For mpc85xx SoCs, the core begins execution from address 0xFFFFFFFC.
In non-secure boot scenario from NAND, this address will map to CPC
configured as SRAM. But in case of secure boot, this default address
always maps to IBR (Internal Boot ROM).
The IBR code requires that the bootloader(U-boot) must lie in 0 to 3.5G
address space i.e. 0x0 - 0xDFFFFFFF.
For secure boot target from NAND, the text base for SPL is kept same as
non-secure boot target i.e. 0xFFFx_xxxx but the SPL U-boot binary will
be copied to CPC configured as SRAM with address in 0-3.5G(0xBFFC_0000)
As a the virtual and physical address of CPC would be different. The
virtual address 0xFFFx_xxxx needs to be mapped to physical address
0xBFFx_xxxx.
Create a new PBI file to configure CPC as SRAM with address 0xBFFC0000
and update DCFG SCRTACH1 register with location of Header required for
secure boot.
The changes are similar to
commit 467a40dfe3
powerpc/mpc85xx: SECURE BOOT- NAND secure boot target for P3041
While P3041 has a 1MB CPC and does not require SPL. On T104x, CPC
is only 256K and thus SPL framework is used.
The changes are only applicable for SPL U-Boot running out of CPC SRAM
and not the next level U-Boot loaded on DDR.
Reviewed-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
As part of Chain of Trust for Secure boot, the SPL U-Boot will validate
the next level U-boot image. Add a new function spl_validate_uboot to
perform the validation.
Enable hardware crypto operations in SPL using SEC block.
In case of Secure Boot, PAMU is not bypassed. For allowing SEC block
access to CPC configured as SRAM, configure PAMU.
Reviewed-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: York Sun <york.sun@nxp.com>
Due to the blow up of the latest kernel size, the default gnuzip
size (8M) seems too small. The yocto kernel size I built for
mpc8315erdb board is 5294393, and it can't be boot by using the
latest u-boot. So expand gnuzip buffer for all the mpc83xx boards
to fix this issue.
Robert P. J. Day also pointed that the kernel partition on the NAND
flash is also too small, fix it at the same time.
Reported-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Robert P. J. Day has pointed that the value of SYS_MONITOR_LEN in
MPC8315ERDB.h is smaller than the u-boot.bin. This will cause the
overlap between the code of u-boot and the environment variable.
So when executing saveenv, it will corrupt the code of u-boot and
causes the board not boot. Fix this for all the mpc83xx boards by
reserving a 512K area.
Reported-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Reviewed-by: York Sun <york.sun@nxp.com>
I2C offset was changed by commit 00f792e0 (added multibus support)
from 0x3100 to 0x3000. This typo leads to error when reading SPD
from DDR DIMMs.
Signed-off-by: Benjamin Kamath <bkamath@spaceflight.com>
Signed-off-by: York Sun <york.sun@nxp.com>
Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>
flash_full_status_check() checks bit XSR.7 on Intel chips. This
should be done by only checking bit 7 and not by comparing the
whole status byte or word with 0x80.
This fixes the non-working block erase in the pflash emulation
of Qemu when used with the MIPS Malta board. MIPS Malta uses x32
mode to access the pflash device. In x32 mode Qemu mirrors the
lower 16 bits of the status word into the upper 16 bits. Thus
the CFI driver gets a status word of 0x8080 in x32 mode. If
flash_full_status_check() uses flash_isequal(), then it polls for
XSR.7 by comparing 0x8080 with 0x80 which never becomes true.
Reported-by: Alon Bar-Lev <alon.barlev@gmail.com>
Signed-off-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Signed-off-by: Stefan Roese <sr@denx.de>
The PPA use PSCI to make secondary cores bootup. So when PPA was
enabled, add the CONFIG_ARMV8_PSCI to identify the SMP boot-method
between PSCI and spin-table.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Set the enable-method in the cpu node to PSCI, and create device
node for PSCI, when PSCI was enabled.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
If the PSCI and PPA is ready, skip the fixup for spin-table and
waking secondary cores. Otherwise, change SMP method to spin-table,
and the device node of PSCI will be removed.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
The FSL Primary Protected Application (PPA) is a software component
loaded during boot which runs in TrustZone and remains resident
after boot.
