| Age | Commit message (Collapse) | Author |
|---|
|
Add commands to write/read vbmeta public key to/from secure
storage. The vbmeta public key can only be set once.
Comands to set the public key:
fastboot stage <path-to-your-public-key>
fastboot oem set-public-key
Test: build and boot on imx8qxp_mek.
Change-Id: Id3ad4aa5aacef4fc8443f6a2d6ccb931310970ca
Signed-off-by: Ji Luo <ji.luo@nxp.com>
|
|
Secure storage is ready in trusty so we should read/write the rollback
index from rpmb.
But for borads without rpmb key, read/write the rpmb will fail and will
block the following avb verify process. In this case, check if the rpmb
key has been set and always return AVB_IO_RESULT_OK for the boards without
rpmb key.
Test: build and boot pass on imx8qm_mek.
Change-Id: I10c438e56d049ae97ebedfc446c8202642630d8b
Signed-off-by: Ji Luo <ji.luo@nxp.com>
|
|
Get build warning below because the CONFIG_SERIAL_TAG is not defined.
drivers/usb/gadget/f_fastboot.c: In function ‘fastboot_setup’:
drivers/usb/gadget/f_fastboot.c:1768:2: warning: ‘serialnr.high’ is used
uninitialized in this function [-Wuninitialized]
sprintf(serial, "%08x%08x", serialnr.high, serialnr.low);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/usb/gadget/f_fastboot.c:1768:2: warning: ‘serialnr.low’ is used
uninitialized in this function [-Wuninitialized]
Signed-off-by: Ye Li <ye.li@nxp.com>
(cherry picked from commit 5a438e8daa7dfe9ae8c8e782a2656e9329c7d4a1)
|
|
Remove the fuse operation commands for imx8qm, this will
help reduce the u-boot binary size.
Test: build and boot ok on imx8qm.
Change-Id: I45fd7a86abe5ce7a9a8b9284974190d72b203e1b
Signed-off-by: Luo Ji <ji.luo@nxp.com>
|
|
Need loadimage before execute mmcboot.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
(cherry picked from commit 016bb84267ff3882228ffbde64c2c670be7a8f16)
|
|
When OP-TEE is enabled a share memory is created between Linux and OP-TEE.
On i.MX 8QM with the use of the SC subsystem, this creates a new chunk of
memory.
Add a new DRAM BANK, so that u-boot is able to capture correctly all
the chunks of memory in meminfo.
Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
(cherry picked from commit c89c493cd8657f5d520647c3a9a61861b3f267e0)
|
|
When OP-TEE is enabled a share memory is created
between Linux and OP-TEE. on QxP with the use of the SC
subsystem, this creates a new chunk of memory.
Add a new DRAM BANK, so that u-boot is able to capture
correctly all the chunks of memory in meminfo.
Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
(cherry picked from commit abda1b4728f573a43a5b95db675821d2829de99b)
|
|
The CONFIG_MMC_ENV_DEV binds with CONFIG_ENV_IS_IN_MMC on mx6sabreauto.
When booting from other boot devices like EIMNOR, SPINOR, they need to
load kernel from SD, if the configuration is not set, the loading will fail.
Signed-off-by: Ye Li <ye.li@nxp.com>
(cherry picked from commit 59f6322db37945cf69cd418704ffef39b6fd5b31)
|
|
Too many macros are used in fsl_avbkey.c and
make it difficult to maintain.
This patch made some refine by:
1. Move all avb/atx operations to fsl_avb.c.
2. Refine the functions logic.
3. Drop some unsupported conditions/functions.
Test: build and boot on
imx8qm_mek/imx8mq_evk/imx6qp_sabresd/imx7d_pico/imx8m_aiy.
