Currently imx-specific bootaux command doesn't support ELF format
firmware for Cortex-M4 core.
This patches introduces a PoC implementation of handling elf firmware
(load_elf_image_phdr() was copy-pasted from elf.c just for PoC).
ELF64 binaries isn't supported yet.
This has the advantage that the user does not need to know to which
address the binary has been linked to. However, in order to handle
and load the elf sections to the right address, we need to translate the
Cortex-M4 core memory addresses to primary/host CPU memory
addresses (Cortex A7/A9 cores).
This allows to boot firmwares from any location with just using
bootaux, e.g.:
> tftp ${loadaddr} hello_world.elf && bootaux ${loadaddr}
Similar translation table can be found in the Linux remoteproc
driver [1].
[1] https://elixir.bootlin.com/linux/latest/source/drivers/remoteproc/imx_rproc.c
Signed-off-by: Igor Opaniuk <igor.opaniuk@toradex.com>
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Reviewed-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
i.MX 7's Cortex-M4 core can run from DDR and uses DDR memory for
the rpmsg communication. Both use cases need a fixed location of
memory reserved. For the rpmsg use case the reserved area needs
to be in sync with the kernel's hardcoded vring descriptor location.
Use the linux,usable-memory property to carve out 1MB of memory
in case the M4 core is running. Also make sure that the i.MX 7
specific rpmsg driver does not get loaded in case we do not carve
out memory.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@toradex.com>
Reviewed-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
i.MX8MN support loading images with rom api, so we implement
reuse board_return_to_bootrom to let ROM loading images.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Add support for updating FCB/DBBT on i.MX7:
- additional new fields in FCB structure
- Leverage hardware BCH/randomizer for writing FCB
Signed-off-by: Igor Opaniuk <igor.opaniuk@toradex.com>
Tested-by: Max Krummenacher <max.krummenacher@toradex.com>
Reviewed-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
Need to pass total 5 arguments for SIP HAB call on i.MX8MQ,
so update the interface to add new argument.
Signed-off-by: Ye Li <ye.li@nxp.com>
[agust: fixed imx8m-power-domain build]
Signed-off-by: Anatolij Gustschin <agust@denx.de>
Reviewed-by: Patrick Wildt <patrick@blueri.se>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
imx6_is_bmode_from_gpr9 always returns false, because
IMX6_SRC_GPR10_BMODE is 1<<28 and gets casted to u8 on return.
This moves the function body into imx6_src_get_boot_mode, since that is the
only one using it and it is on the same abstraction level (accessing
registers directly).
Signed-off-by: Claudius Heine <ch@denx.de>
THe RVT data includes a major and minor version in its header
parameter. Add a new command to print this out.
Signed-off-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
CONFIG_SECURE_BOOT is too generic and forbids to use it for cross
architecture purposes. If Secure Boot is required for imx, this means to
enable and use the HAB processor in the soc.
Signed-off-by: Stefano Babic <sbabic@denx.de>
Add i.MX6ULZ cpu type and helper.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
When CONFIG_CLK enabled, use CLK UCLASS for clk related settings.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Frieder Schrempf <frieder.schrempf@kontron.de>
Tested-by: Frieder Schrempf <frieder.schrempf@kontron.de>
hs: removed hunk in mxc_i2c_probe() as not longer in code
Writing/updating boot image in nand device is not
straight forward in i.MX6 platform and it requires
boot control block(BCB) to be configured.
It becomes difficult to use uboot 'nand' command to
write BCB since it requires platform specific attributes
need to be taken care of.
It is even difficult to use existing msx-nand.c driver by
incorporating BCB attributes like mxs_dma_desc does
because it requires change in mtd and nand command.
So, cmd_nandbcb implemented in arch/arm/mach-imx
BCB contains two data structures, Firmware Configuration Block(FCB)
and Discovered Bad Block Table(DBBT). FCB has nand timings,
DBBT search area, page address of firmware.
On summary, nandbcb update will
- erase the entire partition
- create BCB by creating 2 FCB/DBBT block followed by
1 FW block based on partition size and erasesize.
- fill FCB/DBBT structures
- write FW/SPL on FW1
- write FCB/DBBT in first 2 blocks
for nand boot, up on reset bootrom look for FCB structure in
first block's if FCB found the nand timings are loaded for
further reads. once FCB read done, DTTB will load and finally
firmware will be loaded which is boot image.
Refer section "NAND Boot" from doc/imx/common/imx6.txt for more usage
information.
Reviewed-by: Stefano Babic <sbabic@denx.de>
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Sergey Kubushyn <ksi@koi8.net>
Signed-off-by: Shyam Saini <shyam.saini@amarulasolutions.com>
Extend the driver to build with DM_VIDEO enabled. DTS files
must additionally include 'u-boot,dm-pre-reloc' property in
soc and ipu nodes to enable driver binding to ipu device.
