The signature is generated using manufacturing protection private key.
Fix typo in fsl_mfgprot.c.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Add DEK encapsulation support for imx8. The DEK blob is generated by the
SECO through the SCFW API.
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Add DEK blob encapsulation support for IMX8M through "dek_blob" command.
On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob
for encrypted boot.
The DEK blob is encapsulated by OP-TEE through a trusted application call.
U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE
dynamic shared memory.
To enable the DEK blob encapsulation, add to the defconfig:
CONFIG_SECURE_BOOT=y
CONFIG_FAT_WRITE=y
CONFIG_CMD_DEKBLOB=y
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
It is highly recommended to set the PRIBLOB bitfield to 0x3 once your
encrypted boot image has booted up, this prevents the generation of new
blobs that can be used to decrypt an encrypted boot image. The PRIBLOB is
a sticky type bit and cannot be changed until the next power on reset.
Add the set_priblob_bitfield U-Boot command to prevent the generation of
new blobs.
Signed-off-by: Clement Le Marquis <clement.lemarquis@nxp.com>
Acked-by: Ye Li <Ye.Li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
- Add Armada 38x RTC driver (Marek)
- turris_omnia: Misc updates (enable RTC and other cmds) (Marek)
- ds414: Misc updates (enable XHCI_PCI USB support etc) (Phil)
- Convert MVEBU MMC driver to DM (Harm)
- kirkwood: Misc updates and cleanups to some boards (Harm)
Add function to send mailbox command via SMC to get usercode from SDM.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Reviewed-by: Ley Foon Tan <ley.foon.tan@intel.com>
Add signature with crc32 value for all images in binman node for FIT
image in device tree. And, enable FIT signature checking for Stratix10
and Agilex ATF and VAB sdmmc boot.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Changed to store QSPI reference clock in kHz instead of Hz in
boot scratch cold0 register for Stratix10 and Agilex.
This patch is in preparation for Intel N5X SDRAM driver
support. Reserved 4 bits for Intel N5X SDRAM driver,
and there will be 28 bits to store QSPI reference clock.
Due to limited bits, QSPI reference clock frequency is
converted to kHz from Hz.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Tien Fong Chee <tien.fong.chee@intel.com>
Restructure Stratix10 and Agilex handoff code to used by
all SOC64 devices, in preparation to support handoff for
Diamond Mesa.
Remove wrap_pinmux_config_s10.c. Add wrap_handoff_soc64.c
which contains the generic function to parse the handoff
data.
Update system_manager_soc64.c to use generic handoff
function in wrap_handoff_soc64.c.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Reviewed-by: Ley Foon Tan <ley.foon.tan@intel.com>
Rearrange sequence of macros in handoff_soc64.h without any functionality
change. In preparation for Stratix10 and Agilex handoff function
restructuring.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Move Stratix10 and Agilex SPL common code to spl_soc64.c.
We are in preparation for new n5x device support.
No functional change in this patch.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Reviewed-by: Ley Foon Tan <ley.foon.tan@intel.com>
Remove unused SMC function ID 61 and 62.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Reviewed-by: Ley Foon Tan <ley.foon.tan@intel.com>
The uart nodes already provide <clocks> property for the driver to
dynamically calculate the correct clock frequency. There is no need
to keep the hard-coded <clock-frequency> property.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Padmarao Begari <padmarao.begari@microchip.com>
Tested-by: Padmarao Begari <padmarao.begari@microchip.com>
This driver is needed in the pre-relocation phase as the serial
driver depends on it.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Padmarao Begari <padmarao.begari@microchip.com>
Tested-by: Padmarao Begari <padmarao.begari@microchip.com>
The RISC-V architecture default value of CONFIG_SYS_MALLOC_F_LEN
(0x1000) would not provide enough memory for devices like mpfs
clock and ns16550 serial to bind well before relocation.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Padmarao Begari <padmarao.begari@microchip.com>
Tested-by: Padmarao Begari <padmarao.begari@microchip.com>
Linux kernel commit a2770b57d083 ("dt-bindings: timer: Add CLINT bindings")
adds the official DT bindings for CLINT, which uses "sifive,clint0"
as the compatible string. "riscv,clint0" is now legacy and has to
be kept for backward compatibility of legacy systems.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Provide optimized versions of memcpy(), memmove(), memset() copied from
the Linux kernel.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Provide a unit test for the longjmp() library function
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Sean Anderson <seanga2@gmail.com>
The value returned by setjmp must be nonzero. If zero is passed as
parameter it must be replaced by 1.
This patch reduces the code size a bit.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
In preparation to add SiFive Unmatched board support, let's rename
the existing fu540 board to unleashed.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
* enable storing the environment in the SPI flash
* enable EXT4 and FAT file system
* enable hush shell
* run k210_bootcmd as default boot command
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
This define was left over from a previous revision, and was never used.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
This adds the necessary bindings. Most of them are already there.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Acked-by: Rick Chen <rick@andestech.com>
The clock subsystem requires that clk_free be called on clocks obtained via
clk_get_*.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The watchdog won't work if the clock isn't enabled.
