17 Jan, 2021

1 commit

  • Refine the dependency of some configs to make it
    easier to add/modify android config files.

    Test: builds.

    Change-Id: Iccb044dadc7ce1e0b839bf83e2e9157e718f286c
    Signed-off-by: Ji Luo
    (cherry picked from commit 86f4f99a367bbc0ef99d4ab2a0b4078babfbfbd2)

    Ji Luo
     

06 May, 2020

18 commits

  • Add the ARCH_MX8 in Kconfig for supporting iMX8QX in nandbcb

    Signed-off-by: Han Xu
    (cherry picked from commit a91c8b42b6d8385bbd09652a5e18e3c2286eb305)

    Han Xu
     
  • i.MX8/8x devices support CAAM manufacturing protection through SECO
    APIs, SECO FW generates P-384 private key in every OEM closed boot.

    Add support for SECO enabled devices in mfgprot U-Boot command, the
    following commands are available:

    => mfgprot pubk
    => mfgprot sign

    Signed-off-by: Breno Lima
    (cherry picked from commit 1fdb9726fdc4642d0f24104ec2e4099d59569468)

    Breno Lima
     
  • dependency of CMD_NANDBCB`s default value

    compiling nandbcb of imx8mm-evk depends on NAND and CMD_MTDPARTS

    modify dependency of CMD_NANDBCB`s default value

    Signed-off-by: Alice Guo
    (cherry picked from commit 1b14e8cbefdb0f8126ceb6a85b1fd0db142328e6)

    Alice Guo
     
  • Add DEK encapsulation support for imx8. The DEK blob is generated by the
    SECO through the SCFW API.

    Signed-off-by: Clement Faure
    (cherry picked from commit b785e44ce2d042c51386dadb6ec6693344a16fc6)

    Clement Faure
     
  • Add DEK blob encapsulation support for IMX8M through "dek_blob" command.
    On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob
    for encrypted boot.
    The DEK blob is encapsulated by OP-TEE through a trusted application call.
    U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE
    dynamic shared memory.

    To enable the DEK blob encapsulation, add to the defconfig:
    CONFIG_SECURE_BOOT=y
    CONFIG_FAT_WRITE=y
    CONFIG_CMD_DEKBLOB=y

    Signed-off-by: Clement Faure
    Reviewed-by: Ye Li
    (cherry picked from commit 7ffd25bddc89db30612f4e805d103c7d8dde5d95)

    Clement Faure
     
  • Use trusty_os_init to load Trusty OS from CONFIG_TRUSTY_OS_ENTRY
    before u-boot ready.

    Add Trusty OS SOC level codes and u-boot/SPL common codes.

    Signed-off-by: Ye Li
    Signed-off-by: Haoran.Wang
    (cherry picked from commit 1ae9ecc73f5001b8bd743011c06a7d07861be64e)
    (cherry picked from commit 6fa4f4a42fd90631f8dc8303b17f600c085d8595)

    Ye Li
     
  • Porting the FSL android fastboot features from imx u-boot v2018.03 to
    support all SoCs: imx6/imx7/imx7ulp/imx8/imx8m.

    The UUU commands like UCmd and ACmd are also added. Users need set
    CONFIG_FASTBOOT_UUU_SUPPORT=y to enable the feature.

    Signed-off-by: Frank Li
    Signed-off-by: Ye Li
    (cherry picked from commit 65120b06a7f750b9b1a6e0db3d2082cc7088d5a8)
    (cherry picked from commit 9b149c2a28829fe7017f83981d634157bc31cc94)

    Ye Li
     
  • Add IMX_OPTEE Kconfig entry

    Signed-off-by: Peng Fan
    (cherry picked from commit 28b0bcbef4dadd33a273dd18a2274f3c679efb2d)
    (cherry picked from commit bda0f36309e7752bf6c78d71473cc5cf7f8f58c1)
    (cherry picked from commit d3188f62b659dda60128a67f8cdf2920108e004d)
    (cherry picked from commit 8c1260dcd7adbd1225bd0b8e2bb9ee3971c76e36)

