABLE_VERIFY macro
This macro is no longer needed for code flow or #ifdefs. Remove it.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-16 15:39:29 -04:00
Alexandru Gagniuc
92c960bc1d lib: rsa: Remove #ifdefs from rsa.h
It is no longer necessary to implement rsa_() functions as no-ops
depending on config options. It is merely sufficient to provide the
prototypes, as the rsa code is no longer linked when unused.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-16 15:39:29 -04:00
Alexandru Gagniuc
820c4968c3 lib: ecdsa: Remove #ifdefs from ecdsa.h
It is no longer necessary to implement ecdsa_() functions as no-ops
depending on config options. It is merely sufficient to provide the
prototypes, as the ecdsa code is no longer linked when unused.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-16 15:39:29 -04:00
Alexandru Gagniuc
24cee49fcc image: image-sig.c: Remove crypto_algos array
Crytographic algorithms (currently RSA), are stored in linker lists.
The crypto_algos array is unused, so remove it, and any logic
associated with it.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-16 15:39:28 -04:00
Alexandru Gagniuc
6909edb4ce image: rsa: Move verification algorithm to a linker list
Move the RSA verification crytpo_algo structure out of the
crypto_algos array, and into a linker list.

Although it appears we are adding an #ifdef to rsa-verify.c, the gains
outweigh this small inconvenience. This is because rsa_verify() is
defined differently based on #ifdefs. This change allows us to have
a single definition of rsa_verify().

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-16 15:38:49 -04:00
Alexandru Gagniuc
0980164b13 image: Add support for placing crypto_algo in linker lists
The purpose of this change is to enable crypto algorithms to be placed
in linker lists, rather than be declared as a static array. The goal
is to remove the crypto_algos array in a subsequent patch.

Create a new linker list named "cryptos", and search it when
image_get_crypto_algo() is invoked.

NOTE that adding support for manual relocation of crypto_algos within
linker lists is beyond the scope of this patch.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-16 12:58:56 -04:00
Alexandru Gagniuc
cab22c8890 common: image-sig.c: Remove host-specific logic and #ifdefs
Remove any ifdefs in image-sig.c that were previously used to
differentiate from the host code. Note that all code dedicated to
relocating ->sign() and ->add_verify_data)_ can be safely removed,
as signing is not supported target-side.

NOTE that although it appears we are removing ecdsa256 support, this
is intentional. ecdsa_verify() is a no-op on the target, and is
currently only used by host code.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-16 12:58:55 -04:00
Alexandru Gagniuc
e89660f5ec common: Move host-only logic in image-sig.c to separate file
image-sig.c is used to map a hash or crypto algorithm name to a
handler of that algorithm. There is some similarity between the host
and target variants, with the differences worked out by #ifdefs. The
purpose of this change is to remove those ifdefs.

First, copy the file to a host-only version, and remove target
specific code. Although it looks like we are duplicating code,
subsequent patches will change the way target algorithms are searched.
Besides we are only duplicating three string to struct mapping
functions. This isn't something to fuss about.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-16 12:58:55 -04:00
Simon Glass
70c1c8927e image: Drop IMAGE_ENABLE_BEST_MATCH
This is not needed with Kconfig, since we can use IS_ENABLED() easily
enough. Drop it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-07-16 12:58:55 -04:00
Simon Glass
14f061dcb1 image: Drop IMAGE_ENABLE_SHAxxx
We already have a host Kconfig for these SHA options. Use
CONFIG_IS_ENABLED(SHAxxx) directly in the code shared with the host build,
so we can drop the unnecessary indirections.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-07-16 12:58:55 -04:00
Simon Glass
0ad75696d0 image: Drop IMAGE_ENABLE_SHA1
We already have a host Kconfig for SHA1. Use CONFIG_IS_ENABLED(SHA1)
directly in the code shared with the host build, so we can drop the
unnecessary indirection.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-07-16 12:58:55 -04:00
Simon Glass
4b00fd1a84 Kconfig: Rename SPL_MD5_SUPPORT to SPL_MD5
Drop the _SUPPORT suffix so we can use CONFIG_IS_ENABLED() with this
option.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-07-16 12:58:55 -04:00
Simon Glass
1e52db6799 Kconfig: Rename SPL_CRC32_SUPPORT to SPL_CRC32
Drop the _SUPPORT suffix so we can use CONFIG_IS_ENABLED() with this
option.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-07-16 12:58:55 -04:00
Simon Glass
ad74aed11e image: Rename CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
Drop the ENABLE and SUPPORT parts of this, which are redundant.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-07-16 12:58:55 -04:00
Simon Glass
f5bc9c25f3 image: Rename SPL_SHAxxx_SUPPORT to SPL_FIT_SHAxxx
These option are named inconsistently with other SPL options, thus making
them incompatible with the CONFIG_IS_ENABLED() macro. Rename them.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-07-16 12:58:55 -04:00
Simon Glass
0003b8ada9 image: Shorten FIT_ENABLE_SHAxxx_SUPPORT
The ENABLE part of this name is redundant, since all boolean Kconfig
options serve to enable something. The SUPPORT part is also redundant
since Kconfigs can be assumed to enable support for something. Together
they just serve to make these options overly long and inconsistent
with other options.

