| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fix an URL for downloading the SCFW binary for an Apalis iMX8X
and improve u-boot image build instructions.
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Since Toradex provides the full set of overlays for Linux kernel
for display interfaces for both Apalis iMX6Q and Colibri iMX6DL
modules, the video= settings are obsolete. Remove them.
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
All the other boards have tdxargs specified for setting manual kernel
command-line arguments. Add them also to NAND-based boards.
Signed-off-by: Philippe Schenker <philippe.schenker@toradex.com>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Remove duplicate of mmc0, set this boot order:
1) SD
2) eMMC
3) USB
4) DHCP boot
Fixes: 0e15165bc4e0 ("colibri_imx6: boot env configuration updates")
Signed-off-by: Igor Opaniuk <igor.opaniuk@toradex.com>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 03f1f78a9b44 ("spl: fit: Prefer a malloc()'d buffer for loading images")'
changed the way buffer allocation worked for SPL to a more flexible
method.
For venice this caused breakage that is resolved by increasing the size
of CONFIG_SYS_SPL_MALLOC_SIZE as the current FIT slighly exceeds 512KiB.
Additionally remove the unnecessary comment on CONFIG_SPL_BSS_MAX_SIZE
and CONFIG_SYS_SPL_MALLOC_SIZE as the size is obvious from the define.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
use dm_i2c_probe instead of i2c_get_chip which appears to be more
reliable.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Use my personal e-mail address for U-Boot related work.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Enable driver model for SPI which allows us to remove the iomux
and init.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Enable driver model for MTD and NAND support allowing us to remove
the iomux, init, and most of the static configuration.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Enable driver model support for MMC and SATA.
Note that DM_MMC requires aliases for your mmc devices so
they are added to the dts. Linux does not support enumerating mmc
devices by alias so these are not present in the Linux dts.
Note that we still need board_mmc_init() and board_mmc_getcd() for
not DM SPL to support MMC.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Enable dm support for USB (which also requires dm support for fixed
regulators used for vbus enable) and remove usb iomux which is no
longer needed.
We can remove the handling of otgpwr_en gpio as this is defined in
dt as usbotg vbus-supply but we need to keep the handling of
USB_HUB_RST# for boards that have a USB HUB as that isn't defined in
the dt's currently.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Once the IMX6 pinctrl driver is added UART is fully using driver mode
so we no longer need to config and initialize it.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In preparation for dm conversion convert to OF_CONTROL by adding FIT image
support and multi dtb.
Add a board_fit_config_name_match to match the dtb based off of EEPROM
model.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The fsl-usb dt bindings in Linux default dr_mode to 'host' for
backward compatibility however U-Boot prints an error if
this property does not exist. Declare it in the Gateworks
Ventana device-trees to avoid the error.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add Gateworks Ventana dts/dtsi files from Linux 5.11 in preparation for
conversion to driver-model.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add td1997x header from Linux to be included by dts files.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add a weak nand_get_mtd function for nand drivers to provide mtd info
and use this to set pagesize such that reading of non page-aligned
elements can succeed.
The spl_load_simple_fit already handles block block access so all we
need to do is provide the nand writesize as the block length.
Further cleanup of the drivers which use nand_spl_loaders.c such as
am335x_spl_bch.c, atmel_nand.c, and nand_spl_simple.c could be done
using info from mtd_info instead of statically defined details.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 9f6a14c47ff9 ("spl: fit: nand: fix fit loading in case of bad blocks")
added support for adjusting the image offset to account for bad blocks.
However this requires nand_spl_adjust_offset() which requires fully defined
specifics of the NAND chip being used may not be avialable.
Allow skipping this support for drivers or configs which don't specify
the NAND chip details statically with defines.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The OCRAM_S is regular memory, just like the OCRAM, add it to the MMU
tables so it can be used and cached.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
update doc after using binman to pack images
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Use binman to pack images
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Update doc after using binman to pack images
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Use binman to pack images.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Use binman to pack images
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Update doc after switch to binman to pack images
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Use binman to pack images
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previous patch "MLK-18044-4: crypto: caam: Fix pointer size to 32bit
for i.MX8M" breaks the 64 bits CAAM.
Since i.MX CAAM are all 32 bits no matter the ARM arch (32 or 64),
to adapt and not break 64 bits CAAM support, add a new config
CONFIG_CAAM_64BIT and new relevant type "caam_dma_addr_t".
This config is default enabled when CONFIG_PHYS_64BIT is set except
for iMX8M.
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The signature is generated using manufacturing protection private key.
Fix typo in fsl_mfgprot.c.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add DEK encapsulation support for imx8. The DEK blob is generated by the
SECO through the SCFW API.
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add DEK blob encapsulation support for IMX8M through "dek_blob" command.
On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob
for encrypted boot.
The DEK blob is encapsulated by OP-TEE through a trusted application call.
U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE
dynamic shared memory.
To enable the DEK blob encapsulation, add to the defconfig:
CONFIG_SECURE_BOOT=y
CONFIG_FAT_WRITE=y
CONFIG_CMD_DEKBLOB=y
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
register to 0x3
It is highly recommended to set the PRIBLOB bitfield to 0x3 once your
encrypted boot image has booted up, this prevents the generation of new
blobs that can be used to decrypt an encrypted boot image. The PRIBLOB is
a sticky type bit and cannot be changed until the next power on reset.
