[PATCH] arm: mach-k3: Clean non-coherent lines out of L3 cache
When switching on or off the ARM caches some care must be taken to ensure existing cache line allocations are not left in an inconsistent state. An example of this is when cache lines are considered non-shared by and L3 controller even though the lines are shared. To prevent these and other issues all cache lines should be cleared before enabling or disabling a coherent master's cache. ARM cores and many L3 controllers provide a way to efficiently clean out all cache lines to allow for this, unfortunately there is no such easy way to do this on current K3 MSMC based systems. We could explicitly clean out every valid external address tracked by MSMC (all of DRAM), or we could attempt to identify only the set of addresses accessed by a given boot stage and flush only those specifically. This patch attempts the latter. We start with cleaning the SPL load address. More addresses can be added here later as they are identified. Note that we perform a flush operation for both the flush and invalidate operations, this is not a typo. We do this to avoid the situation that some ARM cores will promote an invalidate to a clean+invalidate, but only emit the invalidation operation externally, leading to a loss of data. Signed-off-by: Andrew F. Davis Tested-by: Faiz Abbas --- arch/arm/mach-k3/Makefile | 1 + arch/arm/mach-k3/cache.S | 24 2 files changed, 25 insertions(+) create mode 100644 arch/arm/mach-k3/cache.S diff --git a/arch/arm/mach-k3/Makefile b/arch/arm/mach-k3/Makefile index 028015ed66..7572f56925 100644 --- a/arch/arm/mach-k3/Makefile +++ b/arch/arm/mach-k3/Makefile @@ -8,6 +8,7 @@ obj-$(CONFIG_SOC_K3_J721E) += j721e_init.o obj-$(CONFIG_ARM64) += arm64-mmu.o obj-$(CONFIG_CPU_V7R) += r5_mpu.o lowlevel_init.o obj-$(CONFIG_TI_SECURE_DEVICE) += security.o +obj-$(CONFIG_ARM64) += cache.o ifeq ($(CONFIG_SPL_BUILD),y) obj-$(CONFIG_K3_LOAD_SYSFW) += sysfw-loader.o endif diff --git a/arch/arm/mach-k3/cache.S b/arch/arm/mach-k3/cache.S new file mode 100644 index 00..a5717ea203 --- /dev/null +++ b/arch/arm/mach-k3/cache.S @@ -0,0 +1,24 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright (C) 2020 Texas Instruments Incorporated - http://www.ti.com/ + * Andrew F. Davis + */ + +#include +#include + +#if defined(CONFIG_SPL_BUILD) +ENTRY(__asm_invalidate_l3_dcache) + /* Invalidate SPL address range */ + mov x0, #CONFIG_SPL_TEXT_BASE + add x1, x0, #CONFIG_SPL_MAX_SIZE + b __asm_flush_dcache_range +ENDPROC(__asm_invalidate_l3_dcache) + +ENTRY(__asm_flush_l3_dcache) + /* Flush SPL address range */ + mov x0, #CONFIG_SPL_TEXT_BASE + add x1, x0, #CONFIG_SPL_MAX_SIZE + b __asm_flush_dcache_range +ENDPROC(__asm_flush_l3_dcache) +#endif -- 2.17.1
[PATCH] board: ti: am654: Disable SA2UL node for HS devices
On HS devices the access to SA2UL is restricted on the non-secure
ARM side, disable the node in DT to prevent firewall violations.
We used to only disable the TRNG but now that we have full SA2UL
support in Linux, in which TRNG is a sub-module, disable both
by disabling the parent SA2UL node.
Signed-off-by: Andrew F. Davis
---
board/ti/am65x/evm.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/board/ti/am65x/evm.c b/board/ti/am65x/evm.c
index a22900dcf9..20b75ba133 100644
--- a/board/ti/am65x/evm.c
+++ b/board/ti/am65x/evm.c
@@ -108,10 +108,10 @@ int ft_board_setup(void *blob, bd_t *bd)
}
#if defined(CONFIG_TI_SECURE_DEVICE)
- /* Make HW RNG reserved for secure world use */
- ret = fdt_disable_node(blob, "/interconnect@10/trng@4e1");
+ /* Make Crypto HW reserved for secure world use */
+ ret = fdt_disable_node(blob, "/interconnect@10/crypto@4E0");
if (ret)
- printf("%s: disabling TRGN failed %d\n", __func__, ret);
+ printf("%s: disabling SA2UL failed %d\n", __func__, ret);
#endif
return 0;
--
2.17.1
[PATCH v2 2/2] tools: k3_gen_x509_cert: Set default early HS JTAG access to disabled
When authenticating the initial boot binary the ROM will check a debug
type value in the certificate and based on that open JTAG access to that
core. This only effects HS devices as non-HS device ROM allows JTAG
by default.
This can be useful for HS developers working in the early boot stage,
before SYSFW is loaded. After that point the JTAG access can be
changed based on board configurations passed to SYSFW.
This access can also be a large security problem as JTAG access on
HS devices can be used to circumvent the chain-of-trust controls.
Accidentally leaving this open defeats the security on HS, due to this
change the default to disabled.
This should only effect those working on early HS boot code, which
is a limited crowd who will already know how to re-enable this access
as needed.
Signed-off-by: Andrew F. Davis
---
Changes from v1:
- Split into two patches as suggested by Lokesh
- Expanded explanation for default value change
tools/k3_gen_x509_cert.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/k3_gen_x509_cert.sh b/tools/k3_gen_x509_cert.sh
index c6361720d3..298cec1313 100755
--- a/tools/k3_gen_x509_cert.sh
+++ b/tools/k3_gen_x509_cert.sh
@@ -12,7 +12,7 @@ RAND_KEY=eckey.pem
LOADADDR=0x41c0
BOOTCORE_OPTS=0
BOOTCORE=16
-DEBUG_TYPE=4
+DEBUG_TYPE=0
gen_degen_template() {
cat << 'EOF' > degen-template.txt
@@ -152,7 +152,7 @@ options_help[k]="key_file:file with key inside it. If not
provided script genera
options_help[o]="output_file:Name of the final output file. default to $OUTPUT"
options_help[c]="core_id:target core id on which the image would be running.
Default to $BOOTCORE"
options_help[l]="loadaddr: Target load address of the binary in hex. Default
to $LOADADDR"
-options_help[d]="debug_type: Debug type, set to 0 to disable early JTAG.
Default to $DEBUG_TYPE"
+options_help[d]="debug_type: Debug type, set to 4 to enable early JTAG.
Default to $DEBUG_TYPE"
while getopts "b:k:o:c:l:d:h" opt
do
--
2.17.1
[PATCH v2 1/2] tools: k3_gen_x509_cert: Allow selecting early JTAG debug value
When authenticating the initial boot binary the ROM will check a debug
type value in the certificate and based on that open JTAG access to that
core.
Make this selectable in the signing tool to allow it to be enabled or
disabled based on user command line input.
This does not change the default behavior.
Signed-off-by: Andrew F. Davis
---
Changes from v1:
- Split into two patches as suggested by Lokesh
- Expanded explanation for default value change
tools/k3_gen_x509_cert.sh | 14 +++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/tools/k3_gen_x509_cert.sh b/tools/k3_gen_x509_cert.sh
index b6d055f6f5..c6361720d3 100755
--- a/tools/k3_gen_x509_cert.sh
+++ b/tools/k3_gen_x509_cert.sh
@@ -12,6 +12,7 @@ RAND_KEY=eckey.pem
LOADADDR=0x41c0
BOOTCORE_OPTS=0
BOOTCORE=16
+DEBUG_TYPE=4
gen_degen_template() {
cat << 'EOF' > degen-template.txt
@@ -79,7 +80,7 @@ cat << 'EOF' > x509-template.txt
[ debug ]
debugUID =
FORMAT:HEX,OCT:
- debugType = INTEGER:4
+ debugType = INTEGER:TEST_DEBUG_TYPE
coreDbgEn = INTEGER:0
coreDbgSecEn = INTEGER:0
EOF
@@ -151,8 +152,9 @@ options_help[k]="key_file:file with key inside it. If not
provided script genera
options_help[o]="output_file:Name of the final output file. default to $OUTPUT"
options_help[c]="core_id:target core id on which the image would be running.
Default to $BOOTCORE"
options_help[l]="loadaddr: Target load address of the binary in hex. Default
to $LOADADDR"
+options_help[d]="debug_type: Debug type, set to 0 to disable early JTAG.
Default to $DEBUG_TYPE"
-while getopts "b:k:o:c:l:h" opt
+while getopts "b:k:o:c:l:d:h" opt
do
case $opt in
b)
@@ -170,6 +172,9 @@ do
c)
BOOTCORE=$OPTARG
;;
+ d)
+ DEBUG_TYPE=$OPTARG
+ ;;
h)
usage
exit 0
@@ -224,12 +229,15 @@ gen_cert() {
#echo " LOADADDR = 0x$ADDR"
#echo " IMAGE_SIZE = $BIN_SIZE"
#echo " CERT_TYPE = $CERTTYPE"
+ #echo " DEBUG_TYPE = $DEBUG_TYPE"
sed -e "s/TEST_IMAGE_LENGTH/$BIN_SIZE/" \
-e "s/TEST_IMAGE_SHA_VAL/$SHA_VAL/" \
-e "s/TEST_CERT_TYPE/$CERTTYPE/" \
-e "s/TEST_BOOT_CORE_OPTS/$BOOTCORE_OPTS/" \
-e "s/TEST_BOOT_CORE/$BOOTCORE/" \
- -e "s/TEST_BOOT_ADDR/$ADDR/" x509-template.txt > $TEMP_X509
+ -e "s/TEST_BOOT_ADDR/$ADDR/" \
+ -e "s/TEST_DEBUG_TYPE/$DEBUG_TYPE/" \
+ x509-template.txt > $TEMP_X509
openssl req -new -x509 -key $KEY -nodes -outform DER -out $CERT -config
$TEMP_X509 -sha512
}
--
2.17.1
Re: [PATCH 4/4] kbuild: arm: Fix duplicate builds of dtbs
On 5/8/20 11:54 AM, Jan Kiszka wrote:
> On 08.05.20 17:40, Andrew F. Davis wrote:
>> On 5/4/20 8:38 AM, Jan Kiszka wrote:
>>> From: Jan Kiszka
>>>
>>> Build the secured board dtbs (.dtb_HS) as part of the regular dtb build
>>> on CONFIG_TI_SECURE_DEVICE targets. This avoids rebuilding them,
>>> possibly overwriting artifacts that are in use, as it is done so far.
>>>
>>> In the same run, fix needless rebuilding of the secured spl dtb.
>>>
>>> Fixes: 508369672ca3 ("arm: mach-k3: Add secure device build support")
>>> CC: Andrew F. Davis
>>> Signed-off-by: Jan Kiszka
>>> ---
>>> arch/arm/dts/Makefile | 6 --
>>> arch/arm/mach-k3/config_secure.mk | 19 ++-
>>> 2 files changed, 18 insertions(+), 7 deletions(-)
>>>
>>> diff --git a/arch/arm/dts/Makefile b/arch/arm/dts/Makefile
>>> index 2c123bd6da..b68e9c0726 100644
>>> --- a/arch/arm/dts/Makefile
>>> +++ b/arch/arm/dts/Makefile
>>> @@ -1,5 +1,7 @@
>>> # SPDX-License-Identifier: GPL-2.0+
>>>
>>> +include $(srctree)/arch/arm/mach-k3/config_secure.mk
>>> +
>>
>>
>> This is hacky, we should not in the top level dts makefile have a
>> dependency on a specific platform configuration file.
>>
>> What about mach-omap/config_secure.mk, etc..
>
> They don't need those special signing the k3 need. If they did, they
> could be included here as well.
>
I did everything the same in that file, so I don't see why it wouldn't
need the same treatment. But my point is that this will keep growing,
the fixes should be local to the mk files or everyone who does something
similar will need to add here.
>>
>> The negative of building dtbs twice for HS is very minor compared to the
>> extra complexity this patch adds. It will be much more difficult to
>> clean this up later.
>
> Overwriting a build artifacts that were already completed and may just
> be in use while doing so is broken. This must be fixed.
>
Absolutely agree it needs fixed, just not sure this just doesn't add to
the makefile complexity in the wrong way.
> As I wrote, I will add support for injecting public keys into the dtbs,
> and that also revealed this issue.
>
If I understand right, you are adding the keys into the dtb then signing
them? Why not add them to the dts first, then nothing would need to
change with multiple builds of the dtbs.
Andrew
> Better suggestions welcome.
>
> Jan
Re: [PATCH 4/4] kbuild: arm: Fix duplicate builds of dtbs
On 5/4/20 8:38 AM, Jan Kiszka wrote:
> From: Jan Kiszka
>
> Build the secured board dtbs (.dtb_HS) as part of the regular dtb build
> on CONFIG_TI_SECURE_DEVICE targets. This avoids rebuilding them,
> possibly overwriting artifacts that are in use, as it is done so far.
>
> In the same run, fix needless rebuilding of the secured spl dtb.
>
> Fixes: 508369672ca3 ("arm: mach-k3: Add secure device build support")
> CC: Andrew F. Davis
> Signed-off-by: Jan Kiszka
> ---
> arch/arm/dts/Makefile | 6 --
> arch/arm/mach-k3/config_secure.mk | 19 ++-
> 2 files changed, 18 insertions(+), 7 deletions(-)
>
> diff --git a/arch/arm/dts/Makefile b/arch/arm/dts/Makefile
> index 2c123bd6da..b68e9c0726 100644
> --- a/arch/arm/dts/Makefile
> +++ b/arch/arm/dts/Makefile
> @@ -1,5 +1,7 @@
> # SPDX-License-Identifier: GPL-2.0+
>
> +include $(srctree)/arch/arm/mach-k3/config_secure.mk
> +
This is hacky, we should not in the top level dts makefile have a
dependency on a specific platform configuration file.
What about mach-omap/config_secure.mk, etc..
The negative of building dtbs twice for HS is very minor compared to the
extra complexity this patch adds. It will be much more difficult to
clean this up later.
Andrew
> dtb-$(CONFIG_TARGET_SMARTWEB) += at91sam9260-smartweb.dtb
> dtb-$(CONFIG_TARGET_TAURUS) += at91sam9g20-taurus.dtb
> dtb-$(CONFIG_TARGET_CORVUS) += at91sam9g45-corvus.dtb
> @@ -927,13 +929,13 @@ dtb-$(CONFIG_TARGET_DURIAN) += phytium-durian.dtb
>
> dtb-$(CONFIG_TARGET_PRESIDIO_ASIC) += ca-presidio-engboard.dtb
>
> -targets += $(dtb-y)
> +targets += $(dtb-y) $(TI_SECURE_DTBS)
>
> # Add any required device tree compiler flags here
> DTC_FLAGS +=
>
> PHONY += dtbs
> -dtbs: $(addprefix $(obj)/, $(dtb-y))
> +dtbs: $(addprefix $(obj)/, $(dtb-y) $(TI_SECURE_DTBS))
> @:
>
> clean-files := *.dtb *.dtbo *_HS
> diff --git a/arch/arm/mach-k3/config_secure.mk
> b/arch/arm/mach-k3/config_secure.mk
> index 6d63c57665..d9141e10a0 100644
> --- a/arch/arm/mach-k3/config_secure.mk
> +++ b/arch/arm/mach-k3/config_secure.mk
> @@ -26,7 +26,12 @@ endif
> $(obj)/u-boot-spl-nodtb.bin_HS: $(obj)/u-boot-spl-nodtb.bin FORCE
> $(call if_changed,k3secureimg)
>
> -tispl.bin_HS: $(obj)/u-boot-spl-nodtb.bin_HS $(patsubst
> %,$(obj)/dts/%.dtb_HS,$(subst ",,$(CONFIG_SPL_OF_LIST))) $(SPL_ITS) FORCE
> +SPL_OF_LIST_TARGETS = $(patsubst %,dts/%.dtb,$(subst
> ",,$(CONFIG_SPL_OF_LIST)))
> +SPL_OF_LIST_TARGETS_HS = $(addsuffix _HS,$(SPL_OF_LIST_TARGETS))
> +
> +targets += $(SPL_OF_LIST_TARGETS) $(SPL_OF_LIST_TARGETS_HS)
> +
> +tispl.bin_HS: $(obj)/u-boot-spl-nodtb.bin_HS $(addprefix
> $(obj)/,$(SPL_OF_LIST_TARGETS_HS)) $(SPL_ITS) FORCE
> $(call if_changed,mkfitimage)
>
> MKIMAGEFLAGS_u-boot.img_HS = -f auto -A $(ARCH) -T firmware -C none -O
> u-boot \
> @@ -34,11 +39,15 @@ MKIMAGEFLAGS_u-boot.img_HS = -f auto -A $(ARCH) -T
> firmware -C none -O u-boot \
> -n "U-Boot $(UBOOTRELEASE) for $(BOARD) board" -E \
> $(patsubst %,-b arch/$(ARCH)/dts/%.dtb_HS,$(subst ",,$(CONFIG_OF_LIST)))
>
> -OF_LIST_TARGETS = $(patsubst %,arch/$(ARCH)/dts/%.dtb,$(subst
> ",,$(CONFIG_OF_LIST)))
> -$(OF_LIST_TARGETS): dtbs
> -
> u-boot-nodtb.bin_HS: u-boot-nodtb.bin FORCE
> $(call if_changed,k3secureimg)
>
> -u-boot.img_HS: u-boot-nodtb.bin_HS u-boot.img $(patsubst
> %.dtb,%.dtb_HS,$(OF_LIST_TARGETS)) FORCE
> +u-boot.img_HS: u-boot-nodtb.bin_HS u-boot.img dtbs FORCE
> $(call if_changed,mkimage)
> +
> +# Used when included by arch-dts makefile
> +-include include/config/auto.conf
> +
> +ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
> +TI_SECURE_DTBS = $(addsuffix _HS, $(dtb-y))
> +endif
> --
> 2.26.1
>
Re: am65x build issues
On 4/30/20 3:03 PM, Jan Kiszka wrote: > Hi all, > > I've noticed that building am65x_evm_a53_defconfig causes the dtbs to be > built twice, once for the main u-boot and once for the spl. This is > because of an extra dependency in mach-k3/config_secure.mk added by > 508369672ca3. Why should the produced dtbs depend on the target that > produces them? Why not simply this? > > diff --git a/arch/arm/mach-k3/config_secure.mk > b/arch/arm/mach-k3/config_secure.mk > index 6d63c57665..cbe9b684fb 100644 > --- a/arch/arm/mach-k3/config_secure.mk > +++ b/arch/arm/mach-k3/config_secure.mk > @@ -34,11 +34,8 @@ MKIMAGEFLAGS_u-boot.img_HS = -f auto -A $(ARCH) -T > firmware -C none -O u-boot \ > -n "U-Boot $(UBOOTRELEASE) for $(BOARD) board" -E \ > $(patsubst %,-b arch/$(ARCH)/dts/%.dtb_HS,$(subst ",,$(CONFIG_OF_LIST))) > > -OF_LIST_TARGETS = $(patsubst %,arch/$(ARCH)/dts/%.dtb,$(subst > ",,$(CONFIG_OF_LIST))) > -$(OF_LIST_TARGETS): dtbs > - > u-boot-nodtb.bin_HS: u-boot-nodtb.bin FORCE > $(call if_changed,k3secureimg) > > -u-boot.img_HS: u-boot-nodtb.bin_HS u-boot.img $(patsubst > %.dtb,%.dtb_HS,$(OF_LIST_TARGETS)) FORCE > +u-boot.img_HS: u-boot-nodtb.bin_HS u-boot.img dtbs FORCE > $(call if_changed,mkimage) > Because then no one will depend on the _HS versions of the .dtb files, so they wont get built. I agree it's a huge mess right now, the "correct" thing to do would be for the %.dtb_HS files to depend on their corresponding %.dtb files from which they are generated. Which they do, kinda. But Make doesn't seem smart enough to know that at the start, it checks for the .dtb files and fails instantly during the first round of parsing, due to the .dtb files not existing and no rules existing for them. The .dtb files are not being generated by a rule with their name so Make doesn't understand they will be generated later, because U-Boot uses scripting for dtbs and uses target "dtbs". So we are stuck depending on that until someone does some major rework of the U-Boot/Linux makefiles.. Feel free :D Andrew > > Disclaimer: I didn't actually test the HS path, just the unsigned build. > > But also with this change, make -j remains broken for this target: > > [...] > COPYu-boot.dtb > MKIMAGE u-boot-dtb.img > MKIMAGE u-boot.img > CAT u-boot-dtb.bin > COPYu-boot.bin > CC spl/./lib/asm-offsets.s > CC spl/./arch/arm/lib/asm-offsets.s > ../tools/k3_fit_atf.sh \ > spl/dts/k3-am654-base-board.dtb > u-boot-spl-k3.its > LDS spl/u-boot-spl.lds > FDTGREP spl/dts/k3-am654-base-board.dtb > Usage: fdtgrep - extract portions from device tree > [...] > > Error: Cannot open output file > make[2]: *** [../scripts/Makefile.spl:465: spl/dts/k3-am654-base-board.dtb] > Error 1 > make[2]: *** Waiting for unfinished jobs > > > Something is fishy with dependencies here. Any ideas? > > Thanks, > Jan >
[PATCH] arm: K3: Increase default SYSFW image size allocation
The memory allocated to store the FIT image containing SYSFW and board configuration data is statically defined to the largest size expected. Some additions to the board configuration data has pushed us slightly over the current defined size on some HS devices, expand to 278000. Signed-off-by: Andrew F. Davis --- arch/arm/mach-k3/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/mach-k3/Kconfig b/arch/arm/mach-k3/Kconfig index a13cbef9b5..c7d186149b 100644 --- a/arch/arm/mach-k3/Kconfig +++ b/arch/arm/mach-k3/Kconfig @@ -119,7 +119,7 @@ config K3_SYSFW_IMAGE_MMCSD_RAW_MODE_PART config K3_SYSFW_IMAGE_SIZE_MAX int "Amount of memory dynamically allocated for loading SYSFW blob" depends on K3_LOAD_SYSFW - default 277000 + default 278000 help Amount of memory (in bytes) reserved through dynamic allocation at runtime for loading the combined System Firmware and configuration image -- 2.17.1
Re: [PATCH] tools: k3_gen_x509_cert: Allow selecting early JTAG debug value
On 4/23/20 2:38 AM, Lokesh Vutla wrote:
>
>
> On 22/04/20 10:39 PM, Andrew F. Davis wrote:
>> When authenticating the initial boot binary the ROM will check a debug
>> type value in the certificate and based on that open JTAG access to that
>> core.
>>
>> The default is currently full access, on HS this is useful for early
>> developers, but should not be the default as to prevent end system
>> integrators from unintentionally leaving this open.
>
> Won't JTAG access is useful for early developers. UART as well not available
> at
> this point. What we offer out of the box is not a production ready secure
> system. I would prefer to have it enabled by default.
>
Who are these early developers? Pre-SYSFW on HS is a harsh environment,
firewalls and other pitfalls limit one to only what is needed to get
SYSFW loaded. Only a handful of folks will ever touch the source this
early, and they will be using a GP device for that development, in which
case debug is enabled, even with this change.
I'd guess I'm the only developer touching code this early on HS, I say
this as so far I'm the only one who has noticed that there is a ROM
issue that makes early debug on HS almost unusable.
Accidentally leaving this open completely defeats the chain of trust, I
guarantee some production system will do this if we leave JTAG open by
default, it happens all the time.
So debug doesn't work here anyway, no one uses it and those who do can
flip this bit with the command line flag, and leaving it on will lead to
a huge security issue for one of our customers.
Andrew
> Thanks and regards,
> Lokesh
>
>>
>> On non-HS devices JTAG is left open anyway so this does not change
>> behavior on those devices. Change the default to off and allow it to be
>> switched back on by command line flag if needed.
