Both the "qixis_reset" and esbc_validate" commands can only be used in
full U-Boot so do not build them in SPL. As part of this rework the
qixis code to declare things as static and make use of __weak for
function aliases.
Cc; York Sun <york.sun@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: York Sun <york.sun@nxp.com>
As part of chain of trust with confidentiality along with distro
boot, linux kernel image needs to be stored in encrypted form on
ext4 boot partition. So enable CONFIG_CMD_EXT4_WRITE in case of
Secure boot on ARM based platforms.
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Add pfuze dm code, this code could be enabled with CONFIG_DM_PMIC_PFUZE100.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
We are now using an env_ prefix for environment functions. Rename these
two functions for consistency. Also add function comments in common.h.
Quite a few places use getenv() in a condition context, provoking a
warning from checkpatch. These are fixed up in this patch also.
Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
We are now using an env_ prefix for environment functions. Rename setenv()
for consistency. Also add function comments in common.h.
Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
The implementation of function set_pcie_ns_access() uses a wrong
argument. The structure array ns_dev has a member 'ind' which is
initialized by CSU_CSLX_*. It should use the 'ind' directly to
address the PCIe's CSL register (CSL_base + CSU_CSLX_PCIE*).
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
[YS: Revise commit message]
Reviewed-by: York Sun <york.sun@nxp.com>
Enable validation of boot.scr script prior to its execution dependent
on "secureboot" flag in environment. Disable fall back option to
nor/qspi boot in case of secure boot. Also enable "secureboot=y"
flag in environment for ARM based platforms instead of bootcmd.
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Tested-by: Vinitha Pillai <vinitha.pillai@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
This converts the following to Kconfig:
CONFIG_ENV_IS_IN_MMC
CONFIG_ENV_IS_IN_NAND
CONFIG_ENV_IS_IN_UBI
CONFIG_ENV_IS_NOWHERE
In fact this already exists for sunxi as a 'choice' config. However not
all the choices are available in Kconfig yet so we cannot use that. It
would lead to more than one option being set.
In addition, one purpose of this series is to allow the environment to be
stored in more than one place. So the existing choice is converted to a
normal config allowing each option to be set independently.
There are not many opportunities for Kconfig updates to reduce the size of
this patch. This was tested with
./tools/moveconfig.py -i CONFIG_ENV_IS_IN_MMC
And then manual updates. This is because for CHAIN_OF_TRUST boards they
can only have ENV_IS_NOWHERE set, so we enforce that via Kconfig logic
now.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
When U-Boot boots from EL2, skip some lowlevel init code requiring
EL3, including CCI-400/CCN-504, trust zone, GIC, etc. These
initialization tasks are carried out before U-Boot runs. This applies
to the RAM version image used for SPL boot if PPA is loaded first.
Signed-off-by: York Sun <york.sun@nxp.com>
This header includes things that are needed to make driver build. Adjust
existing users to include that always, even if other dm/ includes are
present
Signed-off-by: Simon Glass <sjg@chromium.org>
This converts the following to Kconfig:
CONFIG_CMD_HASH
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
[trini: Rework slightly, enable on some boards again]
Signed-off-by: Tom Rini <trini@konsulko.com>
This converts the following to Kconfig:
CONFIG_CMD_ESBC_VALIDATE
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Commit 94e3c8c4fd ("crypto/fsl - Add progressive hashing support
using hardware acceleration.") created entries for CONFIG_SHA1,
CONFIG_SHA256, CONFIG_SHA_HW_ACCEL, and CONFIG_SHA_PROG_HW_ACCEL.
However, no defconfig has migrated to it. Complete the move by first
adding additional logic to various Kconfig files to select this when
required and then use the moveconfig tool. In many cases we can select
these because they are required to implement other drivers. We also
correct how we include the various hashing algorithms in SPL.
This commit was generated as follows (after Kconfig additions):
[1] tools/moveconfig.py -y SHA1 SHA256 SHA_HW_ACCEL
[2] tools/moveconfig.py -y SHA_PROG_HW_ACCEL
Note:
We cannot move SHA_HW_ACCEL and SHA_PROG_HW_ACCEL simultaneously
because there is dependency between them.
Cc: Poonam Aggrwal <poonam.aggrwal@freescale.com>
Cc: Naveen Burmi <NaveenBurmi@freescale.com>
Cc: Po Liu <po.liu@freescale.com>
Cc: Shengzhou Liu <Shengzhou.Liu@freescale.com>
Cc: Priyanka Jain <Priyanka.Jain@freescale.com>
Cc: Shaohui Xie <Shaohui.Xie@freescale.com>
Cc: Chunhe Lan <Chunhe.Lan@freescale.com>
Cc: Chander Kashyap <k.chander@samsung.com>
Cc: Steve Rae <steve.rae@raedomain.com>
Cc: Dirk Eibach <eibach@gdsys.de>
Cc: Feng Li <feng.li_2@nxp.com>
Cc: Alison Wang <alison.wang@freescale.com>
Cc: Sumit Garg <sumit.garg@nxp.com>
Cc: Mingkai Hu <Mingkai.Hu@freescale.com>
Cc: York Sun <york.sun@nxp.com>
Cc: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>
Cc: Jaehoon Chung <jh80.chung@samsung.com>
Cc: Akshay Saraswat <akshay.s@samsung.com>
Cc: Heiko Schocher <hs@denx.de>
Cc: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
This converts the following to Kconfig:
CONFIG_SPL_BOARD_INIT
Signed-off-by: Ley Foon Tan <ley.foon.tan@intel.com>
[trini: Update the Kconfig logic]
Signed-off-by: Tom Rini <trini@konsulko.com>
This converts the following to Kconfig:
CONFIG_CMD_BLOB
Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Add imply CMD_BLOB under CHAIN_OF_TRUST]
Signed-off-by: Tom Rini <trini@konsulko.com>
- Add SD secure boot target for ls1043ardb.
