The patch implements secure booting for the mvebu architecture.
This includes:
- The addition of secure headers and all needed signatures and keys in
mkimage
- Commands capable of writing the board's efuses to both write the
needed cryptographic data and enable the secure booting mechanism
- The creation of convenience text files containing the necessary
commands to write the efuses
The KAK and CSK keys are expected to reside in the files kwb_kak.key and
kwb_csk.key (OpenSSL 2048 bit private keys) in the top-level directory.
Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Roese <sr@denx.de>
The function image_create_config_parse_oneline is pretty complex, and
since more parameters will be added to support secure booting, we
refactor the function to make it more readable.
Also, when a line contained just a keyword without any parameters,
strtok_r returned NULL, which was then indiscriminately fed into atoi,
causing a segfault. To correct this, we add a NULL check before feeding
the extracted token to atoi, and print an error message in case the
token is NULL.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
In preparation of adding the creation of secure headers, we factor the
add_binary_header_v1 function out of the image_create_v1 function.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
The parameter 'params' of the image_headersz_v1 function is never used
by the function.
Hence, remove it.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
This patch reduces the scope of some variables.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
Arithmetic with void pointers, e.g. a - b where both a and b are void
pointers, is undefined in the C standard. Since we are operating with
byte data here, we switch the void pointers to uint8_t pointers, and add
the necessary casts.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
Fix some style violations:
- nine instances of missing blank lines after declarations
- one overly long line
- one split string (which also rewords an error message more concisely)
- two superfluous else
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
To enable secure boot, we need to jump back into the BootROM to continue
the SoC's boot process instead of letting the SPL load and run the main
U-Boot image.
But, since the u-boot-spl.img (including the 64 byte header) is loaded
by the SoC as the main image, we need to compensate for the header
length to get a correct entry point.
Thus, we subtract the header size from the destination address, so that
the execution address points at the actual entry point of the image.
The current boards ignore both parameters anyway, so this change shouldn't
concern them.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
This patch adds a function to the TPM library, which allows U-Boot to
flush resources, e.g. keys, from the TPM.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Roese <sr@denx.de>
ddaa905 ("arm: mvebu: Add DM (driver model) support") removed the
assignment of the gd pointer, but kept the (now superfluous) declaration
of the gd pointer.
Remove this declaration.
Signed-off-by: Reinhard Pfau <pfau@gdsys.de>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
Allow boards to do some initialization when PCIe comes up.
Signed-off-by: Dirk Eibach <dirk.eibach@gdsys.cc>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
Add support for Marvell 88E1680 Integrated Octal
10/100/1000 Mbps Energy Efficient Ethernet Transceiver.
Signed-off-by: Dirk Eibach <dirk.eibach@gdsys.cc>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Stefan Roese <sr@denx.de>
Armada 38x has four PCI ports, not three.
The optimization in pci_init_board() seems to assume that every port has
three lanes. This is obviously wrong, and breaks support for Armada 38x.
Signed-off-by: Dirk Eibach <dirk.eibach@gdsys.cc>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
Now that the SD/SDIO/MMC DT properties are updated in the Marvell
A3700 and A7/8k DT files, we need to match the checks for compatible
node in the PHY driver as well.
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Kostya Porotchkin <kostap@marvell.com>
Cc: Nadav Haklai <nadavh@marvell.com>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
We should use the symbolic names for the cache control bits.
Signed-off-by: Mark Marshall <Mark.Marshall@omicron.at>
Reviewed-by: Thomas Graziadei <thomas.graziadei@omicronenergy.com>
Reviewed-by: York Sun <york.sun@nxp.com>
To enable DM on MPC83xx, we need pre-relocation malloc, which is
implemented in this patch.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
[York S: Fixed compiling warning for unused variable 'i']
Reviewed-by: York Sun <york.sun@nxp.com>
The r1 register is modified several times during the cache-ram setup of
the MPC83xx SoCs.
Since this SP modification confuses debuggers, we use a general purpose
register to compute the new stack pointer value, and only set the SP
once after all computations are done.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Joakim Tjernlund <Joakim.Tjernlund@infinera.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Set cpo_sample as suggested by the driver
"WARN: pls set popts->cpo_sample = 0x58 in <board>/ddr.c to optimize
cpo".
Signed-off-by: York Sun <york.sun@nxp.com>
CC: Shengzhou Liu <Shengzhou.Liu@nxp.com>
Fixup port_mac_address property in MC DPC with values from the u-boot
environment. Since u-boot already reads the environment MAC addresses
when probing the PHYs, use these values.
