Add function and new command "auth_cntr" for secure boot support.
When booting with life cycle set to OEM closed, we need to use
this function to authenticate the OS container and load kernel & FDT
from OS container to their destination.
Also add image authentication call when loading container images.
Users can set CONFIG_AHAB_BOOT=y to enable the feature. It is not
set at default.
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Enable bd71837 pmic for i.MX8MM EVK board, need to set voltage for
DRAM and linux suspend voltage requirement.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
We are going to add i2c pmic support before dram could be used.
So we need enable clk driver earlier, so use spl_early_init
and move clock controller probe eariler to board_init_f.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
It will be easy to separate SD/EMMC when booting in SPL stage, then
no need to bother which device is BOOT_DEVICE_MMC1/2.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Add init_nand_clk to enable gpmi nand clock. Since i.MX8MQ not use CCF,
so we still use legacy mode to configure the clock.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The i.MX8MQ B1 uses OCOTP_HW_OCOTP_READ_FUSE_DATA register for chip id.
It returns a magic number 0xff0055aa. update get_cpu_rev to support it,
and enable ocotp clock to access ocotp.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Set gd->fb_base so it can be shown with bdinfo command.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Migrate to DM_VIDEO, update the device tree and remove code that is no
longer necessary.
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Migrate to DM_ETH and remove code that is no longer necessary.
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
This updates the i.MX8MQ device trees and, necessarily, also the
i.MX8MQ clock bindings. These are taken verbatim from from the
Linux kernel version v5.4-rc2, which three small changes which
were already part of the previous device tree:
* Keep the PSCI reserved memory range
* Keep the alias for ethernet, so that the MAC address can be set
* Keep the modified #include for the IOMUXC pins
Signed-off-by: Patrick Wildt <patrick@blueri.se>
Acked-by: Peng Fan <peng.fan@nxp.com>
This commit adds falcon boot support (by also copying args necessary for
booting) to the SPL NOR memory driver.
After this change it is possible to use the falcon boot in the same way
as on NAND memories. The necessary configs (i.e. CONFIG_CMD_SPL_NOR_OFS)
are now defined in Kconfig.
Signed-off-by: Lukasz Majewski <lukma@denx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
The mccmon6 has been used a "mixed" approach between SPL and
U-Boot proper sources.
This commit decoupes SPL and u-boot proper, which allows clear
distinction between those two code bases and facilitates
conversion to DM/DTS on this particular board.
Signed-off-by: Lukasz Majewski <lukma@denx.de>
This commit converts mccmon6's u-boot proper (in a single commit to avoid
build breaks) to use solely DM/DTS.
The DTS description of the mccmon6 has been ported from Linux kernel
(v4.20, SHA1: 8fe28cb58bcb235034b64cbbb7550a8a43fd88be)
Signed-off-by: Lukasz Majewski <lukma@denx.de>
In order for 'bmode emmc' to work, the eMMC needs to be initialized in the
SPL. This change initializes the eMMC as BOOT_DEVICE_MMC1 (index=0).
Signed-off-by: Claudius Heine <ch@denx.de>
The board_boot_modes contained the wrong values for the emmc entry.
The eMMC here is connected over a 8-bit bus.
This change allows to use the 'bmode emmc' command to boot from emmc.
Signed-off-by: Claudius Heine <ch@denx.de>
The expire_now function was previously setting the watchdog timeout to
minimum and waiting for the watchdog to expire. However, this watchdog
also has bits to trigger immediate reset. Use those instead, like the
Linux imx2_wdt driver does.
Signed-off-by: Robert Hancock <hancock@sedsystems.ca>
The Linux imx2_wdt driver uses a fsl,ext-reset-output boolean in the
device tree to specify whether the board design should use the external
reset instead of the internal reset. Use this boolean to determine which
mode to use rather than using external reset unconditionally.
For the legacy non-DM mode, the external reset is always used in order
to maintain the previous behavior.
Signed-off-by: Robert Hancock <hancock@sedsystems.ca>
Add u-boot,dm-pre-reloc properties for uart pinmux configuration
nodes, which enables UART as early as possible (before relocation).
Without this we miss almost the half of output (U-boot version,
CPU defails, Reset cause, DRAM details etc.).
Fixes: cd69e8ef9b ("colibri-imx6ull: migrate pinctrl and regulators to dtb/dm")
Reviewed-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@toradex.com>
Introduce imx6ull-colibri-u-boot.dtsi for u-boot specific properties to
keep original imx6ull-colibri.dts in sync with Linux.
Move all contents of imx6ull-colibri.dts to imx6ull-colibri.dtsi +
additionally fix checkpatch warnings.
Reviewed-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@toradex.com>
According to IMX28CEC rev. 4, 10/2018, Table 15. Recommended Operating
Conditions, page 16, the VDDD should be set to 1.55V when the CPU is
operating at 454MHz. This is the case in U-Boot, hence increase the
VDDD voltage. This fixes instability when performing TFTP transfers.
