Commit graph

9751 commits

Author SHA1 Message Date
Sumit Garg
8f01397ba7 powerpc/mpc85xx: SECURE BOOT- Enable chain of trust in SPL
As part of Chain of Trust for Secure boot, the SPL U-Boot will validate
the next level U-boot image. Add a new function spl_validate_uboot to
perform the validation.

Enable hardware crypto operations in SPL using SEC block.
In case of Secure Boot, PAMU is not bypassed. For allowing SEC block
access to CPC configured as SRAM, configure PAMU.

Reviewed-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-07-21 11:09:23 -07:00
Tom Rini
66669fcf80 Merge git://git.denx.de/u-boot-fsl-qoriq
Signed-off-by: Tom Rini <trini@konsulko.com>

Conflicts:
	arch/arm/cpu/armv8/Makefile
	arch/arm/lib/bootm-fdt.c
2016-07-19 16:38:57 -04:00
Hou Zhiqiang
45684ae37b ARMv8/PSCI: Fixup the device tree for PSCI
Set the enable-method in the cpu node to PSCI, and create device
node for PSCI, when PSCI was enabled.

Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-07-19 11:34:07 -07:00
Hou Zhiqiang
032d5bb4ae ARMv8/Layerscape: switch SMP method accordingly
If the PSCI and PPA is ready, skip the fixup for spin-table and
waking secondary cores. Otherwise, change SMP method to spin-table,
and the device node of PSCI will be removed.

Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-07-19 11:34:00 -07:00
Hou Zhiqiang
f1dd4cadd2 ARMv8/layerscape: Add FSL PPA support
The FSL Primary Protected Application (PPA) is a software component
loaded during boot which runs in TrustZone and remains resident
after boot.

Use the secure firmware framework to integrate FSL PPA into U-Boot.

Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-07-19 11:33:53 -07:00
Hou Zhiqiang
b45db3b590 ARMv8: add the secure monitor firmware framework
This framework is introduced for ARMv8 secure monitor mode firmware.
The main functions of the framework are, on EL3, verify the firmware,
load it to the secure memory and jump into it, and while it returned
to U-Boot, do some necessary setups at the 'target exception level'
that is determined by the respective secure firmware.

So far, the framework support only FIT format image, and need to define
the name of which config node should be used in 'configurations' and
the name of property for the raw secure firmware image in that config.
The FIT image should be stored in Byte accessing memory, such as NOR
Flash, or else it should be copied to main memory to use this framework.

Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-07-19 11:33:03 -07:00
Hou Zhiqiang
85cdf38e69 armv8: fsl-layerscape: add i/d-cache enable function to enable_caches
This function assume that the d-cache and MMU has been enabled earlier,
so it just created MMU table in main memory. But the assumption is not
always correct, for example, the early setup is done in EL3, while
enable_caches() is called when the PE has turned into another EL.

Define the function mmu_setup() for fsl-layerscape to cover the weak
one.

Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-07-19 11:32:43 -07:00
York Sun
5ad5823d0c armv8: layerscape: Convert to use common MMU framework
Drop platform code to create static MMU tables. Use common framework
to create MMU tables on the run. Tested on LS2080ARDB with secure and
non-secure ram scenarios.

Signed-off-by: York Sun <york.sun@nxp.com>
2016-07-19 11:32:39 -07:00
Robert P. J. Day
62a3b7dd08 Various, unrelated tree-wide typo fixes.
Fix a number of typos, including:

     * "compatble" -> "compatible"
     * "eanbeld" -> "enabled"
     * "envrionment" -> "environment"
     * "FTD" -> "FDT" (for "flattened device tree")
     * "ommitted" -> "omitted"
     * "overriden" -> "overridden"
     * "partiton" -> "partition"
     * "propogate" -> "propagate"
     * "resourse" -> "resource"
     * "rest in piece" -> "rest in peace"
     * "suport" -> "support"
     * "varible" -> "variable"

Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
2016-07-16 09:43:12 -04:00
York Sun
cd4b0c5fea armv8: mmu: Add support of non-identical mapping
Introduce virtual and physical addresses in the mapping table. This change
have no impact on existing boards because they all use idential mapping.

