Re: [U-Boot] [PATCH 1/3] mx6sx: udoo_neo: Define the default serial console

Peter Robinson <pbrobin...@gmail.com> For the entire series: Tested-by: Breno Lima <breno.l...@nxp.com> Thanks Best Regards, -- Breno Matheus Lima ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot

Re: [U-Boot] [PATCH] mx6sx: Add initial support for UDOO Neo Board

"pxefile_addr_r=" __stringify(CONFIG_LOADADDR) "\0" \ > > + "ramdisk_addr_r=0x8300\0" \ > > + "ramdiskaddr=0x83000000\0" \ > > Why have a duplicate $ramdiskaddr for a new board? > > Regards, > Andreas > > > + &qu

Re: [U-Boot] [PATCH 1/5] mx6slevk: imximage.cfg: Handle the CONFIG_SECURE_BOOT case

Fabio Estevam <fabio.este...@nxp.com>; sba...@denx.de >> Cc: Peng Fan <peng....@nxp.com>; u-boot@lists.denx.de; Breno Matheus >> Lima <breno.l...@nxp.com> >> Subject: [PATCH 1/5] mx6slevk: imximage.cfg: Handle the >> CONFIG_SECURE_BOOT case >> &

Re: [U-Boot] [PATCH v2 12/23] arm: imx: hab: Print CSF based on IVT descriptor

Hi Bryan, 2017-12-28 16:49 GMT-02:00 Bryan O'Donoghue : > The IVT gives the absolute address of the CSF. There is no requirement for > the CSF to be located adjacent to the IVT so lets use the address provided > in the IVT header instead of the fixed CSF offset

Re: [U-Boot] [PATCH v2 04/23] arm: imx: hab: Optimise flow of authenticate_image on hab_entry fail

Albert Aribaud <albert.u.b...@aribaud.net> > Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> > Cc: George McCollister <george.mccollis...@gmail.com> > Cc: Breno Matheus Lima <brenomath...@gmail.com> > --- > arch/arm/mach-imx/hab.c | 118 > ++

Re: [U-Boot] [PATCH v2 07/23] arm: imx: hab: Fix authenticate_image input parameters

Hi Bryan, 2017-12-28 16:49 GMT-02:00 Bryan O'Donoghue : > u-boot command "hab_auth_img" tells a user that it takes > > - addr - image hex length I think the correct is: - addr - image hex address Thanks, Breno Lima ___

Re: [U-Boot] [PATCH v5 00/24] Fix and extend i.MX HAB layer

ngful status code has been obtained. - Breno > > v2: > - Fix compilation warnings and errors in SPL highlighted by > Breno Matheus Lima > > - Add CC: Breno Matheus Lima <brenomath...@gmail.com> to all patches > > v1: > This patchset updates the i.MX HAB layer in u-boot to

Re: [U-Boot] [PATCH] i2c: imx: bus arbitration fix when reading block data

Hi Jim, 2018-01-16 10:47 GMT-02:00 Heiko Schocher : > Hello Fabio, > > Am 16.01.2018 um 12:50 schrieb Fabio Estevam: >> >> Hi Heiko, >> >> On Tue, Jan 16, 2018 at 3:29 AM, Heiko Schocher wrote: >> >>> And some Tested-by would be helpful ... >>> >>> @Stefano, @Fabio:

Re: [U-Boot] U-boot can verify an HW signature?

command can be only executed in closed devices, so you need to run an authenticated U-Boot to prepare an encrypted boot image. Let us know if you have any questions during the process. Thanks, Breno Lima > > Saverio M. > > Il 19/01/2018 18:54, Breno Matheus Lima ha scritto:

Re: [U-Boot] U-boot can verify an HW signature?

Hi Saverio, 2018-01-19 11:12 GMT-02:00 Saverio Mori : > Hi to the community. I have found a lot of material on secure booting and how > to sign u-boot an uimage in order to that only trusted sw is load. This is > good for my but i have also the opposite problem, that is

Re: [U-Boot] [PATCH] doc: mxc_hab: Improve the config option list

Hi Fabio, 2018-01-21 15:57 GMT-02:00 Fabio Estevam : > From: Fabio Estevam > > The original text is from the time that the config options were not > converted to Kconfig. > > After the conversion to Kconfig only CONFIG_SECURE_BOOT and >

Re: [U-Boot] [PATCH v6 21/25] arm: imx: hab: Make authenticate_image() return zero on open boards

s the reliance on authenticate_image() returning > zero is maintained. > > Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> > Suggested-by: Breno Matheus Lima <brenomath...@gmail.com> > Cc: Stefano Babic <sba...@denx.de> > Cc: Fabio Estevam <fabio.este...@

Re: [U-Boot] [PATCH] imx: fix CAAM base for i.MX6UL

Hi Anatolij, 2018-01-11 12:54 GMT-02:00 Fabio Estevam : > Hi Anatolij, > > Thanks for the fix. > > On Thu, Jan 11, 2018 at 12:14 PM, Anatolij Gustschin wrote: >> HW accelerated "hash sha256 ..." command doesn't work on i.MX6UL, we get >> "CAAM was not setup

