Commit graph

26 commits

Author SHA1 Message Date
Marek Vasut
59e3d1bd49 doc: imx: psb: Document usage of SRC_GPR10 PERSIST_SECONDARY_BOOT for A/B switching
Document SRC_GPR10 PERSIST_SECONDARY_BOOT functionality. This is useful for
reliable bootloader A/B updates, as it permits switching between two copies
of bootloader at different offsets of the same storage. The switch happens
in case one copy is corrupted OR can be enforced by user. This functionality
is present at least since i.MX53, however is poorly documented in all known
SoC datasheets, hence this document aims to clarify the usage, currently on
i.MX7D and i.MX8MM.

Signed-off-by: Marek Vasut <marex@denx.de> # Original MX7D work, this document
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io> # All the MX8M work
Cc: Christoph Niedermaier <cniedermaier@dh-electronics.de>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: Harald Seiler <hws@denx.de>
Cc: Igor Opaniuk <igor.opaniuk@foundries.io>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Ludwig Zenz <lzenz@dh-electronics.com>
Cc: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Ye Li <ye.li@nxp.com>
Cc: uboot-imx <uboot-imx@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 23:59:50 +02:00
Breno Lima
58f75efeaf mx7ulp: hab: Add hab_status command for HABv4 M4 boot
When booting in low power or dual boot modes the M4 binary is
authenticated by the M4 ROM code.

Add an option in hab_status command so users can retrieve M4 HAB
failure and warning events.

=> hab_status m4

   Secure boot disabled

   HAB Configuration: 0xf0, HAB State: 0x66
   No HAB Events Found!

Add command documentation in mx6_mx7_secure_boot.txt guide.

As HAB M4 API cannot be called from A7 core the code is parsing
the M4 HAB persistent memory region. The HAB persistent memory
stores HAB events, public keys and others HAB related information.

The HAB persistent memory region addresses and sizes can be found
in AN12263 "HABv4 RVT Guidelines and Recommendations".

Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 09:18:29 +02:00
Simon Glass
41575d8e4c dm: treewide: Rename auto_alloc_size members to be shorter
This construct is quite long-winded. In earlier days it made some sense
since auto-allocation was a strange concept. But with driver model now
used pretty universally, we can shorten this to 'auto'. This reduces
verbosity and makes it easier to read.

Coincidentally it also ensures that every declaration is on one line,
thus making dtoc's job easier.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-13 08:00:25 -07:00
Sean Anderson
78ce0bd3ac clk: Always use the supplied struct clk
CCF clocks should always use the struct clock passed to their methods for
extracting the driver-specific clock information struct. Previously, many
functions would use the clk->dev->priv if the device was bound. This could
cause problems with composite clocks. The individual clocks in a composite
clock did not have the ->dev field filled in. This was fine, because the
device-specific clock information would be used. However, since there was
no ->dev, there was no way to get the parent clock. This caused the
recalc_rate method of the CCF divider clock to fail. One option would be to
use the clk->priv field to get the composite clock and from there get the
appropriate parent device. However, this would tie the implementation to
the composite clock. In general, different devices should not rely on the
contents of ->priv from another device.

The simple solution to this problem is to just always use the supplied
struct clock. The composite clock now fills in the ->dev pointer of its
child clocks.  This allows child clocks to make calls like clk_get_parent()
without issue.

imx avoided the above problem by using a custom get_rate function with
composite clocks.

Signed-off-by: Sean Anderson <seanga2@gmail.com>
Acked-by: Lukasz Majewski <lukma@denx.de>
2020-07-01 15:01:21 +08:00
Breno Lima
ba13973479 doc: ahab: Add encrypted boot documentation for i.MX8/8x devices
Add AHAB encrypted boot documentation for i.MX8/8x family devices
covering the following topics:

- How to encrypt and sign the 2nd container in flash.bin image.
- How to encrypt and sign a standalone container image.

Include a CSF example to encrypt 2nd container in flash.bin image.

