Commit graph

48166 commits

Author SHA1 Message Date
Rob Clark
f2006808f0 dm: core: parse chosen node
This is the node that would contain, for example, the framebuffer setup
by an earlier stage.

Signed-off-by: Rob Clark <robdclark@gmail.com>
2018-01-15 11:35:38 -05:00
Jorge Ramirez-Ortiz
42091fa9e8 poplar: configs: increase gunzip buffer size for the kernel
Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
2018-01-15 11:35:37 -05:00
Jorge Ramirez-Ortiz
210d959294 spmi: msm: display the PMIC Arb version (debug)
Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
2018-01-15 11:35:37 -05:00
Tom Rini
3dde8f2037 Merge git://git.denx.de/u-boot-mmc 2018-01-14 22:26:38 -05:00
Bryan O'Donoghue
9587b0d611 arm: imx: hab: Add hab_failsafe console command
hab_failsafe when called puts the part into BootROM recovery mode.
This will allow u-boot scripts to script the dropping down into recovery
mode.

=> hab_failsafe

Shows the i.MX7 appear as "hiddev0,hidraw5: USB HID v1.10 Device [Freescale
SemiConductor Inc  SP Blank ULT1] " in a Linux dmesg thus allowing download
of a new image via the BootROM USB download protocol routine.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
317956e82c arm: imx: hab: Implement hab_rvt_failsafe
This patch implements the basic callback hooks for
hab_rvt_check_failsafe for BootROM code using the older BootROM address
layout - in my test case the i.MX7. Code based on new BootROM callbacks
will just do nothing and there's definitely a TODO to implement that extra
functionality on the alternative BootROM API.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
aeae70fac5 arm: imx: hab: Define rvt_failsafe()
The hab_rvt_failsafe() callback according to the HABv4 documentation:

"This function provides a safe path when image authentication has failed
and all possible boot paths have been exhausted. It is intended for use by
post-ROM boot stage components, via the ROM Vector Table."

Once invoked the part will drop down to its BootROM USB recovery mode.
Should it be the case that the part is in secure boot mode - only an
appropriately signed binary will be accepted by the ROM and subsequently
executed.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
07eefaf16e arm: imx: hab: Make imx_hab_is_enabled global
It will be helpful to boot commands to know if the HAB is enabled. Export
imx_hab_is_enabled() now to facilitate further work with this data-point in
a secure-boot context.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
4467ae6c28 arm: imx: hab: Make authenticate_image() return zero on open boards
The BootROM will not successfully process a HAB image passed by u-boot
unless the board has been set into locked mode. Some of the existing usages
of authenticate_image() expect and rely on unlocked boards doing the
following

1. Not calling into the BootROM authenticate_image() callback
2. Returning a pass status for authenticate_image() calls anyway

A previous patch removed the necessity to call into imx_hab_is_enabled()
twice. This patch ensures the reliance on authenticate_image() returning
zero is maintained.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Suggested-by: Breno Matheus Lima <brenomatheus@gmail.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
e5b30e4ac1 arm: imx: hab: Rename is_hab_enabled imx_hab_is_enabled
Understanding if the HAB is enabled is something that we want to
interrogate and report on outside of the HAB layer. First step to that is
renaming the relevant function to match the previously introduced external
naming convention imx_hab_function()

The name imx_hab_is_hab_enabled() is a tautology. A more logical name is
imx_hab_is_enabled().

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
57f6548606 arm: imx: hab: Prefix authenticate_image with imx_hab
Tidy up the HAB namespace a bit by prefixing external functions with
imx_hab. All external facing functions past this point will be prefixed in
the same way to make the fact we are doing IMX HAB activities clear from
reading the code. authenticate_image() could mean anything
imx_hab_authenticate_image() is on the other hand very explicit.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
58bebfb753 arm: imx: hab: Make internal functions and data static
There is no need to export these functions and data structures externally.
Make them all static now.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
2c6c68d282 arm: imx: hab: Print HAB event log only after calling ROM
The current flow of authenticate_image() will print the HAB event log even
if we reject an element of the IVT header before ever calling into the ROM.
This can be confusing.

