884 Commits

Author SHA1 Message Date
Oliver Graute
fe133eb192 imx: support for conga-QMX8 board
Add i.MX8QM qmx8 congatec board support

U-Boot 2021.07-rc3-00528-gc9a966d9dd (May 31 2021 - 15:21:25 +0200)

CPU:   NXP i.MX8QM RevB A53 at 1200 MHz

Model: Congatec QMX8 Qseven series
Board: conga-QMX8
Build: SCFW 494c97f3, SECO-FW d63fdb21, ATF 09c5cc9
Boot:  SD2
DRAM:  6 GiB
MMC:   FSL_SDHC: 0, FSL_SDHC: 1, FSL_SDHC: 2
Loading Environment from MMC... OK
In:    serial@5a060000
Out:   serial@5a060000
Err:   serial@5a060000
switch to partitions #0, OK
mmc2 is current device
Net:
Error: ethernet@5b040000 address not set.
No ethernet found.

Hit any key to stop autoboot:  0

Signed-off-by: Oliver Graute <oliver.graute@kococonnector.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Ye Li <ye.li@nxp.com>
Cc: uboot-imx <uboot-imx@nxp.com>
2021-06-09 13:34:09 +02:00
Andrey Zhizhikin
6ac4d44806 arm: imx: imx8mm: correct unrecognized fracpll frequency
Frequency requested by ddrphy_init_set_dfi_clk from fracpll uses MHZ()
macro, which expands the value provided to the Hz range without taking into
account the precise Hz setting. This causes the frequency of 266 MHz not ot
be found in the imx8mm_fracpll_tbl, since it is entered there with a
precise Hz value. This in turn causes the boot hang in SPL, as proper DDR
fracpll frequency cannot be determined.

Correct the value in imx8mm_fracpll_tbl to match the one expanded by
MHZ(266) macro, rounding it down to MHz range only.

Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: "NXP i.MX U-Boot Team" <uboot-imx@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Ye Li <ye.li@nxp.com>
Fixes: 825ab6b406 ("driver: ddr: Refine the ddr init driver on imx8m")
Reviewed-by: Fabio Estevam <festevam@gmail.com>
2021-06-09 13:34:01 +02:00
Andrey Zhizhikin
d9a7f1a913 arm: imx: imx8mm: clock: make debug output more descriptive
Clock initialization functionality has ambitious debug messages, which are
printed out when failures are triggered during execution:
- Separate frequency table lookup functions have the the same output that
  makes it impossible to understand which function failed and produced the
  output
- PLL decoding routine has a generic debug statement printed, which does
  not state the actual value failed to be found

Extend the output for both cases with prefixing table lookup functions
output with function name, and report the failed value in PLL decoding
routine.

Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: "NXP i.MX U-Boot Team" <uboot-imx@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Ye Li <ye.li@nxp.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
2021-06-09 13:33:26 +02:00
Oleh Kravchenko
3675ac081a Add out4.ru O4-iMX-NANO board
Board designed for quick prototyping and has one microSD port,
2 Ethernet ports, 2 USB ports, I2C, SPI, CAN, RS-485, GPIO,
UART interfaces, and 2 RGB LEDs.

Signed-off-by: Oleh Kravchenko <oleg@kaa.org.ua>
Cc: Stefano Babic <sbabic@denx.de>
2021-06-09 13:32:42 +02:00
Giulio Benetti
0d90dec182 ARM: IMXRT: introduce is_imxrt*() macros and get_cpu_rev()
We need those macros to instruct drivers on how to behave for SoC specific
quirks, so let's add it as done for other i.MX SoCs.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
2021-06-09 13:03:33 +02:00
Giulio Benetti
55ad612306 arm: imxrt: soc: make mpu regions generic
This mpu handling works for every i.MXRT SoC that we have, so let's
generalize imxrt1050_region_config to imxrt_region_config.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
2021-06-09 13:01:33 +02:00
Marek Behún
e8bb990fe7 ARM: imx8m: fix imx_eqos_txclk_set_rate() type mismatch for LTO
When building imx8mp_evk_defconfig with LTO, the compiler complains
about type mismatch of function imx_eqos_txclk_set_rate() in file
  drivers/net/dwc_eth_qos.c:845:12
which contains a weak definition of this function, vs file
  arch/arm/mach-imx/imx8m/clock_imx8mm.c
which contains an implementation.