Reviewed-by: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Catia Han <yaqian.han@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2020-05-01 13:46:22 +02:00
Patrick Delaunay
b09e28fc54 doc: update reference to README.imximage
Update reference in many files detected by
scripts/documentation-file-ref-check

README.imximage => imx/mkimage/imximage.txt

Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
2020-04-16 23:06:54 -04:00
Stefano Babic
d714a75fd4 imx: replace CONFIG_SECURE_BOOT with CONFIG_IMX_HAB
CONFIG_SECURE_BOOT is too generic and forbids to use it for cross
architecture purposes. If Secure Boot is required for imx, this means to
enable and use the HAB processor in the soc.

Signed-off-by: Stefano Babic <sbabic@denx.de>
2019-10-08 16:36:37 +02:00
Fabio Estevam
904c31fe9f imx: mxs: Fix location for the elftosb tool
The Denx FTP location is no longer reachable.

Switch to the Timesys repository instead.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
2019-10-08 16:36:36 +02:00
Peng Fan
b5661caf84 doc: imx: mkimage: introduce i.MX8 image format
Introduce i.MX8 container set configuration file and add example

Signed-off-by: Peng Fan <peng.fan@nxp.com>
2019-10-08 16:35:59 +02:00
Shyam Saini
c548451fd9 doc: imx: Add documentation for nandbcb command
Signed-off-by: Shyam Saini <shyam.saini@amarulasolutions.com>
2019-07-19 14:52:20 +02:00
Lukasz Majewski
4ebdf654b2 clk: doc: Add documentation entry for Common Clock Framework [CCF] (i.MX)
This patch describes the design decisions considerations and taken approach
for porting in a separate documentation entry.

Signed-off-by: Lukasz Majewski <lukma@denx.de>
2019-07-19 14:49:08 +02:00
Breno Matheus Lima
2dd652e665 doc: imx: habv4: Remove secure_boot.txt guide
The secure_boot.txt guide was replaced by mx6_mx7_secure_boot.txt and
mx6_mx7_spl_secure_boot.txt documents.

Both documents covers all steps needed for SPL and non-SPL tagets,
so remove secure_boot.txt file to avoid duplicated content.

Signed-off-by: Breno Lima <breno.lima@nxp.com>
2019-02-15 12:55:39 +01:00
Breno Matheus Lima
364c0a89bc doc: imx: habv4: Move encrypted boot guide
All guides are currently located at doc/imx/habv4/guides/ directory.

Move encrypted_boot.txt document to guides directory.

Signed-off-by: Breno Lima <breno.lima@nxp.com>
2019-02-15 12:47:13 +01:00
Breno Matheus Lima
cfb50207e5 doc: imx: habv4: Add Secure Boot guide for i.MX6 and i.MX7 SPL targets
The current U-Boot implementation includes SPL targets for
some NXP development boards:

- mx6sabreauto_defconfig
- mx6sabresd_defconfig
- mx6ul_14x14_evk_defconfig
- mx6ul_9x9_evk_defconfig

Add additional steps needed to completly secure the
bootloader image.

Signed-off-by: Breno Lima <breno.lima@nxp.com>
2019-02-15 12:46:59 +01:00
Breno Matheus Lima
872cfa20cd doc: imx: habv4: Add Secure Boot guide for i.MX6 and i.MX7 non-SPL targets
Add HABv4 documentation for non-SPL targets covering the
following topics:

- How to sign an securely boot an u-boot-dtb.imx image.
- How to extend the root of trust for additional boot images.
- Add 3 CSF examples.
- Add IVT generation script example.

Reviewed-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
2019-02-15 12:46:45 +01:00
Breno Matheus Lima
cbc4b0418c doc: imx: habv4: Add HABv4 introduction
The HABv4 is supported in i.MX50, i.MX53, i.MX6, i.MX7,
series and i.MX 8M, i.MX8MM devices.

