xilinx: zynqmp: Use strlen only if env_get doesn't return null
Add check if boot_targets exists in environment and then
generate new_targets env accordingly. Performing strlen on
null address causes it to fail with exception if isolation
is enabled with DDR address zero as secure. It works with out
isolation enabled as zero is valid address but it may lead to
junk values in boot_targets.
This patch fixes the issue by checking return value of env_get
so that it generate boot_targets properly.
Signed-off-by: Siva Durga Prasad Paladugu <sivadur@xilinx.com> Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Michal Simek [Fri, 12 Jan 2018 13:24:50 +0000 (14:24 +0100)]
arm: zynq: Fix types in ps7_spl_init
The patch is fixing the following Warning:
arch/arm/mach-zynq/ps7_spl_init.c:133:24: warning: comparison between
signed and unsigned integer expressions [-Wsign-compare]
while (ioread(addr) < delay)
^
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Tom Rini [Tue, 16 Jan 2018 20:29:50 +0000 (15:29 -0500)]
tools: Update python "help" tests to cope with "more" oddities
In some cases when "more" is told to page a given file it will prepend
the output with:
::::::::::::::
/PATH/TO/THE/FILE
::::::::::::::
And when this happens the output will not match the expected length.
Further, if we use a different pager we will instead fail the coverage
tests as we will not have 100% coverage. Update the help test to remove
the string in question.
Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
Simon Glass [Sun, 24 Dec 2017 19:12:07 +0000 (12:12 -0700)]
dtoc: Allow DTC environment variable to provide path to dtc
The system device-tree compiler may not be new enough to run the tests we
use in U-Boot (e.g. with binman). Allow use of a DTC environment variable
to point to the correct dtc. If not defined, the dtc on the default PATH
is used.
Andre Przywara [Mon, 4 Dec 2017 02:05:13 +0000 (02:05 +0000)]
armv8: secure firmware: fix incorrect unit address in node name
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Remove the unit address from the config node name when U-Boot deals with
secure firmware FIT images.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Mon, 4 Dec 2017 02:05:12 +0000 (02:05 +0000)]
tools: fix incorrect usage of DT node unit address
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Correct the generated unit names when U-Boot's mkimage creates a FIT
image.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Mon, 4 Dec 2017 02:05:11 +0000 (02:05 +0000)]
sunxi: arm64: correct usage of DT node address in FIT generation
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Adjust the FIT build script for 64-bit Allwinner boards to remove the
bogus addresses from the node names and avoid the warnings.
This avoids a warning with recent versions of the dtc tool.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Mon, 4 Dec 2017 02:05:10 +0000 (02:05 +0000)]
fix incorrect usage of DT node unit address in comments
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Fix all occurences in the tree where node names were mentioned in
comments, to not give bad examples to the reader.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Mon, 4 Dec 2017 02:05:09 +0000 (02:05 +0000)]
doc: fix incorrect usage of DT node unit address
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Fix all occurences in various documentation files where this was not
observed, to not give bad examples to the reader.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Mon, 4 Dec 2017 02:05:08 +0000 (02:05 +0000)]
doc: FIT image: fix incorrect examples of DT node unit address
The DT spec demands a unit-address of a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Fix all occurences in the FIT image example files where this was not
observed, to not give bad examples to the reader.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Mon, 4 Dec 2017 02:05:07 +0000 (02:05 +0000)]
doc: FIT image: fix incorrect description of DT node unit address
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Fix all occurences in the FIT image documentation files where this was not
observed, to not give bad examples to the reader.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Simon Glass [Mon, 27 Nov 2017 03:26:01 +0000 (20:26 -0700)]
binman: Run code coverage tests
Binman has 100% test coverage for the code as it is at present. To
encourage it to stay that way, run the code-coverage test as part of the
normal U-Boot tests.
This is RFC because it requires the Python code coverage tools to be
available.