>>
>> Signed-off-by: Andrew F. Davis
>> ---
>> tools/k3_gen_x509_cert.sh | 14 +++---
>> 1 file changed, 11 insertions(+), 3 deletions(-)
>>
>> diff --git a/tools/k3_gen_x509_cert.sh b/tools/k3_gen_x509_cert.sh
>> index b6d055f6f5..298cec1313 100755
>> --- a/tools/k3_gen_x509_cert.sh
>> +++ b/tools/k3_gen_x509_cert.sh
>> @@ -12,6 +12,7 @@ RAND_KEY=eckey.pem
>> LOADADDR=0x41c0
>> BOOTCORE_OPTS=0
>> BOOTCORE=16
>> +DEBUG_TYPE=0
>>
>> gen_degen_template() {
>> cat << 'EOF' > degen-template.txt
>> @@ -79,7 +80,7 @@ cat << 'EOF' > x509-template.txt
>>
>> [ debug ]
>> debugUID =
>> FORMAT:HEX,OCT:
>> - debugType = INTEGER:4
>> + debugType = INTEGER:TEST_DEBUG_TYPE
>> coreDbgEn = INTEGER:0
>> coreDbgSecEn = INTEGER:0
>> EOF
>> @@ -151,8 +152,9 @@ options_help[k]="key_file:file with key inside it. If
>> not provided script genera
>> options_help[o]="output_file:Name of the final output file. default to
>> $OUTPUT"
>> options_help[c]="core_id:target core id on which the image would be
>> running. Default to $BOOTCORE"
>> options_help[l]="loadaddr: Target load address of the binary in hex.
>> Default to $LOADADDR"
>> +options_help[d]="debug_type: Debug type, set to 4 to enable early JTAG.
>> Default to $DEBUG_TYPE"
>>
>> -while getopts "b:k:o:c:l:h" opt
>> +while getopts "b:k:o:c:l:d:h" opt
>> do
>> case $opt in
>> b)
>> @@ -170,6 +172,9 @@ do
>> c)
>> BOOTCORE=$OPTARG
>> ;;
>> +d)
>> +DEBUG_TYPE=$OPTARG
>> +;;
>> h)
>> usage
>> exit 0
>> @@ -224,12 +229,15 @@ gen_cert() {
>> #echo " LOADADDR = 0x$ADDR"
>> #echo " IMAGE_SIZE = $BIN_SIZE"
>> #echo " CERT_TYPE = $CERTTYPE"
>> +#echo " DEBUG_TYPE = $DEBUG_TYPE"
>> sed -e "s/TEST_IMAGE_LENGTH/$BIN_SIZE/" \
>> -e "s/TEST_IMAGE_SHA_VAL/$SHA_VAL/" \
>> -e "s/TEST_CERT_TYPE/$CERTTYPE/" \
>> -e "s/TEST_BOOT_CORE_OPTS/$BOOTCORE_OPTS/" \
>> -e "s/TEST_BOOT_CORE/$BOOTCORE/" \
>> --e "s/TEST_BOOT_ADDR/$ADDR/" x509-template.txt > $TEMP_X509
>> +-e "s/TEST_BOOT_ADDR/$ADDR/" \
>> +-e "s/TEST_DEBUG_TYPE/$DEBUG_TYPE/" \
>> +x509-template.txt > $TEMP_X509
>> openssl req -new -x509 -key $KEY -nodes -outform DER -out $CERT -config
>> $TEMP_X509 -sha512
>> }
>>
>>
[PATCH] tools: k3_gen_x509_cert: Allow selecting early JTAG debug value
When authenticating the initial boot binary the ROM will check a debug
type value in the certificate and based on that open JTAG access to that
core.
The default is currently full access, on HS this is useful for early
developers, but should not be the default as to prevent end system
integrators from unintentionally leaving this open.
On non-HS devices JTAG is left open anyway so this does not change
behavior on those devices. Change the default to off and allow it to be
switched back on by command line flag if needed.
Signed-off-by: Andrew F. Davis
---
tools/k3_gen_x509_cert.sh | 14 +++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/tools/k3_gen_x509_cert.sh b/tools/k3_gen_x509_cert.sh
index b6d055f6f5..298cec1313 100755
--- a/tools/k3_gen_x509_cert.sh
+++ b/tools/k3_gen_x509_cert.sh
@@ -12,6 +12,7 @@ RAND_KEY=eckey.pem
LOADADDR=0x41c0
BOOTCORE_OPTS=0
BOOTCORE=16
+DEBUG_TYPE=0
gen_degen_template() {
cat << 'EOF' > degen-template.txt
@@ -79,7 +80,7 @@ cat << 'EOF' > x509-template.txt
[ debug ]
debugUID =
FORMAT:HEX,OCT:
- debugType = INTEGER:4
+ debugType = INTEGER:TEST_DEBUG_TYPE
coreDbgEn = INTEGER:0
coreDbgSecEn = INTEGER:0
EOF
@@ -151,8 +152,9 @@ options_help[k]="key_file:file with key inside it. If not
provided script genera
options_help[o]="output_file:Name of the final output file. default to $OUTPUT"
options_help[c]="core_id:target core id on which the image would be running.
Default to $BOOTCORE"
options_help[l]="loadaddr: Target load address of the binary in hex. Default
to $LOADADDR"
+options_help[d]="debug_type: Debug type, set to 4 to enable early JTAG.
Default to $DEBUG_TYPE"
-while getopts "b:k:o:c:l:h" opt
+while getopts "b:k:o:c:l:d:h" opt
do
case $opt in
b)
@@ -170,6 +172,9 @@ do
c)
BOOTCORE=$OPTARG
;;
+ d)
+ DEBUG_TYPE=$OPTARG
+ ;;
h)
usage
exit 0
@@ -224,12 +229,15 @@ gen_cert() {
#echo " LOADADDR = 0x$ADDR"
#echo " IMAGE_SIZE = $BIN_SIZE"
#echo " CERT_TYPE = $CERTTYPE"
+ #echo " DEBUG_TYPE = $DEBUG_TYPE"
sed -e "s/TEST_IMAGE_LENGTH/$BIN_SIZE/" \
-e "s/TEST_IMAGE_SHA_VAL/$SHA_VAL/" \
-e "s/TEST_CERT_TYPE/$CERTTYPE/" \
-e "s/TEST_BOOT_CORE_OPTS/$BOOTCORE_OPTS/" \
-e "s/TEST_BOOT_CORE/$BOOTCORE/" \
- -e "s/TEST_BOOT_ADDR/$ADDR/" x509-template.txt > $TEMP_X509
+ -e "s/TEST_BOOT_ADDR/$ADDR/" \
+ -e "s/TEST_DEBUG_TYPE/$DEBUG_TYPE/" \
+ x509-template.txt > $TEMP_X509
openssl req -new -x509 -key $KEY -nodes -outform DER -out $CERT -config
$TEMP_X509 -sha512
}
--
2.17.1
Re: [U-Boot] [PATCH] defconfigs: am65x_hs_evm: Sync HS and non-HS defconfigs
On 3/10/20 4:15 AM, Lokesh Vutla wrote: > > > On 09/03/20 9:56 PM, Andrew F. Davis wrote: >> Additions have been made to the non-HS defconfig without the same >> being made to the HS defconfig, sync them. > > As I said earlier, It is not easy for everyone to enable and test HS > platforms. > I know, it's a real pain, but the only difference between configs should be a couple options relating to HS. Everything else that is added to the non-HS config should get added to the HS one, no testing needed (I end up testing all the HS plats every so often and I find more bugs related to options not being set that are now needed, than the reverse). We can either do some kind of defconfig overlay, or keep moving more default config options to be selected/implied automatically by the SOC or EVM type in the Kconfig files. >> >> Signed-off-by: Andrew F. Davis > > Can you rebase on top of u-boot-ti next brnach[0] and repost? > Sure, reposted. Andrew > [0] https://gitlab.denx.de/u-boot/custodians/u-boot-ti.git next > > Thanks and regards, > Lokesh >
[U-Boot] [PATCH v2] defconfigs: am65x_hs_evm: Sync HS and non-HS defconfigs
Additions have been made to the non-HS defconfig without the same
being made to the HS defconfig, sync them.
Signed-off-by: Andrew F. Davis
---
Changes from v1:
- Rebased on u-boot-ti/next
configs/am65x_hs_evm_a53_defconfig | 49 +++---
configs/am65x_hs_evm_r5_defconfig | 5 +++
2 files changed, 50 insertions(+), 4 deletions(-)
diff --git a/configs/am65x_hs_evm_a53_defconfig
b/configs/am65x_hs_evm_a53_defconfig
index 29d9f2b168..9f43cee396 100644
--- a/configs/am65x_hs_evm_a53_defconfig
+++ b/configs/am65x_hs_evm_a53_defconfig
@@ -7,6 +7,7 @@ CONFIG_SYS_MALLOC_F_LEN=0x8000
CONFIG_SOC_K3_AM6=y
CONFIG_TARGET_AM654_A53_EVM=y
CONFIG_ENV_SIZE=0x2
+CONFIG_ENV_OFFSET=0x68
CONFIG_DM_GPIO=y
CONFIG_SPL_MMC_SUPPORT=y
CONFIG_SPL_SERIAL_SUPPORT=y
@@ -17,6 +18,7 @@ CONFIG_SPL_FS_FAT=y
CONFIG_SPL_LIBDISK_SUPPORT=y
CONFIG_SPL_SPI_FLASH_SUPPORT=y
CONFIG_SPL_SPI_SUPPORT=y
+# CONFIG_PSCI_RESET is not set
CONFIG_SPL_TEXT_BASE=0x8008
CONFIG_DISTRO_DEFAULTS=y
# CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set
@@ -25,6 +27,7 @@ CONFIG_SPL_LOAD_FIT=y
CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y
CONFIG_OF_BOARD_SETUP=y
CONFIG_BOOTCOMMAND="run findfdt; run envboot; run init_${boot}; run
get_fit_${boot}; run get_overlaystring; run run_fit"
+CONFIG_CONSOLE_MUX=y
CONFIG_SPL_SYS_MALLOC_SIMPLE=y
CONFIG_SPL_STACK_R=y
CONFIG_SPL_SEPARATE_BSS=y
@@ -43,24 +46,30 @@ CONFIG_SPL_SPI_LOAD=y
CONFIG_SYS_SPI_U_BOOT_OFFS=0x28
CONFIG_SPL_YMODEM_SUPPORT=y
CONFIG_CMD_ASKENV=y
+CONFIG_CMD_DFU=y
+CONFIG_CMD_GPT=y
CONFIG_CMD_I2C=y
CONFIG_CMD_MMC=y
+CONFIG_CMD_PCI=y
+CONFIG_CMD_REMOTEPROC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_USB=y
# CONFIG_CMD_SETEXPR is not set
CONFIG_CMD_TIME=y
CONFIG_MTDIDS_DEFAULT="nor0=4704.spi.0"
CONFIG_MTDPARTS_DEFAULT="mtdparts=4704.spi.0:512k(ospi.tiboot3),2m(ospi.tispl),4m(ospi.u-boot),128k(ospi.env),128k(ospi.env.backup),1m(ospi.sysfw),-@8m(ospi.rootfs)"
CONFIG_CMD_UBI=y
# CONFIG_ISO_PARTITION is not set
-# CONFIG_EFI_PARTITION is not set
CONFIG_OF_CONTROL=y
CONFIG_SPL_OF_CONTROL=y
CONFIG_DEFAULT_DEVICE_TREE="k3-am654-base-board"
CONFIG_SPL_MULTI_DTB_FIT=y
CONFIG_SPL_MULTI_DTB_FIT_NO_COMPRESSION=y
-CONFIG_ENV_IS_IN_FAT=y
-CONFIG_ENV_FAT_INTERFACE="mmc"
-CONFIG_ENV_FAT_DEVICE_AND_PART="1:1"
+CONFIG_ENV_IS_IN_MMC=y
+CONFIG_SYS_REDUNDAND_ENVIRONMENT=y
+CONFIG_ENV_OFFSET_REDUND=0x6A
CONFIG_SYS_RELOC_GD_ENV_ADDR=y
+CONFIG_NET_RANDOM_ETHADDR=y
CONFIG_DM=y
CONFIG_SPL_DM=y
CONFIG_SPL_DM_SEQ_ALIAS=y
@@ -69,6 +78,9 @@ CONFIG_SPL_OF_TRANSLATE=y
CONFIG_CLK=y
CONFIG_SPL_CLK=y
CONFIG_CLK_TI_SCI=y
+CONFIG_DFU_MMC=y
+CONFIG_DFU_RAM=y
+CONFIG_DFU_SF=y
CONFIG_DMA_CHANNELS=y
CONFIG_TI_K3_NAVSS_UDMA=y
CONFIG_TI_SCI_PROTOCOL=y
@@ -76,6 +88,7 @@ CONFIG_DM_PCA953X=y
CONFIG_DM_I2C=y
CONFIG_I2C_SET_DEFAULT_BUS_NUM=y
CONFIG_SYS_I2C_OMAP24XX=y
+CONFIG_DM_KEYBOARD=y
CONFIG_DM_MAILBOX=y
CONFIG_K3_SEC_PROXY=y
CONFIG_DM_MMC=y
@@ -89,6 +102,19 @@ CONFIG_DM_SPI_FLASH=y
CONFIG_SPI_FLASH_SFDP_SUPPORT
CONFIG_SPI_FLASH_STMICRO=y
# CONFIG_SPI_FLASH_USE_4K_SECTORS is not set
+CONFIG_SPI_FLASH_MTD=y
+CONFIG_PHY_TI=y
+CONFIG_PHY_FIXED=y
+CONFIG_DM_ETH=y
+CONFIG_E1000=y
+CONFIG_CMD_E1000=y
+CONFIG_TI_AM65_CPSW_NUSS=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_PCI_KEYSTONE=y
+CONFIG_PHY=y
+CONFIG_AM654_PHY=y
+CONFIG_OMAP_USB2_PHY=y
CONFIG_PINCTRL=y
# CONFIG_PINCTRL_GENERIC is not set
CONFIG_SPL_PINCTRL=y
@@ -96,6 +122,7 @@ CONFIG_SPL_PINCTRL=y
CONFIG_PINCTRL_SINGLE=y
CONFIG_POWER_DOMAIN=y
CONFIG_TI_SCI_POWER_DOMAIN=y
+CONFIG_REMOTEPROC_TI_K3_R5F=y
CONFIG_DM_RESET=y
CONFIG_RESET_TI_SCI=y
CONFIG_DM_SERIAL=y
@@ -106,4 +133,18 @@ CONFIG_CADENCE_QSPI=y
CONFIG_SYSRESET=y
CONFIG_SPL_SYSRESET=y
CONFIG_SYSRESET_TI_SCI=y
+CONFIG_USB=y
+CONFIG_DM_USB=y
+CONFIG_DM_USB_GADGET=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_USB_DWC3=y
+CONFIG_USB_DWC3_GENERIC=y
+CONFIG_USB_KEYBOARD=y
+CONFIG_USB_GADGET=y
+CONFIG_USB_GADGET_MANUFACTURER="Texas Instruments"
+CONFIG_USB_GADGET_VENDOR_NUM=0x0451
+CONFIG_USB_GADGET_PRODUCT_NUM=0x6162
+CONFIG_USB_GADGET_DOWNLOAD=y
+CONFIG_FAT_WRITE=y
CONFIG_OF_LIBFDT_OVERLAY=y
diff --git a/configs/am65x_hs_evm_r5_defconfig
b/configs/am65x_hs_evm_r5_defconfig
index 91178f8721..bbf50bf72b 100644
--- a/configs/am65x_hs_evm_r5_defconfig
+++ b/configs/am65x_hs_evm_r5_defconfig
@@ -6,6 +6,7 @@ CONFIG_SPL_LIBCOMMON_SUPPORT=y
CONFIG_SPL_LIBGENERIC_SUPPORT=y
CONFIG_SYS_MALLOC_F_LEN=0x55000
CONFIG_SOC_K3_AM6=y
+CONFIG_K3_EARLY_CONS=y
CONFIG_TARGET_AM654_R5_EVM=y
CONFIG_ENV_SIZE=0x2
CONFIG_DM_GPIO=y
@@ -81,8 +82,11 @@ CONFIG_SYS_I2C_OMAP24XX=y
CONFIG_DM_MAILBOX=y
CONFIG_K3_SEC_PROXY=y
CONFIG_MISC=y
+CONFIG_K3_AVS0=y
CONFIG_DM_MMC=y
CONFIG_MMC_SDHCI=y
+CONFIG_SPL_MMC_SDHCI_ADMA=y
+CONFIG_MMC_SDHCI_AM654=y
CONFIG_DM_SPI_FLASH=y
CONFIG_SPI_FLASH_SFDP_SUPPORT=y
CONFIG_SPI_FLASH_STMICRO=y
@@ -98,6 +102,7 @@ CONFIG_DM_REGULATOR=y
CONFIG_SPL_DM_R
[U-Boot] [PATCH] defconfigs: am65x_hs_evm: Sync HS and non-HS defconfigs
Additions have been made to the non-HS defconfig without the same
being made to the HS defconfig, sync them.
Signed-off-by: Andrew F. Davis
---
configs/am65x_hs_evm_a53_defconfig | 50 +++---
configs/am65x_hs_evm_r5_defconfig | 7 +
2 files changed, 53 insertions(+), 4 deletions(-)
diff --git a/configs/am65x_hs_evm_a53_defconfig
b/configs/am65x_hs_evm_a53_defconfig
index 6097a02247..95c1949fe8 100644
--- a/configs/am65x_hs_evm_a53_defconfig
+++ b/configs/am65x_hs_evm_a53_defconfig
@@ -7,14 +7,17 @@ CONFIG_SYS_MALLOC_F_LEN=0x8000
CONFIG_SOC_K3_AM6=y
CONFIG_TARGET_AM654_A53_EVM=y
CONFIG_ENV_SIZE=0x2
+CONFIG_ENV_OFFSET=0x68
CONFIG_DM_GPIO=y
CONFIG_SPL_MMC_SUPPORT=y
CONFIG_SPL_SERIAL_SUPPORT=y
CONFIG_SPL_DRIVERS_MISC_SUPPORT=y
CONFIG_SPL_STACK_R_ADDR=0x8200
CONFIG_NR_DRAM_BANKS=2
+CONFIG_ENV_OFFSET_REDUND=0x6A
CONFIG_SPL_FS_FAT=y
CONFIG_SPL_LIBDISK_SUPPORT=y
+# CONFIG_PSCI_RESET is not set
CONFIG_SPL_TEXT_BASE=0x8008
CONFIG_DISTRO_DEFAULTS=y
# CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set
@@ -23,6 +26,7 @@ CONFIG_SPL_LOAD_FIT=y
CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y
CONFIG_OF_BOARD_SETUP=y
CONFIG_BOOTCOMMAND="run findfdt; run envboot; run init_${boot}; run
get_fit_${boot}; run get_overlaystring; run run_fit"
+CONFIG_CONSOLE_MUX=y
CONFIG_SPL_SYS_MALLOC_SIMPLE=y
CONFIG_SPL_STACK_R=y
CONFIG_SPL_SEPARATE_BSS=y
@@ -34,27 +38,34 @@ CONFIG_SPL_DM_RESET=y
CONFIG_SPL_POWER_DOMAIN=y
CONFIG_SPL_YMODEM_SUPPORT=y
CONFIG_CMD_ASKENV=y
+CONFIG_CMD_DFU=y
+CONFIG_CMD_GPT=y
CONFIG_CMD_I2C=y
CONFIG_CMD_MMC=y
+CONFIG_CMD_PCI=y
+CONFIG_CMD_REMOTEPROC=y
+CONFIG_CMD_USB=y
# CONFIG_CMD_SETEXPR is not set
CONFIG_CMD_TIME=y
# CONFIG_ISO_PARTITION is not set
-# CONFIG_EFI_PARTITION is not set
CONFIG_OF_CONTROL=y
CONFIG_SPL_OF_CONTROL=y
CONFIG_DEFAULT_DEVICE_TREE="k3-am654-base-board"
CONFIG_SPL_MULTI_DTB_FIT=y
CONFIG_SPL_MULTI_DTB_FIT_NO_COMPRESSION=y
-CONFIG_ENV_IS_IN_FAT=y
-CONFIG_ENV_FAT_INTERFACE="mmc"
-CONFIG_ENV_FAT_DEVICE_AND_PART="1:1"
+CONFIG_ENV_IS_IN_MMC=y
+CONFIG_SYS_REDUNDAND_ENVIRONMENT=y
CONFIG_SYS_RELOC_GD_ENV_ADDR=y
+CONFIG_NET_RANDOM_ETHADDR=y
CONFIG_DM=y
CONFIG_SPL_DM=y
CONFIG_SPL_DM_SEQ_ALIAS=y
+CONFIG_SPL_REGMAP=y
CONFIG_CLK=y
CONFIG_SPL_CLK=y
CONFIG_CLK_TI_SCI=y
+CONFIG_DFU_MMC=y
+CONFIG_DFU_RAM=y
CONFIG_DMA_CHANNELS=y
CONFIG_TI_K3_NAVSS_UDMA=y
CONFIG_TI_SCI_PROTOCOL=y
@@ -62,10 +73,26 @@ CONFIG_DM_PCA953X=y
CONFIG_DM_I2C=y
CONFIG_I2C_SET_DEFAULT_BUS_NUM=y
CONFIG_SYS_I2C_OMAP24XX=y
+CONFIG_DM_KEYBOARD=y
CONFIG_DM_MAILBOX=y
CONFIG_K3_SEC_PROXY=y
CONFIG_DM_MMC=y
CONFIG_MMC_SDHCI=y
+CONFIG_MMC_SDHCI_ADMA=y
+CONFIG_SPL_MMC_SDHCI_ADMA=y
+CONFIG_MMC_SDHCI_AM654=y
+CONFIG_PHY_TI=y
+CONFIG_PHY_FIXED=y
+CONFIG_DM_ETH=y
+CONFIG_E1000=y
+CONFIG_CMD_E1000=y
+CONFIG_TI_AM65_CPSW_NUSS=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_PCI_KEYSTONE=y
+CONFIG_PHY=y
+CONFIG_AM654_PHY=y
+CONFIG_OMAP_USB2_PHY=y
CONFIG_PINCTRL=y
# CONFIG_PINCTRL_GENERIC is not set
CONFIG_SPL_PINCTRL=y
@@ -73,6 +100,7 @@ CONFIG_SPL_PINCTRL=y
CONFIG_PINCTRL_SINGLE=y
CONFIG_POWER_DOMAIN=y
CONFIG_TI_SCI_POWER_DOMAIN=y
+CONFIG_REMOTEPROC_TI_K3_R5F=y
CONFIG_DM_RESET=y
CONFIG_RESET_TI_SCI=y
CONFIG_DM_SERIAL=y
@@ -80,4 +108,18 @@ CONFIG_SOC_TI=y
CONFIG_SYSRESET=y
CONFIG_SPL_SYSRESET=y
CONFIG_SYSRESET_TI_SCI=y
+CONFIG_USB=y
+CONFIG_DM_USB=y
+CONFIG_DM_USB_GADGET=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_USB_DWC3=y
+CONFIG_USB_DWC3_GENERIC=y
+CONFIG_USB_KEYBOARD=y
+CONFIG_USB_GADGET=y
+CONFIG_USB_GADGET_MANUFACTURER="Texas Instruments"
+CONFIG_USB_GADGET_VENDOR_NUM=0x0451
+CONFIG_USB_GADGET_PRODUCT_NUM=0x6162
+CONFIG_USB_GADGET_DOWNLOAD=y
+CONFIG_FAT_WRITE=y
CONFIG_OF_LIBFDT_OVERLAY=y
diff --git a/configs/am65x_hs_evm_r5_defconfig
b/configs/am65x_hs_evm_r5_defconfig
index 0cdfc735b6..a1e21aa030 100644
--- a/configs/am65x_hs_evm_r5_defconfig
+++ b/configs/am65x_hs_evm_r5_defconfig
@@ -6,6 +6,7 @@ CONFIG_SPL_LIBCOMMON_SUPPORT=y
CONFIG_SPL_LIBGENERIC_SUPPORT=y
CONFIG_SYS_MALLOC_F_LEN=0x55000
CONFIG_SOC_K3_AM6=y
+CONFIG_K3_EARLY_CONS=y
CONFIG_TARGET_AM654_R5_EVM=y
CONFIG_ENV_SIZE=0x2
CONFIG_DM_GPIO=y
@@ -58,6 +59,8 @@ CONFIG_SYS_RELOC_GD_ENV_ADDR=y
CONFIG_DM=y
CONFIG_SPL_DM=y
CONFIG_SPL_DM_SEQ_ALIAS=y
+CONFIG_REGMAP=y
+CONFIG_SPL_REGMAP=y
CONFIG_SPL_OF_TRANSLATE=y
CONFIG_CLK=y
CONFIG_SPL_CLK=y
@@ -70,8 +73,11 @@ CONFIG_SYS_I2C_OMAP24XX=y
CONFIG_DM_MAILBOX=y
CONFIG_K3_SEC_PROXY=y
CONFIG_MISC=y
+CONFIG_K3_AVS0=y
CONFIG_DM_MMC=y
CONFIG_MMC_SDHCI=y
+CONFIG_SPL_MMC_SDHCI_ADMA=y
+CONFIG_MMC_SDHCI_AM654=y
CONFIG_PINCTRL=y
# CONFIG_PINCTRL_GENERIC is not set
CONFIG_SPL_PINCTRL=y
@@ -83,6 +89,7 @@ CONFIG_DM_REGULATOR=y
CONFIG_SPL_DM_REGULATOR=y
CONFIG_DM_REGULATOR_GPIO=y
CONFIG_SPL_DM_REGULATOR_GPIO=y
+CONFIG_DM_REGULATOR_TPS62360=y
CONFIG_RAM=y
CONFIG_SPL_RAM=y
CONFIG_K3_SYSTEM_CONTROLLER=y
--
2.17.1
[U-Boot] [PATCH] board: ti: README: Update OP-TEE binary name