Change the type of this function in the implementation to fix this.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2021-05-24 14:21:30 -04:00
Marek Behún
86c5e21013 ARM: make gd a function call for LTO and set via set_gd()
On ARM, the gd pointer is stored in registers r9 / x18. For this the
-ffixed-r9 / -ffixed-x18 flag is used when compiling, but using global
register variables causes errors when building with LTO, and these
errors are very difficult to overcome.

Richard Biener says [1]:
  Note that global register vars shouldn't be used with LTO and if they
  are restricted to just a few compilation units the recommended fix is
  to build those CUs without -flto.

We cannot do this for U-Boot since all CUs use -ffixed-reg flag.

It seems that with LTO we could in fact store the gd pointer differently
and gain performance or size benefit by allowing the compiler to use
r9 / x18. But this would need more work.

So for now, when building with LTO, go the clang way, and instead of
declaring gd a global register variable, we make it a function call via
macro.

[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68384

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-05-24 14:21:30 -04:00
Ilko Iliev
7666cccf4f ARM:imx:imx8mq-cm: Add support for Ronetix iMX8MQ-CM
Supported peripherals: Ethernet, eMMC, Serial.

U-Boot SPL 2021.04-00911-g5fa1e2ffeb-dirty (Apr 23 2021 - 09:11:14
+0200)
Normal Boot
Trying to boot from MMC2

U-Boot 2021.04-00911-g5fa1e2ffeb-dirty (Apr 23 2021 - 09:11:14 +0200)

CPU:   Freescale i.MX8MQ rev2.1 at 1000 MHz
Reset cause: POR
Model: Ronetix iMX8M-CM SoM
DRAM:  1 GiB
WDT:   Started with servicing (60s timeout)
MMC:   FSL_SDHC: 0, FSL_SDHC: 1
Loading Environment from MMC... OK
In:    serial
Out:   serial
Err:   serial
Net:
Warning: ethernet@30be0000 (eth0) using random MAC address -
42:0d:e7:78:da:53
eth0: ethernet@30be0000
Hit any key to stop autoboot:  0
u-boot=>

Signed-off-by: Ilko Iliev <iliev@ronetix.at>
2021-05-02 12:46:54 +02:00
Ilko Iliev
fdd2f359e4 imx: Add support for Ronetix's iMX7-CM board
Console boot log:

U-Boot SPL 2021.04-00836-ga6232e065d-dirty (Apr 16 2021 - 15:16:35 +0200)
Trying to boot from MMC1

U-Boot 2021.04-00836-ga6232e065d-dirty (Apr 16 2021 - 15:16:35 +0200)

CPU:   Freescale i.MX7D rev1.3 1000 MHz (running at 792 MHz)
CPU:   Commercial temperature grade (0C to 95C) at 44C
Reset cause: POR
Model: Ronetix iMX7-CM Board
Board: iMX7-CM
DRAM:  512 MiB
PMIC:  PFUZE3000 DEV_ID=0x30 REV_ID=0x11
MMC:   FSL_SDHC: 0, FSL_SDHC: 2
Loading Environment from MMC... OK
In:    serial
Out:   serial
Err:   serial
Net:
Warning: ethernet@30be0000 (eth0) using random MAC address - fe:be:37:01:5a:3f
eth0: ethernet@30be0000
Hit any key to stop autoboot:  0

Signed-off-by: Ilko Iliev <iliev@ronetix.at>
2021-05-02 12:46:54 +02:00
Tim Harvey
35fc3713a3 imx: mkimage_fit_atf: fix file size reporting
instead using ls and awk to determine file size use stat instead.
This fixes an invalid size reporting for user or group names that have
spaces in them.

