Simon Glass [Sun, 24 Dec 2017 19:12:07 +0000 (12:12 -0700)]
dtoc: Allow DTC environment variable to provide path to dtc
The system device-tree compiler may not be new enough to run the tests we
use in U-Boot (e.g. with binman). Allow use of a DTC environment variable
to point to the correct dtc. If not defined, the dtc on the default PATH
is used.
Andre Przywara [Mon, 4 Dec 2017 02:05:13 +0000 (02:05 +0000)]
armv8: secure firmware: fix incorrect unit address in node name
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Remove the unit address from the config node name when U-Boot deals with
secure firmware FIT images.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Mon, 4 Dec 2017 02:05:12 +0000 (02:05 +0000)]
tools: fix incorrect usage of DT node unit address
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Correct the generated unit names when U-Boot's mkimage creates a FIT
image.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Mon, 4 Dec 2017 02:05:11 +0000 (02:05 +0000)]
sunxi: arm64: correct usage of DT node address in FIT generation
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Adjust the FIT build script for 64-bit Allwinner boards to remove the
bogus addresses from the node names and avoid the warnings.
This avoids a warning with recent versions of the dtc tool.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Mon, 4 Dec 2017 02:05:10 +0000 (02:05 +0000)]
fix incorrect usage of DT node unit address in comments
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Fix all occurences in the tree where node names were mentioned in
comments, to not give bad examples to the reader.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Mon, 4 Dec 2017 02:05:09 +0000 (02:05 +0000)]
doc: fix incorrect usage of DT node unit address
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Fix all occurences in various documentation files where this was not
observed, to not give bad examples to the reader.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Mon, 4 Dec 2017 02:05:08 +0000 (02:05 +0000)]
doc: FIT image: fix incorrect examples of DT node unit address
The DT spec demands a unit-address of a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Fix all occurences in the FIT image example files where this was not
observed, to not give bad examples to the reader.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Mon, 4 Dec 2017 02:05:07 +0000 (02:05 +0000)]
doc: FIT image: fix incorrect description of DT node unit address
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Fix all occurences in the FIT image documentation files where this was not
observed, to not give bad examples to the reader.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Simon Glass [Mon, 27 Nov 2017 03:26:01 +0000 (20:26 -0700)]
binman: Run code coverage tests
Binman has 100% test coverage for the code as it is at present. To
encourage it to stay that way, run the code-coverage test as part of the
normal U-Boot tests.
This is RFC because it requires the Python code coverage tools to be
available.
Rob Clark [Wed, 10 Jan 2018 10:34:39 +0000 (11:34 +0100)]
db410c: add reserved-memory node to dts
If lk lights up display and populates simple-framebuffer node, it will
also setup a reserved-memory node (needed by simplefb on linux). But
it isn't clever enough to cope when the reserved-memory node is not
present.
Rob Clark [Wed, 10 Jan 2018 10:34:37 +0000 (11:34 +0100)]
fdtdec: allow board to provide fdt for CONFIG_OF_SEPARATE
Similar to CONFIG_OF_BOARD, but in this case the fdt is still built by
u-boot build. This allows the board to patch the fdt, etc.
In the specific case of dragonboard 410c, we pass the u-boot generated
fdt to the previous stage of bootloader (by embedding it in the
u-boot.img that is loaded by lk/aboot), which patches the fdt and passes
it back to u-boot.
Signed-off-by: Rob Clark <robdclark@gmail.com>
[trini: Update board_fdt_blob_setup #if check] Signed-off-by: Tom Rini <trini@konsulko.com>
db410c: update wlan and bt mac addresses from firmware
The firmware that runs before u-boot modifies u-boot's device tree
adding the local-mac-address and local-bd-address properties for the
compatibles "qcom,wcnss-bt" and "qcom,wcnss-wlan".
This commit reads that firmware, retrieves the properties and fixups
the device tree that is passed to the kernel before booting.
env: enable accessing the environment in an EXT4 partition
For example to store the environment in a file named "/uboot.env" in MMC
"0", where partition "1" contains the EXT4 filesystem, the following
configs should be added to the board's default config:
Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
[trini: Fix some line over 80 chars issues] Signed-off-by: Tom Rini <trini@konsulko.com>
net: sh-eth: Change read/write() param to struct sh_eth_info
This changes Change structure used in sh_eth_read and sh_eth_write function
from struct sh_eth_dev to struct sh_eth_info. This is necessary to convert
to Driver Model.
