This reverts the arch/arm/mach-imx/imx_bootaux.c changes of commit
805b3cac1e. The loader function name was changed so that it does
not clash with the generically available function in lib/elf.c.
imx-bootaux loads an elf file linked for an auxilary core. Thus the
loader function requires address translation from the auxilary core's
address space to where those are mapped into U-Boot's address space.
So the elf loader is specific and must not be replaced with a generic
loader which doesn't provide the address translation functionality.
Fixes commit 805b3cac1e ("lib: elf: Move the generic elf
loading/validating functions to lib")
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Acked-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
Some board like imx8mm-evkb, IO voltage switch from 3.3v to 1.8v need
around 18ms, common code only delay 10ms, so need to delay extra 8ms.
Otherwise voltage switch will timeout when wait for data0 line.
This IO voltage switch time depends on board design, depend on the
PMIC and capacitance. imx8mm-evkb board use PCA9450(PMIC) and 10uF
capacitance.
Signed-off-by: Haibo Chen <haibo.chen@nxp.com>
sel_input value for the following uart5 pins is
different between i.MX6UL and i.MX6ULL:
MX6_PAD_UART5_TX_DATA__UART5_DTE_RX
MX6_PAD_UART5_RX_DATA__UART5_DCE_RX
MX6_PAD_ENET1_RX_EN__UART5_DCE_RTS
MX6_PAD_ENET1_TX_DATA0__UART5_DTE_RTS
MX6_PAD_CSI_DATA02__UART5_DCE_RTS
As sel_input value for the second one is fixed by
the previous commit, fix the rest.
Signed-off-by: Yuichiro Goto <goto@k-tech.co.jp>
Enabled "fsl,legacy-bch-geometry" in U-Boot device tree overlay
to match the legacy BCH geometry layout, which mainline Linux
applies when "fsl,use-minimum-ecc" is not specified in the device
tree.
Reinstated SYS_NAND_ONFI_DETECTION, which when disabled, masked
the mismatch on SOMs with Winbond NAND flash chips.
Signed-off-by: Niel Fourie <lusus@denx.de>
Convert the Olimex Olinuxino board's support for MMC to driver model following
Fabio Estevam's excellent example from:
commit: 23013aa961:
mx23evk: Convert to driver model
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Add the dts file for the Olimex Olinuxino from the linux kernel, and enable
its use in this machine's defconfig.
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Enable DM block, DM MMC and DM SATA support on iMX6 Udoo
convert board code to match the DM support.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Convert the two Embest boards to use DM MMC.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Cc: "Eric Bénard" <eric@eukrea.com>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Import the iMX6 based marsboard and riotboard. dts files from Linux 5.12-rc1
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Import the iMX53 based usbarmory dts files from Linux 5.12-rc1
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Cc: Andrej Rosano <andrej@inversepath.com>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Enable driver model support for MMC and SATA.
Note that DM_MMC requires aliases for your mmc devices so
they are added to the dts. Linux does not support enumerating mmc
devices by alias so these are not present in the Linux dts.
Note that we still need board_mmc_init() and board_mmc_getcd() for
not DM SPL to support MMC.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
The fsl-usb dt bindings in Linux default dr_mode to 'host' for
backward compatibility however U-Boot prints an error if
this property does not exist. Declare it in the Gateworks
Ventana device-trees to avoid the error.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
The OCRAM_S is regular memory, just like the OCRAM, add it to the MMU
tables so it can be used and cached.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Add DEK encapsulation support for imx8. The DEK blob is generated by the
SECO through the SCFW API.
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Add DEK blob encapsulation support for IMX8M through "dek_blob" command.
On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob
for encrypted boot.
The DEK blob is encapsulated by OP-TEE through a trusted application call.
U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE
dynamic shared memory.
To enable the DEK blob encapsulation, add to the defconfig:
CONFIG_SECURE_BOOT=y
CONFIG_FAT_WRITE=y
CONFIG_CMD_DEKBLOB=y
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
It is highly recommended to set the PRIBLOB bitfield to 0x3 once your
encrypted boot image has booted up, this prevents the generation of new
blobs that can be used to decrypt an encrypted boot image. The PRIBLOB is
a sticky type bit and cannot be changed until the next power on reset.
Add the set_priblob_bitfield U-Boot command to prevent the generation of
new blobs.
