mirror of
				https://github.com/smaeul/u-boot.git
				synced 2025-10-26 17:48:26 +00:00 
			
		
		
		
	To being able to sign created binaries, we need to know the HAB Blocks for that image. Especially for the imximage type the HAB Blocks are only available during creation of the image. We want to preserve the information until we get to sign the files. In the verbose case we still get them printed out instead of writing to log files. Cc: sbabic@denx.de v2-Changes: - No usage of MKIMAGEOUTPUT_$(@F) macro. - Predefine default value /dev/null in every involved Makefile. Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com> Reviewed-by: George McCollister <george.mccollister@gmail.com> Tested-by: George McCollister <george.mccollister@gmail.com>
		
			
				
	
	
		
			189 lines
		
	
	
		
			5.7 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			189 lines
		
	
	
		
			5.7 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| U-Boot for Freescale i.MX6
 | |
| 
 | |
| This file contains information for the port of U-Boot to the Freescale i.MX6
 | |
| SoC.
 | |
| 
 | |
| 1. CONVENTIONS FOR FUSE ASSIGNMENTS
 | |
| -----------------------------------
 | |
| 
 | |
| 1.1 MAC Address: It is stored in fuse bank 4, with the 32 lsbs in word 2 and the
 | |
|     16 msbs in word 3[15:0].
 | |
|     For i.MX6SX and i.MX6UL, they have two MAC addresses. The second MAC address
 | |
|     is stored in fuse bank 4, with the 16 lsb in word 3[31:16] and the 32 msbs in 
 | |
|     word 4.
 | |
| 
 | |
| Example:
 | |
| 
 | |
| For reading the MAC address fuses on a MX6Q:
 | |
| 
 | |
| - The MAC address is stored in two fuse addresses (the fuse addresses are
 | |
| described in the Fusemap Descriptions table from the mx6q Reference Manual):
 | |
| 
 | |
| 0x620[31:0] - MAC_ADDR[31:0]
 | |
| 0x630[15:0] - MAC_ADDR[47:32]
 | |
| 
 | |
| In order to use the fuse API, we need to pass the bank and word values, which
 | |
| are calculated as below:
 | |
| 
 | |
| Fuse address for the lower MAC address: 0x620
 | |
| Base address for the fuses: 0x400
 | |
| 
 | |
| (0x620 - 0x400)/0x10 = 0x22 = 34 decimal
 | |
| 
 | |
| As the fuses are arranged in banks of 8 words:
 | |
| 
 | |
| 34 / 8 = 4 and the remainder is 2, so in this case:
 | |
| 
 | |
| bank = 4
 | |
| word = 2
 | |
| 
 | |
| And the U-Boot command would be:
 | |
| 
 | |
| => fuse read 4 2
 | |
| Reading bank 4:
 | |
| 
 | |
| Word 0x00000002: 9f027772
 | |
| 
 | |
| Doing the same for the upper MAC address:
 | |
| 
 | |
| Fuse address for the upper MAC address: 0x630
 | |
| Base address for the fuses: 0x400
 | |
| 
 | |
| (0x630 - 0x400)/0x10 = 0x23 = 35 decimal
 | |
| 
 | |
| As the fuses are arranged in banks of 8 words:
 | |
| 
 | |
| 35 / 8 = 4 and the remainder is 3, so in this case:
 | |
| 
 | |
| bank = 4
 | |
| word = 3
 | |
| 
 | |
| And the U-Boot command would be:
 | |
| 
 | |
| => fuse read 4 3
 | |
| Reading bank 4:
 | |
| 
 | |
| Word 0x00000003: 00000004
 | |
| 
 | |
| ,which matches the ethaddr value:
 | |
| => echo ${ethaddr}
 | |
| 00:04:9f:02:77:72
 | |
| 
 | |
| Some other useful hints:
 | |
| 
 | |
| - The 'bank' and 'word' numbers can be easily obtained from the mx6 Reference
 | |
| Manual. For the mx6quad case, please check the "46.5 OCOTP Memory Map/Register
 | |
| Definition" from the "i.MX 6Dual/6Quad Applications Processor Reference Manual,
 | |
| Rev. 1, 04/2013" document. For example, for the MAC fuses we have:
 | |
| 
 | |
| Address:
 | |
| 21B_C620	Value of OTP Bank4 Word2 (MAC Address)(OCOTP_MAC0)
 | |
| 
 | |
| 21B_C630	Value of OTP Bank4 Word3 (MAC Address)(OCOTP_MAC1)
 | |
| 
 | |
| - The command '=> fuse read 4 2 2' reads the whole MAC addresses at once:
 | |
| 
 | |
| => fuse read 4 2 2
 | |
| Reading bank 4:
 | |
| 
 | |
| Word 0x00000002: 9f027772 00000004
 | |
| 
 | |
| 2. Using imx_usb_loader for first install with SPL
 | |
| --------------------------------------------------
 | |
| 
 | |
| imx_usb_loader is a very nice tool by Boundary Devices that
 | |
| allow to install U-Boot without a JTAG debugger, using
 | |