Signed-off-by: Nobuhiro Iwamatsu <iwamatsu@nigauri.org> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
net: sh-eth: Fix coding style checked by checkpatch.pl
This fixes the chord style checked by checkpatch.pl.
Details of change details are as follows:
- Fix typo
Change from alligned to aligned.
- Remove whitespace before ','
- Add spaces preferred around that '|'
- Fix missing a blank line after declarations
- Remove space after a cast declaration
- Fix format of block comments
- Add a blank line after function/struct/union/enum declarations
Signed-off-by: Nobuhiro Iwamatsu <iwamatsu@nigauri.org> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Joe Hershberger [Wed, 8 Nov 2017 02:13:40 +0000 (18:13 -0800)]
net: dhcp: Allow "MAY_FAIL" to still try each adapter
This change allows the "MAY_FAIL" DHCP option to still attempt to
contact a DHCP server on each adapter and only give up once each
adapter has failed once. To get the existing behavior, set the
already-existing ethrotate=no variable.
Signed-off-by: Joe Hershberger <joe.hershberger@ni.com> Cc: Keng Soon Cheah <keng.soon.cheah@ni.com> Cc: Chen Yee Chew <chen.yee.chew@ni.com>
Add a b53_reg read/write command which allows inspecting the switch
registers. Because the Broadcom BCM53xx registers have different sizes,
we need to split the accesses in 8, 16, 32, 48 or 64 bits to obtain
expected results.
Reviewed-by: Stefan Roese <sr@denx.de> Acked-by: Joe Hershberger <joe.hershberger@ni.com> Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Make sure that we pad small packets to a minimum length of 60 bytes
(without FCS). This is necessary to interface with Ethernet switches
that will reject RUNT frames unless padded correctly.
Add a minimalistic Broadcom BCM53xx (roboswitch) switch driver similar
to the Marvell MV88E617x. This takes care of configuring the minimum
amount out of the switch hardware such that each user visible port
(configurable) and the CPU port can forward packets between each other
while preserving isolation with other ports.
This is useful for e.g: the Lamobo R1 board featuring a Broadcom
BCM53125 switch.
Reviewed-by: Stefan Roese <sr@denx.de> Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Jason Brown [Tue, 28 Nov 2017 19:12:43 +0000 (11:12 -0800)]
net: mvneta - Fixed recv() when multiple packets have arrived.
This patch fixes a problem in the mvneta driver where if more than
one packet arrives between calls to mvneta_recv(), the additional
descriptors will be marked as free even though only one descriptor
has been read and processed from the receive queue. This causes
the additional packet(s) to be delayed until the next packet arrives.
>From this point on all packets will be delayed because the receive
queue will contain unprocessed packets but the hardware shows no
busy descriptors.
Signed-off-by: Jason Brown <jason.brown@apcon.com> Reviewed-by: Stefan Roese <sr@denx.de> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Chris Brandt [Fri, 3 Nov 2017 13:30:13 +0000 (08:30 -0500)]
net: miiphybb: fix casting error
Since the return value is a signed int, if the leading MSB of rdreg is a 1,
it will get signed extended and will return a negative value which is an
error even though we read the correct value.
Fixes: dfcc496ed7e2 ("net: mii: Changes not made by spatch") Signed-off-by: Chris Brandt <chris.brandt@renesas.com> Acked-by: Nobuhiro Iwamatsu <iwamatsu@nigauri.org> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Chris Brandt [Fri, 3 Nov 2017 13:30:12 +0000 (08:30 -0500)]
net: sh-eth: remove sh_eth_offset_rz table
First, this table could never be included in the build anyway because
SH_ETH_TYPE_RZ is not defined until later in the file.
Second, the register PIR was missing, so PHY MDIO never worked.
Third, after adding the PIR register, the table is EXACTLY the same as
sh_eth_offset_gigabit, so there is no value to it.
Therefore, just delete it use the gigabit one.