Re: [U-Boot] [PATCH v5 03/24] arm: imx: hab: Optimise flow of authenticate_image on is_enabled fail

..@aribaud.net> > Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> > Cc: George McCollister <george.mccollis...@gmail.com> > Cc: Breno Matheus Lima <brenomath...@gmail.com> > --- > arch/arm/mach-imx/hab.c | 138 >

Re: [U-Boot] [PATCH v6 00/25] Fix and extend i.MX HAB layer

ticate_image() - Breno >> >> - Added Tested-by: Breno Matheus Lima <brenomath...@gmail.com> >> as indicated for remainder 24/25 patches >> >> - Added Reviewed-by: Fabio Estevam <fabio.este...@nxp.com> >> as indicated for remainder 24/25 patches &g

Re: [U-Boot] [PATCH v3] imx: spl: Partially revert "spl: eMMC/SD: Provide one __weak spl_boot_mode() function"

2018-02-15 12:41 GMT-02:00 Fabio Estevam : > Commit d695d6627803 ("spl: eMMC/SD: Provide one __weak spl_boot_mode() > function") breaks the boot on several i.MX6 boards, > such as cuboxi and wandboard: > > U-Boot SPL 2018.03-rc1-00212-g48914fc119 (Feb 10 2018 - 11:04:33

Re: [U-Boot] [PATCH 00/23] Fix and extend i.MX HAB layer

Hi Bryan, 2017-12-27 10:25 GMT-02:00 Bryan O'Donoghue : > This patchset updates the i.MX HAB layer in u-boot to fix a list of > identified issues and then to add and extend existing functionality. > > The first block of patches 0001-0006 deal with fixing existing code,

Re: [U-Boot] [PATCH v2] mx6ull: Handle the CONFIG_MX6ULL cases correctly

Hi Fabio, 2018-01-01 22:16 GMT-02:00 Fabio Estevam : > From: Fabio Estevam > > Since commit 051ba9e082f7 ("Kconfig: mx6ull: Deselect MX6UL from > CONFIG_MX6ULL") CONFIG_MX6ULL does not select CONFIG_MX6UL anymore, so > take this into consideration in

Re: [U-Boot] [PATCH v4 08/25] arm: imx: hab: Fix authenticate image lockup on MX7

Hi Bryan, 2018-01-02 14:43 GMT-02:00 Bryan O'Donoghue : > The i.MX6 has some pretty explicit code associated with informing the IROM > about flushing caches during authenticate_image(). > > Looking at various pieces of documentation its pretty clear the i.MX6 IROM >

Re: [U-Boot] [PATCH v3 00/25] Fix and extend i.MX HAB layer

gt; v2: > - Fix compilation warnings and errors in SPL highlighted by > Breno Matheus Lima > > - Add CC: Breno Matheus Lima <brenomath...@gmail.com> to all patches > > v1: > This patchset updates the i.MX HAB layer in u-boot to fix a list of > identified

Re: [U-Boot] [PATCH] crypto/fsl: fix BLOB encapsulation and decapsulation

Hi Clemens, 2017-12-20 20:08 GMT-02:00 Clemens Gruber : > The blob_encap and blob_decap functions were not flushing the dcache > before passing data to CAAM/DMA and not invalidating the dcache when > getting data back. > Therefore, blob encapsulation and decapsulation

Re: [U-Boot] [PATCH 10/23] arm: imx: hab: Add IVT header verification

Hi Bryan, 2017-12-27 10:25 GMT-02:00 Bryan O'Donoghue : > The IVT header contains a magic number, fixed length and one of two version > identifiers. Validate these settings before doing anything with a putative > IVT binary. > > Signed-off-by: Bryan O'Donoghue

Re: [U-Boot] U-boot can verify an HW signature?

from Fabio Estevam can be also helpful: https://lists.denx.de/pipermail/u-boot/2018-January/317847.html Thanks, Breno Lima > All The Best, > > Saverio > > Il 20/01/2018 16:00, Breno Matheus Lima ha scritto: >> Hi Saveiro, >> >> 2018-01-19 16:45 GMT-02:00 Saver

Re: [U-Boot] [PATCH 3/3] imx: hab: Convert DCD non-NULL error to warning

Hi All, 2018-03-12 13:07 GMT-03:00 Tom Rini <tr...@konsulko.com>: > On Sun, Mar 11, 2018 at 03:36:16PM +0100, Stefano Babic wrote: >> Hi Everybody, >> >> I have applied 1-2 as Fabio suggested. I have a couple of comments for >> this, too: >> >>

Re: [U-Boot] [PATCH 4/4] imx: hab: Provide hab_auth_img_or_fail command

Hi Bryan, 2018-03-09 14:35 GMT-03:00 Bryan O'Donoghue : > This patch adds hab_auth_img_or_fail() a command line function that > encapsulates a common usage of authenticate and failover, namely if > authenticate image fails, then drop to BootROM USB recovery mode. > >

Re: [U-Boot] [PATCH 2/4] imx: hab: Encase majority of header in __ASSEMBLY__ declaration

Hi Bryan, 2018-03-09 14:35 GMT-03:00 Bryan O'Donoghue : > Subsequent patches will want to include hab.h but in doing so include it on > an assembly compile path causing a range of compile errors. Fix the errors > pre-emptively by encasing the majority of the

