Make sure we have an IMX header before calling spl_load_imx_container,
since if we don't it will fail with -ENOENT. This allows us to fall back to
legacy/raw images if they are also enabled.
This is a functional change, one which likely should have been in place
from the start, but a functional change nonetheless. Previously, all
non-IMX8 images (except FITs without FIT_FULL) would be optimized out if
the only image load method enabled supported IMX8 images. With this change,
support for other image types now has an effect.
There are seven boards with SPL_LOAD_IMX_CONTAINER enabled: three with
SPL_BOOTROM_SUPPORT:
imx93_11x11_evk_ld imx93_11x11_evk imx8ulp_evk
and four with SPL_MMC:
deneb imx8qxp_mek giedi imx8qm_mek
All of these boards also have SPL_RAW_IMAGE_SUPPORT and
SPL_LEGACY_IMAGE_FORMAT enabled as well. However, none have FIT support
enabled. Of the six load methods affected by this patch, only SPL_MMC and
SPL_BOOTROM_SUPPORT are enabled with SPL_LOAD_IMX_CONTAINER.
spl_romapi_load_image_seekable does not support legacy or raw images, so
there is no growth. However, mmc_load_image_raw_sector does support loading
legacy/raw images. Since these images could not have been booted before, I
have disabled support for legacy/raw images on these four boards. This
reduces bloat from around 800 bytes to around 200.
There are no in-tree boards with SPL_LOAD_IMX_CONTAINER and AHAB_BOOT both
enabled, so we do not need to worry about potentially falling back to
legacy images in a secure boot scenario.
Future work could include merging imx_container.h with imx8image.h, since
they appear to define mostly the same structures.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Abstract common interfaces for AHAB authentication operations.
Then share some common codes for AHAB and SPL container authentication
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
1. Implement bootaux for the M4 boot on i.MX8QM and QXP. Users need to download
M4 image to any DDR address first. Then use the
"bootaux <M4 download DDR address> [M4 core id]" to boot CM4_0
or CM4_1, the default core id is 0 for CM4_0.
Since current M4 only supports running in TCM. The bootaux will copy
the M4 image from DDR to its TCML.
2. Implment bootaux for HIFI on QXP
command: bootaux 0x81000000 1
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
On the imx8ulp A1 SoC, the ELE RNG needs to be manually started.
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Add two ELE API: ele_return_lifecycle_update and ele_write_secure_fuse
Add two cmd: ahab_return_lifecycle and ahab_sec_fuse_prog
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Per NXP requirement, we rename all the NXP EdgeLock Secure Enclave
code including comment, folder and API name to ELE to align.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
According to datasheet, iMX93 has fused parts with CORE1 or NPU or
both disabled. So update code to support it, the kernel device tree
runtime update will be added in future patches.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Remove legacy command definitions, change to use new ELE_xxx command
request.
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Add get_events API to retrieve any singular events that has occurred
since the FW has started from sentinel
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
From Sentinel FW v0.0.9-9df0f503, the response message of get info API
is changed to add OEM SRK and some states (IMEM, CSAL, TRNG).
With old structure, we get failure from sentinel due to the buffer
size can't fit with new response message. So update the API structure
to fix the issue.
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
This converts 6 usages of this option to the non-SPL form, since there is
no SPL_IMX_MODULE_FUSE defined in Kconfig
Signed-off-by: Simon Glass <sjg@chromium.org>
Commit 56c2dbdaba ("imx: bootaux: cleanup code") introduces the
following LTO related warning:
"
arch/arm/mach-imx/imx_bootaux.c:24:31: warning: type of ‘hostmap’ does not match original declaration [-Wlto-type-mismatch]
24 | const __weak struct rproc_att hostmap[] = { };
| ^
arch/arm/mach-imx/imx8m/soc.c:1590:24: note: array types have different bounds
1590 | const struct rproc_att hostmap[] = {
| ^
arch/arm/mach-imx/imx8m/soc.c:1590:24: note: ‘hostmap’ was previously declared here
../aarch64-linux-gnu/bin/ld: warning: u-boot has a LOAD segment with RWX permissions
"
This is because the weak empty array of structures "hostmap" is eventually
replaced by non-empty array of structures with different number of elements.
Fix this by avoiding weak variable size array, instead use a weak function
which returns single pointer to the array.
Fixes: 56c2dbdaba ("imx: bootaux: cleanup code")
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
It is used as delay for gpmi write strobe.
