This fixes a regression in the eMMC fast boot mode case where the buffer
was missing 464 bytes.
The code figures out how many bytes must at least be fetched to honor
the current read, rounds that up to the ss->pagesize [which is a no-op
in the USB download case because that has ->pagesize==1], fetches that
many bytes, but then recorded the original upper bound as the new end of
the valid data. However, this did not take into account the rounding up
to the ss->pagesize. Fix this by recording the actual bytes downloaded.
Fixes: 4b4472438f ("imx: spl_imx_romapi: avoid tricky use of spl_load_simple_fit() to get full FIT size")
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Acked-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Aligning addresses and sizes causes overhead which is unnecessary when we
are not loading from block devices. Remove bl_len when it is not needed.
For example, on iot2050 we save 144 bytes with this patch (once the rest of
this series is applied):
add/remove: 0/0 grow/shrink: 0/3 up/down: 0/-144 (-144)
Function old new delta
spl_load_simple_fit 920 904 -16
load_simple_fit 496 444 -52
spl_spi_load_image 384 308 -76
Total: Before=87431, After=87287, chg -0.16%
We use panic() instead of BUILD_BUG_ON in spl_set_bl_len because we still
need to be able to compile it for things like mmc_load_image_raw_sector,
even if that function will not be used.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Simplify things a bit for callers of spl_load_info->read by refactoring it
to use units of bytes instead of bl_len. This generally simplifies the
logic, as MMC is the only loader which actually works in sectors. It will
also allow further refactoring to remove the special-case handling of
filename. spl_load_legacy_img already works in units of bytes (oops) so it
doesn't need to be changed.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The migration deadline for moving to DM_SCSI was v2023.04. A further
reminder was sent out in August 2023 to the remaining platforms that had
not migrated already, and that a few more over the line (or configs
deleted).
With this commit we:
- Rename CONFIG_DM_SCSI to CONFIG_SCSI.
- Remove all of the non-DM SCSI code. This includes removing other
legacy symbols and code and removes some legacy non-DM AHCI code.
- Some platforms that had previously been DM_SCSI=y && SCSI=n are now
fully migrated to DM_SCSI as a few corner cases in the code assumed
DM_SCSI=y meant SCSI=y.
Signed-off-by: Tom Rini <trini@konsulko.com>
Similar change was done by commit b4c2c151b1 ("Kconfig: Remove all
default n/no options") and again sync is required.
default n/no doesn't need to be specified. It is default option anyway.
Signed-off-by: Michal Simek <michal.simek@amd.com>
Reviewed-by: Svyatoslav Ryhel <clamor95@gmail.com> # tegra
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Angelo Dureghello <angelo@kernel-space.org>
Make sure we have an IMX header before calling spl_load_imx_container,
since if we don't it will fail with -ENOENT. This allows us to fall back to
legacy/raw images if they are also enabled.
This is a functional change, one which likely should have been in place
from the start, but a functional change nonetheless. Previously, all
non-IMX8 images (except FITs without FIT_FULL) would be optimized out if
the only image load method enabled supported IMX8 images. With this change,
support for other image types now has an effect.
There are seven boards with SPL_LOAD_IMX_CONTAINER enabled: three with
SPL_BOOTROM_SUPPORT:
imx93_11x11_evk_ld imx93_11x11_evk imx8ulp_evk
and four with SPL_MMC:
deneb imx8qxp_mek giedi imx8qm_mek
All of these boards also have SPL_RAW_IMAGE_SUPPORT and
SPL_LEGACY_IMAGE_FORMAT enabled as well. However, none have FIT support
enabled. Of the six load methods affected by this patch, only SPL_MMC and
SPL_BOOTROM_SUPPORT are enabled with SPL_LOAD_IMX_CONTAINER.
spl_romapi_load_image_seekable does not support legacy or raw images, so
there is no growth. However, mmc_load_image_raw_sector does support loading
legacy/raw images. Since these images could not have been booted before, I
have disabled support for legacy/raw images on these four boards. This
reduces bloat from around 800 bytes to around 200.
There are no in-tree boards with SPL_LOAD_IMX_CONTAINER and AHAB_BOOT both
enabled, so we do not need to worry about potentially falling back to
legacy images in a secure boot scenario.
Future work could include merging imx_container.h with imx8image.h, since
they appear to define mostly the same structures.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
These error messages are missing newlines. Add them.
Fixes: 6e81ca220e ("imx: parse-container: Use malloc for container processing")
Signed-off-by: Sean Anderson <seanga2@gmail.com>
We should load images to their destination, not their entry point.
Fixes: 7b86cd4274 ("imx8: support parsing i.MX8 Container file")
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Implement the 'getprisec' subcommand of 'bmode' command for i.MX8M by
reading out the ROM log events. This event is set by the BootROM if it
switched to the secondary copy due to primary copy being corrupted.