Signed-off-by: Chris Brandt <chris.brandt@renesas.com> Acked-by: Nobuhiro Iwamatsu <iwamatsu@nigauri.org> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Chris Brandt [Fri, 3 Nov 2017 13:30:11 +0000 (08:30 -0500)]
net: sh-eth: fix inl and outl definitions
The macros inl and outl maybe already be defined from file
arch/arm/include/asm/io.h so there may be no reason to define them.
And if you do try defined them here, you get a redefined complier warning.
Signed-off-by: Chris Brandt <chris.brandt@renesas.com> Acked-by: Nobuhiro Iwamatsu <iwamatsu@nigauri.org> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Wilson Lee [Wed, 23 Aug 2017 03:25:07 +0000 (20:25 -0700)]
net: macb: Add support for Xilinx Zynq SoC
Although Xilinx Zynq SoC was using MACB similar hardware. However,
U-boot MACB driver was not supporting Xilinx Zynq SoC. This patch is
to add support for the Xilinx Zynq SoC to the existing MACB network
driver.
This patch is to add Zynq GEM DMA Config, provide callback
function for different linkspeed for case of using Xilinx Zynq
Programmable Logic as GMII to RGMII converter.
This patch convert the return value to use error codes.
Signed-off-by: Wilson Lee <wilson.lee@ni.com> Cc: Chen Yee Chew <chen.yee.chew@ni.com> Cc: Keng Soon Cheah <keng.soon.cheah@ni.com> Cc: Joe Hershberger <joe.hershberger@ni.com> Cc: Wenyou Yang <wenyou.yang@atmel.com> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:40:19 +0000 (12:40 +0000)]
arm: imx: hab: Add hab_failsafe console command
hab_failsafe when called puts the part into BootROM recovery mode.
This will allow u-boot scripts to script the dropping down into recovery
mode.
=> hab_failsafe
Shows the i.MX7 appear as "hiddev0,hidraw5: USB HID v1.10 Device [Freescale
SemiConductor Inc SP Blank ULT1] " in a Linux dmesg thus allowing download
of a new image via the BootROM USB download protocol routine.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:40:18 +0000 (12:40 +0000)]
arm: imx: hab: Implement hab_rvt_failsafe
This patch implements the basic callback hooks for
hab_rvt_check_failsafe for BootROM code using the older BootROM address
layout - in my test case the i.MX7. Code based on new BootROM callbacks
will just do nothing and there's definitely a TODO to implement that extra
functionality on the alternative BootROM API.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:40:17 +0000 (12:40 +0000)]
arm: imx: hab: Define rvt_failsafe()
The hab_rvt_failsafe() callback according to the HABv4 documentation:
"This function provides a safe path when image authentication has failed
and all possible boot paths have been exhausted. It is intended for use by
post-ROM boot stage components, via the ROM Vector Table."
Once invoked the part will drop down to its BootROM USB recovery mode.
Should it be the case that the part is in secure boot mode - only an
appropriately signed binary will be accepted by the ROM and subsequently
executed.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:40:16 +0000 (12:40 +0000)]
arm: imx: hab: Make imx_hab_is_enabled global
It will be helpful to boot commands to know if the HAB is enabled. Export
imx_hab_is_enabled() now to facilitate further work with this data-point in
a secure-boot context.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:40:15 +0000 (12:40 +0000)]
arm: imx: hab: Make authenticate_image() return zero on open boards
The BootROM will not successfully process a HAB image passed by u-boot
unless the board has been set into locked mode. Some of the existing usages
of authenticate_image() expect and rely on unlocked boards doing the
following
1. Not calling into the BootROM authenticate_image() callback
2. Returning a pass status for authenticate_image() calls anyway
A previous patch removed the necessity to call into imx_hab_is_enabled()
twice. This patch ensures the reliance on authenticate_image() returning
zero is maintained.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Suggested-by: Breno Matheus Lima <brenomatheus@gmail.com> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com>
Understanding if the HAB is enabled is something that we want to
interrogate and report on outside of the HAB layer. First step to that is
renaming the relevant function to match the previously introduced external
naming convention imx_hab_function()
The name imx_hab_is_hab_enabled() is a tautology. A more logical name is
imx_hab_is_enabled().
