As part of Chain of Trust for Secure boot, the SPL U-Boot will validate
the next level U-boot image. Add a new function spl_validate_uboot to
perform the validation.
Enable hardware crypto operations in SPL using SEC block.
In case of Secure Boot, PAMU is not bypassed. For allowing SEC block
access to CPC configured as SRAM, configure PAMU.
Reviewed-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: York Sun <york.sun@nxp.com>
Due to the blow up of the latest kernel size, the default gnuzip
size (8M) seems too small. The yocto kernel size I built for
mpc8315erdb board is 5294393, and it can't be boot by using the
latest u-boot. So expand gnuzip buffer for all the mpc83xx boards
to fix this issue.
Robert P. J. Day also pointed that the kernel partition on the NAND
flash is also too small, fix it at the same time.
Reported-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Robert P. J. Day has pointed that the value of SYS_MONITOR_LEN in
MPC8315ERDB.h is smaller than the u-boot.bin. This will cause the
overlap between the code of u-boot and the environment variable.
So when executing saveenv, it will corrupt the code of u-boot and
causes the board not boot. Fix this for all the mpc83xx boards by
reserving a 512K area.
Reported-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Reviewed-by: York Sun <york.sun@nxp.com>
On Tegra186, U-Boot is booted by the binary firmware as if it were a
Linux kernel. Consequently, a DTB is passed to U-Boot. Cache the address
of that DTB, and parse the /memory/reg property to determine the actual
RAM regions that U-Boot and subsequent EL2/EL1 SW may actually use.
Given the binary FW passes a DTB to U-Boot, I anticipate the suggestion
that U-Boot use that DTB as its control DTB. I don't believe that would
work well, so I do not plan to put any effort into this. By default the
FW-supplied DTB is the L4T kernel's DTB, which uses non-upstreamed DT
bindings. U-Boot aims to use only upstreamed DT bindings, or as close as
it can get. Replacing this DTB with a DTB using upstream bindings is
physically quite easy; simply replace the content of one of the GPT
partitions on the eMMC. However, the binary FW at least partially relies
on the existence/content of some nodes in the DTB, and that requires the
DTB to be written according to downstream bindings. Equally, if U-Boot
continues to use appended DTBs built from its own source tree, as it does
for all other Tegra platforms, development and deployment is much easier.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
Implement a hook to allow boards to save boot-time CPU state for later
use. When U-Boot is chain-loaded by another bootloader, CPU registers may
contain useful information such as system configuration information. This
feature mirrors the equivalent ARMv7 feature.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
Rev A03 of P2180 requires some PMIC programming adjustments, yet the
PMIC's own OTP has not been updated. Consequently, U-Boot must make
these changes itself.
NVIDIA's syseng team has confirmed that these changes can be enabled on
all board revisions without issue.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
IVC (Inter-VM Communication) protocol is a Tegra-specific IPC (Inter
Processor Communication) framework. Within the context of U-Boot, it is
typically used for communication between the main CPU and various
auxiliary processors. In particular, it will be used to communicate with
the BPMP (Boot and Power Management Processor) on Tegra186 in order to
manipulate clocks and reset signals.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
Many files in arch/arm/mach-tegra are compiled conditionally based on
Kconfig variables, or applicable to all platforms. We can let the main
Tegra Makefile handle compiling (or not) those files to avoid each SoC-
specific Makefile needing to duplicate entries for those files. This
leaves the SoC-specific Makefiles to compile truly SoC-specific code.
In the future, we'll hopefully add Kconfig variables for all the other
files, and refactor those files, and so reduce the need for SoC-specific
Makefiles and/or ifdefs in the Makefiles.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
There are multiple versions of p2771-0000 board. There are SW visible
incompatible differences between the versions, and they are relevant to
U-Boot. Create separate "A02" and "B00" defconfigs (named after the first
and/or only board rev the defconfig supports) so that users can select
which build they want.
With the minimal set of HW currently enabled in U-Boot, the differences
are irrelevant, hence the DT files aren't different. However, that will
change in a future patch.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
Tegra186 uses different GPIO port IDs compared to previous chips. Make
sure the SoC DT file includes the correct GPIO binding header.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
Commit 555f45d8f9 ("image: Convert the IH_... values to enums")
accidentally changed some IH_ARCH_... values.
Prior to that commit, there existed a gap between IH_ARCH_M68K and
IH_ARCH_MICROBLAZE, like follows.
#define IH_ARCH_SPARC64 11 /* Sparc 64 Bit */
#define IH_ARCH_M68K 12 /* M68K */
#define IH_ARCH_MICROBLAZE 14 /* MicroBlaze */
#define IH_ARCH_NIOS2 15 /* Nios-II */
The enum conversion broke the compatibility with existing uImage
files. Reverting 555f45d8f9 will cause build error unfortunately,
so here is a more easy fix.