Signed-off-by: Fedor Ross <fedor.ross@ifm.com>
Signed-off-by: Marek Vasut <marex@denx.de>
In case of a secondary image boot from the user area of an eMMC device,
the correct offset must be calculated. The offset is fused in the fuse
IMG_CNTN_SET1_OFFSET of the i.MX8M Nano and Plus. The calculation of the
offset is described in the reference manual (IMX8MNRM Rev. 2, 07/2022
and IMX8MPRM Rev. 1, 06/2021):
The fuse IMG_CNTN_SET1_OFFSET (0x490[22:19]) is defined as follows:
* Secondary boot is disabled if fuse value is bigger than 10,
n = fuse value bigger than 10.
* n == 0: Offset = 4MB
* n == 2: Offset = 1MB
* Others & n <= 10 : Offset = 1MB*2^n
Signed-off-by: Fedor Ross <fedor.ross@ifm.com>
Signed-off-by: Marek Vasut <marex@denx.de>
Factor out parsing of ROM log in function spl_mmc_emmc_boot_partition().
This can be helpful to detect a secondary image boot without fiddling
around with MMC partitions. This way for example, U-Boot is able to
detect a secondary image boot and can enter some fallback scenario like
starting a recovery mode.
Signed-off-by: Fedor Ross <fedor.ross@ifm.com>
Signed-off-by: Marek Vasut <marex@denx.de>
Introduce two new weak functions, arch_spl_mmc_get_uboot_raw_sector() and
board_spl_mmc_get_uboot_raw_sector(), each of which can be overridden at
a matching level, that is arch/ and board/ , in addition to the existing
weak function spl_mmc_get_uboot_raw_sector().
This way, architecture code can define a default architecture specific
implementation of arch_spl_mmc_get_uboot_raw_sector(), while the board
code can override that using board_spl_mmc_get_uboot_raw_sector() which
takes precedence over the architecture code. In some sort of unlikely
special case where code has to take precedence over board code too, the
spl_mmc_get_uboot_raw_sector() is still left out to be a weak function,
but it should be unlikely that this is ever needed to be overridden.
Signed-off-by: Marek Vasut <marex@denx.de>
The xfi3 target has been removed by commit 539fba2c10 ("arm:
Remove xfi3 board"), but it missed to remove an entry from the
mxs Kconfig.
Remove it.
Signed-off-by: Fabio Estevam <festevam@denx.de>
The current code works by sheer coincidence, because (see HABv4 API
documentation, section 3.4) the RVT authenticate_image call updates
the size that is passed in with the actual size ROM code pulls from
IVT/CSF . So if the input size is larger, that is "fine" . Pass in
size instead to make this really correct.
Signed-off-by: Marek Vasut <marex@denx.de>
- Generally we just drop the #ifdef CONFIG_SYS_LONGHELP and endif lines
and use U_BOOT_LONGHELP to declare the same variable name as before
- In a few places, either rename the variable to follow convention or
introduce the variable as it was being done inline before.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Extend the padding process of u-boot-nand.imx target by adding 10k bytes
of zeros to the end of the binary using the 'dd' command.
The existing padding method did not generate a functional binary,
as discussed in more detail in this thread [1]. Instead, we adopt the
end-padding calculation method documented in 'board/doc/colibri_imx7.rst'
as a reference, which is relevant for iMX7 with NAND storage.
Adding 10k bytes of zeros provides an approximate value that makes the
proper padding for these NAND devices.
[1] https://lore.kernel.org/all/CAC4tdFUqffQzRQFv5AGe_xtbFy1agr2SEpn_FzEdexhwjdryyw@mail.gmail.com/
Signed-off-by: Hiago De Franco <hiago.franco@toradex.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
These IS_ENABLED(CONFIG_SPL_LOAD_FIT) cases can no longer be reached,
and thus get_fit_image_size() is also redundant.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Fabio Estevam <festevam@denx.de>
Currently, spl_imx_romapi uses a somewhat tricky workaround for the
fact that a FIT image with external data doesn't directly allow one to
know the full size of the file: It does a dummy spl_load_simple_fit(),
having the ->read callback remember the largest offset requested, and
then does a last call to rom_api_download_image() to fetch the
remaining part of the full FIT image.
We can avoid that by just keeping track of how much we have downloaded
already, and if the ->read() requests something outside the current
valid buffer, fetch up to the end of the current request.
The current method also suffers from not working when CONFIG_IMX_HAB
is enabled: While in that case u-boot.itb is not built with external
data, so the fdt header does contain the full size of the dtb
structure. However, it does not account for the extra CONFIG_CSF_SIZE
added by board_spl_fit_size_align(). And also, the data it hands out
during the first dummy spl_load_simple_fit() is of course garbage, and
wouldn't pass the verification.
