Commit graph

1094 commits

Author SHA1 Message Date
Sean Anderson
12b3339070 Move i.MX8 container image loading support to common/spl
To facilitate testing loading i.MX8 container images, move the
parse-container code to common/spl.

Signed-off-by: Sean Anderson <seanga2@gmail.com>
2023-10-17 20:50:52 -04:00
Sean Anderson
ab12179b3e arm: imx: Check header before calling spl_load_imx_container
Make sure we have an IMX header before calling spl_load_imx_container,
since if we don't it will fail with -ENOENT. This allows us to fall back to
legacy/raw images if they are also enabled.

This is a functional change, one which likely should have been in place
from the start, but a functional change nonetheless. Previously, all
non-IMX8 images (except FITs without FIT_FULL) would be optimized out if
the only image load method enabled supported IMX8 images. With this change,
support for other image types now has an effect.

There are seven boards with SPL_LOAD_IMX_CONTAINER enabled: three with
SPL_BOOTROM_SUPPORT:

    imx93_11x11_evk_ld imx93_11x11_evk imx8ulp_evk

and four with SPL_MMC:

    deneb imx8qxp_mek giedi imx8qm_mek

All of these boards also have SPL_RAW_IMAGE_SUPPORT and
SPL_LEGACY_IMAGE_FORMAT enabled as well. However, none have FIT support
enabled. Of the six load methods affected by this patch, only SPL_MMC and
SPL_BOOTROM_SUPPORT are enabled with SPL_LOAD_IMX_CONTAINER.
spl_romapi_load_image_seekable does not support legacy or raw images, so
there is no growth. However, mmc_load_image_raw_sector does support loading
legacy/raw images. Since these images could not have been booted before, I
have disabled support for legacy/raw images on these four boards. This
reduces bloat from around 800 bytes to around 200.

There are no in-tree boards with SPL_LOAD_IMX_CONTAINER and AHAB_BOOT both
enabled, so we do not need to worry about potentially falling back to
legacy images in a secure boot scenario.

Future work could include merging imx_container.h with imx8image.h, since
they appear to define mostly the same structures.

Signed-off-by: Sean Anderson <seanga2@gmail.com>
2023-10-17 20:50:52 -04:00
Sean Anderson
d401e0b264 arm: imx: Add function to validate i.MX8 containers
Add a function to abstract the common task of validating i.MX8 container
image headers.

Signed-off-by: Sean Anderson <seanga2@gmail.com>
2023-10-17 20:50:52 -04:00
Sean Anderson
d9416cc449 arm: imx: Use log_err for errors in read_auth_container
To allow for more flexible handling of errors, use log_err instead of
printf.

Signed-off-by: Sean Anderson <seanga2@gmail.com>
2023-10-17 20:50:52 -04:00
Sean Anderson
14399638c6 arm: imx: Add newlines after error messages
These error messages are missing newlines. Add them.

Fixes: 6e81ca220e ("imx: parse-container: Use malloc for container processing")
Signed-off-by: Sean Anderson <seanga2@gmail.com>
2023-10-17 20:50:52 -04:00
Sean Anderson
5c09c25873 arm: imx: Fix i.MX8 container load address
We should load images to their destination, not their entry point.

Fixes: 7b86cd4274 ("imx8: support parsing i.MX8 Container file")
Signed-off-by: Sean Anderson <seanga2@gmail.com>
2023-10-17 20:50:52 -04:00
Tom Rini
c41df16b27 u-boot-imx-20231016
-------------------
 
 CI: https://source.denx.de/u-boot/custodians/u-boot-imx/-/pipelines/18168
 
 - Imrovement MX93
 - Toradex: fixes
 - Convert to DM (serial, watchdog) for some boards
 - HAB improvements for Secure Boot
 - DTO overlay for DHCOM
 - USB fixes, Mass storage for MX28
 - Cleanup some code
 - Phytec MX8M : EEProm detection, fixes
 - Gateworks Boards improvements
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQS2TmnA27QKhpKSZe309WXkmmjvpgUCZS2rbg8cc2JhYmljQGRl
 bnguZGUACgkQ9PVl5Jpo76ZdfQCgi+D4n5iiQglY1zy34TkQogK1b/wAoI/8yu79
 SxE769moFjYPyYOZMjtt
 =GGb5
 -----END PGP SIGNATURE-----

