17 Jan, 2021
1 commit
-
Refine the dependency of some configs to make it
easier to add/modify android config files.Test: builds.
Change-Id: Iccb044dadc7ce1e0b839bf83e2e9157e718f286c
Signed-off-by: Ji Luo
(cherry picked from commit 86f4f99a367bbc0ef99d4ab2a0b4078babfbfbd2)
06 May, 2020
18 commits
-
Add the ARCH_MX8 in Kconfig for supporting iMX8QX in nandbcb
Signed-off-by: Han Xu
(cherry picked from commit a91c8b42b6d8385bbd09652a5e18e3c2286eb305) -
i.MX8/8x devices support CAAM manufacturing protection through SECO
APIs, SECO FW generates P-384 private key in every OEM closed boot.Add support for SECO enabled devices in mfgprot U-Boot command, the
following commands are available:=> mfgprot pubk
=> mfgprot signSigned-off-by: Breno Lima
(cherry picked from commit 1fdb9726fdc4642d0f24104ec2e4099d59569468) -
dependency of CMD_NANDBCB`s default value
compiling nandbcb of imx8mm-evk depends on NAND and CMD_MTDPARTS
modify dependency of CMD_NANDBCB`s default value
Signed-off-by: Alice Guo
(cherry picked from commit 1b14e8cbefdb0f8126ceb6a85b1fd0db142328e6) -
Add DEK encapsulation support for imx8. The DEK blob is generated by the
SECO through the SCFW API.Signed-off-by: Clement Faure
(cherry picked from commit b785e44ce2d042c51386dadb6ec6693344a16fc6) -
Add DEK blob encapsulation support for IMX8M through "dek_blob" command.
On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob
for encrypted boot.
The DEK blob is encapsulated by OP-TEE through a trusted application call.
U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE
dynamic shared memory.To enable the DEK blob encapsulation, add to the defconfig:
CONFIG_SECURE_BOOT=y
CONFIG_FAT_WRITE=y
CONFIG_CMD_DEKBLOB=ySigned-off-by: Clement Faure
Reviewed-by: Ye Li
(cherry picked from commit 7ffd25bddc89db30612f4e805d103c7d8dde5d95) -
Use trusty_os_init to load Trusty OS from CONFIG_TRUSTY_OS_ENTRY
before u-boot ready.Add Trusty OS SOC level codes and u-boot/SPL common codes.
Signed-off-by: Ye Li
Signed-off-by: Haoran.Wang
(cherry picked from commit 1ae9ecc73f5001b8bd743011c06a7d07861be64e)
(cherry picked from commit 6fa4f4a42fd90631f8dc8303b17f600c085d8595) -
Porting the FSL android fastboot features from imx u-boot v2018.03 to
support all SoCs: imx6/imx7/imx7ulp/imx8/imx8m.The UUU commands like UCmd and ACmd are also added. Users need set
CONFIG_FASTBOOT_UUU_SUPPORT=y to enable the feature.Signed-off-by: Frank Li
Signed-off-by: Ye Li
(cherry picked from commit 65120b06a7f750b9b1a6e0db3d2082cc7088d5a8)
(cherry picked from commit 9b149c2a28829fe7017f83981d634157bc31cc94) -
Add IMX_OPTEE Kconfig entry
Signed-off-by: Peng Fan
(cherry picked from commit 28b0bcbef4dadd33a273dd18a2274f3c679efb2d)
(cherry picked from commit bda0f36309e7752bf6c78d71473cc5cf7f8f58c1)
(cherry picked from commit d3188f62b659dda60128a67f8cdf2920108e004d)
(cherry picked from commit 8c1260dcd7adbd1225bd0b8e2bb9ee3971c76e36) -
Add ARCH_MX7ULP as a CONFIG_IMX_HAB dependency, so we can enable
IMX_HAB on mx7ulpSigned-off-by: Breno Lima
Reviewed-by: Ye Li
(cherry picked from commit d4c01cd3f6f5ba59ca17ebf52f610f629895ac7a)
(cherry picked from commit 4ba6e5aa05ec8872426aa68da3879e8fcd835710)
(cherry picked from commit 78e717c7e0897e759abdbe5bf28b46ae56d403ee) -
Debug monitor will print out last failed AXI access info when
system reboot is caused by AXI access failure, only works when
debug monitor is enabled.Enable this module on i.MX6SX.
