26 Nov, 2018
2 commits
-
The HABv4 secure boot procedure is now documented in different files:
.
└── habv4
├── csf_examples
│ ├── additional_images
│ │ └── csf_additional_images.txt
│ ├── mx6_mx7
│ │ ├── csf_uboot_fast_authentication.txt
│ │ └── csf_uboot.txt
│ └── mx8m_mx8mm
│ ├── csf_fit.txt
│ └── csf_spl.txt
├── guides
│ ├── mx6_mx7_secure_boot.txt
│ ├── mx8m_mx8mm_secure_boot.pdf
│ └── mx8m_mx8mm_secure_boot.txt
├── introduction_habv4.txt
└── script_examples
└── genIVT.plThe old documentation secure_boot.txt can be removed.
Reviewed-by: Utkarsh Gupta
Signed-off-by: Breno Lima -
Add HABv4 documentation for i.MX8M and i.MX8MM targets covering the
following topics:- How to sign an securely boot an flash.bin image.
- How to extend the root of trust for additional boot images.
- Add 2 CSF examples.Reviewed-by: Utkarsh Gupta
Signed-off-by: Breno Lima
23 Nov, 2018
3 commits
-
Need loadimage before execute mmcboot.
Signed-off-by: Peng Fan
Reviewed-by: Ye Li -
for 8qxp_mek and 8qm_mek platforms, container is used instead of FIT,
SPL now will load container, not FIT.
This modification can minish the size of u-boot image.Change-Id: Id7e3e62bf95db5941264c3370a3e092e9b77a42f
Signed-off-by: faqiang.zhu -
When booting SPL from SD/MMC, the codes load and parse container image
first, if its authentication is failed, the flow continues to load and parse
for FIT image and cause crash in SPL.The correct way should stop the booting if authentication is failed, avoid
trying the FIT image since FIT does not support AHAB on 8QM/QXP.Signed-off-by: Ye Li
Reviewed-by: Peng Fan
22 Nov, 2018
4 commits
-
When OP-TEE is enabled a share memory is created between Linux and OP-TEE.
On i.MX 8QM with the use of the SC subsystem, this creates a new chunk of
memory.
Add a new DRAM BANK, so that u-boot is able to capture correctly all
the chunks of memory in meminfo.Signed-off-by: Silvano di Ninno
-
When OP-TEE is enabled a share memory is created
between Linux and OP-TEE. on QxP with the use of the SC
subsystem, this creates a new chunk of memory.
Add a new DRAM BANK, so that u-boot is able to capture
correctly all the chunks of memory in meminfo.Signed-off-by: Silvano di Ninno
-
If OP-TEE is loaded by ATF, u-boot will add
optee device tree node in th edtb so that
Linux can loads OP-TEE driver.Signed-off-by: Silvano di Ninno
-
u-boot currently needs information from ATF to know if
OP-TEE os has been loaded.
this information is transmitted via bootargs.
this patch enables saving those bootargs into a structure.Signed-off-by: Silvano di Ninno
21 Nov, 2018
5 commits
-
Too many macros are used in fsl_avbkey.c and
make it difficult to maintain.
This patch made some refine by:
1. Move all avb/atx operations to fsl_avb.c.
2. Refine the functions logic.
3. Drop some unsupported conditions/functions.Test: build and boot on
imx8qm_mek/imx8mq_evk/imx6qp_sabresd/imx7d_pico/imx8m_aiy.Change-Id: I5c99732acfc47d53cdf188d69223983777e577f4
Signed-off-by: Luo Ji -
To enable SPL+CONTAINER format on android auto with tee, after SPL load
container, SPL need to check rpmb keyblob and copy it to secure memory
for latter use.Change-Id: I40a791d5b5b1eba6a0170d6853626fb546be4b2c
Signed-off-by: faqiang.zhu -
Fix typo "ONFIG_CMD_FLASH=y" in defconfig, correct it to
CONFIG_CMD_FLASH=ySigned-off-by: Ye Li
-
The CONFIG_MMC_ENV_DEV binds with CONFIG_ENV_IS_IN_MMC on mx6sabreauto.
When booting from other boot devices like EIMNOR, SPINOR, they need to
load kernel from SD, if the configuration is not set, the loading will fail.Signed-off-by: Ye Li
-
Pass "androidboot.keystore=trusty" for trusty backed keymaster
service, pass "androidboot.keystore=software" for software
keymaster service.Test: boot pass on imx8qm_mek.
Change-Id: I9fa38c15a7c10aef09ab29b0e9859b690e3e7a41
Signed-off-by: Ji Luo
20 Nov, 2018
1 commit
-
Update the ddrc Qos setting for B1 to align with B0'ssetting.