Merge tag 'u-boot-imx-20231016' of https://gitlab.denx.de/u-boot/custodians/u-boot-imx

u-boot-imx-20231016
-------------------

CI: https://source.denx.de/u-boot/custodians/u-boot-imx/-/pipelines/18168

- Imrovement MX93
- Toradex: fixes
- Convert to DM (serial, watchdog) for some boards
- HAB improvements for Secure Boot
- DTO overlay for DHCOM
- USB fixes, Mass storage for MX28
- Cleanup some code
- Phytec MX8M : EEProm detection, fixes
- Gateworks Boards improvements
2023-10-16 17:34:38 -04:00
Fabio Estevam
38caaffb38 mxs: Kconfig: Remove TARGET_XFI3 symbol
The xfi3 target has been removed by commit 539fba2c10 ("arm:
Remove xfi3 board"), but it missed to remove an entry from the
mxs Kconfig.

Remove it.

Signed-off-by: Fabio Estevam <festevam@denx.de>
2023-10-16 18:52:19 +02:00
Marek Vasut
b0296e22cb imx: hab: Use size parameter
The current code works by sheer coincidence, because (see HABv4 API
documentation, section 3.4) the RVT authenticate_image call updates
the size that is passed in with the actual size ROM code pulls from
IVT/CSF . So if the input size is larger, that is "fine" . Pass in
size instead to make this really correct.

Signed-off-by: Marek Vasut <marex@denx.de>
2023-10-16 16:25:09 +02:00
Tom Rini
3616218b5a cmd: Convert existing long help messages to the new macro
- Generally we just drop the #ifdef CONFIG_SYS_LONGHELP and endif lines
  and use U_BOOT_LONGHELP to declare the same variable name as before
- In a few places, either rename the variable to follow convention or
  introduce the variable as it was being done inline before.

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-10-16 10:24:58 -04:00
Hiago De Franco
7dede4033b arm: mach-imx: Makefile: Extend u-boot-nand.imx padding
Extend the padding process of u-boot-nand.imx target by adding 10k bytes
of zeros to the end of the binary using the 'dd' command.

The existing padding method did not generate a functional binary,
as discussed in more detail in this thread [1]. Instead, we adopt the
end-padding calculation method documented in 'board/doc/colibri_imx7.rst'
as a reference, which is relevant for iMX7 with NAND storage.

Adding 10k bytes of zeros provides an approximate value that makes the
proper padding for these NAND devices.

[1] https://lore.kernel.org/all/CAC4tdFUqffQzRQFv5AGe_xtbFy1agr2SEpn_FzEdexhwjdryyw@mail.gmail.com/

Signed-off-by: Hiago De Franco <hiago.franco@toradex.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
2023-10-16 08:46:01 +02:00
Rasmus Villemoes
3c3976ff2b imx: spl_imx_romapi.c: remove dead code
These IS_ENABLED(CONFIG_SPL_LOAD_FIT) cases can no longer be reached,
and thus get_fit_image_size() is also redundant.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Fabio Estevam <festevam@denx.de>
2023-10-16 08:46:01 +02:00
Rasmus Villemoes
4b4472438f imx: spl_imx_romapi: avoid tricky use of spl_load_simple_fit() to get full FIT size
Currently, spl_imx_romapi uses a somewhat tricky workaround for the
fact that a FIT image with external data doesn't directly allow one to
know the full size of the file: It does a dummy spl_load_simple_fit(),
having the ->read callback remember the largest offset requested, and
then does a last call to rom_api_download_image() to fetch the
remaining part of the full FIT image.

We can avoid that by just keeping track of how much we have downloaded
already, and if the ->read() requests something outside the current
valid buffer, fetch up to the end of the current request.

The current method also suffers from not working when CONFIG_IMX_HAB
is enabled: While in that case u-boot.itb is not built with external
data, so the fdt header does contain the full size of the dtb
structure. However, it does not account for the extra CONFIG_CSF_SIZE
added by board_spl_fit_size_align(). And also, the data it hands out
during the first dummy spl_load_simple_fit() is of course garbage, and
wouldn't pass the verification.

