If we check an index against array bounds, we should do so before
accessing the array and not afterwards.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Fix NOR, SD and QSPI fallback option in case of secure boot failure.
Signed-off-by: Vinitha V Pillai <vinitha.pillai@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
IFC-NOR and QSPI-NOR pins are multiplexed on SoC, so they cannot be
accessed simultaneously. IFC-NOR can be accessed along with SD-BOOT.
Ls1088aqds_sdcard_ifc_defconfig is default config for SD boot and
IFC-NOR to be used as flash. This allows writing to IFC-NOR flash.
QSPI and DSPI cannot be accessed in this defconfig.
IFC-NOR image is generated using ls1088aqds_defconfig.
Signed-off-by: Ashish Kumar <Ashish.Kumar@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
This function is required for enabling access to early i2c function
for correct usage of QIXIS_READ and QIXIS_WRITE.
Signed-off-by: Ashish Kumar <Ashish.Kumar@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
get_board_ddr_clk(), get_board_sys_clk() and if_board_diff_clk() is
now available for SPL build.
Signed-off-by: Ashish Kumar <Ashish.Kumar@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
This patch makes it possible to verify the contents and location of an
OPTEE image in DRAM prior to handing off control to that image. If image
verification fails we won't try to boot any further.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Suggested-by: Andrew F. Davis <afd@ti.com>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Peng Fan <peng.fan@nxp.com>
This patch adds a new type IH_OS_TEE. This new OS type will be used for
chain-loading to Linux via a TEE.
With this patch in-place you can generate a bootable OPTEE image like this:
mkimage -A arm -T kernel -O tee -C none -d tee.bin uTee.optee
where "tee.bin" is the input binary prefixed with an OPTEE header and
uTee.optee is the output prefixed with a u-boot wrapper header.
This image type "-T kernel -O tee" is differentiated from the existing
IH_TYPE_TEE "-T tee" in that the IH_TYPE is installed by u-boot (flow
control returns to u-boot) whereas for the new IH_OS_TEE control passes to
the OPTEE firmware and the firmware chainloads onto Linux.
Andrew Davis gave the following ASCII diagram:
IH_OS_TEE: (mkimage -T kernel -O tee)
Non-Secure Secure
BootROM
|
-------------
|
v
SPL
|
v
U-Boot ------>
<----- OP-TEE
|
V
Linux
IH_TYPE_TEE: (mkimage -T tee)
Non-Secure Secure
BootROM
|
-------------
|
v
SPL ------->
<----- OP-TEE
|
v
U-Boot
|
V
Linux
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Suggested-by: Andrew F. Davis <afd@ti.com>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Peng Fan <peng.fan@nxp.com>
Link: http://mrvan.github.io/optee-imx6ul
When encountering an error in OPTEE verification print out various details
of the OPTEE header to aid in further debugging of encountered errors.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Peng Fan <peng.fan@nxp.com>
Tested-by: Peng Fan <peng.fan@nxp.com>
This patch adds optee_verify_bootm_image() which will be subsequently used
to verify the parameters encoded in the OPTEE header match the memory
allocated to the OPTEE region, OPTEE header magic and version prior to
handing off control to the OPTEE image.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Peng Fan <peng.fan@nxp.com>
This patch adds optee_image_get_load_addr() a helper function used to
calculate the load-address of an OPTEE image based on the lower
entry-point address given in the OPTEE header.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Peng Fan <peng.fan@nxp.com>
Tested-by: Peng Fan <peng.fan@nxp.com>
Add a helper function for extracting the least significant 32 bits from the
OPTEE entry point address, which will be good enough to load OPTEE binaries
up to (2^32)-1 bytes.
We may need to extend this out later on but for now (2^32)-1 should be
fine.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Peng Fan <peng.fan@nxp.com>
Tested-by: Peng Fan <peng.fan@nxp.com>
CONFIG_OPTEE_LOAD_ADDR is used to tell u-boot where to load the OPTEE
binary into memory prior to handing off control to OPTEE.
We need to pull this value out of u-boot in order to produce an IMX IVT/CSF
signed pair for the purposes of secure boot. The best way to do that is to
have CONFIG_OPTEE_LOAD_ADDR appear in u-boot.cfg.
Adding new CONFIG entires to u-boot should be kconfig driven so this patch
does just that.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: Ryan Harkin <ryan.harkin@linaro.org>
OPTEE is currently linked to a specific area of memory called the TrustZone
DRAM. This patch adds a CONFIG entry for the default address of TrustZone
DRAM that a board-port can over-ride. The region that U-Boot sets aside for
the OPTEE run-time should be verified before attempting to hand off to the
OPTEE run-time. Each board-port should carefully ensure that the TZDRAM
address specified in the OPTEE build and the TZDRAM address specified in
U-Boot match-up.
Further patches will use TZDRAM address with other defines and variables to
carry out a degree of automated verification in U-Boot prior to trying to
boot an OPTEE image.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
OPTEE is currently linked to a specific area of memory called the TrustZone
DRAM. This patch adds a CONFIG entry for the default size of TrustZone DRAM
that a board-port can over-ride. The region that U-Boot sets aside for the
OPTEE run-time should be verified before attempting to hand off to the
OPTEE run-time. Each board-port should carefully ensure that the TZDRAM
size specified in the OPTEE build and the TZDRAM size specified in U-Boot
match-up.
