Haibo Chen [Mon, 22 Mar 2021 10:55:38 +0000 (18:55 +0800)]
mmc: fsl_esdhc_imx: add extra delay for IO voltage switch if necessary
Some board like imx8mm-evkb, IO voltage switch from 3.3v to 1.8v need
around 18ms, common code only delay 10ms, so need to delay extra 8ms.
Otherwise voltage switch will timeout when wait for data0 line.
This IO voltage switch time depends on board design, depend on the
PMIC and capacitance. imx8mm-evkb board use PCA9450(PMIC) and 10uF
capacitance.
Marek Vasut [Thu, 25 Mar 2021 00:20:48 +0000 (01:20 +0100)]
doc: imx: psb: Document usage of SRC_GPR10 PERSIST_SECONDARY_BOOT for A/B switching
Document SRC_GPR10 PERSIST_SECONDARY_BOOT functionality. This is useful for
reliable bootloader A/B updates, as it permits switching between two copies
of bootloader at different offsets of the same storage. The switch happens
in case one copy is corrupted OR can be enforced by user. This functionality
is present at least since i.MX53, however is poorly documented in all known
SoC datasheets, hence this document aims to clarify the usage, currently on
i.MX7D and i.MX8MM.
Signed-off-by: Marek Vasut <marex@denx.de> # Original MX7D work, this document Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io> # All the MX8M work Cc: Christoph Niedermaier <cniedermaier@dh-electronics.de> Cc: Fabio Estevam <festevam@gmail.com> Cc: Harald Seiler <hws@denx.de> Cc: Igor Opaniuk <igor.opaniuk@foundries.io> Cc: Jan Kiszka <jan.kiszka@siemens.com> Cc: Ludwig Zenz <lzenz@dh-electronics.com> Cc: Marcel Ziswiler <marcel.ziswiler@toradex.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Stefano Babic <sbabic@denx.de> Cc: Ye Li <ye.li@nxp.com> Cc: uboot-imx <uboot-imx@nxp.com> Reviewed-by: Peng Fan <peng.fan@nxp.com>
Niel Fourie [Mon, 22 Mar 2021 13:05:11 +0000 (14:05 +0100)]
ARM: pcm058: Match mainline Linux NAND ECC layout/behaviour
Enabled "fsl,legacy-bch-geometry" in U-Boot device tree overlay
to match the legacy BCH geometry layout, which mainline Linux
applies when "fsl,use-minimum-ecc" is not specified in the device
tree.
Reinstated SYS_NAND_ONFI_DETECTION, which when disabled, masked
the mismatch on SOMs with Winbond NAND flash chips.
Haibo Chen [Wed, 3 Mar 2021 09:05:46 +0000 (17:05 +0800)]
mmc: fsl_esdhc_imx: use VENDORSPEC_FRC_SDCLK_ON to control card clock output
For FSL_USDHC, it do not implement VENDORSPEC_CKEN/PEREN/HCKEN/IPGEN, these
are reserved bits. Instead, use VENDORSPEC_FRC_SDCLK_ON to gate on/off the
card clock output.
After commit b5874b552ffa ("mmc: fsl_esdhc_imx: add wait_dat0() support"),
we meet SD3.0 card can't work at UHS mode, mmc_switch_voltage() fail because
the second mmc_wait_dat0 return -ETIMEDOUT. According to SD spec, during
voltage switch, need to gate off/on the card clock. If not set the FRC_SDCLK_ON,
after CMD11, hardware will gate off the card clock automatically, so card do
not detect the clock off/on behavior, so will draw the data0 line low until
next command.
board: st: stm32f746-disco: fix console is not enabled while init dram
While initializing dram in spl_dram_init(), mdelay() is called that in
order calls get_ticks() that verifies if timer exists, if doesn't, it
throws a panic(), but since preloader_console_init() has still not been
called those panic()s will fail. This doesn't help debugging, so let's
setup console before calling spl_dram_init() by moving it after
spl_dram_init().
