The patch implements secure booting for the mvebu architecture.
This includes:
- The addition of secure headers and all needed signatures and keys in
mkimage
- Commands capable of writing the board's efuses to both write the
needed cryptographic data and enable the secure booting mechanism
- The creation of convenience text files containing the necessary
commands to write the efuses
The KAK and CSK keys are expected to reside in the files kwb_kak.key and
kwb_csk.key (OpenSSL 2048 bit private keys) in the top-level directory.
Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Roese <sr@denx.de>
The function image_create_config_parse_oneline is pretty complex, and
since more parameters will be added to support secure booting, we
refactor the function to make it more readable.
Also, when a line contained just a keyword without any parameters,
strtok_r returned NULL, which was then indiscriminately fed into atoi,
causing a segfault. To correct this, we add a NULL check before feeding
the extracted token to atoi, and print an error message in case the
token is NULL.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
In preparation of adding the creation of secure headers, we factor the
add_binary_header_v1 function out of the image_create_v1 function.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
The parameter 'params' of the image_headersz_v1 function is never used
by the function.
Hence, remove it.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
This patch reduces the scope of some variables.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
Arithmetic with void pointers, e.g. a - b where both a and b are void
pointers, is undefined in the C standard. Since we are operating with
byte data here, we switch the void pointers to uint8_t pointers, and add
the necessary casts.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
Fix some style violations:
- nine instances of missing blank lines after declarations
- one overly long line
- one split string (which also rewords an error message more concisely)
- two superfluous else
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
To enable secure boot, we need to jump back into the BootROM to continue
the SoC's boot process instead of letting the SPL load and run the main
U-Boot image.
But, since the u-boot-spl.img (including the 64 byte header) is loaded
by the SoC as the main image, we need to compensate for the header
length to get a correct entry point.
Thus, we subtract the header size from the destination address, so that
the execution address points at the actual entry point of the image.
The current boards ignore both parameters anyway, so this change shouldn't
concern them.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
This patch adds a function to the TPM library, which allows U-Boot to
flush resources, e.g. keys, from the TPM.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Roese <sr@denx.de>
ddaa905 ("arm: mvebu: Add DM (driver model) support") removed the
assignment of the gd pointer, but kept the (now superfluous) declaration
of the gd pointer.
Remove this declaration.
Signed-off-by: Reinhard Pfau <pfau@gdsys.de>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
Allow boards to do some initialization when PCIe comes up.
Signed-off-by: Dirk Eibach <dirk.eibach@gdsys.cc>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
Add support for Marvell 88E1680 Integrated Octal
10/100/1000 Mbps Energy Efficient Ethernet Transceiver.
Signed-off-by: Dirk Eibach <dirk.eibach@gdsys.cc>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Stefan Roese <sr@denx.de>
Armada 38x has four PCI ports, not three.
The optimization in pci_init_board() seems to assume that every port has
three lanes. This is obviously wrong, and breaks support for Armada 38x.
Signed-off-by: Dirk Eibach <dirk.eibach@gdsys.cc>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
Now that the SD/SDIO/MMC DT properties are updated in the Marvell
A3700 and A7/8k DT files, we need to match the checks for compatible
node in the PHY driver as well.
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Kostya Porotchkin <kostap@marvell.com>
Cc: Nadav Haklai <nadavh@marvell.com>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
Make the naming scheme consistent; all SDHCI-base drivers prefixed
with CONFIG_MMC_SDHCI_.
While we are here, add "depends on ARCH_AT91".
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Make the naming scheme consistent; all SDHCI-base drivers prefixed
with CONFIG_MMC_SDHCI_.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Make the naming scheme consistent; all SDHCI-base drivers prefixed
with CONFIG_MMC_SDHCI_.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Make the naming scheme consistent; all SDHCI-base drivers prefixed
with CONFIG_MMC_SDHCI_.
While we are here, add "depends on ARCH_ROCKCHIP".
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Make the naming scheme consistent; all SDHCI-base drivers prefixed
with CONFIG_MMC_SDHCI_.
While we are here, add "depends on ARCH_ZYNQ || ARCH_ZYNQMP".
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
[1] Rename CONFIG_SANDBOX_MMC to CONFIG_MMC_SANDBOX for consistency
I want all MMC driver options prefixed with CONFIG_MMC_.
[2] Fix dependency
Add necessary depends on to avoid compile error.
