The various Aries Embedded boards have been orphaned for a year and no
one has come forward to take care of them. Remove.
Signed-off-by: Tom Rini <trini@konsulko.com>
On a 4.18-rc1 kernel the following warning is seen on i.MX51 and
i.MX53:
CPU0: Spectre v2: firmware did not set auxiliary control register IBE bit, system vulnerable
Select the ARM_CORTEX_A8_CVE_2017_5715 workaround for i.MX51/i.MX53
to fix the problem.
With this patch applied the kernel reports:
CPU0: Spectre v2: using BPIALL workaround
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
cpu_cmd() is reading cpu number via simple_strtoul() which is always
unsigned type.
Platform code implementations are not expecting that nr can be negative
and there is not checking in the code for that too.
This patch is using u32 type for cpu number to make sure that platform
code get proper value range.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
According to the Cortex-A7 TRM, for ACTLR.SMP bit "You must ensure this bit
is set to 1 before the caches and MMU are enabled, or any cache and TLB
maintenance operations are performed".
ROM sets this bit in normal boot flow, but when in serial download mode,
it is not set.
Here we add it in u-boot as a common flow for all i.MX cortex-a7 platforms,
including mx7d, mx6ul/ull and mx7ulp.
Signed-off-by: Ye Li <ye.li@nxp.com>
[fabio: adapted to U-Boot mainline codebase and make checkpatch happy]
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
It makes sense to select the MP multi processor option at the same time we
select the other SMP options needed for SMP capable i.MX6 SoCs.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Also remove the #ifdef's from clock.h since the Kconfig values defaults
the to old default values in clock.h.
Signed-off-by: Magnus Lilja <lilja.magnus@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Move CONFIG_MX31 from mx31pdk.h to mx31pdk_defconfig and introduce
necessary Kconfig changes as well.
Signed-off-by: Magnus Lilja <lilja.magnus@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
This replaces TARGET_GE_B{4,6,8}50V3 with common TARGET_GE_BX50V3.
The boards are identified automatically at runtime.
Signed-off-by: Ian Ray <ian.ray@ge.com>
Signed-off-by: Nandor Han <nandor.han@ge.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.co.uk>
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.
In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.
This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.
Signed-off-by: Tom Rini <trini@konsulko.com>
SYS_ARCH_TIMER guards the usage of the ARM Generic Timer (aka arch
timer) in U-Boot.
At the moment it is mandatory for ARMv8 and used by a few ARMv7 boards.
Add a proper Kconfig symbol to express this dependency properly,
allowing certain board configuration to later disable arch timer in case
there are any problems with it.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
[tuomas: rebase + fix conflicts and resync with moveconfig & use select]
Signed-off-by: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
We have a large number of places where while we historically referenced
gd in the code we no longer do, as well as cases where the code added
that line "just in case" during development and never dropped it.
Signed-off-by: Tom Rini <trini@konsulko.com>
Each imx image is created by a separate sub-make and during this process
the mkimage config file is run though cpp.
The cpp output is to the same file no matter what imx image is being
created.
This means if two imx images are generated in parallel they will attempt
to independently produce the same pre-processed mkimage config file at
the same time.
Avoid the problem by making the pre-processed config file name unique
based on the imx image it will be used in. This way each image will
create a unique config file and they won't clobber each other when run
in parallel.
This should fixed the build bug referenced in b5b0e4e3 ("imximage:
Remove failure when no IVT offset is found").
Cc: Breno Lima <breno.lima@nxp.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Tested-by: Fabio Estevam <fabio.estevam@nxp.com>
Working with HAB on the i.MX7 we've encountered a case where a board that
successfully authenticates u-boot when booting Linux via OPTEE subsequently
fails to properly bring up the RTC.
The RTC registers live in the low-power block of the Secure Non-Volatile
Storage (SNVS) block.