Re: [U-Boot] [PATCH 3/4] imx: hab: Specify IVT padding size

Hi Bryan, 2018-03-09 14:35 GMT-03:00 Bryan O'Donoghue : > This patch adds IVT_PAD_SIZE at 0xC00. The IVT header is padded to this > size. Defining the size explicitly makes it possible to use the define to > locate the start/end of an IVT header without using magic

Re: [U-Boot] [PATCH 1/4] imx: hab: Add routine to set HAB IVT address

Hi Bryan, 2018-03-09 14:35 GMT-03:00 Bryan O'Donoghue : > This patch takes a given address applies a plus or minus offset to locate > the putative address of an IVT given a non-IVT link location. > > It then sets hab_ivt_address to allow for further logic/scripting

Re: [U-Boot] [PATCH 3/3] imx: hab: Convert DCD non-NULL error to warning

Hi Bryan, 2018-03-09 10:07 GMT-03:00 Bryan O'Donoghue : > commit 8c4037a09a5c ("imx: hab: Ensure the IVT DCD pointer is Null prior > to calling HAB authenticate function.") makes the DCD field being NULL a > dependency. > > This change though will break loading and

Re: [U-Boot] [PATCH] imximage: Check the IVT offset in the correct location

Hi Fabio, 2018-03-08 17:40 GMT-03:00 Fabio Estevam : > From: Fabio Estevam > > Sometimes imximage throws the following error: > > CFGSboard/freescale/vf610twr/imximage.cfg.cfgtmp > CFGSboard/freescale/vf610twr/imximage.cfg.cfgtmp > MKIMAGE

Re: [U-Boot] [PATCH v2 16/17] warp7: defconfig: Enable CMD_SETEXPR

Hi Bryan, 2018-04-02 19:42 GMT-03:00 Bryan O'Donoghue : > setexpr allows us to do arithmetic for env variables - something that is > both useful and required when doing HAB authentication without hard-coding > HAB load addresses. > > Enable setexpr in the secure

Re: [U-Boot] [PATCH v2 07/17] warp7: Specify CONFIG_OPTEE_LOAD_ADDR

Hi Bryan, 2018-04-02 19:42 GMT-03:00 Bryan O'Donoghue : > In order to sign images with the IMX code-signing-tool (CST) we need to > know the load address of a given image. The best way to derive this load > address is to make it into a define - so that u-boot.cfg

Re: [U-Boot] [PATCH v2 06/17] warp7: Print out the OPTEE DRAM region

Hi Bryan, 2018-04-02 19:42 GMT-03:00 Bryan O'Donoghue : > Right now a region of 0x30 bytes is allocated at the end of DRAM for > the purposes of loading an OPTEE firmware inside of it. This patch adds the > printout of the relevant address ranges. > >

Re: [U-Boot] [PATCH v2 09/17] warp7: defconfig: Enable CONFIG_BOOTM_TEE

Hi Bryan, 2018-04-02 19:42 GMT-03:00 Bryan O'Donoghue : > This patch enables CONFIG_BOOTM_TEE. Once enabled its possible to > chain-load Linux through OPTEE. > > Loading kernel to 0x8080 > => run loadimage > > Load FDT to 0x8300 > => run loadfdt > > Load OPTEE

Re: [U-Boot] [PATCH v2] bootm: Align cache flush begin address

accept the range provided and flush. > > A similar action should be taken for the begin address of a cache flush > operation. The load address may not be aligned to a cache-line boundary, so > ensure the passed address is aligned. > > Signed-off-by: Bryan O'Donoghue <bryan.odonog...

Re: [U-Boot] [PATCH v3 00/17] warp7: Enable automated OPTEE/HAB boot flow

Hi Bryan, 2018-04-13 12:31 GMT-03:00 Bryan O'Donoghue : > https://git.linaro.org/landing-teams/working/mbl/u-boot.git/log/?h=linaro-mbl%2bbod > > v3: > - Reword commit message of patch #16 - Breno > > - This patchset now relies on five in-flight patch-sets the first

Re: [U-Boot] [PATCH v2 3/3] imx: hab: Provide hab_auth_img_or_fail command

Hi All, 2018-03-27 19:44 GMT-03:00 Breno Matheus Lima <brenomath...@gmail.com>: > Hi Bryan, > > 2018-03-26 11:11 GMT-03:00 Bryan O'Donoghue <bryan.odonog...@linaro.org>: >> This patch adds hab_auth_img_or_fail() a command line function that >> encapsulat

Re: [U-Boot] [PATCH v3 1/2] imximage: Encase majority of header in __ASSEMBLY__ declaration

inaro.org>; Utkarsh Gupta <utkarsh.gu...@nxp.com>; Breno Matheus Lima <breno.l...@nxp.com> Subject: [PATCH v3 1/2] imximage: Encase majority of header in __ASSEMBLY__ declaration Subsequent patches will want to include imageimage.h but in doing so include it on an assembly comp