Correct the initial clock for dram_pll. This setting will be
overwrite before ddr phy training. Although there is no impact
on the dram init, we still need to correct it to eliminate
confusion.Signed-off-by: Bai Ping
Reviewed-by: Ye Li
Tested-by: Robby Cai
19 Nov, 2018
2 commits
-
Some platforms don't have alias for usb1 device, so when initialize the
second controller, its seq is allocated by u-boot automatically.
This introduces a problem if the initialization of first controller is failed,
for example nothing connect to first controller, then the seq allocated
for second controller is 0 not 1. EHCI driver uses the seq as index for
USB controller and phy, so it will cause initialization problem for second
controller.Fix the issue by adding the usb1 alias for second USB controller.
Signed-off-by: Ye Li
Reviewed-by: Peng Fan -
Remove the fuse operation commands for imx8qm, this will
help reduce the u-boot binary size.Test: build and boot ok on imx8qm.
Change-Id: I45fd7a86abe5ce7a9a8b9284974190d72b203e1b
Signed-off-by: Luo Ji
16 Nov, 2018
2 commits
-
Enlarge dom0 mem to 2048M
Signed-off-by: Peng Fan
-
Enable dm usb using the base board otg usb port for fastboot usage
Signed-off-by: Peng Fan
Reviewed-by: Ye Li
15 Nov, 2018
6 commits
-
Enable dm serial for xen uboot.
Log as below:
#xl console 1
MMC: FSL_SDHC: 0
Loading Environment from ... *** Warning - bad CRC, using default environmentFailed (-5)
In: serial@5a060000
Out: serial@5a060000
Err: serial@5a060000
flash target is MMC:0
Fastboot: Normal
Normal Boot
=>Signed-off-by: Peng Fan
Reviewed-by: Peng Fan
Reviewed-by: Flynn xu -
Support output/input using `xl console [domid]`.
Signed-off-by: Peng Fan
Reviewed-by: Peng Fan
Reviewed-by: Flynn xu -
Update mem map table for xen uboot.
xen console and some magic pages needs to be mappe as normal memory.Signed-off-by: Peng Fan
Reviewed-by: Peng Fan
Reviewed-by: Flynn xu -
Introduce new hypercalls
Signed-off-by: Peng Fan
Reviewed-by: Peng Fan
Reviewed-by: Flynn xu -
Introduce puts hook for dm serial driver.
Signed-off-by: Peng Fan
Reviewed-by: Peng Fan
Reviewed-by: Flynn xu -
Introduce xen header files from Linux Kernel commit
e2b623fbe6a3("Merge tag 's390-4.20-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux")Signed-off-by: Peng Fan
Reviewed-by: Peng Fan
Reviewed-by: Flynn xu
14 Nov, 2018
3 commits
-
Fix coverity issue CID 43665: Free of address-of expression (BAD_FREE)
incorrect_free: free frees incorrect pointer pp.pp points the port array field of struct ahci_uc_priv, should not free it.
Signed-off-by: Ye Li
Acked-by: Peng Fan -
Fix coverity issue CID 18031: Resource leak (RESOURCE_LEAK)
leaked_storage: Variable fill_buf going out of scope leaks the storage it points toShould free the fill_buf before function return.