board: freescale: imxrt1050-evk: fix console is not enabled while init dram
While initializing dram in spl_dram_init(), mdelay() is called that in
order calls get_ticks() that verifies if timer exists, if doesn't, it
throws a panic(), but since preloader_console_init() has still not been
called those panic()s will fail. This doesn't help debugging, so let's
setup console before calling spl_dram_init() by moving it after
spl_dram_init().
board: freescale: imxrt1020-evk: fix console is not enabled while init dram
While initializing dram in spl_dram_init(), mdelay() is called that in
order calls get_ticks() that verifies if timer exists, if doesn't, it
throws a panic(), but since preloader_console_init() has still not been
called those panic()s will fail. This doesn't help debugging, so let's
setup console before calling spl_dram_init() by moving it after
spl_dram_init().
Since Toradex provides the full set of overlays for Linux kernel
for display interfaces for both Apalis iMX6Q and Colibri iMX6DL
modules, the video= settings are obsolete. Remove them.
commit 03f1f78a9b44 ("spl: fit: Prefer a malloc()'d buffer for loading images")'
changed the way buffer allocation worked for SPL to a more flexible
method.
For venice this caused breakage that is resolved by increasing the size
of CONFIG_SYS_SPL_MALLOC_SIZE as the current FIT slighly exceeds 512KiB.
Additionally remove the unnecessary comment on CONFIG_SPL_BSS_MAX_SIZE
and CONFIG_SYS_SPL_MALLOC_SIZE as the size is obvious from the define.
Signed-off-by: Tim Harvey <tharvey@gateworks.com> Reviewed-by: Fabio Estevam <festevam@gmail.com>
Tim Harvey [Mon, 1 Mar 2021 22:33:35 +0000 (14:33 -0800)]
imx: ventana: enable dm support for MMC and SATA
Enable driver model support for MMC and SATA.
Note that DM_MMC requires aliases for your mmc devices so
they are added to the dts. Linux does not support enumerating mmc
devices by alias so these are not present in the Linux dts.
Note that we still need board_mmc_init() and board_mmc_getcd() for
not DM SPL to support MMC.
Tim Harvey [Mon, 1 Mar 2021 22:33:34 +0000 (14:33 -0800)]
imx: ventana: enable dm support for USB
Enable dm support for USB (which also requires dm support for fixed
regulators used for vbus enable) and remove usb iomux which is no
longer needed.
We can remove the handling of otgpwr_en gpio as this is defined in
dt as usbotg vbus-supply but we need to keep the handling of
USB_HUB_RST# for boards that have a USB HUB as that isn't defined in
the dt's currently.
Tim Harvey [Mon, 1 Mar 2021 22:33:31 +0000 (14:33 -0800)]
arm: dts: imx6qdl-gw*: add dr_mode prop to dt to avoid error
The fsl-usb dt bindings in Linux default dr_mode to 'host' for
backward compatibility however U-Boot prints an error if
this property does not exist. Declare it in the Gateworks
Ventana device-trees to avoid the error.
Tim Harvey [Mon, 1 Mar 2021 22:33:28 +0000 (14:33 -0800)]
spl: fit: nand: allow for non-page-aligned elements
Add a weak nand_get_mtd function for nand drivers to provide mtd info
and use this to set pagesize such that reading of non page-aligned
elements can succeed.
The spl_load_simple_fit already handles block block access so all we
need to do is provide the nand writesize as the block length.
Further cleanup of the drivers which use nand_spl_loaders.c such as
am335x_spl_bch.c, atmel_nand.c, and nand_spl_simple.c could be done
using info from mtd_info instead of statically defined details.
Signed-off-by: Tim Harvey <tharvey@gateworks.com> Reviewed-by: Tom Rini <trini@konsulko.com>
Tim Harvey [Mon, 1 Mar 2021 22:33:27 +0000 (14:33 -0800)]
spl: fit: nand: skip bad block handling if NAND chip not fully defined
commit 9f6a14c47ff9 ("spl: fit: nand: fix fit loading in case of bad blocks")
added support for adjusting the image offset to account for bad blocks.