    Peng Fan
     
  • Add ARCH_MX7ULP as a CONFIG_IMX_HAB dependency, so we can enable
    IMX_HAB on mx7ulp

    Signed-off-by: Breno Lima
    Reviewed-by: Ye Li
    (cherry picked from commit d4c01cd3f6f5ba59ca17ebf52f610f629895ac7a)
    (cherry picked from commit 4ba6e5aa05ec8872426aa68da3879e8fcd835710)
    (cherry picked from commit 78e717c7e0897e759abdbe5bf28b46ae56d403ee)

    Breno Lima
     
  • Debug monitor will print out last failed AXI access info when
    system reboot is caused by AXI access failure, only works when
    debug monitor is enabled.

    Enable this module on i.MX6SX.

    Signed-off-by: Anson Huang
    Signed-off-by: Ye.Li
    (cherry picked from commit df6ac8531d498021ed379c74fc1847bd2cec7179)
    Signed-off-by: Peng Fan
    (cherry picked from commit 4f4ecdbf6fe2673b8ad117df1a4974bdb7e6aa4a)
    (cherry picked from commit e1c98a672e50fd0405686b74dad50680a75a8a9f)
    (cherry picked from commit 5265a3052505fae2a212af292412a62b20a16f97)
    (cherry picked from commit 9939631045b77617572a74283dd637d5c476cd53)

    Ye.Li
     
  • It is highly recommended to set the PRIBLOB bitfield to 0x3 once your
    encrypted boot image has booted up, this prevents the generation of new
    blobs that can be used to decrypt an encrypted boot image. The PRIBLOB is
    a sticky type bit and cannot be changed until the next power on reset.

    Add the set_priblob_bitfield U-Boot command to prevent the generation of
    new blobs.

    Signed-off-by: Clement Le Marquis
    Acked-by: Ye Li
    (cherry picked from commit 69cca568b85f36a77ef6ef31538f69366d238845)
    (cherry picked from commit e8f813a6b66961759916e65b8c18ec43fd36a7c3)

    Clement Le Marquis
     
  • We use a glue layer to link the low level MU driver and virtual drivers.
    This glue layer is named to virtual service (iMX VService). Virtual service
    provides unified interfaces for setup connection with M4, get message buffer
    and send/receive message, etc.

    Multiple virtual drivers (i2c, gpio, etc)
    |
    iMX Vservice
    |
    imx_mu_m4 driver

    For each virtual device, by default, the Vservice uses the device node property
    "fsl,vservice-mu" to specify the MU node handler. A override function is also provided,
    so te ARCH level can define its rule. We will use the override function for dynamically
    select MU on 8QM/QXP.

    Signed-off-by: Ye Li
    (cherry picked from commit 7537b3c0fbe4e2c355bc4ff20613958bdd178bcd)

    Ye Li
     
  • Call the TRNG init function at the end of arch_cpu_init()
    Concerned SoCs are: i.MX6, i.MX7 and i.MX8M

    Signed-off-by: Aymen Sghaier
    (cherry picked from commit 996329904c0304a7bfbc6cda8287ab93de77870d)
    (cherry picked from commit 5dd4441081f2af6f198a4d43eb1a3e543d986306)

    Aymen Sghaier
     
  • This code was originally developed by Raul Cardenas
    and modified to be applied in U-Boot imx_v2017.03.

    More information about the initial submission can be seen
    in the link below:
    https://lists.denx.de/pipermail/u-boot/2016-February/245273.html

    i.MX7D has an a protection feature for Manufacturing process.
    This feature uses asymmetric encryption to sign and verify
    authenticated software handled between parties. This command
    enables the use of such feature.

    The private key is unique and generated once per device.
    And it is stored in secure memory and only accessible by CAAM.
    Therefore, the public key generation and signature functions
    are the only functions available for the user.

    The manufacturing-protection authentication process can be used to
    authenticate the chip to the OEM's server.