Use the secure firmware framework to integrate FSL PPA into U-Boot.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
This framework is introduced for ARMv8 secure monitor mode firmware.
The main functions of the framework are, on EL3, verify the firmware,
load it to the secure memory and jump into it, and while it returned
to U-Boot, do some necessary setups at the 'target exception level'
that is determined by the respective secure firmware.
So far, the framework support only FIT format image, and need to define
the name of which config node should be used in 'configurations' and
the name of property for the raw secure firmware image in that config.
The FIT image should be stored in Byte accessing memory, such as NOR
Flash, or else it should be copied to main memory to use this framework.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
This function assume that the d-cache and MMU has been enabled earlier,
so it just created MMU table in main memory. But the assumption is not
always correct, for example, the early setup is done in EL3, while
enable_caches() is called when the PE has turned into another EL.
Define the function mmu_setup() for fsl-layerscape to cover the weak
one.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Drop platform code to create static MMU tables. Use common framework
to create MMU tables on the run. Tested on LS2080ARDB with secure and
non-secure ram scenarios.
Signed-off-by: York Sun <york.sun@nxp.com>
This should be spl_of_platdata, since otherwise it will try to run on boards
that don't support of-platdata.
Signed-off-by: Simon Glass <sjg@chromium.org>
The code had assumed 4 CPUS before and now we have this configurable.
For now, set this to the previous default.
Cc: Chander Kashyap <k.chander@samsung.com>
Cc: Steve Rae <steve.rae@raedomain.com>
Cc: Minkyu Kang <mk7.kang@samsung.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Introduce virtual and physical addresses in the mapping table. This change
have no impact on existing boards because they all use idential mapping.
Signed-off-by: York Sun <york.sun@nxp.com>
When page tables are created, allow later table to be created on
previous block entry. Splitting block feature is already working
with current code. This patch only rearranges the code order and
adds one condition to call split_block().
Signed-off-by: York Sun <york.sun@nxp.com>
Make setup_pgtages() and get_tcr() available for platform code to
customize MMU tables.
Remove unintentional call of create_table().
Signed-off-by: York Sun <york.sun@nxp.com>
When secure ram is used, MMU tables have to be put into secure ram.
To use common MMU code, gd->arch.tlb_addr will be used to host TLB
entry pointer. To save allocated memory for later use, tlb_allocated
variable is added to global data structure.
Signed-off-by: York Sun <york.sun@nxp.com>
Secure_ram variable was put in generic global data. But only ARMv8
uses this variable. Move it to ARM specific data structure.
Signed-off-by: York Sun <york.sun@nxp.com>
Now that we have a secure data section for storing variables, there
should be no need for platform code to get the stack address.
Make psci_get_cpu_stack_top a local function, as it should only be
used in armv7/psci.S and only by psci_stack_setup.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Now that we have a secure data section and space to store per-CPU target
PC address, switch to it instead of storing the target PC on the stack.
Also save clobbered r4-r7 registers on the stack and restore them on
return in psci_cpu_on for Tegra, i.MX7, and LS102xA platforms.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Now that we have a data section, add helper functions to save and fetch
per-CPU target PC.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
The secure monitor may need to store global or static values within the
secure section of memory, such as target PC or CPU power status.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
sunxi and i.mx7 both define the __secure modifier to put functions in
the secure section. Move this to a common place.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
As the PSCI implementation grows, we might exceed the size of the secure
memory that holds the firmware.
Add a configurable CONFIG_ARMV7_SECURE_MAX_SIZE so platforms can define
how much secure memory is available. The linker then checks the size of
the whole secure section against this.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
psci_text_end was used to calculate the PSCI stack address following the
secure monitor text. Now that we have an explicit secure stack section,
this is no longer used.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Now that we have a secure stack section that guarantees usable memory,
allocate the PSCI stacks in that section.