This adds a dependency on the stat application which is part of
the coreutils package which also includes ls.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2021-05-02 12:46:54 +02:00
Ying-Chun Liu (PaulLiu)
53b516c58d arm: imx8m: add support for Compulab iot-gate-imx8 (imx8mm-cl-iot-gate)
Add initial support for Compulab iot-gate-imx8 board (imx8mm-cl-iot-gate).
The initial support includes:
 - MMC
 - eMMC
 - I2C
 - FEC
 - Serial console

Signed-off-by: Kirill Kapranov <kirill.kapranov@compulab.co.il>
Signed-off-by: Uri Mashiach <uri.mashiach@compulab.co.il>
Signed-off-by: Valentin Raevsky <valentin@compulab.co.il>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
Cc: Peter Robinson <pbrobinson@gmail.com>
2021-05-02 12:46:54 +02:00
Jagan Teki
7e0daa924a board: imx8mm: Add Engicam i.Core MX8M Mini C.TOUCH 2.0
Engicam C.TOUCH 2.0 is an EDIMM compliant general purpose Carrier
board.

Genaral features:
- Ethernet 10/100
- Wifi/BT
- USB Type A/OTG
- Audio Out
- CAN
- LVDS panel connector

i.Core MX8M Mini is an EDIMM SoM based on NXP i.MX8M Mini from Engicam.

i.Core MX8M Mini needs to mount on top of this Carrier board for
creating complete i.Core MX8M Mini C.TOUCH 2.0 board.

Linux dts commit details:

commit <a142252061ff> ("arm64: dts: imx8mm: Add Engicam i.Core MX8M Mini
C.TOUCH 2.0")

Add support for it.

Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
2021-05-02 12:46:54 +02:00
Jagan Teki
e3409a4cb7 board: imx8mm: Add Engicam i.Core MX8M Mini EDIMM2.2 Starter Kit
Engicam EDIMM2.2 Starter Kit is an EDIMM 2.2 Form Factor Capacitive
Evaluation Board.

Genaral features:
- LCD 7" C.Touch
- microSD slot
- Ethernet 1Gb
- Wifi/BT
- 2x LVDS Full HD interfaces
- 3x USB 2.0
- 1x USB 3.0
- HDMI Out
- Mini PCIe
- MIPI CSI
- 2x CAN
- Audio Out

i.Core MX8M Mini is an EDIMM SoM based on NXP i.MX8M Mini from Engicam.

i.Core MX8M Mini needs to mount on top of this Evaluation board for
creating complete i.Core MX8M Mini EDIMM2.2 Starter Kit.

Linux dts commit details:

commit <051c08eea682> ("arm64: dts: imx8mm: Add Engicam i.Core MX8M Mini
EDIMM2.2 Starter Kit")

Add support for it.

Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
2021-05-02 12:46:54 +02:00
Tom Rini
4bbcec08eb arm: Remove mx6dlarm2 board
This board has not been converted to CONFIG_DM_MMC by the deadline.
Remove it.

Cc: Jason Liu <jason.hui.liu@nxp.com>
Cc: Ye Li <ye.li@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-04-10 08:03:55 -04:00
Tom Rini
178d70b5b3 arm: Remove cgtqmx6eval board
This board has not been converted to CONFIG_DM_MMC by the deadline.
Remove it.

Cc: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-04-10 08:03:55 -04:00
Tom Rini
defd0dcfb9 arm: Remove titanium board
This board has not been converted to CONFIG_DM_MMC by the deadline.
Remove it.

Cc: Stefan Roese <sr@denx.de>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-04-10 08:03:55 -04:00
Tom Rini
80b386abe3 arm: Remove ts4800 board
This board has not been converted to CONFIG_DM_MMC by the deadline.
Remove it.

Cc: Lucile Quirion <lucile.quirion@savoirfairelinux.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-04-10 08:03:55 -04:00
Tom Rini
4d24862848 arm: Remove mx53evk board
This board has not been converted to CONFIG_DM_MMC by the deadline.
Remove it.