The OP-TEE binary to use is renamed to v2 as the v1 binary has been deprecated and is no longer built by default. Reported-by: Grygorii Strashko Signed-off-by: Andrew F. Davis --- board/ti/am65x/README | 2 +- board/ti/j721e/README | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/board/ti/am65x/README b/board/ti/am65x/README index 2e3fd9c4a8..a8aa94024b 100644 --- a/board/ti/am65x/README +++ b/board/ti/am65x/README @@ -138,7 +138,7 @@ $ make ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- O=/tmp/r5 4.2. A53: $ make ARCH=arm CROSS_COMPILE=aarch64-linux-gnu- am65x_evm_a53_defconfig O=/tmp/a53 -$ make ARCH=arm CROSS_COMPILE=aarch64-linux-gnu- ATF=/build/k3/generic/release/bl31.bin TEE=/out/arm-plat-k3/core/tee-pager.bin O=/tmp/a53 +$ make ARCH=arm CROSS_COMPILE=aarch64-linux-gnu- ATF=/build/k3/generic/release/bl31.bin TEE=/out/arm-plat-k3/core/tee-pager_v2.bin O=/tmp/a53 Target Images -- diff --git a/board/ti/j721e/README b/board/ti/j721e/README index 5be7d099db..27461bd2eb 100644 --- a/board/ti/j721e/README +++ b/board/ti/j721e/README @@ -154,7 +154,7 @@ $ make ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- O=/tmp/r5 4.2. A72: $ make ARCH=arm CROSS_COMPILE=aarch64-linux-gnu- j721e_evm_a72_defconfig O=/tmp/a72 -$ make ARCH=arm CROSS_COMPILE=aarch64-linux-gnu- ATF=/build/k3/generic/release/bl31.bin TEE=/out/arm-plat-k3/core/tee-pager.bin O=/tmp/a72 +$ make ARCH=arm CROSS_COMPILE=aarch64-linux-gnu- ATF=/build/k3/generic/release/bl31.bin TEE=/out/arm-plat-k3/core/tee-pager_v2.bin O=/tmp/a72 Target Images -- -- 2.17.1
Re: [PATCH] tools: image-host.c: remove uboot_aes.h
+Praneeth On 2/18/20 11:23 AM, Philippe Reynes wrote: > The include uboot_aes.h is not usefull and > it breaks the compilation on android, so > we remove it. > > Signed-off-by: Philippe Reynes > --- > tools/image-host.c | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/tools/image-host.c b/tools/image-host.c > index 9483561..76a361b 100644 > --- a/tools/image-host.c > +++ b/tools/image-host.c > @@ -12,7 +12,6 @@ > #include > #include > #include > -#include > > /** > * fit_set_hash_value - set hash value in requested has node >
[U-Boot] [PATCH] defconfig: k2x_hs: Remove DTB_RESELECT to fix DHCP issue
From: Madan Srinivas This fixes the inadvertent definition of CONFIG_DTB_RESELECT and CONFIG_MULTI_DTB_FIT in the K2x HS defconfigs, that happened as part of a resync of the defconfigs. The inclusion of these config options causes ethernet to stop working on K2x HS devices as they interfere with the installation of the secure boot monitor. This patch also removes the above configs for the K2 GP devices, as they are not needed, and to keep the differences between the GP and HS defconfigs to a minimum. Signed-off-by: Madan Srinivas Signed-off-by: Andrew F. Davis --- configs/k2e_evm_defconfig | 2 -- configs/k2e_hs_evm_defconfig | 2 -- configs/k2hk_evm_defconfig| 2 -- configs/k2hk_hs_evm_defconfig | 2 -- configs/k2l_evm_defconfig | 2 -- 5 files changed, 10 deletions(-) diff --git a/configs/k2e_evm_defconfig b/configs/k2e_evm_defconfig index 29334c4185..5df19efa9b 100644 --- a/configs/k2e_evm_defconfig +++ b/configs/k2e_evm_defconfig @@ -37,8 +37,6 @@ CONFIG_MTDPARTS_DEFAULT="mtdparts=davinci_nand.0:1024k(bootloader)ro,512k(params CONFIG_CMD_UBI=y CONFIG_OF_CONTROL=y CONFIG_DEFAULT_DEVICE_TREE="keystone-k2e-evm" -CONFIG_DTB_RESELECT=y -CONFIG_MULTI_DTB_FIT=y CONFIG_ENV_IS_IN_NAND=y CONFIG_SYS_RELOC_GD_ENV_ADDR=y CONFIG_NET_RANDOM_ETHADDR=y diff --git a/configs/k2e_hs_evm_defconfig b/configs/k2e_hs_evm_defconfig index 87050ef489..d4b5a5fddd 100644 --- a/configs/k2e_hs_evm_defconfig +++ b/configs/k2e_hs_evm_defconfig @@ -29,8 +29,6 @@ CONFIG_MTDPARTS_DEFAULT="mtdparts=davinci_nand.0:1024k(bootloader)ro,512k(params CONFIG_CMD_UBI=y CONFIG_OF_CONTROL=y CONFIG_DEFAULT_DEVICE_TREE="keystone-k2e-evm" -CONFIG_DTB_RESELECT=y -CONFIG_MULTI_DTB_FIT=y CONFIG_ENV_IS_IN_NAND=y CONFIG_SYS_RELOC_GD_ENV_ADDR=y CONFIG_NET_RANDOM_ETHADDR=y diff --git a/configs/k2hk_evm_defconfig b/configs/k2hk_evm_defconfig index 4cd8647d0f..0635f4a976 100644 --- a/configs/k2hk_evm_defconfig +++ b/configs/k2hk_evm_defconfig @@ -37,8 +37,6 @@ CONFIG_MTDPARTS_DEFAULT="mtdparts=davinci_nand.0:1024k(bootloader)ro,512k(params CONFIG_CMD_UBI=y CONFIG_OF_CONTROL=y CONFIG_DEFAULT_DEVICE_TREE="keystone-k2hk-evm" -CONFIG_DTB_RESELECT=y -CONFIG_MULTI_DTB_FIT=y CONFIG_ENV_IS_IN_NAND=y CONFIG_SYS_RELOC_GD_ENV_ADDR=y CONFIG_NET_RANDOM_ETHADDR=y diff --git a/configs/k2hk_hs_evm_defconfig b/configs/k2hk_hs_evm_defconfig index bd60aa86a3..96cab51687 100644 --- a/configs/k2hk_hs_evm_defconfig +++ b/configs/k2hk_hs_evm_defconfig @@ -29,8 +29,6 @@ CONFIG_MTDPARTS_DEFAULT="mtdparts=davinci_nand.0:1024k(bootloader)ro,512k(params CONFIG_CMD_UBI=y CONFIG_OF_CONTROL=y CONFIG_DEFAULT_DEVICE_TREE="keystone-k2hk-evm" -CONFIG_DTB_RESELECT=y -CONFIG_MULTI_DTB_FIT=y CONFIG_ENV_IS_IN_NAND=y CONFIG_SYS_RELOC_GD_ENV_ADDR=y CONFIG_NET_RANDOM_ETHADDR=y diff --git a/configs/k2l_evm_defconfig b/configs/k2l_evm_defconfig index b564b23dca..66f778fa0b 100644 --- a/configs/k2l_evm_defconfig +++ b/configs/k2l_evm_defconfig @@ -37,8 +37,6 @@ CONFIG_MTDPARTS_DEFAULT="mtdparts=davinci_nand.0:1024k(bootloader)ro,512k(params CONFIG_CMD_UBI=y CONFIG_OF_CONTROL=y CONFIG_DEFAULT_DEVICE_TREE="keystone-k2l-evm" -CONFIG_DTB_RESELECT=y -CONFIG_MULTI_DTB_FIT=y CONFIG_ENV_IS_IN_NAND=y CONFIG_SYS_RELOC_GD_ENV_ADDR=y CONFIG_NET_RANDOM_ETHADDR=y -- 2.17.1
Re: [PATCH v3 02/10] arm: k3: Add support for loading non linux remote cores
On 1/24/20 3:42 AM, Tero Kristo wrote:
> On 23/01/2020 19:19, Keerthy wrote:
>>
>>
>> On 23/01/20 10:35 pm, Andrew F. Davis wrote:
>>> On 1/23/20 11:44 AM, Keerthy wrote:
>>>>
>>>>
>>>> On 23/01/20 6:54 pm, Andrew F. Davis wrote:
>>>>> On 1/22/20 11:10 PM, Keerthy wrote:
>>>>>>
>>>>>>
>>>>>> On 22/01/20 9:55 pm, Andrew F. Davis wrote:
>>>>>>> On 1/21/20 8:10 PM, keerthy wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>> On 1/21/2020 6:26 PM, Andrew F. Davis wrote:
>>>>>>>>> On 1/21/20 6:07 AM, Keerthy wrote:
>>>>>>>>>> Add MAIN domain R5FSS0 remoteproc support from spl. This enables
>>>>>>>>>> loading the elf firmware in SPL and starting the remotecore.
>>>>>>>>>>
>>>>>>>>>> In order to start the core, there should be a file with path
>>>>>>>>>> "/lib/firmware/j7-main-r5f0_0-fw" under filesystem
>>>>>>>>>> of respective boot mode.
>>>>>>>>>>
>>>>>>>>>> Signed-off-by: Keerthy
>>>>>>>>>> Signed-off-by: Lokesh Vutla
>>>>>>>>>> [Guard start_non_linux_remote_cores under CONFIG_FS_LOADER]
>>>>>>>>>> Signed-off-by: Andreas Dannenberg
>>>>>>>>>> ---
>>>>>>>>>> arch/arm/mach-k3/common.c | 84
>>>>>>>>>> ---
>>>>>>>>>> arch/arm/mach-k3/common.h | 2 +
>>>>>>>>>> arch/arm/mach-k3/j721e_init.c | 34 ++
>>>>>>>>>> 3 files changed, 115 insertions(+), 5 deletions(-)
>>>>>>>>>>
>>>>>>>>>> diff --git a/arch/arm/mach-k3/common.c
>>>>>>>>>> b/arch/arm/mach-k3/common.c
>>>>>>>>>> index 8d1529062d..f0ac0c39f1 100644
>>>>>>>>>> --- a/arch/arm/mach-k3/common.c
>>>>>>>>>> +++ b/arch/arm/mach-k3/common.c
>>>>>>>>>> @@ -16,6 +16,10 @@
>>>>>>>>>> #include
>>>>>>>>>> #include
>>>>>>>>>> #include
>>>>>>>>>> +#include
>>>>>>>>>> +#include
>>>>>>>>>> +#include
>>>>>>>>>> +#include
>>>>>>>>>> struct ti_sci_handle *get_ti_sci_handle(void)
>>>>>>>>>> {
>>>>>>>>>> @@ -57,6 +61,74 @@ int early_console_init(void)
>>>>>>>>>> #endif
>>>>>>>>>> #ifdef CONFIG_SYS_K3_SPL_ATF
>>>>>>>>>> +
>>>>>>>>>> +void init_env(void)
>>>>>>>>>> +{
>>>>>>>>>> +#ifdef CONFIG_SPL_ENV_SUPPORT
>>>>>>>>>> + char *part;
>>>>>>>>>> +
>>>>>>>>>> + env_init();
>>>>>>>>>> + env_load();
>>>>>>>>>> + switch (spl_boot_device()) {
>>>>>>>>>> + case BOOT_DEVICE_MMC2:
>>>>>>>>>> + part = env_get("bootpart");
>>>>>>>>>> + env_set("storage_interface", "mmc");
>>>>>>>>>> + env_set("fw_dev_part", part);
>>>>>>>>>> + break;
>>>>>>>>>> + case BOOT_DEVICE_SPI:
>>>>>>>>>> + env_set("storage_interface", "ubi");
>>>>>>>>>> + env_set("fw_ubi_mtdpart", "UBI");
>>>>>>>>>> + env_set("fw_ubi_volume", "UBI0");
>>>>>>>>>> + break;
>>>>>>>>>> + default:
>>>>>>>>>> + printf("%s from device %u not supported!\n",
>>>>>>>>>> + __func__, spl_boot_device());
>>>>>>>>>
>>>>>>>>>
Re: [PATCH v3 02/10] arm: k3: Add support for loading non linux remote cores
On 1/23/20 11:44 AM, Keerthy wrote:
>
>
> On 23/01/20 6:54 pm, Andrew F. Davis wrote:
>> On 1/22/20 11:10 PM, Keerthy wrote:
>>>
>>>
>>> On 22/01/20 9:55 pm, Andrew F. Davis wrote:
>>>> On 1/21/20 8:10 PM, keerthy wrote:
>>>>>
>>>>>
>>>>> On 1/21/2020 6:26 PM, Andrew F. Davis wrote:
>>>>>> On 1/21/20 6:07 AM, Keerthy wrote:
>>>>>>> Add MAIN domain R5FSS0 remoteproc support from spl. This enables
>>>>>>> loading the elf firmware in SPL and starting the remotecore.
>>>>>>>
>>>>>>> In order to start the core, there should be a file with path
>>>>>>> "/lib/firmware/j7-main-r5f0_0-fw" under filesystem
>>>>>>> of respective boot mode.
>>>>>>>
>>>>>>> Signed-off-by: Keerthy
>>>>>>> Signed-off-by: Lokesh Vutla
>>>>>>> [Guard start_non_linux_remote_cores under CONFIG_FS_LOADER]
>>>>>>> Signed-off-by: Andreas Dannenberg
>>>>>>> ---
>>>>>>> arch/arm/mach-k3/common.c | 84
>>>>>>> ---
>>>>>>> arch/arm/mach-k3/common.h | 2 +
>>>>>>> arch/arm/mach-k3/j721e_init.c | 34 ++
>>>>>>> 3 files changed, 115 insertions(+), 5 deletions(-)
>>>>>>>
>>>>>>> diff --git a/arch/arm/mach-k3/common.c b/arch/arm/mach-k3/common.c
>>>>>>> index 8d1529062d..f0ac0c39f1 100644
>>>>>>> --- a/arch/arm/mach-k3/common.c
>>>>>>> +++ b/arch/arm/mach-k3/common.c
>>>>>>> @@ -16,6 +16,10 @@
>>>>>>> #include
>>>>>>> #include
>>>>>>> #include
>>>>>>> +#include
>>>>>>> +#include
>>>>>>> +#include
>>>>>>> +#include
>>>>>>> struct ti_sci_handle *get_ti_sci_handle(void)
>>>>>>> {
>>>>>>> @@ -57,6 +61,74 @@ int early_console_init(void)
>>>>>>> #endif
>>>>>>> #ifdef CONFIG_SYS_K3_SPL_ATF
>>>>>>> +
>>>>>>> +void init_env(void)
>>>>>>> +{
>>>>>>> +#ifdef CONFIG_SPL_ENV_SUPPORT
>>>>>>> + char *part;
>>>>>>> +
>>>>>>> + env_init();
>>>>>>> + env_load();
>>>>>>> + switch (spl_boot_device()) {
>>>>>>> + case BOOT_DEVICE_MMC2:
>>>>>>> + part = env_get("bootpart");
>>>>>>> + env_set("storage_interface", "mmc");
>>>>>>> + env_set("fw_dev_part", part);
>>>>>>> + break;
>>>>>>> + case BOOT_DEVICE_SPI:
>>>>>>> + env_set("storage_interface", "ubi");
>>>>>>> + env_set("fw_ubi_mtdpart", "UBI");
>>>>>>> + env_set("fw_ubi_volume", "UBI0");
>>>>>>> + break;
>>>>>>> + default:
>>>>>>> + printf("%s from device %u not supported!\n",
>>>>>>> + __func__, spl_boot_device());
>>>>>>
>>>>>>
>>>>>> This will print for almost every boot mode..
>>>>>
>>>>> I can keep this under debug.
>>>>>
>>>>>>
>>>>>>
>>>>>>> + return;
>>>>>>> + }
>>>>>>> +#endif
>>>>>>> +}
>>>>>>> +
>>>>>>> +#ifdef CONFIG_FS_LOADER
>>>>>>> +int load_firmware(char *name_fw, char *name_loadaddr, u32
>>>>>>> *loadaddr)
>>>>>>> +{
>>>>>>> + struct udevice *fsdev;
>>>>>>> + char *name = NULL;
>>>>>>> + int size = 0;
>>>>>>> +
>>>>>>> + *loadaddr = 0;
>>>>>>> +#ifdef CONFIG_SPL_ENV_SUPPORT
>>>>>>> + switch (spl_boot_device()) {
>>>>>>> + case BOOT_DEVICE_MMC2:
>>>>>>> +
Re: [PATCH v3 02/10] arm: k3: Add support for loading non linux remote cores
On 1/22/20 11:10 PM, Keerthy wrote:
>
>
> On 22/01/20 9:55 pm, Andrew F. Davis wrote:
>> On 1/21/20 8:10 PM, keerthy wrote:
>>>
>>>
>>> On 1/21/2020 6:26 PM, Andrew F. Davis wrote:
>>>> On 1/21/20 6:07 AM, Keerthy wrote:
>>>>> Add MAIN domain R5FSS0 remoteproc support from spl. This enables
>>>>> loading the elf firmware in SPL and starting the remotecore.
>>>>>
>>>>> In order to start the core, there should be a file with path
>>>>> "/lib/firmware/j7-main-r5f0_0-fw" under filesystem
>>>>> of respective boot mode.
>>>>>
>>>>> Signed-off-by: Keerthy
>>>>> Signed-off-by: Lokesh Vutla
>>>>> [Guard start_non_linux_remote_cores under CONFIG_FS_LOADER]
>>>>> Signed-off-by: Andreas Dannenberg
>>>>> ---
>>>>> arch/arm/mach-k3/common.c | 84
>>>>> ---
>>>>> arch/arm/mach-k3/common.h | 2 +
>>>>> arch/arm/mach-k3/j721e_init.c | 34 ++
>>>>> 3 files changed, 115 insertions(+), 5 deletions(-)
>>>>>
>>>>> diff --git a/arch/arm/mach-k3/common.c b/arch/arm/mach-k3/common.c
>>>>> index 8d1529062d..f0ac0c39f1 100644
>>>>> --- a/arch/arm/mach-k3/common.c
>>>>> +++ b/arch/arm/mach-k3/common.c
>>>>> @@ -16,6 +16,10 @@
>>>>> #include
>>>>> #include
>>>>> #include
>>>>> +#include
>>>>> +#include
>>>>> +#include
>>>>> +#include
>>>>> struct ti_sci_handle *get_ti_sci_handle(void)
>>>>> {
>>>>> @@ -57,6 +61,74 @@ int early_console_init(void)
>>>>> #endif
>>>>> #ifdef CONFIG_SYS_K3_SPL_ATF
>>>>> +
>>>>> +void init_env(void)
>>>>> +{
>>>>> +#ifdef CONFIG_SPL_ENV_SUPPORT
>>>>> + char *part;
>>>>> +
>>>>> + env_init();
>>>>> + env_load();
>>>>> + switch (spl_boot_device()) {
>>>>> + case BOOT_DEVICE_MMC2:
>>>>> + part = env_get("bootpart");
>>>>> + env_set("storage_interface", "mmc");
>>>>> + env_set("fw_dev_part", part);
>>>>> + break;
>>>>> + case BOOT_DEVICE_SPI:
>>>>> + env_set("storage_interface", "ubi");
>>>>> + env_set("fw_ubi_mtdpart", "UBI");
>>>>> + env_set("fw_ubi_volume", "UBI0");
>>>>> + break;
>>>>> + default:
>>>>> + printf("%s from device %u not supported!\n",
>>>>> + __func__, spl_boot_device());
>>>>
>>>>
>>>> This will print for almost every boot mode..
>>>
>>> I can keep this under debug.
>>>
>>>>
>>>>
>>>>> + return;
>>>>> + }
>>>>> +#endif
>>>>> +}
>>>>> +
>>>>> +#ifdef CONFIG_FS_LOADER
>>>>> +int load_firmware(char *name_fw, char *name_loadaddr, u32 *loadaddr)
>>>>> +{
>>>>> + struct udevice *fsdev;
>>>>> + char *name = NULL;
>>>>> + int size = 0;
>>>>> +
>>>>> + *loadaddr = 0;
>>>>> +#ifdef CONFIG_SPL_ENV_SUPPORT
>>>>> + switch (spl_boot_device()) {
>>>>> + case BOOT_DEVICE_MMC2:
>>>>> + name = env_get(name_fw);
>>>>> + *loadaddr = env_get_hex(name_loadaddr, *loadaddr);
>>>>> + break;
>>>>> + default:
>>>>> + printf("Loading rproc fw image from device %u not
>>>>> supported!\n",
>>>>> + spl_boot_device());
>>>>
>>>>
>>>> This whole thing seems very MMC specific, if early firmware loading is
>>>> important it should work for all boot modes. Find a way to include
>>>> it in
>>>> the next boot stage FIT image (tispl.bin) so it works for all modes.
>>>
>>> That was not NAKd. We are going with fs_loader approach.
>>>
>>
>>
>> When, where, link?
>
> I had implemented that way internally
Re: [PATCH v3 02/10] arm: k3: Add support for loading non linux remote cores
On 1/21/20 8:10 PM, keerthy wrote:
>
>
> On 1/21/2020 6:26 PM, Andrew F. Davis wrote:
>> On 1/21/20 6:07 AM, Keerthy wrote:
>>> Add MAIN domain R5FSS0 remoteproc support from spl. This enables
>>> loading the elf firmware in SPL and starting the remotecore.
>>>
>>> In order to start the core, there should be a file with path
>>> "/lib/firmware/j7-main-r5f0_0-fw" under filesystem
>>> of respective boot mode.
>>>
>>> Signed-off-by: Keerthy
>>> Signed-off-by: Lokesh Vutla
>>> [Guard start_non_linux_remote_cores under CONFIG_FS_LOADER]
>>> Signed-off-by: Andreas Dannenberg
>>> ---
>>> arch/arm/mach-k3/common.c | 84 ---
>>> arch/arm/mach-k3/common.h | 2 +
>>> arch/arm/mach-k3/j721e_init.c | 34 ++
>>> 3 files changed, 115 insertions(+), 5 deletions(-)
>>>
>>> diff --git a/arch/arm/mach-k3/common.c b/arch/arm/mach-k3/common.c
>>> index 8d1529062d..f0ac0c39f1 100644
>>> --- a/arch/arm/mach-k3/common.c
>>> +++ b/arch/arm/mach-k3/common.c
>>> @@ -16,6 +16,10 @@
>>> #include
>>> #include
>>> #include
>>> +#include
>>> +#include
>>> +#include
>>> +#include
>>> struct ti_sci_handle *get_ti_sci_handle(void)
>>> {
>>> @@ -57,6 +61,74 @@ int early_console_init(void)
>>> #endif
>>> #ifdef CONFIG_SYS_K3_SPL_ATF
>>> +
>>> +void init_env(void)
>>> +{
>>> +#ifdef CONFIG_SPL_ENV_SUPPORT
>>> + char *part;
>>> +
>>> + env_init();
>>> + env_load();
>>> + switch (spl_boot_device()) {
>>> + case BOOT_DEVICE_MMC2:
>>> + part = env_get("bootpart");
>>> + env_set("storage_interface", "mmc");
>>> + env_set("fw_dev_part", part);
>>> + break;
>>> + case BOOT_DEVICE_SPI:
>>> + env_set("storage_interface", "ubi");
>>> + env_set("fw_ubi_mtdpart", "UBI");
>>> + env_set("fw_ubi_volume", "UBI0");
>>> + break;
>>> + default:
>>> + printf("%s from device %u not supported!\n",
>>> + __func__, spl_boot_device());
>>
>>
>> This will print for almost every boot mode..
