Age | Commit message (Collapse) | Author |
|
Add i.MX9 Kconfig and basic files for the new SoC
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
|
Add support to check the rollback index of next stage images (ATF,
TEE, u-boot proper) in SPL to harden the security. And because there
is no backup bootloader image to fall back to so the board would hang
in SPL if rollback index is rejected.
Change-Id: I4c7d1f084dd5b3d37899a9e4c4755c03145542c7
Signed-off-by: Ji Luo <ji.luo@nxp.com>
|
|
Move the MCU RDC config to dts, it will be parsed by
SPL and stored in OCRAM_S, then the MCU RDC config will
be setup before MCU kicking.
Use HAB to verify the MCU image to guarantee its integrity.
Change-Id: I82dd378a6516b4d3cc47c5de2e403d817ba80256
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
(cherry picked from commit 2e972e4aa6c44eec0444d59d11c0a0c175699cf2)
|
|
Add a weak function after the image load in case we have extra
steps to complete, like check the rpmb keyblob for trusty enabled
platform.
Test: Boots with trusty.
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Change-Id: Ie8181fcb32d1640e39fdcc3cebb2dbf50cbfdbab
(cherry picked from commit b16fc52cf9a9ea4d63bced50b949d0bc2328ddea)
(cherry picked from commit 3e40454cdac6b7b63cdff36ab48f86e4b98502be)
(cherry picked from commit f3fb8740f9aea5a024a2b4579903e78affcda9e1)
|
|
VID 0x525 and PID 0xa4a5 already registered as
PLX Technology, Inc.
Linux-USB File-backed Storage Gadget
But fastboot device is not mass storage devices
windowns 10 latest update already cached above vid/pid
Change to use Freescale VID 0x1fc9
PID 0x151, for SPL SDP HID download
PID 0x152, for Fastboot
PID 0x153, for Kernel fastboot
Need update uuu above 1.4.182
Signed-off-by: Frank Li <Frank.Li@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
(cherry picked from commit 7b84c587ba607844d53a7553c7238e6acd0bba9a)
|
|
Move the default mapping of spl_boot_device to weak function of
spl_board_boot_device. So that every board of iMX7/8/8M can overwrite
this function to implement specific mapping.
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
(cherry picked from commit 5775dd85750a67a585f7b0a177406a3a9eae6ad7)
(cherry picked from commit 324df94e6a5ae70b82286bbe7dbb1267d667d71c)
(cherry picked from commit 147300cfdcc63af5a0d499b273df77433ecd8ba5)
(cherry picked from commit c0a292022cf1cf3c0469e241667a47ee9ee277c2)
|
|
The SPL SDP is configured as BOOT_DEVICE_BOARD, so when booting from
USB, change its type to BOOT_DEVICE_BOARD, so we can use SDP.
Signed-off-by: Ye Li <ye.li@nxp.com>
(cherry picked from commit 433032d7d672d4aa18d1399ffaa9449f00bc7d09)
(cherry picked from commit 4bb666f00b04ab416833ae5c5f17b27a646a07a5)
(cherry picked from commit 06e39d89e45e74c99c68854b1f690a84688b05a1)
(cherry picked from commit a76a76962d327317f67c22785af92ee8914d2a67)
|
|
The interface for NOR/OneNAND is called "EIM" not "EMI". Fix this.
Signed-off-by: Harald Seiler <hws@denx.de>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
|
|
cherry-picked from NXP code:
719d665a87c6: ("MLK-20467 imx8m: Fix issue for booting signed image through uuu")
which fixes secure boot on imx8m based boards. Problem was
that FIT header and so IVT header too, was loaded to
memallocated address. So the ivt header address coded
in IVT itself does not fit with the real position.
Signed-off-by: Heiko Schocher <hs@denx.de>
Tested-by: Tim Harvey <tharvey@gateworks.com>
|
|
read the address where the IVT header must sit
from IVT image header, loaded from SPL into
an malloced buffer and copy the IVT header
to this address
May make this dependend on SoC ?