Increase the brownout threshold to 1.4V. The documentation recommends
1.45V setting for the brownout, however, this triggers failure during
power block init, so keep the brownout slightly lower.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Stefano Babic <sbabic@denx.de>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
imx6_is_bmode_from_gpr9 always returns false, because
IMX6_SRC_GPR10_BMODE is 1<<28 and gets casted to u8 on return.
This moves the function body into imx6_src_get_boot_mode, since that is the
only one using it and it is on the same abstraction level (accessing
registers directly).
Signed-off-by: Claudius Heine <ch@denx.de>
After the following commit:
commit 772b55723b ("imx: Introduce CONFIG_SPL_FORCE_MMC_BOOT to force MMC
boot on falcon mode")
it is possible to set the CONFIG_SPL_FORCE_MMC_BOOT flag, which allows
using MMC device as boot device regardless of the device used by Boot ROM
(FBL) as the first boot medium.
Display5 board needs this flag set to allow falcon boot from eMMC device.
Signed-off-by: Lukasz Majewski <lukma@denx.de>
Introduce disable_ipu_clock(). This is done in preparation for
configuring the NoC registers on i.MX6QP in SPL.
Afer the NoC registers are set the IPU clocks can be disabled.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
The code can be made simpler by using setbits_le32(), so switch
to it.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Similar to 90d3d78a1c ("gitlab-ci: Prepend to PATH rather than replace
it") we need to prepend the PATH with our additional binaries and not
replace the value fully as doing so breaks virtualenv.
Signed-off-by: Tom Rini <trini@konsulko.com>
Provide a better user interface for setting UEFI variables.
Bug fixes:
- ext4 file system not discovered on UEFI block device
- 'make tests' build error on 32bit systems
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl25wUcACgkQxIHbvCwF
GsQ16w/+IibWYFw2t6AdI8DLWOvlHR/PVAOrbF9cBi1vZPr4drEH6m1ymRWAKjRt
E4u8siBiIs5yhD7laL09JK4p/veTnoHCVrCdli9iPhIJUFGKz9uuXh4ruZgRnGIn
+j0ra0tkTRHeGX4bMtTpMVySQqIuLQ+2ZrMMnfKfnTTlLmhv436xUyBZ/CFl7k4J
7sFj/FfjRCYpe7nfHTqUGidJtJG1cc+hw26c1YrfiKB6piVdH43myOB5sPDW24g3
OPptJyUFqbQjjV6Eq0EOVJt103rVtXpQc0e4Oa/mDDkmrQZ1pUhXi3zhxmzMRDQu
k+9gX0IoSNJcW+e7DrcQsx5SmOnlvoC4euCypzhWEWvES89ftAHIitEAz9oTs6Gc
etwXFomvH797ZOoBztrja9XsfnLFHBQHaAiExqEVVFi/1nhDsYdj+xEDHjDU+cZx
E3UcrRNXcfA2+oaXpNBguzAOrMPX8UbrR1kkaMDTuJfA32Pe7RLz3aMfXyx1rAOU
t7GWSROOYtoNf5IU/Jha1F8231WRPJnWm1LQdzNLaGSmbG/H7vFgW4dpdxEyLn4m
C0Goj0GzmBIQxRL+38sCOKLVxPEpGoU/GzonC9bU0O+UyN57rAiwn9ZbTa6ZvJqG
/2tPoKiutJRueUH3IDWViMhyW/w0h0tj0BUiV5lAQ9X9vW4E1YQ=
=f0m8
-----END PGP SIGNATURE-----
Merge tag 'efi-2020-01-rc2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-01-rc2
Provide a better user interface for setting UEFI variables.
Bug fixes:
- ext4 file system not discovered on UEFI block device
- 'make tests' build error on 32bit systems
Bootstage improvements for TPL, SPL
Various sandbox and dm improvements and fixes
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl24zDoRHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreZRiwf+Mf7oG//zjiZcHaPP6KOFb1CjwqLSuiaI
eCYB6GEZXuSpc8MjAw+baAfIw8MMFuaCfPsUQ5dDo391neK0sW9kkEsdcXnQBpB3
GdJYcewLN1UuJZovriGobIisGc0GQHh8gmRcVGWSKoEt+gAQauRtVYBIUPuS3JG+
ihZgYmVgICa+3tqavIbP2oZdXLuLAxR65mfiQHtiJwdCN3OOzyls2v0T0slQX9GV
ln6EvTk8OMIudBmkB7YiTmJF7AB+3PH/uBaiYyTKO9gtjLhnmCFvG5HxJTRFOKvU
F4oVWZJDEcqfZvYgWg8i5vgokMP41nzLfBr7j5ifUX1f3xwCHy/Tpw==
=S4XI
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-29oct19' of git://git.denx.de/u-boot-dm
- Fix for patman with email addresses containing commas
- Bootstage improvements for TPL, SPL
- Various sandbox and dm improvements and fixes
Similar to the rework for GitLab-CI and Travis-CI, rework the Azure
Pipeline to use python3 and requirements.txt to install the necessary
modules.