Change-Id: I5c99732acfc47d53cdf188d69223983777e577f4
Signed-off-by: Luo Ji <ji.luo@nxp.com>
|
|
Enlarge dom0 mem to 2048M
Signed-off-by: Peng Fan <peng.fan@nxp.com>
(cherry picked from commit 2f756c93a265e96bf524bfbe224fbbeceecd1417)
|
|
Introduce puts hook for dm serial driver.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Flynn xu <flynn.xu@nxp.com>
|
|
Introduce xen header files from Linux Kernel commit
e2b623fbe6a3("Merge tag 's390-4.20-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux")
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Flynn xu <flynn.xu@nxp.com>
|
|
The rollback index should be updated when avb verify pass
and the slot has been marked as successful, update the
rollback index also for those enabled dual bootloader
feature.
This commit also fix some configs condition issue so
read/write rollback index with trusty will work.
Test: rollback index updated successfully on
imx7d_pico and AIY.
Change-Id: I2344d6462249d8d88f0622d331cdeffc7e12f885
Signed-off-by: Ji Luo <ji.luo@nxp.com>
|
|
SHA256 hash of the entire verified software stack should be calculated
and passed to 'trusty_set_boot_params'. This commit will calculate the
SHA256 hash which represents spl.bin and bootloader.img, and then extend
that hash with the hash of vbmeta image into the final VBH.
Bug: 110905171
Test: VBH is calculated and passed ok on AIY.
Change-Id: Id83ad36f3de79bedd435ca8f26035a35cca66b07
Signed-off-by: Ji Luo <ji.luo@nxp.com>
|
|
Add support for fastboot variable 'at-vboot-state', it's composed
by 6 sub-variable: 'bootloader-locked', 'bootloader-min-versions',
'avb-perm-attr-set', 'avb-locked', 'avb-unlock-disabled' and
'avb-min-versions'.
Test: All 'at-vboot-state' variables are returned
correctly on imx7d_pico and AIY.
Change-Id: Ibb855cbcc7c41657af62dafb98a96c4dfb96ef22
Signed-off-by: Ji Luo <ji.luo@nxp.com>
|
|
Device will be locked permanently after disabling the unlcok vboot, store
the disable unlock vboot status into fuse. Since the fuse write operation
is irreversible so config 'CONFIG_AVB_FUSE' is disabled by default, user
need to add this config manually and run this command again.
Test: Disable unlock vboot bit is set after enabling "CONFIG_AVB_FUSE",
device was locked permanently after running this command. This is
verified on both imx7d_pico and AIY.
Change-Id: Iad8991a238763b1d662e33cba65f0b9eb44e97ef
Signed-off-by: Ji Luo <ji.luo@nxp.com>
|
|
Supoort "fastboot oem at-lock-vboot" command for Android
Things, this command can only be called after perm-attr
have been fused.
Test: build and boot ok on imx7d_pico and AIY.
Change-Id: Ifcfeb2a38d88c5d12b46a1d9ea61b182ae2e7bcb
Signed-off-by: Ji Luo <ji.luo@nxp.com>
|
|
Add fastboot commands "fastboot oem at-get-vboot-unlock-challenge"
and "fastboot oem at-unlock-vboot" to support the authenticated
unlock feature for Android Things devices. Use software random
numbers generator to generate the 16 bytes random challenge, it
should be replaced with hardware encrypted random generator when
the TEE part is ready.
Test: Generate unlock challenge by:
./avbtool make_atx_unlock_credential
--output=atx_unlock_credential.bin
--intermediate_key_certificate=atx_pik_certificate.bin
--unlock_key_certificate=atx_puk_certificate.bin
--challenge=my_generated_challenge.bin
--unlock_key=testkey_atx_puk.pem
validated the unlock credential successfully on imx7d_pico
and AIY.
Change-Id: I4b8cee87c9e96924169479b65020a081136681f6
Signed-off-by: Ji Luo <ji.luo@nxp.com>
|
|
Change-Id: Ia9e76742d0501d3222d5837057d8bc916f2ff989
Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
|
|
Change some includes in include/trusty/sysdeps.h
to match our platform.
Test: build pass for imx7d and imx8m.