Signed-off-by: Heiko Schocher <hs@denx.de>
|
|
Rename these options so that CONFIG_IS_ENABLED can be used with them.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
[trini: Fixup some incorrect renames]
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
The size is derived from the FIT image itself. Any alignment
requirements are machine-specific and known by the board code. Thus
the total length can be derived from the FIT image and knowledge of
the platform. The 'length' argument is redundant. Remove it.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
CC: Matt Porter <mporter@konsulko.com>
|
|
Move this out of the common header and include it only where needed. In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly. Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
When boot type could not be detected from rom sw info,
read sbmr1 to detect, here we only use it to detect FLEXSPI
boot, because ROM not update it in rom sw info.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
|
Add g_dnl_get_board_bcd_device_number, the new BCD value is used by uuu to distinguish
if the SPL supports the SDPV.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
|
|
Instead of hang()ing the system and thus disallowing any automated
recovery possibility from a HAB authentication failure, panic() .
The panic() function can be configured to hang() the system after
printing an error message, however the default is to reset the
system instead.
This allows redundant boot to work correctly. In case the primary
or secondary image cannot be authenticated, the system reboots and
bootrom can try to start the other one.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: NXP i.MX U-Boot Team <uboot-imx@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
|
|
Move this header out of the common header.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Move this uncommon header out of the common header.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
CONFIG_SPL_FAT_SUPPORT was removed in commit 0c3a9ed409a5
("spl: Kconfig: Replace CONFIG_SPL_FAT_SUPPORT with CONFIG_SPL_FS_FAT").
Fixup a leftover use of the symbol.
Fixes: 9d86dbd9cf9d ("imx: spl: implement spl_boot_mode for i.MX7/8/8M")
Signed-off-by: Harald Seiler <hws@denx.de>
|
|
It is hard to read code which contains nested ifdef blocks. Replace
them with normal if-blocks and the IS_ENABLED() macro. This is not only
more readable but also helps as both arms are validated by the compiler
in all cases.
Signed-off-by: Harald Seiler <hws@denx.de>
|
|
mode"
The CONFIG_SPL_FORCE_MMC_BOOT config flag is not needed as its behavior
is the correct one in all cases; using spl_boot_device() instead of the
boot_device parameter will lead to inconsistency issues, for example,
when a board_boot_order() is defined. In fact, this is the reason the
parameter was introduced in the first place, in commit 2b1cdafa9fdd
("common: Pass the boot device into spl_boot_mode()").
This reverts commit 772b55723bcbe8ebe84f579d9cdc831d8e18579d.
Link: https://lists.denx.de/pipermail/u-boot/2020-April/405979.html
Signed-off-by: Harald Seiler <hws@denx.de>
|
|
Boards may extend or re-define the boot list in their board_boot_order()
function by modifying spl_boot_list. E.g. a board might boot SPL from a
slow SPI NOR flash and then load the U-Boot from an eMMC or SD-card.
Or it might use additional MMC boot device in spl_boot_list for cases
when the image in SPI NOR flash is not found, so it could fall back to
eMMC, SD-card or another boot device.
Getting the MMC boot mode in spl_mmc will fail when we are trying to
boot from an MMC device in the spl_boot_list and the original board
boot mode (as returned by spl_boot_device()) is not an MMC boot mode.
Fix it by checking the asked MMC boot device from the spl_mmc_boot_mode()
argument.
Signed-off-by: Anatolij Gustschin <agust@denx.de>
|
|
The function's name is misleading as one might think it is used
generally to select the boot-mode when in reality it is only used by the
MMC driver to find out in what way it should try reading U-Boot Proper
from a device (either using a filesystem, a raw sector/partition, or an
eMMC boot partition).
Rename it to spl_mmc_boot_mode() to make it more obvious what this
function is about.
Link: https://lists.denx.de/pipermail/u-boot/2020-April/405979.html
Signed-off-by: Harald Seiler <hws@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.
Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
i.MX8MP follows i.MX8MN, so just let it use spl_board_boot_device
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
|
i.MX8MN follow same logic as i.MX8MM, so use spl_board_boot_device
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
|
It will be easy to separate SD/EMMC when booting in SPL stage, then
no need to bother which device is BOOT_DEVICE_MMC1/2.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
|
Apologies to everyone whose board I broke by attempting to return
MMC1 or MMC2. I misunderstood how the MMC indexing worked.
