12 Nov, 2018
26 commits
-
- temp fix for boot hangup with camera
This reverts commit a8109598e7dca72d415ad5d26ac5868b88da9dfc.
Bug: 115532706
Test: test boot up
Change-Id: I7bb1bc14eb81ae0965fc03abdf5cb65444720d13 -
Add support for fastboot variable 'at-vboot-state', it's composed
by 6 sub-variable: 'bootloader-locked', 'bootloader-min-versions',
'avb-perm-attr-set', 'avb-locked', 'avb-unlock-disabled' and
'avb-min-versions'.Test: All 'at-vboot-state' variables are returned
correctly on imx7d_pico and AIY.Change-Id: Ibb855cbcc7c41657af62dafb98a96c4dfb96ef22
Signed-off-by: Ji Luo -
Device will be locked permanently after disabling the unlcok vboot, store
the disable unlock vboot status into fuse. Since the fuse write operation
is irreversible so config 'CONFIG_AVB_FUSE' is disabled by default, user
need to add this config manually and run this command again.Test: Disable unlock vboot bit is set after enabling "CONFIG_AVB_FUSE",
device was locked permanently after running this command. This is
verified on both imx7d_pico and AIY.Change-Id: Iad8991a238763b1d662e33cba65f0b9eb44e97ef
Signed-off-by: Ji Luo -
Supoort "fastboot oem at-lock-vboot" command for Android
Things, this command can only be called after perm-attr
have been fused.Test: build and boot ok on imx7d_pico and AIY.
Change-Id: Ifcfeb2a38d88c5d12b46a1d9ea61b182ae2e7bcb
Signed-off-by: Ji Luo -
Add fastboot commands "fastboot oem at-get-vboot-unlock-challenge"
and "fastboot oem at-unlock-vboot" to support the authenticated
unlock feature for Android Things devices. Use software random
numbers generator to generate the 16 bytes random challenge, it
should be replaced with hardware encrypted random generator when
the TEE part is ready.Test: Generate unlock challenge by:
./avbtool make_atx_unlock_credential
--output=atx_unlock_credential.bin
--intermediate_key_certificate=atx_pik_certificate.bin
--unlock_key_certificate=atx_puk_certificate.bin
--challenge=my_generated_challenge.bin
--unlock_key=testkey_atx_puk.pem
validated the unlock credential successfully on imx7d_pico
and AIY.Change-Id: I4b8cee87c9e96924169479b65020a081136681f6
Signed-off-by: Ji Luo -
Change-Id: Ia9e76742d0501d3222d5837057d8bc916f2ff989
Signed-off-by: Haoran.Wang -
for Android Things, sha256 is caculated with software, for Android Auto,
sha256 is caculated with CAAM hardware module. so use macro to seperate
the code about hardware crypto service.Change-Id: Ibf4cad2c98240ab2c826869e9cb28ad09bded2f6
Signed-off-by: faqiang.zhu -
Change some includes in include/trusty/sysdeps.h
to match our platform.Test: build pass for imx7d and imx8m.
Change-Id: I01fd3634413f358ead8c9b67d05def544682c274
Signed-off-by: Luo Ji -
Trusty image should be loaded to different address for AIY 1G/3G ddr
board which have different ddr size. Use board id to distinguish
different baseboard, load trusty image to 0x7e00_0000 for AIY 1G ddr
board and 0xfe00_0000 for AIY 3G ddr board.Test: build and boot Trusty ok for AIY 1G/3G ddr board.
Change-Id: I62d8a19b13fe19f38075512a6faa4bbb36f74791
Signed-off-by: Ji Luo -
Align the callback to ARM64 environment for
Trusty OS.TEST: AIY-3G & AIY-1G board's TIPC and AVB handler
works.Change-Id: I65806f56267a4a9278db04a462e351da181618cc
Signed-off-by: Haoran.Wang -
Per security requirement, attestation of keymaster
supported by Trusty OS should support both P256
and curve25519 algorithm for Diffie-Hellman.TEST: Works on AIY boards by below commands:
$fastboot getvar at-attest-dhChange-Id: I3244f8d8b677222463b4e8fc75412e54dadeb23e
Signed-off-by: Haoran.Wang -
Because sysdeps.h in trusty include stdint.h, so we need to define
USE_STDINT.Test: Local build test and flash on imx7d. Verify provision som
key and product key succeed.
Bug: None
Change-Id: I08db7c10dd4453a87f15ff4432335fe4c41f9c5f -
Test: Modify imx7d bootloader in b/1074236 and test with new
keymaster app.
Bug: 77873456Change-Id: I0083630fa44c2c9fd0cabba7e7c1553488579d4e
-
Change-Id: I1c800fe39b5999169edd6e2acb9f66e557a3a86e
-
Obtaining the memory attributes can be done indepentently of the
bootloader environment and is now done by the ipc layer.Updated u-boot example to reflect this.
Change-Id: I8e649a1367ba02981419c43aac6e55b469dcf651
-
Changed trusty_membuf_alloc and trusty_membuf_free to trusty_alloc_pages and
trusty_free_pages. The memory allocated by these functions is intended
to be shared with the secure world so it should be inherently page based.Updated u-boot sysdeps and trusty_ipc_dev_create/shutdown to use these
new functionsChange-Id: Ica1aa5b0cb50eba6ce18914d048e731133d94c4f
-
Change-Id: I4b52d9ba71c9d4fa959f19ee7d741c46dcdef09a
-
Change-Id: I53c44e1b6641a8b7fddfa24d125b20868ef3496b
-
This allows ipc devices to provide service callbacks (e.g. rpmb) transparently
to the application instead of needing to have prior knowledge of the expected
request and having to poll the individual services' channels separately.Change-Id: I3257ae5e429f4a0c279f070d750b56c5600c38d5
-
Change-Id: I28e55ebf15a8bff33c9f03373747c10e914126fa
-
trusty_encode_page_info now also supports EL2 and EL3 in 64-bit environments
and PL1 and PL2 in 32-bitChange-Id: I296212ae7a1f0b276279819523a13eb1cfaf2a26
-
Change-Id: Ib4d648cf939d62f59030f43faaaf7eb37c718d4d
-
Flashing a signed vbmeta image adds extra
parameters to the kernel command line, overflowing
the buffer and corrupting the global data struct.