Re: [U-Boot] [PATCH v3 2/2] imx: hab: Provide hab_auth_img_or_fail command

inaro.org>; Utkarsh Gupta <utkarsh.gu...@nxp.com>; Breno Matheus Lima <breno.l...@nxp.com> Subject: [PATCH v3 2/2] imx: hab: Provide hab_auth_img_or_fail command This patch adds hab_auth_img_or_fail() a command line function that encapsulates a common usage of authentic

Re: [U-Boot] [PATCH v2 3/3] imx: hab: Provide hab_auth_img_or_fail command

Hi Bryan, 2018-03-26 11:11 GMT-03:00 Bryan O'Donoghue : > This patch adds hab_auth_img_or_fail() a command line function that > encapsulates a common usage of authenticate and failover, namely if > authenticate image fails, then drop to BootROM USB recovery mode. > >

Re: [U-Boot] [PATCH] Makefile: always preserve output for images that can contain HAB Blocks

Hi Rasmus, 2018-03-02 10:36 GMT-03:00 Rasmus Villemoes : > The current makefile logic disables creation of the > SPL.log/u-boot-ivt.img.log etc. files when V=1 is given on the command > line, the rationale presumably being that the user wants and gets the > information

Re: [U-Boot] [PATCH 1/2] Makefile: always preserve output for images that can contain HAB Blocks

Hi All, 2018-03-23 8:08 GMT-03:00 Rasmus Villemoes : > The current makefile logic disables creation of the > SPL.log/u-boot-ivt.img.log etc. files when V=1 is given on the command > line, the rationale presumably being that the user wants and gets the > information on

Re: [U-Boot] [PATCH 2/2] tools/imximage: use 0x prefix in HAB Blocks line

Hi Rasmus, 2018-03-23 9:40 GMT-03:00 Fabio Estevam : > On Fri, Mar 23, 2018 at 8:08 AM, Rasmus Villemoes > wrote: >> The u-boot-ivt.img.log file contains 0x prefixes in the HAB Blocks line, >> while the SPL.log does not. For consistency, and to

Re: [U-Boot] [PATCH] Makefile: always preserve output for images that can contain HAB Blocks

Hi All, My bad, I have commented in the wrong patch, my intention was to comment in [PATCH 1/2] Makefile: always preserve output for images that can contain HAB Blocks. Thanks, Breno Lima 2018-03-24 19:06 GMT-03:00 Breno Matheus Lima <brenomath...@gmail.com>: > Hi Rasmus, > > 2

Re: [U-Boot] [PATCH v3 1/2] warp7: defconfig: Fix CAAM on boot with tip-of-tree

Hi Bryan, 2018-03-31 17:04 GMT-03:00 Bryan O'Donoghue : > Booting the following image with tip-of-tree we get a CAAM DECO error (and > subsequent crash due to a kernel bug in 4.1). > > http://freescale.github.io/#download -> BoardsWaRPboard community - WaRP - >

Re: [U-Boot] [PATCH 3/4] imx: hab: Specify IVT padding size

Hi Bryan, 2018-03-17 8:06 GMT-03:00 Bryan O'Donoghue <bryan.odonog...@linaro.org>: > > > On 15/03/18 16:54, Breno Matheus Lima wrote: >> >> Hi Bryan, >> >> 2018-03-09 14:35 GMT-03:00 Bryan O'Donoghue <bryan.odonog...@linaro.org>: >>> >

Re: [U-Boot] [PATCH] doc: imx: fix typo in imximage.txt

Hi Michael, Em sex, 2 de nov de 2018 às 19:12, Michael Heimpold escreveu: > > Signed-off-by: Michael Heimpold Reviewed-by: Breno Lima Thanks, Breno Lima ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot

Re: [U-Boot] [PATCH] doc: imx: fix typos in mxsimage.txt

Hi Michael, Em sex, 2 de nov de 2018 às 19:12, Michael Heimpold escreveu: > > This fixes two small typos in mxsimage.txt. > > Signed-off-by: Michael Heimpold Reviewed-by: Breno Lima Thanks, Breno Lima ___ U-Boot mailing list U-Boot@lists.denx.de

[U-Boot] [PATCH 7/7] doc: imx: Improve i.MX documentation naming

There is no need to have README in all i.MX documents name. Remove README from i.MX docs name and add .txt file extension. Signed-off-by: Breno Lima Reviewed-by: Ye Li --- doc/imx/common/{README.imx25 => imx25.txt}| 0 doc/imx/common/{README.imx27 => imx27.txt}| 0

[U-Boot] [PATCH 0/7] Restructure the i.MX U-Boot documentation

This patch set is restructuring and cleaning up the current i.MX documentation included in the U-Boot doc directory. The current i.MX documentation is in the root directory so we cannot easily check which one is i.MX related: http://git.denx.de/?p=u-boot/u-boot-imx.git;a=tree;f=doc; This series

[U-Boot] [PATCH 4/7] doc: imx: Reorganize i.MX SoC common documentation

The following documents describe device details according to the i.MX family: - README.imx25 - README.imx27 - README.imx5 - README.imx6 - README.mxs Move all device common related document to doc/imx/common for a better directory structure. Signed-off-by: Breno Lima --- doc/imx/{ =>