Add an introductory document containing the following topics:

- HABv4 Introduction
- HABv4 Secure Boot
- HABv4 Encrypted Boot
- HAB PKI tree generation
- HAB Fast Authentication PKI tree generation
- SRK Table and SRK Hash generation

Reviewed-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
2019-02-15 12:46:31 +01:00
Breno Matheus Lima
8a23fc9c94 doc: imx: habv4: Remove extra hab directory for a cleaner documentation structure
There is no need to have an extra hab directory under doc/imx/.

Habv4 and AHAB documentation can be added directly in doc/imx/ for a
cleaner documentation structure.

Signed-off-by: Breno Lima <breno.lima@nxp.com>
2019-02-15 12:46:18 +01:00
Michael Heimpold
210594a868 doc: imx: fix typos in mxsimage.txt
This fixes two small typos in mxsimage.txt.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Reviewed-by: Breno Lima <breno.lima@nxp.com>
2019-01-01 14:12:18 +01:00
Michael Heimpold
5271dcf581 doc: imx: fix typo in imximage.txt
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Reviewed-by: Breno Lima <breno.lima@nxp.com>
2019-01-01 14:12:18 +01:00
Breno Matheus Lima
75e8ca6a5e doc: imx: Improve i.MX documentation naming
There is no need to have README in all i.MX documents name.
Remove README from i.MX docs name and add .txt file extension.

Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
2018-10-22 14:22:42 +02:00
Breno Matheus Lima
29530093ff doc: imx: misc: Reorganize miscellaneous documentation
The Serial Download Protocol feature is availible in various
i.MX SoCs.

Move README.sdp document to imx/misc directory.

Signed-off-by: Breno Lima <breno.lima@nxp.com>
2018-10-22 14:22:42 +02:00
Breno Matheus Lima
dfe9ff9cc7 doc: imx: hab: Reorganize High Assurance Boot documentation
The current High Assurance Boot document README.mxc_hab
include details for the following features in a single file:

- HAB Secure Boot
- HAB Encrypted Boot

Split HAB documentation in a specific directory for a cleaner
documentation structure, subsequent patches will include more
content in HAB documentation.

Signed-off-by: Breno Lima <breno.lima@nxp.com>
2018-10-22 14:22:42 +02:00
Breno Matheus Lima
843400fd26 doc: imx: Reorganize i.MX SoC common documentation
The following documents describe device details according to the
i.MX family:

- README.imx25
- README.imx27
- README.imx5
- README.imx6
- README.mxs

Move all device common related document to doc/imx/common for a better
directory structure.

Signed-off-by: Breno Lima <breno.lima@nxp.com>
2018-10-22 14:22:42 +02:00
Breno Matheus Lima
5eba73c52b doc: imx: mkimage: reorganize i.MX mkimage documentation
The following documents describe the image type used by the mkimage
tool to generate U-Boot images for i.MX devices.

- README.imximage
- README.mxsimage

Move all mkimage related document to doc/imx/mkimage for a better
directory structure.

Signed-off-by: Breno Lima <breno.lima@nxp.com>
2018-10-22 14:22:42 +02:00
Breno Matheus Lima
3af3bebc21 doc: imx: Move SPD related info to the appropriate doc
Currently the Serial Download Protocol tools and procedure are
documented in two places:

- doc/imx/README.sdp
- doc/imx/README.imx6

It is better to consolidate all SDP related information into
README.sdp file, so move the content from README.imx6 to
README.sdp.

Signed-off-by: Breno Lima <breno.lima@nxp.com>
2018-10-22 14:22:42 +02:00
Breno Matheus Lima
df11b0c4d4 doc: imx: reorganize i.MX documentation
Currently the U-Boot doc/ directory contains the following files
that are only relevant for i.MX devices:

- doc/README.imx25
- doc/README.imx27
- doc/README.imx5
- doc/README.imx6
- doc/README.imximage
- doc/README.mxc_hab
- doc/README.mxs
- doc/README.mxsimage
- doc/README.sdp

Move all content to a common i.MX folder for a better documentation
structure.

Signed-off-by: Breno Lima <breno.lima@nxp.com>
2018-10-22 14:22:42 +02:00