27 Apr, 2020
20 commits
-
Old documentation styling mentioned all iMX8M devices variants (iMX8M,
iMX8MM, iMX8MN) for every SoC reference.As the secure/encrypted boot procedure is similar for all the variants
(including iMX8MP), make this information common for the whole iMX8M
family to keep the documentation clean instead of adding iMX8MP on every
reference.
Specific information for single variants is described when needed.Signed-off-by: Vanessa Maegima
Reviewed-by: Ye Li
(cherry picked from commit 24c72869a608ffbcce908770953a6d87514f2253) -
Update SECO event example description to clarify the
error reported.Signed-off-by: Breno Lima
Reviewed-by: Ye Li
(cherry picked from commit 1018252a576697e8f80ab78a1dcb15f1866e1fb8) -
Add AHAB encrypted boot documentation for i.MX8/8x family devices
covering the following topics:- How to encrypt and sign the 2nd container in flash.bin image.
- How to encrypt and sign a standalone container image.Include a CSF example to encrypt 2nd container in flash.bin image.
Signed-off-by: Catia Han
Signed-off-by: Breno Lima
(cherry picked from commit dc18ee2c6c06ab9364dc08c70830acc8c6dcceac) -
Add HABv4 encrypted boot documentation for i.MX8M, i.MX8MM and i.MX8MN
family devices covering the following topics:- How to encrypt and sign a flash.bin image.
- How to manage CAAM PRIBLOBs when using encrypted boot
- Add 4 CSF examples.Reviewed-by: Ye Li
Reviewed-by: Marius Grigoras
Signed-off-by: Breno Lima
(cherry picked from commit eee57255e0b0ea3a2808d3a2c19c8685afbac39b) -
The u-boot.bin file is not included in flash.bin binary, remove it
from mx8m_mx8mm_secure_boot.txt guide.Reviewed-by: Ye Li
Signed-off-by: Breno Lima
(cherry picked from commit 92f238a1faaae3bbad27873704d33277f0663c40) -
Commit 28dd37699022("imx8: Clean up targets") in imx-mkimage project
renamed flash_linux target to flash_kernel.Update AHAB documentation to align with this change.
Reported-by: Frank Zhang
Reviewed-by: Ye Li
Signed-off-by: Breno Lima
(cherry picked from commit 8713142afd953e89bb6aa460716692fbb0a6a413) -
Since we have changed imx-mkimage flash_spl_container target
to flash_spl, also update it in u-boot ahab document.Signed-off-by: Ye Li
Acked-by: Peng Fan
(cherry picked from commit f850d467db9cf3b9b58688b96f1b4d9d8632b07d)
(cherry picked from commit 6b86e3f2f9dd7a29ee817119340ef61efb010cf6) -
Fix a typo in path provided for imx-mkimage iMX8QM and iMX8QXP directories.
Reported-by: Marius Grigoras
Signed-off-by: Breno Lima
Reviewed-by: Ye Li
(cherry picked from commit c75243c1a87a10f003377d9c144bcf412ba80440)
(cherry picked from commit ee024325a0a32b248c4ddb4bb04768bcfb933694) -
The commands included in introduction guide should not be used as
reference for programming the SRK Hash fuses as they are in big
endian.Add a note to avoid a possible mistake.
Reported-by: Clement Le Marquis
Signed-off-by: Breno Lima
Reviewed-by: Ye Li
(cherry picked from commit 137319826cc32d98a9b6890f35dd6670e104c2a5)
(cherry picked from commit 03d49480f73ce62de4f759fe02dfcf82726b8b79) -
Since commit 771b824728ca ("MLK-20919 imx8: ahab: Add command to
close the chip") the U-Boot is able to move the lifecycle from
NXP closed to OEM closed.Update AHAB guides to use U-Boot ahab_close command instead of SCFW CLI.
As the procedure is now independent of SCFW terminal we can remove
this condition from documentation.Signed-off-by: Breno Lima
Reviewed-by: Ye Li
(cherry picked from commit 6f93d877e1454024f666a4810d24148cf595429e)
(cherry picked from commit 4f6bc59ff94de150611d82b45365d24d356f30ef) -
Starting in L4.14.78 release, the OP-TEE CAAM driver does not set the
JROWN_NS field in case LMID is locked.We need to include the Unlock MID command in CSF file otherwise device
will fail to boot in HAB closed mode.Add section to avoid crash when OP-TEE is enabled.
