Fman microcode is executable code (AFAICT) loaded into a
coprocessor. As such, if verified boot is enabled, it must be verified
like other executable code. However, this is not currently done.
This commit adds verified boot functionality by encapsulating the
microcode in a FIT, which can then be signed/verified as normal. By
default we allow fallback to unencapsulated firmware, but if
CONFIG_FIT_SIGNATURE is enabled, then we make it mandatory. Because
existing Layerscape do not use this config (instead enabling
CONFIG_CHAIN_OF_TRUST), this should not break any existing boards.
An example (mildly-abbreviated) its is provided below:
/ {
#address-cells = <1>;
images {
firmware {
data = /incbin/(/path/to/firmware);
type = "firmware";
arch = "arm64";
compression = "none";
signature {
algo = "sha256,rsa2048";
key-name-hint = "your key name";
};
};
};
configurations {
default = "conf";
conf {
description = "Load FMAN microcode";
fman = "firmware";
};
};
};
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Now, spi_flash_probe_bus_cs() relies on DT for spi speed and mode
and logically calls spi_get_bus_and_cs(). In case spi mode and speed are
not read from DT, make usage of spi_flash_probe() instead.
To sum-up:
- Previous call tree was:
spi_flash_probe() -> spi_flash_probe_bus_cs() -> spi_get_bus_and_cs()
- Current call tree is:
spi_flash_probe() -> _spi_get_bus_and_cs()
spi_flash_probe_bus_cs() -> spi_get_bus_and_cs()
This patch impacts the following :
- cmd/sf.c: if spi mode and/or speed is passed in argument of
do_spi_flash_probe(), call spi_flash_probe() otherwise call
spi_flash_probe_bus_cs().
- drivers/net/fm/fm.c: as by default spi speed and mode was set to
0 and a comment indicates that speed and mode are read from DT,
use spi_flash_probe_bus_cs().
- drivers/net/pfe_eth/pfe_firmware.c: spi speed and mode are not read
from DT by all platforms using this driver, so keep legacy and replace
spi_flash_probe_bus_cs() by spi_flash_probe();
- drivers/net/sni_netsec.c : spi speed and mode are not read from DT,
so replace spi_flash_probe_bus_cs() by spi_flash_probe().
- drivers/usb/gadget/max3420_udc.c: Can't find any platform which make
usage of this driver, nevertheless, keep legacy and replace
spi_get_bus_and_cs() by _spi_get_bus_and_cs().
- env/sf.c: a comment indicates that speed and mode are read
from DT. So use spi_flash_probe_bus_cs().
Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com>
Cc: Marek Behun <marek.behun@nic.cz>
Cc: Jagan Teki <jagan@amarulasolutions.com>
Cc: Vignesh R <vigneshr@ti.com>
Cc: Joe Hershberger <joe.hershberger@ni.com>
Cc: Ramon Fried <rfried.dev@gmail.com>
Cc: Lukasz Majewski <lukma@denx.de>
Cc: Marek Vasut <marex@denx.de>
Cc: Wolfgang Denk <wd@denx.de>
Cc: Simon Glass <sjg@chromium.org>
Cc: Stefan Roese <sr@denx.de>
Cc: "Pali Rohár" <pali@kernel.org>
Cc: Konstantin Porotchkin <kostap@marvell.com>
Cc: Igal Liberman <igall@marvell.com>
Cc: Bin Meng <bmeng.cn@gmail.com>
Cc: Pratyush Yadav <p.yadav@ti.com>
Cc: Sean Anderson <seanga2@gmail.com>
Cc: Anji J <anji.jagarlmudi@nxp.com>
Cc: Biwen Li <biwen.li@nxp.com>
Cc: Priyanka Jain <priyanka.jain@nxp.com>
Cc: Chaitanya Sakinam <chaitanya.sakinam@nxp.com>
This converts the following to Kconfig:
CONFIG_ENV_SPI_BUS
CONFIG_ENV_SPI_CS
CONFIG_ENV_SPI_MAX_HZ
CONFIG_ENV_SPI_MODE
As part of this, we use Kconfig to provide the defaults now that were
done in include/spi_flash.h. We also in some cases change from using
CONFIG_ENV_SPI_FOO to CONFIG_SF_DEFAULT_FOO as those were the values in
use anyhow as ENV was not enabled.