[U-Boot] [PATCH 1/7] doc: imx: reorganize i.MX documentation

Currently the U-Boot doc/ directory contains the following files that are only relevant for i.MX devices: - doc/README.imx25 - doc/README.imx27 - doc/README.imx5 - doc/README.imx6 - doc/README.imximage - doc/README.mxc_hab - doc/README.mxs - doc/README.mxsimage - doc/README.sdp Move all content

[U-Boot] [PATCH 3/7] doc: imx: mkimage: reorganize i.MX mkimage documentation

The following documents describe the image type used by the mkimage tool to generate U-Boot images for i.MX devices. - README.imximage - README.mxsimage Move all mkimage related document to doc/imx/mkimage for a better directory structure. Signed-off-by: Breno Lima --- doc/imx/{ =>

[U-Boot] [PATCH 5/7] doc: imx: hab: Reorganize High Assurance Boot documentation

The current High Assurance Boot document README.mxc_hab include details for the following features in a single file: - HAB Secure Boot - HAB Encrypted Boot Split HAB documentation in a specific directory for a cleaner documentation structure, subsequent patches will include more content in HAB

[U-Boot] [PATCH 2/7] doc: imx: Move SPD related info to the appropriate doc

Currently the Serial Download Protocol tools and procedure are documented in two places: - doc/imx/README.sdp - doc/imx/README.imx6 It is better to consolidate all SDP related information into README.sdp file, so move the content from README.imx6 to README.sdp. Signed-off-by: Breno Lima ---

[U-Boot] [PATCH 6/7] doc: imx: misc: Reorganize miscellaneous documentation

The Serial Download Protocol feature is availible in various i.MX SoCs. Move README.sdp document to imx/misc directory. Signed-off-by: Breno Lima --- doc/imx/{ => misc}/README.sdp | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename doc/imx/{ => misc}/README.sdp (100%) diff --git

[U-Boot] Problems to boot i.MX8QXP EVK board

Hi Peng, I'm not being able to boot U-Boot v2019.01 on my i.MX8QXP B0 MEK board by following README file (board/freescale/imx8qxp_mek/README). After reverting commit f7e475db4011("tools: imx8image: set dcd_skip to true") everything seems to be working fine. Do you happen to know if the

Re: [U-Boot] Problems to boot i.MX8QXP EVK board

Hi Peng, Em qua, 16 de jan de 2019 às 23:33, Peng Fan escreveu: > > Hi Breno, > > > -Original Message- > > From: Breno Matheus Lima [mailto:brenomath...@gmail.com] > > Sent: 2019年1月17日 9:04 > > To: Peng Fan ; Breno Matheus Lima > > > > Cc: Fa

Re: [U-Boot] Problems to boot i.MX8QXP EVK board

Hi Peng, Em qua, 16 de jan de 2019 às 23:48, Peng Fan escreveu: > > > > > -Original Message- > > From: Breno Matheus Lima [mailto:brenomath...@gmail.com] > > Sent: 2019年1月17日 9:42 > > To: Peng Fan > > Cc: Breno Matheus Lima ; Fabio Esteva

Re: [U-Boot] [PATCH] Revert "tools: imx8image: set dcd_skip to true"

Hi Fabio, Em sex, 18 de jan de 2019 às 11:00, Fabio Estevam escreveu: > > This reverts commit f7e475db4011d18b4ae974154eb022c3af6a4d16. > > This commit breaks the boot on imx8qxp evk and it should only > be re-applied after imx8qxp evk is converted to SPL. > > Revert it for now, so that imx8qxp

[U-Boot] [PATCH 2/6] doc: imx: habv4: Add HABv4 introduction

The HABv4 is supported in i.MX50, i.MX53, i.MX6, i.MX7, series and i.MX 8M, i.MX8MM devices. Add an introductory document containing the following topics: - HABv4 Introduction - HABv4 Secure Boot - HABv4 Encrypted Boot - HAB PKI tree generation - HAB Fast Authentication PKI tree generation - SRK

[U-Boot] [PATCH 3/6] doc: imx: habv4: Add Secure Boot guide for i.MX6 and i.MX7 non-SPL targets

Add HABv4 documentation for non-SPL targets covering the following topics: - How to sign an securely boot an u-boot-dtb.imx image. - How to extend the root of trust for additional boot images. - Add 3 CSF examples. - Add IVT generation script example. Reviewed-by: Ye Li Reviewed-by: Utkarsh

[U-Boot] [PATCH 4/6] doc: imx: habv4: Add Secure Boot guide for i.MX6 and i.MX7 SPL targets

The current U-Boot implementation includes SPL targets for some NXP development boards: - mx6sabreauto_defconfig - mx6sabresd_defconfig - mx6ul_14x14_evk_defconfig - mx6ul_9x9_evk_defconfig Add additional steps needed to completly secure the bootloader image. Signed-off-by: Breno Lima ---

[U-Boot] [PATCH 0/6] doc: imx: habv4: Improve iMX6 and iMX7 secure boot documentation

Hi All, This series is improving the current HABv4 U-Boot documentation for iMX6 and iMX7 families devices. The patch set is adding a complete step-by-step procedure on how to securely boot an U-Boot image using HABv4: habv4 ├── csf_examples │   ├── additional_images │   │   └──