>
> I can keep this under debug.
>
>>
>>
>>> + return;
>>> + }
>>> +#endif
>>> +}
>>> +
>>> +#ifdef CONFIG_FS_LOADER
>>> +int load_firmware(char *name_fw, char *name_loadaddr, u32 *loadaddr)
>>> +{
>>> + struct udevice *fsdev;
>>> + char *name = NULL;
>>> + int size = 0;
>>> +
>>> + *loadaddr = 0;
>>> +#ifdef CONFIG_SPL_ENV_SUPPORT
>>> + switch (spl_boot_device()) {
>>> + case BOOT_DEVICE_MMC2:
>>> + name = env_get(name_fw);
>>> + *loadaddr = env_get_hex(name_loadaddr, *loadaddr);
>>> + break;
>>> + default:
>>> + printf("Loading rproc fw image from device %u not
>>> supported!\n",
>>> + spl_boot_device());
>>
>>
>> This whole thing seems very MMC specific, if early firmware loading is
>> important it should work for all boot modes. Find a way to include it in
>> the next boot stage FIT image (tispl.bin) so it works for all modes.
>
> That was not NAKd. We are going with fs_loader approach.
>
When, where, link?
>>
>>
>>> + return 0;
>>> + }
>>> +#endif
>>> + if (!*loadaddr)
>>> + return 0;
>>> +
>>> + if (!uclass_get_device(UCLASS_FS_FIRMWARE_LOADER, 0, )) {
>>> + size = request_firmware_into_buf(fsdev, name, (void
>>> *)*loadaddr,
>>> + 0, 0);
>>> + }
>>> +
>>> + return size;
>>> +}
>>> +#else
>>> +int load_firmware(char *name_fw, char *name_loadaddr, u32 *loadaddr)
>>> +{
>>> + return 0;
>>> +}
>>> +#endif
>>> +
>>> +__weak void start_non_linux_remote_cores(void)
>>> +{
>>> +}
>>> +
>>> void __noreturn jump_to_image_no_args(struct spl_image_info
>>> *spl_image)
>>> {
>>> struct ti_sci_handle *ti_sci = get_ti_sci_handle();
>>> @@ -65,15 +137,17 @@ void _
Re: [PATCH v3 10/10] env: nowhere: set default enviroment
On 1/21/20 6:07 AM, Keerthy wrote:
> set default enviroment so that set_env calls succeed
> when ENV_IS_NOWHERE is alone set.
>
Capitalize first letter of a sentence.
Also no need to line wrap at 50 chars..
For last line:
"when only ENV_IS_NOWHERE is set."
reads better.
Andrew
> Signed-off-by: Keerthy
> ---
> env/nowhere.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/env/nowhere.c b/env/nowhere.c
> index f5b0a17652..70c3b3e011 100644
> --- a/env/nowhere.c
> +++ b/env/nowhere.c
> @@ -23,6 +23,7 @@ static int env_nowhere_init(void)
> {
> gd->env_addr= (ulong)_environment[0];
> gd->env_valid = ENV_INVALID;
> + env_set_default(NULL, 0);
>
> return 0;
> }
>
Re: [PATCH v3 08/10] configs: j721e_evm_r5: Enable R5F remoteproc support
On 1/21/20 6:07 AM, Keerthy wrote: > Enable r5f remoteproc support in r5 defconfig so that r5s can > be started in spl. > s/r5f/R5F s/r5/R5 s/spl/SPL > Signed-off-by: Keerthy > Signed-off-by: Lokesh Vutla > --- > configs/j721e_evm_r5_defconfig | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/configs/j721e_evm_r5_defconfig b/configs/j721e_evm_r5_defconfig > index cb6c74d7bf..0925690e10 100644 > --- a/configs/j721e_evm_r5_defconfig > +++ b/configs/j721e_evm_r5_defconfig > @@ -25,6 +25,7 @@ CONFIG_SPL_STACK_R=y > CONFIG_SPL_SEPARATE_BSS=y > CONFIG_SPL_EARLY_BSS=y > CONFIG_SPL_ENV_SUPPORT=y > +CONFIG_SPL_FS_EXT4=y ? Not in commit message. Andrew > CONFIG_SPL_I2C_SUPPORT=y > CONFIG_SPL_DM_MAILBOX=y > CONFIG_SPL_DM_RESET=y > @@ -92,6 +93,7 @@ CONFIG_SPL_DM_REGULATOR=y > CONFIG_DM_REGULATOR_TPS65941=y > CONFIG_K3_SYSTEM_CONTROLLER=y > CONFIG_REMOTEPROC_TI_K3_ARM64=y > +CONFIG_REMOTEPROC_TI_K3_R5F=y > CONFIG_DM_RESET=y > CONFIG_RESET_TI_SCI=y > CONFIG_DM_SERIAL=y >
Re: [PATCH v3 07/10] include: configs: j721e_evm: Add env variables for mcu_r5fss0_core0 & main_r5fss0_core0
On 1/21/20 6:07 AM, Keerthy wrote:
> Add env variables for mcu_r5fss0_core0 & main_r5fss0_core0 firmware
> loadaddr and name.
>
> Signed-off-by: Keerthy
> ---
> include/configs/j721e_evm.h | 4
> 1 file changed, 4 insertions(+)
>
> diff --git a/include/configs/j721e_evm.h b/include/configs/j721e_evm.h
> index eaed520e6b..265239e32a 100644
> --- a/include/configs/j721e_evm.h
> +++ b/include/configs/j721e_evm.h
> @@ -84,6 +84,10 @@
> "mmcdev=1\0"\
> "bootpart=1:2\0"\
> "bootdir=/boot\0" \
> + "mainr5f0_0loadaddr=8800\0" \
> + "mainr5f0_0fwname=/lib/firmware/j7-main-r5f0_0-fw\0"\
> + "mcur5f0_0loadaddr=8900\0" \
> + "mcur5f0_0fwname=/lib/firmware/j7-mcu-r5f0_0-fw\0" \
New convention for env vars I'm pushing is: names start with "name_" and
addresses start with "addr_". Makes for easier sorting and for figuring
out what each of the large list of env vars does at a glance.
Andrew
> "rd_spec=-\0" \
> "init_mmc=run args_all args_mmc\0" \
> "get_fdt_mmc=load mmc ${bootpart} ${fdtaddr} ${bootdir}/${name_fdt}\0" \
>
Re: [PATCH v3 02/10] arm: k3: Add support for loading non linux remote cores
On 1/21/20 6:07 AM, Keerthy wrote:
> Add MAIN domain R5FSS0 remoteproc support from spl. This enables
> loading the elf firmware in SPL and starting the remotecore.
>
> In order to start the core, there should be a file with path
> "/lib/firmware/j7-main-r5f0_0-fw" under filesystem
> of respective boot mode.
>
> Signed-off-by: Keerthy
> Signed-off-by: Lokesh Vutla
> [Guard start_non_linux_remote_cores under CONFIG_FS_LOADER]
> Signed-off-by: Andreas Dannenberg
> ---
> arch/arm/mach-k3/common.c | 84 ---
> arch/arm/mach-k3/common.h | 2 +
> arch/arm/mach-k3/j721e_init.c | 34 ++
> 3 files changed, 115 insertions(+), 5 deletions(-)
>
> diff --git a/arch/arm/mach-k3/common.c b/arch/arm/mach-k3/common.c
> index 8d1529062d..f0ac0c39f1 100644
> --- a/arch/arm/mach-k3/common.c
> +++ b/arch/arm/mach-k3/common.c
> @@ -16,6 +16,10 @@
> #include
> #include
> #include
> +#include
> +#include
> +#include
> +#include
>
> struct ti_sci_handle *get_ti_sci_handle(void)
> {
> @@ -57,6 +61,74 @@ int early_console_init(void)
> #endif
>
> #ifdef CONFIG_SYS_K3_SPL_ATF
> +
> +void init_env(void)
> +{
> +#ifdef CONFIG_SPL_ENV_SUPPORT
> + char *part;
> +
> + env_init();
> + env_load();
> + switch (spl_boot_device()) {
> + case BOOT_DEVICE_MMC2:
> + part = env_get("bootpart");
> + env_set("storage_interface", "mmc");
> + env_set("fw_dev_part", part);
> + break;
> + case BOOT_DEVICE_SPI:
> + env_set("storage_interface", "ubi");
> + env_set("fw_ubi_mtdpart", "UBI");
> + env_set("fw_ubi_volume", "UBI0");
> + break;
> + default:
> + printf("%s from device %u not supported!\n",
> +__func__, spl_boot_device());
This will print for almost every boot mode..
> + return;
> + }
> +#endif
> +}
> +
> +#ifdef CONFIG_FS_LOADER
> +int load_firmware(char *name_fw, char *name_loadaddr, u32 *loadaddr)
> +{
> + struct udevice *fsdev;
> + char *name = NULL;
> + int size = 0;
> +
> + *loadaddr = 0;
> +#ifdef CONFIG_SPL_ENV_SUPPORT
> + switch (spl_boot_device()) {
> + case BOOT_DEVICE_MMC2:
> + name = env_get(name_fw);
> + *loadaddr = env_get_hex(name_loadaddr, *loadaddr);
> + break;
> + default:
> + printf("Loading rproc fw image from device %u not supported!\n",
> +spl_boot_device());
This whole thing seems very MMC specific, if early firmware loading is
important it should work for all boot modes. Find a way to include it in
the next boot stage FIT image (tispl.bin) so it works for all modes.
> + return 0;
> + }
> +#endif
> + if (!*loadaddr)
> + return 0;
> +
> + if (!uclass_get_device(UCLASS_FS_FIRMWARE_LOADER, 0, )) {
> + size = request_firmware_into_buf(fsdev, name, (void *)*loadaddr,
> + 0, 0);
> + }
> +
> + return size;
> +}
> +#else
> +int load_firmware(char *name_fw, char *name_loadaddr, u32 *loadaddr)
> +{
> + return 0;
> +}
> +#endif
> +
> +__weak void start_non_linux_remote_cores(void)
> +{
> +}
> +
> void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image)
> {
> struct ti_sci_handle *ti_sci = get_ti_sci_handle();
> @@ -65,15 +137,17 @@ void __noreturn jump_to_image_no_args(struct
> spl_image_info *spl_image)
> /* Release all the exclusive devices held by SPL before starting ATF */
> ti_sci->ops.dev_ops.release_exclusive_devices(ti_sci);
>
> + ret = rproc_init();
> + if (ret)
> + panic("rproc failed to be initialized (%d)\n", ret);
> +
> + init_env();
> + start_non_linux_remote_cores();
> +
> /*
>* It is assumed that remoteproc device 1 is the corresponding
>* Cortex-A core which runs ATF. Make sure DT reflects the same.
>*/
> - ret = rproc_dev_init(1);
> - if (ret)
> - panic("%s: ATF failed to initialize on rproc (%d)\n", __func__,
> - ret);
> -
Where did this code go?
> ret = rproc_load(1, spl_image->entry_point, 0x200);
> if (ret)
> panic("%s: ATF failed to load on rproc (%d)\n", __func__, ret);
> diff --git a/arch/arm/mach-k3/common.h b/arch/arm/mach-k3/common.h
> index d8b34fe060..42fb8ee6e7 100644
> --- a/arch/arm/mach-k3/common.h
> +++ b/arch/arm/mach-k3/common.h
> @@ -24,3 +24,5 @@ void setup_k3_mpu_regions(void);
> int early_console_init(void);
> void disable_linefill_optimization(void);
> void remove_fwl_configs(struct fwl_data *fwl_data, size_t fwl_data_size);
> +void start_non_linux_remote_cores(void);
> +int load_firmware(char *name_fw, char *name_loadaddr, u32 *loadaddr);
> diff --git a/arch/arm/mach-k3/j721e_init.c b/arch/arm/mach-k3/j721e_init.c
> index f7f7398081..c5f8ede1a0 100644
> ---
Re: [PATCH v3 01/10] lib: elf: Move the generic elf loading/validating functions to lib
On 1/21/20 6:07 AM, Keerthy wrote: > Move the generic elf loading/validating functions to lib/ > so that they can be re-used and accessed by code existing > outside cmd. > > Signed-off-by: Keerthy > Suggested-by: Simon Goldschmidt > Reviewed-by: Simon Goldschmidt > --- > diff --git a/include/elf.h b/include/elf.h > index 81f40191d7..e7c51986df 100644 > --- a/include/elf.h > +++ b/include/elf.h > @@ -692,6 +692,10 @@ unsigned long elf_hash(const unsigned char *name); > > #ifndef __ASSEMBLER__ > int valid_elf_image(unsigned long addr); > +unsigned long load_elf64_image_phdr(unsigned long addr); > +unsigned long load_elf64_image_shdr(unsigned long addr); > +unsigned long load_elf_image_phdr(unsigned long addr); > +unsigned long load_elf_image_shdr(unsigned long addr); > #endif > > #endif /* _ELF_H */ > diff --git a/lib/Kconfig b/lib/Kconfig > index d040a87d26..b155ced4b2 100644 > --- a/lib/Kconfig > +++ b/lib/Kconfig > @@ -601,4 +601,7 @@ config TEST_FDTDEC > config LIB_DATE > bool > > +config ELF LIB_ELF? Andrew
[U-Boot] [PATCH v2 6/6] configs: Add configs for J721e High Security EVM
Add new defconfig files for the J721e High Security EVM.
These defconfigs are the same as for the non-secure part, except for:
CONFIG_TI_SECURE_DEVICE option set to 'y'
CONFIG_FIT_IMAGE_POST_PROCESS option set to 'y'
CONFIG_SPL_FIT_IMAGE_POST_PROCESS option set to 'y'
CONFIG_BOOTCOMMAND uses FIT images for booting
Signed-off-by: Andrew F. Davis
Reviewed-by: Lokesh Vutla
---
configs/j721e_hs_evm_a72_defconfig | 116 +
configs/j721e_hs_evm_r5_defconfig | 105 ++
2 files changed, 221 insertions(+)
create mode 100644 configs/j721e_hs_evm_a72_defconfig
create mode 100644 configs/j721e_hs_evm_r5_defconfig
diff --git a/configs/j721e_hs_evm_a72_defconfig
b/configs/j721e_hs_evm_a72_defconfig
new file mode 100644
index 00..23405c2cdd
--- /dev/null
+++ b/configs/j721e_hs_evm_a72_defconfig
@@ -0,0 +1,116 @@
+CONFIG_ARM=y
+CONFIG_ARCH_K3=y
+CONFIG_TI_SECURE_DEVICE=y
+CONFIG_SPL_LIBCOMMON_SUPPORT=y
+CONFIG_SPL_LIBGENERIC_SUPPORT=y
+CONFIG_SYS_MALLOC_F_LEN=0x8000
+CONFIG_SOC_K3_J721E=y
+CONFIG_TARGET_J721E_A72_EVM=y
+CONFIG_SPL_MMC_SUPPORT=y
+CONFIG_SPL_SERIAL_SUPPORT=y
+CONFIG_SPL_DRIVERS_MISC_SUPPORT=y
+CONFIG_ENV_SIZE=0x2
+CONFIG_SPL_STACK_R_ADDR=0x8200
+CONFIG_NR_DRAM_BANKS=2
+CONFIG_SPL_FS_FAT=y
+CONFIG_SPL_LIBDISK_SUPPORT=y
+CONFIG_SPL_SPI_FLASH_SUPPORT=y
+CONFIG_SPL_SPI_SUPPORT=y
+# CONFIG_PSCI_RESET is not set
+CONFIG_SPL_TEXT_BASE=0x8008
+CONFIG_DISTRO_DEFAULTS=y
+# CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set
+CONFIG_FIT_IMAGE_POST_PROCESS=y
+CONFIG_SPL_LOAD_FIT=y
+CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y
+CONFIG_BOOTCOMMAND="run findfdt; run envboot; run init_${boot}; run
boot_rprocs; run get_fit_${boot}; run get_overlaystring; run run_fit"
+CONFIG_SPL_SYS_MALLOC_SIMPLE=y
+CONFIG_SPL_STACK_R=y
+CONFIG_SPL_SEPARATE_BSS=y
+CONFIG_SPL_I2C_SUPPORT=y
+CONFIG_SPL_DM_MAILBOX=y
+CONFIG_SPL_DM_RESET=y
+CONFIG_SPL_POWER_SUPPORT=y
+CONFIG_SPL_POWER_DOMAIN=y
+CONFIG_SPL_SPI_LOAD=y
+CONFIG_SYS_SPI_U_BOOT_OFFS=0x28
+CONFIG_SPL_YMODEM_SUPPORT=y
+CONFIG_CMD_ASKENV=y
+# CONFIG_CMD_FLASH is not set
+CONFIG_CMD_MMC=y
+CONFIG_CMD_MTD=y
+CONFIG_CMD_REMOTEPROC=y
+CONFIG_CMD_UFS=y
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_TIME=y
+CONFIG_CMD_EXT4_WRITE=y
+CONFIG_MTDIDS_DEFAULT="nor0=4704.spi.0,nor0=47034000.hyperbus"
+CONFIG_MTDPARTS_DEFAULT="mtdparts=47034000.hyperbus:512k(hbmc.tiboot3),2m(hbmc.tispl),4m(hbmc.u-boot),256k(hbmc.env),1m(hbmc.sysfw),-@8m(hbmc.rootfs)"
+# CONFIG_ISO_PARTITION is not set
+# CONFIG_SPL_EFI_PARTITION is not set
+CONFIG_OF_CONTROL=y
+CONFIG_SPL_OF_CONTROL=y
+CONFIG_DEFAULT_DEVICE_TREE="k3-j721e-common-proc-board"
+CONFIG_SPL_MULTI_DTB_FIT=y
+CONFIG_SPL_MULTI_DTB_FIT_NO_COMPRESSION=y
+CONFIG_SYS_RELOC_GD_ENV_ADDR=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_DM=y
+CONFIG_SPL_DM=y
+CONFIG_SPL_DM_SEQ_ALIAS=y
+CONFIG_REGMAP=y
+CONFIG_SPL_REGMAP=y
+CONFIG_SYSCON=y
+CONFIG_SPL_OF_TRANSLATE=y
+CONFIG_CLK=y
+CONFIG_SPL_CLK=y
+CONFIG_CLK_TI_SCI=y
+CONFIG_DMA_CHANNELS=y
+CONFIG_TI_K3_NAVSS_UDMA=y
+CONFIG_TI_SCI_PROTOCOL=y
+CONFIG_DM_MAILBOX=y
+CONFIG_K3_SEC_PROXY=y
+CONFIG_MISC=y
+CONFIG_DM_MMC=y
+CONFIG_MMC_SDHCI=y
+CONFIG_MMC_SDHCI_AM654=y
+CONFIG_MTD=y
+CONFIG_DM_MTD=y
+CONFIG_MTD_NOR_FLASH=y
+CONFIG_FLASH_CFI_DRIVER=y
+CONFIG_CFI_FLASH=y
+CONFIG_SYS_FLASH_USE_BUFFER_WRITE=y
+CONFIG_FLASH_CFI_MTD=y
+CONFIG_SYS_FLASH_CFI=y
+CONFIG_HBMC_AM654=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_SPI_FLASH_STMICRO=y
+CONFIG_PHY_TI=y
+CONFIG_PHY_FIXED=y
+CONFIG_DM_ETH=y
+CONFIG_TI_AM65_CPSW_NUSS=y
+CONFIG_PINCTRL=y
+# CONFIG_PINCTRL_GENERIC is not set
+CONFIG_SPL_PINCTRL=y
+# CONFIG_SPL_PINCTRL_GENERIC is not set
+CONFIG_PINCTRL_SINGLE=y
+CONFIG_POWER_DOMAIN=y
+CONFIG_TI_SCI_POWER_DOMAIN=y
+CONFIG_REMOTEPROC_TI_K3_DSP=y
+CONFIG_REMOTEPROC_TI_K3_R5F=y
+CONFIG_DM_RESET=y
+CONFIG_RESET_TI_SCI=y
+CONFIG_SCSI=y
+CONFIG_DM_SCSI=y
+CONFIG_DM_SERIAL=y
+CONFIG_SOC_TI=y
+CONFIG_SPI=y
+CONFIG_DM_SPI=y
+CONFIG_CADENCE_QSPI=y
+CONFIG_SYSRESET=y
+CONFIG_SPL_SYSRESET=y
+CONFIG_SYSRESET_TI_SCI=y
+CONFIG_UFS=y
+CONFIG_CADENCE_UFS=y
+CONFIG_TI_J721E_UFS=y
+CONFIG_OF_LIBFDT_OVERLAY=y
diff --git a/configs/j721e_hs_evm_r5_defconfig
b/configs/j721e_hs_evm_r5_defconfig
new file mode 100644
index 00..dc46d94a42
--- /dev/null
+++ b/configs/j721e_hs_evm_r5_defconfig
@@ -0,0 +1,105 @@
+CONFIG_ARM=y
+CONFIG_ARCH_K3=y
+CONFIG_TI_SECURE_DEVICE=y
+CONFIG_SPL_GPIO_SUPPORT=y
+CONFIG_SPL_LIBCOMMON_SUPPORT=y
+CONFIG_SPL_LIBGENERIC_SUPPORT=y
+CONFIG_SYS_MALLOC_F_LEN=0x55000
+CONFIG_SOC_K3_J721E=y
+CONFIG_TARGET_J721E_R5_EVM=y
+CONFIG_SPL_MMC_SUPPORT=y
+CONFIG_SPL_SERIAL_SUPPORT=y
+CONFIG_SPL_DRIVERS_MISC_SUPPORT=y
+CONFIG_ENV_SIZE=0x2
+CONFIG_SPL_STACK_R_ADDR=0x8200
+CONFIG_SPL_FS_FAT=y
+CONFIG_SPL_LIBDISK_SUPPORT=y
+CONFIG_SPL_SPI_FLASH_SUPPORT=y
+CONFIG_SPL_SPI_SUPPORT=y
+CONFIG_SPL_TEXT_BASE=0x41c0
+# CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set
+CONFIG_SPL_LOAD_FIT=y
+CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y
+CONFIG_USE
[U-Boot] [PATCH v2 5/6] arm: K3: Increase default SYSFW image size allocation
The memory allocated to store the FIT image containing SYSFW and board configuration data is statically defined to the largest size expected. This was 276000 bytes but now needs to be grown to 277000 to make room for the slightly larger SYSFW image used on J721e High-Security devices. Signed-off-by: Andrew F. Davis Reviewed-by: Lokesh Vutla --- arch/arm/mach-k3/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/mach-k3/Kconfig b/arch/arm/mach-k3/Kconfig index 5583241943..2e111bbf27 100644 --- a/arch/arm/mach-k3/Kconfig +++ b/arch/arm/mach-k3/Kconfig @@ -119,7 +119,7 @@ config K3_SYSFW_IMAGE_MMCSD_RAW_MODE_PART config K3_SYSFW_IMAGE_SIZE_MAX int "Amount of memory dynamically allocated for loading SYSFW blob" depends on K3_LOAD_SYSFW - default 276000 + default 277000 help Amount of memory (in bytes) reserved through dynamic allocation at runtime for loading the combined System Firmware and configuration image -- 2.17.1
[U-Boot] [PATCH v2 4/6] arm: K3: Disable ROM configured firewalls
ROM configures certain firewalls based on its usage, which includes
the one in front of boot peripherals. In specific case of boot
peripherals, ROM does not open up the full address space corresponding
to the peripherals. Like in OSPI, ROM only configures the firewall region
for 32 bit address space and mark 64bit address space flash regions
as in-accessible.
When security-cfg is initialized by sysfw, all the non-configured
firewalls are kept in bypass state using a global setting. Since ROM
configured firewalls for certain peripherals, these will not be touched.
So when bootloader touches any of the address space that ROM marked as
in-accessible, system raises a firewall exception causing boot hang.
It would have been ideal if sysfw cleans up the ROM configured boot
peripheral firewalls. Given the memory overhead to store this
information provided by ROM and the boot time increase in re configuring
the firewalls, it is concluded to clean this up in bootloaders.