    Command usage:

    Print the public key for the device.
    - mfgprot pubk

    Generates Signature over given data.
    - mfgprot sign

    Signed-off-by: Raul Ulises Cardenas
    Signed-off-by: Breno Lima
    Reviewed-by: Fabio Estevam
    Reviewed-by: Ye Li
    (cherry picked from commit db2dbf622d3c711b2fbd85e6814992e023479dad)
    (cherry picked from commit 554b7cdcf47a49097cc5417cc6130e469d7ccc20)

    Breno Lima
     
  • Since cmd_dek is using CAAM JR, so enable the CMD_DEK only when
    HAS_CAAM is set

    Signed-off-by: Ye Li
    (cherry picked from commit 8a552c8d98df953c13a0144972b8c16ed7684e92)
    (cherry picked from commit dd3c14ba3f814610af05b07ec7cd47dcf0925a49)

    Ye Li
     
  • Add some SOC level codes and build configurations to use HAB lib for
    CONFIG_IMX_HAB (secure boot), like adding the SEC_CONFIG fuse, enable
    fuse driver, CAAM clock function, and add CAAM secure RAM to MMU table.

    The FSL_CAAM is temporally not enabled for iMX8M when CONFIG_IMX_HAB is set,
    because we don't need the CAAM driver for SPL.

    Signed-off-by: Ye Li
    Reviewed-by: Peng Fan
    (cherry picked from commit a0cba5678b10827bc4b5e4fb2e40945a5c332baa)
    (cherry picked from commit 330a3108e3806fc2b9fa500f84ebfb4feb821c6d)
    (cherry picked from commit bec1d873ca68d7aa3b4355c490ac085b4ef4f7a5)

    Ye Li
     
  • Signed-off-by: Ye Li
    (cherry picked from commit c8c5c3469f6ffa4789ae9e10c4a97c232657493c)
    (cherry picked from commit ef9c92deaf636e044d61cf1f3cc4d9d1fa2de501)

    Ye Li
     
  • 1. Implement bootaux for the M4 boot on i.MX8QM and QXP. Users need to download
    M4 image to any DDR address first. Then use the
    "bootaux [M4 core id]" to boot CM4_0
    or CM4_1, the default core id is 0 for CM4_0.

    Since current M4 only supports running in TCM. The bootaux will copy
    the M4 image from DDR to its TCML.

    2. Implment bootaux for HIFI on QXP
    command: bootaux 0x81000000 1

    Signed-off-by: Peng Fan
    Signed-off-by: Ye Li
    (cherry picked from commit 778606204b84ce6646fe58d752e2abda67600cf2)
    (cherry picked from commit e4a3fcc6fd357502d61687659b9cd7d2808b3fd4)

    Ye Li
     

08 Jan, 2020

1 commit


27 Dec, 2019

1 commit

  • IMX based platforms can have the DCD table located on different
    addresses due to differences in their memory maps (ie iMX7ULP).

    This information is required by the user to sign the images for secure
    boot so continue making it accessible via mkimage.

    Signed-off-by: Jorge Ramirez-Ortiz
    Reviewed-by: Fabio Estevam
    Signed-off-by: Stefano Babic

    Jorge Ramirez-Ortiz
     

04 Dec, 2019

1 commit


05 Nov, 2019

1 commit


04 Nov, 2019

2 commits


08 Oct, 2019

3 commits

  • CONFIG_SECURE_BOOT is too generic and forbids to use it for cross
    architecture purposes. If Secure Boot is required for imx, this means to
    enable and use the HAB processor in the soc.

    Signed-off-by: Stefano Babic

    Stefano Babic
     
  • The default CSF_SIZE defined in Kconfig is too high and SPL cannot
    fit into the OCRAM in certain cases.

    The CSF cannot achieve 0x2000 length when using RSA 4K key which is
    the largest key size supported by HABv4.

    According to AN12056 "Encrypted Boot on HABv4 and CAAM Enabled Devices"
    it's recommended to pad CSF binary to 0x2000 and append DEK blob to
    deploy encrypted boot images.

    As the maximum DEK blob size is 0x58 we can reduce CSF_SIZE to 0x2060
    which should cover both CSF and DEK blob length.