Signed-off-by: Clement Le Marquis <clement.lemarquis@nxp.com>
Acked-by: Ye Li <Ye.Li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The uart nodes already provide <clocks> property for the driver to
dynamically calculate the correct clock frequency. There is no need
to keep the hard-coded <clock-frequency> property.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Padmarao Begari <padmarao.begari@microchip.com>
Tested-by: Padmarao Begari <padmarao.begari@microchip.com>
Provide optimized versions of memcpy(), memmove(), memset() copied from
the Linux kernel.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
The value returned by setjmp must be nonzero. If zero is passed as
parameter it must be replaced by 1.
This patch reduces the code size a bit.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
In preparation to add SiFive Unmatched board support, let's rename
the existing fu540 board to unleashed.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
This adds the necessary bindings. Most of them are already there.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Acked-by: Rick Chen <rick@andestech.com>
Since commit 8891410c729b ("MLK-19848 mx6dq: Fix chip version issue for
rev1.3") it's not possible to call the HAB API functions on i.MX6DQ
SoC Rev 1.3:
Authenticate image from DDR location 0x12000000...
undefined instruction
pc : [<412c00dc>] lr : [<8ff560bc>]
reloc pc : [<c8b6d0dc>] lr : [<178030bc>]
sp : 8ef444a8 ip : 126e8068 fp : 8ff59aa8
r10: 8ffd51e4 r9 : 8ef50eb0 r8 : 006e8000
r7 : 00000000 r6 : 126ea01f r5 : 0000002b r4 : 126e8000
r3 : 412c00dd r2 : 00000001 r1 : 00000001 r0 : 00000063
Flags: nzCv IRQs off FIQs off Mode SVC_32
Resetting CPU ...
resetting ...
The hab.h code is defining the HAB API base address according to the
old SoC revision number, thus failing when calling the HAB API
authenticate_image() function.
Fix this issue by using mx6dq rev 1.3 instead of mx6dq rev 1.5.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Since cmd_dek is using CAAM JR, so enable the CMD_DEK only when
HAS_CAAM is set
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Add some SOC level codes and build configurations to use HAB lib for
CONFIG_IMX_HAB (secure boot), like adding the SEC_CONFIG fuse, enable
fuse driver, CAAM clock function, and add CAAM secure RAM to MMU table.
The FSL_CAAM is temporally not enabled for iMX8M when CONFIG_IMX_HAB is set,
because we don't need the CAAM driver for SPL.
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The imx8mm has changed the address of rvt_hab, use new address for imx8mm.
The authentication procedure is same as imx8mq. In u-boot, the authentication
uses SIP call to trap ATF to run HAB authenticate.
Users need to add CONFIG_SECURE_BOOT=y to defconfig to enable the feature.
Signed-off-by: Ye Li <ye.li@nxp.com>
Acked-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
When building 32-bit targets with CONFIG_SECURE_BOOT and DEBUG enabled
the following warnings are displayed:
arch/arm/mach-imx/hab.c:840:41: warning: format '%lx' expects argument \
of type 'long unsigned int', but argument 3 has type 'uint32_t \
{aka unsigned int}' [-Wformat=]
printf("HAB check target 0x%08x-0x%08lx fail\n",
~~~~^
%08x
ddr_start, ddr_start + bytes);
arch/arm/mach-imx/hab.c:845:45: warning: format '%x' expects argument \
of type 'unsigned int', but argument 3 has type 'ulong \
{aka long unsigned int}' [-Wformat=]
printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr);
~^
%lx
Fix warnings by providing the correct data type.
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
When booting in low power or dual boot modes the M4 binary is
authenticated by the M4 ROM code.
Add an option in hab_status command so users can retrieve M4 HAB
failure and warning events.
=> hab_status m4
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!
Add command documentation in mx6_mx7_secure_boot.txt guide.
As HAB M4 API cannot be called from A7 core the code is parsing
the M4 HAB persistent memory region. The HAB persistent memory
stores HAB events, public keys and others HAB related information.
The HAB persistent memory region addresses and sizes can be found
in AN12263 "HABv4 RVT Guidelines and Recommendations".
Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The HABv4 implementation in ROM checks if HAB major version
in IVT header is 4.x.
The current implementation in hab.c code is only validating
HAB v4.0 and HAB v4.1 and may be incompatible with newer
HABv4 versions.
