On the imx8ulp A1 SoC, the ELE RNG needs to be manually started.
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Add two ELE API: ele_return_lifecycle_update and ele_write_secure_fuse
Add two cmd: ahab_return_lifecycle and ahab_sec_fuse_prog
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Per NXP requirement, we rename all the NXP EdgeLock Secure Enclave
code including comment, folder and API name to ELE to align.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
According to datasheet, iMX93 has fused parts with CORE1 or NPU or
both disabled. So update code to support it, the kernel device tree
runtime update will be added in future patches.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Remove legacy command definitions, change to use new ELE_xxx command
request.
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Add get_events API to retrieve any singular events that has occurred
since the FW has started from sentinel
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
From Sentinel FW v0.0.9-9df0f503, the response message of get info API
is changed to add OEM SRK and some states (IMEM, CSAL, TRNG).
With old structure, we get failure from sentinel due to the buffer
size can't fit with new response message. So update the API structure
to fix the issue.
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
This converts 6 usages of this option to the non-SPL form, since there is
no SPL_IMX_MODULE_FUSE defined in Kconfig
Signed-off-by: Simon Glass <sjg@chromium.org>
Commit 56c2dbdaba ("imx: bootaux: cleanup code") introduces the
following LTO related warning:
"
arch/arm/mach-imx/imx_bootaux.c:24:31: warning: type of ‘hostmap’ does not match original declaration [-Wlto-type-mismatch]
24 | const __weak struct rproc_att hostmap[] = { };
| ^
arch/arm/mach-imx/imx8m/soc.c:1590:24: note: array types have different bounds
1590 | const struct rproc_att hostmap[] = {
| ^
arch/arm/mach-imx/imx8m/soc.c:1590:24: note: ‘hostmap’ was previously declared here
../aarch64-linux-gnu/bin/ld: warning: u-boot has a LOAD segment with RWX permissions
"
This is because the weak empty array of structures "hostmap" is eventually
replaced by non-empty array of structures with different number of elements.
Fix this by avoiding weak variable size array, instead use a weak function
which returns single pointer to the array.
Fixes: 56c2dbdaba ("imx: bootaux: cleanup code")
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
It is used as delay for gpmi write strobe.
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
Reviewed-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Introduce Sentinel API ahab_release_m33_trout to make sure sentinel
release M33 trout and make sure M33 could boot.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
To support more RDC instances on i.MX93, update API to latest
definition.
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Since iMX9 uses S401 which shares the API with iMX8ULP. So move S400
MU driver and API to a common place and selected by CONFIG_IMX_SENTINEL
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
i.MX9 shares same ROM API with i.MX8ULP, so make the i.MX8ULP the function
prototype common and usable by i.MX9.
Also include mmc env functions that use ROM API.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
For SoCs support ROM API, CONFIG_SPL_BOOTROM_SUPPORT is needed,
so use this macro to guard the code to avoid extend the list.
And drop the guard with structure definition, there is no need.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The ROM API is thoroughly undocumented, but apparently passing the xor
of the real arguments as an extra argument is required [1]. Also, we
need to do the "save gd/restore gd" dance. These are both error-prone,
and lead to a lot of code duplication.
Since both imx8m[np] and imx8ulp SOCs have this, add a separate
translation unit which is included precisely when the new
CONFIG_IMX8_ROMAPI symbol is set, which provide convenience wrappers
that take care of computing the xor value as well as doing the gd
dance, and that thus have a more intuitive API. Subsequent patches
will make use of these to reduce boilerplate.
[1] One wonders, for example, if the check is only applied to the
lower 32 bits, or if we're implicitly relying on all 64-bit pointer
values we're passing effectively have 0 in the upper 32 bits.
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
This exposes the struct rom_api, the g_rom_api variable declaration
and the associated #defines to slightly fewer boards: namely, those
IMX8M which are not IMX8MN or IMX8MP. But the latter two are the only
IMX8M* ones where the g_rom_api variable is defined (in imx8m/soc.c),
so that should be fine.
