From 206426aa0b636446bfe874f8a5cd3fc0a8a95119 Mon Sep 17 00:00:00 2001 From: Pierre-Jean TEXIER Date: Sun, 1 Apr 2018 00:49:04 +0200 Subject: warp7: include/configs: use generic fs commands in CONFIG_EXTRA_ENV_SETTINGS use the generic filesystem command 'load' rather than 'fatload' to avoid per-fs specific commands. Signed-off-by: Pierre-Jean TEXIER Reviewed-by: Fabio Estevam Acked-by: Bryan O'Donoghue --- include/configs/warp7.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/configs/warp7.h b/include/configs/warp7.h index 0c3b605de33..98fedb89246 100644 --- a/include/configs/warp7.h +++ b/include/configs/warp7.h @@ -48,11 +48,11 @@ "mmcargs=setenv bootargs console=${console},${baudrate} " \ "root=PARTUUID=${uuid} rootwait rw\0" \ "loadbootscript=" \ - "fatload mmc ${mmcdev}:${mmcpart} ${loadaddr} ${script};\0" \ + "load mmc ${mmcdev}:${mmcpart} ${loadaddr} ${script};\0" \ "bootscript=echo Running bootscript from mmc ...; " \ "source\0" \ - "loadimage=fatload mmc ${mmcdev}:${mmcpart} ${loadaddr} ${image}\0" \ - "loadfdt=fatload mmc ${mmcdev}:${mmcpart} ${fdt_addr} ${fdt_file}\0" \ + "loadimage=load mmc ${mmcdev}:${mmcpart} ${loadaddr} ${image}\0" \ + "loadfdt=load mmc ${mmcdev}:${mmcpart} ${fdt_addr} ${fdt_file}\0" \ "mmcboot=echo Booting from mmc ...; " \ "run finduuid; " \ "run mmcargs; " \ -- cgit v1.2.3 From 69f0695067a1938946a3b3e492e0c9cb6e79132d Mon Sep 17 00:00:00 2001 From: Bryan O'Donoghue Date: Tue, 24 Apr 2018 18:46:31 +0100 Subject: imximage: Specify default IVT offset in IMX image This patch adds BOOTROM_IVT_HDR_OFFSET at 0xC00. The BootROM expects to find the IVT header at a particular offset in an i.MX image. Defining the expected offset of the IVT header in the first-stage BootROM image format is of use of later stage authentication routines where those routines continue to follow the first-stage authentication layout. This patch defines the first stage offset which later patch make use of. Signed-off-by: Bryan O'Donoghue Cc: Utkarsh Gupta Cc: Breno Lima Cc: Fabio Estevam Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- include/imximage.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'include') diff --git a/include/imximage.h b/include/imximage.h index 553b8523672..800fd6383b3 100644 --- a/include/imximage.h +++ b/include/imximage.h @@ -14,6 +14,9 @@ #define APP_CODE_BARKER 0xB1 #define DCD_BARKER 0xB17219E9 +/* Specify the offset of the IVT in the IMX header as expected by BootROM */ +#define BOOTROM_IVT_HDR_OFFSET 0xC00 + /* * NOTE: This file must be kept in sync with arch/arm/include/asm/\ * mach-imx/imximage.cfg because tools/imximage.c can not -- cgit v1.2.3 From a2accd843b8171ff60e5684214a19bba94c655e4 Mon Sep 17 00:00:00 2001 From: Bryan O'Donoghue Date: Tue, 24 Apr 2018 18:46:33 +0100 Subject: warp7: hab: Set environment variable indicating HAB enable This patch adds an environment variable called "hab_enabled" which gets set to a boolean status indicating whether HAB is enabled or not. Subsequent patches can use this environment variable to determine if its necessary to run a given binary through the hab_auth_img console command. Signed-off-by: Bryan O'Donoghue Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- include/configs/warp7.