Cc: Jason Liu <jason.hui.liu@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-04-10 08:03:30 -04:00
Tom Rini
397a43dc56 arm: Remove pfla02 board
This board has not been converted to CONFIG_DM_MMC by the deadline.
Remove it.

Cc: Stefano Babic <sbabic@denx.de>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-04-10 08:03:30 -04:00
Tom Rini
a0cacddcaf arm: Remove zc5202 and zc5601 boards
These boards have not been converted to CONFIG_DM_MMC by the deadline.
Remove them.

Cc: Stefano Babic <sbabic@denx.de>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-04-10 08:03:29 -04:00
Tom Rini
ddfc004009 arm: Remove xpress board
This board has not been converted to CONFIG_DM_MMC by the deadline.
Remove it.

Cc: Stefan Roese <sr@denx.de>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-04-10 08:02:03 -04:00
Tom Rini
96f599009a arm: Remove platinum_picon board
This board has not been converted to CONFIG_DM_MMC by the deadline.
Remove it.

Cc: Stefan Roese <sr@denx.de>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-04-10 08:01:10 -04:00
Tom Rini
56124508ce arm: Remove secomx6quq7 board
This board has not been converted to CONFIG_DM_MMC by the deadline.
Remove it.

Cc: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-04-10 08:00:45 -04:00
Tom Rini
be3dec48b0 arm: Remove ts4600 board
This board has not been converted to CONFIG_DM_MMC by the deadline.
Remove it.

Cc: Sebastien Bourdelin <sebastien.bourdelin@savoirfairelinux.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-04-10 07:59:35 -04:00
Tom Rini
0fa6bafa89 arm: Remove sc_sps_1 board
This board has not been converted to CONFIG_DM_MMC by the deadline.
Remove it.

Cc: Marek Vasut <marek.vasut@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-04-10 07:59:34 -04:00
Tom Rini
b40186fc7e arm: Remove SANSA_FUZE_PLUS board
This board has not been converted to CONFIG_DM_MMC by the deadline.
Remove it.

Cc: Marek Vasut <marek.vasut@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-04-10 07:59:34 -04:00
Tom Rini
539fba2c10 arm: Remove xfi3 board
This board has not been converted to CONFIG_DM_MMC by the deadline.
Remove it.

Cc: Marek Vasut <marek.vasut@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-04-10 07:59:30 -04:00
Tom Rini
c861d21cba arm: Remove ot1200 board
This board relies on using CONFIG_LIBATA but does not enable CONFIG_AHCI.  The
deadline for this conversion was the v2019.07 release.  In order to
convert to using the DWC SATA driver under DM further migrations are
required.

Cc: Christian Gmeiner <christian.gmeiner@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Acked-by: Christian Gmeiner <christian.gmeiner@gmail.com>
2021-04-10 07:57:42 -04:00
Tom Rini
d8d3b77fc2 arm: Remove dms-ba16 board
This board relies on using CONFIG_LIBATA but does not enable CONFIG_AHCI.  The
deadline for this conversion was the v2019.07 release.  The use of CONFIG_AHCI
requires CONFIG_DM.  The deadline for this conversion was v2020.01.  Remove
this board.

Cc: Akshay Bhat <akshaybhat@timesys.com>
Cc: Ken Lin <Ken.Lin@advantech.com.tw>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-04-10 07:57:29 -04:00
Max Krummenacher
2fc93e5baf imx: bootaux fix elf loading
This reverts the arch/arm/mach-imx/imx_bootaux.c changes of commit
805b3cac1e0c. The loader function name was changed so that it does
not clash with the generically available function in lib/elf.c.

imx-bootaux loads an elf file linked for an auxilary core. Thus the
loader function requires address translation from the auxilary core's
address space to where those are mapped into U-Boot's address space.

So the elf loader is specific and must not be replaced with a generic
loader which doesn't provide the address translation functionality.