[U-Boot] [PATCH 1/6] doc: imx: habv4: Remove extra hab directory for a cleaner documentation structure

There is no need to have an extra hab directory under doc/imx/. Habv4 and AHAB documentation can be added directly in doc/imx/ for a cleaner documentation structure. Signed-off-by: Breno Lima --- doc/imx/{hab => }/habv4/encrypted_boot.txt | 0 doc/imx/{hab => }/habv4/secure_boot.txt| 0 2

[U-Boot] [PATCH 6/6] doc: imx: habv4: Remove secure_boot.txt guide

The secure_boot.txt guide was replaced by mx6_mx7_secure_boot.txt and mx6_mx7_spl_secure_boot.txt documents. Both documents covers all steps needed for SPL and non-SPL tagets, so remove secure_boot.txt file to avoid duplicated content. Signed-off-by: Breno Lima ---

[U-Boot] [PATCH 5/6] doc: imx: habv4: Move encrypted boot guide

All guides are currently located at doc/imx/habv4/guides/ directory. Move encrypted_boot.txt document to guides directory. Signed-off-by: Breno Lima --- doc/imx/habv4/{ => guides}/encrypted_boot.txt | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename doc/imx/habv4/{ =>

[U-Boot] [PATCH] imx: hab: Convert non-NULL IVT DCD pointer warning to an error

The following NXP application notes and manual recommend to ensure the IVT DCD pointer is Null prior to calling HAB API authenticate_image() function: - AN12263: HABv4 RVT Guidelines and Recommendations - AN4581: Secure Boot on i.MX50, i.MX53, i.MX 6 and i.MX7 Series using HABv4 - CST docs:

Re: [U-Boot] [PATCH] imx: hab: extend hab_auth_img to calculate ivt_offset

Hi Parthiban, Em ter, 6 de nov de 2018 às 14:42, Parthiban Nallathambi escreveu: > > Current implementation of hab_auth_img command needs ivt_offset to > authenticate the image. But ivt header is placed at the end of image > date after padding. > > This leaves the usage of hab_auth_img command

Re: [U-Boot] [PATCH v2] imx: hab: extend hab_auth_img to calculate ivt_offset

Hi Parthiban, Em qua, 21 de nov de 2018 às 18:47, Parthiban Nallathambi escreveu: > > Hi Breno, > > On 11/21/18 7:42 PM, Breno Matheus Lima wrote: > > Hi Parthiban, > > > > Em qua, 21 de nov de 2018 às 15:52, Parthiban Nallathambi > > escreveu: > >&

Re: [U-Boot] [PATCH v2] imx: hab: extend hab_auth_img to calculate ivt_offset

Hi Parthiban, Em qua, 21 de nov de 2018 às 15:52, Parthiban Nallathambi escreveu: > > Hi Breno, > > On 11/21/18 5:45 PM, Breno Matheus Lima wrote: > > Hi Parthiban, > > > > Em qua, 21 de nov de 2018 às 11:50, Parthiban Nallathambi > > escreveu: > >>

Re: [U-Boot] [PATCH v2] imx: hab: extend hab_auth_img to calculate ivt_offset

Hi Parthiban, Em qua, 21 de nov de 2018 às 11:50, Parthiban Nallathambi escreveu: > > Current implementation of hab_auth_img command needs ivt_offset to > authenticate the image. But ivt header is placed at the end of image > date after padding. > > This leaves the usage of hab_auth_img command

[U-Boot] [PATCH] crypto: fsl: jr: Make job-rings assignment non-Secure dependent

Commit 22191ac35344 ("drivers/crypto/fsl: assign job-rings to non-TrustZone") breaks HABv4 encrypted boot support in the following i.MX devices: - i.MX6UL - i.MX7S - i.MX7D - i.MX7ULP For preparing a HABv4 encrypted boot image it's necessary to encapsulate the generated DEK in a blob. In

Re: [U-Boot] [PATCH] crypto: fsl: jr: Make job-rings assignment non-Secure dependent

Hi Bryan, Em dom, 7 de abr de 2019 às 05:05, Bryan O'Donoghue escreveu: > > > > On 06/04/2019 22:41, Breno Matheus Lima wrote: > > Hi Bryan, > > > > Em sáb, 6 de abr de 2019 às 12:21, Bryan O'Donoghue > > escreveu: > >> > >> &

[U-Boot] [PATCH RESEND 6/6] doc: imx: habv4: Remove secure_boot.txt guide

The secure_boot.txt guide was replaced by mx6_mx7_secure_boot.txt and mx6_mx7_spl_secure_boot.txt documents. Both documents covers all steps needed for SPL and non-SPL tagets, so remove secure_boot.txt file to avoid duplicated content. Signed-off-by: Breno Lima ---

Re: [U-Boot] [PATCH 6/6] doc: imx: habv4: Remove secure_boot.txt guide

Hi Stefano, Em sex, 15 de fev de 2019 às 09:57, Stefano Babic escreveu: > > On 23/01/19 20:30, Breno Matheus Lima wrote: > > The secure_boot.txt guide was replaced by mx6_mx7_secure_boot.txt and > > mx6_mx7_spl_secure_boot.txt documents. > > > > Both documents c