This reverts commit 14d319b1856b86e593e01abd0a1e3c2d63b52a8a.
Signed-off-by: Adam Ford <aford173@gmail.com>
|
|
CONFIG_SECURE_BOOT is too generic and forbids to use it for cross
architecture purposes. If Secure Boot is required for imx, this means to
enable and use the HAB processor in the soc.
Signed-off-by: Stefano Babic <sbabic@denx.de>
|
|
Differnet board has different controller used, it is
hard to use one layout for them all.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
|
This patch adds the missing boot mode detection for QSPI boot on
i.MX6UL/ULL. Without it, booting with SPL from QSPI NOR does not work.
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: Stefano Babic <sbabic@denx.de>
|
|
This change tries to fix the following problem:
- The board boots (to be more precise - ROM loads SPL) from a slow SPI-NOR
memory.
As a result the spl_boot_device() will return SPI-NOR as a boot device
(which is correct).
- The problem is that in 'falcon boot' the eMMC is used as a boot medium to
load kernel from its partition.
Calling spl_boot_device() will break things as it returns SPI-NOR device.
To fix this issue the new CONFIG_SPL_FORCE_MMC_BOOT Kconfig flag is
introduced to handle this special use case. By default it is not defined,
so there is no change in the legacy code flow.
Signed-off-by: Lukasz Majewski <lukma@denx.de>
|
|
There is no need to use HAB for FIT signature validation when
SPL_FIT_SIGNATURE is also enabled, as that will be validated via the
normal U-Boot signed FIT image flow.
This allows having SPL validated by HAB and the payloads to follow
being validated with FIT signatures only.
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
|
|
Currently, when the spl_boot_device checks the boot device, it
will only return MMC1 when it's either sd or eMMC regardless
of whether or not it's MMC1 or MMC2. This is a problem when
booting from MMC2 if MMC isn't being manually configured like in
the DM_SPL case with SPL_OF_CONTROL.
This patch will check the register and return either MMC1 or MMC2.
Signed-off-by: Adam Ford <aford173@gmail.com>
|
|
Replace CONFIG_SPL_FAT_SUPPORT with CONFIG_SPL_FS_FAT so
obj-$(CONFIG_$(SPL_)FS_FAT) can be used to control the build in both
SPL and U-Boot.
Signed-off-by: Tien Fong Chee <tien.fong.chee@intel.com>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
|
|
Add spl_boot_device for i.MX8, also add BOOT_DEVICE_MMC2_2 for
spl_boot_mode.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
|
The SPL option for USB gadget should be named after the option for u-boot
(CONFIG_USB_GADGET)
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
|
|
Add MMC BOOT Device for i.MX8M
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
|
Rename mx8m,MX8M to imx8m,IMX8M
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Jon Nettleton <jon@solid-run.com>
|
|
Introduce two board level callback functions to FIT image loading process, and
a SPL_FIT_FOUND flag to differentiate FIT image or RAW image.
Implement functions in imx common SPL codes to call HAB funtion
to authenticate the FIT image. Generally, we have to sign multiple regions
in FIT image:
1. Sign FIT FDT data (configuration)
2. Sign FIT external data (Sub-images)
Because the CSF supports to sign multiple memory blocks, so that we can use one
signature to cover all regions in FIT image and only authenticate once.
The authentication should be done after the entire FIT image is loaded into
memory including all sub-images.
We use "-p" option to generate FIT image to reserve a space for FIT IVT
and FIT CSF, also this help to fix the offset of the external data (u-boot-nodtb.bin,
ATF, u-boot DTB).
The signed FIT image layout is as below:
--------------------------------------------------
| | | | | | | |
| FIT | FIT | FIT | | U-BOOT | ATF | U-BOOT |
| FDT | IVT | CSF | | nodtb.bin | | DTB |
| | | | | | | |
--------------------------------------------------
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
|
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.
In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.
