Commit graph

60 commits

Author SHA1 Message Date
Marek Vasut
6039e0edc8 imx: hab: Simplify the mechanism
The current mechanism is unnecessarily complex. Simplify the whole mechanism
such that the entire fitImage is signed, IVT is placed at the end, followed
by CSF, and this entire bundle is also authenticated. This makes the signing
scripting far simpler.

Signed-off-by: Marek Vasut <marex@denx.de>
2023-06-24 13:47:02 -04:00
Tom Rini
aa6e94deab global: Move remaining CONFIG_SYS_SDRAM_* to CFG_SYS_SDRAM_*
The rest of the unmigrated CONFIG symbols in the CONFIG_SYS_SDRAM
namespace do not easily transition to Kconfig. In many cases they likely
should come from the device tree instead. Move these out of CONFIG
namespace and in to CFG namespace.

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-12-05 16:06:07 -05:00
Simon Glass
984639039f Rename CONFIG_SYS_TEXT_BASE to CONFIG_TEXT_BASE
The current name is inconsistent with SPL which uses CONFIG_SPL_TEXT_BASE
and this makes it imposible to use CONFIG_VAL().

Rename it to resolve this problem.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-10-31 11:01:31 -04:00
Peng Fan
881df6ed84 imx: add basic i.MX9 support
Add i.MX9 Kconfig and basic files for the new SoC

Signed-off-by: Peng Fan <peng.fan@nxp.com>
2022-07-26 11:29:00 +02:00
Ye Li
bf43907f6e imx: spl: Allow iMX7/8/8M to overwrite spl_board_boot_device
Move the default mapping of spl_boot_device to weak function of
spl_board_boot_device. So that every board of iMX7/8/8M can overwrite
this function to implement specific mapping.

Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2022-07-26 11:29:00 +02:00
Ye Li
9270cc8f3b imx: Change USB boot device type
The SPL SDP is configured as BOOT_DEVICE_BOARD, so when booting from
USB, change its type to BOOT_DEVICE_BOARD, so we can use SDP.

Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2022-07-26 11:29:00 +02:00
Andre Przywara
5907357322 spl: mmc: extend spl_mmc_boot_mode() to take mmc argument
Platforms can overwrite the weak definition of spl_mmc_boot_mode() to
determine where to load U-Boot proper from.
For most of them this is a trivial decision based on Kconfig variables,
but it might be desirable the probe the actual device to answer this
question.

Pass the pointer to the mmc struct to that function, so implementations
can make use of that.

Compile-tested for all users changed.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Stefano Babic <sbabic@denx.de>
Reviewed-by: Ley Foon Tan <ley.foon.tan@inte.com> (for SoCFPGA)
Acked-by: Lokesh Vutla <lokeshvutla@ti.com> (for OMAP and K3)
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-04 23:24:17 +01:00
Harald Seiler
f62611a9ed imx: spl: Fix typo BMODE_EMI -> BMODE_EIM
The interface for NOR/OneNAND is called "EIM" not "EMI".  Fix this.

Signed-off-by: Harald Seiler <hws@denx.de>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
2022-02-18 18:12:23 +01:00
Heiko Schocher
deb80ec023 imx: spl: fix imx8m secure boot
cherry-picked from NXP code:
719d665a87c6: ("MLK-20467 imx8m: Fix issue for booting signed image through uuu")

which fixes secure boot on imx8m based boards. Problem was
that FIT header and so IVT header too, was loaded to
memallocated address. So the ivt header address coded
in IVT itself does not fit with the real position.

Signed-off-by: Heiko Schocher <hs@denx.de>
Tested-by: Tim Harvey <tharvey@gateworks.com>
2021-10-07 16:53:50 +02:00
Heiko Schocher
9de3544858 imx: spl: implement spl_load_simple_fit_fix_load
read the address where the IVT header must sit
from IVT image header, loaded from SPL into
an malloced buffer and copy the IVT header
to this address

May make this dependend on SoC ?