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'include') diff --git a/include/configs/warp7.h b/include/configs/warp7.h index 98fedb89246..10db716cff4 100644 --- a/include/configs/warp7.h +++ b/include/configs/warp7.h @@ -139,4 +139,7 @@ #define CONFIG_USBNET_DEV_ADDR "de:ad:be:af:00:01" +/* Environment variable name to represent HAB enable state */ +#define HAB_ENABLED_ENVNAME "hab_enabled" + #endif -- cgit v1.2.3 From 4bcbfcf458744a84bd82bd7239593f371574bd2c Mon Sep 17 00:00:00 2001 From: Bryan O'Donoghue Date: Tue, 24 Apr 2018 18:46:37 +0100 Subject: warp7: Specify CONFIG_OPTEE_LOAD_ADDR In order to sign images with the IMX code-signing-tool (CST) we need to know the load address of a given image. The best way to derive this load address is to make it into a define - so that u-boot.cfg contains the address - which we can then parse when generating the IMX CST headers. This patch makes the OPTEE_LOAD_ADDR available via u-boot.cfg for further parsing by external tools. Signed-off-by: Bryan O'Donoghue Reviewed-by: Ryan Harkin Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- include/configs/warp7.h | 1 + 1 file changed, 1 insertion(+) (limited to 'include') diff --git a/include/configs/warp7.h b/include/configs/warp7.h index 10db716cff4..e12b90bc166 100644 --- a/include/configs/warp7.h +++ b/include/configs/warp7.h @@ -40,6 +40,7 @@ "initrd_high=0xffffffff\0" \ "fdt_file=imx7s-warp.dtb\0" \ "fdt_addr=0x83000000\0" \ + "optee_addr=" __stringify(CONFIG_OPTEE_LOAD_ADDR)"\0" \ "boot_fdt=try\0" \ "ip_dyn=yes\0" \ "mmcdev="__stringify(CONFIG_SYS_MMC_ENV_DEV)"\0" \ -- cgit v1.2.3 From 56eca404e1dc7aed65fb5268826eba1c548434ae Mon Sep 17 00:00:00 2001 From: Bryan O'Donoghue Date: Tue, 24 Apr 2018 18:46:40 +0100 Subject: warp7: Make CONFIG_SYS_FDT_ADDR a define In order to sign images with the IMX code-signing-tool (CST) we need to know the load address of a given image. The best way to derive this load address is to make it into a define - so that u-boot.cfg contains the address - which we can then parse when generating the IMX CST headers. Signed-off-by: Bryan O'Donoghue Reviewed-by: Ryan Harkin Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- include/configs/warp7.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/configs/warp7.h b/include/configs/warp7.h index e12b90bc166..344042c9b33 100644 --- a/include/configs/warp7.h +++ b/include/configs/warp7.h @@ -39,7 +39,7 @@ "fdt_high=0xffffffff\0" \ "initrd_high=0xffffffff\0" \ "fdt_file=imx7s-warp.dtb\0" \ - "fdt_addr=0x83000000\0" \ + "fdt_addr=" __stringify(CONFIG_SYS_FDT_ADDR)"\0" \ "optee_addr=" __stringify(CONFIG_OPTEE_LOAD_ADDR)"\0" \ "boot_fdt=try\0" \ "ip_dyn=yes\0" \ -- cgit v1.2.3 From 2948089815437232aab9eff54d0abdc2949a22ae Mon Sep 17 00:00:00 2001 From: Bryan O'Donoghue Date: Tue, 24 Apr 2018 18:46:42 +0100 Subject: warp7: select uuid partition based on rootpart Assigning the UUID discovery path to a tweakable environment variable means that later steps in the boot process - particularly a boot script can change the target root partition of a particular Linux boot. Retargeting the rootfs is an important feature when doing ping/pong upgrades allowing a boot script to select ping or pong as necessary without reprogramming the bootloader. Signed-off-by: Bryan O'Donoghue Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- include/configs/warp7.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/configs/warp7.h b/include/configs/warp7.h index 344042c9b33..54b3b31608d 100644 --- a/include/configs/warp7.h +++ b/include/configs/warp7.h @@ -45,7 +45,8 @@ "ip_dyn=yes\0" \ "mmcdev="__stringify(CONFIG_SYS_MMC_ENV_DEV)"\0" \ "mmcpart=" __stringify(CONFIG_SYS_MMC_IMG_LOAD_PART) "\0" \ - "finduuid=part uuid mmc 0:2 uuid\0" \ + "rootpart=" __stringify(CONFIG_WARP7_ROOT_PART) "\0" \ + "finduuid=part uuid mmc 0:${rootpart} uuid\0" \ "mmcargs=setenv bootargs console=${console},${baudrate} " \ "root=PARTUUID=${uuid} rootwait rw\0" \ "loadbootscript=" \ -- cgit v1.2.3 From e4514051fca3a89850d7e62c29dff4e1194d225d Mon Sep 17 00:00:00 2001 From: Bryan O'Donoghue Date: Tue, 24 Apr 2018 18:46:43 +0100 Subject: warp7: Define the name of a signed boot-script file We need to know the name of a signed boot-script, its better to have a separate