| the USB boot mode as described in the manual. It is
 | |
| a replacement for Freescale's MFGTOOLS.
 | |
| 
 | |
| The sources can be found here:
 | |
| 
 | |
| 	https://github.com/boundarydevices/imx_usb_loader.git
 | |
| 
 | |
| Booting in USB mode, the i.MX6 announces itself to the Linux Host as:
 | |
| 
 | |
| Bus 001 Device 111: ID 15a2:0061 Freescale Semiconductor, Inc.
 | |
| 
 | |
| imx_usb_loader is able to download a single file (u-boot.imx)
 | |
| to the board. For boards without SPL support, it is enough to
 | |
| issue the command:
 | |
| 
 | |
| 	sudo ../imx_usb_loader/imx_usb -v u-boot.imx
 | |
| 
 | |
| Getting U-Boot when SPL support is active, it requires
 | |
| two downloads. imx_usb_loader downloads the SPL into
 | |
| OCRAM and starts it. SPL will check for a valid u-boot.img, and
 | |
| because it is not found, it will wait for it using the y-modem
 | |
| protocol via the console.
 | |
| 
 | |
| A first install is then possible by combining imx_usb_loader with
 | |
| another tool such as kermit.
 | |
| 
 | |
| sudo ../imx_usb_loader/imx_usb -v SPL
 | |
| kermit kermit_uboot
 | |
| 
 | |
| and kermit_uboot contains something like this (set line should be adjusted):
 | |
| 
 | |
| set line /dev/ttyUSB1
 | |
| set speed 115200
 | |
| SET CARRIER-WATCH OFF
 | |
| set flow-control none
 | |
| set handshake none
 | |
| set prefixing all
 | |
| set file type bin
 | |
| set protocol ymodem
 | |
| send u-boot.img
 | |
| c
 | |
| 
 | |
| The last "c" command tells kermit (from ckermit package in most distros)
 | |
| to switch from command line mode to communication mode, and when the
 | |
| script is finished, the U-Boot prompt is shown in the same shell.
 | |
| 
 | |
| 3. Using Secure Boot on i.MX6 machines with SPL support
 | |
| -------------------------------------------------------
 | |
| 
 | |
| This version of U-Boot is able to build a signable version of the SPL
 | |
| as well as a signable version of the U-Boot image. The signature can
 | |
| be verified through High Assurance Boot (HAB).
 | |
| 
 | |
| CONFIG_SECURE_BOOT is needed to build those two binaries.
 | |
| After building, you need to create a command sequence file and use
 | |
| Freescales Code Signing Tool to sign both binaries. After creation,
 | |
| the mkimage tool outputs the required information about the HAB Blocks
 | |
| parameter for the CSF. During the build, the information is preserved
 | |
| in log files named as the binaries. (SPL.log and u-boot-ivt.log).
 | |
| 
 | |
| More information about the CSF and HAB can be found in the AN4581.
 | |
| https://cache.freescale.com/files/32bit/doc/app_note/AN4581.pdf
 | |
| 
 | |
| We don't want to explain how to create a PKI tree or SRK table as
 | |
| this is well explained in the Application Note.
 | |
| 
 | |
| Example Output of the SPL (imximage) creation:
 | |
|  Image Type:   Freescale IMX Boot Image
 | |
|  Image Ver:    2 (i.MX53/6/7 compatible)
 | |
|  Mode:         DCD
 | |
|  Data Size:    61440 Bytes = 60.00 kB = 0.06 MB
 | |
|  Load Address: 00907420
 | |
|  Entry Point:  00908000
 | |
|  HAB Blocks:   00907400 00000000 0000cc00
 | |
| 
 | |
| Example Output of the u-boot-ivt.img (firmware_ivt) creation:
 | |
|  Image Name:   U-Boot 2016.11-rc1-31589-g2a4411
 | |
|  Created:      Sat Nov  5 21:53:28 2016
 | |
|  Image Type:   ARM U-Boot Firmware with HABv4 IVT (uncompressed)
 | |
|  Data Size:    352192 Bytes = 343.94 kB = 0.34 MB
 | |
|  Load Address: 17800000
 | |
|  Entry Point:  00000000
 | |
|  HAB Blocks:   0x177fffc0   0x0000   0x00054020
 | |
| 
 | |
| The CST (Code Signing Tool) can be downloaded from NXP.
 | |
| # Compile CSF and create signature
 | |
| ./cst --o csf-u-boot.bin < command_sequence_uboot.csf
 | |
| ./cst --o csf-SPL.bin < command_sequence_spl.csf
 | |
| # Append compiled CSF to Binary
 | |
| cat SPL csf-SPL.bin > SPL-signed
 | |
| cat u-boot-ivt.img csf-u-boot.bin > u-boot-signed.img
 | |
| 
 | |
| These two signed binaries can be used on an i.MX6 in closed
 | |
| configuration when the according SRK Table Hash has been flashed. |