So disable all the firewalls that ROM doesn't open up the full address
space.
Signed-off-by: Andrew F. Davis
Signed-off-by: Venkateswara Rao Mandela
Signed-off-by: Lokesh Vutla
---
arch/arm/mach-k3/am6_init.c | 26 ++
arch/arm/mach-k3/common.c | 30
arch/arm/mach-k3/common.h | 7 +
arch/arm/mach-k3/j721e_init.c | 52 +++
4 files changed, 115 insertions(+)
diff --git a/arch/arm/mach-k3/am6_init.c b/arch/arm/mach-k3/am6_init.c
index c5da965bd8..8d107b870b 100644
--- a/arch/arm/mach-k3/am6_init.c
+++ b/arch/arm/mach-k3/am6_init.c
@@ -19,6 +19,26 @@
#include
#ifdef CONFIG_SPL_BUILD
+#ifdef CONFIG_K3_LOAD_SYSFW
+#ifdef CONFIG_TI_SECURE_DEVICE
+struct fwl_data main_cbass_fwls[] = {
+ { "MMCSD1_CFG", 2057, 1 },
+ { "MMCSD0_CFG", 2058, 1 },
+ { "USB3SS0_SLV0", 2176, 2 },
+ { "PCIE0_SLV", 2336, 8 },
+ { "PCIE1_SLV", 2337, 8 },
+ { "PCIE0_CFG", 2688, 1 },
+ { "PCIE1_CFG", 2689, 1 },
+}, mcu_cbass_fwls[] = {
+ { "MCU_ARMSS0_CORE0_SLV", 1024, 1 },
+ { "MCU_ARMSS0_CORE1_SLV", 1028, 1 },
+ { "MCU_FSS0_S1", 1033, 8 },
+ { "MCU_FSS0_S0", 1036, 8 },
+ { "MCU_CPSW0", 1220, 1 },
+};
+#endif
+#endif
+
static void mmr_unlock(u32 base, u32 partition)
{
/* Translate the base address */
@@ -109,6 +129,12 @@ void board_init_f(ulong dummy)
* output.
*/
k3_sysfw_loader(preloader_console_init);
+
+ /* Disable ROM configured firewalls right after loading sysfw */
+#ifdef CONFIG_TI_SECURE_DEVICE
+ remove_fwl_configs(main_cbass_fwls, ARRAY_SIZE(main_cbass_fwls));
+ remove_fwl_configs(mcu_cbass_fwls, ARRAY_SIZE(mcu_cbass_fwls));
+#endif
#else
/* Prepare console output */
preloader_console_init();
diff --git a/arch/arm/mach-k3/common.c b/arch/arm/mach-k3/common.c
index 50f5b81dfe..3c1887c0bf 100644
--- a/arch/arm/mach-k3/common.c
+++ b/arch/arm/mach-k3/common.c
@@ -269,3 +269,33 @@ void disable_linefill_optimization(void)
asm("mcr p15, 0, %0, c1, c0, 1" : : "r" (actlr));
}
#endif
+
+void remove_fwl_configs(struct fwl_data *fwl_data, size_t fwl_data_size)
+{
+ struct ti_sci_msg_fwl_region region;
+ struct ti_sci_fwl_ops *fwl_ops;
+ struct ti_sci_handle *ti_sci;
+ size_t i, j;
+
+ ti_sci = get_ti_sci_handle();
+ fwl_ops = _sci->ops.fwl_ops;
+ for (i = 0; i < fwl_data_size; i++) {
+ for (j = 0; j < fwl_data[i].regions; j++) {
+ region.fwl_id = fwl_data[i].fwl_id;
+ region.region = j;
+ region.n_permission_regs = 3;
+
+ fwl_ops->get_fwl_region(ti_sci, );
+
+ if (region.control != 0) {
+ pr_debug("Attempting to disable firewall %5d
(%25s)\n",
+region.fwl_id, fwl_data[i].name);
+ region.control = 0;
+
+ if (fwl_ops->set_fwl_region(ti_sci, ))
+ pr_err("Could not disable firewall %5d
(%25s)\n",
+ region.fwl_id, fwl_data[i].name);
+ }
+ }
+ }
+}
diff --git a/arch/arm/mach-k3/common.h b/arch/arm/mach-k3/common.h
index 35d1609cdc..d8b34fe060 100644
--- a/arch/arm/mach-k3/common.h
+++ b/arch/arm/mach-k3/common.h
@@ -14,6 +14,13 @@
#define REV_PG1_0 0
#define REV_PG2_0 1
+struct fwl_data {
+ const char *name;
+ u16 fwl_id;
+ u16 regions;
+};
+
void setup_k3_mpu_regions(void);
int early_console_init(void);
void disable_linefill_optimization(void);
+void remove_fwl_configs(struct fwl_data *fwl_data, size_t fwl_data_s
[U-Boot] [PATCH v2 3/6] arm: K3: Fix header comment match AM6 specific file function
This file used to be the common location for K3 init when AM6 was the only device, but common code was moved to common.c and this file became AM6 specific, correct this header text. Signed-off-by: Andrew F. Davis Reviewed-by: Lokesh Vutla --- arch/arm/mach-k3/am6_init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/mach-k3/am6_init.c b/arch/arm/mach-k3/am6_init.c index a78ffbb674..c5da965bd8 100644 --- a/arch/arm/mach-k3/am6_init.c +++ b/arch/arm/mach-k3/am6_init.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0+ /* - * K3: Architecture initialization + * AM6: SoC specific initialization * * Copyright (C) 2017-2018 Texas Instruments Incorporated - http://www.ti.com/ * Lokesh Vutla -- 2.17.1
[U-Boot] [PATCH v2 2/6] configs: ti: Factor out call to 'args_mmc' into MMC common environment
Both 'loadfit' and 'mmcloados' start with a call to 'args_mmc' so this
can be factored out to before eithers only call site. This also allows us
to remove that call from 'loadfit', which should not have been calling it
anyway as that command should not be MMC specific. Without the call to
'args_mmc' the command 'loadfit' becomes just a call to 'run_fit' so
remove the indirection and call 'run_fit' directly, this removes the need
for 'loadfit' command (which was misnamed anyway). Drop it.
Signed-off-by: Andrew F. Davis
Reviewed-by: Lokesh Vutla
---
include/configs/ti_armv7_common.h | 1 -
include/environment/ti/mmc.h | 5 +++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/include/configs/ti_armv7_common.h
b/include/configs/ti_armv7_common.h
index adc7861539..a1a053e675 100644
--- a/include/configs/ti_armv7_common.h
+++ b/include/configs/ti_armv7_common.h
@@ -61,7 +61,6 @@
"setenv overlaystring ${overlaystring}'#'${overlay};" \
"done;\0" \
"run_fit=bootm ${addr_fit}#${fdtfile}${overlaystring}\0" \
- "loadfit=run args_mmc; run run_fit;\0" \
/*
* DDR information. If the CONFIG_NR_DRAM_BANKS is not defined,
diff --git a/include/environment/ti/mmc.h b/include/environment/ti/mmc.h
index bb4af0a3d5..1c8e49a8b3 100644
--- a/include/environment/ti/mmc.h
+++ b/include/environment/ti/mmc.h
@@ -41,7 +41,7 @@
"fi;" \
"fi;" \
"fi;\0" \
- "mmcloados=run args_mmc; " \
+ "mmcloados=" \
"if test ${boot_fdt} = yes || test ${boot_fdt} = try; then " \
"if run loadfdt; then " \
"bootz ${loadaddr} - ${fdtaddr}; " \
@@ -61,8 +61,9 @@
"if mmc rescan; then " \
"echo SD/MMC found on device ${mmcdev};" \
"if run loadimage; then " \
+ "run args_mmc; " \
"if test ${boot_fit} -eq 1; then " \
- "run loadfit; " \
+ "run run_fit; " \
"else " \
"run mmcloados;" \
"fi;" \
--
2.17.1
[U-Boot] [PATCH v2 0/6] J721e HS device support
Hello all, This series brings up High-Security (HS) device support on the J721e platform. Support for this K3 HS device is much like the existing AM65x HS and this series leverages much of that support. There are also a couple tangentially related fixups that I noticed while adding this support and testing. Although not strictly needed they do allow J721e HS to just work out-of-box by the time the last patch adds the defconfigs. Thanks, Andrew Changes from v1: - Rebase on master and re-sync defconfigs Andrew F. Davis (6): configs: j721e_evm.h: Sync J721e environment configuration with AM65x configs: ti: Factor out call to 'args_mmc' into MMC common environment arm: K3: Fix header comment match AM6 specific file function arm: K3: Disable ROM configured firewalls arm: K3: Increase default SYSFW image size allocation configs: Add configs for J721e High Security EVM arch/arm/mach-k3/Kconfig | 2 +- arch/arm/mach-k3/am6_init.c| 28 ++- arch/arm/mach-k3/common.c | 30 arch/arm/mach-k3/common.h | 7 ++ arch/arm/mach-k3/j721e_init.c | 52 + configs/j721e_hs_evm_a72_defconfig | 116 + configs/j721e_hs_evm_r5_defconfig | 105 ++ include/configs/j721e_evm.h| 16 +++- include/configs/ti_armv7_common.h | 1 - include/environment/ti/mmc.h | 5 +- 10 files changed, 354 insertions(+), 8 deletions(-) create mode 100644 configs/j721e_hs_evm_a72_defconfig create mode 100644 configs/j721e_hs_evm_r5_defconfig -- 2.17.1
[U-Boot] [PATCH v2 1/6] configs: j721e_evm.h: Sync J721e environment configuration with AM65x
Some of the environment configuration in AM65x is not available in
J721e due to additions on one but not the other. These two platforms
are similar enough these common definitions should be factored out
to a common area, prepare for this by synchronizing them.
Signed-off-by: Andrew F. Davis
Reviewed-by: Lokesh Vutla
---
include/configs/j721e_evm.h | 16 +---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/include/configs/j721e_evm.h b/include/configs/j721e_evm.h
index 84518786c7..17bab4ef3e 100644
--- a/include/configs/j721e_evm.h
+++ b/include/configs/j721e_evm.h
@@ -58,10 +58,16 @@
/* HyperFlash related configuration */
#define CONFIG_SYS_MAX_FLASH_BANKS_DETECT 1
+#define PARTS_DEFAULT \
+ /* Linux partitions */ \
+ "name=rootfs,start=0,size=-,uuid=${uuid_gpt_rootfs}\0"
+
/* U-Boot general configuration */
#define EXTRA_ENV_J721E_BOARD_SETTINGS \
"default_device_tree=" CONFIG_DEFAULT_DEVICE_TREE ".dtb\0" \
- "findfdt=setenv fdtfile ${default_device_tree}\0" \
+ "findfdt=" \
+ "setenv name_fdt ${default_device_tree};" \
+ "setenv fdtfile ${name_fdt}\0" \
"loadaddr=0x8008\0" \
"fdtaddr=0x8200\0" \
"overlayaddr=0x8300\0" \
@@ -78,7 +84,7 @@
"bootdir=/boot\0" \
"rd_spec=-\0" \
"init_mmc=run args_all args_mmc\0" \
- "get_fdt_mmc=load mmc ${bootpart} ${fdtaddr} ${bootdir}/${fdtfile}\0" \
+ "get_fdt_mmc=load mmc ${bootpart} ${fdtaddr} ${bootdir}/${name_fdt}\0" \
"get_overlay_mmc=" \
"fdt address ${fdtaddr};" \
"fdt resize 0x10;" \
@@ -88,7 +94,10 @@
"fdt apply ${overlayaddr};" \
"done;\0" \
"get_kern_mmc=load mmc ${bootpart} ${loadaddr} "\
- "${bootdir}/${name_kern}\0"
+ "${bootdir}/${name_kern}\0" \
+ "get_fit_mmc=load mmc ${bootpart} ${addr_fit} " \
+ "${bootdir}/${name_fit}\0" \
+ "partitions=" PARTS_DEFAULT
#ifdef DEFAULT_RPROCS
#undef DEFAULT_RPROCS
@@ -103,6 +112,7 @@
/* Incorporate settings into the U-Boot environment */
#define CONFIG_EXTRA_ENV_SETTINGS \
DEFAULT_MMC_TI_ARGS \
+ DEFAULT_FIT_TI_ARGS \
EXTRA_ENV_J721E_BOARD_SETTINGS \
EXTRA_ENV_J721E_BOARD_SETTINGS_MMC \
EXTRA_ENV_RPROC_SETTINGS\
--
2.17.1
Re: [U-Boot] [PATCH 0/6] J721e HS device support
On 1/10/20 1:38 PM, Andrew F. Davis wrote: > Hi Tom, > > Looks like -next wasn't used for this, ping on getting this into master now? > Looks like a minor merge conflict now in master for this, I'll post a v2 to help with that. Andrew > Thanks, > Andrew > > On 12/16/19 3:50 PM, Andrew F. Davis wrote: >> Hi Tom, >> >> I see you have a -next again, if you don't want to take this for the >> v2020.01 perhaps this could be a good candidate for the next? >> >> Andrew >> >> On 11/20/19 10:59 PM, Lokesh Vutla wrote: >>> >>> >>> On 20/11/19 11:10 PM, Andrew F. Davis wrote: >>>> Hello all, >>>> >>>> This series brings up High-Security (HS) device support on the J721e >>>> platform. Support for this K3 HS device is much like the existing >>>> AM65x HS and this series leverages much of that support. >>>> >>>> There are also a couple tangentially related fixups that I noticed while >>>> adding this support and testing. Although not strictly needed they >>>> do allow J721e HS to just work out-of-box by the time the last patch >>>> adds the defconfigs. >>> >>> For the entire series: >>> >>> Reviewed-by: Lokesh Vutla >>> >>> Thank and regards, >>> Lokesh >>> >>>> >>>> Thanks, >>>> Andrew >>>> >>>> Andrew F. Davis (6): >>>> configs: j721e_evm.h: Sync J721e environment configuration with AM65x >>>> configs: ti: Factor out call to 'args_mmc' into MMC common environment >>>> arm: K3: Fix header comment match AM6 specific file function >>>> arm: K3: Disable ROM configured firewalls >>>> arm: K3: Increase default SYSFW image size allocation >>>> configs: Add configs for J721e High Security EVM >>>> >>>> arch/arm/mach-k3/Kconfig | 2 +- >>>> arch/arm/mach-k3/am6_init.c| 28 +++- >>>> arch/arm/mach-k3/common.c | 30 >>>> arch/arm/mach-k3/common.h | 7 ++ >>>> arch/arm/mach-k3/j721e_init.c | 52 ++ >>>> configs/j721e_hs_evm_a72_defconfig | 106 + >>>> configs/j721e_hs_evm_r5_defconfig | 102 +++ >>>> include/configs/j721e_evm.h| 16 - >>>> include/configs/ti_armv7_common.h | 1 - >>>> include/environment/ti/mmc.h | 5 +- >>>> 10 files changed, 341 insertions(+), 8 deletions(-) >>>> create mode 100644 configs/j721e_hs_evm_a72_defconfig >>>> create mode 100644 configs/j721e_hs_evm_r5_defconfig >>>>
Re: [U-Boot] [PATCH 0/6] J721e HS device support
Hi Tom, Looks like -next wasn't used for this, ping on getting this into master now? Thanks, Andrew On 12/16/19 3:50 PM, Andrew F. Davis wrote: > Hi Tom, > > I see you have a -next again, if you don't want to take this for the > v2020.01 perhaps this could be a good candidate for the next? > > Andrew > > On 11/20/19 10:59 PM, Lokesh Vutla wrote: >> >> >> On 20/11/19 11:10 PM, Andrew F. Davis wrote: >>> Hello all, >>> >>> This series brings up High-Security (HS) device support on the J721e >>> platform. Support for this K3 HS device is much like the existing >>> AM65x HS and this series leverages much of that support. >>> >>> There are also a couple tangentially related fixups that I noticed while >>> adding this support and testing. Although not strictly needed they >>> do allow J721e HS to just work out-of-box by the time the last patch >>> adds the defconfigs. >> >> For the entire series: >> >> Reviewed-by: Lokesh Vutla >> >> Thank and regards, >> Lokesh >> >>> >>> Thanks, >>> Andrew >>> >>> Andrew F. Davis (6): >>> configs: j721e_evm.h: Sync J721e environment configuration with AM65x >>> configs: ti: Factor out call to 'args_mmc' into MMC common environment >>> arm: K3: Fix header comment match AM6 specific file function >>> arm: K3: Disable ROM configured firewalls >>> arm: K3: Increase default SYSFW image size allocation >>> configs: Add configs for J721e High Security EVM >>> >>> arch/arm/mach-k3/Kconfig | 2 +- >>> arch/arm/mach-k3/am6_init.c| 28 +++- >>> arch/arm/mach-k3/common.c | 30 >>> arch/arm/mach-k3/common.h | 7 ++ >>> arch/arm/mach-k3/j721e_init.c | 52 ++ >>> configs/j721e_hs_evm_a72_defconfig | 106 + >>> configs/j721e_hs_evm_r5_defconfig | 102 +++ >>> include/configs/j721e_evm.h| 16 - >>> include/configs/ti_armv7_common.h | 1 - >>> include/environment/ti/mmc.h | 5 +- >>> 10 files changed, 341 insertions(+), 8 deletions(-) >>> create mode 100644 configs/j721e_hs_evm_a72_defconfig >>> create mode 100644 configs/j721e_hs_evm_r5_defconfig >>>
[U-Boot] [PATCH v2] spl: Move check for SPL_LIBCOMMON support to header
Print statements in SPL depend on lib/common support, due to this many
such print statements are ifdef'd. Instead of checking at each call site
move the check to the common.h header and remove these inline checks.
Signed-off-by: Andrew F. Davis
Reviewed-by: Simon Glass
---
common/common_fit.c | 2 --
common/spl/spl.c | 2 --
common/spl/spl_ext.c | 8
common/spl/spl_fat.c | 6 --
common/spl/spl_mmc.c | 18 --
common/spl/spl_sata.c| 2 --
common/spl/spl_usb.c | 2 --
drivers/mmc/mmc-uclass.c | 2 --
drivers/mmc/mmc.c| 12
drivers/mmc/mmc_legacy.c | 2 --
include/stdio.h | 5 ++---
11 files changed, 2 insertions(+), 59 deletions(-)
diff --git a/common/common_fit.c b/common/common_fit.c
index 41305d8aa6..a8a1fb8e5f 100644
--- a/common/common_fit.c
+++ b/common/common_fit.c
@@ -48,10 +48,8 @@ int fit_find_config_node(const void *fdt)
node = fdt_next_subnode(fdt, node)) {
name = fdt_getprop(fdt, node, "description", );
if (!name) {
-#ifdef CONFIG_SPL_LIBCOMMON_SUPPORT
printf("%s: Missing FDT description in DTB\n",
__func__);
-#endif
return -EINVAL;
}
diff --git a/common/spl/spl.c b/common/spl/spl.c
index c1fce62b91..5b6f33c6b8 100644
--- a/common/spl/spl.c
+++ b/common/spl/spl.c
@@ -577,12 +577,10 @@ static int boot_from_devices(struct spl_image_info
*spl_image,
struct spl_image_loader *loader;
loader = spl_ll_find_loader(spl_boot_list[i]);
-#if defined(CONFIG_SPL_SERIAL_SUPPORT) && defined(CONFIG_SPL_LIBCOMMON_SUPPORT)
if (loader)
printf("Trying to boot from %s\n", loader->name);
else
puts(SPL_TPL_PROMPT "Unsupported Boot Device!\n");
-#endif
if (loader && !spl_load_image(spl_image, loader)) {
spl_image->boot_device = spl_boot_list[i];
return 0;
diff --git a/common/spl/spl_ext.c b/common/spl/spl_ext.c
index 2a6252229c..6d96901365 100644
--- a/common/spl/spl_ext.c
+++ b/common/spl/spl_ext.c
@@ -28,9 +28,7 @@ int spl_load_image_ext(struct spl_image_info *spl_image,
err = ext4fs_mount(0);
if (!err) {
-#ifdef CONFIG_SPL_LIBCOMMON_SUPPORT
printf("%s: ext4fs mount err - %d\n", __func__, err);
-#endif
goto end;
}
@@ -54,11 +52,9 @@ int spl_load_image_ext(struct spl_image_info *spl_image,
err = ext4fs_read((char *)spl_image->load_addr, 0, filelen, );
end:
-#ifdef CONFIG_SPL_LIBCOMMON_SUPPORT
if (err < 0)
printf("%s: error reading image %s, err - %d\n",
__func__, filename, err);
-#endif
return err < 0;
}
@@ -81,9 +77,7 @@ int spl_load_image_ext_os(struct spl_image_info *spl_image,
err = ext4fs_mount(0);
if (!err) {
-#ifdef CONFIG_SPL_LIBCOMMON_SUPPORT
printf("%s: ext4fs mount err - %d\n", __func__, err);
-#endif
return -1;
}
#if defined(CONFIG_SPL_ENV_SUPPORT)
@@ -126,10 +120,8 @@ defaults:
err = ext4fs_read((void *)CONFIG_SYS_SPL_ARGS_ADDR, 0, filelen,
);
if (err < 0) {
-#ifdef CONFIG_SPL_LIBCOMMON_SUPPORT
printf("%s: error reading image %s, err - %d\n",
__func__, CONFIG_SPL_FS_LOAD_ARGS_NAME, err);
-#endif
return -1;
}
diff --git a/common/spl/spl_fat.c b/common/spl/spl_fat.c
index aa371ab52c..bef2b30376 100644
--- a/common/spl/spl_fat.c
+++ b/common/spl/spl_fat.c
@@ -28,9 +28,7 @@ static int spl_register_fat_device(struct blk_desc
*block_dev, int partition)
err = fat_register_device(block_dev, partition);
if (err) {
-#ifdef CONFIG_SPL_LIBCOMMON_SUPPORT
printf("%s: fat register err - %d\n", __func__, err);
-#endif
return err;
}
@@ -102,11 +100,9 @@ int spl_load_image_fat(struct spl_image_info *spl_image,
}
end:
-#ifdef CONFIG_SPL_LIBCOMMON_SUPPORT
if (err <= 0)
printf("%s: error reading image %s, err - %d\n",
__func__, filename, err);
-#endif
return (err <= 0);
}
@@ -152,10 +148,8 @@ defaults:
err = file_fat_read(CONFIG_SPL_FS_LOAD_ARGS_NAME,
(void *)CONFIG_SYS_SPL_ARGS_ADDR, 0);
if (err <= 0) {
-#ifdef CONFIG_SPL_LIBCOMMON_SUPPORT
printf("%s: error reading image %s, err - %d\n",
__func__, CONFIG_SPL_FS_LOAD_ARGS_NAME, err);
-#endif
return -1;
}
diff --git a/common/spl/spl_mmc.c b/common/spl/spl_mmc.c
index 2ede096e61..3c89b2741e 100644
--- a/c
[U-Boot] [PATCH] arm: mach-k3: security: Clean image out of cache before authentication
On K3 systems U-Boot runs on both an R5 and a large ARM cores (usually
A53 or A72). The large ARMs are coherent with the DMA controllers and
the SYSFW that perform authentication. And previously the R5 core did
not enable caches. Now that R5 does enable caching we need to be sure
to clean out any of the image that may still only be in cache before we
read it using external DMA for authentication.
Although not expected to happen, it may be possible that the data was
read back into cache after the flush but before the external operation,
in this case we must invalidate our stale local cached version.