This patch changes the flow of the code so that the HAB event log is only
printed out if we have called into the ROM and received some sort of status
code.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Suggested-by: Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
b7c3cae7d3 arm: imx: hab: Add a hab_rvt_check_target to image auth
Add a hab_rvt_check_target() step to authenticate_image() as a sanity
check for the target memory region authenticate_image() will run over,
prior to making the BootROM authentication callback itself.

This check is recommended by the HAB documentation so it makes sense to
adhere to the guidance and perform that check as directed.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
c0a55b7344 arm: imx: hab: Implement hab_rvt_check_target
This patch implements the basic callback hooks for hab_rvt_check_target()
for BootROM code using the older BootROM address layout - in my test case
the i.MX7. Code based on new BootROM callbacks will just have HAB_SUCCESS
as a result code. Adding support for the new BootROM callbacks is a TODO.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
1addedadc4 arm: imx: hab: Define rvt_check_target()
The hab_rvt_check_target() callback according to the HABv4 documentation:

"This function reports whether or not a given target region is allowed for
 either peripheral configuration or image loading in memory. It is intended
 for use by post-ROM boot stage components, via the ROM Vector Table, in
 order to avoid configuring security-sensitive peripherals, or loading
 images over sensitive memory regions or outside recognized memory devices
 in the address map."

It is a useful function to support as a precursor to calling into
authenticate_image() to validate the target memory region is good.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
824ef302f3 arm: imx: hab: Print additional IVT elements during debug
This patch enables printout of the IVT entry, dcd and csf data fields.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
fd15fe5f84 arm: imx: hab: Print CSF based on IVT descriptor
The IVT gives the absolute address of the CSF. There is no requirement for
the CSF to be located adjacent to the IVT so lets use the address provided
in the IVT header instead of the hard-coded fixed CSF offset currently in
place.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
04099e9ced arm: imx: hab: Only call ROM once headers are verified
Previous patches added IVT header verification steps. We shouldn't call
hab_rvt_entry() until we have done the basic header verification steps.

This patch changes the time we make the hab_rvt_entry() call so that it
only takes place if we are happy with the IVT header sanity checks.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
e59eb9e00f arm: imx: hab: Verify IVT self matches calculated address
The IVT is a self-describing structure which contains a self field. The
self field is the absolute physical base address the IVT ought to be at in
memory. Use the IVT self field to validate the calculated ivt_addr bugging
out if the two values differ.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
49b6d05882 arm: imx: hab: Add IVT header verification
The IVT header contains a magic number, fixed length and one of two version
identifiers. Validate these settings before doing anything with a putative
IVT binary.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
cd2d46003c arm: imx: hab: Add IVT header definitions
The various i.MX BootROMs containing the High Assurance Boot (HAB) block
rely on a data structure called the Image Vector Table (IVT) to describe to
the BootROM where to locate various data-structures used by HAB during
authentication.

This patch adds a definition of the IVT header for use in later patches,
where we will break the current incorrect dependence on fixed offsets in
favour of an IVT described parsing of incoming binaries.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
c5800b2541 arm: imx: hab: Fix authenticate_image input parameters
u-boot command "hab_auth_img" tells a user that it takes

- addr - image hex address
- offset - hex offset of IVT in the image

but in fact the callback hab_auth_img makes to authenticate_image treats
the second 'offset' parameter as an image length.

Furthermore existing code requires the IVT header to be appended to the end
of the image which is not actually a requirement of HABv4.

This patch fixes this situation by

1: Adding a new parameter to hab_auth_img
   - addr   : image hex address
   - length : total length of the image
   - offset : offset of IVT from addr

2: Updates the existing call into authenticate_image() in
   arch/arm/mach-imx/spl.c:jump_to_image_no_args() to pass
   addr, length and IVT offset respectively.

This allows then hab_auth_img to actually operate the way it was specified
in the help text and should still allow existing code to work.

It has the added advantage that the IVT header doesn't have to be appended
to an image given to HAB - it can be prepended for example.

Note prepending the IVT is what u-boot will do when making an IVT for the
BootROM. It should be possible for u-boot properly authenticate images
made by mkimage via HAB.