Re: [U-Boot] Problems to build i.MX8MQ EVK board

Hi Stefano, Em qui, 31 de jan de 2019 às 11:21, Stefano Babic escreveu: > > Hi Breno, > > On 31/01/19 14:16, Breno Matheus Lima wrote: > > Hi Peng, > > > > I'm trying to build imx8mq_evk_defconfig target by following the > > README file under board/frees

[U-Boot] Problems to build i.MX8MQ EVK board

, Breno Lima -- Breno Matheus Lima ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot

Re: [U-Boot] [PATCH] crypto: fsl: jr: Make job-rings assignment non-Secure dependent

Hi Bryan, Seems that my last email didn't get in U-Boot mailing list, I'm sending again. Em sáb, 6 de abr de 2019 às 12:21, Bryan O'Donoghue escreveu: > > > > On 05/04/2019 17:16, Breno Matheus Lima wrote: > > + if ((IS_ENABLED(CONFIG_OPTEE) || > >

Re: [U-Boot] [PATCH] crypto: fsl: jr: Make job-rings assignment non-Secure dependent

Hi Bryan, Em sáb, 6 de abr de 2019 às 12:21, Bryan O'Donoghue escreveu: > > > > On 05/04/2019 17:16, Breno Matheus Lima wrote: > > + if ((IS_ENABLED(CONFIG_OPTEE) || > > + !IS_ENABLED(CONFIG_ARMV7_BOOT_SEC_DEFAULT)) && > > + !IS

[U-Boot] [PATCH] doc: Remove duplicated documentation directory

Commit ad7061ed742e ("doc: Move device tree bindings documentation to doc/device-tree-bindings") moved all device tree binding documentation to doc/device-tree-bindings directory. The current U-Boot project still have two documentation directories: - doc/ - Documentation/ Move all

[U-Boot] [PATCH] Revert "drivers/crypto/fsl: assign job-rings to non-TrustZone"

Commit 22191ac35344 ("drivers/crypto/fsl: assign job-rings to non-TrustZone") breaks HABv4 encrypted boot support in the following i.MX devices: - i.MX6UL - i.MX7S - i.MX7D - i.MX7ULP For preparing a HABv4 encrypted boot image it's necessary to encapsulate the generated DEK in a blob. In

Re: [U-Boot] [PATCH v2 3/3] usb: gadget: f_sdp: Allow SPL to load and boot FIT via SDP

Hi Sjoerd, Em seg, 17 de jun de 2019 às 11:26, Sjoerd Simons escreveu: > > On Tue, 2019-06-04 at 18:56 -0300, Fabio Estevam wrote: > > On Tue, Jun 4, 2019 at 5:41 PM Sjoerd Simons > > wrote: > > > We have been using imx_usb_loader for a long time. After DM / fit > > comvesion the IVT piece is

[U-Boot] [PATCH] mx6sxsabresd: imximage.cfg: Handle the CONFIG_SECURE_BOOT case

Secure boot is not enabled in mx6sxsabresd imximage.cfg, add support for it. Signed-off-by: Breno Lima --- board/freescale/mx6sxsabresd/imximage.cfg | 7 +++ 1 file changed, 7 insertions(+) diff --git a/board/freescale/mx6sxsabresd/imximage.cfg b/board/freescale/mx6sxsabresd/imximage.cfg

Re: [U-Boot] [PATCH 2/4] crypto/fsl: Use __sec_set_jr_context_normal

Hi Bryan, Em ter, 30 de abr de 2019 às 05:13, Bryan O'Donoghue escreveu: > > > > On 30/04/2019 02:28, Bryan O'Donoghue wrote: > > > > > > On 25/04/2019 04:24, Breno Matheus Lima wrote: > >> I couldn't get encrypted boot working in my first attempt, doing th

[U-Boot] [PATCH] mx6sl: hab: Fix pu_irom_mmu_enabled address

According to hab.c code we have to notify the ROM code if the MMU is enabled or not. This is achieved by setting the "pu_irom_mmu_enabled" to 0x1. The current address in hab.c code is wrong for i.MX6SL, according to ROM map file the correct address is 0x00901c60. As we are writing in the wrong

Re: [U-Boot] [PATCH 2/4] crypto/fsl: Use __sec_set_jr_context_normal

e") reverted works fine. I will take a better look in your patch set and let you know if I find something. Best Regards, Breno Matheus Lima ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot

Re: [U-Boot] [PATCH 1/4] crypto/fsl: Introduce API to save/restore job-ring context

Hi Bryan, Em ter, 23 de abr de 2019 às 07:20, Bryan O'Donoghue escreveu: > > We need to handle the case where DEK blobs are passed to the BootROM. In > this case, unlike in HAB authentication the BootROM checks job-ring > ownership set to secure world. > > One possible solution is to set the

[U-Boot] [PATCH] imx: hab: Increase CSF_SIZE for i.MX6 and i.MX7 devices

In certain i.MX devices the encrypted boot image is failing to boot. According to AN12056 "Encrypted Boot on HABv4 and CAAM Enabled Devices" it's necessary to pad CSF to 0x2000 and append DEK blob. In this case the total image size in boot data structure must cover the entire binary otherwise

