14 Dec, 2018
4 commits
-
There is no need to have an extra hab directory under doc/imx/:
- doc/imx/hab/ahab/
- doc/imx/hab/habv4/Remove extra hab directory for a cleaner documentation structure.
Signed-off-by: Breno Lima
Reviewed-by: Ye Li
(cherry picked from commit 4568f4a4c853ff9d952cfb5ec7c38c479de697d2) -
The current U-Boot implementation includes SPL targets for i.MX8QM and
i.MXQXP MEK boards:- imx8qxp_mek_spl_defconfig
- imx8qxp_mek_spl_fspi_defconfig
- imx8qm_mek_spl_defconfig
- imx8qm_mek_spl_fspi_defconfigThe U-Boot proper and ATF are included in an additional container being
necessary a different procedure for signing the flash.bin image.Add a step-by-step guide covering the signing procedure.
Add a CSF example for the 3rd container.Signed-off-by: Breno Lima
Reviewed-by: Frank Zhang
Reviewed-by: Marius Grigoras
Reviewed-by: Utkarsh Gupta
(cherry picked from commit 04505024d38eebbb5f39133b502c8e450ca40215) -
Add AHAB secure boot step-by-step guide for i.MX8 and i.MX8x families
devices.Add 3 CSF example files:
- Example to sign flash.bin only using SRK keys.
- Example to sign flash.bin using a subordinate SGK key.
- Example to sign Linux image only using SRK keys.Signed-off-by: Clement Le Marquis
Reviewed-by: Frank Zhang
Reviewed-by: Marius Grigoras
Reviewed-by: Utkarsh Gupta
(cherry picked from commit 7c46caba3b528b0399242f99612e5b094b1a4703) -
The AHAB is currently supported in i.MX8QXP and i.MX8QM devices.
Add an introductory document containing the following topics:
- AHAB Secure Boot Architecture
- System Control Unit (SCU) introduction
- Security Controller (SECO) introduction
- i.MX8/8x secure boot flow
- AHAB PKI tree generation
- SRK Table and SRK Hash generationSigned-off-by: Breno Lima
Reviewed-by: Frank Zhang
Reviewed-by: Marius Grigoras
Reviewed-by: Utkarsh Gupta
(cherry picked from commit 6e9ceb2526bd4a45c6ff669afb086cc3a0627e6b)
26 Nov, 2018
2 commits
-
The HABv4 secure boot procedure is now documented in different files:
.
└── habv4
├── csf_examples
│ ├── additional_images
│ │ └── csf_additional_images.txt
│ ├── mx6_mx7
│ │ ├── csf_uboot_fast_authentication.txt
│ │ └── csf_uboot.txt
│ └── mx8m_mx8mm
│ ├── csf_fit.txt
│ └── csf_spl.txt
├── guides
│ ├── mx6_mx7_secure_boot.txt
│ ├── mx8m_mx8mm_secure_boot.pdf
│ └── mx8m_mx8mm_secure_boot.txt
├── introduction_habv4.txt
└── script_examples
└── genIVT.plThe old documentation secure_boot.txt can be removed.
Reviewed-by: Utkarsh Gupta
Signed-off-by: Breno Lima
(cherry picked from commit b0300fcf732ff1e79e771c386bf083e79eacc36a) -
Add HABv4 documentation for i.MX8M and i.MX8MM targets covering the
following topics:- How to sign an securely boot an flash.bin image.
- How to extend the root of trust for additional boot images.
- Add 2 CSF examples.Reviewed-by: Utkarsh Gupta
Signed-off-by: Breno Lima
(cherry picked from commit cc63be298a3e5f44e417f4098c124715917d09e1)
03 Nov, 2018
2 commits
-
Signed-off-by: Clement Le Marquis
-
Add useful documentation for encrypted boot:
- Add 2 CSF examples for encrypt and sign
- How to encrypt and sign a U-Boot binary on closed device
- Why and how increase the PRIBLOB bitfield from CAAM SCFGRSigned-off-by: Clement Le Marquis
23 Oct, 2018
2 commits
-
Add HABv4 documentation for u-boot-dtb.imx targets covering the
following topics:- How to sign an securely boot an u-boot-dtb.imx image.
- How to extend the root of trust for additional boot images.
- Add 3 CSF examples.