Change-Id: I01fd3634413f358ead8c9b67d05def544682c274
Signed-off-by: Luo Ji <ji.luo@nxp.com>
|
|
Trusty image should be loaded to different address for AIY 1G/3G ddr
board which have different ddr size. Use board id to distinguish
different baseboard, load trusty image to 0x7e00_0000 for AIY 1G ddr
board and 0xfe00_0000 for AIY 3G ddr board.
Test: build and boot Trusty ok for AIY 1G/3G ddr board.
Change-Id: I62d8a19b13fe19f38075512a6faa4bbb36f74791
Signed-off-by: Ji Luo <ji.luo@nxp.com>
|
|
Test: Modify imx7d bootloader in b/1074236 and test with new
keymaster app.
Bug: 77873456
Change-Id: I0083630fa44c2c9fd0cabba7e7c1553488579d4e
|
|
Change-Id: I1c800fe39b5999169edd6e2acb9f66e557a3a86e
|
|
Obtaining the memory attributes can be done indepentently of the
bootloader environment and is now done by the ipc layer.
Updated u-boot example to reflect this.
Change-Id: I8e649a1367ba02981419c43aac6e55b469dcf651
|
|
Changed trusty_membuf_alloc and trusty_membuf_free to trusty_alloc_pages and
trusty_free_pages. The memory allocated by these functions is intended
to be shared with the secure world so it should be inherently page based.
Updated u-boot sysdeps and trusty_ipc_dev_create/shutdown to use these
new functions
Change-Id: Ica1aa5b0cb50eba6ce18914d048e731133d94c4f
|
|
Change-Id: I53c44e1b6641a8b7fddfa24d125b20868ef3496b
|
|
This allows ipc devices to provide service callbacks (e.g. rpmb) transparently
to the application instead of needing to have prior knowledge of the expected
request and having to poll the individual services' channels separately.
Change-Id: I3257ae5e429f4a0c279f070d750b56c5600c38d5
|
|
Change-Id: I28e55ebf15a8bff33c9f03373747c10e914126fa
|
|
Change-Id: Ib4d648cf939d62f59030f43faaaf7eb37c718d4d
|
|
This intends to replace the FIT image support since that cannot be
authenticated. Instead, we append another container at the end of
flash.bin, this new one containing a new container with two
images representing the ATF and uboot proper.
Signed-off-by: Abel Vesa <abel.vesa@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
|
|
When using gcc 4.9 to build SPL, the image size is beyond current
limitation 128KB. This gcc version is used in android tool chain. So
enlarge the SPL max size to 148KB. This value is also aligned with
other imx8mq/mm boards settings.
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
|
|
added emmc_dev and sd_dev
Signed-off-by: Frank Li <Frank.Li@nxp.com>
|
|
Because the iMX8MQ DDR4 ARM2 has 4GB DDR. To fit new MMU settings, we split
it to two banks. The first bank has 3GB DDR, reach to 4GB memory map.
The second bank has 1GB DDR, is beyond 4GB memory map.
Notice: there is no OPTEE for ARM2 board. The trust zone setting in OPTEE
for iMX8MQ EVK is not match with DDR size on ARM2 board. So ARM2 Only can
work without OPTEE.
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
|
|
iMX8MM DDR3L validation board uses FPGA to link with SPI NOR flash
on ECSPI1 port. Update the codes and configurations to enable the
ECSPI1 to access SPI NOR in u-boot.
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
|
|
Generate the key blob and store it to the last block of boot1 partition
after setting the rpmb key. The key blob should be checked in spl and be
passed to Trusty OS if it's valid. If the key blob are damaged, RPMB
storage proxy service will return fail and should make the device hang.
Test: Build and boot ok on imx8qm/qxp.
Change-Id: Ia274cd72109ab6ae15920e91b2a2008e1f1e667c
Signed-off-by: Ji Luo <ji.luo@nxp.com>
|
|
Add new hwcrypto tipc command and handler to generate blob with
CAAM.
Test: Message exchange with trusty and blob encapsulate/decapsulate ok.
