The patch implements secure booting for the mvebu architecture.
This includes:
- The addition of secure headers and all needed signatures and keys in
mkimage
- Commands capable of writing the board's efuses to both write the
needed cryptographic data and enable the secure booting mechanism
- The creation of convenience text files containing the necessary
commands to write the efuses
The KAK and CSK keys are expected to reside in the files kwb_kak.key and
kwb_csk.key (OpenSSL 2048 bit private keys) in the top-level directory.
Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Roese <sr@denx.de>
The function image_create_config_parse_oneline is pretty complex, and
since more parameters will be added to support secure booting, we
refactor the function to make it more readable.
Also, when a line contained just a keyword without any parameters,
strtok_r returned NULL, which was then indiscriminately fed into atoi,
causing a segfault. To correct this, we add a NULL check before feeding
the extracted token to atoi, and print an error message in case the
token is NULL.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
In preparation of adding the creation of secure headers, we factor the
add_binary_header_v1 function out of the image_create_v1 function.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
The parameter 'params' of the image_headersz_v1 function is never used
by the function.
Hence, remove it.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
This patch reduces the scope of some variables.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
Arithmetic with void pointers, e.g. a - b where both a and b are void
pointers, is undefined in the C standard. Since we are operating with
byte data here, we switch the void pointers to uint8_t pointers, and add
the necessary casts.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
Fix some style violations:
- nine instances of missing blank lines after declarations
- one overly long line
- one split string (which also rewords an error message more concisely)
- two superfluous else
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
To enable secure boot, we need to jump back into the BootROM to continue
the SoC's boot process instead of letting the SPL load and run the main
U-Boot image.
But, since the u-boot-spl.img (including the 64 byte header) is loaded
by the SoC as the main image, we need to compensate for the header
length to get a correct entry point.
Thus, we subtract the header size from the destination address, so that
the execution address points at the actual entry point of the image.
The current boards ignore both parameters anyway, so this change shouldn't
concern them.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
This patch adds a function to the TPM library, which allows U-Boot to
flush resources, e.g. keys, from the TPM.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Roese <sr@denx.de>
ddaa905 ("arm: mvebu: Add DM (driver model) support") removed the
assignment of the gd pointer, but kept the (now superfluous) declaration
of the gd pointer.
Remove this declaration.
Signed-off-by: Reinhard Pfau <pfau@gdsys.de>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
Allow boards to do some initialization when PCIe comes up.
Signed-off-by: Dirk Eibach <dirk.eibach@gdsys.cc>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
Add support for Marvell 88E1680 Integrated Octal
10/100/1000 Mbps Energy Efficient Ethernet Transceiver.
Signed-off-by: Dirk Eibach <dirk.eibach@gdsys.cc>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Stefan Roese <sr@denx.de>
Armada 38x has four PCI ports, not three.
The optimization in pci_init_board() seems to assume that every port has
three lanes. This is obviously wrong, and breaks support for Armada 38x.
Signed-off-by: Dirk Eibach <dirk.eibach@gdsys.cc>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
Now that the SD/SDIO/MMC DT properties are updated in the Marvell
A3700 and A7/8k DT files, we need to match the checks for compatible
node in the PHY driver as well.
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Kostya Porotchkin <kostap@marvell.com>
Cc: Nadav Haklai <nadavh@marvell.com>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
- Fix clk driver
- Optimize DRAM init code for LD20 SoC
- Get DRAM information from more reliable source
- Clean up SoC init code
- Allow to use Image.gz for booting ARM64 Linux
- Tidy up environments to use with ATF
- Clean up I2C drivers
The readl_poll_timeout() is a useful helper to poll registers
and error out if the condition is not met.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Currently, SPL (u-boot-spl.bin) and U-Boot (u-boot.bin) are stored
in non-volatile devices, and some environments are defined to update
the images easily.
When ARM Trusted Firmware is fully used, SPL is not used. U-Boot
proper is contained as BL33 into FIP (Firmware Image Package), which
is standard container used by ATF. Allow to use it.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The Boot ROM supports authentication feature to prevent malformed
software from being run on products. The signature is added at the
tail of the second stage loader (= SPL in U-boot terminology).
The size of the second stage loader was 64KB, and it was consistent
across SoCs. The situation changed when LD20 SoC appeared; it loads
80KB second stage loader, and it is the only exception.
Currently, CONFIG_SPL_PAD_TO is set to 64KB and U-Boot proper is
loaded from the 64KB offset of non-volatile devices. This means the
signature of LD20 SoC (located at 80KB offset) corrupts the U-Boot
proper image.
Let's move the U-Boot proper image to 128KB offset. It uses 48KB
for nothing but padding, and we could actually locate the U-Boot
proper at 80KB offset. However, the power of 2 generally seems a
better choice for the offset address.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
When ARM Trusted Firmware is used, bl1.bin + fip.bin exceeds 512KB,
so the boot image and the current environment area will overlap.
