This fixes a regression in the eMMC fast boot mode case where the buffer
was missing 464 bytes.
The code figures out how many bytes must at least be fetched to honor
the current read, rounds that up to the ss->pagesize [which is a no-op
in the USB download case because that has ->pagesize==1], fetches that
many bytes, but then recorded the original upper bound as the new end of
the valid data. However, this did not take into account the rounding up
to the ss->pagesize. Fix this by recording the actual bytes downloaded.
Fixes: 4b4472438f ("imx: spl_imx_romapi: avoid tricky use of spl_load_simple_fit() to get full FIT size")
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Acked-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Similar change was done by commit b4c2c151b1 ("Kconfig: Remove all
default n/no options") and again sync is required.
default n/no doesn't need to be specified. It is default option anyway.
Signed-off-by: Michal Simek <michal.simek@amd.com>
Reviewed-by: Svyatoslav Ryhel <clamor95@gmail.com> # tegra
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Angelo Dureghello <angelo@kernel-space.org>
Make sure we have an IMX header before calling spl_load_imx_container,
since if we don't it will fail with -ENOENT. This allows us to fall back to
legacy/raw images if they are also enabled.
This is a functional change, one which likely should have been in place
from the start, but a functional change nonetheless. Previously, all
non-IMX8 images (except FITs without FIT_FULL) would be optimized out if
the only image load method enabled supported IMX8 images. With this change,
support for other image types now has an effect.
There are seven boards with SPL_LOAD_IMX_CONTAINER enabled: three with
SPL_BOOTROM_SUPPORT:
imx93_11x11_evk_ld imx93_11x11_evk imx8ulp_evk
and four with SPL_MMC:
deneb imx8qxp_mek giedi imx8qm_mek
All of these boards also have SPL_RAW_IMAGE_SUPPORT and
SPL_LEGACY_IMAGE_FORMAT enabled as well. However, none have FIT support
enabled. Of the six load methods affected by this patch, only SPL_MMC and
SPL_BOOTROM_SUPPORT are enabled with SPL_LOAD_IMX_CONTAINER.
spl_romapi_load_image_seekable does not support legacy or raw images, so
there is no growth. However, mmc_load_image_raw_sector does support loading
legacy/raw images. Since these images could not have been booted before, I
have disabled support for legacy/raw images on these four boards. This
reduces bloat from around 800 bytes to around 200.
There are no in-tree boards with SPL_LOAD_IMX_CONTAINER and AHAB_BOOT both
enabled, so we do not need to worry about potentially falling back to
legacy images in a secure boot scenario.
Future work could include merging imx_container.h with imx8image.h, since
they appear to define mostly the same structures.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
These error messages are missing newlines. Add them.
Fixes: 6e81ca220e ("imx: parse-container: Use malloc for container processing")
Signed-off-by: Sean Anderson <seanga2@gmail.com>
We should load images to their destination, not their entry point.
Fixes: 7b86cd4274 ("imx8: support parsing i.MX8 Container file")
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Implement the 'getprisec' subcommand of 'bmode' command for i.MX8M by
reading out the ROM log events. This event is set by the BootROM if it
switched to the secondary copy due to primary copy being corrupted.
Signed-off-by: Fedor Ross <fedor.ross@ifm.com>
Signed-off-by: Marek Vasut <marex@denx.de>
In case of a secondary image boot from the user area of an eMMC device,
the correct offset must be calculated. The offset is fused in the fuse
IMG_CNTN_SET1_OFFSET of the i.MX8M Nano and Plus. The calculation of the
offset is described in the reference manual (IMX8MNRM Rev. 2, 07/2022
and IMX8MPRM Rev. 1, 06/2021):
The fuse IMG_CNTN_SET1_OFFSET (0x490[22:19]) is defined as follows:
* Secondary boot is disabled if fuse value is bigger than 10,
n = fuse value bigger than 10.
* n == 0: Offset = 4MB
* n == 2: Offset = 1MB
* Others & n <= 10 : Offset = 1MB*2^n
Signed-off-by: Fedor Ross <fedor.ross@ifm.com>
Signed-off-by: Marek Vasut <marex@denx.de>
Factor out parsing of ROM log in function spl_mmc_emmc_boot_partition().
This can be helpful to detect a secondary image boot without fiddling
around with MMC partitions. This way for example, U-Boot is able to
detect a secondary image boot and can enter some fallback scenario like
starting a recovery mode.
Signed-off-by: Fedor Ross <fedor.ross@ifm.com>
Signed-off-by: Marek Vasut <marex@denx.de>
Introduce two new weak functions, arch_spl_mmc_get_uboot_raw_sector() and
board_spl_mmc_get_uboot_raw_sector(), each of which can be overridden at
a matching level, that is arch/ and board/ , in addition to the existing
weak function spl_mmc_get_uboot_raw_sector().