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:40:13 +0000 (12:40 +0000)]
arm: imx: hab: Prefix authenticate_image with imx_hab
Tidy up the HAB namespace a bit by prefixing external functions with
imx_hab. All external facing functions past this point will be prefixed in
the same way to make the fact we are doing IMX HAB activities clear from
reading the code. authenticate_image() could mean anything
imx_hab_authenticate_image() is on the other hand very explicit.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:40:11 +0000 (12:40 +0000)]
arm: imx: hab: Print HAB event log only after calling ROM
The current flow of authenticate_image() will print the HAB event log even
if we reject an element of the IVT header before ever calling into the ROM.
This can be confusing.
This patch changes the flow of the code so that the HAB event log is only
printed out if we have called into the ROM and received some sort of status
code.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Suggested-by: Cc: Breno Matheus Lima <brenomatheus@gmail.com> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:40:10 +0000 (12:40 +0000)]
arm: imx: hab: Add a hab_rvt_check_target to image auth
Add a hab_rvt_check_target() step to authenticate_image() as a sanity
check for the target memory region authenticate_image() will run over,
prior to making the BootROM authentication callback itself.
This check is recommended by the HAB documentation so it makes sense to
adhere to the guidance and perform that check as directed.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:40:09 +0000 (12:40 +0000)]
arm: imx: hab: Implement hab_rvt_check_target
This patch implements the basic callback hooks for hab_rvt_check_target()
for BootROM code using the older BootROM address layout - in my test case
the i.MX7. Code based on new BootROM callbacks will just have HAB_SUCCESS
as a result code. Adding support for the new BootROM callbacks is a TODO.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:40:08 +0000 (12:40 +0000)]
arm: imx: hab: Define rvt_check_target()
The hab_rvt_check_target() callback according to the HABv4 documentation:
"This function reports whether or not a given target region is allowed for
either peripheral configuration or image loading in memory. It is intended
for use by post-ROM boot stage components, via the ROM Vector Table, in
order to avoid configuring security-sensitive peripherals, or loading
images over sensitive memory regions or outside recognized memory devices
in the address map."
It is a useful function to support as a precursor to calling into
authenticate_image() to validate the target memory region is good.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:40:06 +0000 (12:40 +0000)]
arm: imx: hab: Print CSF based on IVT descriptor
The IVT gives the absolute address of the CSF. There is no requirement for
the CSF to be located adjacent to the IVT so lets use the address provided
in the IVT header instead of the hard-coded fixed CSF offset currently in
place.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
The IVT is a self-describing structure which contains a self field. The
self field is the absolute physical base address the IVT ought to be at in
memory. Use the IVT self field to validate the calculated ivt_addr bugging
out if the two values differ.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:40:03 +0000 (12:40 +0000)]
arm: imx: hab: Add IVT header verification
The IVT header contains a magic number, fixed length and one of two version
identifiers. Validate these settings before doing anything with a putative
IVT binary.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:40:02 +0000 (12:40 +0000)]
arm: imx: hab: Add IVT header definitions
The various i.MX BootROMs containing the High Assurance Boot (HAB) block
rely on a data structure called the Image Vector Table (IVT) to describe to
the BootROM where to locate various data-structures used by HAB during
authentication.
This patch adds a definition of the IVT header for use in later patches,
where we will break the current incorrect dependence on fixed offsets in
favour of an IVT described parsing of incoming binaries.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
u-boot command "hab_auth_img" tells a user that it takes
- addr - image hex address
- offset - hex offset of IVT in the image
but in fact the callback hab_auth_img makes to authenticate_image treats
the second 'offset' parameter as an image length.
Furthermore existing code requires the IVT header to be appended to the end
of the image which is not actually a requirement of HABv4.
This patch fixes this situation by
1: Adding a new parameter to hab_auth_img
- addr : image hex address
- length : total length of the image
- offset : offset of IVT from addr
2: Updates the existing call into authenticate_image() in
arch/arm/mach-imx/spl.c:jump_to_image_no_args() to pass
addr, length and IVT offset respectively.
This allows then hab_auth_img to actually operate the way it was specified
in the help text and should still allow existing code to work.
It has the added advantage that the IVT header doesn't have to be appended
to an image given to HAB - it can be prepended for example.