However this requires nand_spl_adjust_offset() which requires fully defined
specifics of the NAND chip being used may not be avialable.
Allow skipping this support for drivers or configs which don't specify
the NAND chip details statically with defines.
Signed-off-by: Tim Harvey <tharvey@gateworks.com> Reviewed-by: Tom Rini <trini@konsulko.com>
Ye Li [Thu, 25 Mar 2021 09:30:36 +0000 (17:30 +0800)]
crypto: fsl: refactor for 32 bit version CAAM support on ARM64
Previous patch "MLK-18044-4: crypto: caam: Fix pointer size to 32bit
for i.MX8M" breaks the 64 bits CAAM.
Since i.MX CAAM are all 32 bits no matter the ARM arch (32 or 64),
to adapt and not break 64 bits CAAM support, add a new config
CONFIG_CAAM_64BIT and new relevant type "caam_dma_addr_t".
This config is default enabled when CONFIG_PHYS_64BIT is set except
for iMX8M.
Signed-off-by: Ye Li <ye.li@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
Clement Faure [Thu, 25 Mar 2021 09:30:33 +0000 (17:30 +0800)]
imx8m: Add DEK blob encapsulation for imx8m
Add DEK blob encapsulation support for IMX8M through "dek_blob" command.
On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob
for encrypted boot.
The DEK blob is encapsulated by OP-TEE through a trusted application call.
U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE
dynamic shared memory.
To enable the DEK blob encapsulation, add to the defconfig:
CONFIG_SECURE_BOOT=y
CONFIG_FAT_WRITE=y
CONFIG_CMD_DEKBLOB=y
Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
imx: caam: new u-boot command to set PRIBLOB bitfield from CAAM SCFGR register to 0x3
It is highly recommended to set the PRIBLOB bitfield to 0x3 once your
encrypted boot image has booted up, this prevents the generation of new
blobs that can be used to decrypt an encrypted boot image. The PRIBLOB is
a sticky type bit and cannot be changed until the next power on reset.
Add the set_priblob_bitfield U-Boot command to prevent the generation of
new blobs.
Signed-off-by: Clement Le Marquis <clement.lemarquis@nxp.com> Acked-by: Ye Li <Ye.Li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
Aymen Sghaier [Thu, 25 Mar 2021 09:30:29 +0000 (17:30 +0800)]
crypto: caam: Add secure memory vid 3 support
In i.MX8M platforms the secure memory block has a newer version
than those used in i.MX6/7 platforms, this patch update the driver
to use the correct registers offsets.
Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
Aymen Sghaier [Thu, 25 Mar 2021 09:30:28 +0000 (17:30 +0800)]
crypto: caam: Fix pointer size to 32bit for i.MX8M
The CAAM block used in i.MX8M is 32 bits address size but when the flag
PHYS_64BIT is enabled for armv8, the CAAM driver will try to use a
wrong pointer size.
This patch fixes this issue.
Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
Aymen Sghaier [Thu, 25 Mar 2021 09:30:26 +0000 (17:30 +0800)]
crypto: caam: Fix build warnings pointer casting
Enabling CAAM driver for i.MX8M platforms, a 64 bits architecture,
lead to casting warnings: from/to pointer to/from integer with
different size. This patch fix these warnings
Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
Breno Lima [Thu, 25 Mar 2021 09:30:21 +0000 (17:30 +0800)]
cmd: blob: Instantiate RNG before running CMD_BLOB
U-Boot can instantiate CAAM RNG if needed by crypto operations.
Call sec_init() prior running a blob operation to ensure
RNG is correctly instantiated.
Make sure CAAM clock is enabled and check if a job ring is
available for that operation.
Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
Breno Lima [Thu, 25 Mar 2021 09:30:19 +0000 (17:30 +0800)]
mx6dq: hab: Fix chip version in hab.h code
Since commit 8891410c729b ("MLK-19848 mx6dq: Fix chip version issue for
rev1.3") it's not possible to call the HAB API functions on i.MX6DQ
SoC Rev 1.3:
The hab.h code is defining the HAB API base address according to the
old SoC revision number, thus failing when calling the HAB API
authenticate_image() function.
