This patch adds support for verifying a signed boot.scr. With this in place
it's possible for run-time Linux to update boot.scr to set different
variables such as switching between different boot partitions, pointing to
different kernels etc and for u-boot to verify these changes via the HAB
prior to executing the commands contained in boot.scr.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
setexpr allows us to do arithmetic for env variables - something that is
both useful and required when doing HAB authentication without hard-coding
HAB load addresses.
This patch enables CMD_SETEXPR for the WaRP7 defconfig.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
This patch introduces the environment variable ivt_offset. When we define a
load address for Linux or DTB or any file the IVT associated with that file
is prepended. We extract the actual load addresses from u-boot.cfg and feed
these values into the code-signing process - hence we want u-boot to have
the real load addresses exported in uboot.cfg.
ivt_offset represents the addition or subtraction from the load address
that must happen to find an IVT header.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Doing secure boot on the WaRP7 using a common image format and the same
variable to represent the base address for each call means we can reduce
down the command to a single environment command.
This patch adds warp7_auth_or_fail as a wrapper around
"hab_auth_img_or_fail ${hab_ivt_addr} ${filesize} 0".
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
We need to know the name of a signed boot-script, its better to have a
separate variable for this then to simply append some fixed string to an
existing image name.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Assigning the UUID discovery path to a tweakable environment variable means
that later steps in the boot process - particularly a boot script can
change the target root partition of a particular Linux boot.
Retargeting the rootfs is an important feature when doing ping/pong
upgrades allowing a boot script to select ping or pong as necessary without
reprogramming the bootloader.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Adding CONFIG_WARP7_ROOT_PART allows a defconfig to specify which partition
is use as the root partition on WaRP7, this is a desirable change in order
to support a different partitioning schemes. The default is the current
partition #2.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
In order to sign images with the IMX code-signing-tool (CST) we need to
know the load address of a given image. The best way to derive this load
address is to make it into a define - so that u-boot.cfg contains the
address - which we can then parse when generating the IMX CST headers.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: Ryan Harkin <ryan.harkin@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
This patch enables CONFIG_BOOTM_TEE. Once enabled its possible to
chain-load Linux through OPTEE.
Loading kernel to 0x80800000
=> run loadimage
Load FDT to 0x83000000
=> run loadfdt
Load OPTEE to 0x84000000
=> fatload mmc 0:5 0x84000000 /lib/firmware/uTee.optee
Then chain-load to the kernel via OPTEE
=> bootm 0x84000000 - 0x83000000
Image Name:
Image Type: ARM Trusted Execution Environment Kernel Image (uncompressed)
Data Size: 249844 Bytes = 244 KiB
Load Address: 9dffffe4
Entry Point: 9e000000
Verifying Checksum ... OK
Loading Kernel Image ... OK
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Various function associated with booting the WaRP7 in High Assurance Boot
(HAB) mode are enabled by switching on CONFIG_SECURE_BOOT.
This patch enables CONFIG_SECURE_BOOT for the WaRP7 defconfig.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
In order to sign images with the IMX code-signing-tool (CST) we need to
know the load address of a given image. The best way to derive this load
address is to make it into a define - so that u-boot.cfg contains the
address - which we can then parse when generating the IMX CST headers.
This patch makes the OPTEE_LOAD_ADDR available via u-boot.cfg for further
parsing by external tools.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: Ryan Harkin <ryan.harkin@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Right now a region of 0x300000 bytes is allocated at the end of DRAM for
the purposes of loading an OPTEE firmware inside of it. This patch adds the
printout of the relevant address ranges.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Subtracts CONFIG_OPTEE_TZDRAM_SIZE from the available DRAM size.
On WaRP7 we simply define the OPTEE region as from the maximum DRAM address
minus CONFIG_OPTEE_TZDRAM_SIZE bytes.
Note the OPTEE boot process will itself subtract the DRAM region it lives
in from the memory map passed to Linux.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Requires setting CONFIG_OPTEE=y and setting an OPTEE TrustZone DRAM base in
include/configs/warp7.h.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
This patch adds an environment variable called "hab_enabled" which gets set
to a boolean status indicating whether HAB is enabled or not.
Subsequent patches can use this environment variable to determine if its
necessary to run a given binary through the hab_auth_img console command.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
In order to correctly produce an image with a IVT/DCD header we need to
define a CSF in imximage.cfg. We just use the mx7 default here.
All we have to do with this option switched on is "make u-boot.imx" and we
then will get
- u-boot.imx
- u-boot.imx.log
The log file is really important because it gives the addresses for the HAB
that we will require to sign the u-boot image using the CST. Since the
addresses can change this logfile is a critical output.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
This patch adds BOOTROM_IVT_HDR_OFFSET at 0xC00. The BootROM expects to
find the IVT header at a particular offset in an i.MX image.
Defining the expected offset of the IVT header in the first-stage BootROM
image format is of use of later stage authentication routines where those
routines continue to follow the first-stage authentication layout.
