The hab_rvt_failsafe() callback according to the HABv4 documentation:
"This function provides a safe path when image authentication has failed
and all possible boot paths have been exhausted. It is intended for use by
post-ROM boot stage components, via the ROM Vector Table."
Once invoked the part will drop down to its BootROM USB recovery mode.
Should it be the case that the part is in secure boot mode - only an
appropriately signed binary will be accepted by the ROM and subsequently
executed.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
It will be helpful to boot commands to know if the HAB is enabled. Export
imx_hab_is_enabled() now to facilitate further work with this data-point in
a secure-boot context.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Tidy up the HAB namespace a bit by prefixing external functions with
imx_hab. All external facing functions past this point will be prefixed in
the same way to make the fact we are doing IMX HAB activities clear from
reading the code. authenticate_image() could mean anything
imx_hab_authenticate_image() is on the other hand very explicit.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
The hab_rvt_check_target() callback according to the HABv4 documentation:
"This function reports whether or not a given target region is allowed for
either peripheral configuration or image loading in memory. It is intended
for use by post-ROM boot stage components, via the ROM Vector Table, in
order to avoid configuring security-sensitive peripherals, or loading
images over sensitive memory regions or outside recognized memory devices
in the address map."
It is a useful function to support as a precursor to calling into
authenticate_image() to validate the target memory region is good.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
The various i.MX BootROMs containing the High Assurance Boot (HAB) block
rely on a data structure called the Image Vector Table (IVT) to describe to
the BootROM where to locate various data-structures used by HAB during
authentication.
This patch adds a definition of the IVT header for use in later patches,
where we will break the current incorrect dependence on fixed offsets in
favour of an IVT described parsing of incoming binaries.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
u-boot command "hab_auth_img" tells a user that it takes
- addr - image hex address
- offset - hex offset of IVT in the image
but in fact the callback hab_auth_img makes to authenticate_image treats
the second 'offset' parameter as an image length.
Furthermore existing code requires the IVT header to be appended to the end
of the image which is not actually a requirement of HABv4.
This patch fixes this situation by
1: Adding a new parameter to hab_auth_img
- addr : image hex address
- length : total length of the image
- offset : offset of IVT from addr
2: Updates the existing call into authenticate_image() in
arch/arm/mach-imx/spl.c:jump_to_image_no_args() to pass
addr, length and IVT offset respectively.
This allows then hab_auth_img to actually operate the way it was specified
in the help text and should still allow existing code to work.
It has the added advantage that the IVT header doesn't have to be appended
to an image given to HAB - it can be prepended for example.
Note prepending the IVT is what u-boot will do when making an IVT for the
BootROM. It should be possible for u-boot properly authenticate images
made by mkimage via HAB.
This patch is the first step in making that happen subsequent patches will
focus on removing hard-coded offsets to the IVT, which again is not
mandated to live at the end of a .imx image.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
CSF_PAD_SIZE should be defined in hab.h, move it to that location now.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
The size of the IVT header should be defined in hab.h move it there now.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Both usages of authenticate_image treat the result code as a simple binary.
The command line usage of authenticate_image directly returns the result
code of authenticate_image as a success/failure code.
Right now when calling hab_auth_img and test the result code in a shell a
passing hab_auth_img will appear to the shell as a fail.
The first step in fixing this behaviour is to fix-up the result code return
by authenticate_image() itself, subsequent patches fix the interpretation
of authenticate_image so that zero will return CMD_RET_SUCCESS and non-zero
will return CMD_RET_FAILURE.
The first step is fixing the return type in authenticate_image() so do that
now.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
This patch adds changes necessary to move functionality present in
PowerPC folders with ARM architectures that have DPAA1 QBMan hardware
- Create new board/freescale/common/fsl_portals.c to house shared
device tree fixups for DPAA1 devices with ARM and PowerPC cores
- Add new header file to top includes directory to allow files in
both architectures to grab the function prototypes
- Port inhibit_portals() from PowerPC to ARM. This function is used in
setup to disable interrupts on all QMan and BMan portals. It is
needed because the interrupts are enabled by default for all portals
including unused/uninitialised portals. When the kernel attempts to
go to deep sleep the unused portals prevent it from doing so
Signed-off-by: Ahmed Mansour <ahmed.mansour@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Sata registers PP2C and PP3C are used to control the configuration
of the PHY control OOB timing for the COMINIT/COMWAKE parameters
respectively. Calculate those parameters from port clock frequency.
Overwrite those registers with calculated values to get better OOB
timing.
Signed-off-by: Tang Yuantian <andy.tang@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Use available DM stm32f7_gpio.c and pinctrl_stm32.c drivers
instead of board GPIO initialization.
Remove stm32_gpio.c which is no more used and migrate
structs stm32_gpio_regs and stm32_gpio_priv into
arch-stm32f4/gpio.h to not break compilation.
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
Use available DM clk_stm32f.c driver instead of dedicated
mach-stm32/stm32f4/clock.c.