Signed-off-by: Andrew F. Davis
---
arch/arm/mach-k3/security.c | 12
1 file changed, 12 insertions(+)
diff --git a/arch/arm/mach-k3/security.c b/arch/arm/mach-k3/security.c
index 4e011ee10e..83b037f189 100644
--- a/arch/arm/mach-k3/security.c
+++ b/arch/arm/mach-k3/security.c
@@ -7,6 +7,7 @@
*/
#include
+#include
#include
#include
#include
@@ -22,8 +23,14 @@ void board_fit_image_post_process(void **p_image, size_t
*p_size)
int ret;
image_addr = (uintptr_t)*p_image;
+ image_size = *p_size;
debug("Authenticating image at address 0x%016llx\n", image_addr);
+ debug("Authenticating image of size %d bytes\n", image_size);
+
+ flush_dcache_range((unsigned long)image_addr,
+ ALIGN((unsigned long)image_addr + image_size,
+ARCH_DMA_MINALIGN));
/* Authenticate image */
ret = proc_ops->proc_auth_boot_image(ti_sci, _addr, _size);
@@ -32,6 +39,11 @@ void board_fit_image_post_process(void **p_image, size_t
*p_size)
hang();
}
+ if (image_size)
+ invalidate_dcache_range((unsigned long)image_addr,
+ ALIGN((unsigned long)image_addr +
+ image_size, ARCH_DMA_MINALIGN));
+
/*
* The image_size returned may be 0 when the authentication process has
* moved the image. When this happens no further processing on the
--
2.17.1
[U-Boot] [PATCH] arm: mach-k3: Warn when node to disable is not found
Not finding a node that we try to disable does not always need to be
fatal to boot but should at least print out a warning. Return error
from fdt_disable_node as it did fail to disable the node, but only
warn in the case of disabling the TRNG as this will not prevent boot.
Signed-off-by: Andrew F. Davis
---
arch/arm/mach-k3/common.c | 4 ++--
board/ti/am65x/evm.c | 4 +---
2 files changed, 3 insertions(+), 5 deletions(-)
diff --git a/arch/arm/mach-k3/common.c b/arch/arm/mach-k3/common.c
index 50f5b81dfe..e8b7d70e75 100644
--- a/arch/arm/mach-k3/common.c
+++ b/arch/arm/mach-k3/common.c
@@ -174,8 +174,8 @@ int fdt_disable_node(void *blob, char *node_path)
offs = fdt_path_offset(blob, node_path);
if (offs < 0) {
- debug("Node %s not found.\n", node_path);
- return 0;
+ printf("Node %s not found.\n", node_path);
+ return offs;
}
ret = fdt_setprop_string(blob, offs, "status", "disabled");
if (ret < 0) {
diff --git a/board/ti/am65x/evm.c b/board/ti/am65x/evm.c
index 4d86757c39..a610879424 100644
--- a/board/ti/am65x/evm.c
+++ b/board/ti/am65x/evm.c
@@ -105,10 +105,8 @@ int ft_board_setup(void *blob, bd_t *bd)
#if defined(CONFIG_TI_SECURE_DEVICE)
/* Make HW RNG reserved for secure world use */
ret = fdt_disable_node(blob, "/interconnect@10/trng@4e1");
- if (ret) {
+ if (ret)
printf("%s: disabling TRGN failed %d\n", __func__, ret);
- return ret;
- }
#endif
return 0;
--
2.17.1
[U-Boot] [PATCH] defconfigs: Add a config for AM43xx High Security EVM with QSPI Boot support
On AM43xx HS devices, QSPI boot is XIP and we use a single stage bootloader. Add a defconfig for this. Signed-off-by: Andrew F. Davis --- MAINTAINERS | 1 + configs/am43xx_hs_evm_qspi_defconfig | 65 2 files changed, 66 insertions(+) create mode 100644 configs/am43xx_hs_evm_qspi_defconfig diff --git a/MAINTAINERS b/MAINTAINERS index 438fb225ab..1a9226d9b5 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -838,6 +838,7 @@ F: arch/arm/mach-k3/config_secure.mk F: configs/am335x_hs_evm_defconfig F: configs/am335x_hs_evm_uart_defconfig F: configs/am43xx_hs_evm_defconfig +F: configs/am43xx_hs_evm_qspi_defconfig F: configs/am57xx_hs_evm_defconfig F: configs/am57xx_hs_evm_usb_defconfig F: configs/dra7xx_hs_evm_defconfig diff --git a/configs/am43xx_hs_evm_qspi_defconfig b/configs/am43xx_hs_evm_qspi_defconfig new file mode 100644 index 00..5960950142 --- /dev/null +++ b/configs/am43xx_hs_evm_qspi_defconfig @@ -0,0 +1,65 @@ +CONFIG_ARM=y +CONFIG_ARCH_CPU_INIT=y +# CONFIG_SYS_THUMB_BUILD is not set +CONFIG_ARCH_OMAP2PLUS=y +CONFIG_TI_SECURE_DEVICE=y +CONFIG_ISW_ENTRY_ADDR=0x300018e0 +CONFIG_TI_COMMON_CMD_OPTIONS=y +CONFIG_SYS_MALLOC_F_LEN=0x2000 +CONFIG_ENV_SIZE=0x1 +CONFIG_DM_GPIO=y +CONFIG_AM43XX=y +CONFIG_TI_SECURE_EMIF_REGION_START=0xbdb0 +CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE=0x0200 +CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE=0x01c0 +CONFIG_DISTRO_DEFAULTS=y +CONFIG_FIT_IMAGE_POST_PROCESS=y +CONFIG_OF_BOARD_SETUP=y +CONFIG_SYS_EXTRA_OPTIONS="CONS_INDEX=1,SERIAL1,QSPI" +CONFIG_QSPI_BOOT=y +# CONFIG_USE_BOOTCOMMAND is not set +CONFIG_SYS_CONSOLE_INFO_QUIET=y +# CONFIG_MISC_INIT_R is not set +CONFIG_VERSION_VARIABLE=y +CONFIG_BOARD_EARLY_INIT_F=y +# CONFIG_CMD_FLASH is not set +CONFIG_CMD_NAND=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_MTDPARTS=y +CONFIG_OF_CONTROL=y +CONFIG_DEFAULT_DEVICE_TREE="am43x-epos-evm" +CONFIG_ENV_IS_IN_SPI_FLASH=y +CONFIG_SYS_RELOC_GD_ENV_ADDR=y +CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG=y +CONFIG_DM=y +CONFIG_DFU_MMC=y +CONFIG_DFU_RAM=y +CONFIG_DFU_SF=y +CONFIG_DM_MMC=y +CONFIG_MMC_OMAP_HS=y +CONFIG_SPI_FLASH=y +CONFIG_MTD=y +CONFIG_MTD_RAW_NAND=y +CONFIG_SF_DEFAULT_SPEED=4800 +CONFIG_SPI_FLASH_MACRONIX=y +CONFIG_PHY_GIGE=y +CONFIG_MII=y +CONFIG_DRIVER_TI_CPSW=y +CONFIG_DM_SERIAL=y +CONFIG_SPI=y +CONFIG_TI_QSPI=y +CONFIG_TIMER=y +CONFIG_OMAP_TIMER=y +CONFIG_USB=y +CONFIG_DM_USB=y +CONFIG_USB_XHCI_HCD=y +CONFIG_USB_XHCI_DWC3=y +CONFIG_USB_DWC3=y +CONFIG_USB_DWC3_OMAP=y +CONFIG_USB_DWC3_PHY_OMAP=y +CONFIG_OMAP_USB_PHY=y +CONFIG_USB_GADGET=y +CONFIG_USB_GADGET_MANUFACTURER="Texas Instruments" +CONFIG_USB_GADGET_VENDOR_NUM=0x0403 +CONFIG_USB_GADGET_PRODUCT_NUM=0xbd00 +CONFIG_USB_GADGET_DOWNLOAD=y -- 2.17.1
[U-Boot] [PATCH] defconfigs: am43xx_hs_evm: Sync HS and non-HS defconfigs
Sync new additions to non-HS defconfig with HS defconfig. Signed-off-by: Andrew F. Davis --- configs/am43xx_hs_evm_defconfig | 15 +++ 1 file changed, 15 insertions(+) diff --git a/configs/am43xx_hs_evm_defconfig b/configs/am43xx_hs_evm_defconfig index d399ab7ed3..0255bcd994 100644 --- a/configs/am43xx_hs_evm_defconfig +++ b/configs/am43xx_hs_evm_defconfig @@ -9,6 +9,7 @@ CONFIG_AM43XX=y CONFIG_TI_SECURE_EMIF_REGION_START=0xbdb0 CONFIG_TI_SECURE_EMIF_TOTAL_REGION_SIZE=0x0200 CONFIG_TI_SECURE_EMIF_PROTECTED_REGION_SIZE=0x01c0 +CONFIG_SPL_DRIVERS_MISC_SUPPORT=y CONFIG_ENV_SIZE=0x1 CONFIG_SPL=y CONFIG_SPL_TEXT_BASE=0x403018E0 @@ -41,10 +42,17 @@ CONFIG_OF_LIST="am437x-gp-evm am437x-sk-evm am43x-epos-evm am437x-idk-evm" CONFIG_SYS_RELOC_GD_ENV_ADDR=y CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG=y CONFIG_DM=y +CONFIG_REGMAP=y +CONFIG_SPL_REGMAP=y +CONFIG_SYSCON=y +CONFIG_SPL_SYSCON=y +CONFIG_CLK=y +CONFIG_CLK_CDCE9XX=y CONFIG_DFU_MMC=y CONFIG_DFU_RAM=y CONFIG_DFU_SF=y CONFIG_DM_GPIO=y +CONFIG_MISC=y CONFIG_DM_MMC=y CONFIG_MMC_OMAP_HS=y CONFIG_MTD=y @@ -54,6 +62,9 @@ CONFIG_SPI_FLASH_MACRONIX=y CONFIG_PHY_GIGE=y CONFIG_MII=y CONFIG_DRIVER_TI_CPSW=y +CONFIG_PHY=y +CONFIG_SPL_PHY=y +CONFIG_OMAP_USB2_PHY=y CONFIG_DM_SERIAL=y CONFIG_SPI=y CONFIG_TI_QSPI=y @@ -61,10 +72,13 @@ CONFIG_TIMER=y CONFIG_OMAP_TIMER=y CONFIG_USB=y CONFIG_DM_USB=y +CONFIG_DM_USB_GADGET=y +CONFIG_SPL_DM_USB_GADGET=y CONFIG_USB_XHCI_HCD=y CONFIG_USB_XHCI_DWC3=y CONFIG_USB_DWC3=y CONFIG_USB_DWC3_OMAP=y +CONFIG_USB_DWC3_GENERIC=y CONFIG_USB_DWC3_PHY_OMAP=y CONFIG_OMAP_USB_PHY=y CONFIG_USB_GADGET=y @@ -72,3 +86,4 @@ CONFIG_USB_GADGET_MANUFACTURER="Texas Instruments" CONFIG_USB_GADGET_VENDOR_NUM=0x0403 CONFIG_USB_GADGET_PRODUCT_NUM=0xbd00 CONFIG_USB_GADGET_DOWNLOAD=y +CONFIG_USB_ETHER=y -- 2.17.1
[U-Boot] [PATCH] defconfigs: am335x_hs_evm: Sync HS and non-HS defconfigs
Sync new additions to non-HS defconfig with HS defconfig. Signed-off-by: Andrew F. Davis --- configs/am335x_hs_evm_defconfig | 13 ++--- configs/am335x_hs_evm_uart_defconfig | 13 ++--- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/configs/am335x_hs_evm_defconfig b/configs/am335x_hs_evm_defconfig index 6121d78b49..1dceea5398 100644 --- a/configs/am335x_hs_evm_defconfig +++ b/configs/am335x_hs_evm_defconfig @@ -31,13 +31,16 @@ CONFIG_MTDPARTS_DEFAULT="mtdparts=nand.0:128k(NAND.SPL),128k(NAND.SPL.backup1),1 # CONFIG_SPL_EFI_PARTITION is not set CONFIG_OF_CONTROL=y CONFIG_DEFAULT_DEVICE_TREE="am335x-evm" -CONFIG_OF_LIST="am335x-evm am335x-bone am335x-boneblack am335x-evmsk am335x-bonegreen am335x-icev2" +CONFIG_OF_LIST="am335x-evm am335x-bone am335x-boneblack am335x-evmsk am335x-bonegreen am335x-icev2 am335x-pocketbeagle" CONFIG_SYS_RELOC_GD_ENV_ADDR=y CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG=y CONFIG_BOOTCOUNT_LIMIT=y +CONFIG_CLK=y +CONFIG_CLK_CDCE9XX=y CONFIG_DFU_MMC=y CONFIG_DFU_NAND=y CONFIG_DFU_RAM=y +CONFIG_USB_FUNCTION_FASTBOOT=y CONFIG_DM_I2C=y CONFIG_MISC=y CONFIG_DM_MMC=y @@ -49,7 +52,6 @@ CONFIG_DM_SPI_FLASH=y CONFIG_SF_DEFAULT_SPEED=2400 CONFIG_SPI_FLASH_WINBOND=y CONFIG_DM_ETH=y -CONFIG_PHY_GIGE=y CONFIG_MII=y CONFIG_DRIVER_TI_CPSW=y CONFIG_SPI=y @@ -59,6 +61,8 @@ CONFIG_TIMER=y CONFIG_OMAP_TIMER=y CONFIG_USB=y CONFIG_DM_USB=y +CONFIG_DM_USB_GADGET=y +CONFIG_SPL_DM_USB_GADGET=y CONFIG_USB_MUSB_HOST=y CONFIG_USB_MUSB_GADGET=y CONFIG_USB_MUSB_TI=y @@ -66,8 +70,11 @@ CONFIG_USB_GADGET=y CONFIG_USB_GADGET_MANUFACTURER="Texas Instruments" CONFIG_USB_GADGET_VENDOR_NUM=0x0451 CONFIG_USB_GADGET_PRODUCT_NUM=0xd022 -CONFIG_USB_GADGET_DOWNLOAD=y CONFIG_USB_ETHER=y +CONFIG_WDT=y +# CONFIG_SPL_WDT is not set +CONFIG_DYNAMIC_CRC_TABLE=y CONFIG_SPL_TINY_MEMSET=y CONFIG_RSA=y CONFIG_LZO=y +# CONFIG_OF_LIBFDT_OVERLAY is not set diff --git a/configs/am335x_hs_evm_uart_defconfig b/configs/am335x_hs_evm_uart_defconfig index c5202a96e2..a7d76c83bd 100644 --- a/configs/am335x_hs_evm_uart_defconfig +++ b/configs/am335x_hs_evm_uart_defconfig @@ -33,13 +33,16 @@ CONFIG_MTDPARTS_DEFAULT="mtdparts=nand.0:128k(NAND.SPL),128k(NAND.SPL.backup1),1 # CONFIG_SPL_EFI_PARTITION is not set CONFIG_OF_CONTROL=y CONFIG_DEFAULT_DEVICE_TREE="am335x-evm" -CONFIG_OF_LIST="am335x-evm am335x-bone am335x-boneblack am335x-evmsk am335x-bonegreen am335x-icev2" +CONFIG_OF_LIST="am335x-evm am335x-bone am335x-boneblack am335x-evmsk am335x-bonegreen am335x-icev2 am335x-pocketbeagle" CONFIG_SYS_RELOC_GD_ENV_ADDR=y CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG=y CONFIG_BOOTCOUNT_LIMIT=y +CONFIG_CLK=y +CONFIG_CLK_CDCE9XX=y CONFIG_DFU_MMC=y CONFIG_DFU_NAND=y CONFIG_DFU_RAM=y +CONFIG_USB_FUNCTION_FASTBOOT=y CONFIG_DM_I2C=y CONFIG_MISC=y CONFIG_DM_MMC=y @@ -51,7 +54,6 @@ CONFIG_DM_SPI_FLASH=y CONFIG_SF_DEFAULT_SPEED=2400 CONFIG_SPI_FLASH_WINBOND=y CONFIG_DM_ETH=y -CONFIG_PHY_GIGE=y CONFIG_MII=y CONFIG_DRIVER_TI_CPSW=y CONFIG_SPI=y @@ -61,6 +63,8 @@ CONFIG_TIMER=y CONFIG_OMAP_TIMER=y CONFIG_USB=y CONFIG_DM_USB=y +CONFIG_DM_USB_GADGET=y +CONFIG_SPL_DM_USB_GADGET=y CONFIG_USB_MUSB_HOST=y CONFIG_USB_MUSB_GADGET=y CONFIG_USB_MUSB_TI=y @@ -68,8 +72,11 @@ CONFIG_USB_GADGET=y CONFIG_USB_GADGET_MANUFACTURER="Texas Instruments" CONFIG_USB_GADGET_VENDOR_NUM=0x0451 CONFIG_USB_GADGET_PRODUCT_NUM=0xd022 -CONFIG_USB_GADGET_DOWNLOAD=y CONFIG_USB_ETHER=y +CONFIG_WDT=y +# CONFIG_SPL_WDT is not set +CONFIG_DYNAMIC_CRC_TABLE=y CONFIG_SPL_TINY_MEMSET=y CONFIG_RSA=y CONFIG_LZO=y +# CONFIG_OF_LIBFDT_OVERLAY is not set -- 2.17.1
Re: [U-Boot] [PATCH 1/3] tools: dumpimage: Provide more feedback on internal errors
On 11/13/19 11:14 AM, Andrew F. Davis wrote:
> On 9/17/19 5:09 PM, Andrew F. Davis wrote:
>> The dumpimage utility errors out in a number of places without providing
>> sufficient feedback to allow the user to easily determine what has gone
>> wrong. Add additional error messages to make the cause of the failure
>> more obvious.
>>
>> Signed-off-by: Andrew F. Davis
>> ---
>
>
> ping
>
ping #2
>
>> tools/dumpimage.c | 14 +-
>> 1 file changed, 13 insertions(+), 1 deletion(-)
>>
>> diff --git a/tools/dumpimage.c b/tools/dumpimage.c
>> index ee3d41dda4..d5f893daf1 100644
>> --- a/tools/dumpimage.c
>> +++ b/tools/dumpimage.c
>> @@ -35,14 +35,23 @@ static int dumpimage_extract_subimage(struct
>> image_type_params *tparams,
>> if (tparams->verify_header) {
>> retval = tparams->verify_header((unsigned char *)ptr,
>> sbuf->st_size, );
>> -if (retval != 0)
>> +if (retval != 0) {
>> +fprintf(stderr, "%s: failed to verify header of %s\n",
>> +params.cmdname, tparams->name);
>> return -1;
>> +}
>> +
>> /*
>> * Extract the file from the image
>> * if verify is successful
>> */
>> if (tparams->extract_subimage) {
>> retval = tparams->extract_subimage(ptr, );
>> +if (retval != 0) {
>> +fprintf(stderr, "%s: extract_subimage failed
>> for %s\n",
>> +params.cmdname, tparams->name);
>> +return -3;
>> +}
>> } else {
>> fprintf(stderr,
>> "%s: extract_subimage undefined for %s\n",
>> @@ -175,6 +184,9 @@ int main(int argc, char **argv)
>> * image type. Returns the error code if not matched
>> */
>> retval = dumpimage_extract_subimage(tparams, ptr, );
>> +if (retval)
>> +fprintf(stderr, "%s: Can't extract subimage from %s\n",
>> +params.cmdname, params.imagefile);
>> } else {
>> /*
>> * Print the image information for matched image type
>>
> ___
> U-Boot mailing list
> U-Boot@lists.denx.de
> https://lists.denx.de/listinfo/u-boot
>
Re: [U-Boot] [PATCH 0/6] J721e HS device support
Hi Tom, I see you have a -next again, if you don't want to take this for the v2020.01 perhaps this could be a good candidate for the next? Andrew On 11/20/19 10:59 PM, Lokesh Vutla wrote: > > > On 20/11/19 11:10 PM, Andrew F. Davis wrote: >> Hello all, >> >> This series brings up High-Security (HS) device support on the J721e >> platform. Support for this K3 HS device is much like the existing >> AM65x HS and this series leverages much of that support. >> >> There are also a couple tangentially related fixups that I noticed while >> adding this support and testing. Although not strictly needed they >> do allow J721e HS to just work out-of-box by the time the last patch >> adds the defconfigs. > > For the entire series: > > Reviewed-by: Lokesh Vutla > > Thank and regards, > Lokesh > >> >> Thanks, >> Andrew >> >> Andrew F. Davis (6): >> configs: j721e_evm.h: Sync J721e environment configuration with AM65x >> configs: ti: Factor out call to 'args_mmc' into MMC common environment >> arm: K3: Fix header comment match AM6 specific file function >> arm: K3: Disable ROM configured firewalls >> arm: K3: Increase default SYSFW image size allocation >> configs: Add configs for J721e High Security EVM >> >> arch/arm/mach-k3/Kconfig | 2 +- >> arch/arm/mach-k3/am6_init.c| 28 +++- >> arch/arm/mach-k3/common.c | 30 >> arch/arm/mach-k3/common.h | 7 ++ >> arch/arm/mach-k3/j721e_init.c | 52 ++ >> configs/j721e_hs_evm_a72_defconfig | 106 + >> configs/j721e_hs_evm_r5_defconfig | 102 +++ >> include/configs/j721e_evm.h| 16 - >> include/configs/ti_armv7_common.h | 1 - >> include/environment/ti/mmc.h | 5 +- >> 10 files changed, 341 insertions(+), 8 deletions(-) >> create mode 100644 configs/j721e_hs_evm_a72_defconfig >> create mode 100644 configs/j721e_hs_evm_r5_defconfig >>
[U-Boot] [PATCH 1/6] configs: j721e_evm.h: Sync J721e environment configuration with AM65x
Some of the environment configuration in AM65x is not available in
J721e due to additions on one but not the other. These two platforms
are similar enough these common definitions should be factored out
to a common area, prepare for this by synchronizing them.
Signed-off-by: Andrew F. Davis
---
include/configs/j721e_evm.h | 16 +---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/include/configs/j721e_evm.h b/include/configs/j721e_evm.h
index 639d87a4e5..2af68aad94 100644
--- a/include/configs/j721e_evm.h
+++ b/include/configs/j721e_evm.h
@@ -60,10 +60,16 @@
/* HyperFlash related configuration */
#define CONFIG_SYS_MAX_FLASH_BANKS_DETECT 1
+#define PARTS_DEFAULT \
+ /* Linux partitions */ \
+ "name=rootfs,start=0,size=-,uuid=${uuid_gpt_rootfs}\0"
+
/* U-Boot general configuration */
#define EXTRA_ENV_J721E_BOARD_SETTINGS \
"default_device_tree=" CONFIG_DEFAULT_DEVICE_TREE ".dtb\0" \
- "findfdt=setenv fdtfile ${default_device_tree}\0" \
+ "findfdt=" \
+ "setenv name_fdt ${default_device_tree};" \
+ "setenv fdtfile ${name_fdt}\0" \
"loadaddr=0x8008\0" \
"fdtaddr=0x8200\0" \
"overlayaddr=0x8300\0" \
@@ -80,7 +86,7 @@
"bootdir=/boot\0" \
"rd_spec=-\0" \
"init_mmc=run args_all args_mmc\0" \
- "get_fdt_mmc=load mmc ${bootpart} ${fdtaddr} ${bootdir}/${fdtfile}\0" \
+ "get_fdt_mmc=load mmc ${bootpart} ${fdtaddr} ${bootdir}/${name_fdt}\0" \
"get_overlay_mmc=" \
"fdt address ${fdtaddr};" \
"fdt resize 0x10;" \
@@ -90,7 +96,10 @@
"fdt apply ${overlayaddr};" \
"done;\0" \
"get_kern_mmc=load mmc ${bootpart} ${loadaddr} "\
- "${bootdir}/${name_kern}\0"
+ "${bootdir}/${name_kern}\0" \
+ "get_fit_mmc=load mmc ${bootpart} ${addr_fit} " \
+ "${bootdir}/${name_fit}\0" \
+ "partitions=" PARTS_DEFAULT
#ifdef DEFAULT_RPROCS
#undef DEFAULT_RPROCS
@@ -105,6 +114,7 @@
/* Incorporate settings into the U-Boot environment */
#define CONFIG_EXTRA_ENV_SETTINGS \
DEFAULT_MMC_TI_ARGS \
+ DEFAULT_FIT_TI_ARGS \
EXTRA_ENV_J721E_BOARD_SETTINGS \
EXTRA_ENV_J721E_BOARD_SETTINGS_MMC \
EXTRA_ENV_RPROC_SETTINGS\
--
2.17.1
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 3/6] arm: K3: Fix header comment match AM6 specific file function
This file used to be the common location for K3 init when AM6 was the only device, but common code was moved to common.c and this file became AM6 specific, correct this header text. Signed-off-by: Andrew F. Davis --- arch/arm/mach-k3/am6_init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/mach-k3/am6_init.c b/arch/arm/mach-k3/am6_init.c index 99edcd9a24..58ea9ba179 100644 --- a/arch/arm/mach-k3/am6_init.c +++ b/arch/arm/mach-k3/am6_init.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0+ /* - * K3: Architecture initialization + * AM6: SoC specific initialization * * Copyright (C) 2017-2018 Texas Instruments Incorporated - http://www.ti.com/ * Lokesh Vutla -- 2.17.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 6/6] configs: Add configs for J721e High Security EVM
Add new defconfig files for the J721e High Security EVM.