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Decode ECSPI boot device in env_get_location() from i.MX8M ROMAPI tables.
This is necessary to correctly identify env is in SPI NOR when the system
boots from SPI NOR attached to ECSPI.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Fabio Estevam <festevam@denx.de>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Reviewed-by: Fabio Estevam <festevam@denx.de>
Drop the Kconfigs which are not used and all references to them. In
particular, this drops CONFIG_VIDEO to avoid confusion and allow us to
eventually rename CONFIG_DM_VIDEO to CONFIG_VIDEO.
Also drop the prototype for video_get_info_str() which is no-longer used.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Jason Liu <jason.hui.liu@nxp.com>
The interface for NOR/OneNAND is called "EIM" not "EMI". Fix this.
Signed-off-by: Harald Seiler <hws@denx.de>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Similar to what has been done before with c5437e5b for u-boot proper, we
enable the SMP bit for SPL as well. This is necessary when SDP booting
straight into Linux, i.e. falcon boot. When SDP boot mode is active, the
ROM code does not set this bit which makes the caches not work once
activated in Linux.
On an i.MX6ULL (528MHz), this reduces a minimal kernel's boot time into
an initramfs shell from ~6.1s down to ~1.2s.
Signed-off-by: Sven Schwermer <sven@svenschwermer.de>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
According to 8MM/MN/MP reference manual, their pad registers only have
4 valid DSE values. And DSE2 and DSE4 are different with current
definitions in iomux-v3.h. Fix the issue to align with manual.
Signed-off-by: Ye Li <ye.li@nxp.com>
Acked-by: Peng Fan <peng.fan@nxp.com>
i.MX8ULP support using ROM API to load container image,
it use same ROM API as i.MX8MN/MP, and use same container format
as i.MX8QM/QXP.
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Since the container is shared among i.MX platforms, move its header file
to mach-imx
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
We need those macros to instruct drivers on how to behave for SoC specific
quirks, so let's add it as done for other i.MX SoCs.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Since commit 8891410c729b ("MLK-19848 mx6dq: Fix chip version issue for
rev1.3") it's not possible to call the HAB API functions on i.MX6DQ
SoC Rev 1.3:
Authenticate image from DDR location 0x12000000...
undefined instruction
pc : [<412c00dc>] lr : [<8ff560bc>]
reloc pc : [<c8b6d0dc>] lr : [<178030bc>]
sp : 8ef444a8 ip : 126e8068 fp : 8ff59aa8
r10: 8ffd51e4 r9 : 8ef50eb0 r8 : 006e8000
r7 : 00000000 r6 : 126ea01f r5 : 0000002b r4 : 126e8000
r3 : 412c00dd r2 : 00000001 r1 : 00000001 r0 : 00000063
Flags: nzCv IRQs off FIQs off Mode SVC_32
Resetting CPU ...
resetting ...
The hab.h code is defining the HAB API base address according to the
old SoC revision number, thus failing when calling the HAB API
authenticate_image() function.
Fix this issue by using mx6dq rev 1.3 instead of mx6dq rev 1.5.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The imx8mm has changed the address of rvt_hab, use new address for imx8mm.
The authentication procedure is same as imx8mq. In u-boot, the authentication
uses SIP call to trap ATF to run HAB authenticate.
Users need to add CONFIG_SECURE_BOOT=y to defconfig to enable the feature.
Signed-off-by: Ye Li <ye.li@nxp.com>
Acked-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
When booting in low power or dual boot modes the M4 binary is
authenticated by the M4 ROM code.
Add an option in hab_status command so users can retrieve M4 HAB
failure and warning events.
=> hab_status m4
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!
Add command documentation in mx6_mx7_secure_boot.txt guide.
As HAB M4 API cannot be called from A7 core the code is parsing
the M4 HAB persistent memory region. The HAB persistent memory
stores HAB events, public keys and others HAB related information.
The HAB persistent memory region addresses and sizes can be found
in AN12263 "HABv4 RVT Guidelines and Recommendations".
Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The HABv4 implementation in ROM checks if HAB major version
in IVT header is 4.x.
The current implementation in hab.c code is only validating
HAB v4.0 and HAB v4.1 and may be incompatible with newer
HABv4 versions.
Modify verify_ivt_header() function to align with HABv4
implementation in ROM code.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
There are some changes to support ARM64 i.MX8M platform in this patches:
1. The hab_rvt base and function vectors are different as i.MX6/7
2. Need to bypass an workaround for i.MX6 to fix problem in MMU.
3. The x18 register needed save & restore before calling any HAB API. According
to ARM procedure call spec, the x18 is caller saved when it is used as
temporary register. So calling HAB API may scratch this register, and
cause crash once accessing the gd pointer.
On ARMv7, the r9 is callee saved when it is used as variable register. So
no need to save & restore it.
4. Add SEC_CONFIG fuse for iMX8M
When current EL is not EL3, the direct calling to HAB will fail because
CAAM/SNVS can't initialize at non-secure mode. In this case, we use
SIP call to run the HAB in ATF.
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
There are 3 part numbers for 11x11 i.MX8MNano with different core number
configuration: UltraLite Quad/Dual/Solo
Comparing with i.MX8MN Lite parts, they have MIPI DSI disabled. So
checking the MIPI DSI disable fuse to recognize these parts.
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Use CONFIG_IS_ENABLED() macro, which provides more convenient
way to check $(SPL)DM_I2C/$(SPL)DM_I2C_GPIO configs
for both SPL and U-Boot proper.
CONFIG_IS_ENABLED(DM_I2C) expands to:
- 1 if CONFIG_SPL_BUILD is undefined and CONFIG_DM_I2C is set to 'y',
- 1 if CONFIG_SPL_BUILD is defined and CONFIG_SPL_DM_I2C is set to 'y',
- 0 otherwise.
All occurences were replaced automatically using these bash cmds:
$ find . -type f -exec sed -i
's/ifndef CONFIG_DM_I2C/if !CONFIG_IS_ENABLED(DM_I2C)/g' {} +
$ find . -type f -exec sed -i
's/ifdef CONFIG_DM_I2C/if CONFIG_IS_ENABLED(DM_I2C)/g' {} +
$ find . -type f -exec sed -i
's/defined(CONFIG_DM_I2C)/CONFIG_IS_ENABLED(DM_I2C)/g' {} +
$ find . -type f -exec sed -i
's/ifndef CONFIG_DM_I2C_GPIO/if !CONFIG_IS_ENABLED(DM_I2C_GPIO)/g' {} +
$ find . -type f -exec sed -i
's/ifdef CONFIG_DM_I2C_GPIO/if CONFIG_IS_ENABLED(DM_I2C_GPIO)/g' {} +
$ find . -type f -exec sed -i
's/defined(CONFIG_DM_I2C_GPIO)/CONFIG_IS_ENABLED(DM_I2C_GPIO)/g' {} +
Reviewed-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
At present various drivers etc. access the device's 'seq' member directly.
This makes it harder to change the meaning of that member. Change access
to go through a function instead.
The drivers/i2c/lpc32xx_i2c.c file is left unchanged for now.
Signed-off-by: Simon Glass <sjg@chromium.org>
Introduce weak function board_mem_get_layout() which allows overriding
the memory layout from board code in runtime, useful for handling
different SKU versions.
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@toradex.com>
Reviewed-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
Latest datasheet revE has removed MIMX8ML7D/5D/7C/5C parts, so
update u-boot to remove decoding and support for those parts.
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The i.MX6/i.MX7 is capable of booting a secondary "redundant" system
image in case the primary one is corrupted. The user can force this
boot mode as well by explicitly setting SRC GPR10 bit 30. This can be
potentially useful when upgrading the bootloader itself. Expose this
functionality to the user.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: NXP i.MX U-Boot Team <uboot-imx@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Reviewed-by: Stefano Babic <sbabic@denx.de>