Reported-by: Frank Zhang
Signed-off-by: Breno Lima
Reviewed-by: Ye Li
(cherry picked from commit af03284ad38bd03ef1f0d4942842629db93d2c11)
(cherry picked from commit 66f05532d587e50631eef066c4190936e0d33583) -
Since commit cf2acc5b7cde ("MLK-18942-2 imx8: ahab: Add ahab_status
command") the U-Boot is able to display and parse the SECO events.Update AHAB guides to use U-Boot ahab_status command instead of
SCFW CLI.Starting in SECO FW v0.2.0 engineering release an invalid image
integrity is logged as an event in open mode. As ahab_status
is able to return this event the note can be removed.Signed-off-by: Breno Lima
Reviewed-by: Ye Li
(cherry picked from commit 385ed19051a47f5858e8d326e5ee97f8a08a679d)
(cherry picked from commit 4a88ca0aecec31d0877d7a620fa796a83387a195) -
The set_priblob_bitfield command is enabled by selecting
CONFIG_CMD_PRIBLOB.Fix typo in mx6_mx7_encrypted_boot.txt guide.
Signed-off-by: Breno Lima
(cherry picked from commit 99f9696ef5f7d1c0f93b7d910e884890fca6c973)
(cherry picked from commit e3fbcaa744db8d4f0556c67c788ada939404a892) -
The current U-Boot implementation includes SPL targets for i.MX8QM and
i.MXQXP MEK boards:- imx8qxp_mek_spl_defconfig
- imx8qxp_mek_spl_fspi_defconfig
- imx8qm_mek_spl_defconfig
- imx8qm_mek_spl_fspi_defconfigThe U-Boot proper and ATF are included in an additional container being
necessary a different procedure for signing the flash.bin image.Add a step-by-step guide covering the signing procedure.
Add a CSF example for the 3rd container.Signed-off-by: Breno Lima
Reviewed-by: Frank Zhang
Reviewed-by: Marius Grigoras
Reviewed-by: Utkarsh Gupta
(cherry picked from commit 04505024d38eebbb5f39133b502c8e450ca40215)
(cherry picked from commit b139f10ccec5c57164f7e07e33984c845ce58b60) -
Add AHAB secure boot step-by-step guide for i.MX8 and i.MX8x families
devices.Add 3 CSF example files:
- Example to sign flash.bin only using SRK keys.
- Example to sign flash.bin using a subordinate SGK key.
- Example to sign Linux image only using SRK keys.Signed-off-by: Clement Le Marquis
Reviewed-by: Frank Zhang
Reviewed-by: Marius Grigoras
Reviewed-by: Utkarsh Gupta
(cherry picked from commit 7c46caba3b528b0399242f99612e5b094b1a4703)
(cherry picked from commit 20016c156f4f4e618de9eff6f5b1fc6a1c871e2a) -
The AHAB is currently supported in i.MX8QXP and i.MX8QM devices.
Add an introductory document containing the following topics:
- AHAB Secure Boot Architecture
- System Control Unit (SCU) introduction
- Security Controller (SECO) introduction
- i.MX8/8x secure boot flow
- AHAB PKI tree generation
- SRK Table and SRK Hash generationSigned-off-by: Breno Lima
Reviewed-by: Frank Zhang
Reviewed-by: Marius Grigoras
Reviewed-by: Utkarsh Gupta
(cherry picked from commit 6e9ceb2526bd4a45c6ff669afb086cc3a0627e6b)
(cherry picked from commit d3534f1d0e9a0f777160a4a6732a30a2bb545733) -
Add HABv4 documentation for i.MX8M and i.MX8MM targets covering the
following topics:- How to sign an securely boot an flash.bin image.
- How to extend the root of trust for additional boot images.