Signed-off-by: Ye Li
-
Current flexspi clock root is set to 25Mhz OSC, but the flash can support
to 166Mhz clock, so change the flexspi clock root to system PLL1 100Mhz
clock to increase speed.Signed-off-by: Ye Li
Reviewed-by: Peng Fan
13 Nov, 2018
9 commits
-
Current code uses strlen of string to get the property data
length, which is wrong for unicode string, also the whole
property length also should be corrected(descriptor length
minus head length, 142-10=132), detail data format of single
GUID see below table:Table 4a: Microsoft Extended Properties Feature Descriptor
===================================================================
Value | TYPE | Description
===================================================================
0x8E, 0x00, 0x00, 0x00 | DWORD (LE) | Descriptor length
| | (142 bytes)
--------------------------------------------------------------------
0x00, 0x01 | BCD WORD (LE) | Version ('1.0')
--------------------------------------------------------------------
0x05, 0x00 | WORD (LE) | Extended Property
| | Descriptor index (5)
--------------------------------------------------------------------
0x01, 0x00 | WORD (LE) | Number of sections (1)
--------------------------------------------------------------------
0x84, 0x00, 0x00, 0x00 | DWORD (LE) | Size of the property
| | section (132 bytes)
--------------------------------------------------------------------
0x01, 0x00, 0x00, 0x00 | DWORD (LE) | Property data type
| | (1 = Unicode
| | REG_SZ,
| | see table below)
--------------------------------------------------------------------
0x28, 0x00 | WORD (LE) | Property name
| | length (40 bytes)
--------------------------------------------------------------------
0x44, 0x00, 0x65, 0x00, | NUL-terminated | Property name
(...) | Unicode String | "DeviceInterfaceGUID"
0x74, 0x00, 0x00, 0x00 | (LE) |
--------------------------------------------------------------------
0x4e, 0x00, 0x00, 0x00 | DWORD (LE) | Property data
| | length (78 bytes)
--------------------------------------------------------------------
0x7b, 0x00, 0x46, 0x00, | NUL-terminated | Property name
(...) | Unicode String | "{xxxxxxxx-xxxx-
0x7d, 0x00, 0x00, 0x00 | (LE) | xxxx-xxxx-
| | xxxxxxxxxxxx}\0"
--------------------------------------------------------------------Details of WCID see below link:
https://github.com/pbatard/libwdi/wiki/WCID-DevicesReviewed-by: Ye Li
Signed-off-by: Li Jun -
Fix coverity issue CID 5015449: Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking mmc suggests that it may be null, but it has
already been dereferenced on all paths leading to the checkSigned-off-by: Ye Li
-
Fix coverity issue CID 1898965: Dereference null return value (NULL_RETURNS)
dereference: Dereferencing a pointer that might be NULL dev_desc when calling
write_backup_gpt_partitionsSigned-off-by: Ye Li
-
Fix coverity issue CID 3826473: Destination buffer too small (STRING_OVERFLOW)
string_overflow: You might overrun the 16-character destination string buffer by
writing 20 characters fromThe size of g_ptable->name is 20, but we use 16 bytes buffer for strcpy. It may
cause buffer overflow.Signed-off-by: Ye Li
-
Fix coverity issue CID 3606685: Structurally dead code (UNREACHABLE)
unreachable: This code cannot be reached: return esdhc_getcd_commonShould not return true directly, otherwise the esdhc_getcd_common is
bypassed.Signed-off-by: Ye Li
-
Fix coverity issue CID 3411367: Missing break in switch (MISSING_BREAK)
unterminated_case: The case for value 1U is not terminated by a 'break' statement.Signed-off-by: Ye Li
-
Fix coverity issue CID 3768406: Dereference null return value (NULL_RETURNS)
dereference: Dereferencing a pointer that might be NULL gis_input when calling strcmp.The gis_input may returns NULL from env_get, need check it before strcmp.
Signed-off-by: Ye Li
-
Fix coverity issue CID 3261683: Wrong operator used (CONSTANT_EXPRESSION_RESULT)
operator_confusion: ({...; __v;}) | 67108864 is always 1/true regardless of the values
of its operand. This occurs as the logical operand of !When DIAG_X is set, the PHY COMINIT signal is detected, so should use '&' to check
whether it is set.Signed-off-by: Ye Li
-
Fix coverity issue CID 3606684: Resource leak (RESOURCE_LEAK)
leaked_storage: Variable uc_priv going out of scope leaks the storage it points toSigned-off-by: Ye Li
12 Nov, 2018
3 commits
-
Commit "ql-tipc: trusty_ipc: Change ipc polling to be per device" removes
rpmb_storage_proxy_poll() call in avb_do_tipc() which will return early
if the rpmb proxy service isn't initialized properly, this will make boards
hang if the rpmb key is not set.
Skip initializing AVB and Keymaster client if the rpmb key hasn't been
set, but keep the hwcrypto client initialization since we need it to
generate the rpmb key blob.Test: Build and boot ok on imx8q.
Change-Id: I1ead849e812da55edae8b739d9ae56a7d4951af4
Signed-off-by: Ji Luo -
The rollback index should be updated when avb verify pass
and the slot has been marked as successful, update the
rollback index also for those enabled dual bootloader
feature.
This commit also fix some configs condition issue so
read/write rollback index with trusty will work.Test: rollback index updated successfully on
imx7d_pico and AIY.Change-Id: I2344d6462249d8d88f0622d331cdeffc7e12f885
Signed-off-by: Ji Luo -
SHA256 hash of the entire verified software stack should be calculated
and passed to 'trusty_set_boot_params'. This commit will calculate the
SHA256 hash which represents spl.bin and bootloader.img, and then extend
that hash with the hash of vbmeta image into the final VBH.Bug: 110905171
Test: VBH is calculated and passed ok on AIY.
Change-Id: Id83ad36f3de79bedd435ca8f26035a35cca66b07
Signed-off-by: Ji Luo