So we really need to call spl_load_simple_fit() only once, let that
figure out just how big the FIT image is (including whatever data, CSF
or "ordinary" external data, has been tacked on beyond the fdt
structure), and always provide valid data from the ->read callback.

This only affects the CONFIG_SPL_LOAD_FIT case - I don't have any
hardware or experience with the CONFIG_SPL_LOAD_IMX_CONTAINER case, so
I leave that alone for now.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Fabio Estevam <festevam@denx.de>
2023-10-16 08:46:01 +02:00
Tim Harvey
ae56026783 arm: imx: imx8m: add optee configuration to ft_system_setup
If optee is detected configure it in the Linux device-tree:
 - add /firmware/optee node
 - add /reserved-memory nodes for optee_core and optee_shm

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
2023-10-16 08:46:01 +02:00
Michael Scott
43b1e83a73 imx: syscounter: allow timer_init for SPL build
With enabled SKIP_LOWLEVEL_INIT, the weak function timer_init() is
used in the SPL build. For iMX6 SoC, this leads MMC to fail once
u-boot proper is booted due to a timing issue.
Always use iMX-specific timer_init() in SPL to fix timing issues.

Fixes: be277c3a89 ("imx: mx7: avoid some initialization if low level is skipped")
Signed-off-by: Michael Scott <mike@foundries.io>
Co-developed-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
2023-10-16 08:46:01 +02:00
Tom Rini
ac897385bb Merge branch 'next'
Signed-off-by: Tom Rini <trini@konsulko.com>
2023-10-02 10:55:44 -04:00
Simon Glass
1e94b46f73 common: Drop linux/printk.h from common header
This old patch was marked as deferred. Bring it back to life, to continue
towards the removal of common.h

Move this out of the common header and include it only where needed.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-09-24 09:54:57 -04:00
Fabio Estevam
5ae4f74a1b imx: hab: Explain that ivt_offset is optional
The ivt_offset parameter is optional for both hab_auth_img_or_fail
and hab_auth_img commands.

Document it in their usage texts to make it clearer.

Signed-off-by: Fabio Estevam <festevam@denx.de>
2023-09-23 18:45:34 +02:00
Fabio Estevam
ade6e375c3 imx: hab: Improve the hab_auth_img_or_fail usage text
Split the hab_auth_img_or_fail usage text in two sentences to make it
clearer.

Signed-off-by: Fabio Estevam <festevam@denx.de>
2023-09-23 18:45:34 +02:00
Eduard Strehlau
2ec9ebc72a imx: hab: Allow hab_auth_img_or_fail to be called without ivt_offset
Since commit ea91031b22 ("imx: hab: extend hab_auth_img to calculate
ivt_offset"), it is possible to call the hab_auth_img command without the
last ivt_offset argument.

Currently, calling hab_auth_img_or_fail without the last
ivt_offset parameter causes a failure and the command usage text is shown.

Fix this problem by adjusting the argc logic to allow
calling hab_auth_img_or_fail with only the address and size parameters.

This way, both hab_auth_img and hab_auth_img_or_fail have the same
behavior with respect to the allowed number of command parameters.

Signed-off-by: Eduard Strehlau <eduard@lionizers.com>
Signed-off-by: Fabio Estevam <festevam@denx.de>
2023-09-23 18:45:33 +02:00
Oleksandr Suvorov
71dfe179cd mach-imx: bootaux: fix building with disabled bootelf
If CMD_ELF disabled and IMX_BOOTAUX enabled, the u-boot building ends
up with a linking error [1]. Select LIB_ELF to fix the building
issue.

[1]
ld: /tmp/ccaF1rpv.ltrans0.ltrans.o: in function `do_bootaux':
arch/arm/mach-imx/imx_bootaux.c:108: undefined reference to `valid_elf_image'

