Commit graph

22 commits

Author SHA1 Message Date
Simon Glass
c5819701a3 image: Adjust the workings of fit_check_format()
At present this function does not accept a size for the FIT. This means
that it must be read from the FIT itself, introducing potential security
risk. Update the function to include a size parameter, which can be
invalid, in which case fit_check_format() calculates it.

For now no callers pass the size, but this can be updated later.

Also adjust the return value to an error code so that all the different
types of problems can be distinguished by the user.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 22:31:52 -05:00
Simon Glass
401d1c4f5d common: Drop asm/global_data.h from common header
Move this out of the common header and include it only where needed.  In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly.   Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-02-02 15:33:42 -05:00
Simon Glass
25a5818ff8 common: Drop asm/ptrace.h from common header
Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 21:19:23 -04:00
Simon Glass
f7ae49fc4f common: Drop log.h from common header
Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 21:19:18 -04:00
Simon Glass
4d72caa5b9 common: Drop image.h from common header
Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 17:33:33 -04:00
Simon Glass
90526e9fba common: Drop net.h from common header
Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.

Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 17:33:31 -04:00
Thomas Hebb
9f67b56772 Fix typo in macros, "FIRMEWARE" -> "FIRMWARE"
Signed-off-by: Thomas Hebb <tommyhebb@gmail.com>
2019-12-05 10:28:39 -05:00
Thomas Hebb
32f2ca2a7e cosmetic: Fix spelling and whitespace errors
Signed-off-by: Thomas Hebb <tommyhebb@gmail.com>
2019-12-03 08:43:23 -05:00
Simon Glass
1eb69ae498 common: Move ARM cache operations out of common.h
These functions are CPU-related and do not use driver model. Move them to
cpu_func.h

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2019-12-02 18:24:58 -05:00
Pankit Garg
2e17cb8a42 armv8: sec_firmware: return job ring status as true in TFABOOT
Returns job ring status as true in TFABOOT, as one job ring is always
reserved.

Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Pankit Garg <pankit.garg@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2018-12-06 14:37:19 -08:00
Sumit Garg
8044900a5b armv8: sec_firmware: Add support for multiple loadables
Enable support for multiple loadable images in SEC firmware FIT image.
Also add example "sec_firmware_ppa.its" file.

Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2018-05-09 09:17:51 -05:00
Ruchika Gupta
b6bb93de75 armv8: sec_firmware: Remove JR3 from device tree node in all cases
JR3 was getting removed from device tree only if random number
generation was successful. However, if SEC firmware is present,
JR3 should be removed from device tree node irrespective of the
random seed generation as SEC firmware reserves it for it's use.
Not removing it in case of random number generation failure causes
the kernel to crash.

Random number generation was being called twice. This is not
required. If SEC firmware is running, SIP call can be made to the SEC
firmware to get the random number. This call itself would return
failure if function is not supported. Duplicate calling of random
number generation function has been removed.

Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2018-05-09 09:17:51 -05:00
Tom Rini
83d290c56f SPDX: Convert all of our single license tags to Linux Kernel style
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from.  So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry.  Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents.  There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-07 09:34:12 -04:00
Andre Przywara
4d4db83d18 armv8: secure firmware: fix incorrect unit address in node name
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Remove the unit address from the config node name when U-Boot deals with
secure firmware FIT images.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2018-01-15 18:29:21 -07:00
Sumit Garg
9b3f40ad09 armv8: sec_firmware: Add support for loadables in FIT
Enable support for loadables in SEC firmware FIT image. Currently
support is added for single loadable image.

Brief description of implementation:
  Add two more address pointers (loadable_h, loadable_l) as arguments to
  sec_firmware_init() api.
  Create new api: sec_firmware_checks_copy_loadable() to check if loadables
  node is present in SEC firmware FIT image. If present, verify loadable
  image and copies it to secure DDR memory.
  Populate address pointers with secure DDR memory addresses where loadable
  is copied.

Example use-case could be trusted OS (tee.bin) as loadables node in SEC
firmware FIT image.

Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2017-10-27 08:47:14 -07:00
Ruchika Gupta
a797f274d7 ARMv8/sec_firmware : Update chosen/kaslr-seed with random number
kASLR support in kernel requires a random number to be passed via
chosen/kaslr-seed propert. sec_firmware generates this random seed
which can then be passed in the device tree node.

sec_firmware reserves JR3 for it's own usage. Node for JR3 is
removed from device-tree.

Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
2017-08-26 14:56:11 -04:00
York Sun
399e2bb60c armv8: layerscape: Make U-Boot EL2 safe
When U-Boot boots from EL2, skip some lowlevel init code requiring
EL3, including CCI-400/CCN-504, trust zone, GIC, etc. These
initialization tasks are carried out before U-Boot runs. This applies
to the RAM version image used for SPL boot if PPA is loaded first.

Signed-off-by: York Sun <york.sun@nxp.com>
2017-06-01 19:57:24 -07:00
Yuantian Tang
026f30ec3e arm: psci: make psci usable on single core socs
PSCI can be used on both multiple and single core socs. Current
implementation only allows PSCI to work on multiple core socs.
This patch removes this restriction so that PSCI can work on
single core socs as well.

Signed-off-by: Chenhui Zhao <chenhui.zhao@nxp.com>
Signed-off-by: Tang Yuantian <andy.tang@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2017-04-24 09:07:12 -07:00
Hou Zhiqiang
daa926448c ARMv8/sec_firmware: relocated and renamed the config FSL_PPA_ARMV8_PSCI
Moved the config FSL_PPA_ARMV8_PSCI from fsl-layerscape's Kconfig to
Kconfig under armv8 and renamed it to SEC_FIRMWARE_ARMV8_PSCI.

Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2017-01-18 09:39:51 -08:00
macro.wave.z@gmail.com
2d16a1a6c9 ARMv8: LS1043A: change macro CONFIG_ARMV8_PSCI definition
NXP/Freescale uses macro CONFIG_ARMV8_PSCI to enable their private PSCI
implementation in PPA firmware, but this macro naming too generic, so this
patch replaces it with a specic one CONFIG_FSL_PPA_ARMV8_PSCI.
And this macro CONFIG_ARMV8_PSCI will be used for a generic PSCI for ARMv8
which will be added in following patchs.

Signed-off-by: Hongbo Zhang <hongbo.zhang@nxp.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-12-15 11:57:18 -08:00
Hou Zhiqiang
81049ba8f4 ARMv8/sec-firmware: fix a compile error
When enabled sec firmware framework, but lack of definition of
the marco SEC_FIRMWARE_FIT_IMAGE, SEC_FIRMEWARE_FIT_CNF_NAME
and SEC_FIRMWARE_TARGET_EL, there will be some build errors,
so give a default definition.

Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
2016-10-06 20:57:36 -04:00
Hou Zhiqiang
b45db3b590 ARMv8: add the secure monitor firmware framework
This framework is introduced for ARMv8 secure monitor mode firmware.
The main functions of the framework are, on EL3, verify the firmware,
load it to the secure memory and jump into it, and while it returned
to U-Boot, do some necessary setups at the 'target exception level'
that is determined by the respective secure firmware.

So far, the framework support only FIT format image, and need to define
the name of which config node should be used in 'configurations' and
the name of property for the raw secure firmware image in that config.
The FIT image should be stored in Byte accessing memory, such as NOR
Flash, or else it should be copied to main memory to use this framework.

Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-07-19 11:33:03 -07:00