This way, architecture code can define a default architecture specific
implementation of arch_spl_mmc_get_uboot_raw_sector(), while the board
code can override that using board_spl_mmc_get_uboot_raw_sector() which
takes precedence over the architecture code. In some sort of unlikely
special case where code has to take precedence over board code too, the
spl_mmc_get_uboot_raw_sector() is still left out to be a weak function,
but it should be unlikely that this is ever needed to be overridden.
Signed-off-by: Marek Vasut <marex@denx.de>
The xfi3 target has been removed by commit 539fba2c10 ("arm:
Remove xfi3 board"), but it missed to remove an entry from the
mxs Kconfig.
Remove it.
Signed-off-by: Fabio Estevam <festevam@denx.de>
The current code works by sheer coincidence, because (see HABv4 API
documentation, section 3.4) the RVT authenticate_image call updates
the size that is passed in with the actual size ROM code pulls from
IVT/CSF . So if the input size is larger, that is "fine" . Pass in
size instead to make this really correct.
Signed-off-by: Marek Vasut <marex@denx.de>
- Generally we just drop the #ifdef CONFIG_SYS_LONGHELP and endif lines
and use U_BOOT_LONGHELP to declare the same variable name as before
- In a few places, either rename the variable to follow convention or
introduce the variable as it was being done inline before.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Extend the padding process of u-boot-nand.imx target by adding 10k bytes
of zeros to the end of the binary using the 'dd' command.
The existing padding method did not generate a functional binary,
as discussed in more detail in this thread [1]. Instead, we adopt the
end-padding calculation method documented in 'board/doc/colibri_imx7.rst'
as a reference, which is relevant for iMX7 with NAND storage.
Adding 10k bytes of zeros provides an approximate value that makes the
proper padding for these NAND devices.
[1] https://lore.kernel.org/all/CAC4tdFUqffQzRQFv5AGe_xtbFy1agr2SEpn_FzEdexhwjdryyw@mail.gmail.com/
Signed-off-by: Hiago De Franco <hiago.franco@toradex.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
These IS_ENABLED(CONFIG_SPL_LOAD_FIT) cases can no longer be reached,
and thus get_fit_image_size() is also redundant.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Fabio Estevam <festevam@denx.de>
Currently, spl_imx_romapi uses a somewhat tricky workaround for the
fact that a FIT image with external data doesn't directly allow one to
know the full size of the file: It does a dummy spl_load_simple_fit(),
having the ->read callback remember the largest offset requested, and
then does a last call to rom_api_download_image() to fetch the
remaining part of the full FIT image.
We can avoid that by just keeping track of how much we have downloaded
already, and if the ->read() requests something outside the current
valid buffer, fetch up to the end of the current request.
The current method also suffers from not working when CONFIG_IMX_HAB
is enabled: While in that case u-boot.itb is not built with external
data, so the fdt header does contain the full size of the dtb
structure. However, it does not account for the extra CONFIG_CSF_SIZE
added by board_spl_fit_size_align(). And also, the data it hands out
during the first dummy spl_load_simple_fit() is of course garbage, and
wouldn't pass the verification.
So we really need to call spl_load_simple_fit() only once, let that
figure out just how big the FIT image is (including whatever data, CSF
or "ordinary" external data, has been tacked on beyond the fdt
structure), and always provide valid data from the ->read callback.
This only affects the CONFIG_SPL_LOAD_FIT case - I don't have any
hardware or experience with the CONFIG_SPL_LOAD_IMX_CONTAINER case, so
I leave that alone for now.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Fabio Estevam <festevam@denx.de>
If optee is detected configure it in the Linux device-tree:
- add /firmware/optee node
- add /reserved-memory nodes for optee_core and optee_shm
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
With enabled SKIP_LOWLEVEL_INIT, the weak function timer_init() is
used in the SPL build. For iMX6 SoC, this leads MMC to fail once
u-boot proper is booted due to a timing issue.
Always use iMX-specific timer_init() in SPL to fix timing issues.
Fixes: be277c3a89 ("imx: mx7: avoid some initialization if low level is skipped")
Signed-off-by: Michael Scott <mike@foundries.io>
Co-developed-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
This old patch was marked as deferred. Bring it back to life, to continue
towards the removal of common.h
Move this out of the common header and include it only where needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
The ivt_offset parameter is optional for both hab_auth_img_or_fail
and hab_auth_img commands.
Document it in their usage texts to make it clearer.
Signed-off-by: Fabio Estevam <festevam@denx.de>
Since commit ea91031b22 ("imx: hab: extend hab_auth_img to calculate
ivt_offset"), it is possible to call the hab_auth_img command without the
last ivt_offset argument.