Further patches will use TZDRAM size with other defines and variables to
carry out a degree of automated verification in U-Boot prior to trying to
boot an OPTEE image.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Peng Fan <peng.fan@nxp.com>
Tested-by: Peng Fan <peng.fan@nxp.com>
This patch adds code to lib to enable sharing of useful OPTEE code between
board-ports and architectures. The code on lib/optee/optee.c comes from the
TI omap2 port. Eventually the OMAP2 code will be patched to include the
shared code. The intention here is to add more useful OPTEE specific code
as more functionality gets added.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Peng Fan <peng.fan@nxp.com>
Tested-by: Peng Fan <peng.fan@nxp.com>
ppc4xx support was removed some time ago. Lets remove the now unused
entry in MAINTAINERS as well.
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
ppc4xx support was removed some time ago. Lets remove the now unused
"pci_fb" variable from "struct pci_controller" as well.
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Bin Meng <bmeng.cn@gmail.com>
Cc: Simon Glass <sjg@chromium.org>
ppc4xx support was removed some time ago. Lets remove the now unused
NAND driver and all its references for this platform as well.
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Scott Wood <oss@buserror.net>
Add first support for STM32MP157C-ED1 board with "Basic" boot chain
1/ Boot Rom: load SPL with STM32 image header in SYSRAM
2/ SPL: power up and initialize the DDR and load U-Boot image
from SDCARD in DDR
3/ U-Boot: search and load extlinux.conf in SDCARD
(DISTRO activated)
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Add minimal devicetree for STM32MP157C-ED1 board,
with only the devices to allow boot from SDCARD:
- RCC for clock and reset
- UART4 for console
- I2C and PMIC
- DDR
- SDMMC0 for SDCard
Waiting Kernel upstream for alignment.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
add RCC clock driver for STMP32MP157
- base on driver model = UCLASS_CLK
- support ops to enable, disable and get rate
of all SOC clock needed by U-Boot
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
- add the 2 new compatible used by STM32MP157
"st,stm32mp157-pinctrl"
"st,stm32mp157-z-pinctrl"
- update the mask for the port
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
This driver implements register read/write operations for STPMU1.
The STPMU1 PMIC provides 4 BUCKs, 6 LDOs, 1 VREF
and 2 power switches. It is accessed via an I2C interface.
This device is used with STM32MP1 SoCs.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
- add new arch stm32mp for STM32 MPU/Soc based on Cortex A
- support for stm32mp157 SOC
- SPL is used as first boot stage loader
- using driver model for all the drivers, even in SPL
- all security feature are deactivated (ETZC and TZC)
- reused STM32 MCU drivers when it is possible
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Kmalloc is using memalign allocation function. It is not necessary to
align this structure so to save bytes, we move to calloc.
And kmalloc function can't be used in SPL early stage (in board_init_f())
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Update the GPIO driver to support a live device tree.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
The current value timer_rate_hz causes a problem with function
timer_get_us() from lib time and then an issue with
readx_poll_timeout() function.
With corrected value for tbclk() = timer_rate_hz = CONFIG_SYS_HZ_CLOCK
the weak functions in lib timer can be used:
- get_timer()
- __udelay()
So the specific function in this file are removed.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Add option to include RESET driver and uclass in SPL.
That can be useful to handle IP reset with same driver
in U-Boot and in SPL.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
STM32MP157 bootrom needs a specific header for first boot stage.
This patch adds support of this header in mkimage.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
If the U-Boot environment is stored in a regular file and redundant
operation isn't set, then write to a temporary file and perform an
atomic rename.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Extract write path of flash_io() into a separate function. This patch
should be a functional no-op.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Reviewed-by: Stefano Babic <sbabic@denx.de>
Pass tools/env/fw_env.c through indent to correct style violations. This
commit consists of only one non-whitespace change:
tools/env/fw_env.c:549: error: do not use assignment in if condition
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
U-boot proper signature is not verified by SPL on most platforms
even config SPL_FIT_SIGNATURE is enabled. Only fsl-layerscape
platform support secure boot in platform specific code. So
verified boot cannot be achieved if u-boot proper is loaded by
SPL.
This patch add signature verification to u-boot proper images
when loading FIT image in SPL. It is tested on Allwinner bananapi
zero board with H2+ SoC.
Signed-off-by: Jun Nie <jun.nie@linaro.org>
Add proper and simple kconfig option for dram_sun8i_a83t.c
instead of using MACH type on Makefile.
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Acked-by: Maxime Ripard <maxime.ripard@bootlin.com>
Add proper and simple kconfig option for dram_sun8i_a33.c
instead of using MACH type on Makefile.
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Acked-by: Maxime Ripard <maxime.ripard@bootlin.com>
Álvaro Fernández Rojas
Heinrich Schuchardt
Tom Rini
Vinitha V Pillai
Ashish Kumar
Bryan O'Donoghue
Stefan Roese
Patrick Delaunay
Alex Kiernan
Jun Nie
Jagan Teki