Signed-off-by: Tom Rini <trini@konsulko.com>
This construct is quite long-winded. In earlier days it made some sense
since auto-allocation was a strange concept. But with driver model now
used pretty universally, we can shorten this to 'auto'. This reduces
verbosity and makes it easier to read.
Coincidentally it also ensures that every declaration is on one line,
thus making dtoc's job easier.
Signed-off-by: Simon Glass <sjg@chromium.org>
This change allows more fine tuning of driver model based SPI support in
SPL and TPL. It is now possible to explicitly enable/disable the DM_SPI
support in SPL and TPL via Kconfig option.
Before this change it was necessary to use:
/* SPI Flash Configs */
#if defined(CONFIG_SPL_BUILD)
#undef CONFIG_DM_SPI
#undef CONFIG_DM_SPI_FLASH
#undef CONFIG_SPI_FLASH_MTD
#endif
in the ./include/configs/<board>.h, which is error prone and shall be
avoided when we strive to switch to Kconfig.
The goal of this patch:
Provide distinction for DM_SPI support in both U-Boot proper and SPL (TPL).
Valid use case is when U-Boot proper wants to use DM_SPI, but SPL must
still support non DM driver.
Another use case is the conversion of non DM/DTS SPI driver to support
DM/DTS. When such driver needs to work in both SPL and U-Boot proper, the
distinction is needed in Kconfig (also if SPL version of the driver
supports OF_PLATDATA).
In the end of the day one would have to support following use cases (in
single driver file - e.g. mxs_spi.c):
- U-Boot proper driver supporting DT/DTS
- U-Boot proper driver without DT/DTS support (deprecated)
- SPL driver without DT/DTS support
- SPL (and TPL) driver with DT/DTS (when the SoC has enough resources to
run full blown DT/DTS)
- SPL driver with DT/DTS and SPL_OF_PLATDATA (when one have constrained
environment with no fitImage and OF_LIBFDT support).
Some boards do require SPI support (with DM) in SPL (TPL) and some only
have DM_SPI{_FLASH} defined to allow compiling SPL.
This patch converts #ifdef CONFIG_DM_SPI* to #if CONFIG_IS_ENABLED(DM_SPI)
and provides corresponding defines in Kconfig.
Signed-off-by: Lukasz Majewski <lukma@denx.de>
Tested-by: Adam Ford <aford173@gmail.com> #da850-evm
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
[trini: Fixup a few platforms]
Signed-off-by: Tom Rini <trini@konsulko.com>
Probe the FMan MACs based on the device tree while
retaining the legacy code/functionality.
One notable change introduced here is that, for DM_ETH,
the name of the interfaces is corrected to the fmX-macY
format, that avoids the referral to the MAC block names
which were incorrect for FMan v3 devices (i.e. DTSEC,
TGEC) and had weird formatting (i.e. FM1@DTSEC6, FM1@TGEC1).
The legacy code is left unchanged in this respect.
Signed-off-by: Madalin Bucur <madalin.bucur@oss.nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
If CONFIG_CMD_NAND is disabled, get_nand_dev_by_index() is not
accessible.
This fix allows the build to succeed in this case.
Signed-off-by: Francois Gervais <fgervais@distech-controls.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
Drop inclusion of crc.h in common.h and use the correct header directly
instead.
With this we can drop the conflicting definition in fw_env.h and rely on
the crc.h header, which is already included.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
This header file is now only used by files that access internal
environment features. Drop it from various places where it is not needed.
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Move env_set_hex() over to the new header file along with env_set_addr()
which uses it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Move the main symbol for Freescale Fman Ethernet controller option to
Kconfig. Also migrate the CONFIG_SYS_QE_FMAN_FW_IN_xxx macros and
rename the SPIFLASH one to follow the same format as all of the others.
To do this fully we need to migrate CONFIG_QC, do so.
Signed-off-by: Tom Rini <trini@konsulko.com>
Adds TFABOOT support and allows to pick FMAN firmware
on basis of boot source.
