i.MX8 only support AHAB secure boot with Container format image,
we could not use FIT to support secure boot, so introduce container
support to let SPL could load container images.
Cc: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Cc: Tien Fong Chee <tien.fong.chee@intel.com>
Cc: York Sun <york.sun@nxp.com>
Cc: Marek Vasut <marex@denx.de>
Cc: Alex Kiernan <alex.kiernan@gmail.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Heiko Schocher <hs@denx.de>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Pass spl_image and bootdev to board_return_bootrom.
i.MX8MN needs the args to let ROM to load images
Cc: Simon Glass <sjg@chromium.org>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
RISC-V OpenSBI is an open-source implementation of the RISC-V Supervisor
Binary Interface (SBI) specification. It is required by Linux and U-Boot
running in supervisor mode. This patch adds support for booting via the
OpenSBI FW_DYNAMIC firmware. It supports OpenSBI version 0.4 and higher.
In this configuration, U-Boot SPL starts in machine mode. After loading
OpenSBI and U-Boot proper, it will start OpenSBI. All necessary
parameters are generated by U-Boot SPL and are passed to OpenSBI. U-Boot
proper is started in supervisor mode by OpenSBI. Support for OpenSBI is
enabled with CONFIG_SPL_OPENSBI. An additional configuration entry,
CONFIG_SPL_OPENSBI_LOAD_ADDR, is used to specify the load address of the
OpenSBI firmware binary. It is not used directly in U-Boot and instead
is intended to make the value available to scripts such as FIT
configuration generators.
The header file include/opensbi.h is based on header files from the
OpenSBI project. They are recent, as of commit bae54f764570 ("firmware:
Add fw_dynamic firmware").
Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
The current U-Boot SPL image loader infrastructure is very powerful,
able to initialize and load from a variety of boot media however it
is strongly geared towards loading specific types of images in a very
specific way. To address the need being able to use this infrastructure
to load arbitrary image files go ahead and refactor it as follows:
- Refactor existing spl_mmc_load_image function into superset function,
accepting additional arguments such as filenames and media load offset
(same concept can also be applied toother spl_XXX_load_image functions)
- Extend the loader function to "remember" their peripheral initialization
status so that the init is only done once during the boot process,
- Extend the FIT image loading function to allow skipping the parsing/
processing of the FIT contents (so that this can be done separately
in a more customized fashion)
- Populate the SPL_LOAD_IMAGE_METHOD() list with a trampoline function,
invoking the newly refactored superset functions in a way to maintain
compatibility with the existing behavior
This refactoring initially covers MMC/SD card loading (RAW and FS-based).
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Set the spl_image->fdt_addr pointer both for simple fitImage configuration
as well as full fitImage configuration, to let spl_perform_fixups() access
the DT and perform modifications to it if necessary.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Tom Rini <trini@konsulko.com>
SPL currently does not check uImage CRCs when loading U-Boot.
This patch adds checking the uImage CRC when SPL loads U-Boot. It does
this by reusing the existing config option SPL_CRC32_SUPPORT to allow
leaving out the CRC check on boards where the additional code size or
boot time is a problem (adding the CRC check currently adds ~1.4 kByte
to flash).
The SPL_CRC32_SUPPORT config option now gets enabled by default if SPL
support for legacy images is enabled to check the CRC on all boards
that don't actively take countermeasures.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Introduce two board level callback functions to FIT image loading process, and
a SPL_FIT_FOUND flag to differentiate FIT image or RAW image.
Implement functions in imx common SPL codes to call HAB funtion
to authenticate the FIT image. Generally, we have to sign multiple regions
in FIT image:
1. Sign FIT FDT data (configuration)
2. Sign FIT external data (Sub-images)
Because the CSF supports to sign multiple memory blocks, so that we can use one
signature to cover all regions in FIT image and only authenticate once.
The authentication should be done after the entire FIT image is loaded into
memory including all sub-images.