Rename FIT_ENABLE_SHAxxx_SUPPORT to FIT_SHAxxx

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-07-16 12:58:55 -04:00
Tom Rini
c39946a2e2 Merge branch '2021-07-15-assorted-fixes'
- Large number of Coverity reported issues addressed
- m41t62 bugfix
- Support more Android image compression formats
- FIT + DTO bugfix
2021-07-16 09:15:59 -04:00
Tom Rini
d0dab9336d Merge https://source.denx.de/u-boot/custodians/u-boot-marvell
- designware_wdt: reset watchdog in designware_wdt_stop() function
  (Meng)
- socfpga_stratix10: enable wdt command (Meng)
- wdt-uclass: Use IS_ENABLED for WATCHDOG_AUTOSTART (Teresa)
2021-07-16 09:15:21 -04:00
Tom Rini
7533f80bec - DTS: alignment with Linux kernel v5.13 for stm32mp15 boards
- STM32MP1: update the stm32key command
 - STM32MP1: activate the rng command
 - STM32MP1: fix the stm32prog command (help, parttition size)
 - STM32MP1: add fdtoverlay_addr_r variable
 - STM32MP1: correctly managed SYSCON/SYSCFG clock
 - STM32MP1: remove mmc alias and directly use device instance in boot_instance variable
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEE56Yx6b9SnloYCWtD4rK92eCqk3UFAmDxNdoACgkQ4rK92eCq
 k3XOOwgAqM+jCVlex1tbrojdKSpH0TI8EgzIKfpjSe6pJTHGzB+zJ9H50TJ3l8QY
 eSt5G3pl8BYkSs1I1AtlF5AhByFh/2S3ZAIgndjROQkG7yLKR5Y6sfqhMituBTH5
 3HzoWmlGf4HCbk51k+nzGRLez+QuJB0pMTvYssMP85rQAROw5QH9vBoNrq6URG38
 +wO1Ktoh+tHnInG3ynNO8UBfPWk3NhwlT4YksouMPA8iTry+VQynxkoH1oW5bsqq
 yiLRibUc/tgjmT8M5y1ua7p00rzOd9qaHtjFn/qrxo1xajGFg138uIdfdY7vhsdt
 6tiHeStjHaXvcrQwaqTX3iXYHQKmXw==
 =CqBk
 -----END PGP SIGNATURE-----

Merge tag 'u-boot-stm32-20210715' of https://source.denx.de/u-boot/custodians/u-boot-stm

- DTS: alignment with Linux kernel v5.13 for stm32mp15 boards
- STM32MP1: update the stm32key command
- STM32MP1: activate the rng command
- STM32MP1: fix the stm32prog command (help, parttition size)
- STM32MP1: add fdtoverlay_addr_r variable
- STM32MP1: correctly managed SYSCON/SYSCFG clock
- STM32MP1: remove mmc alias and directly use device instance in boot_instance variable
2021-07-16 09:15:05 -04:00
Teresa Remmet
5fc0943513 drivers: watchdog: wdt-uclass: Use IS_ENABLED for WATCHDOG_AUTOSTART
There is no separate SPL/TPL config for WATCHDOG_AUTOSTART.
So use IS_ENABLED instead of CONFIG_IS_ENABLED to make watchdog
working in SPL again.