Migrate periph_clock defines from stm32_periph.h directly in
CLK driver. These periph_clock defines will be removed when STMMAC,
TIMER2 and SYSCFG drivers will support DM CLK.
Enable also CLK flag.
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
Remove serial_stm32.c driver and uart init from board file,
use available DM serial_stm32x7.c driver compatible for
STM32F4/F7 and H7 SoCs.
The serial_stm32x7.c driver will be renamed later with a more
generic name as it's shared with all STM32 Socs.
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
this patch implement rockusb protocol on the device side. this is based on
USB download gadget infrastructure. the rockusb function implements the rd,
wl, rid commands. it can work with rkdeveloptool
Signed-off-by: Eddie Cai <eddie.cai.linux@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Bind rockchip reset to clock-controller with rockchip_reset_bind().
Signed-off-by: Elaine Zhang <zhangqing@rock-chips.com>
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Acked-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
The i.MX 6UL/ULL feature a Cortex-A7 CPU which suppor the ARM
generic timer. This change makes use of the ARM generic timer in
U-Boot.
This is crucial to make the ARM generic timers usable in Linux since
timer_init() initalizes the system counter module, which is necessary
to use the generic timers CP15 registers.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Since commit 051ba9e082 ("Kconfig: mx6ull: Deselect MX6UL from
CONFIG_MX6ULL") CONFIG_MX6ULL does not select CONFIG_MX6UL anymore, so
take this into consideration in all the checks for CONFIG_MX6UL.
This fixes a boot regression.
Reported-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Reviewed-by: Stefan Agner <stefan@agner.ch>
Tested-by: Breno Lima <breno.lima@nxp.com>
Tested-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Stefano Babic <sbabic@denx.de>
Tested-by: Jörg Krause <joerg.krause@embedded.rocks>
commit 20f1471416 ("imx: spl: Update NAND bootmode detection bit")
broke the NAND bootmode detection by checking if
BOOT_CFG1[7:4] == 0x8 for NAND boot mode.
This commit essentially reverts it, while using the IMX6_BMODE_*
macros that were introduced since.
Tables 8-7 & 8-10 from IMX6DQRM say the NAND boot mode selection
is done when BOOT_CFG1[7] is 1, but BOOT_CFG1[6:4] is not
necessarily 0x0 in this case.
Actually, NAND boot mode is when 0x8 <= BOOT_CFG1[7:4] <= 0xf,
like it was in the code before.
Signed-off-by: Eran Matityahu <eran.m@variscite.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Jagan Teki <jagan@openedev.com>
Cc: Tim Harvey <tharvey@gateworks.com>
NXP development boards based on i.MX6/i.MX7 contain the board
revision information stored in the fuses.
Introduce a common function that can be shared by different boards and
convert mx6sabreauto to use this new mechanism.
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Rockchip SoCs only need boot0 hook at SPL, and the U-Boot proper do not
need it.
The very beginning of U-Boot proper is different between armv7 and armv8:
armv7 start with ARM_VECTORS while armv8 start with 'b reset'.
Here is the map of very beginning for all cases:
armv7 SPL: TAG(overwrite 'b 1f')+'b reset' + ARM_VECTORS
armv7 U-Boot: ARM_VECTORS
armv8 SPL: TAG(overwrite 'b 1f')+'b reset' + Reserved_iram(rk3399)
armv8 U-Boot: 'b reset'
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Acked-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Add missing zynq_board_read_rom_ethaddr() prototype reported by sparse.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>
Check LS1043A/LS2080a by device ID without using personality ID to
determine revision number. This check applies to all various
personalities of the same SoC family.
Signed-off-by: Wenbin Song <wenbin.song@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
These ifdefs are protecting #include statements for files that have
never existed. AFAICT this hardware.h has been copied from the kernel
and the ifdefs have never served a role in U-Boot, so delete them.
Signed-off-by: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
This symbol enables some library code used by various SATA drivers,
so make this a non-user-visible symbol select'ed by the respective
drivers, and let moveconfig handle the rest.
Signed-off-by: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
To page mapping the lowest 2 bits needs to be 0x3.
If not fix this, the final lowest 3 bits for page mapping is 0x1
which is marked as reserved.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
As discussed at [1], the Amlogic Meson GX SoCs can embed a BL31 firmware
and a secondary BL32 firmware.
Since mid-2017, the reserved memory address of the BL31 firmware was moved
and grown for security reasons.
But mainline U-Boot and Linux has the old address and size fixed.
These SoCs have a register interface to get the two firmware reserved
memory start and sizes.
This patch adds a dynamic reservation of the memory zones in the device tree bootmem
reserved memory zone used by the kernel in early boot.
To be complete, the memory zones are also added to the EFI reserved zones.
Depends on patchset "Add support for Amlogic GXL Based SBCs" at [2].