These defconfigs are the same as for the non-secure part, except for:
CONFIG_TI_SECURE_DEVICE option set to 'y'
CONFIG_FIT_IMAGE_POST_PROCESS option set to 'y'
CONFIG_SPL_FIT_IMAGE_POST_PROCESS option set to 'y'
CONFIG_BOOTCOMMAND uses FIT images for booting
Signed-off-by: Andrew F. Davis
---
configs/j721e_hs_evm_a72_defconfig | 106 +
configs/j721e_hs_evm_r5_defconfig | 102 +++
2 files changed, 208 insertions(+)
create mode 100644 configs/j721e_hs_evm_a72_defconfig
create mode 100644 configs/j721e_hs_evm_r5_defconfig
diff --git a/configs/j721e_hs_evm_a72_defconfig
b/configs/j721e_hs_evm_a72_defconfig
new file mode 100644
index 00..61fc39442b
--- /dev/null
+++ b/configs/j721e_hs_evm_a72_defconfig
@@ -0,0 +1,106 @@
+CONFIG_ARM=y
+CONFIG_ARCH_K3=y
+CONFIG_TI_SECURE_DEVICE=y
+CONFIG_SPL_LIBCOMMON_SUPPORT=y
+CONFIG_SPL_LIBGENERIC_SUPPORT=y
+CONFIG_SYS_MALLOC_F_LEN=0x8000
+CONFIG_SOC_K3_J721E=y
+CONFIG_TARGET_J721E_A72_EVM=y
+CONFIG_SPL_MMC_SUPPORT=y
+CONFIG_SPL_SERIAL_SUPPORT=y
+CONFIG_SPL_DRIVERS_MISC_SUPPORT=y
+CONFIG_SPL_STACK_R_ADDR=0x8200
+CONFIG_NR_DRAM_BANKS=2
+CONFIG_SPL_FS_FAT=y
+CONFIG_SPL_LIBDISK_SUPPORT=y
+CONFIG_SPL_SPI_FLASH_SUPPORT=y
+CONFIG_SPL_SPI_SUPPORT=y
+# CONFIG_PSCI_RESET is not set
+CONFIG_SPL_TEXT_BASE=0x8008
+CONFIG_DISTRO_DEFAULTS=y
+# CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set
+CONFIG_FIT_IMAGE_POST_PROCESS=y
+CONFIG_SPL_LOAD_FIT=y
+CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y
+CONFIG_BOOTCOMMAND="run findfdt; run envboot; run init_${boot}; run
boot_rprocs; run get_fit_${boot}; run get_overlaystring; run run_fit"
+CONFIG_SPL_SYS_MALLOC_SIMPLE=y
+CONFIG_SPL_STACK_R=y
+CONFIG_SPL_SEPARATE_BSS=y
+CONFIG_SPL_I2C_SUPPORT=y
+CONFIG_SPL_DM_MAILBOX=y
+CONFIG_SPL_DM_RESET=y
+CONFIG_SPL_POWER_SUPPORT=y
+CONFIG_SPL_POWER_DOMAIN=y
+CONFIG_SPL_SPI_LOAD=y
+CONFIG_SYS_SPI_U_BOOT_OFFS=0x28
+CONFIG_SPL_YMODEM_SUPPORT=y
+CONFIG_CMD_ASKENV=y
+# CONFIG_CMD_FLASH is not set
+CONFIG_CMD_MMC=y
+CONFIG_CMD_MTD=y
+CONFIG_CMD_REMOTEPROC=y
+CONFIG_CMD_UFS=y
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_TIME=y
+CONFIG_CMD_EXT4_WRITE=y
+CONFIG_MTDIDS_DEFAULT="nor0=4704.spi.0,nor0=47034000.hyperbus"
+CONFIG_MTDPARTS_DEFAULT="mtdparts=47034000.hyperbus:512k(hbmc.tiboot3),2m(hbmc.tispl),4m(hbmc.u-boot),256k(hbmc.env),1m(hbmc.sysfw),-@8m(hbmc.rootfs)"
+# CONFIG_ISO_PARTITION is not set
+# CONFIG_SPL_EFI_PARTITION is not set
+CONFIG_OF_CONTROL=y
+CONFIG_SPL_OF_CONTROL=y
+CONFIG_DEFAULT_DEVICE_TREE="k3-j721e-common-proc-board"
+CONFIG_SPL_MULTI_DTB_FIT=y
+CONFIG_SPL_MULTI_DTB_FIT_NO_COMPRESSION=y
+CONFIG_DM=y
+CONFIG_SPL_DM=y
+CONFIG_SPL_DM_SEQ_ALIAS=y
+CONFIG_REGMAP=y
+CONFIG_SPL_REGMAP=y
+CONFIG_SYSCON=y
+CONFIG_SPL_OF_TRANSLATE=y
+CONFIG_CLK=y
+CONFIG_SPL_CLK=y
+CONFIG_CLK_TI_SCI=y
+CONFIG_TI_SCI_PROTOCOL=y
+CONFIG_DM_MAILBOX=y
+CONFIG_K3_SEC_PROXY=y
+CONFIG_MISC=y
+CONFIG_DM_MMC=y
+CONFIG_MMC_SDHCI=y
+CONFIG_MMC_SDHCI_AM654=y
+CONFIG_MTD=y
+CONFIG_MTD_NOR_FLASH=y
+CONFIG_MTD_DEVICE=y
+CONFIG_FLASH_CFI_DRIVER=y
+CONFIG_CFI_FLASH=y
+CONFIG_SYS_FLASH_USE_BUFFER_WRITE=y
+CONFIG_FLASH_CFI_MTD=y
+CONFIG_SYS_FLASH_CFI=y
+CONFIG_HBMC_AM654=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_SPI_FLASH_STMICRO=y
+CONFIG_PINCTRL=y
+# CONFIG_PINCTRL_GENERIC is not set
+CONFIG_SPL_PINCTRL=y
+# CONFIG_SPL_PINCTRL_GENERIC is not set
+CONFIG_PINCTRL_SINGLE=y
+CONFIG_POWER_DOMAIN=y
+CONFIG_TI_SCI_POWER_DOMAIN=y
+CONFIG_REMOTEPROC_TI_K3_DSP=y
+CONFIG_REMOTEPROC_TI_K3_R5F=y
+CONFIG_DM_RESET=y
+CONFIG_RESET_TI_SCI=y
+CONFIG_SCSI=y
+CONFIG_DM_SCSI=y
+CONFIG_DM_SERIAL=y
+CONFIG_SPI=y
+CONFIG_DM_SPI=y
+CONFIG_CADENCE_QSPI=y
+CONFIG_SYSRESET=y
+CONFIG_SPL_SYSRESET=y
+CONFIG_SYSRESET_TI_SCI=y
+CONFIG_UFS=y
+CONFIG_CADENCE_UFS=y
+CONFIG_TI_J721E_UFS=y
+CONFIG_OF_LIBFDT_OVERLAY=y
diff --git a/configs/j721e_hs_evm_r5_defconfig
b/configs/j721e_hs_evm_r5_defconfig
new file mode 100644
index 00..6b93153d92
--- /dev/null
+++ b/configs/j721e_hs_evm_r5_defconfig
@@ -0,0 +1,102 @@
+CONFIG_ARM=y
+CONFIG_ARCH_K3=y
+CONFIG_TI_SECURE_DEVICE=y
+CONFIG_SPL_GPIO_SUPPORT=y
+CONFIG_SPL_LIBCOMMON_SUPPORT=y
+CONFIG_SPL_LIBGENERIC_SUPPORT=y
+CONFIG_SYS_MALLOC_F_LEN=0x55000
+CONFIG_SOC_K3_J721E=y
+CONFIG_TARGET_J721E_R5_EVM=y
+CONFIG_SPL_MMC_SUPPORT=y
+CONFIG_SPL_SERIAL_SUPPORT=y
+CONFIG_SPL_DRIVERS_MISC_SUPPORT=y
+CONFIG_SPL_STACK_R_ADDR=0x8200
+CONFIG_SPL_FS_FAT=y
+CONFIG_SPL_LIBDISK_SUPPORT=y
+CONFIG_SPL_SPI_FLASH_SUPPORT=y
+CONFIG_SPL_SPI_SUPPORT=y
+CONFIG_SPL_TEXT_BASE=0x41c0
+# CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set
+CONFIG_SPL_LOAD_FIT=y
+CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y
+CONFIG_USE_BOOTCOMMAND=y
+# CONFIG_DISPLAY_CPUINFO is not set
+CONFIG_SPL_STACK_R=y
+CONFIG_SPL_SEPARATE_BSS=y
+CONFIG_SPL_EARLY_BSS=y
+CONFIG_SPL_ENV_SUPPORT=y
+CONFIG_SPL_I2C_SUPPORT=y
+CONFIG_SPL_DM_MAILBOX=y
+CONFIG_SPL_DM_RESET=y
+CONFIG_SPL_POWER_SUPPORT=y
+CONFIG_SPL_
[U-Boot] [PATCH 5/6] arm: K3: Increase default SYSFW image size allocation
The memory allocated to store the FIT image containing SYSFW and board configuration data is statically defined to the largest size expected. This was 276000 bytes but now needs to be grown to 277000 to make room for the slightly larger SYSFW image used on J721e High-Security devices. Signed-off-by: Andrew F. Davis --- arch/arm/mach-k3/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/mach-k3/Kconfig b/arch/arm/mach-k3/Kconfig index 5583241943..2e111bbf27 100644 --- a/arch/arm/mach-k3/Kconfig +++ b/arch/arm/mach-k3/Kconfig @@ -119,7 +119,7 @@ config K3_SYSFW_IMAGE_MMCSD_RAW_MODE_PART config K3_SYSFW_IMAGE_SIZE_MAX int "Amount of memory dynamically allocated for loading SYSFW blob" depends on K3_LOAD_SYSFW - default 276000 + default 277000 help Amount of memory (in bytes) reserved through dynamic allocation at runtime for loading the combined System Firmware and configuration image -- 2.17.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 2/6] configs: ti: Factor out call to 'args_mmc' into MMC common environment
Both 'loadfit' and 'mmcloados' start with a call to 'args_mmc' so this
can be factored out to before eithers only call site. This also allows us
to remove that call from 'loadfit', which should not have been calling it
anyway as that command should not be MMC specific. Without the call to
'args_mmc' the command 'loadfit' becomes just a call to 'run_fit' so
remove the indirection and call 'run_fit' directly, this removes the need
for 'loadfit' command (which was misnamed anyway). Drop it.
Signed-off-by: Andrew F. Davis
---
include/configs/ti_armv7_common.h | 1 -
include/environment/ti/mmc.h | 5 +++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/include/configs/ti_armv7_common.h
b/include/configs/ti_armv7_common.h
index 6d15304a65..2ec1dea26e 100644
--- a/include/configs/ti_armv7_common.h
+++ b/include/configs/ti_armv7_common.h
@@ -61,7 +61,6 @@
"setenv overlaystring ${overlaystring}'#'${overlay};" \
"done;\0" \
"run_fit=bootm ${addr_fit}#${fdtfile}${overlaystring}\0" \
- "loadfit=run args_mmc; run run_fit;\0" \
/*
* DDR information. If the CONFIG_NR_DRAM_BANKS is not defined,
diff --git a/include/environment/ti/mmc.h b/include/environment/ti/mmc.h
index bb4af0a3d5..1c8e49a8b3 100644
--- a/include/environment/ti/mmc.h
+++ b/include/environment/ti/mmc.h
@@ -41,7 +41,7 @@
"fi;" \
"fi;" \
"fi;\0" \
- "mmcloados=run args_mmc; " \
+ "mmcloados=" \
"if test ${boot_fdt} = yes || test ${boot_fdt} = try; then " \
"if run loadfdt; then " \
"bootz ${loadaddr} - ${fdtaddr}; " \
@@ -61,8 +61,9 @@
"if mmc rescan; then " \
"echo SD/MMC found on device ${mmcdev};" \
"if run loadimage; then " \
+ "run args_mmc; " \
"if test ${boot_fit} -eq 1; then " \
- "run loadfit; " \
+ "run run_fit; " \
"else " \
"run mmcloados;" \
"fi;" \
--
2.17.1
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 4/6] arm: K3: Disable ROM configured firewalls
ROM configures certain firewalls based on its usage, which includes
the one in front of boot peripherals. In specific case of boot peripherals,
ROM does not open up the full address space corresponding to the peripherals.
Like in OSPI, ROM only configures the firewall region for 32 bit address
space and mark 64bit address space flash regions as in-accessible.
When security-cfg is initialized by sysfw, all the non-configured
firewalls are kept in bypass state using a global setting. Since ROM
configured firewalls for certain peripherals, these will not be touched.
So when bootloader touches any of the address space that ROM marked as
in-accessible, system raises a firewall exception causing boot hang.
It would have been ideal if sysfw cleans up the ROM configured boot
peripheral firewalls. Given the memory overhead to store this
information provided by ROM and the boot time increase in re configuring
the firewalls, it is concluded to clean this up in bootloaders.
So disable all the firewalls that ROM doesn't open up the full address
space.
Signed-off-by: Andrew F. Davis
Signed-off-by: Venkateswara Rao Mandela
Signed-off-by: Lokesh Vutla
---
arch/arm/mach-k3/am6_init.c | 26 ++
arch/arm/mach-k3/common.c | 30
arch/arm/mach-k3/common.h | 7 +
arch/arm/mach-k3/j721e_init.c | 52 +++
4 files changed, 115 insertions(+)
diff --git a/arch/arm/mach-k3/am6_init.c b/arch/arm/mach-k3/am6_init.c
index 58ea9ba179..d924fa0422 100644
--- a/arch/arm/mach-k3/am6_init.c
+++ b/arch/arm/mach-k3/am6_init.c
@@ -19,6 +19,26 @@
#include
#ifdef CONFIG_SPL_BUILD
+#ifdef CONFIG_K3_LOAD_SYSFW
+#ifdef CONFIG_TI_SECURE_DEVICE
+struct fwl_data main_cbass_fwls[] = {
+ { "MMCSD1_CFG", 2057, 1 },
+ { "MMCSD0_CFG", 2058, 1 },
+ { "USB3SS0_SLV0", 2176, 2 },
+ { "PCIE0_SLV", 2336, 8 },
+ { "PCIE1_SLV", 2337, 8 },
+ { "PCIE0_CFG", 2688, 1 },
+ { "PCIE1_CFG", 2689, 1 },
+}, mcu_cbass_fwls[] = {
+ { "MCU_ARMSS0_CORE0_SLV", 1024, 1 },
+ { "MCU_ARMSS0_CORE1_SLV", 1028, 1 },
+ { "MCU_FSS0_S1", 1033, 8 },
+ { "MCU_FSS0_S0", 1036, 8 },
+ { "MCU_CPSW0", 1220, 1 },
+};
+#endif
+#endif
+
static void mmr_unlock(u32 base, u32 partition)
{
/* Translate the base address */
@@ -108,6 +128,12 @@ void board_init_f(ulong dummy)
* output.
*/
k3_sysfw_loader(preloader_console_init);
+
+ /* Disable ROM configured firewalls right after loading sysfw */
+#ifdef CONFIG_TI_SECURE_DEVICE
+ remove_fwl_configs(main_cbass_fwls, ARRAY_SIZE(main_cbass_fwls));
+ remove_fwl_configs(mcu_cbass_fwls, ARRAY_SIZE(mcu_cbass_fwls));
+#endif
#else
/* Prepare console output */
preloader_console_init();
diff --git a/arch/arm/mach-k3/common.c b/arch/arm/mach-k3/common.c
index bf631b74f8..8b85890763 100644
--- a/arch/arm/mach-k3/common.c
+++ b/arch/arm/mach-k3/common.c
@@ -244,3 +244,33 @@ void board_prep_linux(bootm_headers_t *images)
CONFIG_SYS_CACHELINE_SIZE));
}
#endif
+
+void remove_fwl_configs(struct fwl_data *fwl_data, size_t fwl_data_size)
+{
+ struct ti_sci_msg_fwl_region region;
+ struct ti_sci_fwl_ops *fwl_ops;
+ struct ti_sci_handle *ti_sci;
+ size_t i, j;
+
+ ti_sci = get_ti_sci_handle();
+ fwl_ops = _sci->ops.fwl_ops;
+ for (i = 0; i < fwl_data_size; i++) {
+ for (j = 0; j < fwl_data[i].regions; j++) {
+ region.fwl_id = fwl_data[i].fwl_id;
+ region.region = j;
+ region.n_permission_regs = 3;
+
+ fwl_ops->get_fwl_region(ti_sci, );
+
+ if (region.control != 0) {
+ pr_debug("Attempting to disable firewall %5d
(%25s)\n",
+region.fwl_id, fwl_data[i].name);
+ region.control = 0;
+
+ if (fwl_ops->set_fwl_region(ti_sci, ))
+ pr_err("Could not disable firewall %5d
(%25s)\n",
+ region.fwl_id, fwl_data[i].name);
+ }
+ }
+ }
+}
diff --git a/arch/arm/mach-k3/common.h b/arch/arm/mach-k3/common.h
index 8f9a023921..10701123dd 100644
--- a/arch/arm/mach-k3/common.h
+++ b/arch/arm/mach-k3/common.h
@@ -14,5 +14,12 @@
#define REV_PG1_0 0
#define REV_PG2_0 1
+struct fwl_data {
+ const char *name;
+ u16 fwl_id;
+ u16 regions;
+};
+
void setup_k3_mpu_regions(void);
int early_console_init(void);
+void remove_fwl_configs(struct fwl_data *fwl_data, size_t fwl_data_size);
diff --git a/arch/arm/mach-k3/j721e_init.c
[U-Boot] [PATCH 0/6] J721e HS device support
Hello all, This series brings up High-Security (HS) device support on the J721e platform. Support for this K3 HS device is much like the existing AM65x HS and this series leverages much of that support. There are also a couple tangentially related fixups that I noticed while adding this support and testing. Although not strictly needed they do allow J721e HS to just work out-of-box by the time the last patch adds the defconfigs. Thanks, Andrew Andrew F. Davis (6): configs: j721e_evm.h: Sync J721e environment configuration with AM65x configs: ti: Factor out call to 'args_mmc' into MMC common environment arm: K3: Fix header comment match AM6 specific file function arm: K3: Disable ROM configured firewalls arm: K3: Increase default SYSFW image size allocation configs: Add configs for J721e High Security EVM arch/arm/mach-k3/Kconfig | 2 +- arch/arm/mach-k3/am6_init.c| 28 +++- arch/arm/mach-k3/common.c | 30 arch/arm/mach-k3/common.h | 7 ++ arch/arm/mach-k3/j721e_init.c | 52 ++ configs/j721e_hs_evm_a72_defconfig | 106 + configs/j721e_hs_evm_r5_defconfig | 102 +++ include/configs/j721e_evm.h| 16 - include/configs/ti_armv7_common.h | 1 - include/environment/ti/mmc.h | 5 +- 10 files changed, 341 insertions(+), 8 deletions(-) create mode 100644 configs/j721e_hs_evm_a72_defconfig create mode 100644 configs/j721e_hs_evm_r5_defconfig -- 2.17.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH 1/3] tools: dumpimage: Provide more feedback on internal errors
On 9/17/19 5:09 PM, Andrew F. Davis wrote:
> The dumpimage utility errors out in a number of places without providing
> sufficient feedback to allow the user to easily determine what has gone
> wrong. Add additional error messages to make the cause of the failure
> more obvious.
>
> Signed-off-by: Andrew F. Davis
> ---
ping
> tools/dumpimage.c | 14 +-
> 1 file changed, 13 insertions(+), 1 deletion(-)
>
> diff --git a/tools/dumpimage.c b/tools/dumpimage.c
> index ee3d41dda4..d5f893daf1 100644
> --- a/tools/dumpimage.c
> +++ b/tools/dumpimage.c
> @@ -35,14 +35,23 @@ static int dumpimage_extract_subimage(struct
> image_type_params *tparams,
> if (tparams->verify_header) {
> retval = tparams->verify_header((unsigned char *)ptr,
> sbuf->st_size, );
> - if (retval != 0)
> + if (retval != 0) {
> + fprintf(stderr, "%s: failed to verify header of %s\n",
> + params.cmdname, tparams->name);
> return -1;
> + }
> +
> /*
>* Extract the file from the image
>* if verify is successful
>*/
> if (tparams->extract_subimage) {
> retval = tparams->extract_subimage(ptr, );
> + if (retval != 0) {
> + fprintf(stderr, "%s: extract_subimage failed
> for %s\n",
> + params.cmdname, tparams->name);
> + return -3;
> + }
> } else {
> fprintf(stderr,
> "%s: extract_subimage undefined for %s\n",
> @@ -175,6 +184,9 @@ int main(int argc, char **argv)
>* image type. Returns the error code if not matched
>*/
> retval = dumpimage_extract_subimage(tparams, ptr, );
> + if (retval)
> + fprintf(stderr, "%s: Can't extract subimage from %s\n",
> + params.cmdname, params.imagefile);
> } else {
> /*
>* Print the image information for matched image type
>
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH] configs: j721e_evm_r5_defconfig: Remove SPL multi-DTB FIT support
The SPL FIT will only have one DTB, so remove support for multi-DTB. This also removes an early access to EEPROM used to select the DTB that is not valid in SPL at the point at which it is accessed, that always returns false for GP devices and causes a firewall expection on HS. Signed-off-by: Andrew F. Davis --- configs/j721e_evm_r5_defconfig | 2 -- 1 file changed, 2 deletions(-) diff --git a/configs/j721e_evm_r5_defconfig b/configs/j721e_evm_r5_defconfig index b7168eceb4..57a8cf61e6 100644 --- a/configs/j721e_evm_r5_defconfig +++ b/configs/j721e_evm_r5_defconfig @@ -45,8 +45,6 @@ CONFIG_CMD_FAT=y CONFIG_OF_CONTROL=y CONFIG_SPL_OF_CONTROL=y CONFIG_DEFAULT_DEVICE_TREE="k3-j721e-r5-common-proc-board" -CONFIG_SPL_MULTI_DTB_FIT=y -CONFIG_SPL_MULTI_DTB_FIT_NO_COMPRESSION=y CONFIG_DM=y CONFIG_SPL_DM=y CONFIG_SPL_DM_SEQ_ALIAS=y -- 2.17.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] Regression in fastboot on X15 due to CDCE913 enabling
On 10/24/19 11:25 AM, Vignesh Raghavendra wrote:
> Hi Sam,
>
> On 24-Oct-19 7:16 PM, Sam Protsenko wrote:
>> Putting Vignesh to "To:".
>>
>> Hi Vignesh,
>>
>> Please address Tero's comments below (I've marked with ^^^). Thanks.
>>
>> On Thu, Oct 24, 2019 at 3:54 PM Tero Kristo wrote:
>>>
>>> On 24/10/2019 13:32, Sam Protsenko wrote:
Hi Tero,
On Thu, Oct 24, 2019 at 10:32 AM Tero Kristo wrote:
>
> On 23/10/2019 17:20, Sam Protsenko wrote:
>> + fixed U-Boot mailing list address
>>
>> On Wed, Oct 23, 2019 at 3:13 PM Sam Protsenko
>> wrote:
>>>
>>> Hi Tero,
>>>
>>> This patch was merged in U-Boot/master recently:
>>>
>>> e8e683d33b0c ("board: ti: am57xx-idk: Configure the CDCE913 clock
>>> synthesizer")
>>>
>>> Unfortunately it leads to a regression in fastboot code on BeagleBoard
>>> X15. Basically fastboot stops to work, with a message like this:
>>>
>>> => fastboot 1
>>> No USB device found
>>> USB init failed: -19
>>>
>>> I haven't investigated that as I'm busy with Android boot flow patch
>>> series at the moment (trying to merge it before merge window closes).
>>> Can you please investigate what is the cause and how to fix it?
>>>
>>> Thanks!
>
> This seems to be caused by usb dwc3 init failing to get clks, if
> CONFIG_CLK is enabled. We appear to have the attached patch which fixes
> it in TI internal u-boot tree; it fixes the issue with latest u-boot also.