Signed-off-by: Pankit Garg <pankit.garg@nxp.com>
Signed-off-by: Rajesh Bhagat <rajesh.bhagat@nxp.com>
[YS: fix checkpatch issues]
Reviewed-by: York Sun <york.sun@nxp.com>
At present the MMC subsystem maintains its own list of MMC devices.
This cannot work with driver model when CONFIG_BLK is enabled, use
blk_dread to replace previous mmc read interface, use
mmc_get_blk_desc to get the mmc device property.
Signed-off-by: Yinbo Zhu <yinbo.zhu@nxp.com>
[York S: reformatted commit message]
Reviewed-by: York Sun <york.sun@nxp.com>
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.
In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.
This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.
Signed-off-by: Tom Rini <trini@konsulko.com>
All these places seem to inherit the codes from the MMC driver where
a FIXME was put in the comment. However the correct operation after
read should be cache invalidate, not flush.
The underlying drivers should be responsible for the cache operation.
Remove these codes completely.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: York Sun <york.sun@nxp.com>
Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: York Sun <york.sun@nxp.com>
We are now using an env_ prefix for environment functions. Rename these
commonly used functions, for consistency. Also add function comments in
common.h.
Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
As part of preparation for nand DM conversion the new API has been
introduced to remove direct access to nand_info array. So, use it here
instead of accessing to nand_info array directly.
Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>
Now, arch/${ARCH}/include/asm/errno.h and include/linux/errno.h have
the same content. (both just wrap <asm-generic/errno.h>)
Replace all include directives for <asm/errno.h> with <linux/errno.h>.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
[trini: Fixup include/clk.]
Signed-off-by: Tom Rini <trini@konsulko.com>
The current code would always use the speed and mode set by
CONFIG_ENV_SPI_MAX_HZ and CONFIG_ENV_SPI_MODE. But if using
SPI driver model it should get the values from DT.
Signed-off-by: Gong Qianyu <Qianyu.Gong@nxp.com>
Reviewed-by: Jagan Teki <jteki@openedev.com>
Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>
Reviewed-by: York Sun <york.sun@nxp.com>
The QMan is not used in FMan IM mode, so no QMI enqueue or QMI
dequeue are performed.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
nand_info[] is now an array of pointers, with the actual mtd_info
instance embedded in struct nand_chip.
This is in preparation for syncing the NAND code with Linux 4.6,
which makes the same change to struct nand_chip. It's in a separate
commit due to the large amount of changes required to accommodate the
change to nand_info[].
Signed-off-by: Scott Wood <oss@buserror.net>
As the QE firmware struct is shared with Fman, move the header file
out of drivers/qe/.
Signed-off-by: Gong Qianyu <Qianyu.Gong@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
This will allow the implementation to make use of data in the block_dev
structure beyond the base device number. This will be useful so that eMMC
block devices can encompass the HW partition ID rather than treating this
out-of-band. Equally, the existence of the priv field is crying out for
this patch to exist.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
The FMan IM driver is developed for 32-bit platfroms and isn't
friendly to 64-bit platforms, so do the minimal refactor:
1. Refine the MURAM management and access.
2. Correct the initialization and operations for QDs and BDs.
Signed-off-by: Hou Zhiqiang <B48286@freescale.com>
Signed-off-by: Gong Qianyu <Qianyu.Gong@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
The Frame Manager(FMan) is a big-endian peripheral, so the
registers, internal MURAM and BDs, which are allocated in main
memory and used to communication between core and FMan, should
be accessed in big-endian. The big-endian platforms can access
them directly as the code implemented so far, while for the
little-endian platforms it need to swap the byte-order.
Signed-off-by: Hou Zhiqiang <B48286@freescale.com>
Signed-off-by: Shaohui Xie <Shaohui.Xie@freescale.com>
Signed-off-by: Mingkai Hu <Mingkai.Hu@freescale.com>
Signed-off-by: Gong Qianyu <Qianyu.Gong@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
CONFIG_SYS_QE_FMAN_FW_ADDR is used to both Fman and QE for microcode address.
Now using CONFIG_SYS_FMAN_FW_ADDR for Fman microcode address,
and CONFIG_SYS_QE_FW_ADDR for QE microcode address.