- Add IVT generation script example.Reviewed-by: Ye Li
Reviewed-by: Utkarsh Gupta
Signed-off-by: Breno Lima -
The HABv4 is supported in i.MX 50, i.MX 53, i.MX 6, i.MX 7,
series and i.MX 8M, i.MX8MM devices.Add an introductory document containing the following topics:
- HABv4 Introduction
- HABv4 Secure Boot
- HABv4 Encrypted Boot
- HAB PKI tree generation
- HAB Fast Authentication PKI tree generation
- SRK Table and SRK Hash generationReviewed-by: Ye Li
Reviewed-by: Utkarsh Gupta
Signed-off-by: Breno Lima
09 Oct, 2018
8 commits
-
There is no need to have README in all i.MX documents name.
Remove README from i.MX docs name and add .txt file extension.Signed-off-by: Breno Lima
Reviewed-by: Ye Li -
The Serial Download Protocol feature is availible in various
i.MX SoCs.Move README.sdp document to imx/misc directory.
Signed-off-by: Breno Lima
-
The current High Assurance Boot document README.mxc_hab
include details for the following features in a single file:- HAB Secure Boot
- HAB Encrypted BootSplit HAB documentation in a specific directory for a cleaner
documentation structure, subsequent patches will include more
content in HAB documentation.Signed-off-by: Breno Lima
-
The following documents describe device details according to the
i.MX family:- README.imx25
- README.imx27
- README.imx5
- README.imx6
- README.mxsMove all device common related document to doc/imx/common for a better
directory structure.Signed-off-by: Breno Lima
-
The following documents describe the image type used by the mkimage
tool to generate U-Boot images for i.MX devices.- README.imximage
- README.mxsimageMove all mkimage related document to doc/imx/mkimage for a better
directory structure.Signed-off-by: Breno Lima
-
Currently the Serial Download Protocol tools and procedure are
documented in two places:- doc/imx/README.sdp
- doc/imx/README.imx6It is better to consolidate all SDP related information into
README.sdp file, so move the content from README.imx6 to
README.sdp.Signed-off-by: Breno Lima
-
Currently the U-Boot doc/ directory contains the following files
that are only relevant for i.MX devices:- doc/README.imx25
- doc/README.imx27
- doc/README.imx5
- doc/README.imx6
- doc/README.imximage
- doc/README.mxc_hab
- doc/README.mxs
- doc/README.mxsimage
- doc/README.sdpMove all content to a common i.MX folder for a better documentation
structure.Signed-off-by: Breno Lima
-
Currently the U-Boot project contains 2 documentation directories:
- doc/
- Documentation/The Documentation directory only contains device tree bindings related
content, so move the 2 files to doc/device-tree-bindings/.This commit is based in a previous submission in U-Boot upstream:
http://git.denx.de/?p=u-boot.git;a=commit;h=ad7061ed742e1312289644268859a0f4b512aaeeSigned-off-by: Breno Lima
11 Mar, 2018
2 commits
-
The README.mxc_hab is outdated and need improvements, add the following
modifications:- Reorganize document and remove duplicate content
- Add CST download link
- Update CST package name
- Align command lines with CST v2.3.3
- Update U-Boot binary name
- Remove CSF padding since is not documented in AN4581Signed-off-by: Breno Lima
-
Currently the High Assurance Boot procedure is documented in two
places:- doc/README.imx6
- doc/README.mxc_habIt is better to consolidate all HAB related information into
README.mxc_hab file, so move the content from README.imx6 to
README.mxc_hab.Signed-off-by: Breno Lima
Reviewed-by: Fabio Estevam
24 Feb, 2018
1 commit
-
With the contents of config_distro_defaults.h migrated to Kconfig,
we can remove this header file completelySigned-off-by: Adam Ford
10 Feb, 2018
1 commit
-
README.efi describes two different concepts:
* U-Boot exposing the UEFI API
* U-Boot running on top of UEFI.This patch splits the document in two.