Move the environment storage to 1MB offset.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The boot_ramdisk_high() checks the environment "initrd_high" and,
if it is set to (ulong)-1, skip the initrd relocation. This is
useful for faster booting when we know the initrd is already located
within the reach of the kernel.
Change "norboot" to copy images in order to make it work without
depending on the automatic relocation.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The ARM64 Linux raw image now amounts to 15MB and it is getting
bigger and bigger. Using Image.gz saves about 8MB. The cost of
unzip is smaller than what we get by saving the kernel loading
from non-volatile devices.
The ARM32 Linux still uses zImage, a self-decompressor image,
so it should not be affected.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
For clarification, move CONFIG symbols that affect SPL building
into a single place. Drop #ifdef CONFIG_SPL ... #endif since it is
harmless to define CONFIG_SPL_... during U-Boot proper building.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
It seems more readable to use arrays to get SoC specific parameters
instead of the crappy switch statement.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
For LD20 SoC, the last 64 byte of each DRAM bank is used for the
dynamic training of DRAM PHY. The regions must be reserved in DT to
prevent the kernel from using them. Now gd->bd->bi_dram reflects
the actual memory banks. Just use it instead of getting access to
the board parameters.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
U-Boot needs to set up available memory area(s) in dram_init() and
dram_init_banksize(). It is platform-dependent how to detect the
memory banks. Currently, UniPhier adopts the memory banks _alleged_
by DT. This is based on the assumption that users bind a correct DT
in their build process.
Come to think of it, the DRAM controller has already been set up
before U-Boot is entered (because U-Boot runs on DRAM). So, the
DRAM controller setup register seems a more reliable source of any
information about DRAM stuff. The DRAM banks are initialized by
preliminary firmware (SPL, ARM Trusted Firmware BL2, or whatever),
so this means the source of the reliability is shifted from Device
Tree to such early-stage firmware. However, if the DRAM controller
is wrongly configured, the system will crash. If your system is
running, the DRAM setup register is very likely to provide the
correct DRAM mapping.
Decode the SG_MEMCONF register to get the available DRAM banks.
The dram_init() and dram_init_banksize() need similar decoding.
It would be nice if dram_init_banksize() could reuse the outcome
of dram_init(), but global variables are unavailable at this stage
because the .bss section is available only after the relocation.
As a result, SG_MEMCONF must be checked twice, but a new helper
uniphier_memconf_decode() will help to avoid code duplication.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The two arrays ddrphy_{op,ip}_dq_shift_val, occupy more than 3.8 KB
memory footprint, which is significant in SPL.
There are PHY parameters for 5 boards, but they are actually not
board specific, but SoC specific. After all, we just need to have
2 patterns, for LD20 and LD21. Also, the shift values are small
enough to become "short" type instead of "int". This change will
save about 3 KB memory footprint.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Commit ec6617c397 ("armv8: Support loading 32-bit OS in AArch32
execution state") broke SMP boot by assuming that an image is 32-bit if
the arch field in the spin table != IH_ARCH_DEFAULT (i.e.
IH_ARCH_ARM64), even if the arch field also does not match IH_ARCH_ARM,
even though nothing actually set the arch field in the spin table.
Commit e2c18e40b1 ("armv8: fsl-layerscape: SMP support for loading
32-bit OS") fixed this for bootm by setting the arch field of the spin
table based on images.os.arch, but booti remaineed broken because it did
not set images.os.arch.
Fixes: ec6617c397 ("armv8: Support loading 32-bit OS in AArch32 execution state")
Fixes: e2c18e40b1 ("armv8: fsl-layerscape: SMP support for loading 32-bit OS")
Cc: Alison Wang <alison.wang@nxp.com>
Cc: Chenhui Zhao <chenhui.zhao@nxp.com>
Cc: York Sun <york.sun@nxp.com>
Cc: Stuart Yoder <stuart.yoder@nxp.com>
Signed-off-by: Scott Wood <oss@buserror.net>
Reviewed-by: Tom Rini <trini@konsulko.com>
Doing unaligned reads is not supported on all architectures, use
byte sized reads of the little endian buffer.
Rename off16 to off8, as it reflects the buffer offset in byte
granularity (offset is in entry, i.e. 12 bit, granularity).
Fix a regression introduced in 8d48c92b45
Reported-by: Oleksandr Tymoshenko <gonzo@bluezbox.com>
Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Tested-by: Oleksandr Tymoshenko <gonzo@bluezbox.com>
To troubleshoot unexpected bhavior during building and what's more
important during execution it is strongly recommended to use recent
ARC toolchain, and so we're now referring to arc-2016.09 which is the
latest as of today.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This patch enables support for the smsc phy on the
stm32f746-disco board.
Signed-off-by: Michael Kurz <michi.kurz@gmail.com>
Acked-by: Vikas MANOCHA <vikas.manocha@st.com>
Series-changes 3:
- Add Acked-by tag to 'enable support for smsc phy on...'
This patch adds support for SMSC LAN8742 in phylib
Signed-off-by: Michael Kurz <michi.kurz@gmail.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
This patch adds glue code required for enabling the designware
mac on stm32f7 devices.