The root cause of the error has been traced to the HAB handing off the
SNVS-RTC in a state where HPCOMR::NPSWA_EN = 0 in other words where the
Non-Privileged Software Access Enable bit is zero. In ordinary
circumstances this is OK since we typically do not run in TZ mode, however
when we boot via HAB and enablng TrustZone, it is required to set
HPCOMR::NPSWA_EN = 1 in order for the upstream Linux driver to have
sufficient permissions to manipulate the SNVS-LP block.
On our reference board it is the difference between Linux doing this:
root@imx7s-warp-mbl:~# dmesg | grep rtc
snvs_rtc_enable read 0x00000000 from SNVS_LPLR @ 0x00000034
snvs_rtc_enable read 0x00000021 from SNVS_LPCR @ 0x00000038
snvs_rtc_enable read 0x00000000 from SNVS_HPLR @ 0x00000000
snvs_rtc_enable read 0x80002100 from SNVS_HPCOMR @ 0x00000004
snvs_rtc 30370000.snvs:snvs-rtc-lp: rtc core: registered
30370000.snvs:snvs-rtc-lp as rtc0
snvs_rtc 30370000.snvs:snvs-rtc-lp: setting system clock to2018-04-01 00:51:04 UTC (1522543864)
and doing this:
root@imx7s-warp-mbl:~# dmesg | grep rtc
snvs_rtc_enable read 0x00000000 from SNVS_LPLR @ 0x00000034
snvs_rtc_enable read 0x00000020 from SNVS_LPCR @ 0x00000038
snvs_rtc_enable read 0x00000001 from SNVS_HPLR @ 0x00000000
snvs_rtc_enable read 0x00002020 from SNVS_HPCOMR @ 0x00000004
snvs_rtc 30370000.snvs:snvs-rtc-lp: failed to enable rtc -110
snvs_rtc: probe of 30370000.snvs:snvs-rtc-lp failed with error -110
hctosys: unable to open rtc device (rtc0)
Note bit 1 of LPCR is not set in the second case and is set in the first
case and that bit 31 of HPCOMR is set in the second case but not in the
first.
Setting NPSWA_EN in HPCOMR allows us to boot through enabling TrustZone
and continue onto the kernel. The kernel then has the necessary permissions
to set LPCR::SRTC_ENV (RTC enable in the LP command register) whereas in
contrast - in the failing case the non-privileged kernel cannot do so.
This patch adds a simple init_snvs() call which sets the permission-bit
called from soc.c for the i.MX7. It may be possible, safe and desirable to
perform this on other i.MX processors but for now this is only tested on
i.MX7 as working.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
This patch adds hab_auth_img_or_fail() a command line function that
encapsulates a common usage of authenticate and failover, namely if
authenticate image fails, then drop to BootROM USB recovery mode.
For secure-boot systems, this type of locked down behavior is important to
ensure no unsigned images can be run.
It's possible to script this logic but, when done over and over again the
environment starts get very complex and repetitive, reducing that script
repetition down to a command line function makes sense.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Cc: Breno Lima <breno.lima@nxp.com>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
The tester registers provide a unique chip-level identifier which
get_board_serial() returns in a "struct tag_serialnr".
This patch documents the properties of the registers; in summary.
31:0 OCOTP_TESTER0 (most significant)
- FSL-wide unique, encoded LOT ID STD II/SJC CHALLENGE/ Unique ID
OCOTP_TESTER1 (least significant)
31:24
- The X-coordinate of the die location on the wafer/SJC CHALLENGE/ Unique
ID
23:16
- The Y-coordinate of the die location on the wafer/SJC CHALLENGE/ Unique
ID
15:11
- The wafer number of the wafer on which the device was fabricated/SJC
CHALLENGE/ Unique ID
10:0
- FSL-wide unique, encoded LOT ID STD II/SJC CHALLENGE/ Unique ID
The 64 bits of data generate a unique serial number per-chip.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Currently when we define CONFIG_SERIAL_TAG we will barf with a failure to
define "struct tag_serialnr".
This structure is defined in <asm/setup.h>, this patch includes
<asm/setup.h> to fix.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
When the DDR calibration is enabled, a situation may happen that it
will fail on a few select boards out of a whole production lot. In
particular, after the first write leveling stage, the MPWLDECTRLx
registers will contain a value 0x1nn , for nn usually being 0x7f or
slightly lower.