I dug the git history and figured out the gap was introduced by
commit 1117cbf2ad ("nios: remove nios-32 arch"). So, I revived
IH_ARCH_NIOS just for filling the gap.
I added comments to each enum block. Once we assign a value to
IH_... it is not allowed to change it.
Acked-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
I2C offset was changed by commit 00f792e0 (added multibus support)
from 0x3100 to 0x3000. This typo leads to error when reading SPD
from DDR DIMMs.
Signed-off-by: Benjamin Kamath <bkamath@spaceflight.com>
Signed-off-by: York Sun <york.sun@nxp.com>
Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>
flash_full_status_check() checks bit XSR.7 on Intel chips. This
should be done by only checking bit 7 and not by comparing the
whole status byte or word with 0x80.
This fixes the non-working block erase in the pflash emulation
of Qemu when used with the MIPS Malta board. MIPS Malta uses x32
mode to access the pflash device. In x32 mode Qemu mirrors the
lower 16 bits of the status word into the upper 16 bits. Thus
the CFI driver gets a status word of 0x8080 in x32 mode. If
flash_full_status_check() uses flash_isequal(), then it polls for
XSR.7 by comparing 0x8080 with 0x80 which never becomes true.
Reported-by: Alon Bar-Lev <alon.barlev@gmail.com>
Signed-off-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Signed-off-by: Stefan Roese <sr@denx.de>
The PPA use PSCI to make secondary cores bootup. So when PPA was
enabled, add the CONFIG_ARMV8_PSCI to identify the SMP boot-method
between PSCI and spin-table.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Set the enable-method in the cpu node to PSCI, and create device
node for PSCI, when PSCI was enabled.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
If the PSCI and PPA is ready, skip the fixup for spin-table and
waking secondary cores. Otherwise, change SMP method to spin-table,
and the device node of PSCI will be removed.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
The FSL Primary Protected Application (PPA) is a software component
loaded during boot which runs in TrustZone and remains resident
after boot.
Use the secure firmware framework to integrate FSL PPA into U-Boot.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
This framework is introduced for ARMv8 secure monitor mode firmware.
The main functions of the framework are, on EL3, verify the firmware,
load it to the secure memory and jump into it, and while it returned
to U-Boot, do some necessary setups at the 'target exception level'
that is determined by the respective secure firmware.
So far, the framework support only FIT format image, and need to define
the name of which config node should be used in 'configurations' and
the name of property for the raw secure firmware image in that config.
The FIT image should be stored in Byte accessing memory, such as NOR
Flash, or else it should be copied to main memory to use this framework.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
This function assume that the d-cache and MMU has been enabled earlier,
so it just created MMU table in main memory. But the assumption is not
always correct, for example, the early setup is done in EL3, while
enable_caches() is called when the PE has turned into another EL.
Define the function mmu_setup() for fsl-layerscape to cover the weak
one.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Drop platform code to create static MMU tables. Use common framework
to create MMU tables on the run. Tested on LS2080ARDB with secure and
non-secure ram scenarios.
Signed-off-by: York Sun <york.sun@nxp.com>
This should be spl_of_platdata, since otherwise it will try to run on boards
that don't support of-platdata.
Signed-off-by: Simon Glass <sjg@chromium.org>
The code had assumed 4 CPUS before and now we have this configurable.
For now, set this to the previous default.
Cc: Chander Kashyap <k.chander@samsung.com>
Cc: Steve Rae <steve.rae@raedomain.com>
Cc: Minkyu Kang <mk7.kang@samsung.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Introduce virtual and physical addresses in the mapping table. This change
have no impact on existing boards because they all use idential mapping.
Signed-off-by: York Sun <york.sun@nxp.com>
When page tables are created, allow later table to be created on
previous block entry. Splitting block feature is already working
with current code. This patch only rearranges the code order and
adds one condition to call split_block().
Signed-off-by: York Sun <york.sun@nxp.com>
Make setup_pgtages() and get_tcr() available for platform code to
customize MMU tables.
Remove unintentional call of create_table().
Signed-off-by: York Sun <york.sun@nxp.com>
When secure ram is used, MMU tables have to be put into secure ram.
To use common MMU code, gd->arch.tlb_addr will be used to host TLB
entry pointer. To save allocated memory for later use, tlb_allocated
variable is added to global data structure.
Signed-off-by: York Sun <york.sun@nxp.com>
Secure_ram variable was put in generic global data. But only ARMv8
uses this variable. Move it to ARM specific data structure.