Signed-off-by: York Sun <york.sun@nxp.com>
2016-07-15 09:01:43 -07:00
York Sun
f733d46620 armv8: mmu: split block if necessary
When page tables are created, allow later table to be created on
previous block entry. Splitting block feature is already working
with current code. This patch only rearranges the code order and
adds one condition to call split_block().

Signed-off-by: York Sun <york.sun@nxp.com>
2016-07-15 09:01:43 -07:00
York Sun
252cdb46ee armv8: mmu: house cleaning
Make setup_pgtages() and get_tcr() available for platform code to
customize MMU tables.
Remove unintentional call of create_table().

Signed-off-by: York Sun <york.sun@nxp.com>
2016-07-15 09:01:43 -07:00
York Sun
50e93b9565 armv8: Add tlb_allocated to arch global data
When secure ram is used, MMU tables have to be put into secure ram.
To use common MMU code, gd->arch.tlb_addr will be used to host TLB
entry pointer. To save allocated memory for later use, tlb_allocated
variable is added to global data structure.

Signed-off-by: York Sun <york.sun@nxp.com>
2016-07-15 09:01:43 -07:00
York Sun
e61a7534e3 armv8: Move secure_ram variable out of generic global data
Secure_ram variable was put in generic global data. But only ARMv8
uses this variable. Move it to ARM specific data structure.

Signed-off-by: York Sun <york.sun@nxp.com>
2016-07-15 09:01:43 -07:00
Tom Rini
1f9ef0dca0 Merge branch 'master' of http://git.denx.de/u-boot-sunxi 2016-07-15 10:44:01 -04:00
Chen-Yu Tsai
b7073965a3 ARM: PSCI: Make psci_get_cpu_stack_top local to armv7/psci.S
Now that we have a secure data section for storing variables, there
should be no need for platform code to get the stack address.

Make psci_get_cpu_stack_top a local function, as it should only be
used in armv7/psci.S and only by psci_stack_setup.

Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2016-07-15 15:54:58 +02:00
Chen-Yu Tsai
6e6622de16 ARM: PSCI: Switch to per-CPU target PC storage in secure data section
Now that we have a secure data section and space to store per-CPU target
PC address, switch to it instead of storing the target PC on the stack.

Also save clobbered r4-r7 registers on the stack and restore them on
return in psci_cpu_on for Tegra, i.MX7, and LS102xA platforms.

Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2016-07-15 15:54:58 +02:00
Chen-Yu Tsai
45c334e6b2 ARM: PSCI: Add helper functions to access per-CPU target PC storage
Now that we have a data section, add helper functions to save and fetch
per-CPU target PC.

Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2016-07-15 15:54:58 +02:00
Chen-Yu Tsai
a5aa7ff33a ARM: Add secure section for initialized data
The secure monitor may need to store global or static values within the
secure section of memory, such as target PC or CPU power status.

Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2016-07-15 15:54:58 +02:00
Chen-Yu Tsai
afc1f65f50 ARM: Move __secure definition to common asm/secure.h
sunxi and i.mx7 both define the __secure modifier to put functions in
the secure section. Move this to a common place.

Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2016-07-15 15:54:57 +02:00
Chen-Yu Tsai
3eff681818 ARM: Add CONFIG_ARMV7_SECURE_MAX_SIZE and check size of secure section
As the PSCI implementation grows, we might exceed the size of the secure
memory that holds the firmware.

Add a configurable CONFIG_ARMV7_SECURE_MAX_SIZE so platforms can define
how much secure memory is available. The linker then checks the size of
the whole secure section against this.

Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2016-07-15 15:54:57 +02:00
Chen-Yu Tsai
28f9035732 ARM: PSCI: Remove unused psci_text_end symbol
psci_text_end was used to calculate the PSCI stack address following the
secure monitor text. Now that we have an explicit secure stack section,
this is no longer used.

Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2016-07-15 15:54:57 +02:00
Chen-Yu Tsai
8c0ef7fad6 ARM: PSCI: Allocate PSCI stack in secure stack section
Now that we have a secure stack section that guarantees usable memory,
allocate the PSCI stacks in that section.

Also add a diagram detailing how the stacks are placed in memory.

Reserved space for the target PC remains unchanged. This should be
moved to global variables within a secure data section in the future.

Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2016-07-15 15:54:57 +02:00
Chen-Yu Tsai
980d6a5511 ARM: Add an empty secure stack section
Until now we've been using memory beyond psci_text_end as stack space
for the secure monitor or PSCI implementation, even if space was not
allocated for it.

This was partially fixed in ("ARM: allocate extra space for PSCI stack
in secure section during link phase"). However, calculating stack space
from psci_text_end in one place, while allocating the space in another
is error prone.

This patch adds a separate empty secure stack section, with space for
CONFIG_ARMV7_PSCI_NR_CPUS stacks, each 1 KB. There's also
__secure_stack_start and __secure_stack_end symbols. The linker script
handles calculating the correct VMAs for the stack section. For
platforms that relocate/copy the secure monitor before using it, the
space is not allocated in the executable, saving space.

For platforms that do not define CONFIG_ARMV7_PSCI_NR_CPUS, a whole page
of stack space for 4 CPUs is allocated, matching the previous behavior.

Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2016-07-15 15:54:57 +02:00
Chen-Yu Tsai
a1274cc94a ARM: Page align secure section only when it is executed in situ
Targets that define CONFIG_ARMV7_SECURE_BASE will copy the secure section
to another address before execution.

Since the secure section in the u-boot image is only storage, there's
no reason to page align it and increase the binary image size.

Page align the secure section only when CONFIG_ARMV7_SECURE_BASE is not
defined. And instead of just aligning the __secure_start symbol, align
the whole .__secure_start section. This also makes the section empty,
so we need to add KEEP() to the input entry to prevent the section from
being garbage collected.

Also use ld constant "COMMONPAGESIZE" instead of hardcoded page size.

Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2016-07-15 15:54:57 +02:00
Chen-Yu Tsai
94a389b257 sunxi: Move remaining PSCI assembly code to C
This patch finishes the rewrite of sunxi specific PSCI parts into C
code.

The assembly-only stack setup code has been factored out into a common
function for ARMv7. The GIC setup code can be renamed as psci_arch_init.
And we can use an empty stub function for psci_text_end.

Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2016-07-15 15:54:56 +02:00
Chen-Yu Tsai
b52813239c ARM: PSCI: Split out common stack setup code from psci_arch_init
Every platform has the same stack setup code in assembly as part of
psci_arch_init.

Move this out into a common separate function, psci_stack_setup, for
all platforms. This will allow us to move the remaining parts of
psci_arch_init into C code, or drop it entirely.

Also provide a stub no-op psci_arch_init for platforms that don't need
their own specific setup code.

Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2016-07-15 15:54:56 +02:00
Hans de Goede
66ab528673 sunxi: Add defconfig and dts file for the Orange Pi Lite SBC
The Orange Pi Lite SBC is a small H3 based SBC, with 512MB RAM,
micro-sd slot, HDMI out, 2 USB-A connectors, 1 micro-USB connector,
sdio attached rtl8189ftv wifi and an ir receiver.

The dts file is identical to the one submitted to the upstream kernel.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Ian Campbell <ijc@hellion.org.uk>
2016-07-15 15:54:56 +02:00
Hans de Goede
fa8a485d06 sunxi: Sync sun8i-h3-orangepi-plus.dts with upstream
This enables extra USB controllers which enable use of the 3rd USB
port on the new Orange Pi Plus 2E variant.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Ian Campbell <ijc@hellion.org.uk>
2016-07-15 15:54:56 +02:00
Hans de Goede
ef36d9ae16 sunxi: Use BROM stored boot_media value to determine our boot-source
Now that we know that the BROM stores a value indicating the boot-source
at the beginning of SRAM, use that instead of trying to recreate the
BROM's boot probing.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Ian Campbell <ijc@hellion.org.uk>
2016-07-15 15:54:56 +02:00
Tom Rini
926fbcc083 Merge branch 'master' of git://git.denx.de/u-boot-samsung 2016-07-15 08:06:42 -04:00
Tom Rini
ebe621d5fb Merge git://git.denx.de/u-boot-dm 2016-07-15 08:06:22 -04:00
Amit Singh Tomar
a29710c525 net: Add EMAC driver for H3/A83T/A64 SoCs.
This patch add EMAC driver support for H3/A83T/A64 SoCs.
Tested on Pine64(A64-External PHY) and Orangepipc(H3-Internal PHY).