Signed-off-by: Heiko Schocher <hs@denx.de>
2021-10-07 16:53:50 +02:00
Simon Glass
103c5f1806 mmc: Rename MMC_SUPPORT to MMC
Rename these options so that CONFIG_IS_ENABLED can be used with them.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
[trini: Fixup some incorrect renames]
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-04 11:42:41 -04:00
Alexandru Gagniuc
efc4ad0bc7 spl: fit: Drop 'length' argument to board_spl_fit_post_load()
The size is derived from the FIT image itself. Any alignment
requirements are machine-specific and known by the board code. Thus
the total length can be derived from the FIT image and knowledge of
the platform. The 'length' argument is redundant. Remove it.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
CC: Matt Porter <mporter@konsulko.com>
2021-02-17 17:12:45 -05:00
Simon Glass
401d1c4f5d common: Drop asm/global_data.h from common header
Move this out of the common header and include it only where needed.  In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly.   Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-02-02 15:33:42 -05:00
Peng Fan
d4e84f24a6 imx8m: add QSPI boot dev
When boot type could not be detected from rom sw info,
read sbmr1 to detect, here we only use it to detect FLEXSPI
boot, because ROM not update it in rom sw info.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-01-23 11:30:31 +01:00
Peng Fan
27c803848b spl: add g_dnl_get_board_bcd_device_number
Add g_dnl_get_board_bcd_device_number, the new BCD value is used by uuu to distinguish
if the SPL supports the SDPV.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
2020-09-01 14:47:43 +02:00
Marek Vasut
1e7a69f661 ARM: imx: hab: panic on authentication failure
Instead of hang()ing the system and thus disallowing any automated
recovery possibility from a HAB authentication failure, panic() .
The panic() function can be configured to hang() the system after
printing an error message, however the default is to reset the
system instead.

This allows redundant boot to work correctly. In case the primary
or secondary image cannot be authenticated, the system reboots and
bootrom can try to start the other one.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: NXP i.MX U-Boot Team <uboot-imx@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
2020-08-03 17:03:57 +02:00
Simon Glass
f7ae49fc4f common: Drop log.h from common header
Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 21:19:18 -04:00
Simon Glass
691d719db7 common: Drop init.h from common header
Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 17:33:33 -04:00
Harald Seiler
d81a68957f imx: spl: Fix use of removed SPL_FAT_SUPPORT config
CONFIG_SPL_FAT_SUPPORT was removed in commit 0c3a9ed409
("spl: Kconfig: Replace CONFIG_SPL_FAT_SUPPORT with CONFIG_SPL_FS_FAT").
Fixup a leftover use of the symbol.

Fixes: 9d86dbd9cf ("imx: spl: implement spl_boot_mode for i.MX7/8/8M")
Signed-off-by: Harald Seiler <hws@denx.de>
2020-05-01 18:48:48 +02:00
Harald Seiler
5fc5bac67b imx: spl: Remove ifdefs in spl_mmc_boot_mode()
It is hard to read code which contains nested ifdef blocks.  Replace
them with normal if-blocks and the IS_ENABLED() macro.  This is not only
more readable but also helps as both arms are validated by the compiler
in all cases.

Signed-off-by: Harald Seiler <hws@denx.de>
2020-05-01 18:48:36 +02:00
Harald Seiler
15aec318ef Revert "imx: Introduce CONFIG_SPL_FORCE_MMC_BOOT to force MMC boot on falcon mode"
The CONFIG_SPL_FORCE_MMC_BOOT config flag is not needed as its behavior
is the correct one in all cases;  using spl_boot_device() instead of the
boot_device parameter will lead to inconsistency issues, for example,
when a board_boot_order() is defined.  In fact, this is the reason the
parameter was introduced in the first place, in commit 2b1cdafa9f
("common: Pass the boot device into spl_boot_mode()").

This reverts commit 772b55723b.

Link: https://lists.denx.de/pipermail/u-boot/2020-April/405979.html
Signed-off-by: Harald Seiler <hws@denx.de>
2020-05-01 18:47:07 +02:00
Anatolij Gustschin
a15d0aa680 imx: spl: return boot mode for asked MMC device in spl_mmc_boot_mode()
Boards may extend or re-define the boot list in their board_boot_order()
function by modifying spl_boot_list. E.g. a board might boot SPL from a
slow SPI NOR flash and then load the U-Boot from an eMMC or SD-card.
Or it might use additional MMC boot device in spl_boot_list for cases
when the image in SPI NOR flash is not found, so it could fall back to
eMMC, SD-card or another boot device.

Getting the MMC boot mode in spl_mmc will fail when we are trying to
boot from an MMC device in the spl_boot_list and the original board
boot mode (as returned by spl_boot_device()) is not an MMC boot mode.
Fix it by checking the asked MMC boot device from the spl_mmc_boot_mode()
argument.