Signed-off-by: Anson Huang
Signed-off-by: Ye.Li
(cherry picked from commit df6ac8531d498021ed379c74fc1847bd2cec7179)
Signed-off-by: Peng Fan
(cherry picked from commit 4f4ecdbf6fe2673b8ad117df1a4974bdb7e6aa4a)
(cherry picked from commit e1c98a672e50fd0405686b74dad50680a75a8a9f)
(cherry picked from commit 5265a3052505fae2a212af292412a62b20a16f97)
(cherry picked from commit 9939631045b77617572a74283dd637d5c476cd53) -
It is highly recommended to set the PRIBLOB bitfield to 0x3 once your
encrypted boot image has booted up, this prevents the generation of new
blobs that can be used to decrypt an encrypted boot image. The PRIBLOB is
a sticky type bit and cannot be changed until the next power on reset.Add the set_priblob_bitfield U-Boot command to prevent the generation of
new blobs.Signed-off-by: Clement Le Marquis
Acked-by: Ye Li
(cherry picked from commit 69cca568b85f36a77ef6ef31538f69366d238845)
(cherry picked from commit e8f813a6b66961759916e65b8c18ec43fd36a7c3) -
We use a glue layer to link the low level MU driver and virtual drivers.
This glue layer is named to virtual service (iMX VService). Virtual service
provides unified interfaces for setup connection with M4, get message buffer
and send/receive message, etc.Multiple virtual drivers (i2c, gpio, etc)
|
iMX Vservice
|
imx_mu_m4 driverFor each virtual device, by default, the Vservice uses the device node property
"fsl,vservice-mu" to specify the MU node handler. A override function is also provided,
so te ARCH level can define its rule. We will use the override function for dynamically
select MU on 8QM/QXP.Signed-off-by: Ye Li
(cherry picked from commit 7537b3c0fbe4e2c355bc4ff20613958bdd178bcd) -
Call the TRNG init function at the end of arch_cpu_init()
Concerned SoCs are: i.MX6, i.MX7 and i.MX8MSigned-off-by: Aymen Sghaier
(cherry picked from commit 996329904c0304a7bfbc6cda8287ab93de77870d)
(cherry picked from commit 5dd4441081f2af6f198a4d43eb1a3e543d986306) -
This code was originally developed by Raul Cardenas
and modified to be applied in U-Boot imx_v2017.03.More information about the initial submission can be seen
in the link below:
https://lists.denx.de/pipermail/u-boot/2016-February/245273.htmli.MX7D has an a protection feature for Manufacturing process.
This feature uses asymmetric encryption to sign and verify
authenticated software handled between parties. This command
enables the use of such feature.The private key is unique and generated once per device.
And it is stored in secure memory and only accessible by CAAM.
Therefore, the public key generation and signature functions
are the only functions available for the user.The manufacturing-protection authentication process can be used to
authenticate the chip to the OEM's server.Command usage:
Print the public key for the device.
- mfgprot pubkGenerates Signature over given data.