Fix this issue by using mx6dq rev 1.3 instead of mx6dq rev 1.5.
Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
Ye Li [Thu, 25 Mar 2021 09:30:17 +0000 (17:30 +0800)]
iMX8M: Add support to enable CONFIG_IMX_HAB
Add some SOC level codes and build configurations to use HAB lib for
CONFIG_IMX_HAB (secure boot), like adding the SEC_CONFIG fuse, enable
fuse driver, CAAM clock function, and add CAAM secure RAM to MMU table.
The FSL_CAAM is temporally not enabled for iMX8M when CONFIG_IMX_HAB is set,
because we don't need the CAAM driver for SPL.
Signed-off-by: Ye Li <ye.li@nxp.com> Reviewed-by: Peng Fan <peng.fan@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
Breno Lima [Thu, 25 Mar 2021 09:30:14 +0000 (17:30 +0800)]
imx: hab: Fix build warnings in 32-bit targets
When building 32-bit targets with CONFIG_SECURE_BOOT and DEBUG enabled
the following warnings are displayed:
arch/arm/mach-imx/hab.c:840:41: warning: format '%lx' expects argument \
of type 'long unsigned int', but argument 3 has type 'uint32_t \
{aka unsigned int}' [-Wformat=]
printf("HAB check target 0x%08x-0x%08lx fail\n",
~~~~^
%08x
ddr_start, ddr_start + bytes);
arch/arm/mach-imx/hab.c:845:45: warning: format '%x' expects argument \
of type 'unsigned int', but argument 3 has type 'ulong \
{aka long unsigned int}' [-Wformat=]
printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr);
~^
%lx
Fix warnings by providing the correct data type.
Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
Breno Lima [Thu, 25 Mar 2021 09:30:13 +0000 (17:30 +0800)]
mx7ulp: hab: Add hab_status command for HABv4 M4 boot
When booting in low power or dual boot modes the M4 binary is
authenticated by the M4 ROM code.
Add an option in hab_status command so users can retrieve M4 HAB
failure and warning events.
=> hab_status m4
Secure boot disabled
HAB Configuration: 0xf0, HAB State: 0x66
No HAB Events Found!
Add command documentation in mx6_mx7_secure_boot.txt guide.
As HAB M4 API cannot be called from A7 core the code is parsing
the M4 HAB persistent memory region. The HAB persistent memory
stores HAB events, public keys and others HAB related information.
The HAB persistent memory region addresses and sizes can be found
in AN12263 "HABv4 RVT Guidelines and Recommendations".
Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
Breno Lima [Thu, 25 Mar 2021 09:30:10 +0000 (17:30 +0800)]
imx: hab: Enable hab.c to authenticate additional images in open configuration
Currently it's not possible to authenticate additional boot images in HAB
open configuration.
The hab.c code is checking if the SEC_CONFIG[1] fuse is programmed prior
to calling the hab_authenticate_image() API function. Users cannot check
if their additional boot images has been correctly signed prior to closing
their device.
Enable hab.c to authenticate additional boot images in open mode so HAB
events can be retrieved through get_hab_status() function.
Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
Ye Li [Thu, 25 Mar 2021 09:30:09 +0000 (17:30 +0800)]
hab: Change calling to ROM API failsafe
Modify to use hab_rvt_failsafe function for failsafe ROM API, not
directly call its ROM address. This function will wrap the sip call for iMX8M
platforms.
Signed-off-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
Utkarsh Gupta [Thu, 25 Mar 2021 09:30:08 +0000 (17:30 +0800)]
imx: HAB: Validate IVT before authenticating image
Calling csf_is_valid() with an un-signed image may lead to data abort
as the CSF pointer could be pointing to a garbage address when accessed
in HAB_HDR_LEN(*(const struct hab_hdr *)(ulong)ivt_initial->csf).