So we really need to call spl_load_simple_fit() only once, let that
figure out just how big the FIT image is (including whatever data, CSF
or "ordinary" external data, has been tacked on beyond the fdt
structure), and always provide valid data from the ->read callback.
This only affects the CONFIG_SPL_LOAD_FIT case - I don't have any
hardware or experience with the CONFIG_SPL_LOAD_IMX_CONTAINER case, so
I leave that alone for now.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Fabio Estevam <festevam@denx.de>
If optee is detected configure it in the Linux device-tree:
- add /firmware/optee node
- add /reserved-memory nodes for optee_core and optee_shm
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
With enabled SKIP_LOWLEVEL_INIT, the weak function timer_init() is
used in the SPL build. For iMX6 SoC, this leads MMC to fail once
u-boot proper is booted due to a timing issue.
Always use iMX-specific timer_init() in SPL to fix timing issues.
Fixes: be277c3a89 ("imx: mx7: avoid some initialization if low level is skipped")
Signed-off-by: Michael Scott <mike@foundries.io>
Co-developed-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
This old patch was marked as deferred. Bring it back to life, to continue
towards the removal of common.h
Move this out of the common header and include it only where needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
The ivt_offset parameter is optional for both hab_auth_img_or_fail
and hab_auth_img commands.
Document it in their usage texts to make it clearer.
Signed-off-by: Fabio Estevam <festevam@denx.de>
Since commit ea91031b22 ("imx: hab: extend hab_auth_img to calculate
ivt_offset"), it is possible to call the hab_auth_img command without the
last ivt_offset argument.
Currently, calling hab_auth_img_or_fail without the last
ivt_offset parameter causes a failure and the command usage text is shown.
Fix this problem by adjusting the argc logic to allow
calling hab_auth_img_or_fail with only the address and size parameters.
This way, both hab_auth_img and hab_auth_img_or_fail have the same
behavior with respect to the allowed number of command parameters.
Signed-off-by: Eduard Strehlau <eduard@lionizers.com>
Signed-off-by: Fabio Estevam <festevam@denx.de>
If CMD_ELF disabled and IMX_BOOTAUX enabled, the u-boot building ends
up with a linking error [1]. Select LIB_ELF to fix the building
issue.
[1]
ld: /tmp/ccaF1rpv.ltrans0.ltrans.o: in function `do_bootaux':
arch/arm/mach-imx/imx_bootaux.c:108: undefined reference to `valid_elf_image'
Fixes: c0f037f6a2 ("mach-imx: bootaux: elf firmware support")
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
If dram_init_banksize() is called from SPL, the rom_pointer, at that
point, is not correctly initialized. This causes wrong calculation of
DRAM start and size in dram_init_banksize(). The issue became apparent
only in Falcon Mode. Added an extra condition to prevent using
rom_pointer in SPL.
Signed-off-by: Elena Popa <elena.popa@nxp.com>
Reviewed-by: Marek Vasut <marex@denx.de>
Reviewed-by: Fabio Estevam <festevam@denx.de>
Very few of the existing event-spy records use the arguments they are
passed. Update them to use a simple spy instead, to simplify the code.
Where an adaptor function is currently used, remove it where possible.
Signed-off-by: Simon Glass <sjg@chromium.org>
This reverts commit c5b68ef8af.
CONFIG_OPTEE_TZDRAM_SIZE is used by imx6-based SoCs as well. Move the
option back.
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
board_get_usable_ram_top() returns a physical address that is stored in
gd->ram_top. The return type of the function should be phys_addr_t like the
current type of gd->ram_top.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
It is not a parse error to have a default value of "0" for a "hex" type
entry, instead of "0x0". However, "0" and "0x0" are not treated the
same even by the tools themselves. Correct this by changing the default
value from "0" to "0x0" for all hex type questions that had the
incorrect default. Fix one instance (in two configs) of a default of "0"
being used on a hex question to be "0x0". Remove the cases where a
defconfig had set a value of "0x0" to be used as the default had been
"0".
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Bitwise operations on signed integers are not defined,
replace them with per-call checks.
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Heiko Schocher <hs@denx.de>
In order to enable HAB, FSL_CAAM, ARCH_MISC_INIT and
SPL_CRYPTO should be enabled in Kconfig like other i.MX8M
boards.
This also needs to occur in the SPL so enable CONFIG_SPL_BOARD_INIT and
add a void spl_board_init function which calls arch_misc_init to probe
the CAAM driver.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
add support for SHA-256 secure hash algorithm using the ARM v8
SHA-256 instructions for verifying image hash.
Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Abstract common interfaces for AHAB authentication operations.
Then share some common codes for AHAB and SPL container authentication
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
If the container has image which conflicts with
spl_get_load_buffer address, there are processing failures.
Use malloc instead of spl_get_load_buffer.
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Nitin Garg <nitin.garg@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>