Fixes: c0f037f6a2 ("mach-imx: bootaux: elf firmware support")
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
2023-09-23 18:45:33 +02:00
Tom Rini
ddec4cae62 Prepare v2023.10-rc4
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmT17FsACgkQFHw5/5Y0
 tywn0gwAlRs5NZ4ierzvDiLQEvYgV6E+lLccwyf8mMfJVHicrrW/ckxqJGS2mrLz
 IoA0pO1oF/HFfR/0pgx9Pb2kuIK1tkCeVNYW6t9EDbEJzrbfdvykBcSB4wgKYpgB
 ZgCga0jsPNM951Y3a3TElNEet4pVTZrDLu0E2UR6zNzr5hpKnfoQTZRfBI1MyCq4
 w4/Eo2wAnnaV1lcobg9LzM6uyDnETxWyTI7DIJYSqkEgT0WcF6zrdW55MaXtrPo5
 RZ4q5MTJQwqnTV5awsmgEt8PSC+XQcPHMPrVCwoOZAdru+5zO3AWpbqq1q6K+y9U
 FEsaJ6HGn5BdITgmIK/lb8oTekfOkDPFF3WuFp5bZ6L0A63ANu/MMWHELyyt5+0z
 TlnU94PVxiLnPMzZtfBPWRQ3jIU5qltJaoW0pKwsoa7P8iUd1WZgYyN+G9WPgwFr
 XUemGRNkgnWfRoxcKGbaYDSB0Llp6m/zqPlGfhlt0ZKXc6igLu3/egRh7/8zLR0i
 y9uBKG45
 =s9vZ
 -----END PGP SIGNATURE-----

Merge tag 'v2023.10-rc4' into next

Prepare v2023.10-rc4
2023-09-04 10:51:58 -04:00
Elena Popa
07908bf5e5 arm: imx: imx8m: imx9: Fix DRAM size calculation due to rom_pointer
If dram_init_banksize() is called from SPL, the rom_pointer, at that
point, is not correctly initialized. This causes wrong calculation of
DRAM start and size in dram_init_banksize(). The issue became apparent
only in Falcon Mode. Added an extra condition to prevent using
rom_pointer in SPL.

Signed-off-by: Elena Popa <elena.popa@nxp.com>
Reviewed-by: Marek Vasut <marex@denx.de>
Reviewed-by: Fabio Estevam <festevam@denx.de>
2023-09-04 10:21:20 +02:00
Simon Glass
f72d0d4a2f event: Convert existing spy records to simple
Very few of the existing event-spy records use the arguments they are
passed. Update them to use a simple spy instead, to simplify the code.

Where an adaptor function is currently used, remove it where possible.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-08-31 13:16:54 -04:00
Ricardo Salveti
c91feda87c Revert "arm: imx: mx7: Move CONFIG_OPTEE_TZDRAM_SIZE from lib/optee"
This reverts commit c5b68ef8af.

CONFIG_OPTEE_TZDRAM_SIZE is used by imx6-based SoCs as well. Move the
option back.

Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
2023-08-28 15:59:22 -04:00
Tom Rini
7e6e40c572 Prepare v2023.10-rc3
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmTjxwsACgkQFHw5/5Y0
 tyz4TAwAtVgllQGPVNIVDaEBdG93htm1DoZPc4EMZ4L5rf0nT0yJPeOhRCGygYY+
 zYL1ueleBZtpJhYOuHGetSns0B/M5Wx7gu1eGHNGrMNHH7zCV5Ynjjee2IaqKgbU
 tdSSc8XQpJ3PJY6rhJ6qZ7pO/EcUlQEdqplEUGFmA4JObx43j1+bmqyGTJA57vEw
 rrr+tyUVlr+Wv4lqlX/YJWzAB6IoSMUStv34M2lmiZvZoTYHezvIqBK33GrQ4Cwl
 hQ8nP7ymBXdA5GoMFBpfaBCA7aX3esx4yYN3JIRNRjNmnITJHYs0G8oIh8R5iNnJ
 psroU7GRPu3MmXfOnHlRfA/v0mo8xQGc2RQHyZUGXuApTI8+SFK/4WJPBny/IYse
 ggcVCHoI57dx1+j4+JHYhh61bMR1JUwARs4/UU4dKT3MRZM8Gb99OvbXO3+switZ
 R0YHSnDP///MTC7/MzbOPWzsJiTn9gkZd8nFVTXoncrVI8F3OtCc89G4HBruBSj7
 ptfylxqH
 =VlzD
 -----END PGP SIGNATURE-----