What this means is that the HW write leveling detected that the DQS
rising edge on one or more bundles arrives slightly _after_ CLK and
therefore when the DDR DRAM samples CLK on the DQS rising edge, the
CLK signal is already high (cfr. AN4467 rev2 Figure 7 on page 18).
The HW write leveling then ends up adding almost an entire cycle (thus
the 0x17f) to the DQS delay, which indeed aligns it, but also triggers
subsequent calibration failure in DQS gating due to this massive offset.
There are two observations here:
- If the MPWLDECTRLx value is corrected from 0x17f to 0x0 , then the
DQS gating passes, the entire calibration passes as well and the
DRAM is perfectly stable even under massive load.
- When using the NXP DRAM calibrator for iMX6/7, the value 0x17f or so
in MPWLDECTRx register is not there, but it is replaced by 0x0 as one
would expect.
Someone from NXP finally explains why, quoting [1]:
"
Having said all that, the DDR Stress Test does something that we
do not advertise to the users. The Stress Test iself looks at the
values of the MPWLDECTRL0/1 fields before reporting results, and
if it sees any filed with a value greater than 200/256 delay
(reported as half-cycle = 0x1 and ABS_OFFSET > 0x48), the DDR
Stress test will reset the Write Leveling delay for this lane
to 0x000 and not report it in the log.
The reason that the DDR Stress test does this is because a delay
of more than 78% a clock cycle means that the DQS edge is arriving
within the JEDEC tolerence of 25% of the clock edge. In most cases,
DQS is arriving < 5% tCK of the SDCLK edge in the early case, and
it does not make sense to delay the DQS strobe almost a full clock
cycle and add extra latency to each Write burst just to make the
two edges align exactly. In this case, we are guilty of making a
decision for the customer without telling them we are doing it so
that we don't have to provide the above explanation to every customer.
They don't need to know it.
"
This patch adds the correction described above, that is if the MPWLDECTRx
value is over 0x148, the value is corrected back to 0x0.
[1] https://community.nxp.com/thread/456246
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Stefano Babic <sbabic@denx.de>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Reviewed-by: Eric Nelson <eric@nelint.com>
Reviewed-by: Stefano Babic <sbabic@denx.de>
Similarly to imx6, before reading the boot device, first check
bmode to see if the serial downloader has been selected
explicitly, then check whether the serial downloader has been
activated due to unbootable primary boot devices (e.g. empty eMMC).
If the serial downloader is activated, return BOOT_DEVICE_BOARD.
This allows SPL with SDP support to wait for the U-Boot image
to be loaded via the serial download protocol using imx_usb_loader.
Signed-off-by: Eran Matityahu <eran.m@variscite.com>
commit 8c4037a09a ("imx: hab: Ensure the IVT DCD pointer is Null prior
to calling HAB authenticate function.") makes the DCD field being NULL a
dependency.
This change though will break loading and executing of existing pre-signed
binaries on a u-boot update i.e. if this change is deployed on a board you
will be forced to redo all images on that board to NULL out the DCD.
There is no prior guidance from NXP that the DCD must be NULL similarly
public guidance on usage of the HAB doesn't call out this NULL dependency
(see boundary devices link).
Since later SoCs will reject a non-NULL DCD there's no reason to make a
NULL DCD a requirement, however if there is an actual dependency for later
SoCs the appropriate fix would be to do SoC version checking.
Earlier SoCs are capable (and happy) to authenticate images with non-NULL
DCDs, we should not be forcing this change on downstream users -
particularly if it means those users now must rewrite their build systems
and/or redeploy signed images in the field.
Fixes: 8c4037a09a ("imx: hab: Ensure the IVT DCD pointer is Null prior
to calling HAB authenticate function.")