Signed-off-by: Anatolij Gustschin <agust@denx.de>
2020-05-01 18:46:55 +02:00
Harald Seiler
e97590654a spl: mmc: Rename spl_boot_mode() to spl_mmc_boot_mode()
The function's name is misleading as one might think it is used
generally to select the boot-mode when in reality it is only used by the
MMC driver to find out in what way it should try reading U-Boot Proper
from a device (either using a filesystem, a raw sector/partition, or an
eMMC boot partition).

Rename it to spl_mmc_boot_mode() to make it more obvious what this
function is about.

Link: https://lists.denx.de/pipermail/u-boot/2020-April/405979.html
Signed-off-by: Harald Seiler <hws@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-04-22 20:41:57 +08:00
Simon Glass
db41d65a97 common: Move hang() to the same header as panic()
At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>
2020-01-17 17:53:40 -05:00
Peng Fan
7df6397eb4 imx: spl: support i.MX8MP spl_boot_device
i.MX8MP follows i.MX8MN, so just let it use spl_board_boot_device

Signed-off-by: Peng Fan <peng.fan@nxp.com>
2020-01-08 13:20:08 +01:00
Peng Fan
a92c7b144f imx: spl: use spl_board_boot_device for i.MX8MN
i.MX8MN follow same logic as i.MX8MM, so use spl_board_boot_device

Signed-off-by: Peng Fan <peng.fan@nxp.com>
2019-11-05 10:27:18 +01:00
Peng Fan
9d86dbd9cf imx: spl: implement spl_boot_mode for i.MX7/8/8M
It will be easy to separate SD/EMMC when booting in SPL stage, then
no need to bother which device is BOOT_DEVICE_MMC1/2.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
2019-11-03 17:04:16 +01:00
Adam Ford
63ce94b16b Revert "spl: imx6: Let spl_boot_device return USDHC1 or USDHC2"
Apologies to everyone whose board I broke by attempting to return
MMC1 or MMC2. I misunderstood how the MMC indexing worked.

This reverts commit 14d319b185.

Signed-off-by: Adam Ford <aford173@gmail.com>
2019-10-08 16:36:37 +02:00
Stefano Babic
d714a75fd4 imx: replace CONFIG_SECURE_BOOT with CONFIG_IMX_HAB
CONFIG_SECURE_BOOT is too generic and forbids to use it for cross
architecture purposes. If Secure Boot is required for imx, this means to
enable and use the HAB processor in the soc.

Signed-off-by: Stefano Babic <sbabic@denx.de>
2019-10-08 16:36:37 +02:00
Peng Fan
6c646b3de4 imx: spl: add spl_board_boot_device for i.MX8MM
Differnet board has different controller used, it is
hard to use one layout for them all.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
2019-10-08 16:36:36 +02:00
Stefan Roese
d10d1386a0 ARM: imx: Add QSPI boot mode for i.MX6UL/ULL
This patch adds the missing boot mode detection for QSPI boot on
i.MX6UL/ULL. Without it, booting with SPL from QSPI NOR does not work.

Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: Stefano Babic <sbabic@denx.de>
2019-10-08 16:36:36 +02:00
Lukasz Majewski
772b55723b imx: Introduce CONFIG_SPL_FORCE_MMC_BOOT to force MMC boot on falcon mode
This change tries to fix the following problem:

- The board boots (to be more precise - ROM loads SPL) from a slow SPI-NOR
  memory.
  As a result the spl_boot_device() will return SPI-NOR as a boot device
  (which is correct).

- The problem is that in 'falcon boot' the eMMC is used as a boot medium to
  load kernel from its partition.
  Calling spl_boot_device() will break things as it returns SPI-NOR device.

To fix this issue the new CONFIG_SPL_FORCE_MMC_BOOT Kconfig flag is
introduced to handle this special use case. By default it is not defined,
so there is no change in the legacy code flow.

Signed-off-by: Lukasz Majewski <lukma@denx.de>
2019-10-08 16:36:36 +02:00
Ricardo Salveti
01fc7e7b87 spl: imx: only use HAB if spl fit signature is not enabled
There is no need to use HAB for FIT signature validation when
SPL_FIT_SIGNATURE is also enabled, as that will be validated via the
normal U-Boot signed FIT image flow.

This allows having SPL validated by HAB and the payloads to follow
being validated with FIT signatures only.

Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
2019-10-08 16:35:16 +02:00
Adam Ford
14d319b185 spl: imx6: Let spl_boot_device return USDHC1 or USDHC2
Currently, when the spl_boot_device checks the boot device, it
will only return MMC1 when it's either sd or eMMC regardless
of whether or not it's MMC1 or MMC2.  This is a problem when
booting from MMC2 if MMC isn't being manually configured like in
the DM_SPL case with SPL_OF_CONTROL.

This patch will check the register and return either MMC1 or MMC2.

Signed-off-by: Adam Ford <aford173@gmail.com>
2019-07-19 14:53:50 +02:00
Tien Fong Chee
0c3a9ed409 spl: Kconfig: Replace CONFIG_SPL_FAT_SUPPORT with CONFIG_SPL_FS_FAT
Replace CONFIG_SPL_FAT_SUPPORT with CONFIG_SPL_FS_FAT so
obj-$(CONFIG_$(SPL_)FS_FAT) can be used to control the build in both
SPL and U-Boot.

Signed-off-by: Tien Fong Chee <tien.fong.chee@intel.com>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2019-02-01 09:12:48 -05:00
Peng Fan
f541796af9 spl: imx8: add spl boot device
Add spl_boot_device for i.MX8, also add BOOT_DEVICE_MMC2_2 for
spl_boot_mode.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
2019-01-28 20:35:47 +01:00
Jean-Jacques Hiblot
f811e9763f Kconfig: rename CONFIG_SPL_USB_GADGET_SUPPORT as CONFIG_SPL_USB_GADGET
The SPL option for USB gadget should be named after the option for u-boot
(CONFIG_USB_GADGET)

Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
2019-01-10 18:52:55 +01:00
Peng Fan
278f273c56 imx: spl: add MMC BOOT Device for i.MX8M
Add MMC BOOT Device for i.MX8M

Signed-off-by: Peng Fan <peng.fan@nxp.com>
2019-01-01 14:12:18 +01:00
Peng Fan
cd357ad112 imx: rename mx8m,MX8M to imx8m,IMX8M
Rename mx8m,MX8M to imx8m,IMX8M

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Jon Nettleton <jon@solid-run.com>
2019-01-01 14:12:18 +01:00
Ye Li
e246bfcfe2 SPL: Add HAB image authentication to FIT
Introduce two board level callback functions to FIT image loading process, and
a SPL_FIT_FOUND flag to differentiate FIT image or RAW image.

Implement functions in imx common SPL codes to call HAB funtion
to authenticate the FIT image. Generally, we have to sign multiple regions
in FIT image:
1. Sign FIT FDT data (configuration)
2. Sign FIT external data (Sub-images)

Because the CSF supports to sign multiple memory blocks, so that we can use one
signature to cover all regions in FIT image and only authenticate once.
The authentication should be done after the entire FIT image is loaded into
memory including all sub-images.
We use "-p" option to generate FIT image to reserve a space for FIT IVT
and FIT CSF, also this help to fix the offset of the external data (u-boot-nodtb.bin,
ATF, u-boot DTB).

The signed FIT image layout is as below:
--------------------------------------------------
|     |     |     |   |           |     |        |
| FIT | FIT | FIT |   | U-BOOT    | ATF | U-BOOT |
| FDT | IVT | CSF |   | nodtb.bin |     |   DTB  |
|     |     |     |   |           |     |        |
--------------------------------------------------

Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2019-01-01 14:12:18 +01:00
Tom Rini
83d290c56f SPDX: Convert all of our single license tags to Linux Kernel style
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from.  So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry.  Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents.  There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-07 09:34:12 -04:00
Eran Matityahu
0fe69adc8f imx7: spl: Check for Serial Downloader in spl_boot_device
Similarly to imx6, before reading the boot device, first check
bmode to see if the serial downloader has been selected
explicitly, then check whether the serial downloader has been
activated due to unbootable primary boot devices (e.g. empty eMMC).

If the serial downloader is activated, return BOOT_DEVICE_BOARD.
This allows SPL with SDP support to wait for the U-Boot image
to be loaded via the serial download protocol using imx_usb_loader.

Signed-off-by: Eran Matityahu <eran.m@variscite.com>
2018-03-29 17:33:12 +02:00
Fabio Estevam
0339086bd9 imx: spl: Partially revert "spl: eMMC/SD: Provide one __weak spl_boot_mode() function"
Commit d695d66278 ("spl: eMMC/SD: Provide one __weak spl_boot_mode()
function") breaks the boot on several i.MX6 boards,
such as cuboxi and wandboard:

U-Boot SPL 2018.03-rc1-00212-g48914fc119 (Feb 10 2018 - 11:04:33 +1300)
Trying to boot from MMC1
Failed to mount ext2 filesystem...
spl_load_image_ext: ext4fs mount err - 0

Partially revert it so that we can boot U-Boot again on these
i.MX6 platforms.