This patch defines the first stage offset which later patch make use of.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Cc: Breno Lima <breno.lima@nxp.com>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
commit 8519c9c98a ("tools/imximage: use 0x prefix in HAB Blocks line")
adds an 0x prefix to each HAB Block number to make it easier for host tools
to process the HAB Block output, however it neglects to apply the same
prefix to the DCD Blocks directive. You need the DCD Blocks directive if
you are making a u-boot recovery image which the BootROM will accept via
the USB upload utility.
This disparity results in a fruity output like this with HAB Blocks
prefixed but DCD Blocks not prefixed - which is pretty inconsistent.
This patch fixes the difference assuming the original commit was a
legitimate change.
Old:
Image Type: Freescale IMX Boot Image
Image Ver: 2 (i.MX53/6/7 compatible)
Mode: DCD
Data Size: 430080 Bytes = 420.00 KiB = 0.41 MiB
Load Address: 877ff420
Entry Point: 87800000
HAB Blocks: 0x877ff400 0x00000000 0x00066c00
DCD Blocks: 00910000 0000002c 000001d4
New:
Image Type: Freescale IMX Boot Image
Image Ver: 2 (i.MX53/6/7 compatible)
Mode: DCD
Data Size: 430080 Bytes = 420.00 KiB = 0.41 MiB
Load Address: 877ff420
Entry Point: 87800000
HAB Blocks: 0x877ff400 0x00000000 0x00066c00
DCD Blocks: 0x00910000 0x0000002c 0x000001d4
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Breno Lima <breno.lima@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
use the generic filesystem command 'load' rather
than 'fatload' to avoid per-fs specific commands.
Signed-off-by: Pierre-Jean TEXIER <texier.pj2@gmail.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Acked-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
We have enable NS16550 in Kconfig, do not need enable at defconfig
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Acked-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
All rockchip SoCs can use ns16550 driver, enable it for all
and set SYS_NS16550_MEM32 for all SoCs.
Version-changes: 2
- use imply instead of select
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Acked-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
This reverts commit a1903c18db.
It's really bad idea to add "usb start" in preboot, it will spend
a lot of time to scan usb bus, and most of people do not need this
feature.
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Acked-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
The MACRO has been update after:
ee14d29 rockchip: back-to-bootrom: split BACK_TO_BOOTROM for TPL/SPL
We need to update the C code for it.
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Acked-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
The boot0 hook including the 4-byte TAG which is at the beginning
of the TEXT_BASE, now we can use a aligned TEXT BASE.
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Acked-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Parse of data in dedicated api instead of in probe().
The clk_set_rate() may be called before the clk driver is probed,
after core support set default clock.
This patch fix system abort issue since:
f4fcba5 clk: implement clk_set_defaults()
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Acked-by: Philipp Tomsich <philipp.tomsich@theobroma-sytems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-sytems.com>
Parse of data in dedicated api instead of in probe().
The clk_set_rate() may be called before the clk driver is probed,
after core support set default clock.
This patch fix system abort issue since:
f4fcba5 clk: implement clk_set_defaults()
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Acked-by: Philipp Tomsich <philipp.tomsich@theobroma-sytems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-sytems.com>
Parse of data in dedicated api instead of in probe().
The clk_set_rate() may be called before the clk driver is probed,
after core support set default clock.
This patch fix system abort issue since:
f4fcba5 clk: implement clk_set_defaults()
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Acked-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Similar to firefly 3399 enable the ability to create a FIT image
with combined arm-trusted-firmware.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Acked-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
These imports are entirely unused in the entire script.
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Acked-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Disable rk_timer as SYS timer and use DM timer instead,
so that we can get a better timer framework, the rk_timer
is going to be clean after we conver to use DM timer or
ARM arch/generic timer.
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Acked-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Add dts node for timer3.
Because of the rockchip timer can only KNOWN "dtd_rockchip_rk3368_timer"
with OF_PLATDATA enable, so we override its compatible to
"rockchip,rk3368-timer".
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Acked-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
We should a -u-boot.dtsi for those config need by U-Boot only,
and other part sync with kernel.
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Acked-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
The DM driver for ockchip timer blocks is also applicable to the
RK3188 and RK3288 timer blocks: add 'rockchip,rk3188-timer' and
'rockchip,rk3288-timer' to its compatible list to support devices
claiming compatibility with these.
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
commit: 52280315a4 ("rtc: rewrite isl1208 to support DM") enables us to
use the on-module RTC emulation with the rk3399 device model i2c driver.
Signed-off-by: Klaus Goger <klaus.goger@theobroma-systems.com>
Acked-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
All rk3288 default configs define CONFIG_DEFAULT_DEVICE_TREE.
So we can use it to define ${fdtfile} in rk3288_common.h.
This variable is needed by the distro boot command.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
The generic ehci-driver (ehci-generic.c) will try to enable the clocks
listed in the DTSI. If this fails (e.g. due to clk_enable not being
implemented in a driver and -ENOSYS being returned by the clk-uclass),
the driver will bail our and print an error message.