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Cc: Breno Lima <breno.lima@nxp.com>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Link: https://boundarydevices.com/high-assurance-boot-hab-dummies
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Without the volatile attribute, compilers are entitled to optimize out
the same asm(). In the case of __udelay() in syscounter.c, it calls
`get_ticks()` twice, one for the starting time and the second in the
loop to check the current time. When compilers inline `get_ticks()`
they see the same `mrrc` instructions and optimize out the second one.
This leads to infinite loop since we don't get updated value from the
system counter.
Here is a portion of the disassembly of __udelay:
88: 428b cmp r3, r1
8a: f8ce 20a4 str.w r2, [lr, #164] ; 0xa4
8e: bf08 it eq
90: 4282 cmpeq r2, r0
92: f8ce 30a0 str.w r3, [lr, #160] ; 0xa0
96: d3f7 bcc.n 88 <__udelay+0x88>
98: e8bd 8cf0 ldmia.w sp!, {r4, r5, r6, r7, sl, fp, pc}
Note that final jump / loop at 96 to 88, we don't have any `mrrc`.
With a volatile attribute, the above changes to this:
8a: ec53 2f0e mrrc 15, 0, r2, r3, cr14
8e: 42ab cmp r3, r5
90: f8c1 20a4 str.w r2, [r1, #164] ; 0xa4
94: bf08 it eq
96: 42a2 cmpeq r2, r4
98: f8c1 30a0 str.w r3, [r1, #160] ; 0xa0
9c: d3f5 bcc.n 8a <__udelay+0x8a>
9e: e8bd 8cf0 ldmia.w sp!, {r4, r5, r6, r7, sl, fp, pc}
a2: bf00 nop
I'm advised[1] to put volatile on all asm(), so this commit also adds it
to the asm() in timer_init().
[1]: https://lists.denx.de/pipermail/u-boot/2018-March/322062.html
Signed-off-by: Yasushi SHOJI <yasushi.shoji@gmail.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Thomas reported U-Boot failed to build host tools if libfdt-devel
package is installed because tools include libfdt headers from
/usr/include/ instead of using internal ones.
This commit moves the header code:
include/libfdt.h -> include/linux/libfdt.h
include/libfdt_env.h -> include/linux/libfdt_env.h
and replaces include directives:
#include <libfdt.h> -> #include <linux/libfdt.h>
#include <libfdt_env.h> -> #include <linux/libfdt_env.h>
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Commit d695d66278 ("spl: eMMC/SD: Provide one __weak spl_boot_mode()
function") breaks the boot on several i.MX6 boards,
such as cuboxi and wandboard:
U-Boot SPL 2018.03-rc1-00212-g48914fc119 (Feb 10 2018 - 11:04:33 +1300)
Trying to boot from MMC1
Failed to mount ext2 filesystem...
spl_load_image_ext: ext4fs mount err - 0
Partially revert it so that we can boot U-Boot again on these
i.MX6 platforms.
Reported-by: Jonathan Gray <jsg@jsg.id.au>
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Currently SPL_LOAD_FIT is unable to boot from nand on
i.MX6QDL platform, so enable only for MMC boards.
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Currently the following devices are using a different definition for ROM
Vector Table addresses:
- i.MX6DQP = All rev
- i.MX6DQ >= rev 1.5
- i.MX6SDL >= rev 1.2
There is no need to create a new RVT macros since the only update were the
RVT base address. Remove HAB_RVT_*_NEW macros and define a new RVT base
address.
More details about RVT base address can be found on processors Reference
Manual and in the following documents:
EB803: i.MX 6Dual/6Quad Applications Processor Silicon Revision 1.2 to 1.3
Comparison
EB804: i.MX 6Solo/6DualLite Application Processor Silicon Revision 1.1
to 1.2/1.3 Comparison
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Write, Check and Set MID commands have been deprecated from the Code
Signing Tool (CST) v2.3.3 and will not be implemented in newer versions
of HAB, hence the following features are no longer available:
- Write Data
- Clear Mask
- Set Mask
- Check All Clear
- Check All Set
- Check Any Clear
- Check Any Set
- Set MID
The inappropriate use of Write Data command may lead to an incorrect
authentication boot flow. Since no specific application has been identified
that requires the use of any of these features, it is highly recommended to
add this check.