Add the set_priblob_bitfield U-Boot command to prevent the generation of
new blobs.
Signed-off-by: Clement Le Marquis <clement.lemarquis@nxp.com>
Acked-by: Ye Li <Ye.Li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In i.MX8M platforms the secure memory block has a newer version
than those used in i.MX6/7 platforms, this patch update the driver
to use the correct registers offsets.
Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The CAAM block used in i.MX8M is 32 bits address size but when the flag
PHYS_64BIT is enabled for armv8, the CAAM driver will try to use a
wrong pointer size.
This patch fixes this issue.
Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This patch enable blob command for mScale platforms.
Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Enabling CAAM driver for i.MX8M platforms, a 64 bits architecture,
lead to casting warnings: from/to pointer to/from integer with
different size. This patch fix these warnings
Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This patch enable CAAM support for i.MX8M platforms.
Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
U-Boot can instantiate CAAM RNG if needed by crypto operations.
Call sec_init() prior running a blob operation to ensure
RNG is correctly instantiated.
Make sure CAAM clock is enabled and check if a job ring is
available for that operation.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In order to build CMD_BLOB on i.MX CAAM supported devices it's
necessary to select IMX_HAB. Add IMX_HAB and CAAM supported
SoCs as dependency.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Since commit 8891410c729b ("MLK-19848 mx6dq: Fix chip version issue for
rev1.3") it's not possible to call the HAB API functions on i.MX6DQ
SoC Rev 1.3:
Authenticate image from DDR location 0x12000000...
undefined instruction
pc : [<412c00dc>] lr : [<8ff560bc>]
reloc pc : [<c8b6d0dc>] lr : [<178030bc>]
sp : 8ef444a8 ip : 126e8068 fp : 8ff59aa8
r10: 8ffd51e4 r9 : 8ef50eb0 r8 : 006e8000
r7 : 00000000 r6 : 126ea01f r5 : 0000002b r4 : 126e8000
r3 : 412c00dd r2 : 00000001 r1 : 00000001 r0 : 00000063
Flags: nzCv IRQs off FIQs off Mode SVC_32
Resetting CPU ...
resetting ...
The hab.h code is defining the HAB API base address according to the
old SoC revision number, thus failing when calling the HAB API
authenticate_image() function.
Fix this issue by using mx6dq rev 1.3 instead of mx6dq rev 1.5.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Since cmd_dek is using CAAM JR, so enable the CMD_DEK only when
HAS_CAAM is set
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add some SOC level codes and build configurations to use HAB lib for
CONFIG_IMX_HAB (secure boot), like adding the SEC_CONFIG fuse, enable
fuse driver, CAAM clock function, and add CAAM secure RAM to MMU table.
The FSL_CAAM is temporally not enabled for iMX8M when CONFIG_IMX_HAB is set,
because we don't need the CAAM driver for SPL.
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The blob command is not working on i.MX7D, i.MX8MQ and i.MX8MM
devices.
Due to different cache management it's necessary to flush dcache
range for destination address so data can be available in memory.
Add necessary operations in blob_encap() and blob_decap() functions.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The imx8mm has changed the address of rvt_hab, use new address for imx8mm.
The authentication procedure is same as imx8mq. In u-boot, the authentication
uses SIP call to trap ATF to run HAB authenticate.
Users need to add CONFIG_SECURE_BOOT=y to defconfig to enable the feature.
Signed-off-by: Ye Li <ye.li@nxp.com>
Acked-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When building 32-bit targets with CONFIG_SECURE_BOOT and DEBUG enabled
the following warnings are displayed:
arch/arm/mach-imx/hab.c:840:41: warning: format '%lx' expects argument \
of type 'long unsigned int', but argument 3 has type 'uint32_t \
{aka unsigned int}' [-Wformat=]
printf("HAB check target 0x%08x-0x%08lx fail\n",
~~~~^
%08x
ddr_start, ddr_start + bytes);
arch/arm/mach-imx/hab.c:845:45: warning: format '%x' expects argument \
of type 'unsigned int', but argument 3 has type 'ulong \
{aka long unsigned int}' [-Wformat=]
printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr);
~^
%lx
Fix warnings by providing the correct data type.
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When booting in low power or dual boot modes the M4 binary is
authenticated by the M4 ROM code.
Add an option in hab_status command so users can retrieve M4 HAB
failure and warning events.
=> hab_status m4
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!
Add command documentation in mx6_mx7_secure_boot.txt guide.
As HAB M4 API cannot be called from A7 core the code is parsing
the M4 HAB persistent memory region. The HAB persistent memory
stores HAB events, public keys and others HAB related information.
The HAB persistent memory region addresses and sizes can be found
in AN12263 "HABv4 RVT Guidelines and Recommendations".
Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The HABv4 implementation in ROM checks if HAB major version
in IVT header is 4.x.
The current implementation in hab.c code is only validating
HAB v4.0 and HAB v4.1 and may be incompatible with newer
HABv4 versions.
Modify verify_ivt_header() function to align with HABv4
implementation in ROM code.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add ability for hab_status command to show All HAB events and not just
HAB failure events
Signed-off-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