Signed-off-by: Anatolij Gustschin <agust@denx.de>
According to "Table 5-1. Boot Device Select" (page 335,
i.MX 6Dual/6Quad Applications Processor Reference Manual, Rev. 4, 09/2017)
the BOOT_CFG1[3] have following values (regarding EIM booting):
0 - NOR flash and 1 - ONENAND
This commit provides correct identification of the boot medium for IMX6Q
boards booting from NOR memory (MCCMON6 is one of them).
Signed-off-by: Lukasz Majewski <lukma@denx.de>
Not all i.MX6 pads use the same drive strength table. So far only the
240 Ohm to 34 Ohm table was available. Because the constants used have
speaking names it can be confusing to use e.g. PAD_CTL_DSE_48ohm when
according to the reference manual 52 Ohm is the correct value. This
patch adds the 260 Ohm to 37 Ohm table.
For example, the IOMUXC_SW_PAD_CTL_PAD_SD2_CLK register (SD-card clock)
uses the added table.
Signed-off-by: Mark Jonas <mark.jonas@de.bosch.com>
Reviewed-by: Stefano Babic <sbabic@denx.de>
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.
In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.
This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.
Signed-off-by: Tom Rini <trini@konsulko.com>
Working with HAB on the i.MX7 we've encountered a case where a board that
successfully authenticates u-boot when booting Linux via OPTEE subsequently
fails to properly bring up the RTC.
The RTC registers live in the low-power block of the Secure Non-Volatile
Storage (SNVS) block.
The root cause of the error has been traced to the HAB handing off the
SNVS-RTC in a state where HPCOMR::NPSWA_EN = 0 in other words where the
Non-Privileged Software Access Enable bit is zero. In ordinary
circumstances this is OK since we typically do not run in TZ mode, however
when we boot via HAB and enablng TrustZone, it is required to set
HPCOMR::NPSWA_EN = 1 in order for the upstream Linux driver to have
sufficient permissions to manipulate the SNVS-LP block.
On our reference board it is the difference between Linux doing this:
root@imx7s-warp-mbl:~# dmesg | grep rtc
snvs_rtc_enable read 0x00000000 from SNVS_LPLR @ 0x00000034
snvs_rtc_enable read 0x00000021 from SNVS_LPCR @ 0x00000038
snvs_rtc_enable read 0x00000000 from SNVS_HPLR @ 0x00000000
snvs_rtc_enable read 0x80002100 from SNVS_HPCOMR @ 0x00000004
snvs_rtc 30370000.snvs:snvs-rtc-lp: rtc core: registered
30370000.snvs:snvs-rtc-lp as rtc0
snvs_rtc 30370000.snvs:snvs-rtc-lp: setting system clock to2018-04-01 00:51:04 UTC (1522543864)
and doing this:
root@imx7s-warp-mbl:~# dmesg | grep rtc
snvs_rtc_enable read 0x00000000 from SNVS_LPLR @ 0x00000034
snvs_rtc_enable read 0x00000020 from SNVS_LPCR @ 0x00000038
snvs_rtc_enable read 0x00000001 from SNVS_HPLR @ 0x00000000
snvs_rtc_enable read 0x00002020 from SNVS_HPCOMR @ 0x00000004
snvs_rtc 30370000.snvs:snvs-rtc-lp: failed to enable rtc -110
snvs_rtc: probe of 30370000.snvs:snvs-rtc-lp failed with error -110
hctosys: unable to open rtc device (rtc0)
Note bit 1 of LPCR is not set in the second case and is set in the first
case and that bit 31 of HPCOMR is set in the second case but not in the
first.
Setting NPSWA_EN in HPCOMR allows us to boot through enabling TrustZone
and continue onto the kernel. The kernel then has the necessary permissions
to set LPCR::SRTC_ENV (RTC enable in the LP command register) whereas in
contrast - in the failing case the non-privileged kernel cannot do so.
This patch adds a simple init_snvs() call which sets the permission-bit
called from soc.c for the i.MX7. It may be possible, safe and desirable to
perform this on other i.MX processors but for now this is only tested on
i.MX7 as working.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
commit ed286bc80e ("imx: hab: Check if CSF is valid before authenticating
image") makes use of "__packed" as a prefix to the "struct hab_hdr"
declaration.
With my compiler "gcc version 7.2.1 20171011 (Linaro GCC 7.2-2017.11)" we
get:
./arch/arm/include/asm/mach-imx/hab.h:42:25: error: expected ‘=’, ‘,’, ‘;’,
‘asm’ or ‘__attribute__’ before ‘{’ token
struct __packed hab_hdr {
Fix this problem by including <linux/compiler.h>
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Cc: Breno Lima <breno.lima@nxp.com>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Currently the following devices are using a different definition for ROM
Vector Table addresses:
- i.MX6DQP = All rev
- i.MX6DQ >= rev 1.5
- i.MX6SDL >= rev 1.2
There is no need to create a new RVT macros since the only update were the
RVT base address. Remove HAB_RVT_*_NEW macros and define a new RVT base
address.