Fixes: cf89ef8d10
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This is preferred over #if because the compiler can check syntax even if
the feature is disabled. This cannot be used for CONFIG_CLK because
CONFIG_DW_WDT_CLOCK_KHZ is not defined on all platforms.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
log_2_n_round_up is only found in arm. fls performs the same job and is
generic.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
In i.MX8M platforms the secure memory block has a newer version
than those used in i.MX6/7 platforms, this patch update the driver
to use the correct registers offsets.
Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The CAAM block used in i.MX8M is 32 bits address size but when the flag
PHYS_64BIT is enabled for armv8, the CAAM driver will try to use a
wrong pointer size.
This patch fixes this issue.
Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Enabling CAAM driver for i.MX8M platforms, a 64 bits architecture,
lead to casting warnings: from/to pointer to/from integer with
different size. This patch fix these warnings
Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
U-Boot can instantiate CAAM RNG if needed by crypto operations.
Call sec_init() prior running a blob operation to ensure
RNG is correctly instantiated.
Make sure CAAM clock is enabled and check if a job ring is
available for that operation.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
In order to build CMD_BLOB on i.MX CAAM supported devices it's
necessary to select IMX_HAB. Add IMX_HAB and CAAM supported
SoCs as dependency.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Since commit 8891410c729b ("MLK-19848 mx6dq: Fix chip version issue for
rev1.3") it's not possible to call the HAB API functions on i.MX6DQ
SoC Rev 1.3:
Authenticate image from DDR location 0x12000000...
undefined instruction
pc : [<412c00dc>] lr : [<8ff560bc>]
reloc pc : [<c8b6d0dc>] lr : [<178030bc>]
sp : 8ef444a8 ip : 126e8068 fp : 8ff59aa8
r10: 8ffd51e4 r9 : 8ef50eb0 r8 : 006e8000
r7 : 00000000 r6 : 126ea01f r5 : 0000002b r4 : 126e8000
r3 : 412c00dd r2 : 00000001 r1 : 00000001 r0 : 00000063
Flags: nzCv IRQs off FIQs off Mode SVC_32
Resetting CPU ...
resetting ...
The hab.h code is defining the HAB API base address according to the
old SoC revision number, thus failing when calling the HAB API
authenticate_image() function.
Fix this issue by using mx6dq rev 1.3 instead of mx6dq rev 1.5.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Since cmd_dek is using CAAM JR, so enable the CMD_DEK only when
HAS_CAAM is set
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Add some SOC level codes and build configurations to use HAB lib for
CONFIG_IMX_HAB (secure boot), like adding the SEC_CONFIG fuse, enable
fuse driver, CAAM clock function, and add CAAM secure RAM to MMU table.
The FSL_CAAM is temporally not enabled for iMX8M when CONFIG_IMX_HAB is set,
because we don't need the CAAM driver for SPL.
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The blob command is not working on i.MX7D, i.MX8MQ and i.MX8MM
devices.
Due to different cache management it's necessary to flush dcache
range for destination address so data can be available in memory.
Add necessary operations in blob_encap() and blob_decap() functions.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The imx8mm has changed the address of rvt_hab, use new address for imx8mm.
The authentication procedure is same as imx8mq. In u-boot, the authentication
uses SIP call to trap ATF to run HAB authenticate.
Users need to add CONFIG_SECURE_BOOT=y to defconfig to enable the feature.
Signed-off-by: Ye Li <ye.li@nxp.com>
Acked-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
When building 32-bit targets with CONFIG_SECURE_BOOT and DEBUG enabled
the following warnings are displayed:
arch/arm/mach-imx/hab.c:840:41: warning: format '%lx' expects argument \
of type 'long unsigned int', but argument 3 has type 'uint32_t \
{aka unsigned int}' [-Wformat=]
printf("HAB check target 0x%08x-0x%08lx fail\n",
~~~~^
%08x
ddr_start, ddr_start + bytes);
arch/arm/mach-imx/hab.c:845:45: warning: format '%x' expects argument \
of type 'unsigned int', but argument 3 has type 'ulong \
{aka long unsigned int}' [-Wformat=]
printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr);
~^
%lx
Fix warnings by providing the correct data type.
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
When booting in low power or dual boot modes the M4 binary is
authenticated by the M4 ROM code.
Add an option in hab_status command so users can retrieve M4 HAB
failure and warning events.
=> hab_status m4
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!
Add command documentation in mx6_mx7_secure_boot.txt guide.
As HAB M4 API cannot be called from A7 core the code is parsing
the M4 HAB persistent memory region. The HAB persistent memory
stores HAB events, public keys and others HAB related information.
The HAB persistent memory region addresses and sizes can be found
in AN12263 "HABv4 RVT Guidelines and Recommendations".
Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>