This implements a minimal clk_enable for the RK3288 and supports the
clocks mandatory for the EHCI controllers; as these are enabled by
default we simply return success.
Signed-off-by: Wadim Egorov <w.egorov@phytec.de>
Acked-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Throughput tests have shown the sunxi_mmc driver to take over 10s to
read 10MB from a fast eMMC device due to excessive delays in polling
loops.
This commit restructures the main polling loops to use get_timer(...)
to determine whether a (millisecond) timeout has expired. We choose
not to use the wait_bit function, as we don't need interruptability
with ctrl-c and have at least one case where two bits (one for an
error condition and another one for completion) need to be read and
using wait_bit would have not added to the clarity.
The observed speedup in testing on a A31 is greater than 10x (e.g. a
10MB write decreases from 9.302s to 0.884s).
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Signed-off-by: Maxime Ripard <maxime.ripard@bootlin.com>
Tested-by: Mylène Josserand <mylene.josserand@bootlin.com>
Acked-by: Jagan Teki <jagan@openedev.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
With clang-4.0 and later we see:
warning: logical not is only applied to the left hand side of this bitwise
operator [-Wlogical-not-parentheses]
if ((!gd->flags & GD_FLG_RELOC))
^ ~
And while the compiler suggests adding parenthesis around gd->flags, a
reading of the code says that we want to know when GD_FLG_RELOC is not
set and then return.
Cc: Simon Glass <sjg@chromium.org>
Cc: Anatolij Gustschin <agust@denx.de>
Signed-off-by: Tom Rini <trini@konsulko.com>
Some last minute fixes for 2018.05. Most of them are minor fixes. On
top we have some functional improvements for the device path logic
which should also help us be more compatible.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABAgAGBQJa3jXOAAoJECszeR4D/txgtUoQAMoECv8KFcY062S67h/iAfVz
8tUA9G2DwOPq/QjUqjqNM6TAzbASwCb91hQv1DTb1WEsGeY6xzrawNw6/JazWki3
ZkBoE0/NQMRBKXccxlC6d0N/9EHRBhIRBiZlPbG2AqKLQ16Uan3CqSH7wo20EWSz
U3FIbU7mCEllZ5TZTYJcAgotkAaxZCgt3tC+sbbf/GLbHly7wa+e9gQ2ELHD2ftG
996lwbZJ2CjKx28O9FmFx4U24/TgYwKZ9og+E1ZpuSqtgAhiS/obWDaW3iMIEXyH
u0xGlvlNqEwcwZ6DI3CWCUxrdXvnH9LrNEgqbHVHvCd9xWVofFjHk9ncWVNL1TP5
dKhWpy8sgqZGwza8oP2Np3frlhzLa0gwJX0VNXHySxZH5UQaPq6hZFLEtpG3fya3
8Jgwg1NEaTSCQHEH8b0dwqJGLOPpt6U6xAQesDfnnlKBziR67rSQfoaOqEXEuznw
gN30cs0dq/sF4gjQyPTfpKgCCDBVF8K61n3MFuNkZkTIF17jTSUeLMWE9iXVOTsV
ybeabG2KEqB0mFxoM7GrMK9b3HxVj4jCf45/NoWJ/LP4bt5x+43+OWt7CuzCVlLJ
8utm0F9pdno+2NF4zQokETpeMsq2qR+aMgGpkELNazjnUOQok1gZL5iaV+aYIAnS
ABf3eW+3ZVRDpu3grRvx
=o2Ra
-----END PGP SIGNATURE-----
Merge tag 'signed-efi-2018.05' of git://github.com/agraf/u-boot
Patch queue for efi - 2018-04-23
Some last minute fixes for 2018.05. Most of them are minor fixes. On
top we have some functional improvements for the device path logic
which should also help us be more compatible.
Staticize the function since it's only used in mmc.c .
Signed-off-by: Marek Vasut <marek.vasut@gmail.com>
Cc: Jaehoon Chung <jh80.chung@samsung.com>
Cc: Tom Rini <trini@konsulko.com>
Provide unit tests for the EFI_DEVICE_PATH_UTILITIES_PROTOCOL.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
The missing services of the EFI_DEVICE_PATH_UTILITIES_PROTOCOL are
implemented.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Device paths may consist of multiple instances. Up to now we have only
considered the size of the first instance. For the services of the
EFI_DEVICE_PATH_UTILITIES_PROTOCOL in most cases the total length of the
device path is relevant.
So let's rename efi_dp_size() to efi_dp_instance_size() and create a new
function efi_dp_size() that calculates the total device path length.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
efi_dp_size() is meant to return the device path length without the end
node.
The length of a device path containing only an end node was incorrectly
reported as 4.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
The logic of the AppendDevicePath service of the
EFI_DEVICE_PATH_UTILITIES_PROTOCOL is incorrectly implemented:
* if both paths are NULL an end node has to be returned
* if both paths are not NULL the end node of the second device path has to
be kept
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Implement the CreateDeviceNode service of the device path utility protocol.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>