Rob Clark [Wed, 10 Jan 2018 10:34:39 +0000 (11:34 +0100)]
db410c: add reserved-memory node to dts
If lk lights up display and populates simple-framebuffer node, it will
also setup a reserved-memory node (needed by simplefb on linux). But
it isn't clever enough to cope when the reserved-memory node is not
present.
Rob Clark [Wed, 10 Jan 2018 10:34:37 +0000 (11:34 +0100)]
fdtdec: allow board to provide fdt for CONFIG_OF_SEPARATE
Similar to CONFIG_OF_BOARD, but in this case the fdt is still built by
u-boot build. This allows the board to patch the fdt, etc.
In the specific case of dragonboard 410c, we pass the u-boot generated
fdt to the previous stage of bootloader (by embedding it in the
u-boot.img that is loaded by lk/aboot), which patches the fdt and passes
it back to u-boot.
Signed-off-by: Rob Clark <robdclark@gmail.com>
[trini: Update board_fdt_blob_setup #if check] Signed-off-by: Tom Rini <trini@konsulko.com>
db410c: update wlan and bt mac addresses from firmware
The firmware that runs before u-boot modifies u-boot's device tree
adding the local-mac-address and local-bd-address properties for the
compatibles "qcom,wcnss-bt" and "qcom,wcnss-wlan".
This commit reads that firmware, retrieves the properties and fixups
the device tree that is passed to the kernel before booting.
env: enable accessing the environment in an EXT4 partition
For example to store the environment in a file named "/uboot.env" in MMC
"0", where partition "1" contains the EXT4 filesystem, the following
configs should be added to the board's default config:
Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
[trini: Fix some line over 80 chars issues] Signed-off-by: Tom Rini <trini@konsulko.com>
net: sh-eth: Change read/write() param to struct sh_eth_info
This changes Change structure used in sh_eth_read and sh_eth_write function
from struct sh_eth_dev to struct sh_eth_info. This is necessary to convert
to Driver Model.
Signed-off-by: Nobuhiro Iwamatsu <iwamatsu@nigauri.org> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
net: sh-eth: Fix coding style checked by checkpatch.pl
This fixes the chord style checked by checkpatch.pl.
Details of change details are as follows:
- Fix typo
Change from alligned to aligned.
- Remove whitespace before ','
- Add spaces preferred around that '|'
- Fix missing a blank line after declarations
- Remove space after a cast declaration
- Fix format of block comments
- Add a blank line after function/struct/union/enum declarations
Signed-off-by: Nobuhiro Iwamatsu <iwamatsu@nigauri.org> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Joe Hershberger [Wed, 8 Nov 2017 02:13:40 +0000 (18:13 -0800)]
net: dhcp: Allow "MAY_FAIL" to still try each adapter
This change allows the "MAY_FAIL" DHCP option to still attempt to
contact a DHCP server on each adapter and only give up once each
adapter has failed once. To get the existing behavior, set the
already-existing ethrotate=no variable.
Signed-off-by: Joe Hershberger <joe.hershberger@ni.com> Cc: Keng Soon Cheah <keng.soon.cheah@ni.com> Cc: Chen Yee Chew <chen.yee.chew@ni.com>
Add a b53_reg read/write command which allows inspecting the switch
registers. Because the Broadcom BCM53xx registers have different sizes,
we need to split the accesses in 8, 16, 32, 48 or 64 bits to obtain
expected results.
Reviewed-by: Stefan Roese <sr@denx.de> Acked-by: Joe Hershberger <joe.hershberger@ni.com> Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Make sure that we pad small packets to a minimum length of 60 bytes
(without FCS). This is necessary to interface with Ethernet switches
that will reject RUNT frames unless padded correctly.
Add a minimalistic Broadcom BCM53xx (roboswitch) switch driver similar
to the Marvell MV88E617x. This takes care of configuring the minimum
amount out of the switch hardware such that each user visible port
(configurable) and the CPU port can forward packets between each other
while preserving isolation with other ports.
This is useful for e.g: the Lamobo R1 board featuring a Broadcom
BCM53125 switch.