This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
Similarly to imx6, before reading the boot device, first check
bmode to see if the serial downloader has been selected
explicitly, then check whether the serial downloader has been
activated due to unbootable primary boot devices (e.g. empty eMMC).
If the serial downloader is activated, return BOOT_DEVICE_BOARD.
This allows SPL with SDP support to wait for the U-Boot image
to be loaded via the serial download protocol using imx_usb_loader.
Signed-off-by: Eran Matityahu <eran.m@variscite.com>
|
|
function"
Commit d695d6627803 ("spl: eMMC/SD: Provide one __weak spl_boot_mode()
function") breaks the boot on several i.MX6 boards,
such as cuboxi and wandboard:
U-Boot SPL 2018.03-rc1-00212-g48914fc119 (Feb 10 2018 - 11:04:33 +1300)
Trying to boot from MMC1
Failed to mount ext2 filesystem...
spl_load_image_ext: ext4fs mount err - 0
Partially revert it so that we can boot U-Boot again on these
i.MX6 platforms.
Reported-by: Jonathan Gray <jsg@jsg.id.au>
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
|
|
The goal of this patch is to clean up the code related to choosing SPL
MMC boot mode.
The spl_boot_mode() now is called only in spl_mmc_load_image() function,
which is only compiled in if CONFIG_SPL_MMC_SUPPORT is enabled.
To achieve the goal, all per mach/arch implementations eligible for
unification has been replaced with one __weak implementation.
Signed-off-by: Lukasz Majewski <lukma@denx.de>
Reviewed-by: Marek Vasut <marex@denx.de>
Reviewed-by: Stefano Babic <sbabic@denx.de>
Acked-by: Michal Simek <michal.simek@xilinx.com> (For ZynqMP)
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
|
|
Implement spl_boot_device for i.MX8M.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Reviewed-by: Stefano Babic <sbabic@denx.de>
|
|
Tidy up the HAB namespace a bit by prefixing external functions with
imx_hab. All external facing functions past this point will be prefixed in
the same way to make the fact we are doing IMX HAB activities clear from
reading the code. authenticate_image() could mean anything
imx_hab_authenticate_image() is on the other hand very explicit.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
|
|
u-boot command "hab_auth_img" tells a user that it takes
- addr - image hex address
- offset - hex offset of IVT in the image
but in fact the callback hab_auth_img makes to authenticate_image treats
the second 'offset' parameter as an image length.
Furthermore existing code requires the IVT header to be appended to the end
of the image which is not actually a requirement of HABv4.
This patch fixes this situation by
1: Adding a new parameter to hab_auth_img
- addr : image hex address
- length : total length of the image
- offset : offset of IVT from addr
2: Updates the existing call into authenticate_image() in
arch/arm/mach-imx/spl.c:jump_to_image_no_args() to pass
addr, length and IVT offset respectively.
This allows then hab_auth_img to actually operate the way it was specified
in the help text and should still allow existing code to work.
It has the added advantage that the IVT header doesn't have to be appended
to an image given to HAB - it can be prepended for example.
Note prepending the IVT is what u-boot will do when making an IVT for the
BootROM. It should be possible for u-boot properly authenticate images
made by mkimage via HAB.
This patch is the first step in making that happen subsequent patches will
focus on removing hard-coded offsets to the IVT, which again is not
mandated to live at the end of a .imx image.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
|
|
authenticate_image returns 1 for success and 0 for failure. That result
code is mapped directly to the result code for the command line function
hab_auth_img - which means when hab_auth_img succeeds it is returning
CMD_RET_FAILURE (1) instead of CMD_RET_SUCCESS (0).
This patch fixes this behaviour by making authenticate_image() return 0 for
success and 1 for failure. Both users of authenticate_image() as a result
have some minimal churn. The upshot is once done when hab_auth_img is
called from the command line we set $? in the standard way for scripting
functions to act on.
Fixes: 36c1ca4d46ef ("imx: Support i.MX6 High Assurance Boot
authentication")
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
|
|
Signed-off-by: Eran Matityahu <eran.m@variscite.com>
|
|
Use only one SPL MMC device, similarly to the iMX6 code
Signed-off-by: Eran Matityahu <eran.m@variscite.com>
|