- Implement FSL_LSCH2 specific spl_board_init() to setup CAAM stream
ID and corresponding stream ID in SMMU.
- Change the u-boot size defined by a macro for copying the main
U-Boot by SPL to also include the u-boot Secure Boot header size as
header is appended to u-boot image. So header will also be copied
from SD to DDR.
- CONFIG_MAX_SPL_SIZE is limited to 90KB. SPL is copied to OCRAM
(128K) where 32K are reserved for use by boot ROM and 6K for secure
boto header.
- Error messages during SPL boot are limited to error code numbers
instead of strings to reduce the size of SPL image.
Signed-off-by: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
For validating images from uboot (Such as Kernel Image), either keys
from SoC fuses can be used or keys from a verified table of public
keys can be used. The latter feature is called IE Key Extension
Feature.
For Layerscape Chasis 3 based platforms, IE table is validated by
Bootrom and address of this table is written in scratch registers 13
and 14 via PBI commands.
Following are the steps describing usage of this feature:
1) Verify IE Table in ISBC phase using keys stored in fuses.
2) Install IE table. (To be used across verification of multiple
images stored in a static global structure.)
3) Use keys from IE table, to verify further images.
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
VID support in NXP layerscape Chassis-3 (lsch3) compilant SoCs like
LS2088A, LS2080A differs from existing logic.
-VDD voltage array is different
-Registers are different
-VDD calculation logic is different
Add new function adjust_vdd() for LSCH3 compliant SoCs
Signed-off-by: Priyanka Jain <priyanka.jain@nxp.com>
Signed-off-by: Arpit Goel <arpit.goel@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
In some cases this is absolutely required, so select this for some secure
features. This also requires migration of RSA_FREESCALE_EXP
Cc: Ruchika Gupta <ruchika.gupta@nxp.com>
Cc: Poonam Aggrwal <poonam.aggrwal@freescale.com>
Cc: Naveen Burmi <NaveenBurmi@freescale.com>
Cc: Po Liu <po.liu@freescale.com>
Cc: Shengzhou Liu <Shengzhou.Liu@freescale.com>
Cc: Priyanka Jain <Priyanka.Jain@freescale.com>
Cc: Sumit Garg <sumit.garg@nxp.com>
Cc: Shaohui Xie <Shaohui.Xie@freescale.com>
Cc: Chunhe Lan <Chunhe.Lan@freescale.com>
Cc: Feng Li <feng.li_2@nxp.com>
Cc: Alison Wang <alison.wang@freescale.com>
Cc: Mingkai Hu <Mingkai.Hu@freescale.com>
Cc: York Sun <york.sun@nxp.com>
Cc: Saksham Jain <saksham.jain@nxp.freescale.com>
Cc: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Introduce board/freescale/common/Kconfig so that we have a single place
for CONFIG options that are shared between ARM and PowerPC NXP platforms.
Cc: York Sun <york.sun@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: York Sun <york.sun@nxp.com>
With entry_point now being an unsigned long we need to adapt the last
two debug prints to use %lX not %X.
Fixes: 11e1479b9e ("SPL: make struct spl_image 64-bit safe")
Signed-off-by: Tom Rini <trini@konsulko.com>
At present there are two SPI functions only used by freescale which are
defined in the spi_flash.h header. One function name matches an existing
generic SPL function.
Move these into a private header to avoid confusion.
Arcturus looks like it does not actually support SPI, so drop the SPI code
from that board.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Update the API's for transition of Security Monitor states. Instead
of providing both initial and final states for transition, just
provide final state for transition as Security Monitor driver will
take care of it internally.
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
[York Sun: Reformatted commit message slightly]
Reviewed-by: York Sun <york.sun@nxp.com>
LS1046AQDS Specification:
-------------------------
Memory subsystem:
* 8GByte DDR4 SDRAM (64bit bus)
* 128 Mbyte NOR flash single-chip memory
* 512 Mbyte NAND flash
* 64 Mbyte high-speed SPI flash
* SD connector to interface with the SD memory card
Ethernet:
* Two XFI 10G ports
* Two SGMII ports
* Two RGMII ports
PCIe: supports Gen 1 and Gen 2
SATA 3.0: one SATA 3.0 port
USB 3.0: two micro AB connector and one type A connector
UART: supports two UARTs up to 115200 bps for console
Signed-off-by: Shaohui Xie <Shaohui.Xie@nxp.com>
Signed-off-by: Mingkai Hu <mingkai.hu@nxp.com>
Signed-off-by: Gong Qianyu <Qianyu.Gong@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
The deep sleep function of LS1 platform, is mapped into PSCI system
suspend function, this patch adds implementation of it.
Signed-off-by: Hongbo Zhang <hongbo.zhang@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Add this API to make the individual device is able to be set to
the specified permission.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>