Re: [U-Boot] Wandboard boot failure when HAB support is enabled

Hi Jon, Em qua, 28 de ago de 2019 às 09:49, Jon Szymaniak escreveu: > > Hello all, > > I'd like to get U-Boot >= 2019.07 booting on a Wandboard Quad with HAB > support enabled, but appear to be running into either some regressions > (or matters of PEBKAC). For the scope of this discussion, I'm

Re: [U-Boot] [PATCH 2/4] habv4: tools: Avoid hardcoded CSF size for SPL targets

Hi Peng, Em qua, 11 de set de 2019 às 22:07, Peng Fan escreveu: > > Hi Breno, > > > Subject: [PATCH 2/4] habv4: tools: Avoid hardcoded CSF size for SPL targets > > I saw this patch in imx/master, not in Tom's tree. But this patch breaks > build for other archs, such as arc and etc. > Thanks for

Re: [U-Boot] [PATCH 2/4] habv4: tools: Avoid hardcoded CSF size for SPL targets

Hi Stefano, Em seg, 16 de set de 2019 às 05:17, Stefano Babic escreveu: > > Hi Breno, > > On 12/09/19 03:07, Peng Fan wrote: > > Hi Breno, > > > >> Subject: [PATCH 2/4] habv4: tools: Avoid hardcoded CSF size for SPL targets > > > > I saw this patch in imx/master, not in Tom's tree. But this

Re: [U-Boot] nxp: HABv4 secure boot on iMX7 NAND broken

g from NAND the DCD table is not loaded in OCRAM so that shouldn't be a problem. The DCD is loaded in OCRAM when booting via USB OTG using the serial download protocol, you can have more details in link below: https://github.com/NXPmicro/mfgtools/wiki/UUU-default-support-protocol-list#habv4-

Re: [U-Boot] [PATCH 3/4] imx6: spl: Reduce SPL limit size in case CONFIG_SECURE_BOOT is enabled

HI Stefano and Jagan, Em qua, 18 de set de 2019 às 04:59, Stefano Babic escreveu: > > Hi Jagan, Breno, > > On 17/09/19 09:13, Jagan Teki wrote: > > Hi Breno, > > > > On Thu, Jul 18, 2019 at 6:06 PM Breno Matheus Lima > > wrote: > >> > >>

[U-Boot] [PATCH 1/4] Kconfig: Migrate CONFIG_CSF_SIZE to Kconfig

Move CONFIG_CSF_SIZE to Kconfig and define default value as 0x4000. mx8mqevk requires 0x2000 add this configuration in imx8mq_evk_defconfig file. Signed-off-by: Breno Lima --- arch/arm/mach-imx/Kconfig | 7 +++ configs/imx8mq_evk_defconfig | 1 + include/configs/cl-som-imx7.h | 1 -

[U-Boot] [PATCH 0/4] Improve HAB support for SPL targets

This patch set is improving the HAB support for targets that are using IH_TYPE_FIRMWARE_IVT image type. Patch 0001 is migrating CONFIG_CSF_SIZE to Kconfig so value can be configurable and used by U-Boot tools. Patch 0002 is fixing secure boot support for targets using IH_TYPE_FIRMWARE_IVT image

[U-Boot] [PATCH 2/4] habv4: tools: Avoid hardcoded CSF size for SPL targets

Currently it's not possible to authenticate the U-Boot proper of mx6ul_14x14_evk_defconfig target: Authenticate image from DDR location 0x877fffc0... bad magic magic=0x0 length=0x00 version=0x3 bad length magic=0x0 length=0x00 version=0x3 bad version magic=0x0 length=0x00 version=0x3 spl: ERROR:

[U-Boot] [PATCH 3/4] imx6: spl: Reduce SPL limit size in case CONFIG_SECURE_BOOT is enabled

In case CONFIG_SECURE_BOOT is enabled we need to limit the SPL size to avoid a possible HAB failure event: - HAB Event 1 - event data: 0xdb 0x00 0x14 0x42 0x33 0x22 0x33 0x00 0x00 0x00 0x00 0x0f 0x00 0x90 0x70 0x00 0x00 0x01 0x10 0x00 STS =

[U-Boot] [PATCH 4/4] imx: configs: Cleanup CONFIG_SECURE_BOOT comments

Since commit 6e1f4d2652e7 ("arm: imx-common: add SECURE_BOOT option to Kconfig") the SECURE_BOOT option is selected through Kconfig. Cleanup comments in code to align with this change. Signed-off-by: Breno Lima --- include/configs/cl-som-imx7.h | 3 --- include/configs/mx7ulp_evk.h | 3 --- 2

[U-Boot] [PATCH] mx6ulevk: Add support for SDP boot in SPL target

Currently it's not possible to boot mx6ulevk board using imx_usb_loader tool: U-Boot SPL 2018.03 (Jul 18 2019 - 10:05:17 -0300) SPL: Unsupported Boot Device! SPL: failed to boot from all boot devices Enable necessary configuration in defconfig file. Signed-off-by: Breno Lima ---

  1   2   >