Modify the SPL build procedure for AM437x high-security (HS) device
variants to create a secure u-boot_HS.img FIT blob that contains U-Boot
and DTB artifacts signed (and optionally encrypted) with a TI-specific
process based on the CONFIG_TI_SECURE_DEVICE config option and the
externally-provided image signing tool.
Also populate the corresponding FIT image post processing call to be
performed during SPL runtime.
Signed-off-by: Madan Srinivas <madans@ti.com>
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Modify the SPL build procedure for AM57xx and DRA7xx high-security (HS)
device variants to create a secure u-boot_HS.img FIT blob that contains
U-Boot and DTB artifacts signed with a TI-specific process based on the
CONFIG_TI_SECURE_DEVICE config option and the externally-provided image
signing tool.
Also populate the corresponding FIT image post processing call to be
performed during SPL runtime.
Signed-off-by: Daniel Allred <d-allred@ti.com>
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
The next stage boot loader image and the selected FDT can be post-
processed by board/platform/device-specific code, which can include
modifying the size and altering the starting source address before
copying these binary blobs to their final destination. This might be
desired to do things like strip headers or footers attached to the
images before they were packaged into the FIT, or to perform operations
such as decryption or authentication. Introduce new configuration
option CONFIG_SPL_FIT_IMAGE_POST_PROCESS to allow controlling this
feature. If enabled, a platform-specific post-process function must
be provided.
Signed-off-by: Daniel Allred <d-allred@ti.com>
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Adds commands so that when a secure device is in use and the SPL is
built to load a FIT image (with combined U-Boot binary and various
DTBs), these components that get fed into the FIT are all processed to
be signed/encrypted/etc. as per the operations performed by the
secure-binary-image.sh script of the TI SECDEV package. Furthermore,
perform minor comments cleanup to make better use of the available
space.
Signed-off-by: Daniel Allred <d-allred@ti.com>
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Adds an API that verifies a signature attached to an image (binary
blob). This API is basically a entry to a secure ROM service provided by
the device and accessed via an SMC call, using a particular calling
convention.
Signed-off-by: Daniel Allred <d-allred@ti.com>
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Adds a generic C-callable API for making secure ROM calls on OMAP and
OMAP-compatible devices. This API provides the important function of
flushing the ROM call arguments to memory from the cache, so that the
secure world will have a coherent view of those arguments. Then is
simply calls the omap_smc_sec routine.
Signed-off-by: Daniel Allred <d-allred@ti.com>
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add an interface for calling secure ROM APIs across a range of OMAP and
OMAP compatible high-security (HS) device variants. While at it, also
perform minor cleanup/alignment without any change in functionality.
Signed-off-by: Daniel Allred <d-allred@ti.com>
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Adds missing flush_dcache_range and invalidate_dcache_range dummy
(empty) placeholder functions to the #else portion of the #ifndef
CONFIG_SYS_DCACHE_OFF, where full implementations of these functions
are defined.
Signed-off-by: Daniel Allred <d-allred@ti.com>
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
There are two enable methods supported by ARM64 Linux; psci and
spin-table. The latter is simpler and helpful for quick SoC bring
up. My main motivation for this patch is to improve the spin-table
support, which allows us to boot an ARMv8 system without the ARM
Trusted Firmware.
Currently, we have multi-entry code in arch/arm/cpu/armv8/start.S
and the spin-table is supported in a really ad-hoc way, and I see
some problems:
- We must hard-code CPU_RELEASE_ADDR so that it matches the
"cpu-release-addr" property in the DT that comes from the
kernel tree.
- The Documentation/arm64/booting.txt in Linux requires that
the release address must be zero-initialized, but it is not
cared by the common code in U-Boot. We must do it in a board
function.
- There is no systematic way to protect the spin-table code from
the kernel. We are supposed to do it in a board specific manner,
but it is difficult to predict where the spin-table code will be
located after the relocation. So, it also makes difficult to
hard-code /memreserve/ in the DT of the kernel.
So, here is a patch to solve those problems; the DT is run-time
modified to reserve the spin-table code (+ cpu-release-addr).
Also, the "cpu-release-addr" property is set to an appropriate
address after the relocation, which means we no longer need the
hard-coded CPU_RELEASE_ADDR.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Upon further review this breaks most other platforms as we need to check
what core we're running on before touching it at all.
This reverts commit d73718f323.