We use "-p" option to generate FIT image to reserve a space for FIT IVT
and FIT CSF, also this help to fix the offset of the external data (u-boot-nodtb.bin,
ATF, u-boot DTB).
The signed FIT image layout is as below:
--------------------------------------------------
| | | | | | | |
| FIT | FIT | FIT | | U-BOOT | ATF | U-BOOT |
| FDT | IVT | CSF | | nodtb.bin | | DTB |
| | | | | | | |
--------------------------------------------------
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
commit d633006463 ("spl: Add a define for SPL_TPL_PROMPT")
changes the SPL/TPL banner from upper case into lower
case. As SPL and TPL are three-letter acronyms and they
are written in upper case, change it back to upper case.
Signed-off-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
There is some basic informaton that SPL normally wants to pass through to
U-Boot, such as the SDRAM size and bank information.
Mkae use of the new bloblist structure for this. Add a new 'handoff' blob
which is set up in SPL and passed to U-Boot proper. Also adda test for
sandbox_spl that checks that this works correctly and a new 'sb' command
to show the information passed from SPL.
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
We should use a macro rather than hard-coding the SPL prompt to 'spl'
since the code can be used by TPL too. Add a macro that works for both
and use it in various places.
This allows TPL to use the same code without printing confusing messages.
Note that the string is lower case ('spl', 'tpl') which is a change from
previously.
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
The bloblist is normally set up in SPL ready for use by U-Boot. Add
a simple implementation of this to the common SPL code.
Signed-off-by: Simon Glass <sjg@chromium.org>
OP-TEE is an open source trusted OS, in armv7, its loading and
running are like this:
loading:
- SPL load both OP-TEE and U-Boot
running:
- SPL run into OP-TEE in secure mode;
- OP-TEE run into U-Boot in non-secure mode;
To make code simple, it would be fine to use IH_OS_TEE for the
os tyle in TPL(just like IH_OS_LINUX is using both in SPL and U-Boot).
Here is the diagram for SPL loading OP-TEE,
IH_OS_TEE:(make u-boot.itb for SPL)
Non-Secure Secure
BootROM
|
v
SPL
|
v
--------- OP-TEE
|
v
U-Boot
|
V
Linux
For other two king of OP-TEE loading/booting, see commit message:
45b55712d4 image: Add IH_OS_TEE for TEE chain-load boot
More detail:
https://github.com/OP-TEE/optee_os
and search for 'boot arguments' for detail entry parameter in:
core/arch/arm/kernel/generic_entry_a32.S
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Cc: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
The SPL loaders assume that the CONFIG_SYS_TEXT_BASE memory location
is available and can be corrupted by loading ie. uImage or fitImage
headers there. Sometimes it could be beneficial to load the headers
elsewhere, ie. if CONFIG_SYS_TEXT_BASE is not yet writable while we
still want to parse the image headers in some local onchip memory to
ie. extract firmware from that image.
Add the possibility to override the location where the headers get
loaded by introducing new function, spl_get_load_buffer() which takes
two arguments -- offset from the CONFIG_SYS_TEXT_BASE and size of the
data that are to be loaded there -- and returns a valid buffer address
or hangs the system. The default behavior is the same as before, add
the offset to CONFIG_SYS_TEXT_BASE and return that address. User can
override the weak spl_get_load_buffer() function though.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
At present each entry has an offset within its parent section. This is
useful for figuring out how entries relate to one another. However it
is sometimes necessary to locate an entry within an image, regardless
of which sections it is nested inside.
Add a new 'image-pos' property to provide this information. Also add
some documentation for the -u option binman provides, which updates the
device tree with final entry information.
Since the image position is a better symbol to use for the position of
U-Boot as obtained by SPL, update the SPL symbols to use this instead of
offset, which might be incorrect if hierarchical sections are used.
Signed-off-by: Simon Glass <sjg@chromium.org>
After some thought, I believe there is an unfortunate naming flaw in
binman. Entries have a position and size, but now that we support
hierarchical sections it is unclear whether a position should be an
absolute position within the image, or a relative position within its
parent section.