- Add 2 CSF examples.Reviewed-by: Utkarsh Gupta
Signed-off-by: Breno Lima
(cherry picked from commit cc63be298a3e5f44e417f4098c124715917d09e1)
(cherry picked from commit ca9c6f091095d3bf09cac42c3eb4493490ac8912) -
Add useful documentation for encrypted boot:
- Add 2 CSF examples for encrypt and sign
- How to encrypt and sign a U-Boot binary on closed device
- Why and how increase the PRIBLOB bitfield from CAAM SCFGRSigned-off-by: Clement Le Marquis
(cherry picked from commit 3732dddfeddd989ca1fb930972f19303e3b67756)
(cherry picked from commit 9e7ccdd51a0754e728f2e27d282aaa3dbc8eec38) -
The csf_additional_images.txt example should match with
mx6_mx7_secure_boot.txt guide.Fix addresses provided in csf_additional_images.txt CSF
example.Reviewed-by: Ye Li
Signed-off-by: Breno Lima
(cherry picked from commit 17c3af7a1935a40057c01459766d41ff0a19723b)
(cherry picked from commit 270185b4c78f1139e965587ea2f0f290f9c4348c)
(cherry picked from commit c37d3b4b1f8ac0da5c09b5c2123bf7ec129b5849) -
When booting in low power or dual boot modes the M4 binary is
authenticated by the M4 ROM code.Add an option in hab_status command so users can retrieve M4 HAB
failure and warning events.=> hab_status m4
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!Add command documentation in mx6_mx7_secure_boot.txt guide.
As HAB M4 API cannot be called from A7 core the code is parsing
the M4 HAB persistent memory region. The HAB persistent memory
stores HAB events, public keys and others HAB related information.The HAB persistent memory region addresses and sizes can be found
in AN12263 "HABv4 RVT Guidelines and Recommendations".Reviewed-by: Utkarsh Gupta
Reviewed-by: Ye Li
Signed-off-by: Breno Lima
(cherry picked from commit 0efff16579fabcf57acb9c8857afac8fb58de355)
(cherry picked from commit 4815444f293d8021f8bd62079bd576e88cdef639)
(cherry picked from commit 2d95bff6e4c86af4a2cfc66ab40ccd693f746796)
23 Apr, 2020
1 commit
-
This patch aim at documenting USB related dt-bindings for the
Cadence USB controller.Signed-off-by: Sherry Sun
10 Apr, 2020
1 commit
-
Code sections should be syntax highlighted as bash.
Comment lines in code should start with a hash sign ('#') but code lines
should not.
Most commands can be executed as normal users. Prepend those commands
requiring elevated authorization with 'sudo'.
dd does not have a parameter cout.
sfdisk does not have a -C parameter on Debian Buster.
Provide the necessary input to sfdisk.
Creating a partition of length zero makes no sense.Signed-off-by: Heinrich Schuchardt
04 Apr, 2020
1 commit
-
1. Update build steps where mainline Trusted Firmware A is used.
2. Fix BL31_BASE to the proper one according to the SoC reference
manual.Signed-off-by: Igor Opaniuk
Reviewed-by: Bin Meng
31 Mar, 2020
1 commit
-
Some SoCs in the mpc83xx family, e.g. mpc8309, have a dedicated spi
chip select, SPISEL_BOOT, that is used by the boot code to boot from
flash.This chip select will typically be used to select a SPI boot
flash. The SPISEL_BOOT signal is controlled by a single bit in the
SPI_CS register.Implement a gpio driver for the spi chip select register. This allows a
spi driver capable of using gpios as chip select, to bind a chip select
to SPISEL_BOOT.It may be a little odd to do this as a GPIO driver, since the signal
is neither GP or I, but it is quite convenient to present it to the
spi driver that way. The alternative it to teach mpc8xxx_spi to handle
the SPISEL_BOOT signal itself (that is how it's done in the linux
kernel, see commit 69b921acae8a)Signed-off-by: Klaus H. Sorensen
Signed-off-by: Rasmus Villemoes
10 Mar, 2020
3 commits
-
U-Boot is having DT which doesn't cover all options currently supported by
driver. DT binding is aligned with Linux kernel version available here.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/devicetree/bindings/net/ti,dp83867.txt
Based on my talk with Grygorii Strashko better will be to remove it.Also Linux kernel bindings are being converted to yaml that's another
reason to do it only at one place.Signed-off-by: Michal Simek
Reviewed-by: Grygorii Strashko -
doc/README.drivers.eth seems like a good source for understanding
U-Boot's network subsystem, but is only talking about legacy network
drivers. This is particularly sad as proper documentation would help in
porting drivers over to the driver model.Rewrite the document to describe network drivers in the new driver model
world. Most driver callbacks/methods are almost identical in their
semantic, but recv() differs in some important details.Also keep some parts of the original text at the end, to help
understanding old drivers. Add some hints on how to port drivers over.This also uses the opportunity to reformat the document in reST, on the
way moving it into doc/driver-model and adding it into the structure
there.Signed-off-by: Andre Przywara
Reviewed-by: Simon Glass
Acked-by: Joe Hershberger
05 Mar, 2020
6 commits
-
The value for "Top of CAR region" should be fefc0000, not
fefc000. This matches the Kconfig default values, as
SYS_CAR_ADDR and SYS_CAR_SIZE are 0xfef00000 and 0xc0000
respectively.Signed-off-by: Wolfgang Wallner
Reviewed-by: Bin Meng -
Drop the Apollo Lake prefix 'apl' from the functions, types and
variables in the P2SB driver.The P2SB is not Apollo Lake specific, and as such it was moved in
commit 2999846c1127 ("x86: Move P2SB from Apollo Lake to a more generic
location") from the Apollo Lake folder to the intel_common folder.Signed-off-by: Wolfgang Wallner
Reviewed-by: Simon Glass
Reviewed-by: Bin Meng -
Convert README to reStructuredText format.