More details about RVT base address can be found on processors Reference
Manual and in the following documents:
EB803: i.MX 6Dual/6Quad Applications Processor Silicon Revision 1.2 to 1.3
Comparison
EB804: i.MX 6Solo/6DualLite Application Processor Silicon Revision 1.1
to 1.2/1.3 Comparison
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Write, Check and Set MID commands have been deprecated from the Code
Signing Tool (CST) v2.3.3 and will not be implemented in newer versions
of HAB, hence the following features are no longer available:
- Write Data
- Clear Mask
- Set Mask
- Check All Clear
- Check All Set
- Check Any Clear
- Check Any Set
- Set MID
The inappropriate use of Write Data command may lead to an incorrect
authentication boot flow. Since no specific application has been identified
that requires the use of any of these features, it is highly recommended to
add this check.
Signed-off-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
For proper authentication the HAB code must check if the CSF is valid.
Users must call the csf_is_valid() function to parse the CSF prior to
authenticating any additional images. The function will return a failure
if any of the following invalid conditions are met:
- CSF pointer is NULL
- CSF Header does not exist
- CSF does not lie within the image bounds
- CSF command length zero
Signed-off-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
We should take the MX6DP and MX6QP options in consideration
in the I2C_PADS_INFO macro.
Based on a patch by Pierluigi Passaro <pierluigi.p@variscite.com>
Signed-off-by: Eran Matityahu <eran.m@variscite.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
We should take the MX6DP and MX6QP options in consideration
when defining imx_iomux_v3_setup_pad().
Based on a patch by Pierluigi Passaro <pierluigi.p@variscite.com>
Signed-off-by: Eran Matityahu <eran.m@variscite.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Include i.MX8M in lcdif register layout map.
Also included i.MX7ULP in this patch, since share same with i.MX8M.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Stefano Babic <sbabic@denx.de>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Add SiP (Silicon Provider) services function to issue
SMC call to Arm Trusted Firmware.
More SiP information could be found in
https://github.com/ARM-software/arm-trusted-firmware/blob/master/
docs/arm-sip-service.rst
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
The hab_rvt_failsafe() callback according to the HABv4 documentation:
"This function provides a safe path when image authentication has failed
and all possible boot paths have been exhausted. It is intended for use by
post-ROM boot stage components, via the ROM Vector Table."
Once invoked the part will drop down to its BootROM USB recovery mode.
Should it be the case that the part is in secure boot mode - only an
appropriately signed binary will be accepted by the ROM and subsequently
executed.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
It will be helpful to boot commands to know if the HAB is enabled. Export
imx_hab_is_enabled() now to facilitate further work with this data-point in
a secure-boot context.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Tidy up the HAB namespace a bit by prefixing external functions with
imx_hab. All external facing functions past this point will be prefixed in
the same way to make the fact we are doing IMX HAB activities clear from
reading the code. authenticate_image() could mean anything
imx_hab_authenticate_image() is on the other hand very explicit.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
The hab_rvt_check_target() callback according to the HABv4 documentation:
"This function reports whether or not a given target region is allowed for
either peripheral configuration or image loading in memory. It is intended
for use by post-ROM boot stage components, via the ROM Vector Table, in
order to avoid configuring security-sensitive peripherals, or loading
images over sensitive memory regions or outside recognized memory devices
in the address map."
It is a useful function to support as a precursor to calling into
authenticate_image() to validate the target memory region is good.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
The various i.MX BootROMs containing the High Assurance Boot (HAB) block
rely on a data structure called the Image Vector Table (IVT) to describe to
the BootROM where to locate various data-structures used by HAB during
authentication.
This patch adds a definition of the IVT header for use in later patches,
where we will break the current incorrect dependence on fixed offsets in
favour of an IVT described parsing of incoming binaries.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
u-boot command "hab_auth_img" tells a user that it takes
- addr - image hex address
- offset - hex offset of IVT in the image
but in fact the callback hab_auth_img makes to authenticate_image treats
the second 'offset' parameter as an image length.
Furthermore existing code requires the IVT header to be appended to the end
of the image which is not actually a requirement of HABv4.
This patch fixes this situation by
1: Adding a new parameter to hab_auth_img
- addr : image hex address
- length : total length of the image
- offset : offset of IVT from addr
2: Updates the existing call into authenticate_image() in
arch/arm/mach-imx/spl.c:jump_to_image_no_args() to pass
addr, length and IVT offset respectively.
This allows then hab_auth_img to actually operate the way it was specified
in the help text and should still allow existing code to work.
It has the added advantage that the IVT header doesn't have to be appended
to an image given to HAB - it can be prepended for example.
Note prepending the IVT is what u-boot will do when making an IVT for the
BootROM. It should be possible for u-boot properly authenticate images
made by mkimage via HAB.
This patch is the first step in making that happen subsequent patches will
focus on removing hard-coded offsets to the IVT, which again is not
mandated to live at the end of a .imx image.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
CSF_PAD_SIZE should be defined in hab.h, move it to that location now.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