Reviewed-by: Stefan Roese <sr@denx.de> Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Jason Brown [Tue, 28 Nov 2017 19:12:43 +0000 (11:12 -0800)]
net: mvneta - Fixed recv() when multiple packets have arrived.
This patch fixes a problem in the mvneta driver where if more than
one packet arrives between calls to mvneta_recv(), the additional
descriptors will be marked as free even though only one descriptor
has been read and processed from the receive queue. This causes
the additional packet(s) to be delayed until the next packet arrives.
>From this point on all packets will be delayed because the receive
queue will contain unprocessed packets but the hardware shows no
busy descriptors.
Signed-off-by: Jason Brown <jason.brown@apcon.com> Reviewed-by: Stefan Roese <sr@denx.de> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Chris Brandt [Fri, 3 Nov 2017 13:30:13 +0000 (08:30 -0500)]
net: miiphybb: fix casting error
Since the return value is a signed int, if the leading MSB of rdreg is a 1,
it will get signed extended and will return a negative value which is an
error even though we read the correct value.
Fixes: dfcc496ed7e2 ("net: mii: Changes not made by spatch") Signed-off-by: Chris Brandt <chris.brandt@renesas.com> Acked-by: Nobuhiro Iwamatsu <iwamatsu@nigauri.org> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Chris Brandt [Fri, 3 Nov 2017 13:30:12 +0000 (08:30 -0500)]
net: sh-eth: remove sh_eth_offset_rz table
First, this table could never be included in the build anyway because
SH_ETH_TYPE_RZ is not defined until later in the file.
Second, the register PIR was missing, so PHY MDIO never worked.
Third, after adding the PIR register, the table is EXACTLY the same as
sh_eth_offset_gigabit, so there is no value to it.
Therefore, just delete it use the gigabit one.
Signed-off-by: Chris Brandt <chris.brandt@renesas.com> Acked-by: Nobuhiro Iwamatsu <iwamatsu@nigauri.org> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Chris Brandt [Fri, 3 Nov 2017 13:30:11 +0000 (08:30 -0500)]
net: sh-eth: fix inl and outl definitions
The macros inl and outl maybe already be defined from file
arch/arm/include/asm/io.h so there may be no reason to define them.
And if you do try defined them here, you get a redefined complier warning.
Signed-off-by: Chris Brandt <chris.brandt@renesas.com> Acked-by: Nobuhiro Iwamatsu <iwamatsu@nigauri.org> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Wilson Lee [Wed, 23 Aug 2017 03:25:07 +0000 (20:25 -0700)]
net: macb: Add support for Xilinx Zynq SoC
Although Xilinx Zynq SoC was using MACB similar hardware. However,
U-boot MACB driver was not supporting Xilinx Zynq SoC. This patch is
to add support for the Xilinx Zynq SoC to the existing MACB network
driver.
This patch is to add Zynq GEM DMA Config, provide callback
function for different linkspeed for case of using Xilinx Zynq
Programmable Logic as GMII to RGMII converter.
This patch convert the return value to use error codes.
Signed-off-by: Wilson Lee <wilson.lee@ni.com> Cc: Chen Yee Chew <chen.yee.chew@ni.com> Cc: Keng Soon Cheah <keng.soon.cheah@ni.com> Cc: Joe Hershberger <joe.hershberger@ni.com> Cc: Wenyou Yang <wenyou.yang@atmel.com> Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:40:19 +0000 (12:40 +0000)]
arm: imx: hab: Add hab_failsafe console command
hab_failsafe when called puts the part into BootROM recovery mode.
This will allow u-boot scripts to script the dropping down into recovery
mode.
