08 May, 2020

1 commit

09 Apr, 2020

2 commits

24 Mar, 2020

1 commit

25 Nov, 2019

1 commit

15 Nov, 2019

1 commit

11 Nov, 2019

1 commit

03 Nov, 2019

2 commits

01 Nov, 2019

1 commit

18 Apr, 2019

1 commit

  • initialize potential uninitialized variable with the type of"char*" to
    be NULL in AVB. That "hashtree_error_mode" in code is manually specified
    with a known value, the cases listed cover all potential value of

    explicitly do a type cast for memcpy parameters.

    Change-Id: Ie5d234422a273d6dab75585bd0d8eb81583707ca
    Signed-off-by: faqiang.zhu


11 Apr, 2019

5 commits

10 Apr, 2019

5 commits

  • The blob command is not working on i.MX7D, i.MX8MQ and i.MX8MM

    Due to different cache management it's necessary to flush dcache
    range for destination address so data can be available in memory.

    Add necessary operations in blob_encap() and blob_decap() functions.

    Signed-off-by: Breno Lima
    Reviewed-by: Ye Li
    (cherry picked from commit 639e5c15816c3eea0d4904a72ad175627be043d8)

    Breno Lima
  • The HABv4 implementation in ROM checks if HAB major version
    in IVT header is 4.x.

    The current implementation in hab.c code is only validating
    HAB v4.0 and HAB v4.1 and may be incompatible with newer
    HABv4 versions.

    Modify verify_ivt_header() function to align with HABv4
    implementation in ROM code.

    Signed-off-by: Breno Lima
    Reviewed-by: Ye Li
    (cherry picked from commit 33f51b401dffa393274a28f9d49a87af3eb02fe0)

    Breno Lima
  • The csf_additional_images.txt example should match with
    mx6_mx7_secure_boot.txt guide.

    Fix addresses provided in csf_additional_images.txt CSF

    Reviewed-by: Ye Li
    Signed-off-by: Breno Lima
    (cherry picked from commit 17c3af7a1935a40057c01459766d41ff0a19723b)

    Breno Lima
  • When building 32-bit targets with CONFIG_SECURE_BOOT and DEBUG enabled
    the following warnings are displayed:

    arch/arm/mach-imx/hab.c:840:41: warning: format '%lx' expects argument \
    of type 'long unsigned int', but argument 3 has type 'uint32_t \
    {aka unsigned int}' [-Wformat=]
    printf("HAB check target 0x%08x-0x%08lx fail\n",
    ddr_start, ddr_start + bytes);

    arch/arm/mach-imx/hab.c:845:45: warning: format '%x' expects argument \
    of type 'unsigned int', but argument 3 has type 'ulong \
    {aka long unsigned int}' [-Wformat=]
    printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr);

    Fix warnings by providing the correct data type.

    Reviewed-by: Ye Li
    Signed-off-by: Breno Lima
    (cherry picked from commit 050beb8ee3fc4c690c9ce7c4f47adfc6f48dccdf)

    Breno Lima
  • When booting in low power or dual boot modes the M4 binary is
    authenticated by the M4 ROM code.

    Add an option in hab_status command so users can retrieve M4 HAB
    failure and warning events.

    => hab_status m4

    Secure boot disabled

    HAB Configuration: 0xf0, HAB State: 0x66
    No HAB Events Found!

    Add command documentation in mx6_mx7_secure_boot.txt guide.

    As HAB M4 API cannot be called from A7 core the code is parsing
    the M4 HAB persistent memory region. The HAB persistent memory
    stores HAB events, public keys and others HAB related information.

    The HAB persistent memory region addresses and sizes can be found
    in AN12263 "HABv4 RVT Guidelines and Recommendations".

    Reviewed-by: Utkarsh Gupta
    Reviewed-by: Ye Li
    Signed-off-by: Breno Lima
    (cherry picked from commit 0efff16579fabcf57acb9c8857afac8fb58de355)

    Breno Lima

09 Apr, 2019

2 commits

  • Enable fastboot configurations in mx6solo sabresd and sabreauto
    defconfigs to support UUU. Since the DDR size on mx6solo sabre
    boards is smaller, also change the fastboot buffer to 256MB.

    Signed-off-by: Ye Li
    Reviewed-by: Peng Fan
    (cherry picked from commit c482755fb22fa1a459927ed9aadf2477c42b1a59)

    Ye Li
  • Commit 22191ac35344 ("drivers/crypto/fsl: assign job-rings to
    non-TrustZone") breaks HABv4 encrypted boot support in the
    following i.MX devices:

    - i.MX6UL
    - i.MX7S
    - i.MX7D
    - i.MX7ULP

    For preparing a HABv4 encrypted boot image it's necessary to
    encapsulated the generated DEK in a blob. The blob generation
    function takes into consideration the Job Ring TrustZone
    ownership configuration (JROWN_NS) and can be only decapsulated
    by the same configuration.