The u-boot environment MAC addresses take precedence over any eventual
ones defined in the DPC, except for the case where they are randomly
assigned (no u-boot env value declared for port).
The patch assumes the "/board_info/ports/" node is present in the DPC.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
Reviewed-by: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>
[York S: Fix several indentations]
Reviewed-by: York Sun <york.sun@nxp.com>
Make the naming scheme consistent; all SDHCI-base drivers prefixed
with CONFIG_MMC_SDHCI_.
While we are here, add "depends on ARCH_AT91".
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Make the naming scheme consistent; all SDHCI-base drivers prefixed
with CONFIG_MMC_SDHCI_.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Make the naming scheme consistent; all SDHCI-base drivers prefixed
with CONFIG_MMC_SDHCI_.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Make the naming scheme consistent; all SDHCI-base drivers prefixed
with CONFIG_MMC_SDHCI_.
While we are here, add "depends on ARCH_ROCKCHIP".
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Make the naming scheme consistent; all SDHCI-base drivers prefixed
with CONFIG_MMC_SDHCI_.
While we are here, add "depends on ARCH_ZYNQ || ARCH_ZYNQMP".
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
[1] Rename CONFIG_SANDBOX_MMC to CONFIG_MMC_SANDBOX for consistency
I want all MMC driver options prefixed with CONFIG_MMC_.
[2] Fix dependency
Add necessary depends on to avoid compile error.
Instead "depends on MMC" is unneeded because this config entry
resides inside of "if MMC".
[3] Currently, this config symbol is not referenced at all.
Use it to enable/disable the driver in Makefile.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Now, CONFIG_GENERIC_MMC seems equivalent to CONFIG_MMC.
Let's create an entry for "config GENERIC_MMC" with "default MMC",
then convert all macro defines in headers to Kconfig. Almost all
of the defines will go away.
I see only two exceptions:
configs/blanche_defconfig
configs/sandbox_noblk_defconfig
They define CONFIG_GENERIC_MMC, but not CONFIG_MMC. Something
might be wrong with these two boards, so should be checked later.
Anyway, this is the output of the moveconfig tool.
This commit was created as follows:
[1] create a config entry in drivers/mmc/Kconfig
[2] tools/moveconfig.py -r HEAD GENERIC_MMC
[3] manual clean-up of garbage comments in doc/README.* and
include/configs/*.h
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
The pinmuxing for i.MX53 FEC ethernet copied from
<kernel>/arch/arm/boot/dts/imx53-qsb-common.dtsi (at least until v4.9)
was bad. It is different from the manual pinmuxing in
<u-boot>/board/freescale/mx53loco/mx53loco.c which was used in
cx9020 implementation previously before mainlining into u-boot.
It seems the bug in imx53-qsb kernel device tree is hidden for so long,
because it was never used, by the kernel driver.
Signed-off-by: Patrick Bruenn <p.bruenn@beckhoff.com>
- Fix clk driver
- Optimize DRAM init code for LD20 SoC
- Get DRAM information from more reliable source
- Clean up SoC init code
- Allow to use Image.gz for booting ARM64 Linux
- Tidy up environments to use with ATF
- Clean up I2C drivers
The readl_poll_timeout() is a useful helper to poll registers
and error out if the condition is not met.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Currently, SPL (u-boot-spl.bin) and U-Boot (u-boot.bin) are stored
in non-volatile devices, and some environments are defined to update
the images easily.
When ARM Trusted Firmware is fully used, SPL is not used. U-Boot
proper is contained as BL33 into FIP (Firmware Image Package), which
is standard container used by ATF. Allow to use it.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The Boot ROM supports authentication feature to prevent malformed
software from being run on products. The signature is added at the
tail of the second stage loader (= SPL in U-boot terminology).
The size of the second stage loader was 64KB, and it was consistent
across SoCs. The situation changed when LD20 SoC appeared; it loads
80KB second stage loader, and it is the only exception.
Currently, CONFIG_SPL_PAD_TO is set to 64KB and U-Boot proper is
loaded from the 64KB offset of non-volatile devices. This means the
signature of LD20 SoC (located at 80KB offset) corrupts the U-Boot
proper image.
Let's move the U-Boot proper image to 128KB offset. It uses 48KB
for nothing but padding, and we could actually locate the U-Boot
proper at 80KB offset. However, the power of 2 generally seems a
better choice for the offset address.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
When ARM Trusted Firmware is used, bl1.bin + fip.bin exceeds 512KB,
so the boot image and the current environment area will overlap.