Increase the command line buffer size from 512
to 1024 to accomodate the extra data, and change
the sprintf's to snprintf's to prevent this from
happening if more parameters are added later.This bug was exposed by
Idd55dde79eed793dccdd7319600fbd04e11ca12d.Bug: 112397808
Test: Device boots with images from console and
from local build.Change-Id: If73d04007d54193527e11e11c6ef326110e899b6
-
for 1GB ram: cma=296M galcore.contiguousSize=8388608
for 3GB ram: cma=384M
Test: Boot successfully on AIY-1G & AIY-3GChange-Id: If082d5b751b5a5e06efe301c0b8e49ec4ac3dfb7
Signed-off-by: faqiang.zhu
Reviewed-on: http://androidsource.ap.freescale.net/project/5262
Reviewed-by: Wang Haoran
Signed-off-by: faqiang.zhu -
Change-Id: I5969217e400ab494f9a74662d1d228fcf2e2d465
-
Set BUCK2 output for VDD_ARM to 0.85v
Set BUCK3 output for VDD_GPU off
Set BUCK4 output for VDD_VPU offChange-Id: I26b47b72ae6b8e714d12345b20324490f0947f56
Signed-off-by: faqiang.zhu
Reviewed-on: http://androidsource.ap.freescale.net/project/5177
Reviewed-by: zhang bo
09 Nov, 2018
5 commits
-
Before parsing the image header, try to check if there is a container and
validate it first. If no (valid) container then as a fall-through parse
the image as before.Signed-off-by: Abel Vesa
Reviewed-by: Ye Li -
The check for CONFIG_SPL_SPI_LOAD is fixed, get rid of ret local variable
(that's actually a bug) and fix the length for the spi_flash_read call.Signed-off-by: Abel Vesa
Reviewed-by: Ye Li -
RPMB storage proxy service will return fail if the rpmb key is not
correct, we should not return early here if the rpmb key has not
been set because we still need to initialize the hwcrypto service
to generate the rpmb key blob.
This commit also adds more hint when set the rpmb key.Change-Id: I8ee59e4e277b545283d63b1070e671d508dbe0c2
Signed-off-by: Luo Ji -
According to SCFW API requirement, when setting the clock parent,
the clock must be disabled. Otherwise it will return ERR_BUSY.When using SPL booting on iMX8QXP, both SPL and regular u-boot will
init the USDHC clock. So the second one in regular u-boot will fail
if we don't disable the clock before setting the parent.Signed-off-by: Ye Li
Reviewed-by: Peng Fan -
Some configs are missed in imx8mm_evk_fspi_defconfig file, so the FAT
commands are not supported in flexspi u-boot and cause kernel booting
failed from SD card.
Also add the missed splash screen configs for MIPI DSI.Signed-off-by: Ye Li
07 Nov, 2018
4 commits
-
This intends to replace the FIT image support since that cannot be
authenticated. Instead, we append another container at the end of
flash.bin, this new one containing a new container with two
images representing the ATF and uboot proper.Signed-off-by: Abel Vesa
Reviewed-by: Ye Li -
Since from B0 TO, there is a Mirror of JTAG ID register added in
SIM. We can read the part revision from this register.
Update codes to use this register.Signed-off-by: Ye Li
Reviewed-by: Peng Fan -
The power domain driver is not ready when running board_early_init_f,
but we call it imx8qxp_gpmi_nand_initialize. so this cause u-boot reset
in early stage.Signed-off-by: Ye Li
Tested-by: Han Xu -
When booting from NAND/SPINOR/WEIMNOR boot devices, the fastboot will
print "unsupported boot device". This warning is used by android fastboot
when setting its "bootcmd". Since android does not support these devices.
so it gives the warning correctly.
But for BSP normal boot, this warning will bring confuse to users. So
change to check the "bootcmd" before giving such warning.Signed-off-by: Ye Li
Reviewed-by: Peng Fan
06 Nov, 2018
1 commit
-
When using gcc 4.9 to build SPL, the image size is beyond current
limitation 128KB. This gcc version is used in android tool chain. So
enlarge the SPL max size to 148KB. This value is also aligned with
other imx8mq/mm boards settings.Signed-off-by: Ye Li
Reviewed-by: Peng Fan
03 Nov, 2018
4 commits
-
added emmc_dev and sd_dev
Signed-off-by: Frank Li
-
Refact the i.MX8MQ dram init flow to reuse the common dram
driver used by i.MX8MM.Signed-off-by: Bai Ping
-
Sometimes, SPL need to pass the trained FSP drate to ATF
if DDR PHY bypass mode is not enabled. So add a fsp_table
to pass these info to ATF. additionally, add more clock
frequency point config to support for code reuse for i.MX8MQ.Signed-off-by: Bai Ping
-
Change the dram_pll_init function API to make it same
as i.MX8MM, so the dram init flow can use call the same
API for these two different SOC.Signed-off-by: Bai Ping