Signed-off-by: Tom Rini <trini@konsulko.com>
Define a default board_run_command() function. This function contains
the commands needed to boot the board when CLI is disabled (CONFIG_CMDLINE=n).
Signed-off-by: Andrej Rosano <andrej@inversepath.com>
if we build for an i.mx6 (d)ual(l)ite CONFIC_MX6DL we shall use
MX6DL_PAD instead the common MX6_PAD.
Signed-off-by: Hannes Schmelzer <oe5hpm@oevsv.at>
Add USB host support.
Tested by connecting a USB pen drive:
=> usb start
starting USB...
USB0: Port not available.
USB1: USB EHCI 1.00
scanning bus 1 for devices... 2 USB Device(s) found
scanning usb for storage devices... 1 Storage Device(s) found
Signed-off-by: Vanessa Maegima <vanessa.maegima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Add script for retrieving the kernel via TFTP and mounting the
rootfs via NFS.
Signed-off-by: Diego Dorta <diego.dorta@nxp.com>
Acked-by: Fabio Estevam <fabio.estevam@nxp.com>
Add a README file to help users to install U-boot binary into the eMMC.
Signed-off-by: Vanessa Maegima <vanessa.maegima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
DFU is a convenient way to program U-boot binary into the eMMC.
Add support for it.
Signed-off-by: Vanessa Maegima <vanessa.maegima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Pico-imx6ul has a KSZ8081 Ethernet PHY.
Add support for it.
Signed-off-by: Diego Dorta <diego.dorta@nxp.com>
Acked-by: Fabio Estevam <fabio.estevam@nxp.com>
Reviewed-by: Stefano Babic <sbabic@denx.de>
Booting a NXP kernel with mainline U-boot leads to the following kernel
crash:
caam: probe of 30900000.caam failed with error -11
Unable to handle kernel NULL pointer dereference at virtual address 00000004
pgd = 80004000
[00000004] *pgd=00000000
Internal error: Oops: 805 [#1] PREEMPT SMP ARM
This happens because NXP kernel expects MX7 to boot in secure mode,
so introduce mx7dsabresd_secure_defconfig that selects CONFIG_MX7_SEC
and allows booting a NXP provided kernel successfully.
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
MX7_SEC is an existing configuration option that allows booting the
kernel in secure mode.
Place this option in Kconfig, so that boards can select this option
in their defconfig files.
Selecting this option is necessary when booting a kernel provided by
NXP, such as 3.14_GA and 4.1.15_GA.
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Tested-by: Michael Trimarchi <michael@amarulasolutions.com>
Instead of passing the total RAM size via PHYS_SDRAM_SIZE option,
we should better use imx_ddr_size() function, which automatically
determines the RAM size.
Signed-off-by: Vanessa Maegima <vanessa.maegima@nxp.com>
Instead of passing the total RAM size via PHYS_SDRAM_SIZE option,
we should better use imx_ddr_size() function, which automatically
determines the RAM size.
Signed-off-by: Vanessa Maegima <vanessa.maegima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Instead of passing the total RAM size via PHYS_SDRAM_SIZE option,
we should better use imx_ddr_size() function, which automatically
determines the RAM size.
Signed-off-by: Vanessa Maegima <vanessa.maegima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Instead of passing the total RAM size via PHYS_SDRAM_SIZE option,
we should better use imx_ddr_size() function, which automatically
determines the RAM size.
Signed-off-by: Vanessa Maegima <vanessa.maegima@nxp.com>
Acked-by: Fabio Estevam <fabio.estevam@nxp.com>
Custom Board based on MX6 Dual, 1GB RAM and eMMC.
There are two variants of the board with and without
PCIe (ZC5202 and ZC5601).
Signed-off-by: Stefano Babic <sbabic@denx.de>
If MAC is directly connected to another MAC (like a switch for example)
we don't need to probe for a phy, autoneogation and so on. We simply
have to setup speed.
Signed-off-by: Hannes Schmelzer <oe5hpm@oevsv.at>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Old revisions of Utilite (based on cm-fx6) do not have a dedicated
card detect pin. But the card is removable by the user and card
detection can be realized with polling (e.g. supported by Linux).
Add the broken-cd property to the mmc device tree instead of the
non-removable property to make card detection possible if polling
is supported.