Note prepending the IVT is what u-boot will do when making an IVT for the
BootROM. It should be possible for u-boot properly authenticate images
made by mkimage via HAB.
This patch is the first step in making that happen subsequent patches will
focus on removing hard-coded offsets to the IVT, which again is not
mandated to live at the end of a .imx image.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:39:56 +0000 (12:39 +0000)]
arm: imx: hab: Fix authenticate_image result code
authenticate_image returns 1 for success and 0 for failure. That result
code is mapped directly to the result code for the command line function
hab_auth_img - which means when hab_auth_img succeeds it is returning
CMD_RET_FAILURE (1) instead of CMD_RET_SUCCESS (0).
This patch fixes this behaviour by making authenticate_image() return 0 for
success and 1 for failure. Both users of authenticate_image() as a result
have some minimal churn. The upshot is once done when hab_auth_img is
called from the command line we set $? in the standard way for scripting
functions to act on.
Fixes: 36c1ca4d46ef ("imx: Support i.MX6 High Assurance Boot
authentication")
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:39:55 +0000 (12:39 +0000)]
arm: imx: hab: Make authenticate_image return int
Both usages of authenticate_image treat the result code as a simple binary.
The command line usage of authenticate_image directly returns the result
code of authenticate_image as a success/failure code.
Right now when calling hab_auth_img and test the result code in a shell a
passing hab_auth_img will appear to the shell as a fail.
The first step in fixing this behaviour is to fix-up the result code return
by authenticate_image() itself, subsequent patches fix the interpretation
of authenticate_image so that zero will return CMD_RET_SUCCESS and non-zero
will return CMD_RET_FAILURE.
The first step is fixing the return type in authenticate_image() so do that
now.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Stephen Warren [Tue, 9 Jan 2018 19:52:14 +0000 (12:52 -0700)]
Makefile: ensure DTB doesn't overflow into initial stack
With CONFIG_SYS_INIT_SP_BSS_OFFSET enabled, the initial (pre-relocation)
stack is placed some distance after bss_start. The control DTB is appended
to the U-Boot binary at bss_start. If the DTB is too large, or the SP BSS
offset too small, then the initial stack could corrupt the DTB. Enhance
the Makefile to check whether this is likely to occur.
Signed-off-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Tom Warren <twarren@nvidia.com>
Stephen Warren [Tue, 9 Jan 2018 00:41:24 +0000 (17:41 -0700)]
ARM: Tegra186: calculate load addresses at boot
In the presence of potentially fragemented memory, we cannot hard-code
addresses into environment variables such as kernel_addr_r. Instead, we
must calculate those addresses at run-time based on available memory
locations. Implement the code to perform such runtime calculation, based
on requirements described in environment variables, to allow the user
full control over the allocation.
Signed-off-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Tom Warren <twarren@nvidia.com>
Stephen Warren [Thu, 4 Jan 2018 18:07:14 +0000 (11:07 -0700)]
ARM: Tegra186: don't map memory not in RAM banks
Tegra186 currently restricts its DRAM usage to entries in the /memory node
in the DTB passed to it. However, the MMU configuration always maps the
entire first 2GB of RAM. This could allow the CPU to speculatively access
RAM that isn't part of the in-use banks. This patch switches to runtime
construction of the table that's used to construct the MMU translation
tables, and thus prevents access to RAM that's not part of a valid bank.
Note: This patch is intended to prevent access to RAM regions which U-Boot
does not need to access, with the primary purpose of avoiding theoretical
speculative access to physical regions for which the HW will throw errors
(e.g. carve-outs that the CPU has no permission to access at a bus level,
bad ECC pages, etc.). In particular, this patch is not deliberately
related to the speculation-related security issues that were recently
announced. The apparent similarity is a coincidence.
Signed-off-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Tom Warren <twarren@nvidia.com>
Stephen Warren [Wed, 3 Jan 2018 21:32:35 +0000 (14:32 -0700)]
ARM: tegra: p2771-000: increase max DRAM bank count
On this platform, there may be up to 1024 unusable chunks of memory.
Increase CONFIG_NR_DRAM_BANKS so that U-Boot can remember all the banks
required to represent such fragmented memory.