Merge tag 'v2023.10-rc3' into next

Prepare v2023.10-rc3

Signed-off-by: Tom Rini <trini@konsulko.com>
2023-08-21 17:32:17 -04:00
Heinrich Schuchardt
d768dd8855 common: return type board_get_usable_ram_top
board_get_usable_ram_top() returns a physical address that is stored in
gd->ram_top. The return type of the function should be phys_addr_t like the
current type of gd->ram_top.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2023-08-15 18:21:17 +02:00
Tom Rini
a077ac13d0 Kconfigs: Correct default of "0" on hex type entries
It is not a parse error to have a default value of "0" for a "hex" type
entry, instead of "0x0".  However, "0" and "0x0" are not treated the
same even by the tools themselves. Correct this by changing the default
value from "0" to "0x0" for all hex type questions that had the
incorrect default. Fix one instance (in two configs) of a default of "0"
being used on a hex question to be "0x0". Remove the cases where a
defconfig had set a value of "0x0" to be used as the default had been
"0".

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-08-09 09:21:42 -04:00
Fabio Estevam
e713364f36 mx23_olinuxino: Convert to CONFIG_DM_SERIAL
The conversion to CONFIG_DM_SERIAL is mandatory, so select this option.

Signed-off-by: Fabio Estevam <festevam@denx.de>
2023-07-13 11:29:41 +02:00
Fabio Estevam
9a38d889a1 mx23evk: Convert to CONFIG_DM_SERIAL
The conversion to CONFIG_DM_SERIAL is mandatory, so select this option.

Signed-off-by: Fabio Estevam <festevam@denx.de>
2023-07-13 11:29:41 +02:00
Fabio Estevam
68bad63ee0 mx28evk: Convert to CONFIG_DM_SERIAL
The conversion to CONFIG_DM_SERIAL is mandatory, so select this option.

Signed-off-by: Fabio Estevam <festevam@denx.de>
2023-07-13 11:29:41 +02:00
Marek Vasut
cb5fe9e336 ARM: imx: romapi: Fix signed integer bitwise ops misuse
Bitwise operations on signed integers are not defined,
replace them with per-call checks.

Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Heiko Schocher <hs@denx.de>
2023-07-13 11:29:40 +02:00
Tim Harvey
c8645e7411 configs: imx8m: Prepare imx8m-venice boards for HAB support
In order to enable HAB, FSL_CAAM, ARCH_MISC_INIT and
SPL_CRYPTO should be enabled in Kconfig like other i.MX8M
boards.

This also needs to occur in the SPL so enable CONFIG_SPL_BOARD_INIT and
add a void spl_board_init function which calls arch_misc_init to probe
the CAAM driver.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
2023-07-13 11:29:40 +02:00
Maximus Sun
2159f7d9b6 imx: priblob: Update to use structure
Use structure to avoid define CAAM_SCFGR for each platform

Signed-off-by: Maximus Sun <maximus.sun@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2023-07-13 11:29:40 +02:00
Gaurav Jain
d7b5fba9a5 imx: imx8: ahab: sha256: enable image verification using ARMv8 crypto extension
add support for SHA-256 secure hash algorithm using the ARM v8
SHA-256 instructions for verifying image hash.

Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2023-07-13 11:29:40 +02:00
Ye Li
00ce4153fb imx: ahab: Update AHAB for iMX8 and iMX8ULP
Abstract common interfaces for AHAB authentication operations.
Then share some common codes for AHAB and SPL container authentication

Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2023-07-13 11:29:40 +02:00
Nitin Garg
6e81ca220e imx: parse-container: Use malloc for container processing
If the container has image which conflicts with
spl_get_load_buffer address, there are processing failures.
Use malloc instead of spl_get_load_buffer.

Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Nitin Garg <nitin.garg@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2023-07-13 11:29:40 +02:00
Peng Fan
dc2d49209e imx: imx8m: clock: not configure reserved SRC register
i.MX8M[M,N,P] SRC not has 0x1004 offset register, so drop it.

Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2023-07-13 11:29:40 +02:00
Ye Li
e8cd1f60d9 imx: imx8: bootaux: Add i.MX8 M4 boot support
1. Implement bootaux for the M4 boot on i.MX8QM and QXP. Users need to download
   M4 image to any DDR address first. Then use the
   "bootaux <M4 download DDR address> [M4 core id]" to boot CM4_0
   or CM4_1, the default core id is 0 for CM4_0.

   Since current M4 only supports running in TCM. The bootaux will copy
   the M4 image from DDR to its TCML.