    Update default_image.c and image.c to align with this change and avoid
    a U-Boot proper authentication failure in HAB closed devices:

    Authenticate image from DDR location 0x877fffc0...
    bad magic magic=0x32 length=0x6131 version=0x38
    bad length magic=0x32 length=0x6131 version=0x38
    bad version magic=0x32 length=0x6131 version=0x38
    spl: ERROR: image authentication fail

    Fixes: 96d27fb218 (Revert "habv4: tools: Avoid hardcoded CSF size for SPL targets")

    Reported-by: Jagan Teki
    Signed-off-by: Breno Lima

    Breno Matheus Lima
     
  • Move CONFIG_CSF_SIZE to Kconfig and define default value as 0x4000.

    mx8mqevk requires 0x2000 add this configuration in imx8mq_evk_defconfig
    file.

    Signed-off-by: Breno Lima
    Reviewed-by: Fabio Estevam

    Breno Matheus Lima
     

19 Jul, 2019

1 commit

  • Writing/updating boot image in nand device is not
    straight forward in i.MX6 platform and it requires
    boot control block(BCB) to be configured.

    It becomes difficult to use uboot 'nand' command to
    write BCB since it requires platform specific attributes
    need to be taken care of.

    It is even difficult to use existing msx-nand.c driver by
    incorporating BCB attributes like mxs_dma_desc does
    because it requires change in mtd and nand command.

    So, cmd_nandbcb implemented in arch/arm/mach-imx

    BCB contains two data structures, Firmware Configuration Block(FCB)
    and Discovered Bad Block Table(DBBT). FCB has nand timings,
    DBBT search area, page address of firmware.

    On summary, nandbcb update will
    - erase the entire partition
    - create BCB by creating 2 FCB/DBBT block followed by
    1 FW block based on partition size and erasesize.
    - fill FCB/DBBT structures
    - write FW/SPL on FW1
    - write FCB/DBBT in first 2 blocks

    for nand boot, up on reset bootrom look for FCB structure in
    first block's if FCB found the nand timings are loaded for
    further reads. once FCB read done, DTTB will load and finally
    firmware will be loaded which is boot image.

    Refer section "NAND Boot" from doc/imx/common/imx6.txt for more usage
    information.

    Reviewed-by: Stefano Babic
    Signed-off-by: Jagan Teki
    Signed-off-by: Sergey Kubushyn
    Signed-off-by: Shyam Saini

    Shyam Saini
     

11 Jun, 2019

1 commit


14 Apr, 2019

1 commit


15 Feb, 2019

1 commit

  • This patch provides the code to calibrate the DDR's
    DQS to DQ signals (RDLVL).

    It is based on:
    VFxxx Controller Reference Manual, Rev. 0, 10/2016, page 1600
    10.1.6.16.4.1 "Software Read Leveling in MC Evaluation Mode"

    and NXP's community thread:
    "Vybrid: About DDR leveling feature on DDRMC."
    https://community.nxp.com/thread/395323

    Signed-off-by: Lukasz Majewski

    Lukasz Majewski
     

23 Jul, 2018

1 commit


09 Jan, 2018

2 commits


29 Dec, 2017

2 commits

  • Currently CONFIG_SECURE_BOOT is selecting FSL_CAAM for all i.MX devices,
    this causes the following error when building mx6sl boards since
    this SoC doesn't have the CAAM block:

