Chain of Trust is enabled for ARM platforms (LS1021 and LS1043).
In board_late_init(), fsl_setenv_chain_of_trust() is called which
will perform the following:
- If boot mode is non-secure, return (No Change)
- If boot mode is secure, set the following environmet variables:
bootdelay = 0 (To disable Boot Prompt)
bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script)
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
A function is created to detrmine if the boot mode is secure
or non-secure for differnt SoC's.
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
There are two phases in Secure Boot
1. ISBC: In BootROM, validate the BootLoader (U-Boot).
2. ESBC: In U-Boot, continuing the Chain of Trust by
validating and booting LINUX.
For ESBC phase, there is no difference in SoC's based on ARM or
PowerPC cores.
But the exit conditions after ISBC phase i.e. entry conditions for
U-Boot are different for ARM and PowerPC.
PowerPC:
If Secure Boot is executed, a separate U-Boot target is required
which must be compiled with a diffrent Text Base as compared to
Non-Secure Boot. There are some LAW and TLB settings which are
required specifically for Secure Boot scenario.
ARM:
ARM based SoC's have a fixed memory map and exit conditions from
BootROM are same irrespective of boot mode (Secure or Non-Secure).
Thus the current Secure Boot functionlity has been split into
two parts:
CONFIG_CHAIN_OF_TRUST
This will have the following functionality as part of U-Boot:
1. Enable commands like esbc_validate, esbc_halt
2. Change the environment settings based on bootmode, determined
at run time:
- If bootmode is non-secure, no change
- If bootmode is secure, set the following:
- bootdelay = 0 (Don't give boot prompt)
- bootcmd = Validate and execute the bootscript.
CONFIG_SECURE_BOOT
This is defined only for creating a different compile time target
for secure boot.
Traditionally, both these functionalities were defined under
CONFIG_SECURE_BOOT. This patch is aimed at removing the requirement
for a separate Secure Boot target for ARM based SoC's.
CONFIG_CHAIN_OF_TRUST will be defined and boot mode will be
determine at run time.
Another Security Requirement for running CHAIN_OF_TRUST is that
U-Boot environemnt must not be picked from flash/external memory.
This cannot be done based on bootmode at run time in current U-Boot
architecture. Once this dependency is resolved, no separate
SECURE_BOOT target will be required for ARM based SoC's.
Currently, the only code under CONFIG_SECURE_BOOT for ARM SoC's is
defining CONFIG_ENV_IS_NOWHERE
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
CONFIG_CMD_BLOB must be defined in case of Secure Boot. It was
earlier defined in all config files. The definition has been
moved to a common file which is included by all configs.
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
The file fsl_secure_boot.h must be included in config file for
Secure Boot. This is not required to be protected by any macro.
CONFIG_FSL_CAAM must be defined and CONFIG_CMD_HASH should be
turned on.
The above was missing in some config files and all files have been
made uniform in this respect.
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Current code compares the return pointer of function
qbman_cena_write_start with NULL. Instead the value of the return
pointer should be compared.
Signed-off-by: Pratiyush Mohan Srivastava <pratiyush.srivastava@freescale.com>
Acked-by: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Freescale's management complex (MC) uses System DDR for internal usage.
Increase used System DDR size from 256MB to 512 MB.
Signed-off-by: Pratiyush Mohan Srivastava <pratiyush.srivastava@freescale.com>
Acked-by: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Freescale's LS2040A is a another personality of LS2080A SoC
without AIOP support consisting of 4 armv8 cores.
Signed-off-by: Pratiyush Mohan Srivastava <pratiyush.srivastava@freescale.com>
Acked-by: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
LS2080A has support for 8 DPMAC ports out of which
only 5 ports can be used at a time.
Enabling all 8 DPMAC ports of LS2080A personality.
Signed-off-by: Pratiyush Mohan Srivastava <pratiyush.srivastava@freescale.com>
Acked-by: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Some images to be validated are relocated to a dynamic
address at run time. So, these addresses cannot be known
befor hand while signing the images and creating the header
offline.
So, support is required to pass the image address to the
validate function as an argument.
If an address is provided to the function, the address
field in Header is not read and is treated as a reserved
field.
Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
The code for image hash calculation, hash calculation from
RSA signature and comparison of hashes has been mobed to a
separate function.
Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Separate functions are created for reading and checking the
sanity of Public keys:
- read_validate_single_key
- read_validate_ie_tbl
- read_validate_srk_table
Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
The prototype and defination of function fsl_secboot_validate
has been changed to support calling this function from another
function within u-boot.
Only two aruments needed:
1) header address - Mandatory
2) SHA256 string - optional
Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Following commit 61bd2f75, exclude unused DDR controller from
calculating RAM size for SPL boot.
Signed-off-by: Ed Swarthout <Ed.Swarthout@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Fixes lsch2 SerDes registers define according to LS1043A RM Rev D.
Signed-off-by: Shaohui Xie <Shaohui.Xie@freescale.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Updated the default sata register values to enhance the
performance and stability.