2. Implment bootaux for HIFI on QXP
   command: bootaux 0x81000000 1

Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2023-07-13 11:29:40 +02:00
Ye Li
8d84a8f487 imx: bootaux: Fix bootaux issue when running on ARM64
The bootaux uses ulong to read private data and write to M4 TCM,
this cause problem on ARM64 platform where the ulong is 8bytes.
Fix it by using u32 to replace ulong.

Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2023-07-13 11:29:40 +02:00
Peng Fan
9395eb05ee imx: bootaux: change names of MACROs used to boot MCU on iMX devices
The current bootaux supports i.MX8M and i.MX93, but the name "_M4_"
implies that the SoCs have Cortex-M4. Actually i.MX8MM/Q use Cortex-M4,
i.MX8MN/P use Cortex-M7, i.MX93 use Cortex-M33, so use "_MCU_" in place
of "_M4_" to simplify the naming.

Signed-off-by: faqiang.zhu <faqiang.zhu@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2023-07-13 11:29:40 +02:00
Peng Fan
455ebf8f45 imx: iamge-container: support secondary container
Add the support for loading image from secondary container set on
iMX8QM B0, iMX8QXP C0.

Using the SCFW API to get container set index, if it is the secondary
boot, get the offset from fuse and apply to offset of current container
set beginning for loading.

Also override the emmc boot partition to check secondary boot and switch
to the other boot part.

This patch is modified from NXP downstream:
imx8: Fix the fuse used by secondary container offset
imx: container: Skip container set check for ROM API
imx8: spl: Support booting from secondary container set

Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2023-07-13 11:29:40 +02:00
Ye Li
3b5c1d0ea1 imx: image-container: Fix container header checking
Checking container header tag and version is wrong, it causes to fail
to bypass invalid container

Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2023-07-13 11:29:40 +02:00
Ye Li
b645f95da9 imx: hab: Fix coverity issue in HAB event decoding
Fix below coverity issues caused by get_idx function where "-1" is
compared with uint8_t "element"
343336 Unsigned compared with neg
343337 Operands don't affect result

Additional, this function returns "-1" will cause overflow to
event string array.

Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2023-07-13 11:29:40 +02:00
Clement Faure
859f4e02a8 imx: cmd_dek: add ELE DEK Blob generation support
Add ELE DEK Blob generation for the cmd_dek command.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2023-07-13 11:29:40 +02:00
Ye Li
f0e974e1e4 imx: cmd_dek: Fix Uninitialized pointer read
Fix Coverity (CID 21143558).
When tee_shm_register returns failure, the shm_input pointer is
invalid, should not free it. Same issue also exists on registering
shm_output.

Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2023-07-13 11:29:40 +02:00
Peng Fan
31e5ec2323 imx: ele_api: support program secure fuse and return lifecycle
Add two ELE API: ele_return_lifecycle_update and ele_write_secure_fuse
Add two cmd: ahab_return_lifecycle and ahab_sec_fuse_prog

Signed-off-by: Peng Fan <peng.fan@nxp.com>
2023-07-13 11:29:40 +02:00
Peng Fan
ef5bdfc273 imx: ele_ahab: use hextoul
Use hextoul which looks a bit simpler.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
2023-07-13 11:29:40 +02:00
Peng Fan
914ede6978 imx: parse-container: fix build warning
Fix build warning:
warning: format ‘%x’ expects argument of type ‘unsigned int’, but argument 3
has type ‘u64’ {aka ‘long long unsigned int’} [-Wformat=]
         printf("can't find memreg for image %d load address 0x%x, error %d\n",
warning: format ‘%lx’ expects argument of type ‘long unsigned int’, but
argument 3 has type ‘sc_faddr_t’ {aka ‘long long unsigned int’} [-Wformat=]
          debug("memreg %u 0x%lx -- 0x%lx\n", mr, start, end);

Signed-off-by: Peng Fan <peng.fan@nxp.com>
2023-07-13 11:29:40 +02:00
Peng Fan
d3ee9dbd59 imx: use generic name ele(EdgeLockSecure Enclave)
Per NXP requirement, we rename all the NXP EdgeLock Secure Enclave
code including comment, folder and API name to ELE to align.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
2023-07-13 11:29:40 +02:00