Signed-off-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
For proper authentication the HAB code must check if the CSF is valid.
Users must call the csf_is_valid() function to parse the CSF prior to
authenticating any additional images. The function will return a failure
if any of the following invalid conditions are met:
- CSF pointer is NULL
- CSF Header does not exist
- CSF does not lie within the image bounds
- CSF command length zero
Signed-off-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
DCD commands should only be present in the initial boot image loaded by
the SoC ROM. DCD should not be present in images that will be verified
by software using HAB RVT authentication APIs. Newer versions of HAB
will generate an error if a DCD pointer is present in an image being
authenticated by calling the HAB RVT API. Older versions of HAB will
process and run DCD if it is present, and this could lead to an incorrect
authentication boot flow.
It is highly recommended this check is in place to ensure additional HAB
verified images do not include a DCD table.
Signed-off-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Currently it is not possible to run CMD_DEK on i.MX SPL targets:
=> dek_blob 0x12000000 0x12001000 128
The system hangs after running dek_blob because the CAAM clock is being
disabled by the HAB code. There is no need to disable CAAM clock after
authenticating additional boot images, thus keep CAAM clock enabled to
address this issue.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
The motivation for moving MX28 selection to Kconfig is to be able
to better handle NAND MXS selection through Kconfig.
This selection method also aligns with the way other i.MX SoCs are
selected in U-Boot.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
The motivation for moving MX23 selection to Kconfig is to be able
to better handle NAND MXS selection through Kconfig.
This selection method also aligns with the way other i.MX SoCs are
selected in U-Boot.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
The goal of this patch is to clean up the code related to choosing SPL
MMC boot mode.
The spl_boot_mode() now is called only in spl_mmc_load_image() function,
which is only compiled in if CONFIG_SPL_MMC_SUPPORT is enabled.
To achieve the goal, all per mach/arch implementations eligible for
unification has been replaced with one __weak implementation.
Signed-off-by: Lukasz Majewski <lukma@denx.de>
Reviewed-by: Marek Vasut <marex@denx.de>
Reviewed-by: Stefano Babic <sbabic@denx.de>
Acked-by: Michal Simek <michal.simek@xilinx.com> (For ZynqMP)
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
This patch adds a sec_init call into arch_misc_init(). Doing so in
conjunction with the patch "drivers/crypto/fsl: assign job-rings to
non-TrustZone" enables use of the CAAM in Linux when OPTEE/TrustZone is
active.
u-boot will initialise the RNG and assign ownership of the job-ring
registers to a non-TrustZone context. With recent changes by Lukas Auer to
fully initialize the RNG in sec_init() this means that u-boot will hand-off
the CAAM in a state that Linux then can use the CAAM without touching the
reserved DECO registers.
This change is safe both for the OPTEE/TrustZone boot path and the regular
non-OPTEE/TrustZone boot path.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Marco Franchi <marco.franchi@nxp.com>
Cc: Vanessa Maegima <vanessa.maegima@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Tested-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Static variables are not available during board_init_f().
'static uint32_t mx53_dram_size[2];' was used in board specific
dram_init(), dram_init_banksize() and get_effective_memsize() to avoid
multiple calls to get_ram_size().
Reused dram initialization functions from arch/arm/mach-imx/mx5/mx53_dram.c
Signed-off-by: Patrick Bruenn <p.bruenn@beckhoff.com>
Static variables are not available during board_init_f().
'static uint32_t mx53_dram_size[2];' was used in board specific
dram_init(), dram_init_banksize() and get_effective_memsize() to avoid
multiple calls to get_ram_size().
Reused dram initialization functions from arch/arm/mach-imx/mx5/mx53_dram.c
Signed-off-by: Patrick Bruenn <p.bruenn@beckhoff.com>
Move dram_init(), dram_init_banksize() and get_effective_memsize() to
arch/arm/mach-imx/mx5/mx53_dram.c, where it can be reused by m53evk and
mx53loco.
Signed-off-by: Patrick Bruenn <p.bruenn@beckhoff.com>
