| Age | Commit message (Collapse) | Author |
|---|
|
This patch renames the board directory from board/freescale to
board/nxp because NXP now provides Board Support Packages (BSPs) and
tools for the former Freescale i.MX and other i.MX products.
All relevant references have been updated accordingly. This change does
not affect functionality.
Signed-off-by: Alice Guo <[email protected]>
Reviewed-by: Fabio Estevam <[email protected]>
|
|
Use the new symbol to refer to any 'SPL' build, including TPL and VPL
Signed-off-by: Simon Glass <[email protected]>
|
|
After adding the U_BOOT_LONGHELP macro some new commands came in still
that were not making use if it. Switch these cases over and in a few
places add missing newlines as well.
Signed-off-by: Tom Rini <[email protected]>
|
|
As part of bringing the master branch back in to next, we need to allow
for all of these changes to exist here.
Reported-by: Jonas Karlman <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
When bringing in the series 'arm: dts: am62-beagleplay: Fix Beagleplay
Ethernet"' I failed to notice that b4 noticed it was based on next and
so took that as the base commit and merged that part of next to master.
This reverts commit c8ffd1356d42223cbb8c86280a083cc3c93e6426, reversing
changes made to 2ee6f3a5f7550de3599faef9704e166e5dcace35.
Reported-by: Jonas Karlman <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
Remove <common.h> from this board vendor directory and when needed
add missing include files directly.
Acked-by: Jason Liu <[email protected]>
Acked-by: Peng Fan <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
It is a pain to have to specify the value 16 in each call. Add a new
hextoul() function and update the code to use it.
Add a proper comment to simple_strtoul() while we are here.
Signed-off-by: Simon Glass <[email protected]>
|
|
We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.
Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.
This requires quite a few header-file additions.
Signed-off-by: Simon Glass <[email protected]>
|
|
Move env_set() over to the new header file.
Acked-by: Joe Hershberger <[email protected]>
Signed-off-by: Simon Glass <[email protected]>
|
|
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.
In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.
This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.
Signed-off-by: Tom Rini <[email protected]>
|
|
Both the "qixis_reset" and esbc_validate" commands can only be used in
full U-Boot so do not build them in SPL. As part of this rework the
qixis code to declare things as static and make use of __weak for
function aliases.
Cc; York Sun <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
Reviewed-by: York Sun <[email protected]>
|
|
We are now using an env_ prefix for environment functions. Rename setenv()
for consistency. Also add function comments in common.h.
Suggested-by: Wolfgang Denk <[email protected]>
Signed-off-by: Simon Glass <[email protected]>
|
|
Use a pointer to pass image address to fsl_secboot_validate(),
instead of using environmental variable "img_addr".
Signed-off-by: Aneesh Bansal <[email protected]>
Signed-off-by: Saksham Jain <[email protected]>
Reviewed-by: York Sun <[email protected]>
|
|
In case of fatal failure during secure boot execution (e.g. header
not found), reset is asserted to stop execution. If the RESET_REQ
is not tied to HRESET, this allows the execution to continue.
Add esbh_halt() after the reset to make sure execution stops.
Signed-off-by: Aneesh Bansal <[email protected]>
Signed-off-by: Saksham Jain <[email protected]>
Reviewed-by: York Sun <[email protected]>
|
|
In case of error while executing esbc_validate command, SNVS
transition and issue of reset is required only for secure-boot.
If boot mode is non-secure, this is not required.
Similarly, esbc_halt command which puts the core in Spin Loop
is applicable only for Secure Boot.
Signed-off-by: Aneesh Bansal <[email protected]>
Acked-by: Ruchika Gupta <[email protected]>
Reviewed-by: York Sun <[email protected]>
|
|
Some images to be validated are relocated to a dynamic
address at run time. So, these addresses cannot be known
befor hand while signing the images and creating the header
offline.
So, support is required to pass the image address to the
validate function as an argument.
If an address is provided to the function, the address
field in Header is not read and is treated as a reserved
field.
Signed-off-by: Saksham Jain <[email protected]>
Signed-off-by: Aneesh Bansal <[email protected]>
Acked-by: Ruchika Gupta <[email protected]>
Reviewed-by: York Sun <[email protected]>
|
|
The prototype and defination of function fsl_secboot_validate
has been changed to support calling this function from another
function within u-boot.
Only two aruments needed:
1) header address - Mandatory
2) SHA256 string - optional
Signed-off-by: Saksham Jain <[email protected]>
Signed-off-by: Aneesh Bansal <[email protected]>
Acked-by: Ruchika Gupta <[email protected]>
Reviewed-by: York Sun <[email protected]>
|
|
1. Default environment will be used for secure boot flow
which can't be edited or saved.
2. Command for secure boot is predefined in the default
environment which will run on autoboot (and autoboot is
the only option allowed in case of secure boot) and it
looks like this:
#define CONFIG_SECBOOT \
"setenv bs_hdraddr 0xe8e00000;" \
"esbc_validate $bs_hdraddr;" \
"source $img_addr;" \
"esbc_halt;"
#endif
3. Boot Script can contain esbc_validate commands and bootm command.
Uboot source command used in default secure boot command will
run the bootscript.
4. Command esbc_halt added to ensure either bootm executes
after validation of images or core should just spin.
Signed-off-by: Ruchika Gupta <[email protected]>
Signed-off-by: Gaurav Rana <[email protected]>
Reviewed-by: York Sun <[email protected]>
|
|
1. esbc_validate command is meant for validating header and
signature of images (Boot Script and ESBC uboot client).
SHA-256 and RSA operations are performed using SEC block in HW.
This command works on both PBL based and Non PBL based Freescale
platforms.
Command usage:
esbc_validate img_hdr_addr [pub_key_hash]
2. ESBC uboot client can be linux. Additionally, rootfs and device
tree blob can also be signed.
3. In the event of header or signature failure in validation,
ITS and ITF bits determine further course of action.
4. In case of soft failure, appropriate error is dumped on console.
5. In case of hard failure, SoC is issued RESET REQUEST after
dumping error on the console.
6. KEY REVOCATION Feature:
QorIQ platforms like B4/T4 have support of srk key table and key
revocation in ISBC code in Silicon.
The srk key table allows the user to have a key table with multiple
keys and revoke any key in case of particular key gets compromised.
In case the ISBC code uses the key revocation and srk key table to
verify the u-boot code, the subsequent chain of trust should also
use the same.
6. ISBC KEY EXTENSION Feature:
This feature allows large number of keys to be used for esbc validation
of images. A set of public keys is being signed and validated by ISBC
which can be further used for esbc validation of images.
Signed-off-by: Ruchika Gupta <[email protected]>
Signed-off-by: Gaurav Rana <[email protected]>
Reviewed-by: York Sun <[email protected]>
|