- mfgprot signSigned-off-by: Raul Ulises Cardenas
Signed-off-by: Breno Lima
Reviewed-by: Fabio Estevam
Reviewed-by: Ye Li
(cherry picked from commit db2dbf622d3c711b2fbd85e6814992e023479dad)
(cherry picked from commit 554b7cdcf47a49097cc5417cc6130e469d7ccc20) -
Since cmd_dek is using CAAM JR, so enable the CMD_DEK only when
HAS_CAAM is setSigned-off-by: Ye Li
(cherry picked from commit 8a552c8d98df953c13a0144972b8c16ed7684e92)
(cherry picked from commit dd3c14ba3f814610af05b07ec7cd47dcf0925a49) -
Add some SOC level codes and build configurations to use HAB lib for
CONFIG_IMX_HAB (secure boot), like adding the SEC_CONFIG fuse, enable
fuse driver, CAAM clock function, and add CAAM secure RAM to MMU table.The FSL_CAAM is temporally not enabled for iMX8M when CONFIG_IMX_HAB is set,
because we don't need the CAAM driver for SPL.Signed-off-by: Ye Li
Reviewed-by: Peng Fan
(cherry picked from commit a0cba5678b10827bc4b5e4fb2e40945a5c332baa)
(cherry picked from commit 330a3108e3806fc2b9fa500f84ebfb4feb821c6d)
(cherry picked from commit bec1d873ca68d7aa3b4355c490ac085b4ef4f7a5) -
Signed-off-by: Ye Li
(cherry picked from commit c8c5c3469f6ffa4789ae9e10c4a97c232657493c)
(cherry picked from commit ef9c92deaf636e044d61cf1f3cc4d9d1fa2de501) -
1. Implement bootaux for the M4 boot on i.MX8QM and QXP. Users need to download
M4 image to any DDR address first. Then use the
"bootaux [M4 core id]" to boot CM4_0
or CM4_1, the default core id is 0 for CM4_0.Since current M4 only supports running in TCM. The bootaux will copy
the M4 image from DDR to its TCML.2. Implment bootaux for HIFI on QXP
command: bootaux 0x81000000 1Signed-off-by: Peng Fan
Signed-off-by: Ye Li
(cherry picked from commit 778606204b84ce6646fe58d752e2abda67600cf2)
(cherry picked from commit e4a3fcc6fd357502d61687659b9cd7d2808b3fd4)
08 Jan, 2020
1 commit
-
i.MX8MP ROM support ROMAPI as i.MX8MN, so make
SPL_IMX_ROMAPI_LOADADDR visible to i.MX8MPSigned-off-by: Peng Fan
27 Dec, 2019
1 commit
-
IMX based platforms can have the DCD table located on different
addresses due to differences in their memory maps (ie iMX7ULP).This information is required by the user to sign the images for secure
boot so continue making it accessible via mkimage.Signed-off-by: Jorge Ramirez-Ortiz
Reviewed-by: Fabio Estevam
Signed-off-by: Stefano Babic
04 Dec, 2019
1 commit
-
Add more clarity by changing the Kconfig entry name.
Signed-off-by: Miquel Raynal
[trini: Re-run migration, update a few more cases]
Signed-off-by: Tom Rini
Reviewed-by: Boris Brezillon
05 Nov, 2019
1 commit
-
i.MX8MN support loading images with rom api, so we implement
reuse board_return_to_bootrom to let ROM loading images.Signed-off-by: Peng Fan
04 Nov, 2019
2 commits
-
Add support for updating FCB/DBBT on i.MX7:
- additional new fields in FCB structure
- Leverage hardware BCH/randomizer for writing FCBSigned-off-by: Igor Opaniuk
Tested-by: Max Krummenacher
Reviewed-by: Oleksandr Suvorov -
Firmware Configuration Block(FCB) for imx6ul(l) needs to be
BCH encoded.Signed-off-by: Parthiban Nallathambi
Acked-by: Shyam Saini
Acked-by: Peng Fan
08 Oct, 2019
3 commits
-
CONFIG_SECURE_BOOT is too generic and forbids to use it for cross
architecture purposes. If Secure Boot is required for imx, this means to
enable and use the HAB processor in the soc.Signed-off-by: Stefano Babic
-
The default CSF_SIZE defined in Kconfig is too high and SPL cannot
fit into the OCRAM in certain cases.The CSF cannot achieve 0x2000 length when using RSA 4K key which is
the largest key size supported by HABv4.According to AN12056 "Encrypted Boot on HABv4 and CAAM Enabled Devices"
it's recommended to pad CSF binary to 0x2000 and append DEK blob to
deploy encrypted boot images.As the maximum DEK blob size is 0x58 we can reduce CSF_SIZE to 0x2060
which should cover both CSF and DEK blob length.Update default_image.c and image.c to align with this change and avoid
a U-Boot proper authentication failure in HAB closed devices:Authenticate image from DDR location 0x877fffc0...