Signed-off-by: Zhao Qiang <B45475@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
FMAN firmware can be in NOR flash, NAND flash, SPI flash, MMC or even
remote. In case none of them is defined, set it to null.
Signed-off-by: York Sun <yorksun@freescale.com>
For the powerpc processors with SRIO interface, boot location can be configured
from SRIO1 or SRIO2 by RCW. The processor booting from SRIO can do without flash
for u-boot image. The image can be fetched from another processor's memory
space by SRIO link connected between them.
The processor boots from SRIO is slave, the processor boots from normal flash
memory space and can help slave to boot from its memory space is master.
They are different environments and requirements:
master:
1. NOR flash for its own u-boot image, ucode and ENV space.
2. Slave's u-boot image in master NOR flash.
3. Normally boot from local NOR flash.
4. Configure SRIO switch system if needed.
slave:
1. Just has EEPROM for RCW. No flash for u-boot image, ucode and ENV.
2. Boot location should be set to SRIO1 or SRIO2 by RCW.
3. RCW should configure the SerDes, SRIO interfaces correctly.
4. Slave must be powered on after master's boot.
5. Must define CONFIG_SYS_QE_FMAN_FW_IN_REMOTE because of no ucode
locally.
For the slave module, need to finish these processes:
1. Set the boot location to SRIO1 or SRIO2 by RCW.
2. Set a specific TLB entry for the boot process.
3. Set a LAW entry with the TargetID SRIO1 or SRIO2 for the boot.
4. Slave's u-boot image should be generated specifically by
make xxxx_SRIOBOOT_SLAVE_config.
This will set SYS_TEXT_BASE=0xFFF80000 and other configurations.
Signed-off-by: Liu Gang <Gang.Liu@freescale.com>
Signed-off-by: Shaohui Xie <Shaohui.Xie@freescale.com>
Several macros are used to identify and locate the microcode binary image
that U-boot needs to upload to the QE or Fman. Both the QE and the Fman
use the QE Firmware binary format to package their respective microcode data,
which is why the same macros are used for both. A given SOC will only have
a QE or an Fman, so this is safe.
Unfortunately, the current macro definition and usage has inconsistencies.
For example, CONFIG_SYS_FMAN_FW_ADDR was used to define the address of Fman
firmware in NOR flash, but CONFIG_SYS_QE_FW_IN_NAND contains the address
of NAND. There's no way to know by looking at a variable how it's supposed
to be used.
In the future, the code which uploads QE firmware and Fman firmware will
be merged.
Signed-off-by: Timur Tabi <timur@freescale.com>
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
Fix:
fm.c: In function 'fm_init_common':
fm.c:398:6: warning: variable 'n' set but not used [-Wunused-but-set-variable]
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
The Frame Manager (FMan) on QorIQ SoCs with DPAA (datapath acceleration
architecture) is the ethernet contoller block. Normally it is utilized
via Queue Manager (Qman) and Buffer Manager (Bman). However for boot
usage the FMan supports a mode similar to QE or CPM ethernet collers
called Independent mode.
Additionally the FMan block supports multiple 1g and 10g interfaces as a
single entity in the system rather than each controller being managed
uniquely. This means we have to initialize all of Fman regardless of
the number of interfaces we utilize.
Different SoCs support different combinations of the number of FMan as
well as the number of 1g & 10g interfaces support per Fman.
We add support for the following SoCs:
* P1023 - 1 Fman, 2x1g
* P4080 - 2 Fman, each Fman has 4x1g and 1x10g
* P204x/P3041/P5020 - 1 Fman, 5x1g, 1x10g
Signed-off-by: Dave Liu <daveliu@freescale.com>
Signed-off-by: Andy Fleming <afleming@freescale.com>
Signed-off-by: Timur Tabi <timur@freescale.com>
Signed-off-by: Roy Zang <tie-fei.zang@freescale.com>
Signed-off-by: Dai Haruki <dai.haruki@freescale.com>
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Ioana Radulescu <ruxandra.radulescu@freescale.com>
Signed-off-by: Lei Xu <B33228@freescale.com>
Signed-off-by: Mingkai Hu <Mingkai.hu@freescale.com>
Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Shaohui Xie <b21989@freescale.com>
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>