variable for this then to simply append some fixed string to an existing image name. Signed-off-by: Bryan O'Donoghue Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- include/configs/warp7.h | 1 + 1 file changed, 1 insertion(+) (limited to 'include') diff --git a/include/configs/warp7.h b/include/configs/warp7.h index 54b3b31608d..0ed95d820c2 100644 --- a/include/configs/warp7.h +++ b/include/configs/warp7.h @@ -33,6 +33,7 @@ #define CONFIG_EXTRA_ENV_SETTINGS \ CONFIG_DFU_ENV_SETTINGS \ "script=boot.scr\0" \ + "script_signed=boot.scr.imx-signed\0" \ "image=zImage\0" \ "console=ttymxc0\0" \ "ethact=usb_ether\0" \ -- cgit v1.2.3 From c0df0caeb8d6722cc61e3a8f777f8a47e0167fb9 Mon Sep 17 00:00:00 2001 From: Bryan O'Donoghue Date: Tue, 24 Apr 2018 18:46:44 +0100 Subject: warp7: add warp7_auth_or_fail Doing secure boot on the WaRP7 using a common image format and the same variable to represent the base address for each call means we can reduce down the command to a single environment command. This patch adds warp7_auth_or_fail as a wrapper around "hab_auth_img_or_fail ${hab_ivt_addr} ${filesize} 0". Signed-off-by: Bryan O'Donoghue Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- include/configs/warp7.h | 1 + 1 file changed, 1 insertion(+) (limited to 'include') diff --git a/include/configs/warp7.h b/include/configs/warp7.h index 0ed95d820c2..454bc1cd080 100644 --- a/include/configs/warp7.h +++ b/include/configs/warp7.h @@ -50,6 +50,7 @@ "finduuid=part uuid mmc 0:${rootpart} uuid\0" \ "mmcargs=setenv bootargs console=${console},${baudrate} " \ "root=PARTUUID=${uuid} rootwait rw\0" \ + "warp7_auth_or_fail=hab_auth_img_or_fail ${hab_ivt_addr} ${filesize} 0;\0" \ "loadbootscript=" \ "load mmc ${mmcdev}:${mmcpart} ${loadaddr} ${script};\0" \ "bootscript=echo Running bootscript from mmc ...; " \ -- cgit v1.2.3 From d9cb9aec743265b56a57e89ec20dde6f38d5e554 Mon Sep 17 00:00:00 2001 From: Bryan O'Donoghue Date: Tue, 24 Apr 2018 18:46:45 +0100 Subject: warp7: hab: Set environment variable indicating IVT offset This patch introduces the environment variable ivt_offset. When we define a load address for Linux or DTB or any file the IVT associated with that file is prepended. We extract the actual load addresses from u-boot.cfg and feed these values into the code-signing process - hence we want u-boot to have the real load addresses exported in uboot.cfg. ivt_offset represents the addition or subtraction from the load address that must happen to find an IVT header. Signed-off-by: Bryan O'Donoghue Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- include/configs/warp7.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include') diff --git a/include/configs/warp7.h b/include/configs/warp7.h index 454bc1cd080..fe9b7d57d76 100644 --- a/include/configs/warp7.h +++ b/include/configs/warp7.h @@ -10,6 +10,7 @@ #define __WARP7_CONFIG_H #include "mx7_common.h" +#include #define PHYS_SDRAM_SIZE SZ_512M @@ -50,6 +51,7 @@ "finduuid=part uuid mmc 0:${rootpart} uuid\0" \ "mmcargs=setenv bootargs console=${console},${baudrate} " \ "root=PARTUUID=${uuid} rootwait rw\0" \ + "ivt_offset=" __stringify(BOOTROM_IVT_HDR_OFFSET)"\0"\ "warp7_auth_or_fail=hab_auth_img_or_fail ${hab_ivt_addr} ${filesize} 0;\0" \ "loadbootscript=" \ "load mmc ${mmcdev}:${mmcpart} ${loadaddr} ${script};\0" \ -- cgit v1.2.3 From bb96a08d5b48f0ee3415619c2119d7153de1d0c2 Mon Sep 17 00:00:00 2001 From: Bryan O'Donoghue Date: Tue, 24 Apr 2018 18:46:47 +0100 Subject: warp7: Add support for automated secure boot.scr verification This patch adds support for verifying a signed boot.scr. With this in place it's possible for run-time Linux to update boot.scr to set different variables such as switching between different boot partitions, pointing