bad magic magic=0x32 length=0x6131 version=0x38
bad length magic=0x32 length=0x6131 version=0x38
bad version magic=0x32 length=0x6131 version=0x38
spl: ERROR: image authentication failFixes: 96d27fb218 (Revert "habv4: tools: Avoid hardcoded CSF size for SPL targets")
Reported-by: Jagan Teki
Signed-off-by: Breno Lima -
Move CONFIG_CSF_SIZE to Kconfig and define default value as 0x4000.
mx8mqevk requires 0x2000 add this configuration in imx8mq_evk_defconfig
file.Signed-off-by: Breno Lima
Reviewed-by: Fabio Estevam
19 Jul, 2019
1 commit
-
Writing/updating boot image in nand device is not
straight forward in i.MX6 platform and it requires
boot control block(BCB) to be configured.It becomes difficult to use uboot 'nand' command to
write BCB since it requires platform specific attributes
need to be taken care of.It is even difficult to use existing msx-nand.c driver by
incorporating BCB attributes like mxs_dma_desc does
because it requires change in mtd and nand command.So, cmd_nandbcb implemented in arch/arm/mach-imx
BCB contains two data structures, Firmware Configuration Block(FCB)
and Discovered Bad Block Table(DBBT). FCB has nand timings,
DBBT search area, page address of firmware.On summary, nandbcb update will
- erase the entire partition
- create BCB by creating 2 FCB/DBBT block followed by
1 FW block based on partition size and erasesize.
- fill FCB/DBBT structures
- write FW/SPL on FW1
- write FCB/DBBT in first 2 blocksfor nand boot, up on reset bootrom look for FCB structure in
first block's if FCB found the nand timings are loaded for
further reads. once FCB read done, DTTB will load and finally
firmware will be loaded which is boot image.Refer section "NAND Boot" from doc/imx/common/imx6.txt for more usage
information.Reviewed-by: Stefano Babic
Signed-off-by: Jagan Teki
Signed-off-by: Sergey Kubushyn
Signed-off-by: Shyam Saini
11 Jun, 2019
1 commit
-
Add common plugin codes to call ROM's hwcnfg_setup and generate IVT2
header.Signed-off-by: Ye Li
Signed-off-by: Peng Fan
14 Apr, 2019
1 commit
-
Allow using bootaux also on VF610 aka Vybrid.
Signed-off-by: Marcel Ziswiler
Reviewed-by: Igor Opaniuk
15 Feb, 2019
1 commit
-
This patch provides the code to calibrate the DDR's
DQS to DQ signals (RDLVL).It is based on:
VFxxx Controller Reference Manual, Rev. 0, 10/2016, page 1600
10.1.6.16.4.1 "Software Read Leveling in MC Evaluation Mode"and NXP's community thread:
"Vybrid: About DDR leveling feature on DDRMC."