Currently, calling hab_auth_img_or_fail without the last
ivt_offset parameter causes a failure and the command usage text is shown.
Fix this problem by adjusting the argc logic to allow
calling hab_auth_img_or_fail with only the address and size parameters.
This way, both hab_auth_img and hab_auth_img_or_fail have the same
behavior with respect to the allowed number of command parameters.
Signed-off-by: Eduard Strehlau <eduard@lionizers.com>
Signed-off-by: Fabio Estevam <festevam@denx.de>
If CMD_ELF disabled and IMX_BOOTAUX enabled, the u-boot building ends
up with a linking error [1]. Select LIB_ELF to fix the building
issue.
[1]
ld: /tmp/ccaF1rpv.ltrans0.ltrans.o: in function `do_bootaux':
arch/arm/mach-imx/imx_bootaux.c:108: undefined reference to `valid_elf_image'
Fixes: c0f037f6a2 ("mach-imx: bootaux: elf firmware support")
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
If dram_init_banksize() is called from SPL, the rom_pointer, at that
point, is not correctly initialized. This causes wrong calculation of
DRAM start and size in dram_init_banksize(). The issue became apparent
only in Falcon Mode. Added an extra condition to prevent using
rom_pointer in SPL.
Signed-off-by: Elena Popa <elena.popa@nxp.com>
Reviewed-by: Marek Vasut <marex@denx.de>
Reviewed-by: Fabio Estevam <festevam@denx.de>
Very few of the existing event-spy records use the arguments they are
passed. Update them to use a simple spy instead, to simplify the code.
Where an adaptor function is currently used, remove it where possible.
Signed-off-by: Simon Glass <sjg@chromium.org>
This reverts commit c5b68ef8af.
CONFIG_OPTEE_TZDRAM_SIZE is used by imx6-based SoCs as well. Move the
option back.
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
board_get_usable_ram_top() returns a physical address that is stored in
gd->ram_top. The return type of the function should be phys_addr_t like the
current type of gd->ram_top.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
It is not a parse error to have a default value of "0" for a "hex" type
entry, instead of "0x0". However, "0" and "0x0" are not treated the
same even by the tools themselves. Correct this by changing the default
value from "0" to "0x0" for all hex type questions that had the
incorrect default. Fix one instance (in two configs) of a default of "0"
being used on a hex question to be "0x0". Remove the cases where a
defconfig had set a value of "0x0" to be used as the default had been
"0".
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Bitwise operations on signed integers are not defined,
replace them with per-call checks.
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Heiko Schocher <hs@denx.de>
In order to enable HAB, FSL_CAAM, ARCH_MISC_INIT and
SPL_CRYPTO should be enabled in Kconfig like other i.MX8M
boards.
This also needs to occur in the SPL so enable CONFIG_SPL_BOARD_INIT and
add a void spl_board_init function which calls arch_misc_init to probe
the CAAM driver.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
add support for SHA-256 secure hash algorithm using the ARM v8
SHA-256 instructions for verifying image hash.
Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Abstract common interfaces for AHAB authentication operations.
Then share some common codes for AHAB and SPL container authentication
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
If the container has image which conflicts with
spl_get_load_buffer address, there are processing failures.
Use malloc instead of spl_get_load_buffer.
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Nitin Garg <nitin.garg@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
1. Implement bootaux for the M4 boot on i.MX8QM and QXP. Users need to download
M4 image to any DDR address first. Then use the
"bootaux <M4 download DDR address> [M4 core id]" to boot CM4_0
or CM4_1, the default core id is 0 for CM4_0.
Since current M4 only supports running in TCM. The bootaux will copy
the M4 image from DDR to its TCML.
2. Implment bootaux for HIFI on QXP
command: bootaux 0x81000000 1
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The bootaux uses ulong to read private data and write to M4 TCM,
this cause problem on ARM64 platform where the ulong is 8bytes.
Fix it by using u32 to replace ulong.
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The current bootaux supports i.MX8M and i.MX93, but the name "_M4_"
implies that the SoCs have Cortex-M4. Actually i.MX8MM/Q use Cortex-M4,
i.MX8MN/P use Cortex-M7, i.MX93 use Cortex-M33, so use "_MCU_" in place
of "_M4_" to simplify the naming.
Signed-off-by: faqiang.zhu <faqiang.zhu@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Add the support for loading image from secondary container set on
iMX8QM B0, iMX8QXP C0.
Using the SCFW API to get container set index, if it is the secondary
boot, get the offset from fuse and apply to offset of current container
set beginning for loading.
Also override the emmc boot partition to check secondary boot and switch
to the other boot part.
This patch is modified from NXP downstream:
imx8: Fix the fuse used by secondary container offset
imx: container: Skip container set check for ROM API
imx8: spl: Support booting from secondary container set
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>