With U-Boot having access to ROM API call table, it is possible to use
the ROM API call it authenticate e.g. signed kernel fitImages using the
BootROM ECDSA support. Make this available by pulling the ECDSA BootROM
call support from SPL-only guard.
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Marek Vasut <marex@denx.de>
The ROM API table pointer is no longer accessible from U-Boot, fix
this by passing the ROM API pointer through. This makes it possible
for U-Boot to call ROM API functions to authenticate payload like
signed fitImages.
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Marek Vasut <marex@denx.de>
The STM32MP15xx platform currently comes with two incompatible
implementations of save_boot_params() weak function override.
Factor the save_boot_params() implementation into common cpu.c
code and provide accessors to read out both ROM API table address
and DT address from any place in the code instead.
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Marek Vasut <marex@denx.de>
In case Dcache is enabled while the ECDSA authentication function is
called via BootROM ROM API, the MMU tables are set up and the BootROM
region is not marked as executable, so an attempt to run code from it
results in a hang. Mark the BootROM region as executable as suggested
by Patrick to prevent the hang.
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Marek Vasut <marex@denx.de>
Add support for "st,stm32mp13-bsec" for STM32MP13x in the
bsec driver based on OP-TEE pseudo TA STM32MP BSEC.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
When OP-TEE is used, the SMC for BSEC management are not available and
the STM32MP BSEC pseudo TA must be used (it is mandatory for STM32MP13
and it is a new feature for STM32MP15x).
The BSEC driver try to open a session to this PTA BSEC at probe
and use it for OTP read or write access to fuse or to shadow.
This patch also adapts the commands stm32key and stboard to handle
the BSEC_LOCK_PERM lock value instead of 1.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Remove unnecessary return in stm32mp_bsec_write_lock and replace tab
by space for plat_auto opts.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Do not access gd->ram_size and assume this is actual valid RAM size. Since commit
777aaaa706 ("common/memsize.c: Fix get_effective_memsize() to check for overflow")
the RAM size may be less than gd->ram_size , call get_effective_memsize() to get
the limited value instead.
The aforementioned commit makes STM32MP15xx boards with 1 GiB of DRAM
at 0xc0000000 hang on boot, which is a grave defect.
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
As discussed previously [1,2], the source command is not safe to use with
verified boot unless there is a key with required = "images" (which has its
own problems). This is because if such a key is absent, signatures are
verified but not required. It is assumed that configuration nodes will
provide the signature. Because the source command does not use
configurations to determine the image to source, effectively no
verification takes place.
To address this, allow specifying configuration nodes. We use the same
syntax as the bootm command (helpfully provided for us by fit_parse_conf).
By default, we first try the default config and then the default image. To
force using a config, # must be present in the command (e.g. `source
$loadaddr#my-conf`). For convenience, the config may be omitted, just like
the address may be (e.g. `source \#`). This also works for images
(`source :` behaves exactly like `source` currently does).
[1] https://lore.kernel.org/u-boot/7d711133-d513-5bcb-52f2-a9dbaa9eeded@prevas.dk/
[2] https://lore.kernel.org/u-boot/042dcb34-f85f-351e-1b0e-513f89005fdd@gmail.com/
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Two callers of image_source_script specify an image name. However, both
use the deprecated @ syntax, indicating that they have not been updated
in a while. If CONFIG_FIT_SIGNATURE is enabled, we will reject such
names outright. Back in commit 152576a598 ("stm32mp: stm32prog: handle
U-Boot script in flashlayout alternate"), we even renamed one of the
nodes. Instead of hard-coding a script image name, just use the default
image.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
The FWU Multi Bank Update feature allows the platform to boot the
firmware images from one of the partitions(banks). The first stage
bootloader(fsbl) passes the value of the boot index, i.e. the bank
from which the firmware images were booted from to U-Boot. On the
STM32MP157C-DK2 board, this value is passed through one of the SoC's
backup register. Add a function to read the boot index value from the
backup register.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
The current name is inconsistent with SPL which uses CONFIG_SPL_TEXT_BASE
and this makes it imposible to use CONFIG_VAL().
Rename it to resolve this problem.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fix the compilation issue when CONFIG_DEBUG_UART is activated
drivers/serial/serial_stm32.o: in function `debug_uart_init':
drivers/serial/serial_stm32.c:291: undefined reference to \
`board_debug_uart_init'
The board_debug_uart_init is needed for SPL boot, called in
cpu.c::mach_cpu_init(); it is defined in board/st/stm32mp1/spl.c.
But with the removal #ifdefs patch, the function debug_uart_init() is
always compiled even if not present in the final U-Boot image.
This patch adds a file to provided this function when DEBUG_UART and SPL
are activated.