Reported-by: Jonathan Gray <jsg@jsg.id.au>
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
2018-02-24 19:33:32 +01:00
Lukasz Majewski
d695d66278 spl: eMMC/SD: Provide one __weak spl_boot_mode() function
The goal of this patch is to clean up the code related to choosing SPL
MMC boot mode.

The spl_boot_mode() now is called only in spl_mmc_load_image() function,
which is only compiled in if CONFIG_SPL_MMC_SUPPORT is enabled.

To achieve the goal, all per mach/arch implementations eligible for
unification has been replaced with one __weak implementation.

Signed-off-by: Lukasz Majewski <lukma@denx.de>
Reviewed-by: Marek Vasut <marex@denx.de>
Reviewed-by: Stefano Babic <sbabic@denx.de>
Acked-by: Michal Simek <michal.simek@xilinx.com> (For ZynqMP)
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-02-07 22:06:18 -05:00
Peng Fan
d7cb10a05f imx: spl: implement spl_boot_device for i.MX8M
Implement spl_boot_device for i.MX8M.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Reviewed-by: Stefano Babic <sbabic@denx.de>
2018-02-04 12:00:58 +01:00
Bryan O'Donoghue
57f6548606 arm: imx: hab: Prefix authenticate_image with imx_hab
Tidy up the HAB namespace a bit by prefixing external functions with
imx_hab. All external facing functions past this point will be prefixed in
the same way to make the fact we are doing IMX HAB activities clear from
reading the code. authenticate_image() could mean anything
imx_hab_authenticate_image() is on the other hand very explicit.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
c5800b2541 arm: imx: hab: Fix authenticate_image input parameters
u-boot command "hab_auth_img" tells a user that it takes

- addr - image hex address
- offset - hex offset of IVT in the image

but in fact the callback hab_auth_img makes to authenticate_image treats
the second 'offset' parameter as an image length.

Furthermore existing code requires the IVT header to be appended to the end
of the image which is not actually a requirement of HABv4.

This patch fixes this situation by

1: Adding a new parameter to hab_auth_img
   - addr   : image hex address
   - length : total length of the image
   - offset : offset of IVT from addr

2: Updates the existing call into authenticate_image() in
   arch/arm/mach-imx/spl.c:jump_to_image_no_args() to pass
   addr, length and IVT offset respectively.

This allows then hab_auth_img to actually operate the way it was specified
in the help text and should still allow existing code to work.

It has the added advantage that the IVT header doesn't have to be appended
to an image given to HAB - it can be prepended for example.

Note prepending the IVT is what u-boot will do when making an IVT for the
BootROM. It should be possible for u-boot properly authenticate images
made by mkimage via HAB.

This patch is the first step in making that happen subsequent patches will
focus on removing hard-coded offsets to the IVT, which again is not
mandated to live at the end of a .imx image.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
9535b3975f arm: imx: hab: Fix authenticate_image result code
authenticate_image returns 1 for success and 0 for failure. That result
code is mapped directly to the result code for the command line function
hab_auth_img - which means when hab_auth_img succeeds it is returning
CMD_RET_FAILURE (1) instead of CMD_RET_SUCCESS (0).

This patch fixes this behaviour by making authenticate_image() return 0 for
success and 1 for failure. Both users of authenticate_image() as a result
have some minimal churn. The upshot is once done when hab_auth_img is
called from the command line we set $? in the standard way for scripting
functions to act on.

Fixes: 36c1ca4d46 ("imx: Support i.MX6 High Assurance Boot
authentication")

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Eran Matityahu
e7528a3d74 imx7: spl: Add support for MMC3, SD3 and NAND boot devices
Signed-off-by: Eran Matityahu <eran.m@variscite.com>
2018-01-12 14:28:04 +01:00
Eran Matityahu
cd9f3ff651 imx7: spl: Use SPL boot device MMC1 for all of the SOCs MMC/SD boot devices
Use only one SPL MMC device, similarly to the iMX6 code

Signed-off-by: Eran Matityahu <eran.m@variscite.com>
2018-01-12 14:28:04 +01:00