    The ROM code expects DEK blobs encapsulated by the Secure World
    environments which commonly have JROWN_NS = 0.

    As U-Boot is running in Secure World we must have JROWN_NS=0
    so the blobs generated by dek_blob tool can be decapsulated
    by the ROM code.

    As NXP BSP does not requires all job-rings assigned to
    non-Secure world this commit can be safely reverted.

    This reverts commit 22191ac353445ad8fafc5a78aefcd94e78963041.

    Reviewed-by: Silvano Di Ninno
    Signed-off-by: Breno Lima
    (cherry picked from commit 3eebc76f5571f7ce74d385235019e8eb4a6718f6)

    Breno Lima

02 Apr, 2019

1 commit

  • As the M4 use different DDR memory size in normal android/car2 and car
    image, use different defconfig for car2 to decrease DDR memory
    reservation. So memory reserved for each M4 core is 8MB in car2 and
    normal android image. it's 32MB for car image.

    Change-Id: Idf608f539cd614a154c78e3a1af28eff1da5c1f2
    Signed-off-by: Zhang Bo

    Zhang Bo

01 Apr, 2019

1 commit

  • Add support for DVT AIY 1G board, distinguish the board type
    with the board id.
    TYPE: ID:
    Micron 1G 0x5
    HYNIX 1G 0x3
    Micron 3G 0x1

    Test: Boot on AIY 1G/3G ddr board.

    Change-Id: I3c7b6ebe8bc5d4e59917fcc3947e9ebfefc940da
    Signed-off-by: Ji Luo

    Ji Luo

29 Mar, 2019

2 commits

21 Mar, 2019

1 commit

20 Mar, 2019

2 commits

  • The sec_in32 preprocessor is defined as follows in include/fsl_sec.h file:
    When address "a" is calculated using math for ex: addition of base address and an offset, then casting is applied only to the first address which in this example is base address.

    caam_ccbvid_reg = sec_in32(CONFIG_SYS_FSL_SEC_ADDR + CAAM_CCBVID_OFFSET)
    resolves to:
    caam_ccbvid_reg = in_le32((ulong *)(ulong)CONFIG_SYS_FSL_SEC_ADDR + CAAM_CCBVID_OFFSET)
    instead it should resolve to:
    caam_ccbvid_reg = in_le32((ulong *)(ulong)(CONFIG_SYS_FSL_SEC_ADDR + CAAM_CCBVID_OFFSET))

    Thus add parenthesis around the address "a" so that however the address is calculated, the casting is applied to the final calculated address.

    Bug introduced by commit 79e90af14af3 ("MLK-18044-2: crypto: caam: Fix build warnings pointer casting").

    Signed-off-by: Utkarsh Gupta
    Reviewed-by: Horia Geanta
    Reviewed-by: Ye Li
    (cherry picked from commit 5d10d1cab052f8af4fd00640e09642aa0a596922)

    Utkarsh Gupta
  • The boota command boots an Android already written to mmc/emmc.
    It calls get_boot_device() to figure out where to look for Android;
    but when a board is booted over serial, get_boot_device() returns
    an invalid boot mode.

    Explicitly setting the storage_type will enable boota on
    a board booted over serial.

    FB: ucmd setenv storage_type emmc
    FB: ucmd boota

    Signed-off-by: Adrian Negreanu

    Adrian Negreanu

19 Mar, 2019

3 commits

  • After the commit b9a2a0e2e9c0 ("mmc: Add support for downgrading
    HS200/HS400 to HS mode"), it add a parameter in mmc_set_card_speed()
    which indicates that the HS200/HS400 to HS downgrade is happening.

    During the HS400 initialization, first select to HS200, and config
    the related clock rate, then downgrade to HS mode. So here also need
    to config the downgrade value to be true, make sure in the function
    mmc_set_card_speed(), after switch to HS mode, first config the
    clock rate, then read the EXT_CSD. Otherwise read EXT_CSD in HS mode
    at wrong clock rate, e.g. 200MHz, may lead to uncertain result.

    Test on i.MX8QM MEK board, some Micron eMMC will stuck in transfer
    mode in this case, and USDHC will never get data transfer complete
    status, cause the uboot hang.

    Signed-off-by: Haibo Chen
    (cherry picked from commit 0ba8e1c6efa2e9c34c9b54105d6c50ee293ec1d7)

    Haibo Chen
  • When using CMD6 to switch eMMC card timing from HS200/HS400 to HS/legacy,
    do not poll for the completion status using CMD13, but rather wait 50mS.