[1] http://lists.infradead.org/pipermail/linux-amlogic/2017-October/004860.html
[2] http://lists.infradead.org/pipermail/linux-amlogic/2017-November/005410.html
Changes since v1:
- switched the #if to if(IS_ENABLED()) to compile all code paths
- renamed function to meson_board_add_reserved_memory()
- added a mem.h header with comment
- updated all boards ft_board_setup()
Changes since RFC v2:
- reduced preprocessor load
- kept Odroid-C2 static memory mapping as exception
Changes since RFC v1:
- switch to fdt rsv mem table and efi reserve memory
- replaced in_le32 by readl()
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
[trini: Fix warning on khadas-vim over missing <asm/arch/mem.h>
Signed-off-by: Tom Rini <trini@konsulko.com>
Introduce a generic common Ethernet Hardware init function
common to all Amlogic GX SoCs with support for the
Internal PHY enable for GXL SoCs.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
This header was renamed to rawnand.h in Linux.
The following is the corresponding commit in Linux.
commit d4092d76a4a4e57b65910899948a83cc8646c5a5
Author: Boris Brezillon <boris.brezillon@free-electrons.com>
Date: Fri Aug 4 17:29:10 2017 +0200
mtd: nand: Rename nand.h into rawnand.h
We are planning to share more code between different NAND based
devices (SPI NAND, OneNAND and raw NANDs), but before doing that
we need to move the existing include/linux/mtd/nand.h file into
include/linux/mtd/rawnand.h so we can later create a nand.h header
containing all common structure and function prototypes.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The DCLK_VOP_DIV_CON_MASK should cover only bits 8 through 15.
Fix this to remove an "integer-overflow on shifted constant" warning.
Fixes: 9246d9e ("rockchip: rk3128: add clock driver")
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
The PLL selector field for NANDC is only 2 bits wide.
This fixes an 'int-overflow on shift' warning.
Fixes: 9246d9e ("rockchip: rk3128: add clock driver")
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Add rk3128 pinctrl driver and grf/iomux structure definition.
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Acked-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Add rk3128 clock driver and cru structure definition.
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Acked-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
In order to factorize code between STM32F4 and STM32F7
migrate all structs related to RCC clocks in include/stm32_rcc.h
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Vikas Manocha <vikas.manocha@st.com>
MMC block needs 48Mhz source clock, for that we choose
to select the SAI PLL.
Update also stm32_clock_get_rate() to retrieve the MMC
clock source needed in MMC driver.
STM32F4 uses a different RCC variant than STM32F7. For STM32F4
sdmmc clocks bit are located into dckcfgr register whereas there
are located into dckcfgr2 registers on STM32F7.
In both registers, bits CK48MSEL and SDMMC1SEL are located at
the same position.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Vikas Manocha <vikas.manocha@st.com>
STM32F4 doesn't get rcc.h file, to avoid compilation
issue, migrate RCC related defines from rcc.h to driver
file and remove rcc.h file.
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Vikas Manocha <vikas.manocha@st.com>
PWR IP is used to enable over-drive feature in
order to reach a higher frequency.
Get its base address from DT instead of hard-coded value
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Vikas Manocha <vikas.manocha@st.com>
Zynq:
- Add support for Syzygy and cc108 boards
- Add support for mini u-boot configurations (cse)
- dts updates
- config/defconfig updates in connection to Kconfig changes
- Fix psu_init handling
ZynqMP:
- SPL fixes
- Remove slcr.c
- Fixing r5 startup sequence
- Add support for external pmufw
- Add support for new ZynqMP chips
- dts updates
- Add support for zcu102 rev1.0 board
Drivers:
- nand: Support external timing setting and board init
- ahci: Fix wording
- axi_emac: Wait for bit, non processor mode, readl/write conversion
- zynq_gem: Fix SGMII/PCS support
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEABECAAYFAloeqWoACgkQykllyylKDCHO1wCggsSgQqOPdCo207FqI3yj2p0E
MYkAoI1wKvQcjGJJY19YEC1r70Op8RNo
=BqNN
-----END PGP SIGNATURE-----
Merge tag 'xilinx-for-v2018.01' of git://www.denx.de/git/u-boot-microblaze
Xilinx changes for v2018.1
Zynq:
- Add support for Syzygy and cc108 boards
- Add support for mini u-boot configurations (cse)
- dts updates
- config/defconfig updates in connection to Kconfig changes
- Fix psu_init handling
ZynqMP:
- SPL fixes
- Remove slcr.c
- Fixing r5 startup sequence
- Add support for external pmufw
- Add support for new ZynqMP chips
- dts updates
- Add support for zcu102 rev1.0 board
Drivers:
- nand: Support external timing setting and board init
- ahci: Fix wording
- axi_emac: Wait for bit, non processor mode, readl/write conversion
- zynq_gem: Fix SGMII/PCS support
Same macros are defined in various places. Collect them into
include/linux/bitops.h like Linux.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Version string has unused fields 31:20 which can be used for exporting 9
bits from efuse IPDISABLE regs to recognize eg/cg/ev devices.
These efuse bits are setup for certain devices.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
This patch provides a Kconfig option to use specified
memory for MMU table using reserve_mmu platform specific
routine. Here we used TCM space for MMU table.
Signed-off-by: Siva Durga Prasad Paladugu <sivadur@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>