Instead "depends on MMC" is unneeded because this config entry
resides inside of "if MMC".
[3] Currently, this config symbol is not referenced at all.
Use it to enable/disable the driver in Makefile.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Now, CONFIG_GENERIC_MMC seems equivalent to CONFIG_MMC.
Let's create an entry for "config GENERIC_MMC" with "default MMC",
then convert all macro defines in headers to Kconfig. Almost all
of the defines will go away.
I see only two exceptions:
configs/blanche_defconfig
configs/sandbox_noblk_defconfig
They define CONFIG_GENERIC_MMC, but not CONFIG_MMC. Something
might be wrong with these two boards, so should be checked later.
Anyway, this is the output of the moveconfig tool.
This commit was created as follows:
[1] create a config entry in drivers/mmc/Kconfig
[2] tools/moveconfig.py -r HEAD GENERIC_MMC
[3] manual clean-up of garbage comments in doc/README.* and
include/configs/*.h
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
- Fix clk driver
- Optimize DRAM init code for LD20 SoC
- Get DRAM information from more reliable source
- Clean up SoC init code
- Allow to use Image.gz for booting ARM64 Linux
- Tidy up environments to use with ATF
- Clean up I2C drivers
The readl_poll_timeout() is a useful helper to poll registers
and error out if the condition is not met.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Currently, SPL (u-boot-spl.bin) and U-Boot (u-boot.bin) are stored
in non-volatile devices, and some environments are defined to update
the images easily.
When ARM Trusted Firmware is fully used, SPL is not used. U-Boot
proper is contained as BL33 into FIP (Firmware Image Package), which
is standard container used by ATF. Allow to use it.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The Boot ROM supports authentication feature to prevent malformed
software from being run on products. The signature is added at the
tail of the second stage loader (= SPL in U-boot terminology).
The size of the second stage loader was 64KB, and it was consistent
across SoCs. The situation changed when LD20 SoC appeared; it loads
80KB second stage loader, and it is the only exception.
Currently, CONFIG_SPL_PAD_TO is set to 64KB and U-Boot proper is
loaded from the 64KB offset of non-volatile devices. This means the
signature of LD20 SoC (located at 80KB offset) corrupts the U-Boot
proper image.
Let's move the U-Boot proper image to 128KB offset. It uses 48KB
for nothing but padding, and we could actually locate the U-Boot
proper at 80KB offset. However, the power of 2 generally seems a
better choice for the offset address.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
When ARM Trusted Firmware is used, bl1.bin + fip.bin exceeds 512KB,
so the boot image and the current environment area will overlap.
Move the environment storage to 1MB offset.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The boot_ramdisk_high() checks the environment "initrd_high" and,
if it is set to (ulong)-1, skip the initrd relocation. This is
useful for faster booting when we know the initrd is already located
within the reach of the kernel.
Change "norboot" to copy images in order to make it work without
depending on the automatic relocation.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The ARM64 Linux raw image now amounts to 15MB and it is getting
bigger and bigger. Using Image.gz saves about 8MB. The cost of
unzip is smaller than what we get by saving the kernel loading
from non-volatile devices.
The ARM32 Linux still uses zImage, a self-decompressor image,
so it should not be affected.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
For clarification, move CONFIG symbols that affect SPL building
into a single place. Drop #ifdef CONFIG_SPL ... #endif since it is
harmless to define CONFIG_SPL_... during U-Boot proper building.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
It seems more readable to use arrays to get SoC specific parameters
instead of the crappy switch statement.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
For LD20 SoC, the last 64 byte of each DRAM bank is used for the
dynamic training of DRAM PHY. The regions must be reserved in DT to
prevent the kernel from using them. Now gd->bd->bi_dram reflects
the actual memory banks. Just use it instead of getting access to
the board parameters.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
U-Boot needs to set up available memory area(s) in dram_init() and
dram_init_banksize(). It is platform-dependent how to detect the
memory banks. Currently, UniPhier adopts the memory banks _alleged_
by DT. This is based on the assumption that users bind a correct DT
in their build process.
Come to think of it, the DRAM controller has already been set up
before U-Boot is entered (because U-Boot runs on DRAM). So, the
DRAM controller setup register seems a more reliable source of any
information about DRAM stuff. The DRAM banks are initialized by
preliminary firmware (SPL, ARM Trusted Firmware BL2, or whatever),
so this means the source of the reliability is shifted from Device
Tree to such early-stage firmware. However, if the DRAM controller
is wrongly configured, the system will crash. If your system is
running, the DRAM setup register is very likely to provide the
correct DRAM mapping.