    Once the card receives the CMD6 and starts executing it, the bus is in
    undefined state until both the card finishes executing the command and
    until the controller switches the bus to matching timing configuration.
    During this time, it is not possible to transport any commands or data
    across the bus, which includes the CMD13.

    Signed-off-by: Marek Vasut
    Cc: Jaehoon Chung
    (cherry picked from commit 5dbade95cb7ebc1f3a309b00430ebf2b466d7aba)
    Signed-off-by: Haibo Chen

    Marek Vasut
  • The mmc_select_mode_and_width() function can be called while the card
    is in HS200/HS400 mode and can be used to downgrade the card to lower
    mode, e.g. HS. This is used for example by mmc_boot_part_access_chk()
    which cannot access the card in HS200/HS400 mode and which is in turn
    called by saveenv if env is in the MMC.

    In such case, forcing the card clock to legacy frequency cannot work.
    Instead, the card must be switched to HS mode first, from which it can
    then be reprogrammed as needed.

    However, this procedure needs additional code changes, since the current
    implementation checks whether the card correctly switched to HS mode in
    mmc_set_card_speed(). The check only expects that the card will be going
    to HS mode from lower modes, not from higher modes, hence add a parameter
    which indicates that the HS200/HS400 to HS downgrade is happening. This
    makes the code send the switch command first, reconfigure the controller
    next and finally perform the EXT_CSD readback check. The last two steps
    cannot be done in reverse order as the card is already in HS mode when
    the clock are being switched on the controller side.

    Signed-off-by: Marek Vasut
    Cc: Jaehoon Chung
    (cherry picked from commit 523f613609545252f08f01f346ba4b0403f78b7c)
    Signed-off-by: Haibo Chen

    Marek Vasut

18 Mar, 2019

3 commits

  • Update the lpddr4 timing config to align with the ddr tool

    Signed-off-by: Jacky Bai
    Reviewed-by: Ye Li
    (cherry picked from commit a1433dec3a03a6c944b61600e7b317e2a83f2981)

    Jacky Bai
  • The normal ready time of M4 side is less than 1s, so we can use
    2s as the timeout of connection. The current value is 10s, which seems
    a little long if M4 SRTM service does not run.

    Signed-off-by: Ye Li
    Acked-by: Peng Fan
    (cherry picked from commit 4792d8967d3c631d055c133303bb6385b822a3ca)

    Ye Li
  • There are two LPCG HW issues reported in TKT322331. Add workaround
    for them in u-boot.
    1. Back to back LPCG write access must have 4x DSC cycle interval.
    2. When DSC clock is gated, LPCG write access may be missed due to
    the edge detect is not see by DSC. Two writes shall be performed
    to re-enable the clock if DSC clock is gated

    Signed-off-by: Ye Li
    Reviewed-by: Peng Fan
    (cherry picked from commit 96186ca0048e6ae261176e5f3ebf02be09bacb08)

    Ye Li

15 Mar, 2019

1 commit

  • When switching ARM root clock source from ARM PLL to 24M OSC,
    found the ARM timer may stop on few chips during stress reboot test.
    The system counter is still increasing, but ARM timer is stopped.

    Add a workaround that switch ARM clock source from ARM PLL to
    Sys PLL2 500M clock instead of 24M OSC. Stress reboot test is
    passed on all failed chips.

    Signed-off-by: Ye Li
    (cherry picked from commit 74770228976c013a3e289b21f6e27334ea97bee4)

    Ye Li

14 Mar, 2019

3 commits

  • Fix coverity issue: CID 2970630: Resource leak (RESOURCE_LEAK)
    leaked_storage: Variable cdns going out of scope leaks the storage
    it points to.

    Memory allocated by devm_kzalloc() won't be freed automatically in
    u-boot, free the memory manually here.

    Test: Coverity scan pass.

    Change-Id: I3000a2385941cef3b8b7e01611cfdc999971a4ca
    Signed-off-by: Luo Ji

    Luo Ji
  • Fix coverity issues as:
    CID 5899697: Dereference before null check (REVERSE_INULL)
    CID 3616594: Unchecked return value (CHECKED_RETURN)
    CID 3616598: Resource leak (RESOURCE_LEAK)
    CID 3616591: Resource leak (RESOURCE_LEAK)

    Test: Coverity scan pass.

    Change-Id: I70abb41c3cd825c6eec43dc7e5baec716ae46680
    Signed-off-by: Luo Ji

    Luo Ji
  • Fix coverity issue:
    CID 43787: Buffer not null terminated (BUFFER_SIZE_WARNING)
    buffer_size_warning: Calling strncpy with a maximum size argument
    of 32 bytes on destination array sdev.name of size 32 bytes might
    leave the destination string unterminated.

    Test: Coverity scan pass.

    Change-Id: Ib10e631bab893cb9cd1484082229f806b02849ba
    Signed-off-by: Luo Ji

    Luo Ji