BIG Thanks to Andre for providing some of the DT code.

Signed-off-by: Amit Singh Tomar <amittomer25@gmail.com>
Acked-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2016-07-15 08:34:34 +02:00
Bernhard Nortmann
320e0570e6 sunxi: FEL - Add the ability to recognize and auto-import uEnv-style data
The patch converts one of the "reserved" fields in the sunxi SPL
header to a fel_uEnv_length entry. When booting over USB ("FEL
mode"), this enables the sunxi-fel utility to pass the string
length of uEnv.txt compatible data; at the same time requesting
that this data be imported into the U-Boot environment.

If parse_spl_header() in the sunxi board.c encounters a non-zero
value in this header field, it will therefore call himport_r() to
merge the string (lines) passed via FEL into the default settings.
Environment vars can be changed this way even before U-Boot will
attempt to autoboot - specifically, this also allows overriding
"bootcmd".

With fel_script_addr set and a zero fel_uEnv_length, U-Boot is
safe to assume that data in .scr format (a mkimage-type script)
was passed at fel_script_addr, and will handle it using the
existing mechanism ("bootcmd_fel").

Signed-off-by: Bernhard Nortmann <bernhard.nortmann@web.de>
Acked-by: Siarhei Siamashka <siarhei.siamashka@gmail.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2016-07-15 08:34:34 +02:00
Siarhei Siamashka
19e99fb4ff sunxi: Support booting from SPI flash
Allwinner devices support SPI flash as one of the possible
bootable media type. The SPI flash chip needs to be connected
to SPI0 pins (port C) to make this work. More information is
available at:

    https://linux-sunxi.org/Bootable_SPI_flash

This patch adds the initial support for booting from SPI flash.
The existing SPI frameworks are not used in order to reduce the
SPL code size. Right now the SPL size grows by ~370 bytes when
CONFIG_SPL_SPI_SUNXI option is enabled.

While there are no popular Allwinner devices with SPI flash at
the moment, testing can be done using a SPI flash module (it
can be bought for ~2$ on ebay) and jumper wires with the boards,
which expose relevant pins on the expansion header. The SPI flash
chips themselves are very cheap (some prices are even listed as
low as 4 cents) and should not cost much if somebody decides to
design a development board with an SPI flash chip soldered on
the PCB.

Another nice feature of the SPI flash is that it can be safely
accessed in a device-independent way (since we know that the
boot ROM is already probing these pins during the boot time).
And if, for example, Olimex boards opted to use SPI flash instead
of EEPROM, then they would have been able to have U-Boot installed
in the SPI flash now and boot the rest of the system from the SATA
hard drive. Hopefully we may see new interesting Allwinner based
development boards in the future, now that the software support
for the SPI flash is in a better shape :-)

Testing can be done by enabling the CONFIG_SPL_SPI_SUNXI option
in a board defconfig, then building U-Boot and finally flashing
the resulting u-boot-sunxi-with-spl.bin binary over USB OTG with
a help of the sunxi-fel tool:

   sunxi-fel spiflash-write 0 u-boot-sunxi-with-spl.bin

The device needs to be switched into FEL (USB recovery) mode first.
The most suitable boards for testing are Orange Pi PC and Pine64.
Because these boards are cheap, have no built-in NAND/eMMC and
expose SPI0 pins on the Raspberry Pi compatible expansion header.
The A13-OLinuXino-Micro board also can be used.