Move the environment storage to 1MB offset.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The boot_ramdisk_high() checks the environment "initrd_high" and,
if it is set to (ulong)-1, skip the initrd relocation. This is
useful for faster booting when we know the initrd is already located
within the reach of the kernel.
Change "norboot" to copy images in order to make it work without
depending on the automatic relocation.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The ARM64 Linux raw image now amounts to 15MB and it is getting
bigger and bigger. Using Image.gz saves about 8MB. The cost of
unzip is smaller than what we get by saving the kernel loading
from non-volatile devices.
The ARM32 Linux still uses zImage, a self-decompressor image,
so it should not be affected.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
For clarification, move CONFIG symbols that affect SPL building
into a single place. Drop #ifdef CONFIG_SPL ... #endif since it is
harmless to define CONFIG_SPL_... during U-Boot proper building.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
It seems more readable to use arrays to get SoC specific parameters
instead of the crappy switch statement.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
For LD20 SoC, the last 64 byte of each DRAM bank is used for the
dynamic training of DRAM PHY. The regions must be reserved in DT to
prevent the kernel from using them. Now gd->bd->bi_dram reflects
the actual memory banks. Just use it instead of getting access to
the board parameters.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
U-Boot needs to set up available memory area(s) in dram_init() and
dram_init_banksize(). It is platform-dependent how to detect the
memory banks. Currently, UniPhier adopts the memory banks _alleged_
by DT. This is based on the assumption that users bind a correct DT
in their build process.
Come to think of it, the DRAM controller has already been set up
before U-Boot is entered (because U-Boot runs on DRAM). So, the
DRAM controller setup register seems a more reliable source of any
information about DRAM stuff. The DRAM banks are initialized by
preliminary firmware (SPL, ARM Trusted Firmware BL2, or whatever),
so this means the source of the reliability is shifted from Device
Tree to such early-stage firmware. However, if the DRAM controller
is wrongly configured, the system will crash. If your system is
running, the DRAM setup register is very likely to provide the
correct DRAM mapping.
Decode the SG_MEMCONF register to get the available DRAM banks.
The dram_init() and dram_init_banksize() need similar decoding.
It would be nice if dram_init_banksize() could reuse the outcome
of dram_init(), but global variables are unavailable at this stage
because the .bss section is available only after the relocation.
As a result, SG_MEMCONF must be checked twice, but a new helper
uniphier_memconf_decode() will help to avoid code duplication.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The two arrays ddrphy_{op,ip}_dq_shift_val, occupy more than 3.8 KB
memory footprint, which is significant in SPL.
There are PHY parameters for 5 boards, but they are actually not
board specific, but SoC specific. After all, we just need to have
2 patterns, for LD20 and LD21. Also, the shift values are small
enough to become "short" type instead of "int". This change will
save about 3 KB memory footprint.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Commit ec6617c397 ("armv8: Support loading 32-bit OS in AArch32
execution state") broke SMP boot by assuming that an image is 32-bit if
the arch field in the spin table != IH_ARCH_DEFAULT (i.e.
IH_ARCH_ARM64), even if the arch field also does not match IH_ARCH_ARM,
even though nothing actually set the arch field in the spin table.
Commit e2c18e40b1 ("armv8: fsl-layerscape: SMP support for loading
32-bit OS") fixed this for bootm by setting the arch field of the spin
table based on images.os.arch, but booti remaineed broken because it did
not set images.os.arch.
Fixes: ec6617c397 ("armv8: Support loading 32-bit OS in AArch32 execution state")
Fixes: e2c18e40b1 ("armv8: fsl-layerscape: SMP support for loading 32-bit OS")
Cc: Alison Wang <alison.wang@nxp.com>
Cc: Chenhui Zhao <chenhui.zhao@nxp.com>
Cc: York Sun <york.sun@nxp.com>
Cc: Stuart Yoder <stuart.yoder@nxp.com>
Signed-off-by: Scott Wood <oss@buserror.net>
Reviewed-by: Tom Rini <trini@konsulko.com>
Doing unaligned reads is not supported on all architectures, use
byte sized reads of the little endian buffer.
Rename off16 to off8, as it reflects the buffer offset in byte
granularity (offset is in entry, i.e. 12 bit, granularity).
Fix a regression introduced in 8d48c92b45
Reported-by: Oleksandr Tymoshenko <gonzo@bluezbox.com>
Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Tested-by: Oleksandr Tymoshenko <gonzo@bluezbox.com>