=> hab_failsafe
Shows the i.MX7 appear as "hiddev0,hidraw5: USB HID v1.10 Device [Freescale
SemiConductor Inc SP Blank ULT1] " in a Linux dmesg thus allowing download
of a new image via the BootROM USB download protocol routine.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:40:18 +0000 (12:40 +0000)]
arm: imx: hab: Implement hab_rvt_failsafe
This patch implements the basic callback hooks for
hab_rvt_check_failsafe for BootROM code using the older BootROM address
layout - in my test case the i.MX7. Code based on new BootROM callbacks
will just do nothing and there's definitely a TODO to implement that extra
functionality on the alternative BootROM API.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:40:17 +0000 (12:40 +0000)]
arm: imx: hab: Define rvt_failsafe()
The hab_rvt_failsafe() callback according to the HABv4 documentation:
"This function provides a safe path when image authentication has failed
and all possible boot paths have been exhausted. It is intended for use by
post-ROM boot stage components, via the ROM Vector Table."
Once invoked the part will drop down to its BootROM USB recovery mode.
Should it be the case that the part is in secure boot mode - only an
appropriately signed binary will be accepted by the ROM and subsequently
executed.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:40:16 +0000 (12:40 +0000)]
arm: imx: hab: Make imx_hab_is_enabled global
It will be helpful to boot commands to know if the HAB is enabled. Export
imx_hab_is_enabled() now to facilitate further work with this data-point in
a secure-boot context.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:40:15 +0000 (12:40 +0000)]
arm: imx: hab: Make authenticate_image() return zero on open boards
The BootROM will not successfully process a HAB image passed by u-boot
unless the board has been set into locked mode. Some of the existing usages
of authenticate_image() expect and rely on unlocked boards doing the
following
1. Not calling into the BootROM authenticate_image() callback
2. Returning a pass status for authenticate_image() calls anyway
A previous patch removed the necessity to call into imx_hab_is_enabled()
twice. This patch ensures the reliance on authenticate_image() returning
zero is maintained.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Suggested-by: Breno Matheus Lima <brenomatheus@gmail.com> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com>
Understanding if the HAB is enabled is something that we want to
interrogate and report on outside of the HAB layer. First step to that is
renaming the relevant function to match the previously introduced external
naming convention imx_hab_function()
The name imx_hab_is_hab_enabled() is a tautology. A more logical name is
imx_hab_is_enabled().
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:40:13 +0000 (12:40 +0000)]
arm: imx: hab: Prefix authenticate_image with imx_hab
Tidy up the HAB namespace a bit by prefixing external functions with
imx_hab. All external facing functions past this point will be prefixed in
the same way to make the fact we are doing IMX HAB activities clear from
reading the code. authenticate_image() could mean anything
imx_hab_authenticate_image() is on the other hand very explicit.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:40:11 +0000 (12:40 +0000)]
arm: imx: hab: Print HAB event log only after calling ROM
The current flow of authenticate_image() will print the HAB event log even
if we reject an element of the IVT header before ever calling into the ROM.
This can be confusing.
This patch changes the flow of the code so that the HAB event log is only
printed out if we have called into the ROM and received some sort of status
code.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Suggested-by: Cc: Breno Matheus Lima <brenomatheus@gmail.com> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:40:10 +0000 (12:40 +0000)]
arm: imx: hab: Add a hab_rvt_check_target to image auth
Add a hab_rvt_check_target() step to authenticate_image() as a sanity
check for the target memory region authenticate_image() will run over,
prior to making the BootROM authentication callback itself.
This check is recommended by the HAB documentation so it makes sense to
adhere to the guidance and perform that check as directed.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:40:09 +0000 (12:40 +0000)]
arm: imx: hab: Implement hab_rvt_check_target
This patch implements the basic callback hooks for hab_rvt_check_target()
for BootROM code using the older BootROM address layout - in my test case
the i.MX7. Code based on new BootROM callbacks will just have HAB_SUCCESS
as a result code. Adding support for the new BootROM callbacks is a TODO.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:40:08 +0000 (12:40 +0000)]
arm: imx: hab: Define rvt_check_target()
The hab_rvt_check_target() callback according to the HABv4 documentation:
"This function reports whether or not a given target region is allowed for
either peripheral configuration or image loading in memory. It is intended
for use by post-ROM boot stage components, via the ROM Vector Table, in
order to avoid configuring security-sensitive peripherals, or loading
images over sensitive memory regions or outside recognized memory devices
in the address map."