Signed-off-by: Tom Rini <trini@konsulko.com>
Add optional parameter to 'avb verify' sub-command, so that user is able
to specify which slot to use, in case when user's partitions are
slotted. If that parameter is omitted, the behavior of 'avb verify' will
be the same as before, so user API is content.
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Acked-by: Igor Opaniuk <igor.opaniuk@gmail.com>
After updating libavb to most recent version from AOSP/master, two new
warnings appear:
Warning #1:
lib/libavb/avb_cmdline.c: In function 'avb_append_options':
lib/libavb/avb_cmdline.c:365:15: warning: 'dm_verity_mode' may be
used uninitialized in this function
[-Wmaybe-uninitialized]
new_ret = avb_replace(
^~~~~~~~~~~~
slot_data->cmdline, "$(ANDROID_VERITY_MODE)", dm_verity_mode);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/libavb/avb_cmdline.c:374:8: warning: 'verity_mode' may be used
uninitialized in this function
[-Wmaybe-uninitialized]
if (!cmdline_append_option(
^~~~~~~~~~~~~~~~~~~~~~
slot_data, "androidboot.veritymode", verity_mode)) {
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Warning #2:
lib/libavb/avb_slot_verify.c: In function 'avb_slot_verify':
lib/libavb/avb_slot_verify.c:1349:23: warning: 'ret' may be used
uninitialized in this function
[-Wmaybe-uninitialized]
AvbSlotVerifyResult ret;
^~~
Fix those by providing default return values to affected functions.
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Update libavb to commit 5fbb42a189aa in AOSP/master, because new version
has support for super partition [1], which we need for implementing
Android dynamic partitions. All changes from previous patches for libavb
in U-Boot are accounted for in this commit:
- commit ecc6f6bea6 ("libavb: Handle wrong hashtree_error_mode in
avb_append_options()")
- commit 897a1d947e ("libavb: Update SPDX tag style")
- commit d8f9d2af96 ("avb2.0: add Android Verified Boot 2.0 library")
Tested on X15:
## Android Verified Boot 2.0 version 1.1.0
read_is_device_unlocked not supported yet
read_rollback_index not supported yet
read_is_device_unlocked not supported yet
Verification passed successfully
AVB verification OK.
Unit test passes:
$ ./test/py/test.py --bd sandbox --build -k test_avb
test/py/tests/test_android/test_avb.py ss..s.
[1] 49936b4c01
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Reviewed-by: Eugeniu Rosca <rosca.eugeniu@gmail.com>
Acked-by: Igor Opaniuk <igor.opaniuk@gmail.com>
When running the following command
mkimage -f auto -A arm -O linux -T kernel -C none -a 0x8000 -e 0x8000 \
-d zImage -b zynq-microzed.dtb -i initramfs.cpio image.ub
the type of fdt subimage is the same as of the main kernel image and
the architecture of the initramfs image is not set. Such an image is
refused by U-Boot when booting. This commits sets the mentioned
attributes, allowing to use the "-f auto" mode in this case instead of
writing full .its file.
Following is the diff of mkimage output without and with this commit:
FIT description: Kernel Image image with one or more FDT blobs
Created: Thu Sep 12 23:23:16 2019
Image 0 (kernel-1)
Description:
Created: Thu Sep 12 23:23:16 2019
Type: Kernel Image
Compression: uncompressed
Data Size: 4192744 Bytes = 4094.48 KiB = 4.00 MiB
Architecture: ARM
OS: Linux
Load Address: 0x00008000
Entry Point: 0x00008000
Image 1 (fdt-1)
Description: zynq-microzed
Created: Thu Sep 12 23:23:16 2019
- Type: Kernel Image
+ Type: Flat Device Tree
Compression: uncompressed
Data Size: 9398 Bytes = 9.18 KiB = 0.01 MiB
Architecture: ARM
- OS: Unknown OS
- Load Address: unavailable
- Entry Point: unavailable
Image 2 (ramdisk-1)
Description: unavailable
Created: Thu Sep 12 23:23:16 2019
Type: RAMDisk Image
Compression: Unknown Compression
Data Size: 760672 Bytes = 742.84 KiB = 0.73 MiB
- Architecture: Unknown Architecture
+ Architecture: ARM
OS: Linux
Load Address: unavailable
Entry Point: unavailable
Default Configuration: 'conf-1'
Configuration 0 (conf-1)
Description: zynq-microzed
Kernel: kernel-1
Init Ramdisk: ramdisk-1
FDT: fdt-1
Loadables: kernel-1
Signed-off-by: Michal Sojka <michal.sojka@cvut.cz>
For some controllers PHYs can be optional. Handling NULL pointers without
crashing nor failing, makes it easy to handle optional PHYs.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
malloc_cache_aligned() might return zero, so fix potential NULL pointer
access if __GFP_ZERO flag is set.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Ralph Siemsen <ralph.siemsen@linaro.org>