This patch is the first step in making that happen subsequent patches will
focus on removing hard-coded offsets to the IVT, which again is not
mandated to live at the end of a .imx image.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
08a81cad2f arm: imx: hab: Move CSF_PAD_SIZE to hab.h
CSF_PAD_SIZE should be defined in hab.h, move it to that location now.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
191d8bd509 arm: imx: hab: Move IVT_SIZE to hab.h
The size of the IVT header should be defined in hab.h move it there now.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
53c8a510e7 arm: imx: hab: Optimise flow of authenticate_image on hab_entry fail
The current code disjoins an entire block of code on hab_entry pass/fail
resulting in a large chunk of authenticate_image being offset to the right.

Fix this by checking hab_entry() pass/failure and exiting the function
directly if in an error state.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
d2c61800fc arm: imx: hab: Optimise flow of authenticate_image on is_enabled fail
There is no need to call is_enabled() twice in authenticate_image - it does
nothing but add an additional layer of indentation.

We can check for is_enabled() at the start of the function and return the
result code directly.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
9535b3975f arm: imx: hab: Fix authenticate_image result code
authenticate_image returns 1 for success and 0 for failure. That result
code is mapped directly to the result code for the command line function
hab_auth_img - which means when hab_auth_img succeeds it is returning
CMD_RET_FAILURE (1) instead of CMD_RET_SUCCESS (0).

This patch fixes this behaviour by making authenticate_image() return 0 for
success and 1 for failure. Both users of authenticate_image() as a result
have some minimal churn. The upshot is once done when hab_auth_img is
called from the command line we set $? in the standard way for scripting
functions to act on.

Fixes: 36c1ca4d46 ("imx: Support i.MX6 High Assurance Boot
authentication")

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Bryan O'Donoghue
adbb051f08 arm: imx: hab: Make authenticate_image return int
Both usages of authenticate_image treat the result code as a simple binary.
The command line usage of authenticate_image directly returns the result
code of authenticate_image as a success/failure code.

Right now when calling hab_auth_img and test the result code in a shell a
passing hab_auth_img will appear to the shell as a fail.

The first step in fixing this behaviour is to fix-up the result code return
by authenticate_image() itself, subsequent patches fix the interpretation
of authenticate_image so that zero will return CMD_RET_SUCCESS and non-zero
will return CMD_RET_FAILURE.

The first step is fixing the return type in authenticate_image() so do that
now.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14 17:26:30 +01:00
Tom Rini
18af965798 Merge git://git.denx.de/u-boot-tegra 2018-01-12 14:18:34 -05:00
Stephen Warren
5fed97af20 Makefile: ensure DTB doesn't overflow into initial stack
With CONFIG_SYS_INIT_SP_BSS_OFFSET enabled, the initial (pre-relocation)
stack is placed some distance after bss_start. The control DTB is appended
to the U-Boot binary at bss_start. If the DTB is too large, or the SP BSS
offset too small, then the initial stack could corrupt the DTB. Enhance
the Makefile to check whether this is likely to occur.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2018-01-12 10:12:32 -07:00
Stephen Warren
e43effc1d8 ARM: Tegra: p2771-0000: use calculate env var feature
Request that all environment variables containing hard-coded address be
calculated at boot time instead.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2018-01-12 10:12:32 -07:00
Stephen Warren
026a8b96bd ARM: Tegra186: calculate load addresses at boot
In the presence of potentially fragemented memory, we cannot hard-code
addresses into environment variables such as kernel_addr_r. Instead, we
must calculate those addresses at run-time based on available memory
locations. Implement the code to perform such runtime calculation, based
on requirements described in environment variables, to allow the user
full control over the allocation.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2018-01-12 10:12:32 -07:00
Stephen Warren
cdcf55584e ARM: Tegra186: don't map memory not in RAM banks
Tegra186 currently restricts its DRAM usage to entries in the /memory node
in the DTB passed to it. However, the MMU configuration always maps the
entire first 2GB of RAM. This could allow the CPU to speculatively access
RAM that isn't part of the in-use banks. This patch switches to runtime
construction of the table that's used to construct the MMU translation
tables, and thus prevents access to RAM that's not part of a valid bank.