Fixes: c8b2eef52b ("stm32mp15: tidy up #ifdefs in cpu.c")
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
- SPL fixes for STM32F7 MCUs
- Device tree alignement with kernelv6.0-rc4 for MCU's board
- Device tree alignement with kernelv6.0-rc3 for MPU's board
- Update DDR node for STM32MP15
- Cleanup config file for STM32MP1
- Update for cmd_stm32key command
- Fix compatible string to add partitions for STM32MP1
- Update for stm32programmer tool
-----BEGIN PGP SIGNATURE-----
iQJQBAABCgA6FiEEXyrViUccKBz9c35Jysd4L3sz/6YFAmMy5KMcHHBhdHJpY2Uu
Y2hvdGFyZEBmb3NzLnN0LmNvbQAKCRDKx3gvezP/phGoEACO/DdR5qrZcWYZhK8t
4ZhCYW3+anI7hx/aOx2k36JIw8V7kTCivBszTXtvEFLoPARKSt2RCGKRrSciyPw8
e5HaX85fvOum1+p555LzGBerleezz3dMIE6PgjuWHQgznVh5jaJPvu5SacOoU2yt
RCQbrBUqMxZ9HPFWOWsmqBo5rIskgn0fhkSDaqj+v0yqnj/HLZk5NtAy4q3KYxA1
yL4rHB5+SM7ENh1KsPJm+8M5FTjBmVBZKp17mcu/3z3RwNNCjEVG0aXw8Im7pzb8
b0pwnOqxRMBsBNOqnZ6kmNdKeOBZVfh35dBXplUxfMG6VYWwrNUTAgLnwPIFbFWX
qaMiyRdAK5KArOCWFzbJN8oqCrM7hrTnlpmK9ilILJ81VuN/JDvFmLle31DrOxm6
XzVh8GOp+cjEmJckcm8ChAUGB/Q1ToTZd6TMXN69IzcmE0t0rW/j+muILVeq+rT5
JmWz+5av9W1nKRVP9WzfjOVASNdNgNRQMYAn8jJwUU/oiEw6QIZUP4m5rngSNMzQ
f3Jzl+zO7QfFtT4NHir1HNguJRnZxuzxBc3Ok639UwzMJQwHuy6LPJnAlKLUoYuE
LYkplLn7UA8aSbiWJq04fws0xrTYMvK1VWZp5CFgsnsc2usLy4Sks9JIwyqmAxme
dF0ut2NYT3o8Ctn9ppezA+sx2w==
=iA80
-----END PGP SIGNATURE-----
Merge tag 'u-boot-stm32-20220927' of https://source.denx.de/u-boot/custodians/u-boot-stm into next
- Increase SYS_MALLOC_F_LEN for STM32 MCU's board
- SPL fixes for STM32F7 MCUs
- Device tree alignement with kernelv6.0-rc4 for MCU's board
- Device tree alignement with kernelv6.0-rc3 for MPU's board
- Update DDR node for STM32MP15
- Cleanup config file for STM32MP1
- Update for cmd_stm32key command
- Fix compatible string to add partitions for STM32MP1
- Update for stm32programmer tool
Commit 37dc958947 ("global_data.h: Change ram_top type to phys_addr_t")
changed type of ram_top member from ulong to phys_addr_t but did not
changed types in board_get_usable_ram_top() function which returns value
for ram_top.
So change ulong to phys_addr_t type also in board_get_usable_ram_top()
signature and implementations.
Fixes: 37dc958947 ("global_data.h: Change ram_top type to phys_addr_t")
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Change the mask of OTP0 used to close the device on STM32MP
- STM32MP15x: bit 6 of OPT0
- STM32MP13x: 0b111111 = 0x3F for OTP_SECURED closed device
And support the 2 keys for STM32MP13x
- PKHTH : Hash of the 8 ECC Public Keys Hashes Table
(ECDSA is the authentication algorithm)
- EDMK : Encryption/Decryption Master Key
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Update the command stm32key to support several keys selected by
key name and managed by the new sub-command:
stm32key list
stm32key select [<key>]
stm32key read -a
This patch doesn't change the STM32MP15 behavior, only PKH is
supported, but it is a preliminary patch for STM32MP13 support.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Split the read_hash_otp function and introduce the helper function
read_close_status to read the close status in OTP separately of the PKH.
This patch is a preliminary step for STM32MP13 support.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Add defines for value used in stm32key for BSEC permanent lock status
and error.
This patch is a preliminary step to support more lock status in BSEC
driver.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Improve the partitioning trace done in command stm32prog:
- remove the trace "partition: Done" when the GPT partitioning is not done
- indicate the mmc instance used for each 'gpt write' command
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
As the SMC is only supported in SP-MIN for STM32MP15x, the associated
partition should be absent when the TA NVMEM is not available in OPT-TEE
in STM32MP13x.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Solve many compilation warning when stm32prog is activated on the aarch64.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Change the defaut flashlayout location, hardcoded at STM32_DDR_BASE,
to CONFIG_SYS_LOAD_ADDR to avoid issue on board with reserved memory
at STM32_DDR_BASE.
This patch changes the command behavior for STM32MP13 and STM32MP15
platform, as CONFIG_SYS_LOAD_ADDR(0xc2000000) != STM32_DDR_BASE
but without impact for serial boot with STM32CubeProgrammer.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
When the STM32CubeProgrammer sent a empty flashlayout.tsv
file, the command stm32prog correctly parse the file
but data->dev_nb = 0 and the stm32prog_devices_init
operations should be skipped.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Globally replace all occurances of WATCHDOG_RESET() with schedule(),
which handles the HW_WATCHDOG functionality and the cyclic
infrastructure.
Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Tom Rini <trini@konsulko.com> [am335x_evm, mx6cuboxi, rpi_3,dra7xx_evm, pine64_plus, am65x_evm, j721e_evm]
We currently have an if_type (interface type) and a uclass id. These are
closely related and we don't need to have both.
Drop the if_type values and use the uclass ones instead.
Maintain the existing, subtle, one-way conversion between UCLASS_USB and
UCLASS_MASS_STORAGE for now, and add a comment.
Signed-off-by: Simon Glass <sjg@chromium.org>
Simplify the package parsing code for STM32MP15X as package can be
affected with get_cpu_package() result.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Add support of STM32MP13x Rev.Y for the Silicon revision REV_ID = 0x1003.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Depending on backup register value, U-Boot SPL maintains the debug unit
powered-on for debugging purpose; only BUCK1 is required for powering
the debug unit, so revert the setting for all the other power lanes,
except BUCK3 that has to be always on.
To be functional this patch requires a modification in the debugger
,openocd for example, to update the STM32MP15 backup register when it is
required to debug SPL after reset. After deeper analysis this behavior
will be never supported in tools so the associated code, will be never
used and the associated code can be removed.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Add support of STM32MP13x the ETZPC part of fdt.c
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Change-Id: If2777fbf66b8525a2a447056780aaa04e6b0a9a0
Introduce STM32MP15 function and defines to prepare the
STM32MP13 introduction.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Change-Id: I909b205e73dcf207e0216aae5905c3c52472020e
Add support of several MAC address in OTP (3 32bits OTP word for
2 MAC address) for SOCs in STM32MP13x family: STM32MP133 and STM32MP135.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Introduce the code in mach-stm32mp and the configuration file
stm32mp13_defconfig for the new STM32MP family.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Add config CONFIG_STM32MP15_PWR to handle the
access to regulators managed by the PWR driver defined in
pwr_regulator.c
This driver is only used in U-Boot by STM32MP15x family.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Add sub Kconfig for each SOC in the STM32 CPU family.
It is a preliminary step to introduce a new SOC in the STM32MP family.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Add mandatory choice for SOC support in ARCH_STM32MP.
This patch is a preliminary step for new SOC introduction
in STM32MP family.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Move code and defines only needed for CONFIG_STM32MP15x in stm32mp15x.c
when low level init without TFABOOT is supported.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
As the get_otp() helper function in bsec are common for all STM32MP family,
move this function in bsec driver
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
The SPL is only supported by STM32MP15x not by all the
SOC with STM32MP arch.
Only TFABOOT is supported in next products.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
The third parameter of dfu_alt_add(), the string description of alternate,
is build in stm32prog_alt_add() with a unnecessary character ';' at the
end of the string.
This separator was required in the first implementation of
dfu_alt_add() but is no more needed in the current implementation;
this separator is managed only in dfu_config_interfaces() which call
dfu_alt_add() for this parameter without this separator.
And since the commit 53b406369e ("DFU: Check the number of arguments
and argument string strictly"), this added character cause an error when
the stm32prog command is executed because the third parameter of
dfu_alt_add() must be a string with a numerical value; 's' must be NULL
in the result of call in dfu_fill_entity_mmc():
third_arg = simple_strtoul(argv[2], &s, 0);
Fixes: 53b406369e ("DFU: Check the number of arguments and argument string strictly")
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
The SoC seems to lose the values of MCUDIVR, PLL3CR, PLL4CR, RCC_MSSCKSELR
during suspend/resume cycle, cache them and reinstate their values on resume.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Patrick Delaunay <patrick.delaunay@foss.st.com>
Cc: Patrice Chotard <patrice.chotard@foss.st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com>
Handle correctly the silicon revision = REV_ID[15:0] of Device Version
and the associated device marking, A to Z on STMicroelectronics STM32MP
SOCs.
This patch prepare the introduction of next STM32MP family,
with STM32MP13x Rev.Z for REV_ID = 1.1.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com>
The function ft_system_setup shouldn't return an error when the
/soc node is absent in the provided device tree but just skip the
updates.
This patch solves an issue when the U-Boot pytest is executed on board.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com>
Accept flashlayout without header in alternate 0, to simplify
the support of stm32prog command with dfu-util.
By default the flashlayout file size is the size of the received binary,
provided with the offset in the DFU alternate.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com>
Update the stm32prog command to allow the reception of U-Boot script in
the FlashLayout alternate during the first USB enumeration.
This patch is aligned with the last TF-A behavior: the Flashlayout
is now loaded by U-Boot; it is no more present at STM32_DDR_BASE when
the stm32prog is launched after a serial boot, on UART or on USB.
The received script must be a U-Boot legacy image, no more need to add
a stm32image header.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com>
When an interruption is received during the first USB enumeration
used to received the FlashLayout, with handle ctrl-c, the second
enumeration is not needed and the result for stm32prog_usb_loop
is false (reset is not needed).
This patch avoids the need of a second ctrl to interrupt the command
stm32prog.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com>