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
Reviewed-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Introduce Sentinel API ahab_release_m33_trout to make sure sentinel
release M33 trout and make sure M33 could boot.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
To support more RDC instances on i.MX93, update API to latest
definition.
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Since iMX9 uses S401 which shares the API with iMX8ULP. So move S400
MU driver and API to a common place and selected by CONFIG_IMX_SENTINEL
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
i.MX9 shares same ROM API with i.MX8ULP, so make the i.MX8ULP the function
prototype common and usable by i.MX9.
Also include mmc env functions that use ROM API.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
For SoCs support ROM API, CONFIG_SPL_BOOTROM_SUPPORT is needed,
so use this macro to guard the code to avoid extend the list.
And drop the guard with structure definition, there is no need.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The ROM API is thoroughly undocumented, but apparently passing the xor
of the real arguments as an extra argument is required [1]. Also, we
need to do the "save gd/restore gd" dance. These are both error-prone,
and lead to a lot of code duplication.
Since both imx8m[np] and imx8ulp SOCs have this, add a separate
translation unit which is included precisely when the new
CONFIG_IMX8_ROMAPI symbol is set, which provide convenience wrappers
that take care of computing the xor value as well as doing the gd
dance, and that thus have a more intuitive API. Subsequent patches
will make use of these to reduce boilerplate.
[1] One wonders, for example, if the check is only applied to the
lower 32 bits, or if we're implicitly relying on all 64-bit pointer
values we're passing effectively have 0 in the upper 32 bits.
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
This exposes the struct rom_api, the g_rom_api variable declaration
and the associated #defines to slightly fewer boards: namely, those
IMX8M which are not IMX8MN or IMX8MP. But the latter two are the only
IMX8M* ones where the g_rom_api variable is defined (in imx8m/soc.c),
so that should be fine.
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Decode ECSPI boot device in env_get_location() from i.MX8M ROMAPI tables.
This is necessary to correctly identify env is in SPI NOR when the system
boots from SPI NOR attached to ECSPI.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Fabio Estevam <festevam@denx.de>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Reviewed-by: Fabio Estevam <festevam@denx.de>
Drop the Kconfigs which are not used and all references to them. In
particular, this drops CONFIG_VIDEO to avoid confusion and allow us to
eventually rename CONFIG_DM_VIDEO to CONFIG_VIDEO.
Also drop the prototype for video_get_info_str() which is no-longer used.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Jason Liu <jason.hui.liu@nxp.com>
The interface for NOR/OneNAND is called "EIM" not "EMI". Fix this.
Signed-off-by: Harald Seiler <hws@denx.de>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Similar to what has been done before with c5437e5b for u-boot proper, we
enable the SMP bit for SPL as well. This is necessary when SDP booting
straight into Linux, i.e. falcon boot. When SDP boot mode is active, the
ROM code does not set this bit which makes the caches not work once
activated in Linux.
On an i.MX6ULL (528MHz), this reduces a minimal kernel's boot time into
an initramfs shell from ~6.1s down to ~1.2s.
Signed-off-by: Sven Schwermer <sven@svenschwermer.de>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
According to 8MM/MN/MP reference manual, their pad registers only have
4 valid DSE values. And DSE2 and DSE4 are different with current
definitions in iomux-v3.h. Fix the issue to align with manual.
Signed-off-by: Ye Li <ye.li@nxp.com>
Acked-by: Peng Fan <peng.fan@nxp.com>
i.MX8ULP support using ROM API to load container image,
it use same ROM API as i.MX8MN/MP, and use same container format
as i.MX8QM/QXP.
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Since the container is shared among i.MX platforms, move its header file
to mach-imx
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
We need those macros to instruct drivers on how to behave for SoC specific
quirks, so let's add it as done for other i.MX SoCs.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Since commit 8891410c729b ("MLK-19848 mx6dq: Fix chip version issue for
rev1.3") it's not possible to call the HAB API functions on i.MX6DQ
SoC Rev 1.3:
Authenticate image from DDR location 0x12000000...
undefined instruction
pc : [<412c00dc>] lr : [<8ff560bc>]
reloc pc : [<c8b6d0dc>] lr : [<178030bc>]
sp : 8ef444a8 ip : 126e8068 fp : 8ff59aa8
r10: 8ffd51e4 r9 : 8ef50eb0 r8 : 006e8000
r7 : 00000000 r6 : 126ea01f r5 : 0000002b r4 : 126e8000
r3 : 412c00dd r2 : 00000001 r1 : 00000001 r0 : 00000063
Flags: nzCv IRQs off FIQs off Mode SVC_32
Resetting CPU ...
resetting ...