Signed-off-by: Tang Yuantian <Yuantian.Tang@freescale.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Erratum A-009663 workaround requires to set DDR_INTERVAL[BSTOPRE] to 0
before setting DDR_SDRAM_CFG[MEM_EN] and set DDR_INTERVAL[BSTOPRE]
to the desired value after DDR initialization has completed.
When DDR controller is configured to operate in auto-precharge
mode(DDR_INTERVAL[BSTOPRE]=0), this workaround is not needed.
Signed-off-by: Shengzhou Liu <Shengzhou.Liu@freescale.com>
Reviewed-by: York Sun <york.sun@nxp.com>
SYSCLK frequency is dependent on on-board switch settings. It may
vary as per requirement. boot-loader is aware of board switch
configurations.
So Fixup Linux device tree from boot-loader.
Signed-off-by: Prabhakar Kushwaha <prabhakar@freescale.com>
CC: Mingkai Hu <Mingkai.Hu@freescale.com>
Reviewed-by: York Sun <york.sun@nxp.com>
1.Use "qixis_reset sd" to boot from SD
2.Use "qixis_reset sd_qspi" to boot from SD with QSPI support
3.Use "qixis_reset qspi" to boot from QSPI flash
On some SoCs such as LS1021A and LS1043A, IFC and QSPI could be
pin-multiplexed. So the switches are different between SD boot with
IFC support and SD boot with QSPI support. The default booting from
SD is with IFC support.
Once QSPI is enabled(IFC disabled), only use I2C to access QIXIS.
Signed-off-by: Gong Qianyu <Qianyu.Gong@freescale.com>
Reviewed-by: York Sun <york.sun@nxp.com>
This patch also exposes the complete DDR region(s) to Linux.
Signed-off-by: Shaohui Xie <Shaohui.Xie@freescale.com>
Reviewed-by: York Sun <york.sun@nxp.com>
During the receive data training, the DDRC may complete on a
non-optimal setting that could lead to data corruption or
initialization failure.
Workaround: before setting MEM_EN, set DEBUG_29 register with
specific value for different data rates.
Signed-off-by: Shengzhou Liu <Shengzhou.Liu@freescale.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Use wildcard to clean arch subdirectories, as it is cleaner than
listing all the arch which builds dtb.
Signed-off-by: Thomas Chou <thomas@wytron.com.tw>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
GPIO, I2C, LCD and HDMI are now implemented. We have more than one PMIC.
There is an implementation to run the CPU at full speed although it does
not seem to make much difference.
Update the README to cover recent developments.
Signed-off-by: Simon Glass <sjg@chromium.org>
This board includes an RK3288 SoC on a SOM. It can be mounted on a
base-board which provides a wide range of peripherals.
So far this is verified to boot to a prompt from a microSD card. The serial
console works as well as HDMI.
Thanks to Tom Cubie for sending me a board.
Signed-off-by: Simon Glass <sjg@chromium.org>
Bring in the current device tree files for rock2 from linux/next commit
719d6c1. Hopefully this is the latest one.
Signed-off-by: Simon Glass <sjg@chromium.org>
Enable these devices using the VOPL video output device. We explicitly
disable VOPB in the device tree to avoid it taking over. Since this device
has an LCD display this comes up by default. If the display fails for some
reason then it will attempt to use HDMI. It is possible to force it to fail
(and thus fall back to HDMI) by puting 'return -EPERM' at the top of
rk_edp_probe(). For now there is no easy way to select between the two.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a feature which speeds up the CPU to full speed in SPL to minimise
boot time. This is only supported for certain boards (at present only
jerry).
Signed-off-by: Simon Glass <sjg@chromium.org>
Since the device tree does not specify the EDID pinctrl option for HDMI we
must set it manually. Fix the driver to handle this.
Signed-off-by: Simon Glass <sjg@chromium.org>
There is a minor error in the SDRAM timing. It does not seem to affect
anything so far. Fix it just in case.
Signed-off-by: Simon Glass <sjg@chromium.org>
These work reasonable well, but there are a few errors:
- Brackets should be used to avoid unexpected side-effects
- When setting bits, the corresponding upper 16 bits should be set also
Signed-off-by: Simon Glass <sjg@chromium.org>
This script has proved useful for parsing datasheets and creating register
shift/mask values for use in header files. Include it in case it is useful
for others.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present the low-level init is skipped on rockchip. Among other things
this means that the instruction cache is left disabled. Fix this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some rockchip SoCs include video output (VOP). Add a driver to support this.
It can output via a display driver (UCLASS_DISPLAY) and currently HDMI and
eDP are supported.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some Rockchip SoCs support embedded DisplayPort output. Add a display driver
for this so that these displays can be used on supported boards.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some Rockchip SoCs support HDMI output. Add a display driver for this so
that these displays can be used on supported boards.
Unfortunately this driver is not fully functional. It cannot reliably read
EDID information over HDMI. This seems to be due to the clocks being
incorrect - the I2C bus speed appears to be up to 100x slower than the
clock settings indicate. The root cause may be in the clock logic.
Signed-off-by: Simon Glass <sjg@chromium.org>
The displays need to use NPLL and also select some new peripheral clocks.
Add support for these to the clock driver.
Signed-off-by: Simon Glass <sjg@chromium.org>