Change-Id: I925b47cb3e22eeddf4c89e84a9c994d2f30423fe
Signed-off-by: Ji Luo <ji.luo@nxp.com>
|
|
Add new service 'hwcrypto' to handle CAAM related work
with Trusty OS. Add tipc interface to accelerate hash
calculation with CAAM.
Test: Service connect and message exchange with Trusty OS
are ok.
Change-Id: Ia870c3ad2ff30af987f327a9777a8b32f53593db
Signed-off-by: Ji Luo <ji.luo@nxp.com>
|
|
Add include files necessary for supporting SPL on QXP
ARM2 board
Signed-off-by: Teo Hall <teo.hall@nxp.com>
|
|
The first DRAM BANK size should be 2GB and the load addr
are 0x80080000.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
|
Update API files generated from latest SCFW commit:
commit b5dbcf59157cf758da2b96c395e3f4cb2674437f
Author: Ranjani Vaidyanathan <Ranjani.Vaidyanathan@nxp.com>
Date: Sat Oct 27 02:04:47 2018 -0500
SCF-248 Fix Linux boot fail on iMX8QX
Signed-off-by: Ye Li <ye.li@nxp.com>
|
|
Open configs to enable spl build for imx8q on both
Android and Android Auto.
Change-Id: Ide757086ad0208973ac8510ba4a2f1c84aecdfad
Signed-off-by: Luo Ji <ji.luo@nxp.com>
|
|
Add DDR3 init codes, board codes, defconfig and DTS into u-boot.
Basic modules are ready: SD, UART, I2C, USB host and NAND.
There is a FPGA on this board. It controls WDOG_B, and ENET PHY RESET.
So reset and ethernet won't work at default.
Signed-off-by: Ye Li <ye.li@nxp.com>
Acked-by: Peng Fan <peng.fan@nxp.com>
|
|
After loading hdmi firmware, create partition, HDMI power domain will be
off, this will cause HDMI firmware being lost.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
|
|
camera sometime can't been open once run M4 image.
ISI-CH0 probe funtion is not called when meet issue.
The root cause is:
M4 image set assign resource SC_R_ISI_CH0 into m4 partition
when open camera in m4 side.
Uboot will call update_fdt_with_owned_resources to check the pd
in current dts node. it will call sc_rm_is_resource_owned to
check the pd whether in other partition, If yes, it will delete
the dts node. uboot delete isi_0 node whose pd is SC_R_ISI_CH0.
add CONFIG_SKIP_RESOURCE_CHECING to skip checking resource when load dtb.
Change-Id: Ibf79c0bb9bc133bd7e395be57ca4a1f2ca5cf75a
Signed-off-by: zhang sanshan <sanshan.zhang@nxp.com>
|
|
Add fastboot command "fastboot oem set-rpmb-key" to program the rpmb
key which should be staged first.
Usage:
1. fastboot stage my-rpmb-key.bin
2. fastboot oem set-rpmb-key
Test: rpmb key programed successfully on imx8qxp.
Change-Id: I95474a6367eb8ef0db16bb38680975b8c45b84f1
Signed-off-by: Ji Luo <ji.luo@nxp.com>
|
|
Introduce dom0fdt_file env to let user could change
the dom0 dtb file.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
|
|
change default dtb to imx6sx-sdb-emmc.dtb when config as emmc
Signed-off-by: Frank Li <Frank.Li@nxp.com>
|
|
Decouple the CONFIG_SYS_MMC_ENV_DEV with CONFIG_ENV_IS_IN_MMC to fix
wrong mmcdev value in spinor build image.
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
|
|
We are using CONFIG_SYS_MMC_ENV_DEV for default value of mmcdev env.
But this config is bound with CONFIG_ENV_IS_IN_MMC, so it is not valid
for qspi build image.
Fix the issue by decoupling two configs.
Signed-off-by: Ye Li <ye.li@nxp.com>
|
|
Specify the default dtb file for kernel boot per i.MX7ULP
board config.
Signed-off-by: Shenwei Wang <shenwei.wang@nxp.com>
Reviewed-by: Frank Li <Frank.li@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
|