Note: This patch is intended to prevent access to RAM regions which U-Boot
does not need to access, with the primary purpose of avoiding theoretical
speculative access to physical regions for which the HW will throw errors
(e.g. carve-outs that the CPU has no permission to access at a bus level,
bad ECC pages, etc.). In particular, this patch is not deliberately
related to the speculation-related security issues that were recently
announced. The apparent similarity is a coincidence.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2018-01-12 10:12:32 -07:00
Stephen Warren
a9819b9e33 ARM: tegra: p2771-000: increase max DRAM bank count
On this platform, there may be up to 1024 unusable chunks of memory.
Increase CONFIG_NR_DRAM_BANKS so that U-Boot can remember all the banks
required to represent such fragmented memory.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2018-01-12 10:12:31 -07:00
Stephen Warren
d5859255d9 ARM: Tegra186: search for best RAM bank
In the future, the list of DRAM regions passed to U-Boot in the DTB may
be quite long and fragmented. Due to this, U-Boot must search through the
regions to find the best region to relocate into, rather than relying on
the current assumption that the top of bank 0 is a reasonable relocation
target. This change implements such searching.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2018-01-12 10:12:31 -07:00
Stephen Warren
15751403b6 ARM: bootm: don't assume sp is in DRAM bank 0
arch_lmb_reserve() currently assumes that the stack pointer is within DRAM
bank 0. This is not necessarily true. Enhance the code to search through
DRAM banks until the bank that does contain SP is found, and then reserve
the tail of that bank.

Fixes: 2d1916e48b ("ARM: add flat device tree support")
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2018-01-12 10:12:31 -07:00
Stephen Warren
f697471217 ARM: Tegra186: mem parsing fixes from downstream
Apply a few small fixes for the DTB /memory node parsing from NVIDIA's
downstream U-Boot:

- Allow arbitrary number of DRAM banks.
- Correctly calculate the number of DRAM banks.
- Clip PCIe memory in the same way as U-Boot CPU memory use.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2018-01-12 09:52:11 -07:00
Stephen Warren
ddecaaf3b9 ARM: tegra: use LINUX_KERNEL_IMAGE_HEADER
Enable CONFIG_LINUX_KERNEL_IMAGE_HEADER for all 64-bit Tegra boards.
cboot (the boot SW that runs before U-Boot) will eventually use this
information.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2018-01-12 09:52:11 -07:00
Stephen Warren
8163faf952 ARMv8: add optional Linux kernel image header
Allow placing a Linux kernel image header at the start of the U-Boot
binary. This is useful since the image header reports the amount of memory
(BSS and similar) that U-Boot needs to use, but that isn't part of the
binary size. This can be used by the code that loads U-Boot into memory to
determine where to load U-Boot, based on other users of memory.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2018-01-12 09:52:11 -07:00
Stephen Warren
f097532d27 ARM: tegra: use CONFIG_SYS_INIT_SP_BSS_OFFSET
Enable CONFIG_SYS_INIT_SP_BSS_OFFSET for all 64-bit Tegra boards. Place
the stack/... 512KiB from the end of the U-Boot binary. This should be
plenty to accommodate the current DTBs (max 64 KiB), early malloc region
(6KiB), stack usage, and plenty of slack, while still not placing it too
far away from the U-Boot binary.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2018-01-12 09:52:11 -07:00
Stephen Warren
e6c904489a ARMv8: Allow dynamic early stack pointer
U-Boot typically uses a hard-coded value for the stack pointer before
relocation. Implement option SYS_INIT_SP_BSS_OFFSET to instead calculate
the initial SP at run-time. This is useful to avoid hard-coding addresses
into U-Boot, so that can be loaded and executed at arbitrary addresses and
thus avoid using arbitrary addresses at runtime. This option's value is
the offset added to &_bss_start in order to calculate the stack pointer.
This offset should be large enough so that the early malloc region, global
data (gd), and early stack usage do not overlap any appended DTB.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2018-01-12 09:52:11 -07:00
Stephen Warren
0d1bd150f0 ARM: tegra: remove SPL config for non-SPL SoCs
No 64-bit Tegra uses SPL. Remove various unused definitions from config
headers.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2018-01-12 09:52:10 -07:00
Stephen Warren
3cdb5fa08a ARM: tegra: don't use CONFIG_SPL_TEXT_BASE when no SPL
64-bit Tegra don't use SPL, and soon won't define CONFIG_SPL_TEXT_BASE
when building. Fix the binman .dts file so that it doesn't use undefined
values.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2018-01-12 09:52:10 -07:00
Peng Fan
db359efd59 mmc: fsl_esdhc: Fix eMMC 1.8v setting issue
Current USDHC driver will reset VSELECT to 0 (3.3v) during mmc init,
then set to 1 for 1.8v eMMC I/O. When booting from eMMC, since ROM has
already set VSELECT to 1.8v before running the u-boot. This reset in
USDHC driver causes a short 2.2v pulse on CMD pin.