At present 'position' actually means the relative position. This indicates
a need for an 'image position' for code that wants to find the location of
an entry without having to do calculations back through parents to
discover this image position.
A better name for the current 'position' or 'pos' is 'offset'. It is not
always an absolute position, but it is always an offset from its parent
offset.
It is unfortunate to rename this concept now, 18 months after binman was
introduced. However I believe it is the right thing to do. The impact is
mostly limited to binman itself and a few changes to in-tree users to
binman:
tegra
sunxi
x86
The change makes old binman definitions (e.g. downstream or out-of-tree)
incompatible if they use the 'pos = <...>' property. Later work will
adjust binman to generate an error when it is used.
Signed-off-by: Simon Glass <sjg@chromium.org>
On some boards, we want to give the board/architecture-specific code a
chance to look at where the next image has been loaded from and
perform fixups before starting the next image. This is of particular
importance, when we probe multiple devices for bootable payloads and
boot the first one found.
This change adds the following:
- we record the boot_device used into the spl_image structure
- we provide an extension-point for boards/architectures that can
perform late fixups depending on a fully populated spl_image
structure (i.e. we'll know the final boot_device and have info
on the image type and operating system to be booted).
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Tested-by: Klaus Goger <klaus.goger@theobroma-systems.com>
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.
In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.
This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.
Signed-off-by: Tom Rini <trini@konsulko.com>
The spl_boot_partition function has been added in order to have
the possibility to boot on a same binary from different mmc devices
with different partitions.
By default keep the current behavior, SPL use the partition defined
by CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_PARTITION.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Signed-off-by: Christophe KERELLO <christophe.kerello@st.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
Allow SPL to access binman symbols and use this to get the address of
U-Boot. This falls back to CONFIG_SYS_TEXT_BASE if the binman symbol
is not available.
Signed-off-by: Simon Glass <sjg@chromium.org>
Mainly a stylistic change: convert the load_addr and entry_point
fields of struct spl_image_info to uintptr_t (from ulong).
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When loading a full U-Boot with detached device-tree using the SPL FIT
backend, we should store the address of the FDT loaded as part of the
SPL image info: this allows us to fixup the FDT with additional info
we may want to propagate onward.
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Commit 15eb1d43bf ("spl: reorder the assignment of board info to
global data") intended to move assignment of board info earlier,
into board_init_r(). However, function preload_console_init() is
called either from spl_board_init() or from board_init_f(). For the
latter case, the board info assignment is much earlier than proposed
board_init_r(). Create a new function to fill gd->bd and call this
function when needed.
Signed-off-by: York Sun <york.sun@nxp.com>
CC: Lokesh Vutla <lokeshvutla@ti.com>
CC: Ravi Babu <ravibabu@ti.com>
CC: Lukasz Majewski <lukma@denx.de>
CC: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Some devices (e.g. the RK3368) have only limited SRAM, but provide
support for loading the next boot stage after our SPL performs basic
setup (e.g. DRAM).
For target systems like these, we add a boot device BOOTROM that will
invoke a board-specific hook to return to the bootrom (if supported).
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
ATF(ARM Trusted Firmware) is used by ARM arch64 SoCs, find more infomation
about ATF at: https://github.com/ARM-software/arm-trusted-firmware
SPL is considered as BL2 in ATF terminology, it needs to load other parts
of ATF binary like BL31, BL32, SCP-BL30, and BL33(U-Boot). And needs to
prepare the parameter for BL31 which including entry and image information
for all other images. Then the SPL handle PC to BL31 with the parameter,
the BL31 will do the rest of work and at last get into U-Boot(BL33).
This patch needs work with patches from Andre for SPL support multi
binary in FIT.
The entry point of bl31 and bl33 are still using hard code because we
still can not get them from the FIT image information.
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Tested-by: Heiko Stuebner <heiko@sntech.de>
Acked-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
At present fdt blob or argument address being passed to kernel is fixed at
compile time using macro CONFIG_SYS_SPL_ARGS_ADDR. FDT blob from
different media like nand, nor flash are copied to the address pointed
by the macro.