to different kernels etc and for u-boot to verify these changes via the HAB prior to executing the commands contained in boot.scr. Signed-off-by: Bryan O'Donoghue Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- include/configs/warp7.h | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'include') diff --git a/include/configs/warp7.h b/include/configs/warp7.h index fe9b7d57d76..f340bff3e70 100644 --- a/include/configs/warp7.h +++ b/include/configs/warp7.h @@ -53,6 +53,14 @@ "root=PARTUUID=${uuid} rootwait rw\0" \ "ivt_offset=" __stringify(BOOTROM_IVT_HDR_OFFSET)"\0"\ "warp7_auth_or_fail=hab_auth_img_or_fail ${hab_ivt_addr} ${filesize} 0;\0" \ + "do_bootscript_hab=" \ + "if test ${hab_enabled} -eq 1; then " \ + "setexpr hab_ivt_addr ${loadaddr} - ${ivt_offset}; " \ + "setenv script ${script_signed}; " \ + "load mmc ${mmcdev}:${mmcpart} ${hab_ivt_addr} ${script}; " \ + "run warp7_auth_or_fail; " \ + "run bootscript; "\ + "fi;\0" \ "loadbootscript=" \ "load mmc ${mmcdev}:${mmcpart} ${loadaddr} ${script};\0" \ "bootscript=echo Running bootscript from mmc ...; " \ @@ -79,6 +87,7 @@ #define CONFIG_BOOTCOMMAND \ "mmc dev ${mmcdev};" \ "mmc dev ${mmcdev}; if mmc rescan; then " \ + "run do_bootscript_hab;" \ "if run loadbootscript; then " \ "run bootscript; " \ "else " \ -- cgit v1.2.3 From 30754ef77c3e88acb5a378d4e2c2bcce6228a118 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Szymanski?= Date: Tue, 17 Apr 2018 17:29:31 +0200 Subject: imx6ul: opos6ul: add SPL_DM support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since commit commit 152038ea1886 ("i.MX6UL: icore: Add SPL_OF_CONTROL support") the OPOS6UL board doesn't boot anymore. Adding SPL_DM support makes the board boot again. Fixes: commit 152038ea1886 ("i.MX6UL: icore: Add SPL_OF_CONTROL support") Signed-off-by: Sébastien Szymanski --- include/configs/opos6uldev.h | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'include') diff --git a/include/configs/opos6uldev.h b/include/configs/opos6uldev.h index 24e1f80474d..9e853f3d841 100644 --- a/include/configs/opos6uldev.h +++ b/include/configs/opos6uldev.h @@ -15,11 +15,7 @@ #include "imx6_spl.h" #ifdef CONFIG_SPL_BUILD -#undef CONFIG_DM_GPIO -#undef CONFIG_DM_MMC -#undef CONFIG_BLK - -#define CONFIG_MXC_UART_BASE UART1_BASE +#undef CONFIG_DM_REGULATOR #endif #endif @@ -40,7 +36,6 @@ (CONFIG_SYS_INIT_RAM_ADDR + CONFIG_SYS_INIT_SP_OFFSET) /* MMC */ -#define CONFIG_SYS_FSL_ESDHC_ADDR 0 #define CONFIG_SUPPORT_EMMC_BOOT /* USB */ @@ -61,6 +56,7 @@ #endif /* LCD */ +#ifndef CONFIG_SPL_BUILD #ifdef CONFIG_VIDEO #define CONFIG_VIDEO_LOGO #define CONFIG_SPLASH_SCREEN @@ -72,6 +68,7 @@ #define CONFIG_VIDEO_MXS #define MXS_LCDIF_BASE MX6UL_LCDIF1_BASE_ADDR #endif +#endif /* Environment is stored in the eMMC boot partition */ #define CONFIG_SYS_MMC_ENV_DEV 0 -- cgit v1.2.3 From 07a8f79ee850b1e59371519f179d32fea171bbec Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Sat, 21 Apr 2018 16:11:10 +0100 Subject: ARM: mxs: support full SPL framework This allows using the full SPL framework on mxs devices. In this mode, the u-boot.sb image loaded by the boot ROM contains only the SPL which then loads U-Boot proper or a kernel in falcon mode. Signed-off-by: Mans Rullgard --- include/configs/mxs.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include') diff --git a/include/configs/mxs.h b/include/configs/mxs.h index f07f81c8415..0fe0770e13f 100644 --- a/include/configs/mxs.h +++ b/include/configs/mxs.h @@ -44,8 +44,10 @@ /* Startup hooks */ /* SPL */ +#ifndef CONFIG_SPL_FRAMEWORK #define CONFIG_SPL_NO_CPU_SUPPORT_CODE #define CONFIG_SPL_START_S_PATH "arch/arm/cpu/arm926ejs/mxs" +#endif /* Memory sizes */ #define CONFIG_SYS_MALLOC_LEN 0x00400000 /* 4 MB for malloc */ -- cgit v1.2.3