Fix this issue by not reset VSELECT to 0 when 1.8v flag is set.

Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2018-01-13 00:08:44 +09:00
Tom Rini
8c0bb85824 power: Rearrange code to guard power command with CONFIG_SPL_BUILD guard
In order to discard this code when unused in SPL we need to guard the
command with a check for CONFIG_SPL_BUILD and we rearrange the code
slightly to make this cleaner.

Cc: Jaehoon Chung <jh80.chung@samsung.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2018-01-13 00:07:57 +09:00
Christopher Spinrath
edc57f1df8 ARM: imx: cm_fx6: env: try to determine dtb to use
Some distributions like Fedora expect U-Boot to select a proper
devicetree. Since there are several variants of the cm-fx6 module
featuring different SoC variants and the module can be paired with
several baseboards, it is not viable to hardcode a filename.

Instead, follow the lead of other i.MX6 based devices and try to
determine the devicetree to use with the help of the board name
and the SoC variant exported by the board code, before calling the
distro bootcommand.

For now, only for the Utilite Pro a proper devicetree filename is
known but further variants of the Utilite Computer or other devices
based on the cm-fx6 module may be added in the future.

Signed-off-by: Christopher Spinrath <christopher.spinrath@rwth-aachen.de>
2018-01-12 14:28:04 +01:00
Christopher Spinrath
dbeaa1d131 ARM: imx: cm_fx6: export board and soc info to env
Like many other i.MX6 based boards, there are multiple variants of
the cm-fx6 module featuring different SoC variants. Furthermore, the
module can be paired with multiple baseboards.

At the same time modern distribution like Fedora require U-Boot to
select a proper devicetree which depends on the SoC variant and the
baseboard.

Thus, export the SoC variant and the actual board to the environment
following the conventions of other i.MX6 devices (e.g. the NXP boards)
such that the environment can select a devicetree file to load.

For now, we only know for sure that the cm-fx6 module and the SB-fx6m
baseboard amount to a Utilite Computer variant (depending on the SoC).
Further combinations may be added in the future; e.g. CompuLab's
evaluation board once someone can verify the identification string
stored in its eeprom.

Signed-off-by: Christopher Spinrath <christopher.spinrath@rwth-aachen.de>
Reviewed-by: Stefano Babic <sbabic@denx.de>
2018-01-12 14:28:04 +01:00
Koen Vandeputte
f57263ee9b drivers: pci: imx: fix enumeration logic error
By default, the subordinate is set equally to the secondary bus (1) when
the RC boots, and does not alter afterwards.

This means that theoretically, the highest bus reachable downstream is
bus 1.

Force the PCIe RC subordinate to 0xff, otherwise no downstream
devices will be detected behind bus 1 if the booting OS does not allow
enumerating a higher busnr than the subordinate value of the primary
bus.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-01-12 14:28:04 +01:00
Fabio Estevam
0f194018f2 mx6memcal: spl: Disambiguate the error message
Currently mmdc_do_dqs_calibration() and mmdc_do_write_level_calibration()
show the same error message, which is confusing for debugging.

Disambiguate the mmdc_do_dqs_calibration() error message.

Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-12 14:28:04 +01:00