Also add a diagram detailing how the stacks are placed in memory.
Reserved space for the target PC remains unchanged. This should be
moved to global variables within a secure data section in the future.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Until now we've been using memory beyond psci_text_end as stack space
for the secure monitor or PSCI implementation, even if space was not
allocated for it.
This was partially fixed in ("ARM: allocate extra space for PSCI stack
in secure section during link phase"). However, calculating stack space
from psci_text_end in one place, while allocating the space in another
is error prone.
This patch adds a separate empty secure stack section, with space for
CONFIG_ARMV7_PSCI_NR_CPUS stacks, each 1 KB. There's also
__secure_stack_start and __secure_stack_end symbols. The linker script
handles calculating the correct VMAs for the stack section. For
platforms that relocate/copy the secure monitor before using it, the
space is not allocated in the executable, saving space.
For platforms that do not define CONFIG_ARMV7_PSCI_NR_CPUS, a whole page
of stack space for 4 CPUs is allocated, matching the previous behavior.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
The original PSCI implementation assumed CONFIG_ARMV7_PSCI_NR_CPUS=4.
Add this to platforms that have not defined it, using CONFIG_MAX_CPUS if
it is defined, or the actual number of cores for the given platform.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Targets that define CONFIG_ARMV7_SECURE_BASE will copy the secure section
to another address before execution.
Since the secure section in the u-boot image is only storage, there's
no reason to page align it and increase the binary image size.
Page align the secure section only when CONFIG_ARMV7_SECURE_BASE is not
defined. And instead of just aligning the __secure_start symbol, align
the whole .__secure_start section. This also makes the section empty,
so we need to add KEEP() to the input entry to prevent the section from
being garbage collected.
Also use ld constant "COMMONPAGESIZE" instead of hardcoded page size.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
This patch finishes the rewrite of sunxi specific PSCI parts into C
code.
The assembly-only stack setup code has been factored out into a common
function for ARMv7. The GIC setup code can be renamed as psci_arch_init.
And we can use an empty stub function for psci_text_end.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Every platform has the same stack setup code in assembly as part of
psci_arch_init.
Move this out into a common separate function, psci_stack_setup, for
all platforms. This will allow us to move the remaining parts of
psci_arch_init into C code, or drop it entirely.
Also provide a stub no-op psci_arch_init for platforms that don't need
their own specific setup code.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
The Orange Pi Lite SBC is a small H3 based SBC, with 512MB RAM,
micro-sd slot, HDMI out, 2 USB-A connectors, 1 micro-USB connector,
sdio attached rtl8189ftv wifi and an ir receiver.
The dts file is identical to the one submitted to the upstream kernel.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Ian Campbell <ijc@hellion.org.uk>
This enables extra USB controllers which enable use of the 3rd USB
port on the new Orange Pi Plus 2E variant.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Ian Campbell <ijc@hellion.org.uk>
The Plus variant of the Orange Pi PC has an eMMC, add support for this.
Note we are using the same u-boot defconfig / dts for both the regular
Orange Pi PC as well as the Orange Pi PC Plus.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Ian Campbell <ijc@hellion.org.uk>
Now that we know that the BROM stores a value indicating the boot-source
at the beginning of SRAM, use that instead of trying to recreate the
BROM's boot probing.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Ian Campbell <ijc@hellion.org.uk>
We always define CONFIG_MISC_INIT_R on sunxi and misc_init_r is never
called in the spl, so the linker will optimize it and parse_spl_header(),
of which it is the only caller, away.
On the tests I've done (Orange Pi PC build) the SPL actually becomes
8 bytes smaller with this patch.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Ian Campbell <ijc@hellion.org.uk>
Currently we fill ethaddr with a fixed unique address based on the SoCs
serial (from the sid) to make sure that boards which use the integrated
emac / gmac get a fixed mac rather then a random one.
On some boards the wifi does not come with a fixed mac either, so we need
to also set eth1addr.