The hab.h code is defining the HAB API base address according to the
old SoC revision number, thus failing when calling the HAB API
authenticate_image() function.
Fix this issue by using mx6dq rev 1.3 instead of mx6dq rev 1.5.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The imx8mm has changed the address of rvt_hab, use new address for imx8mm.
The authentication procedure is same as imx8mq. In u-boot, the authentication
uses SIP call to trap ATF to run HAB authenticate.
Users need to add CONFIG_SECURE_BOOT=y to defconfig to enable the feature.
Signed-off-by: Ye Li <ye.li@nxp.com>
Acked-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
When booting in low power or dual boot modes the M4 binary is
authenticated by the M4 ROM code.
Add an option in hab_status command so users can retrieve M4 HAB
failure and warning events.
=> hab_status m4
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!
Add command documentation in mx6_mx7_secure_boot.txt guide.
As HAB M4 API cannot be called from A7 core the code is parsing
the M4 HAB persistent memory region. The HAB persistent memory
stores HAB events, public keys and others HAB related information.
The HAB persistent memory region addresses and sizes can be found
in AN12263 "HABv4 RVT Guidelines and Recommendations".
Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The HABv4 implementation in ROM checks if HAB major version
in IVT header is 4.x.
The current implementation in hab.c code is only validating
HAB v4.0 and HAB v4.1 and may be incompatible with newer
HABv4 versions.
Modify verify_ivt_header() function to align with HABv4
implementation in ROM code.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
There are some changes to support ARM64 i.MX8M platform in this patches:
1. The hab_rvt base and function vectors are different as i.MX6/7
2. Need to bypass an workaround for i.MX6 to fix problem in MMU.
3. The x18 register needed save & restore before calling any HAB API. According
to ARM procedure call spec, the x18 is caller saved when it is used as
temporary register. So calling HAB API may scratch this register, and
cause crash once accessing the gd pointer.
On ARMv7, the r9 is callee saved when it is used as variable register. So
no need to save & restore it.
4. Add SEC_CONFIG fuse for iMX8M
When current EL is not EL3, the direct calling to HAB will fail because
CAAM/SNVS can't initialize at non-secure mode. In this case, we use
SIP call to run the HAB in ATF.
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
There are 3 part numbers for 11x11 i.MX8MNano with different core number
configuration: UltraLite Quad/Dual/Solo
Comparing with i.MX8MN Lite parts, they have MIPI DSI disabled. So
checking the MIPI DSI disable fuse to recognize these parts.
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Use CONFIG_IS_ENABLED() macro, which provides more convenient
way to check $(SPL)DM_I2C/$(SPL)DM_I2C_GPIO configs
for both SPL and U-Boot proper.
CONFIG_IS_ENABLED(DM_I2C) expands to:
- 1 if CONFIG_SPL_BUILD is undefined and CONFIG_DM_I2C is set to 'y',
- 1 if CONFIG_SPL_BUILD is defined and CONFIG_SPL_DM_I2C is set to 'y',
- 0 otherwise.
All occurences were replaced automatically using these bash cmds:
$ find . -type f -exec sed -i
's/ifndef CONFIG_DM_I2C/if !CONFIG_IS_ENABLED(DM_I2C)/g' {} +
$ find . -type f -exec sed -i
's/ifdef CONFIG_DM_I2C/if CONFIG_IS_ENABLED(DM_I2C)/g' {} +
$ find . -type f -exec sed -i
's/defined(CONFIG_DM_I2C)/CONFIG_IS_ENABLED(DM_I2C)/g' {} +
$ find . -type f -exec sed -i
's/ifndef CONFIG_DM_I2C_GPIO/if !CONFIG_IS_ENABLED(DM_I2C_GPIO)/g' {} +
$ find . -type f -exec sed -i
's/ifdef CONFIG_DM_I2C_GPIO/if CONFIG_IS_ENABLED(DM_I2C_GPIO)/g' {} +
$ find . -type f -exec sed -i
's/defined(CONFIG_DM_I2C_GPIO)/CONFIG_IS_ENABLED(DM_I2C_GPIO)/g' {} +
Reviewed-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