Religious references are removed.The separation of the concepts makes sense before detailing the internals
of U-Boot exposing the UEFI API in a future patch.Signed-off-by: Heinrich Schuchardt
Signed-off-by: Alexander Graf
08 Feb, 2018
1 commit
-
This commit cleans up the README.watchdog by removing the reminescent of
ADI's Blackfin architecture removed some time ago.Signed-off-by: Lukasz Majewski
04 Feb, 2018
5 commits
-
The original text is from the time that the config options were not
converted to Kconfig.After the conversion to Kconfig only CONFIG_SECURE_BOOT and
CONFIG_CMD_DEKBLOB need to be selected by the user.The other config options are automatically selected by the Kconfig
logic.Signed-off-by: Fabio Estevam
Reviewed-by: Breno Lima -
The EFI implementation does not fit into any of the existing categories.
Provide LOGC_EFI so that EFI related message can be filtered.
Signed-off-by: Heinrich Schuchardt
Reviewed-by: Simon Glass -
When functions return an error it propagates up the stack to the point
where it is reported. Often the error code provides enough information
about the root cause of the error that this is obvious what went wrong.However in some cases the error may be hard to trace. For example if a
driver uses several devices to perform an operation, it may not be
obvious which one failed.Add a log_ret() macro to help with this. This can be used to wrap any
error-return value. The logging system will then output a log record when
the original error is generated, making it easy to trace the call stack
of the error.This macro can significantly impact code size, so its use is controlled
by a Kconfig option, which is enabled for sandbox.Signed-off-by: Simon Glass
-
Add some notes about recent new features.
Signed-off-by: Simon Glass
31 Jan, 2018
1 commit
-
Xilinx changes for v2018.03
- Several Kconfig fixes (also moving configs to defconfigs)
- Some DTS updates
- ZynqMP psu rework based on Zynq concept
- Add low level initialization for zc770 and zcu102
- Add support for Zynq zc770 x16 nand configuration
- Add mini nand/emmc ZynqMP targets
- Some arasan nand changes
30 Jan, 2018
1 commit
-
zc770-xm011 is also added and supported. Reflect this in README.
Signed-off-by: Michal Simek
29 Jan, 2018
1 commit
-
The appended README explains how U-Boot and iPXE can be used
to boot a diskless system from an iSCSI SAN.The maintainer for README.efi and README.iscsi is set.
Signed-off-by: Heinrich Schuchardt
[agraf: s/Adress/Address/]
Signed-off-by: Alexander Graf
26 Jan, 2018
1 commit
24 Jan, 2018
2 commits
-
NAND and QSPI devices are now supported, so mark
them as such.Cc: Michal Simek
Signed-off-by: Ezequiel Garcia
Signed-off-by: Michal Simek -
Update documentation to reflect adopting the Linux DT bindings.
Tested on TI K2G platform:
Tested-by: Vignesh RTested on a socfpga-cyclonev board:
Tested-by: Simon GoldschmidtSigned-off-by: Jason Rush
Reviewed-by: Jagan Teki
Acked-by: Simon Goldschmidt
Acked-by: Marek Vasut
23 Jan, 2018
1 commit
-
Migrate the following symbols to Kconfig:
CONFIG_FS_EXT4
CONFIG_EXT4_WRITEThe definitions in config_fallbacks.h can now be expressed in Kconfig.
Signed-off-by: Tuomas Tynkkynen
20 Jan, 2018
2 commits
-
The following config symbols are only defined once and never referenced
anywhere else:CONFIG_AMCORE
CONFIG_ASTRO5373L
CONFIG_M52277EVB
CONFIG_M5253DEMO
CONFIG_M5253EVBE
CONFIG_M5275EVB
CONFIG_M54418TWR
CONFIG_STMARK2Most of them are config symbols named after the respective boards which
seems to have been a standard practice at some point.Signed-off-by: Tuomas Tynkkynen
-
It's mostly obvious, except that QEMU is annoying and requires an
explicit '-cpu cortex-a57' (or some other 64-bit core) to actually run
in 64-bit mode.While at it, remove the references to setting the ARCH environment
variable; that is not used in U-Boot.Signed-off-by: Tuomas Tynkkynen
Reviewed-by: Tom Rini
16 Jan, 2018
3 commits
-
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Fix all occurences in various documentation files where this was not
observed, to not give bad examples to the reader.Signed-off-by: Andre Przywara
-
The DT spec demands a unit-address of a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Fix all occurences in the FIT image example files where this was not
observed, to not give bad examples to the reader.Signed-off-by: Andre Przywara
-
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Fix all occurences in the FIT image documentation files where this was not
observed, to not give bad examples to the reader.Signed-off-by: Andre Przywara