To avoid such errors during authentication process, validate IVT structure
by calling validate_ivt function which checks the following values in an IVT:
Peng Fan [Thu, 25 Mar 2021 09:30:07 +0000 (17:30 +0800)]
imx: HAB: Update hab codes to support ARM64 and i.MX8M
There are some changes to support ARM64 i.MX8M platform in this patches:
1. The hab_rvt base and function vectors are different as i.MX6/7
2. Need to bypass an workaround for i.MX6 to fix problem in MMU.
3. The x18 register needed save & restore before calling any HAB API. According
to ARM procedure call spec, the x18 is caller saved when it is used as
temporary register. So calling HAB API may scratch this register, and
cause crash once accessing the gd pointer.
On ARMv7, the r9 is callee saved when it is used as variable register. So
no need to save & restore it.
4. Add SEC_CONFIG fuse for iMX8M
When current EL is not EL3, the direct calling to HAB will fail because
CAAM/SNVS can't initialize at non-secure mode. In this case, we use
SIP call to run the HAB in ATF.
Signed-off-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
Breno Lima [Thu, 25 Mar 2021 09:30:04 +0000 (17:30 +0800)]
imx: Ensure CAAM clock is enabled prior getting out_jr_size
Prior calling sec_in32() we have to ensure CAAM clock is enabled, the
function sec_in32() is reading CAAM registers and if CAAM clock is disabled
the system will hang.
Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
Breno Lima [Thu, 25 Mar 2021 09:30:03 +0000 (17:30 +0800)]
imx: Avoid hardcoded output ring size register offset (ORSR)
The CAAM output ring size register offset is currently defined in fsl_sec.h
as FSL_CAAM_ORSR_JRa_OFFSET, use this definition to avoid hardcoded value in
i.MX common code.
Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
Breno Lima [Thu, 25 Mar 2021 09:30:02 +0000 (17:30 +0800)]
imx: imx7 Support for Manufacturing Protection
This code was originally developed by Raul Cardenas <raul.casas@nxp.com>
and modified to be applied in U-Boot imx_v2017.03.
More information about the initial submission can be seen
in the link below:
https://lists.denx.de/pipermail/u-boot/2016-February/245273.html
i.MX7D has an a protection feature for Manufacturing process.
This feature uses asymmetric encryption to sign and verify
authenticated software handled between parties. This command
enables the use of such feature.
The private key is unique and generated once per device.
And it is stored in secure memory and only accessible by CAAM.
Therefore, the public key generation and signature functions
are the only functions available for the user.
The manufacturing-protection authentication process can be used to
authenticate the chip to the OEM's server.
Command usage:
Print the public key for the device.
- mfgprot pubk
Generates Signature over given data.
- mfgprot sign <data_address> <data_size>
Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
Ye Li [Fri, 19 Mar 2021 07:57:14 +0000 (15:57 +0800)]
imx8m: ddr: Disable CA VREF Training for LPDDR4
Users reported LPDDR4 MR12 value is set to 0 during PHY training,
not the value from FSP timing structure, which cause compliance test failed.
The root cause is the CATrainOpt[0] is set to 1 in 2D FSP timing
but not set in 1D. According to PHY training application node,
to enable the feature both 1D and 2D need set this field to 1,
otherwise the training result will be incorrect.
The PHY training doc also recommends to set CATrainOpt[0] to 0 to use
MR12 value from message block (FSP structure). So update the LPDDR4
scripts of all mscale to clear CATrainOpt[0].
Signed-off-by: Ye Li <ye.li@nxp.com> Reviewed-by: Jacky Bai <ping.bai@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
Ye Li [Fri, 19 Mar 2021 07:57:12 +0000 (15:57 +0800)]
imx8m: Update thermal and PMU kernel nodes for dual/single cores
For dual core and single core iMX8M parts, the thermal node and PMU node
in kernel DTB also needs update to remove the refers to deleted core nodes.
Otherwise both driver will fail to work.
Signed-off-by: Ye Li <ye.li@nxp.com> Reviewed-by: Peng Fan <peng.fan@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>