This commit changes the ethaddr setting code to check for ethernet%d
aliases (as fdt_fixup_ethernet does) and set an ethaddr variable for
all present aliases.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Ian Campbell <ijc@hellion.org.uk>
This patch add EMAC driver support for H3/A83T/A64 SoCs.
Tested on Pine64(A64-External PHY) and Orangepipc(H3-Internal PHY).
BIG Thanks to Andre for providing some of the DT code.
Signed-off-by: Amit Singh Tomar <amittomer25@gmail.com>
Acked-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
With a recent bunch of SD3.0 cards in our A20-based board we
experienced data transfer rates of about 250 KiB/s instead of 10 MiB/s
with previous cards from the same vendor (both 4 GB/class 10). By
increasing status register polling rate from 1 kHz to 1 MHz we were
able to reach the original transfer rates again. With the old cards
we now even reach about 16 MiB/s.
Signed-off-by: Tobias Doerffel <tobias.doerffel@ed-chemnitz.de>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
The patch converts one of the "reserved" fields in the sunxi SPL
header to a fel_uEnv_length entry. When booting over USB ("FEL
mode"), this enables the sunxi-fel utility to pass the string
length of uEnv.txt compatible data; at the same time requesting
that this data be imported into the U-Boot environment.
If parse_spl_header() in the sunxi board.c encounters a non-zero
value in this header field, it will therefore call himport_r() to
merge the string (lines) passed via FEL into the default settings.
Environment vars can be changed this way even before U-Boot will
attempt to autoboot - specifically, this also allows overriding
"bootcmd".
With fel_script_addr set and a zero fel_uEnv_length, U-Boot is
safe to assume that data in .scr format (a mkimage-type script)
was passed at fel_script_addr, and will handle it using the
existing mechanism ("bootcmd_fel").
Signed-off-by: Bernhard Nortmann <bernhard.nortmann@web.de>
Acked-by: Siarhei Siamashka <siarhei.siamashka@gmail.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Allwinner devices support SPI flash as one of the possible
bootable media type. The SPI flash chip needs to be connected
to SPI0 pins (port C) to make this work. More information is
available at:
https://linux-sunxi.org/Bootable_SPI_flash
This patch adds the initial support for booting from SPI flash.
The existing SPI frameworks are not used in order to reduce the
SPL code size. Right now the SPL size grows by ~370 bytes when
CONFIG_SPL_SPI_SUNXI option is enabled.
While there are no popular Allwinner devices with SPI flash at
the moment, testing can be done using a SPI flash module (it
can be bought for ~2$ on ebay) and jumper wires with the boards,
which expose relevant pins on the expansion header. The SPI flash
chips themselves are very cheap (some prices are even listed as
low as 4 cents) and should not cost much if somebody decides to
design a development board with an SPI flash chip soldered on
the PCB.
Another nice feature of the SPI flash is that it can be safely
accessed in a device-independent way (since we know that the
boot ROM is already probing these pins during the boot time).
And if, for example, Olimex boards opted to use SPI flash instead
of EEPROM, then they would have been able to have U-Boot installed
in the SPI flash now and boot the rest of the system from the SATA
hard drive. Hopefully we may see new interesting Allwinner based
development boards in the future, now that the software support
for the SPI flash is in a better shape :-)
Testing can be done by enabling the CONFIG_SPL_SPI_SUNXI option
in a board defconfig, then building U-Boot and finally flashing
the resulting u-boot-sunxi-with-spl.bin binary over USB OTG with
a help of the sunxi-fel tool:
sunxi-fel spiflash-write 0 u-boot-sunxi-with-spl.bin
The device needs to be switched into FEL (USB recovery) mode first.
The most suitable boards for testing are Orange Pi PC and Pine64.
Because these boards are cheap, have no built-in NAND/eMMC and
expose SPI0 pins on the Raspberry Pi compatible expansion header.
The A13-OLinuXino-Micro board also can be used.
Signed-off-by: Siarhei Siamashka <siarhei.siamashka@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>