Decode the SG_MEMCONF register to get the available DRAM banks.
The dram_init() and dram_init_banksize() need similar decoding.
It would be nice if dram_init_banksize() could reuse the outcome
of dram_init(), but global variables are unavailable at this stage
because the .bss section is available only after the relocation.
As a result, SG_MEMCONF must be checked twice, but a new helper
uniphier_memconf_decode() will help to avoid code duplication.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The two arrays ddrphy_{op,ip}_dq_shift_val, occupy more than 3.8 KB
memory footprint, which is significant in SPL.
There are PHY parameters for 5 boards, but they are actually not
board specific, but SoC specific. After all, we just need to have
2 patterns, for LD20 and LD21. Also, the shift values are small
enough to become "short" type instead of "int". This change will
save about 3 KB memory footprint.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Commit ec6617c397 ("armv8: Support loading 32-bit OS in AArch32
execution state") broke SMP boot by assuming that an image is 32-bit if
the arch field in the spin table != IH_ARCH_DEFAULT (i.e.
IH_ARCH_ARM64), even if the arch field also does not match IH_ARCH_ARM,
even though nothing actually set the arch field in the spin table.
Commit e2c18e40b1 ("armv8: fsl-layerscape: SMP support for loading
32-bit OS") fixed this for bootm by setting the arch field of the spin
table based on images.os.arch, but booti remaineed broken because it did
not set images.os.arch.
Fixes: ec6617c397 ("armv8: Support loading 32-bit OS in AArch32 execution state")
Fixes: e2c18e40b1 ("armv8: fsl-layerscape: SMP support for loading 32-bit OS")
Cc: Alison Wang <alison.wang@nxp.com>
Cc: Chenhui Zhao <chenhui.zhao@nxp.com>
Cc: York Sun <york.sun@nxp.com>
Cc: Stuart Yoder <stuart.yoder@nxp.com>
Signed-off-by: Scott Wood <oss@buserror.net>
Reviewed-by: Tom Rini <trini@konsulko.com>
Doing unaligned reads is not supported on all architectures, use
byte sized reads of the little endian buffer.
Rename off16 to off8, as it reflects the buffer offset in byte
granularity (offset is in entry, i.e. 12 bit, granularity).
Fix a regression introduced in 8d48c92b45
Reported-by: Oleksandr Tymoshenko <gonzo@bluezbox.com>
Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Tested-by: Oleksandr Tymoshenko <gonzo@bluezbox.com>
To troubleshoot unexpected bhavior during building and what's more
important during execution it is strongly recommended to use recent
ARC toolchain, and so we're now referring to arc-2016.09 which is the
latest as of today.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This patch enables support for the smsc phy on the
stm32f746-disco board.
Signed-off-by: Michael Kurz <michi.kurz@gmail.com>
Acked-by: Vikas MANOCHA <vikas.manocha@st.com>
Series-changes 3:
- Add Acked-by tag to 'enable support for smsc phy on...'
This patch adds support for SMSC LAN8742 in phylib
Signed-off-by: Michael Kurz <michi.kurz@gmail.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
This patch adds glue code required for enabling the designware
mac on stm32f7 devices.
Signed-off-by: Michael Kurz <michi.kurz@gmail.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Use the clock setup function defined in clock.c instead of setting the
clock bits directly in the drivers.
Remove register definitions of RCC in rcc.h as these are already
defined in the struct in stm32.h
Signed-off-by: Michael Kurz <michi.kurz@gmail.com>
Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>
Reviewed-by: Vikas Manocha <vikas.manocha@st.com>
The fmc base address is defined twice, once in fmc.h and once in stm32.h.
Fix wrong definition in stm32.h.
Remove the definiton in fmc.h.
Signed-off-by: Michael Kurz <michi.kurz@gmail.com>
Acked-by: Vikas Manocha <vikas.manocha@st.com>
Cleanup stm32f7 files:
- use BIT macro
- use GENMASK macro
- use rcc struct instead of macro additions
Add missing stm32f7 register in rcc struct
Signed-off-by: Michael Kurz <michi.kurz@gmail.com>
Acked-by: Vikas MANOCHA<vikas.manocha@st.com>