Modify verify_ivt_header() function to align with HABv4
implementation in ROM code.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Add ability for hab_status command to show All HAB events and not just
HAB failure events
Signed-off-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Currently it's not possible to authenticate additional boot images in HAB
open configuration.
The hab.c code is checking if the SEC_CONFIG[1] fuse is programmed prior
to calling the hab_authenticate_image() API function. Users cannot check
if their additional boot images has been correctly signed prior to closing
their device.
Enable hab.c to authenticate additional boot images in open mode so HAB
events can be retrieved through get_hab_status() function.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Modify to use hab_rvt_failsafe function for failsafe ROM API, not
directly call its ROM address. This function will wrap the sip call for iMX8M
platforms.
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Calling csf_is_valid() with an un-signed image may lead to data abort
as the CSF pointer could be pointing to a garbage address when accessed
in HAB_HDR_LEN(*(const struct hab_hdr *)(ulong)ivt_initial->csf).
Authenticate image from DDR location 0x80800000...
Check CSF for Write Data command before authenticating image
data abort
pc : [<fff5494c>] lr : [<fff54910>]
reloc pc : [<8780294c>] lr : [<87802910>]
sp : fdf45dc8 ip : 00000214 fp : 00000000
r10: fffb6170 r9 : fdf4fec0 r8 : 00722020
r7 : 80f20000 r6 : 80800000 r5 : 80800000 r4 : 00720000
r3 : 17a5aca3 r2 : 00000000 r1 : 80f2201f r0 : 00000019
Flags: NzcV IRQs off FIQs off Mode SVC_32
Resetting CPU ...
resetting ...
To avoid such errors during authentication process, validate IVT structure
by calling validate_ivt function which checks the following values in an IVT:
IVT_HEADER = 0x4X2000D1
ENTRY != 0x0
RES1 = 0x0
DCD = 0x0 /* Recommended */
SELF != 0x0 /* Absoulute address of IVT */
CSF != 0x0
RES2 = 0x0
This commit also checks if Image's start address is 4 byte aligned.
commit "0088d127 MLK-14945 HAB: Check if IVT valid before authenticating image"
removed as this patch addresses the issue.
Signed-off-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
There are some changes to support ARM64 i.MX8M platform in this patches:
1. The hab_rvt base and function vectors are different as i.MX6/7
2. Need to bypass an workaround for i.MX6 to fix problem in MMU.
3. The x18 register needed save & restore before calling any HAB API. According
to ARM procedure call spec, the x18 is caller saved when it is used as
temporary register. So calling HAB API may scratch this register, and
cause crash once accessing the gd pointer.
On ARMv7, the r9 is callee saved when it is used as variable register. So
no need to save & restore it.
4. Add SEC_CONFIG fuse for iMX8M
When current EL is not EL3, the direct calling to HAB will fail because
CAAM/SNVS can't initialize at non-secure mode. In this case, we use
SIP call to run the HAB in ATF.
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
When loading kernel image, the image size is parsed from header, so it
does not include the CSF and IVT.
Add back the authenticate_image function to wrap the imx_hab_authenticate_image
with calculating IVT offset and full image size.
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Prior instantiating RNG we have to ensure if the CAAM job rings are
available. Avoid hardcoded job ring max size and use the definition at
fsl_sec.h
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Prior calling sec_in32() we have to ensure CAAM clock is enabled, the
function sec_in32() is reading CAAM registers and if CAAM clock is disabled
the system will hang.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The CAAM output ring size register offset is currently defined in fsl_sec.h
as FSL_CAAM_ORSR_JRa_OFFSET, use this definition to avoid hardcoded value in
i.MX common code.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
This code was originally developed by Raul Cardenas <raul.casas@nxp.com>
and modified to be applied in U-Boot imx_v2017.03.
More information about the initial submission can be seen
in the link below:
https://lists.denx.de/pipermail/u-boot/2016-February/245273.html
i.MX7D has an a protection feature for Manufacturing process.
This feature uses asymmetric encryption to sign and verify
authenticated software handled between parties. This command
enables the use of such feature.
The private key is unique and generated once per device.
And it is stored in secure memory and only accessible by CAAM.
Therefore, the public key generation and signature functions
are the only functions available for the user.
The manufacturing-protection authentication process can be used to
authenticate the chip to the OEM's server.
Command usage:
Print the public key for the device.
- mfgprot pubk
Generates Signature over given data.
- mfgprot sign <data_address> <data_size>
Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