Signed-off-by: Siarhei Siamashka <siarhei.siamashka@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2016-07-15 08:34:34 +02:00
Simon Glass
086ec0e26d rockchip: sdram: Update the driver to support of-platdata
Add support for of-platdata with rk3288 SDRAM initr. This requires decoding
the of-platdata struct and setting up the device from that. Also the driver
needs to be renamed to match the string that of-platdata will search for.

The platform data is copied from the of-platdata structure to the one used
by the driver. This allows the same code to be used with device tree and
of-platdata.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-07-14 20:40:24 -06:00
Simon Glass
fb4baf5d58 rockchip: sdram: Move all DT decoding to ofdata_to_platdata()
It is more correct to avoid touching the device tree in the probe() method.
Update the driver to work this way. Note that only SPL needs to fiddle with
the SDRAM registers, so decoding the platform data fully is not necessary in
U-Boot proper.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-07-14 20:40:24 -06:00
Simon Glass
5ce4bb2709 rockchip: syscon: Update to work with of-platdata
The syscon devices all end up having diffent driver names with of-platdata,
since the driver name comes from the first string in the compatible list.
Add separate device declarations for each one, and add a bind method to set
up driver_data correctly.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-07-14 20:40:24 -06:00
Simon Glass
6afc4661e0 rockchip: Don't use spl_boot_device() with of-platdata
This function cannot look at the device tree when of-platdata is used.
Update the code to handle this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-07-14 20:40:24 -06:00
Simon Glass
6efeeea79c rockchip: Move the MMC setup check earlier
When the boot ROM sets up MMC we don't need to do it again. Remove the
MMC setup code entirely.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-07-14 20:40:24 -06:00
Simon Glass
9ca7e6720e rockchip: Update the sdram-channel property to support of-platdata
Add an extra byte so that this data is not byteswapped. Add a comment to
the code to explain the purpose.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-07-14 20:40:24 -06:00
Simon Glass
a091a8f084 sandbox: Add a test device that uses of-platdata
Start up the test devices. These print out of-platdata contents, providing a
check that the of-platdata feature is working correctly.

The device-tree changes are made to sandbox.dts rather than test.dts. since
the former controls the of-platdata generation.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-07-14 20:40:24 -06:00
Simon Glass
8797b2cae3 sandbox: Add a new sandbox_spl board
It is useful to be able to build SPL for sandbox. It provides additional
build coverage and allows SPL features to be tested in sandbox. However
it does not need worthwhile to always create an SPL build. It nearly
doubles the build time and the feature is (so far) seldom used.

So for now, create a separate build target for sandbox SPL. This allows
experimentation with this new feature without impacting existing workflows.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-07-14 20:40:24 -06:00
Simon Glass
e961a66df9 sandbox: Add basic SPL implementation
Add an sandbox implementation for the generic SPL framework. This supports
locating and running U-Boot proper.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-07-14 20:40:24 -06:00
Simon Glass
d0d0746e0c sandbox: Don't include the main loop in SPL
SPL does not have a command interface so we should not include the main loop
code.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-07-14 20:40:24 -06:00
Simon Glass
a7d9caecd7 sandbox: Don't use PCI in SPL
PCI is not supported in SPL for sandbox, so avoid using it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-07-14 20:40:24 -06:00
Simon Glass
f4289cbd8a sandbox: Add some missing headers in cpu.c
These headers are needed in case they are not transitively included.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-07-14 20:40:24 -06:00
Simon Glass
6e20650425 sandbox: Correct header file order in cpu.c
The dm/ file should go at the end. Move it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-07-14 20:40:24 -06:00
Simon Glass
4cfc416701 sandbox: Support building an SPL image
When building an SPL image, override the link flags so that it uses the
system libraries. This is similar to the way the non-SPL image is built.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-07-14 20:40:24 -06:00
Simon Glass
d4e33f5a72 sandbox: Allow chaining from SPL to U-Boot proper
SPL is expected to load and run U-Boot. This needs to work with sandbox also.
Provide a function to locate the U-Boot image, and another to start it. This
allows SPL to function on sandbox as it does on other archs.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-07-14 20:40:24 -06:00