Signed-off-by: York Sun <york.sun@nxp.com>
Now that we have a secure data section for storing variables, there
should be no need for platform code to get the stack address.
Make psci_get_cpu_stack_top a local function, as it should only be
used in armv7/psci.S and only by psci_stack_setup.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Now that we have a secure data section and space to store per-CPU target
PC address, switch to it instead of storing the target PC on the stack.
Also save clobbered r4-r7 registers on the stack and restore them on
return in psci_cpu_on for Tegra, i.MX7, and LS102xA platforms.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Now that we have a data section, add helper functions to save and fetch
per-CPU target PC.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
The secure monitor may need to store global or static values within the
secure section of memory, such as target PC or CPU power status.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
sunxi and i.mx7 both define the __secure modifier to put functions in
the secure section. Move this to a common place.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
As the PSCI implementation grows, we might exceed the size of the secure
memory that holds the firmware.
Add a configurable CONFIG_ARMV7_SECURE_MAX_SIZE so platforms can define
how much secure memory is available. The linker then checks the size of
the whole secure section against this.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
psci_text_end was used to calculate the PSCI stack address following the
secure monitor text. Now that we have an explicit secure stack section,
this is no longer used.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Now that we have a secure stack section that guarantees usable memory,
allocate the PSCI stacks in that section.
Also add a diagram detailing how the stacks are placed in memory.
Reserved space for the target PC remains unchanged. This should be
moved to global variables within a secure data section in the future.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Until now we've been using memory beyond psci_text_end as stack space
for the secure monitor or PSCI implementation, even if space was not
allocated for it.
This was partially fixed in ("ARM: allocate extra space for PSCI stack
in secure section during link phase"). However, calculating stack space
from psci_text_end in one place, while allocating the space in another
is error prone.
This patch adds a separate empty secure stack section, with space for
CONFIG_ARMV7_PSCI_NR_CPUS stacks, each 1 KB. There's also
__secure_stack_start and __secure_stack_end symbols. The linker script
handles calculating the correct VMAs for the stack section. For
platforms that relocate/copy the secure monitor before using it, the
space is not allocated in the executable, saving space.
For platforms that do not define CONFIG_ARMV7_PSCI_NR_CPUS, a whole page
of stack space for 4 CPUs is allocated, matching the previous behavior.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
The original PSCI implementation assumed CONFIG_ARMV7_PSCI_NR_CPUS=4.
Add this to platforms that have not defined it, using CONFIG_MAX_CPUS if
it is defined, or the actual number of cores for the given platform.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Targets that define CONFIG_ARMV7_SECURE_BASE will copy the secure section
to another address before execution.
Since the secure section in the u-boot image is only storage, there's
no reason to page align it and increase the binary image size.
Page align the secure section only when CONFIG_ARMV7_SECURE_BASE is not
defined. And instead of just aligning the __secure_start symbol, align
the whole .__secure_start section. This also makes the section empty,
so we need to add KEEP() to the input entry to prevent the section from
being garbage collected.
Also use ld constant "COMMONPAGESIZE" instead of hardcoded page size.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
This patch finishes the rewrite of sunxi specific PSCI parts into C
code.
The assembly-only stack setup code has been factored out into a common
function for ARMv7. The GIC setup code can be renamed as psci_arch_init.
And we can use an empty stub function for psci_text_end.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Every platform has the same stack setup code in assembly as part of
psci_arch_init.
Move this out into a common separate function, psci_stack_setup, for
all platforms. This will allow us to move the remaining parts of
psci_arch_init into C code, or drop it entirely.
Also provide a stub no-op psci_arch_init for platforms that don't need
their own specific setup code.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
The Orange Pi Lite SBC is a small H3 based SBC, with 512MB RAM,
micro-sd slot, HDMI out, 2 USB-A connectors, 1 micro-USB connector,
sdio attached rtl8189ftv wifi and an ir receiver.
The dts file is identical to the one submitted to the upstream kernel.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Ian Campbell <ijc@hellion.org.uk>
This enables extra USB controllers which enable use of the 3rd USB
port on the new Orange Pi Plus 2E variant.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Ian Campbell <ijc@hellion.org.uk>
The Plus variant of the Orange Pi PC has an eMMC, add support for this.
Note we are using the same u-boot defconfig / dts for both the regular
Orange Pi PC as well as the Orange Pi PC Plus.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Ian Campbell <ijc@hellion.org.uk>
Now that we know that the BROM stores a value indicating the boot-source
at the beginning of SRAM, use that instead of trying to recreate the
BROM's boot probing.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Ian Campbell <ijc@hellion.org.uk>