Fixes: 830d29ac37 ("watchdog: Allow to use CONFIG_WDT without starting watchdog")
Signed-off-by: Teresa Remmet <t.remmet@phytec.de>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-07-16 10:28:35 +02:00
MengLi
aed2ebaa1f arm: socfpga: socfpga_stratix10: enable wdt command by default
In latest u-boot code, watchdog feature is implemented, so enable
wdt command by default.

Signed-off-by: Meng Li <Meng.Li@windriver.com>
2021-07-16 10:28:35 +02:00
MengLi
4f7abafe1c driver: watchdog: reset watchdog in designware_wdt_stop() function
In uboot command line environment, watchdog is not able to be
stopped with below commands:
SOCFPGA_STRATIX10 # wdt dev watchdog@ffd00200
SOCFPGA_STRATIX10 # wdt stop
Refer to watchdog driver in linux kernel, it is also need to reset
watchdog after disable it so that the disable action takes effect.

Signed-off-by: Meng Li <Meng.Li@windriver.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Sean Anderson <sean.anderson@seco.com>
2021-07-16 10:28:35 +02:00
Patrick Delaunay
db1ab52e15 ARM: dts: stm32mp15: remove mmc alias
Remove the mmc alias no more required as the sequence number
of mmc device is used for boot_instance.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-07-16 09:28:46 +02:00
Patrick Delaunay
3c1057c548 stm32mp: use device sequence number in boot_instance variable
Use the device sequence number in boot_instance variable
and no more the SDMMC instance provided by ROM code/TF-A.

After this patch we don't need to define the mmc alias in
device tree, for example:
  mmc0 = &sdmmc1;
  mmc1 = &sdmmc2;
  mmc2 = &sdmmc3;
to have a correct mapping between the ROM code boot device =
"${boot_device}${boot_instance}" and the MMC device in U-Boot.

With this patch the 'mmc0' device (used in mmc commands) is
always used when only one instance sdmmc is activated in device
tree, even if it is only the sdmmc2 or sdmmc3.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-07-16 09:28:46 +02:00
Patrick Delaunay
b18c3abdea stm32mp: stm32prog: use defines for virtual partition size
Use the existing defines PMIC_SIZE and OTP_SIZE and a new define
CMD_SIZE for virtual partition size.

This patch corrects the size for OTP partition in alternate name
(1024 instead of 512) and avoids other alignment issues.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-07-16 09:28:46 +02:00
Patrick Delaunay
35049127f8 configs: stm32mp1: activate command rng
Activate the command rng with CONFIG_CMD_RNG, used to test
the rng driver

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-07-16 09:28:46 +02:00
Patrick Delaunay
7c55249307 stm32mp: syscon: manage clock when present in device tree
Enable the clocks during syscon probe when they are present in device tree.

This patch avoids a freeze when the SYSCFG clock is not enabled by
TF-A / OP-TEE.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-07-16 09:28:46 +02:00
Patrick Delaunay
3105836c9e clk: stm32mp1: add support of SYSCFG clock
Add the support of SYSCFG clock used by syscon driver
to prepare the clock management of STM32MP_SYSCON_SYSCFG.