The problem is, it makes args/fdt blob compulsory to copy which is not required
in cases like for NOR Flash. This patch removes this limitation.
Signed-off-by: Vikas Manocha <vikas.manocha@st.com>
CONFIG_SPL_ABORT_ON_RAW_IMAGE causes SPL to abort and move on when it
encounters RAW images, express this same functionality as a positive
option enabling support for RAW images: CONFIG_SPL_RAW_IMAGE_SUPPORT
Also move uses of this to defconfigs.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: Rework Kconfig logic a little, move to common/spl/Kconfig]
Signed-off-by: Tom Rini <trini@konsulko.com>
At present malloc_base/_limit/_ptr are not initialised in spl_init() when
we call spl_init() in board_init_f(). This is due to a recent change aimed
at avoiding overwriting the malloc area set up on some boards by
spl_relocate_stack_gd().
However if CONFIG_SPL_STACK_R_MALLOC_SIMPLE_LEN is not defined, we now
skip setting up the memory area in spl_init() which is obviously wrong.
To fix this, add a new function spl_early_init() which can be called in
board_init_f().
Fixes: b3d2861e (spl: Remove overwrite of relocated malloc limit)
Signed-off-by: Eddie Cai <eddie.cai.linux@gmail.com>
Rewrote spl_{,early_}init() to avoid duplicate code:
Rewrite/expand commit message:
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Eddie Cai <eddie.cai.linux@gmail.com>
Since entry_point and load_addr are addresses, they should be
represented as longs to cover the whole address space and to avoid
warning when compiling the SPL in 64-bit.
Also adjust debug prints to add the 'l' specifier, where needed.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Acked-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Reviewed-by: Jagan Teki <jagan@openedev.com>
It is useful to name each method so that we can print out this name when
using the method. Currently this happens using a separate function. In
preparation for unifying this, add a name to each method.
The name is only available if we have libcommon support (i.e can use
printf()).
Signed-off-by: Simon Glass <sjg@chromium.org>
Make the spl_mmc_load_image() available globally, so it can be
invoked directly by SPL on extremely space-constrained systems.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Tom Rini <trini@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Jaehoon Chung <jh80.chung@samsung.com>
There is no need for this to be in the BSS region. By moving it we can delay
use of BSS in SPL. This is useful for machines where the BSS region is not
in writeable space. On 64-bit x86, SPL runs from SPI flash and it is easier
to eliminate BSS use than link SPL to run with BSS at a particular
cache-as-RAM (CAR) address.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Update the fat loader to avoid using the spl_image global variable.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Update the ext loader to avoid using the spl_image global variable.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Rather than having a global variable, pass the spl_image as a parameter.
This avoids BSS use, and makes it clearer what the function is actually
doing.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add a linker list declaration for this method and remove the explicit
switch() code. Update existing users.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add a linker list declaration for this method and remove the explicit
switch() code. We need two variants - one for BOOT_DEVICE_CPGMAC and one for
BOOT_DEVICE_USBETH.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add a linker list declaration for this method and remove the explicit
switch() code. Also set up the sunxi function.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add a linker list declaration for this method and remove the explicit
switch() code.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add a linker list declaration for this method and remove the explicit
switch() code.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add a linker list declaration for this method and remove the explicit
switch() code.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add a linker list declaration for this method and remove the explicit
switch() code.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add a linker list declaration for this method and remove the explicit
switch() code.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add a linker list declaration for this method and remove the explicit
switch() code.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add a linker list declaration for this method and remove the explicit
switch() code.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add a linker list declaration for this method and remove the explicit
switch() code.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add a linker list macro which can be used to declare an SPL image loader.
Update spl_load_image() to search available loaders for the correct one.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
At present some spl_xxx_load_image() functions take a parameter and some
don't. Of those that do, most take an integer but one takes a string.
Convert this parameter into a struct so that we can pass all functions the
same thing. This will allow us to use a common function signature.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>