Signed-off-by: Igor Opaniuk
Reviewed-by: Oleksandr Suvorov
Reviewed-by: Bin Meng
Tested-by: Bin Meng -
Convert README to reStructuredText format.
Signed-off-by: Igor Opaniuk
Reviewed-by: Oleksandr Suvorov
Reviewed-by: Bin Meng
Tested-by: Bin Meng -
Convert README to reStructuredText format.
Signed-off-by: Igor Opaniuk
Reviewed-by: Oleksandr Suvorov
Reviewed-by: Bin Meng
Tested-by: Bin Meng
[bmeng: spell out U-Boot correctly]
Signed-off-by: Bin Meng -
- add initial index for toradex boards reST documentation
- add initial colibri_imx7.rst doc file which provides all needed
information for obtaining a workable image ready for flashing
for both eMMC/NAND versions of Colibri iMX7.Signed-off-by: Igor Opaniuk
Reviewed-by: Bin Meng
Reviewed-by: Oleksandr Suvorov
Tested-by: Bin Meng
[bmeng: make title underline the same length as the title itself]
Signed-off-by: Bin Meng
02 Mar, 2020
2 commits
-
- convert stm32mp1 board documentation to rst format
-
Change plain test README to rst format and move this file
in documentation directory.Signed-off-by: Patrick Delaunay
Tested-by: Heinrich Schuchardt
Reviewed-by: Patrice Chotard
29 Feb, 2020
1 commit
-
The load file 2 protocol can be used by the Linux kernel to load the initial
RAM disk. U-Boot can be configured to provide an implementation.Add a description to the UEFI overview and document the related functions
in the API section.Signed-off-by: Heinrich Schuchardt
25 Feb, 2020
2 commits
-
Several patches delivered incorrect restructured text as documentation. We
should be able to discover this in Travis CI, Gitlab CI, or Azure CI.So let us turn all build warnings into errors.
Signed-off-by: Heinrich Schuchardt
Reviewed-by: Bin Meng -
Update doc/sphinx/kerneldoc.py from Linux next-20200219 to avoid warnings
like:doc/sphinx/kerneldoc.py:125: RemovedInSphinx20Warning:
AutodocReporter is now deprecated. Use
sphinx.util.docutils.switch_source_input() instead.
self.state.memo.reporter =
AutodocReporter(result, self.state.memo.reporter)Signed-off-by: Heinrich Schuchardt
14 Feb, 2020
2 commits
-
- add DH Electronics DHCOM SoM and PDK2 board
- DT alignment with kernel v5.5-rc7 for stm32mp1 boards
- fix STM32 image format for big endian hosts in mkimage
- solve warnings in device tree and code for stm32mp1 boards
- remove fdt_high and initrd_high for stm32 and stih boards
- add support of STM32MP15x Rev.Z
- update stm32mp1 readme -
Fix the following DT dtc warnings for stm32mp1 boards:
Warning (unit_address_vs_reg): /soc/rcc@50000000/st,pll@0:
node has a unit name, but no reg property
Warning (unit_address_vs_reg): /soc/rcc@50000000/st,pll@1:
node has a unit name, but no reg property
Warning (unit_address_vs_reg): /soc/rcc@50000000/st,pll@2:
node has a unit name, but no reg property
Warning (unit_address_vs_reg): /soc/rcc@50000000/st,pll@3:
node has a unit name, but no reg propertySigned-off-by: Patrick Delaunay
Reviewed-by: Patrice Chotard