It is a useful function to support as a precursor to calling into
authenticate_image() to validate the target memory region is good.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:40:06 +0000 (12:40 +0000)]
arm: imx: hab: Print CSF based on IVT descriptor
The IVT gives the absolute address of the CSF. There is no requirement for
the CSF to be located adjacent to the IVT so lets use the address provided
in the IVT header instead of the hard-coded fixed CSF offset currently in
place.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
The IVT is a self-describing structure which contains a self field. The
self field is the absolute physical base address the IVT ought to be at in
memory. Use the IVT self field to validate the calculated ivt_addr bugging
out if the two values differ.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:40:03 +0000 (12:40 +0000)]
arm: imx: hab: Add IVT header verification
The IVT header contains a magic number, fixed length and one of two version
identifiers. Validate these settings before doing anything with a putative
IVT binary.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:40:02 +0000 (12:40 +0000)]
arm: imx: hab: Add IVT header definitions
The various i.MX BootROMs containing the High Assurance Boot (HAB) block
rely on a data structure called the Image Vector Table (IVT) to describe to
the BootROM where to locate various data-structures used by HAB during
authentication.
This patch adds a definition of the IVT header for use in later patches,
where we will break the current incorrect dependence on fixed offsets in
favour of an IVT described parsing of incoming binaries.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
u-boot command "hab_auth_img" tells a user that it takes
- addr - image hex address
- offset - hex offset of IVT in the image
but in fact the callback hab_auth_img makes to authenticate_image treats
the second 'offset' parameter as an image length.
Furthermore existing code requires the IVT header to be appended to the end
of the image which is not actually a requirement of HABv4.
This patch fixes this situation by
1: Adding a new parameter to hab_auth_img
- addr : image hex address
- length : total length of the image
- offset : offset of IVT from addr
2: Updates the existing call into authenticate_image() in
arch/arm/mach-imx/spl.c:jump_to_image_no_args() to pass
addr, length and IVT offset respectively.
This allows then hab_auth_img to actually operate the way it was specified
in the help text and should still allow existing code to work.
It has the added advantage that the IVT header doesn't have to be appended
to an image given to HAB - it can be prepended for example.
Note prepending the IVT is what u-boot will do when making an IVT for the
BootROM. It should be possible for u-boot properly authenticate images
made by mkimage via HAB.
This patch is the first step in making that happen subsequent patches will
focus on removing hard-coded offsets to the IVT, which again is not
mandated to live at the end of a .imx image.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:39:56 +0000 (12:39 +0000)]
arm: imx: hab: Fix authenticate_image result code
authenticate_image returns 1 for success and 0 for failure. That result
code is mapped directly to the result code for the command line function
hab_auth_img - which means when hab_auth_img succeeds it is returning
CMD_RET_FAILURE (1) instead of CMD_RET_SUCCESS (0).
This patch fixes this behaviour by making authenticate_image() return 0 for
success and 1 for failure. Both users of authenticate_image() as a result
have some minimal churn. The upshot is once done when hab_auth_img is
called from the command line we set $? in the standard way for scripting
functions to act on.
Fixes: 36c1ca4d46ef ("imx: Support i.MX6 High Assurance Boot
authentication")
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Bryan O'Donoghue [Fri, 12 Jan 2018 12:39:55 +0000 (12:39 +0000)]
arm: imx: hab: Make authenticate_image return int
Both usages of authenticate_image treat the result code as a simple binary.
The command line usage of authenticate_image directly returns the result
code of authenticate_image as a success/failure code.
Right now when calling hab_auth_img and test the result code in a shell a
passing hab_auth_img will appear to the shell as a fail.
The first step in fixing this behaviour is to fix-up the result code return
by authenticate_image() itself, subsequent patches fix the interpretation
of authenticate_image so that zero will return CMD_RET_SUCCESS and non-zero
will return CMD_RET_FAILURE.
The first step is fixing the return type in authenticate_image() so do that
now.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
projects / u-boot / log