Signed-off-by: Christopher Spinrath <christopher.spinrath@rwth-aachen.de>
Acked-by: Nikita Kiryanov <nikita@compulab.co.il>
spl_boot_mode() returned MMCSD_MODE_RAW on MMC if CONFIG_SPL_EXT_SUPPORT
was configured. EXTFS is the default filesystem selected in imx6_spl.h
and the function should return MMCSD_MODE_FS instead.
Fix this and return MMCSD_MODE_FS instead in such cases.
Signed-off-by: Petr Kulhavy <brain@jikos.cz>
CC: Stefano Babic <sbabic@denx.de>
CC: Tim Harvey <tharvey@gateworks.com>
CC: Fabio Estevam <Fabio.Estevam@freescale.com>
With the change to set up pinctrl after relocation, link fails to boot. Add
a special case in the link code to handle this.
Fixes: d8906c1f (x86: Probe pinctrl driver in cpu_init_r())
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Add support for Advantech SOM-DB5800 with the SOM-6867 installed.
This is very similar to conga-qeval20-qa3-e3845 in that there is a
reference carrier board (SOM-DB5800) with a Baytrail based SoM (SOM-6867)
installed.
Currently supported:
- 2x UART (From ITE EC on SOM-6867) routed to COM3/4 connectors on
SOM-DB5800.
- 4x USB 2.0 (EHCI)
- Video
- SATA
- Ethernet
- PCIe
- Realtek ALC892 HD Audio
Pad configuration for HDA_RSTB, HDA_SYNC, HDA_CLK, HDA_SDO
HDA_SDI0 is set in DT to enable HD Audio codec.
Pin defaults for codec pin complexs are not changed.
Not supported:
- Winbond Super I/O (Must be disabled with jumpers on SOM-DB8500)
- USB 3.0 (XHCI)
- TPM
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
If global NVS says internal UART is not enabled, hide it in the ASL
code so that OS won't see it.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
Tested-by: George McCollister <george.mccollister@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Now that platform-specific ACPI global NVS is added, pack it into
ACPI table and get its address fixed up.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
Tested-by: George McCollister <george.mccollister@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This introduces quark-specific ACPI global NVS structure, defined in
both C header file and ASL file.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This introduces baytrail-specific ACPI global NVS structure, defined in
both C header file and ASL file.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
Tested-by: George McCollister <george.mccollister@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This patch adds support to enable and use the internal BayTrail UART
instead of the one integrated in the Super IO Winbond chip. For this,
a 2nd defconfig file is added.
This is useful for tests done for the congatec SoM used on baseboards
without such a Super IO chip.
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Bin Meng <bmeng.cn@gmail.com>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
For any FSP-enabled boards that want to enable debug UART support,
setup_internal_uart() will be called, but this API is only available
on BayTrail platform. Change to wrap it with CONFIG_INTERNAL_UART.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
There are quite a number of BayTrail boards that uses an external
SuperIO chipset to provide the legacy UART. For such cases, it's
better to have a Kconfig option to enable the internal UART.
So far BayleyBay and MinnowMax boards are using internal UART as
the U-Boot console, enable this on these two boards.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
For consistency with board_should_run_oprom(), do the same to
should_load_oprom(). Board support codes can provide this one
to override the default weak one.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
At present should_load_oprom() calls board_should_run_oprom() to
determine whether oprom should be loaded. But sometimes we just
want to load oprom without running. Make them independent.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This patch support the driver mode for exynos dwmmc controller.
To support the legacy model, maintained the existing code.
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Minkyu Kang <mk7.kang@samsung.com>
If there is not "samsung,bus-width" property, use the 4bit buswidth by
default.
Almost all Exnyos SoCs support at least 4bit buswidth.
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Minkyu Kang <mk7.kang@samsung.com>
Clean the unused and unnecessary codse.
This patch is one of them for preparing to use DM.
Because it's easy to maintain and combine DM after cleaning codes.
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Minkyu Kang <mk7.kang@samsung.com>
PERIPH_ID_SDMMC4(131) is not continous value with PERIPH_ID_SDMMC0(75).
If there is no 'index' property in fdt, then dev_index should be
assigned to dev_id(Peripheral ID).
At this time, dev_index should be "56". It means Exynos SoC has "56"
numbers of DWMMC IP. To prevent this behavior, it needs to check the
maximum device index.
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Minkyu Kang <mk7.kang@samsung.com>
Removed #ifdef for OF_CONTROL.
It might use 'OF_CONTROL' by default.
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Minkyu Kang <mk7.kang@samsung.com>