Fixes commit 805b3cac1e0c ("lib: elf: Move the generic elf
loading/validating functions to lib")

Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Acked-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
2021-04-08 23:59:50 +02:00
Marek Vasut
09d86eab14 ARM: imx: Add OCRAM_S into iMX8M MMU tables
The OCRAM_S is regular memory, just like the OCRAM, add it to the MMU
tables so it can be used and cached.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
2021-04-08 20:29:53 +02:00
Peng Fan
1e4ed2d69d imx8mp-evk: switch to use binman
Use binman to pack images

Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 20:29:53 +02:00
Peng Fan
d6afc6b3a0 imx8mn-evk: switch to use binman
Use binman to pack images.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 20:29:53 +02:00
Peng Fan
353dfe4b43 imx8mn-ddr4-evk: switch to use binman
Use binman to pack images

Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 20:29:53 +02:00
Peng Fan
8996e6b7c6 imx8mm_evk: switch to use binman to pack images
Use binman to pack images

Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 20:29:53 +02:00
Clement Faure
69f542ca2b imx8: Add DEK blob encapsulation
Add DEK encapsulation support for imx8. The DEK blob is generated by the
SECO through the SCFW API.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 20:29:52 +02:00
Clement Faure
56d2050f40 imx8m: Add DEK blob encapsulation for imx8m
Add DEK blob encapsulation support for IMX8M through "dek_blob" command.
On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob
for encrypted boot.
The DEK blob is encapsulated by OP-TEE through a trusted application call.
U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE
dynamic shared memory.

To enable the DEK blob encapsulation, add to the defconfig:
CONFIG_SECURE_BOOT=y
CONFIG_FAT_WRITE=y
CONFIG_CMD_DEKBLOB=y

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 20:29:52 +02:00
Clement Le Marquis
613cf239ed imx: caam: new u-boot command to set PRIBLOB bitfield from CAAM SCFGR register to 0x3
It is highly recommended to set the PRIBLOB bitfield to 0x3 once your
encrypted boot image has booted up, this prevents the generation of new
blobs that can be used to decrypt an encrypted boot image. The PRIBLOB is
a sticky type bit and cannot be changed until the next power on reset.

Add the set_priblob_bitfield U-Boot command to prevent the generation of
new blobs.

Signed-off-by: Clement Le Marquis <clement.lemarquis@nxp.com>
Acked-by: Ye Li <Ye.Li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 20:29:52 +02:00
Aymen Sghaier
940d36d5d1 crypto: caam: Add CAAM support to i.MX8M platforms
This patch enable CAAM support for i.MX8M platforms.

Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 09:18:29 +02:00
Franck LENORMAND
b543800241 caam: enable support for iMX7ULP
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 09:18:29 +02:00
Ye Li
e149b98c11 imx: cmd_dek: Enable DEK only for chips supporting CAAM
Since cmd_dek is using CAAM JR, so enable the CMD_DEK only when
HAS_CAAM is set

Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 09:18:29 +02:00
Ye Li
41b230bf29 iMX8M: Add support to enable CONFIG_IMX_HAB
Add some SOC level codes and build configurations to use HAB lib for
CONFIG_IMX_HAB (secure boot), like adding the SEC_CONFIG fuse, enable
fuse driver, CAAM clock function, and add CAAM secure RAM to MMU table.

The FSL_CAAM is temporally not enabled for iMX8M when CONFIG_IMX_HAB is set,
because we don't need the CAAM driver for SPL.

Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 09:18:29 +02:00
Breno Lima
e449e2d405 imx: hab: Fix build warnings in 32-bit targets
When building 32-bit targets with CONFIG_SECURE_BOOT and DEBUG enabled
the following warnings are displayed:

arch/arm/mach-imx/hab.c:840:41: warning: format '%lx' expects argument \
of type 'long unsigned int', but argument 3 has type 'uint32_t \
{aka unsigned int}' [-Wformat=]
   printf("HAB check target 0x%08x-0x%08lx fail\n",
                                     ~~~~^
                                     %08x
          ddr_start, ddr_start + bytes);

arch/arm/mach-imx/hab.c:845:45: warning: format '%x' expects argument \
of type 'unsigned int', but argument 3 has type 'ulong \
{aka long unsigned int}' [-Wformat=]
  printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr);
                                            ~^
                                            %lx

Fix warnings by providing the correct data type.

Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 09:18:29 +02:00
Breno Lima
58f75efeaf mx7ulp: hab: Add hab_status command for HABv4 M4 boot
When booting in low power or dual boot modes the M4 binary is
authenticated by the M4 ROM code.

Add an option in hab_status command so users can retrieve M4 HAB
failure and warning events.

=> hab_status m4

   Secure boot disabled

   HAB Configuration: 0xf0, HAB State: 0x66
   No HAB Events Found!

Add command documentation in mx6_mx7_secure_boot.txt guide.

As HAB M4 API cannot be called from A7 core the code is parsing
the M4 HAB persistent memory region. The HAB persistent memory
stores HAB events, public keys and others HAB related information.

The HAB persistent memory region addresses and sizes can be found
in AN12263 "HABv4 RVT Guidelines and Recommendations".

Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 09:18:29 +02:00
Breno Lima
f217470b39 imx: hab: Check if IVT header is HABv4
The HABv4 implementation in ROM checks if HAB major version
in IVT header is 4.x.

The current implementation in hab.c code is only validating
HAB v4.0 and HAB v4.1 and may be incompatible with newer
HABv4 versions.

Modify verify_ivt_header() function to align with HABv4
implementation in ROM code.

Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 09:18:29 +02:00
Utkarsh Gupta
cd8355664d imx: hab: Display All HAB events via hab_status command
Add ability for hab_status command to show All HAB events and not just
HAB failure events

Signed-off-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 09:18:29 +02:00
Breno Lima
1d756add3c imx: hab: Enable hab.c to authenticate additional images in open configuration
Currently it's not possible to authenticate additional boot images in HAB
open configuration.

The hab.c code is checking if the SEC_CONFIG[1] fuse is programmed prior
to calling the hab_authenticate_image() API function. Users cannot check
if their additional boot images has been correctly signed prior to closing
their device.

Enable hab.c to authenticate additional boot images in open mode so HAB
events can be retrieved through get_hab_status() function.

Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 09:18:29 +02:00
Ye Li
1dc295148a hab: Change calling to ROM API failsafe
Modify to use hab_rvt_failsafe function for failsafe ROM API, not
directly call its ROM address. This function will wrap the sip call for iMX8M
platforms.

Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 09:18:29 +02:00
Utkarsh Gupta
fe8acf556c imx: HAB: Validate IVT before authenticating image
Calling csf_is_valid() with an un-signed image may lead to data abort
as the CSF pointer could be pointing to a garbage address when accessed
in HAB_HDR_LEN(*(const struct hab_hdr *)(ulong)ivt_initial->csf).

Authenticate image from DDR location 0x80800000...
Check CSF for Write Data command before authenticating image
data abort
pc : [<fff5494c>]          lr : [<fff54910>]
reloc pc : [<8780294c>]    lr : [<87802910>]
sp : fdf45dc8  ip : 00000214     fp : 00000000
r10: fffb6170  r9 : fdf4fec0     r8 : 00722020
r7 : 80f20000  r6 : 80800000     r5 : 80800000  r4 : 00720000
r3 : 17a5aca3  r2 : 00000000     r1 : 80f2201f  r0 : 00000019
Flags: NzcV  IRQs off  FIQs off  Mode SVC_32
Resetting CPU ...

resetting ...

To avoid such errors during authentication process, validate IVT structure
by calling validate_ivt function which checks the following values in an IVT:

IVT_HEADER = 0x4X2000D1
ENTRY != 0x0
RES1 = 0x0
DCD = 0x0       /* Recommended */
SELF != 0x0     /* Absoulute address of IVT */
CSF != 0x0
RES2 = 0x0

This commit also checks if Image's start address is 4 byte aligned.

commit "0088d127 MLK-14945 HAB: Check if IVT valid before authenticating image"
removed as this patch addresses the issue.

Signed-off-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 09:18:29 +02:00