    In file included from drivers/crypto/fsl/jobdesc.c:12:0:
    drivers/crypto/fsl/jobdesc.c: In function 'inline_cnstr_jobdesc_blob_dek':
    include/fsl_sec.h:268:25: error: 'CAAM_ARB_BASE_ADDR' undeclared (first use
    in this function)
    #define SEC_MEM_PAGE1 (CAAM_ARB_BASE_ADDR + 0x1000)
    ^
    drivers/crypto/fsl/jobdesc.c:140:21: note: in expansion of macro 'SEC_MEM_PAGE1'
    memcpy((uint32_t *)SEC_MEM_PAGE1, (uint32_t *)plain_txt, in_sz);
    ^
    include/fsl_sec.h:268:25: note: each undeclared identifier is reported only
    once for each function it appears in
    #define SEC_MEM_PAGE1 (CAAM_ARB_BASE_ADDR + 0x1000)
    ^
    drivers/crypto/fsl/jobdesc.c:140:21: note: in expansion of macro 'SEC_MEM_PAGE1'
    memcpy((uint32_t *)SEC_MEM_PAGE1, (uint32_t *)plain_txt, in_sz);
    ^
    scripts/Makefile.build:280: recipe for target 'drivers/crypto/fsl/jobdesc.o'
    failed
    make[3]: *** [drivers/crypto/fsl/jobdesc.o] Error 1
    scripts/Makefile.build:425: recipe for target 'drivers/crypto/fsl' failed
    make[2]: *** [drivers/crypto/fsl] Error 2
    scripts/Makefile.build:425: recipe for target 'drivers/crypto' failed
    make[1]: *** [drivers/crypto] Error 2

    Add HAS_CAAM configuration to avoid this error.

    Signed-off-by: Breno Lima
    Reviewed-by: Fabio Estevam

    Breno Lima
     
  • NXP development boards based on i.MX6/i.MX7 contain the board
    revision information stored in the fuses.

    Introduce a common function that can be shared by different boards and
    convert mx6sabreauto to use this new mechanism.

    Signed-off-by: Fabio Estevam

    Fabio Estevam
     

12 Jul, 2017

1 commit

  • Change is consistent with other SOCs and it is in preparation
    for adding SOMs. SOC's related files are moved from cpu/ to
    mach-imx/.

    This change is also coherent with the structure in kernel.

    Signed-off-by: Stefano Babic

    CC: Fabio Estevam
    CC: Akshay Bhat
    CC: Ken Lin
    CC: Marek Vasut
    CC: Heiko Schocher
    CC: "Sébastien Szymanski"
    CC: Christian Gmeiner
    CC: Stefan Roese
    CC: Patrick Bruenn
    CC: Troy Kisky
    CC: Nikita Kiryanov
    CC: Otavio Salvador
    CC: "Eric Bénard"
    CC: Jagan Teki
    CC: Ye Li
    CC: Peng Fan
    CC: Adrian Alonso
    CC: Alison Wang
    CC: Tim Harvey
    CC: Martin Donnelly
    CC: Marcin Niestroj
    CC: Lukasz Majewski
    CC: Adam Ford
    CC: "Albert ARIBAUD (3ADEV)"
    CC: Boris Brezillon
    CC: Soeren Moch
    CC: Richard Hu
    CC: Wig Cheng
    CC: Vanessa Maegima
    CC: Max Krummenacher
    CC: Stefan Agner
    CC: Markus Niebel
    CC: Breno Lima
    CC: Francesco Montefoschi
    CC: Jaehoon Chung
    CC: Scott Wood
    CC: Joe Hershberger
    CC: Anatolij Gustschin
    CC: Simon Glass
    CC: "Andrew F. Davis"
    CC: "Łukasz Majewski"
    CC: Patrice Chotard
    CC: Nobuhiro Iwamatsu
    CC: Hans de Goede
    CC: Masahiro Yamada
    CC: Stephen Warren
    CC: Andre Przywara
    CC: "Álvaro Fernández Rojas"
    CC: York Sun
    CC: Xiaoliang Yang
    CC: Chen-Yu Tsai
    CC: George McCollister
    CC: Sven Ebenfeld
    CC: Filip Brozovic
    CC: Petr Kulhavy
    CC: Eric Nelson
    CC: Bai Ping
    CC: Anson Huang
    CC: Sanchayan Maity
    CC: Lokesh Vutla
    CC: Patrick Delaunay
    CC: Gary Bisson
    CC: Alexander Graf
    CC: u-boot@lists.denx.de
    Reviewed-by: Fabio Estevam
    Reviewed-by: Christian Gmeiner

    Stefano Babic