https://community.nxp.com/thread/395323Signed-off-by: Lukasz Majewski
23 Jul, 2018
1 commit
-
i.MX7 does not support BMODE due to the erratum e10574 ("Watchdog:
A watchdog timeout or software trigger will not reset the SOC"), so
remove its support.Signed-off-by: Fabio Estevam
09 Jan, 2018
2 commits
-
Introduce a new config symbol to select the i.MX
General Purpose Timer (GPT).Signed-off-by: Stefan Agner
Reviewed-by: Fabio Estevam -
Signed-off-by: Stefan Agner
Reviewed-by: Fabio Estevam
29 Dec, 2017
2 commits
-
Currently CONFIG_SECURE_BOOT is selecting FSL_CAAM for all i.MX devices,
this causes the following error when building mx6sl boards since
this SoC doesn't have the CAAM block:In file included from drivers/crypto/fsl/jobdesc.c:12:0:
drivers/crypto/fsl/jobdesc.c: In function 'inline_cnstr_jobdesc_blob_dek':
include/fsl_sec.h:268:25: error: 'CAAM_ARB_BASE_ADDR' undeclared (first use
in this function)
#define SEC_MEM_PAGE1 (CAAM_ARB_BASE_ADDR + 0x1000)
^
drivers/crypto/fsl/jobdesc.c:140:21: note: in expansion of macro 'SEC_MEM_PAGE1'
memcpy((uint32_t *)SEC_MEM_PAGE1, (uint32_t *)plain_txt, in_sz);
^
include/fsl_sec.h:268:25: note: each undeclared identifier is reported only
once for each function it appears in
#define SEC_MEM_PAGE1 (CAAM_ARB_BASE_ADDR + 0x1000)
^
drivers/crypto/fsl/jobdesc.c:140:21: note: in expansion of macro 'SEC_MEM_PAGE1'
memcpy((uint32_t *)SEC_MEM_PAGE1, (uint32_t *)plain_txt, in_sz);
^
scripts/Makefile.build:280: recipe for target 'drivers/crypto/fsl/jobdesc.o'
failed
make[3]: *** [drivers/crypto/fsl/jobdesc.o] Error 1
scripts/Makefile.build:425: recipe for target 'drivers/crypto/fsl' failed
make[2]: *** [drivers/crypto/fsl] Error 2
scripts/Makefile.build:425: recipe for target 'drivers/crypto' failed
make[1]: *** [drivers/crypto] Error 2Add HAS_CAAM configuration to avoid this error.
Signed-off-by: Breno Lima
Reviewed-by: Fabio Estevam -
NXP development boards based on i.MX6/i.MX7 contain the board
revision information stored in the fuses.Introduce a common function that can be shared by different boards and
convert mx6sabreauto to use this new mechanism.Signed-off-by: Fabio Estevam
12 Jul, 2017
1 commit
-
Change is consistent with other SOCs and it is in preparation
for adding SOMs. SOC's related files are moved from cpu/ to
mach-imx/.This change is also coherent with the structure in kernel.
Signed-off-by: Stefano Babic
CC: Fabio Estevam
CC: Akshay Bhat
CC: Ken Lin
CC: Marek Vasut
CC: Heiko Schocher
CC: "Sébastien Szymanski"
CC: Christian Gmeiner
CC: Stefan Roese
CC: Patrick Bruenn
CC: Troy Kisky
CC: Nikita Kiryanov
CC: Otavio Salvador
CC: "Eric Bénard"
CC: Jagan Teki
CC: Ye Li
CC: Peng Fan
CC: Adrian Alonso
CC: Alison Wang
CC: Tim Harvey
CC: Martin Donnelly
CC: Marcin Niestroj
CC: Lukasz Majewski
CC: Adam Ford
CC: "Albert ARIBAUD (3ADEV)"
CC: Boris Brezillon
CC: Soeren Moch
CC: Richard Hu
CC: Wig Cheng
CC: Vanessa Maegima
CC: Max Krummenacher
CC: Stefan Agner
CC: Markus Niebel
CC: Breno Lima
CC: Francesco Montefoschi
CC: Jaehoon Chung
CC: Scott Wood
CC: Joe Hershberger
CC: Anatolij Gustschin
CC: Simon Glass
CC: "Andrew F. Davis"
CC: "Łukasz Majewski"
CC: Patrice Chotard
CC: Nobuhiro Iwamatsu
CC: Hans de Goede
CC: Masahiro Yamada
CC: Stephen Warren
CC: Andre Przywara
CC: "Álvaro Fernández Rojas"
CC: York Sun
CC: Xiaoliang Yang
CC: Chen-Yu Tsai
CC: George McCollister
CC: Sven Ebenfeld
CC: Filip Brozovic
CC: Petr Kulhavy
CC: Eric Nelson
CC: Bai Ping
CC: Anson Huang
CC: Sanchayan Maity
CC: Lokesh Vutla
CC: Patrick Delaunay
CC: Gary Bisson
CC: Alexander Graf
CC: u-boot@lists.denx.de
Reviewed-by: Fabio Estevam
Reviewed-by: Christian Gmeiner