This clock is already defined in kernel device tree,
stm32mp151.dtsi but not yet supported in the syscon driver:

syscfg: syscon@50020000 {
	compatible = "st,stm32mp157-syscfg", "syscon";
	reg = <0x50020000 0x400>;
	clocks = <&rcc SYSCFG>;
};

It is safe to support this clock in U-Boot driver with
RCC_MC_APB3ENSETR, Bit 11 SYSCFGEN: SYSCFG peripheral clocks
enable.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-07-16 09:28:46 +02:00
Patrick Delaunay
7e54934532 arm: dts: stm32mp15: alignment with v5.13
Device tree alignment with Linux kernel v5.13
- ARM: dts: stm32: Add PTP clock to Ethernet controller
- ARM: dts: stm32: enable the analog filter for all I2C nodes in
  stm32mp151
- ARM: dts: stm32: fix usart 2 & 3 pinconf to wake up with flow control
- ARM: dts: stm32: Add wakeup management on stm32mp15x UART nodes
- ARM: dts: stm32: add #clock-cells property to usbphyc node on stm32mp151
- ARM: dts: stm32: Add STM32MP1 I2C6 SDA/SCL pinmux
- ARM: dts: stm32: Rename mmc controller nodes to mmc@
- ARM: dts: stm32: Add additional init state for SDMMC1 pins

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-07-16 09:28:46 +02:00
Patrick Delaunay
80cfc6c692 stm32mp: cmd_stm32key: add subcommand close
The expected sequence to close the device

1/ Load key in DDR with any supported load command
2/ Update OTP with key: STM32MP> stm32key read <addr>

At this point the device is able to perform image authentication but
non-authenticated images can still be used and executed.
So it is the last moment to test boot with signed binary and
check that the ROM code accepts them.

3/ Close the device: only signed binary will be accepted !!
   STM32MP> stm32key close

Warning: Programming these OTP is an irreversible operation!
         This may brick your system if the HASH of key is invalid

This command should be deactivated by default in real product.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-07-16 09:28:46 +02:00
Patrick Delaunay
d3551b8eef stm32mp: cmd_stm32key: add read OTP subcommand
Allow to read the OTP value and lock status with the command
$> stm32key read.

This patch also protects the stm32key fuse command.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-07-16 09:28:46 +02:00
Patrick Delaunay
e00e1f394c stm32mp: cmd_stm32key: add get_misc_dev function
Add a helper function to access to BSEC misc driver.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-07-16 09:28:46 +02:00
Patrick Delaunay
3da2552a22 stm32mp: cmd_stm32key: lock of PKH OTP after fuse
Lock the OTP value of key's hash after the command
$> stm32key fuse <address>

This operation forbids a second update of these OTP as they are
ECC protected in BSEC: any update of these OTP with a different value
causes a BSEC disturb error and the closed chip will be bricked.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-07-16 09:28:46 +02:00
Patrick Delaunay
fe24090eb7 stm32mp: cmd_stm32key: handle error in fuse_hash_value
Handle errors in fuse_hash_value function.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-07-16 09:28:46 +02:00
Patrick Delaunay
bc78d5f25a stm32mp: cmd_stm32key: use sub command
Simplify parsing the command argument by using
the macro U_BOOT_CMD_WITH_SUBCMDS.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-07-16 09:28:46 +02:00
Patrick Delaunay
3a99481159 stm32mp: configs: activate the command stm32key only for ST boards
This command is used to evaluate the secure boot on stm32mp SOC,
it is deactivated by default in real products.

We activate this command only in STMicroelectronics defconfig
used with the evaluation boards.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-07-16 09:28:46 +02:00
Patrick Delaunay
edca8c3f8e stm32mp: stm32prog: fix the content of short help message
Reduce the content of short help message for stm32prog command and
removed the carriage return to fix the display of 'help' command when
this command is activated.

Fixes: 954bd1a923 ("stm32mp: add the command stm32prog")
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-07-16 09:28:46 +02:00
Patrick Delaunay
918609ccfa configs: stm32mp1: remove splashimage and add fdtoverlay_addr_r
Add the variable used by PXE command for fdtoverlays support
since the commit 69076dff22 ("cmd: pxe: add support for FDT overlays").

Reused the unused "splashimage" address as CONFIG_SPLASH_SOURCE and
CONFIG_VIDEO_LOGO are not activated and U-Boot display the "BACKGROUND"
image found in extlinux.conf to manage splashscreen on stm32mp1 boards.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-07-16 09:28:46 +02:00