Signed-off-by: Michael Kurz <michi.kurz@gmail.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Use the clock setup function defined in clock.c instead of setting the
clock bits directly in the drivers.
Remove register definitions of RCC in rcc.h as these are already
defined in the struct in stm32.h
Signed-off-by: Michael Kurz <michi.kurz@gmail.com>
Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>
Reviewed-by: Vikas Manocha <vikas.manocha@st.com>
The fmc base address is defined twice, once in fmc.h and once in stm32.h.
Fix wrong definition in stm32.h.
Remove the definiton in fmc.h.
Signed-off-by: Michael Kurz <michi.kurz@gmail.com>
Acked-by: Vikas Manocha <vikas.manocha@st.com>
Cleanup stm32f7 files:
- use BIT macro
- use GENMASK macro
- use rcc struct instead of macro additions
Add missing stm32f7 register in rcc struct
Signed-off-by: Michael Kurz <michi.kurz@gmail.com>
Acked-by: Vikas MANOCHA<vikas.manocha@st.com>
This patch adds the DTS source files needed for stm32f746-disco board
The files are based on the stm32f429/469 files from current linux
kernel.
Source for "arch/arm/dts/armv7-m.dtsi": Linux: "arch/arm/boot/dts/armv7-m.dtsi"
Signed-off-by: Michael Kurz <michi.kurz@gmail.com>
Acked-by: Vikas MANOCHA <vikas.manocha@st.com>
This patch adds pin control definitions for use in device tree files
The definitions are based on the stm32f746 files from current
linux kernel "include/dt-bindings/pinctrl/stm32f746-pinfunc.h".
Signed-off-by: Michael Kurz <michi.kurz@gmail.com>
Acked-by: Vikas MANOCHA <vikas.manocha@st.com>
The check for OMAP3630/3730 only checks for 800MHz 3630/3730, but
anything else is lumped into 36XX/37XX with an assumed 1GHz speed.
Based on the DM3730 TRM bit 9 shows the MPU Frequency (800MHz/1GHZ).
This also adds the ability to distinguish between the DM3730, DM3725,
AM3715, and AM3703 and correctly display their maximum speed.
Signed-off-by: Adam Ford <aford173@gmail.com>
Tested-by: Ladislav Michl <ladis@linux-mips.org>
This reverts commit 8c36e99f21.
There is misunderstanding in commit 8c36e99f21 ("armv8: release
slave cores from CPU_RELEASE_ADDR"). How to bring the slave cores
into U-Boot proper is platform-specific. So, it should be cared
in SoC/board files instead of common/spl/spl.c. As you see SPL
is the acronym of Secondary Program Loader, there is generally
something that runs before SPL (the First one is usually Boot ROM).
How to wake up slave cores from the Boot ROM is really SoC specific.
So, the intention for the spin table support is to bring the slave
cores into U-Boot proper in an SoC specific manner. (this must be
done after relocation. see below.)
If you bring the slaves into SPL, it is SoC own code responsibility
to transfer them to U-Boot proper. The Spin Table defines the
interface between a boot-loader and Linux kernel. It is unrelated
to the interface between SPL and U-Boot proper.
One more thing is missing in the commit; spl_image->entry_point
points to the entry address of U-Boot *before* relocation. U-Boot
relocates itself between board_init_f() and board_init_r(). This
means the master CPU sees the different copy of the spin code than
the slave CPUs enter. The spin_table_update_dt() protects the code
*after* relocation. As a result, the slave CPUs spin in unprotected
code, which leads to unstable behavior.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This feature seems to be sometimes misunderstood. The intention is:
[1] Bring the slaves into the U-Boot proper image, not SPL (unless
you have a special reason to do otherwise).
[2] The operation must be done in a board (SoC) specific manner
since how to wake the slaves from the Boot ROM is SoC specific.
[3] The slaves must enter U-Boot proper after U-Boot relocates
itself because the "cpu-release-addr" property points to the
relocated memory area.
[2] is already explained in the help. We can make [1] even clearer
by mentioning "U-Boot proper" instead of "U-Boot". [3] is missing,
so I am adding it to the list. Instead, "before the master CPU
jumps to the kernel" is a matter of course, so removed.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
chiliBoard is a development board which uses chiliSOM as its base.
Hardware specification:
* chiliSOM (TI AM335x, DRAM, NAND)
* Ethernet PHY (id 0)
* USB host (usb1)
* MicroSD slot (mmc0)
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
chiliSOM is a System On Module (http://http://grinn-global.com/chilisom/).
It can't exists on its own, but will be used as part of other boards.
Hardware specification:
* TI AM335x processor
* 128M, 256M or 512M DDR3 memory
* up to 256M NAND
We place source inside arch/arm/mach-omap2/ directory and make it
possible to reuse initialization code (i.e. DDR, NAND init) for all
boards that use it.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Reviewed-by: Tom Rini <trini@konsulko.com>