Signed-off-by: Stephen Warren <swarren@nvidia.com> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Warren <twarren@nvidia.com>
Stephen Warren [Wed, 3 Jan 2018 21:32:34 +0000 (14:32 -0700)]
ARM: Tegra186: search for best RAM bank
In the future, the list of DRAM regions passed to U-Boot in the DTB may
be quite long and fragmented. Due to this, U-Boot must search through the
regions to find the best region to relocate into, rather than relying on
the current assumption that the top of bank 0 is a reasonable relocation
target. This change implements such searching.
Signed-off-by: Stephen Warren <swarren@nvidia.com> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Warren <twarren@nvidia.com>
Stephen Warren [Fri, 5 Jan 2018 20:04:54 +0000 (13:04 -0700)]
ARM: bootm: don't assume sp is in DRAM bank 0
arch_lmb_reserve() currently assumes that the stack pointer is within DRAM
bank 0. This is not necessarily true. Enhance the code to search through
DRAM banks until the bank that does contain SP is found, and then reserve
the tail of that bank.
Fixes: 2d1916e48bd8 ("ARM: add flat device tree support") Signed-off-by: Stephen Warren <swarren@nvidia.com> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Warren <twarren@nvidia.com>
Stephen Warren [Wed, 3 Jan 2018 21:31:51 +0000 (14:31 -0700)]
ARMv8: add optional Linux kernel image header
Allow placing a Linux kernel image header at the start of the U-Boot
binary. This is useful since the image header reports the amount of memory
(BSS and similar) that U-Boot needs to use, but that isn't part of the
binary size. This can be used by the code that loads U-Boot into memory to
determine where to load U-Boot, based on other users of memory.
Signed-off-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Tom Warren <twarren@nvidia.com>
Stephen Warren [Wed, 20 Dec 2017 01:30:37 +0000 (18:30 -0700)]
ARM: tegra: use CONFIG_SYS_INIT_SP_BSS_OFFSET
Enable CONFIG_SYS_INIT_SP_BSS_OFFSET for all 64-bit Tegra boards. Place
the stack/... 512KiB from the end of the U-Boot binary. This should be
plenty to accommodate the current DTBs (max 64 KiB), early malloc region
(6KiB), stack usage, and plenty of slack, while still not placing it too
far away from the U-Boot binary.
Signed-off-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Tom Warren <twarren@nvidia.com>
Stephen Warren [Wed, 20 Dec 2017 01:30:36 +0000 (18:30 -0700)]
ARMv8: Allow dynamic early stack pointer
U-Boot typically uses a hard-coded value for the stack pointer before
relocation. Implement option SYS_INIT_SP_BSS_OFFSET to instead calculate
the initial SP at run-time. This is useful to avoid hard-coding addresses
into U-Boot, so that can be loaded and executed at arbitrary addresses and
thus avoid using arbitrary addresses at runtime. This option's value is
the offset added to &_bss_start in order to calculate the stack pointer.
This offset should be large enough so that the early malloc region, global
data (gd), and early stack usage do not overlap any appended DTB.
Signed-off-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Tom Warren <twarren@nvidia.com>
Stephen Warren [Wed, 20 Dec 2017 01:30:34 +0000 (18:30 -0700)]
ARM: tegra: don't use CONFIG_SPL_TEXT_BASE when no SPL
64-bit Tegra don't use SPL, and soon won't define CONFIG_SPL_TEXT_BASE
when building. Fix the binman .dts file so that it doesn't use undefined
values.
Signed-off-by: Stephen Warren <swarren@nvidia.com> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Warren <twarren@nvidia.com>
Peng Fan [Tue, 2 Jan 2018 08:51:22 +0000 (16:51 +0800)]
mmc: fsl_esdhc: Fix eMMC 1.8v setting issue
Current USDHC driver will reset VSELECT to 0 (3.3v) during mmc init,
then set to 1 for 1.8v eMMC I/O. When booting from eMMC, since ROM has
already set VSELECT to 1.8v before running the u-boot. This reset in
USDHC driver causes a short 2.2v pulse on CMD pin.
Fix this issue by not reset VSELECT to 0 when 1.8v flag is set.
Signed-off-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>