>
> Should this be picked for upstream also? (CC: Vignesh)
>>
>
> Yes, this patch is applicable upstream as well. I did not get time to
> post this series to upstream list.
>
>> ^^^
>>
>
I can confirm that that patch helps. If it's a proper fix, can you
please send it here? Also, I guess it would be nice to have next tags
specified: Fixes:, Reported-by:.
Thanks!
>>>
>>> Vignesh, any comments as you are the author of that patch? The
>>> background on it is somewhat unclear to me.
>>>
>>
>
> In case of AM57xx, USB clocks are enabled by board files. Therefore clk
> and reset APIs may return -ENOENT as nodes may be absent in the DT.
Would it be better to move these clocks over to DT?
> Since clks and resets are optional, -ENOENT needs to be ignored as well.
>
So clocks populated by board config and those that are missing/optional
will have the same effect? Sounds wrong to me.
Andrew
>
>> ^^^
>>
>>> -Tero
>>> --
>>> Texas Instruments Finland Oy, Porkkalankatu 22, 00180 Helsinki.
>>> Y-tunnus/Business ID: 0615521-4. Kotipaikka/Domicile: Helsinki
> ___
> U-Boot mailing list
> U-Boot@lists.denx.de
> https://lists.denx.de/listinfo/u-boot
>
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH] arm: K3: Increase default SYSFW image size allocation
The memory allocated to store the FIT image containing SYSFW and board configuration data is statically defined to the largest size expected. This was 269000 bytes but now needs to be grown to 276000 to make room for the signatures attached to the board configuration data on High Security devices. Signed-off-by: Andrew F. Davis --- arch/arm/mach-k3/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/mach-k3/Kconfig b/arch/arm/mach-k3/Kconfig index 9652c96a78..de1c1cc73f 100644 --- a/arch/arm/mach-k3/Kconfig +++ b/arch/arm/mach-k3/Kconfig @@ -98,7 +98,7 @@ config K3_SYSFW_IMAGE_MMCSD_RAW_MODE_PART config K3_SYSFW_IMAGE_SIZE_MAX int "Amount of memory dynamically allocated for loading SYSFW blob" depends on K3_LOAD_SYSFW - default 269000 + default 276000 help Amount of memory (in bytes) reserved through dynamic allocation at runtime for loading the combined System Firmware and configuration image -- 2.17.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH] ARM: keystone2: update the default addresses of the secure monitor
From: Jean-Jacques Hiblot
To accommodate the growth of u-boot, we need to shift the location of the
secure monitor. Moving it 64kB further.
Signed-off-by: Jean-Jacques Hiblot
---
include/configs/ti_armv7_keystone2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/configs/ti_armv7_keystone2.h
b/include/configs/ti_armv7_keystone2.h
index d7bb1efcbf..ba12428dbe 100644
--- a/include/configs/ti_armv7_keystone2.h
+++ b/include/configs/ti_armv7_keystone2.h
@@ -217,8 +217,8 @@
"addr_secdb_key=0xc00\0"\
"name_kern=zImage\0"\
"addr_mon=0x8700\0" \
- "addr_non_sec_mon=0x0c087fc0\0" \
- "addr_load_sec_bm=0x0c08c000\0" \
+ "addr_non_sec_mon=0x0c097fc0\0" \
+ "addr_load_sec_bm=0x0c09c000\0" \
"run_mon=mon_install ${addr_mon}\0" \
"run_mon_hs=mon_install ${addr_non_sec_mon} " \
"${addr_load_sec_bm}\0" \
--
2.17.1
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH] board: ti: am654: Disable TRNG node for HS devices
On HS devices the access to TRNG is restricted on the non-secure
ARM side, disable the node in DT to prevent firewall violations.
Signed-off-by: Andrew F. Davis
---
arch/arm/mach-k3/common.c | 20
arch/arm/mach-k3/include/mach/sys_proto.h | 2 ++
board/ti/am65x/evm.c | 15 +--
3 files changed, 35 insertions(+), 2 deletions(-)
diff --git a/arch/arm/mach-k3/common.c b/arch/arm/mach-k3/common.c
index 3e36d90ace..c16afc654f 100644
--- a/arch/arm/mach-k3/common.c
+++ b/arch/arm/mach-k3/common.c
@@ -137,6 +137,26 @@ int fdt_fixup_msmc_ram(void *blob, char *parent_path, char
*node_name)
return 0;
}
+
+int fdt_disable_node(void *blob, char *node_path)
+{
+ int offs;
+ int ret;
+
+ offs = fdt_path_offset(blob, node_path);
+ if (offs < 0) {
+ debug("Node %s not found.\n", node_path);
+ return 0;
+ }
+ ret = fdt_setprop_string(blob, offs, "status", "disabled");
+ if (ret < 0) {
+ printf("Could not add status property to node %s: %s\n",
+ node_path, fdt_strerror(ret));
+ return ret;
+ }
+ return 0;
+}
+
#endif
#ifndef CONFIG_SYSRESET
diff --git a/arch/arm/mach-k3/include/mach/sys_proto.h
b/arch/arm/mach-k3/include/mach/sys_proto.h
index 45832b45a1..3c825aa3d1 100644
--- a/arch/arm/mach-k3/include/mach/sys_proto.h
+++ b/arch/arm/mach-k3/include/mach/sys_proto.h
@@ -14,4 +14,6 @@ struct ti_sci_handle *get_ti_sci_handle(void);
int fdt_fixup_msmc_ram(void *blob, char *parent_path, char *node_name);
int do_board_detect(void);
void release_resources_for_core_shutdown(void);
+int fdt_disable_node(void *blob, char *node_path);
+
#endif
diff --git a/board/ti/am65x/evm.c b/board/ti/am65x/evm.c
index e01adcd642..ad333ad883 100644
--- a/board/ti/am65x/evm.c
+++ b/board/ti/am65x/evm.c
@@ -96,10 +96,21 @@ int ft_board_setup(void *blob, bd_t *bd)
int ret;
ret = fdt_fixup_msmc_ram(blob, "/interconnect@10", "sram@7000");
- if (ret)
+ if (ret) {
printf("%s: fixing up msmc ram failed %d\n", __func__, ret);
+ return ret;
+ }
- return ret;
+#if defined(CONFIG_TI_SECURE_DEVICE)
+ /* Make HW RNG reserved for secure world use */
+ ret = fdt_disable_node(blob, "/interconnect@10/trng@4e1");
+ if (ret) {
+ printf("%s: disabling TRGN failed %d\n", __func__, ret);
+ return ret;
+ }
+#endif
+
+ return 0;
}
#endif
--
2.17.1
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 1/3] tools: dumpimage: Provide more feedback on internal errors
The dumpimage utility errors out in a number of places without providing
sufficient feedback to allow the user to easily determine what has gone
wrong. Add additional error messages to make the cause of the failure
more obvious.
Signed-off-by: Andrew F. Davis
---
tools/dumpimage.c | 14 +-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/tools/dumpimage.c b/tools/dumpimage.c
index ee3d41dda4..d5f893daf1 100644
--- a/tools/dumpimage.c
+++ b/tools/dumpimage.c
@@ -35,14 +35,23 @@ static int dumpimage_extract_subimage(struct
image_type_params *tparams,
if (tparams->verify_header) {
retval = tparams->verify_header((unsigned char *)ptr,
sbuf->st_size, );
- if (retval != 0)
+ if (retval != 0) {
+ fprintf(stderr, "%s: failed to verify header of %s\n",
+ params.cmdname, tparams->name);
return -1;
+ }
+
/*
* Extract the file from the image
* if verify is successful
*/
if (tparams->extract_subimage) {
retval = tparams->extract_subimage(ptr, );
+ if (retval != 0) {
+ fprintf(stderr, "%s: extract_subimage failed
for %s\n",
+ params.cmdname, tparams->name);
+ return -3;
+ }
} else {
fprintf(stderr,
"%s: extract_subimage undefined for %s\n",
@@ -175,6 +184,9 @@ int main(int argc, char **argv)
* image type. Returns the error code if not matched
*/
retval = dumpimage_extract_subimage(tparams, ptr, );
+ if (retval)
+ fprintf(stderr, "%s: Can't extract subimage from %s\n",
+ params.cmdname, params.imagefile);
} else {
/*
* Print the image information for matched image type
--
2.17.1
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 3/3] tools: dumpimage: Fall-though to print usage for help command
This has the same result but some compilers will warn about this
fall-through if there are statements as part of the label block.
Signed-off-by: Andrew F. Davis
---
tools/dumpimage.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/tools/dumpimage.c b/tools/dumpimage.c
index d5f893daf1..e5481435a7 100644
--- a/tools/dumpimage.c
+++ b/tools/dumpimage.c
@@ -104,7 +104,6 @@ int main(int argc, char **argv)
printf("dumpimage version %s\n", PLAIN_VERSION);
exit(EXIT_SUCCESS);
case 'h':
- usage();
default:
usage();
break;
--
2.17.1
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 2/3] tools: fit_image: Use fit_image_get_data_and_size for getting offset/size
This is very similar to fit_image_get_data but has the benefit of working
on FIT images with external data unlike fit_image_get_data. This is
useful for extracting sub-images from type of FIT image as this would
previously just silently fail. Add an error message also so if this
still fails it is easier to find out why.
Signed-off-by: Andrew F. Davis
---
tools/fit_image.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/tools/fit_image.c b/tools/fit_image.c
index 5aca634b5e..0e4c2271ce 100644
--- a/tools/fit_image.c
+++ b/tools/fit_image.c
@@ -738,9 +738,14 @@ static int fit_image_extract(
{
const void *file_data;
size_t file_size = 0;
+ int ret;
- /* get the "data" property of component at offset "image_noffset" */
- fit_image_get_data(fit, image_noffset, _data, _size);
+ /* get the data address and size of component at offset "image_noffset"
*/
+ ret = fit_image_get_data_and_size(fit, image_noffset, _data,
_size);
+ if (ret) {
+ fprintf(stderr, "Could not get component information\n");
+ return ret;
+ }
/* save the "file_data" into the file specified by "file_name" */
return imagetool_save_subimage(file_name, (ulong) file_data, file_size);
--
2.17.1
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH] configs: ti: Use addr_fit for run_fit environment variable
When running 'run_fit' the FIT file should have been loaded at
'addr_fit', although at this point they should be the same
use this variable instead of 'loadaddr'.
Signed-off-by: Andrew F. Davis
---
include/configs/ti_armv7_common.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/configs/ti_armv7_common.h
b/include/configs/ti_armv7_common.h
index 2de6bc2390..6d15304a65 100644
--- a/include/configs/ti_armv7_common.h
+++ b/include/configs/ti_armv7_common.h
@@ -60,7 +60,7 @@
"do;" \
"setenv overlaystring ${overlaystring}'#'${overlay};" \
"done;\0" \
- "run_fit=bootm ${loadaddr}#${fdtfile}${overlaystring}\0" \
+ "run_fit=bootm ${addr_fit}#${fdtfile}${overlaystring}\0" \
"loadfit=run args_mmc; run run_fit;\0" \
/*
--
2.17.1
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 2/2] configs: am65x_hs_evm: Use FIT images when booting HS devices
HS devices use the FIT post processing step to authenticate boot images.
Set the configured boot command to load FIT by default.
Signed-off-by: Andrew F. Davis
---
configs/am65x_hs_evm_a53_defconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configs/am65x_hs_evm_a53_defconfig
b/configs/am65x_hs_evm_a53_defconfig
index 87547ed9ab..28c92f9106 100644
--- a/configs/am65x_hs_evm_a53_defconfig
+++ b/configs/am65x_hs_evm_a53_defconfig
@@ -19,7 +19,7 @@ CONFIG_FIT_IMAGE_POST_PROCESS=y
CONFIG_SPL_LOAD_FIT=y
CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y
CONFIG_OF_BOARD_SETUP=y
-CONFIG_BOOTCOMMAND="run findfdt; run envboot; run init_${boot}; run
get_kern_${boot}; run get_fdt_${boot}; run get_overlay_${boot}; run run_kern"
+CONFIG_BOOTCOMMAND="run findfdt; run envboot; run init_${boot}; run
get_fit_${boot}; run get_overlaystring; run run_fit"
# CONFIG_DISPLAY_CPUINFO is not set
CONFIG_SPL_TEXT_BASE=0x8008
CONFIG_SPL_SYS_MALLOC_SIMPLE=y
--
2.17.1
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 1/2] configs: ti: Add environment support commands for FIT loading
Some parts of these commands can be reused, add them to common files.
Signed-off-by: Andrew F. Davis
---
include/configs/am65x_evm.h | 3 +++
include/configs/ti_armv7_common.h | 8 +++-
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/include/configs/am65x_evm.h b/include/configs/am65x_evm.h
index 6072e4a48c..0249a20ba8 100644
--- a/include/configs/am65x_evm.h
+++ b/include/configs/am65x_evm.h
@@ -94,11 +94,14 @@
"done;\0" \
"get_kern_mmc=load mmc ${bootpart} ${loadaddr} "\
"${bootdir}/${name_kern}\0" \
+ "get_fit_mmc=load mmc ${bootpart} ${addr_fit} " \
+ "${bootdir}/${name_fit}\0" \
"partitions=" PARTS_DEFAULT
/* Incorporate settings into the U-Boot environment */
#define CONFIG_EXTRA_ENV_SETTINGS \
DEFAULT_MMC_TI_ARGS \
+ DEFAULT_FIT_TI_ARGS \
EXTRA_ENV_AM65X_BOARD_SETTINGS \
EXTRA_ENV_AM65X_BOARD_SETTINGS_MMC
diff --git a/include/configs/ti_armv7_common.h
b/include/configs/ti_armv7_common.h
index 2058f8de0f..2de6bc2390 100644
--- a/include/configs/ti_armv7_common.h
+++ b/include/configs/ti_armv7_common.h
@@ -55,7 +55,13 @@
"addr_fit=0x9000\0" \
"name_fit=fitImage\0" \
"update_to_fit=setenv loadaddr ${addr_fit}; setenv bootfile
${name_fit}\0" \
- "loadfit=run args_mmc; bootm ${loadaddr}#${fdtfile};\0" \
+ "get_overlaystring=" \
+ "for overlay in $overlay_files;" \
+ "do;" \
+ "setenv overlaystring ${overlaystring}'#'${overlay};" \
+ "done;\0" \
+ "run_fit=bootm ${loadaddr}#${fdtfile}${overlaystring}\0" \
+ "loadfit=run args_mmc; run run_fit;\0" \
/*
* DDR information. If the CONFIG_NR_DRAM_BANKS is not defined,
--
2.17.1
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 3/3] configs: Rename environment variable fit_bootfile to name_fit
Like we did with 'fit_loadaddr' to 'addr_fit', the variable
'fit_bootfile' contains a name and so should be prefixed with
name_. Make this change here.
Signed-off-by: Andrew F. Davis
---
include/configs/ti_armv7_common.h| 4 ++--
include/configs/ti_armv7_keystone2.h | 13 +
2 files changed, 7 insertions(+), 10 deletions(-)
diff --git a/include/configs/ti_armv7_common.h
b/include/configs/ti_armv7_common.h
index ece329fc7d..2058f8de0f 100644
--- a/include/configs/ti_armv7_common.h
+++ b/include/configs/ti_armv7_common.h
@@ -53,8 +53,8 @@
#define DEFAULT_FIT_TI_ARGS \
"boot_fit=0\0" \
"addr_fit=0x9000\0" \
- "fit_bootfile=fitImage\0" \
- "update_to_fit=setenv loadaddr ${addr_fit}; setenv bootfile
${fit_bootfile}\0" \
+ "name_fit=fitImage\0" \
+ "update_to_fit=setenv loadaddr ${addr_fit}; setenv bootfile
${name_fit}\0" \
"loadfit=run args_mmc; bootm ${loadaddr}#${fdtfile};\0" \
/*
diff --git a/include/configs/ti_armv7_keystone2.h
b/include/configs/ti_armv7_keystone2.h
index 401dec4493..03753c5b52 100644
--- a/include/configs/ti_armv7_keystone2.h
+++ b/include/configs/ti_armv7_keystone2.h
@@ -240,12 +240,10 @@
"get_mon_net=dhcp ${addr_mon} ${tftp_root}/${name_mon}\0" \
"get_mon_nfs=nfs ${addr_mon} ${nfs_root}/boot/${name_mon}\0"\
"get_mon_ubi=ubifsload ${addr_mon} ${bootdir}/${name_mon}\0"\
- "get_fit_net=dhcp ${addr_fit} ${tftp_root}" \
- "/${fit_bootfile}\0"\
- "get_fit_nfs=nfs ${addr_fit} ${nfs_root}/boot/${fit_bootfile}\0"\
- "get_fit_ubi=ubifsload ${addr_fit} ${bootdir}/${fit_bootfile}\0"\
- "get_fit_mmc=load mmc ${bootpart} ${addr_fit} " \
- "${bootdir}/${fit_bootfile}\0" \
+ "get_fit_net=dhcp ${addr_fit} ${tftp_root}/${name_fit}\0" \
+ "get_fit_nfs=nfs ${addr_fit} ${nfs_root}/boot/${name_fit}\0"\
+ "get_fit_ubi=ubifsload ${addr_fit} ${bootdir}/${name_fit}\0"\
+ "get_fit_mmc=load mmc ${bootpart} ${addr_fit} ${bootdir}/${name_fit}\0"
\
"get_uboot_net=dhcp ${loadaddr} ${tftp_root}/${name_uboot}\0" \
"get_uboot_nfs=nfs ${loadaddr} ${nfs_root}/boot/${name_uboot}\0" \
"burn_uboot_spi=sf probe; sf erase 0 0x10; "\
@@ -261,8 +259,7 @@
"get_fdt_ramfs=dhcp ${fdtaddr} ${tftp_root}/${name_fdt}\0" \
"get_kern_ramfs=dhcp ${loadaddr} ${tftp_root}/${name_kern}\0" \
"get_mon_ramfs=dhcp ${addr_mon} ${tftp_root}/${name_mon}\0" \
- "get_fit_ramfs=dhcp ${addr_fit} ${tftp_root}" \
- "/${fit_bootfile}\0"\
+ "get_fit_ramfs=dhcp ${addr_fit} ${tftp_root}/${name_fit}\0" \
"get_fs_ramfs=dhcp ${rdaddr} ${tftp_root}/${name_fs}\0" \
"get_ubi_net=dhcp ${addr_ubi} ${tftp_root}/${name_ubi}\0" \
"get_ubi_nfs=nfs ${addr_ubi} ${nfs_root}/boot/${name_ubi}\0"\
--
2.17.1
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 2/3] configs: Rename environment variable fit_loadaddr to addr_fit
This is the first part of a larger effort I would like to propose to
unify and simplify the default set of environment variables.
When many early environment variables were named there were fewer images
being loaded, usually just a kernel. At this time names like 'loadaddr'
would suffice. Now we have more images and many more commands that act on
them, often re-using the same variable for several different uses. The
contents of a variable are also not immediately known causing one to have
to look up a chain of variables to understand what a command is actually
doing. I suggest the following.
To start, all variables containing names should be prefixed with name_
and addresses with addr_. This is like how K2 already does things and
allows for simple universal commands like:
get_fdt_nfs=nfs ${addr_fdt} /boot/${name_fdt}
Which is very clear on what is intended here and would work across all
board that using the this naming convention.
We can do this one variable at a time, start here with addr_fit.
Signed-off-by: Andrew F. Davis
---
include/configs/k2g_evm.h| 2 +-
include/configs/ti_armv7_common.h| 4 ++--
include/configs/ti_armv7_keystone2.h | 12 ++--
3 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/include/configs/k2g_evm.h b/include/configs/k2g_evm.h
index 3ec5a5acf5..b39e956def 100644
--- a/include/configs/k2g_evm.h
+++ b/include/configs/k2g_evm.h
@@ -69,7 +69,7 @@
"run run_mon_hs; " \
"run init_${boot}; "\
"run get_fit_${boot}; " \
- "bootm ${fit_loadaddr}#${name_fdt}"
+ "bootm ${addr_fit}#${name_fdt}"
#endif
/* NAND Configuration */
diff --git a/include/configs/ti_armv7_common.h
b/include/configs/ti_armv7_common.h
index 828fb1b2a5..ece329fc7d 100644
--- a/include/configs/ti_armv7_common.h
+++ b/include/configs/ti_armv7_common.h
@@ -52,9 +52,9 @@
#define DEFAULT_FIT_TI_ARGS \
"boot_fit=0\0" \
- "fit_loadaddr=0x9000\0" \
+ "addr_fit=0x9000\0" \
"fit_bootfile=fitImage\0" \
- "update_to_fit=setenv loadaddr ${fit_loadaddr}; setenv bootfile
${fit_bootfile}\0" \
+ "update_to_fit=setenv loadaddr ${addr_fit}; setenv bootfile
${fit_bootfile}\0" \
"loadfit=run args_mmc; bootm ${loadaddr}#${fdtfile};\0" \
/*
diff --git a/include/configs/ti_armv7_keystone2.h
b/include/configs/ti_armv7_keystone2.h
index b44b51bbd1..401dec4493 100644
--- a/include/configs/ti_armv7_keystone2.h
+++ b/include/configs/ti_armv7_keystone2.h
@@ -240,11 +240,11 @@
"get_mon_net=dhcp ${addr_mon} ${tftp_root}/${name_mon}\0" \
"get_mon_nfs=nfs ${addr_mon} ${nfs_root}/boot/${name_mon}\0"\
"get_mon_ubi=ubifsload ${addr_mon} ${bootdir}/${name_mon}\0"\
- "get_fit_net=dhcp ${fit_loadaddr} ${tftp_root}" \
+ "get_fit_net=dhcp ${addr_fit} ${tftp_root}" \
"/${fit_bootfile}\0"\
- "get_fit_nfs=nfs ${fit_loadaddr} ${nfs_root}/boot/${fit_bootfile}\0"\
- "get_fit_ubi=ubifsload ${fit_loadaddr} ${bootdir}/${fit_bootfile}\0"\
- "get_fit_mmc=load mmc ${bootpart} ${fit_loadaddr} " \
+ "get_fit_nfs=nfs ${addr_fit} ${nfs_root}/boot/${fit_bootfile}\0"\
+ "get_fit_ubi=ubifsload ${addr_fit} ${bootdir}/${fit_bootfile}\0"\
+ "get_fit_mmc=load mmc ${bootpart} ${addr_fit} " \
"${bootdir}/${fit_bootfile}\0" \
"get_uboot_net=dhcp ${loadaddr} ${tftp_root}/${name_uboot}\0" \
"get_uboot_nfs=nfs ${loadaddr} ${nfs_root}/boot/${name_uboot}\0" \
@@ -261,7 +261,7 @@
"get_fdt_ramfs=dhcp ${fdtaddr} ${tftp_root}/${name_fdt}\0" \
"get_kern_ramfs=dhcp ${loadaddr} ${tftp_root}/${name_kern}\0" \
"get_mon_ramfs=dhcp ${addr_mon} ${tftp_root}/${name_mon}\0" \
- "get_fit_ramfs=dhcp ${fit_loadaddr} ${tftp_root}" \
+ "get_fit_ramfs=dhcp ${addr_fit} ${tftp_root}" \
"/${fit_bootfile}\0"\
"get_fs_ramfs=dhcp ${rdaddr} ${tftp_root}/${name_fs}\0" \
"get_ubi_net=dhcp ${addr_ubi} ${tftp_root}/${name_ubi}\0" \
@@ -290,7 +290,7 @@
"run run_mon_hs; " \
"run init_${boot}; "\
"run get_fit_${boot}; " \
- "bootm ${fit_loadaddr}#${name_fdt}"
+ "bootm ${addr_fit}#${name_fdt}"
#endif
#endif
--
2.17.1
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 1/3] configs: Remove unneeded overlay_files environment variable
The variable 'name_overlays' serves the same purpose. Remove
'overlay_files' and use 'name_overlays' everywhere.
Signed-off-by: Andrew F. Davis
---
include/configs/am65x_evm.h | 5 ++---
include/configs/j721e_evm.h | 6 ++
2 files changed, 4 insertions(+), 7 deletions(-)
diff --git a/include/configs/am65x_evm.h b/include/configs/am65x_evm.h
index 1415bb1b15..6072e4a48c 100644
--- a/include/configs/am65x_evm.h
+++ b/include/configs/am65x_evm.h
@@ -66,8 +66,7 @@
#define EXTRA_ENV_AM65X_BOARD_SETTINGS \
"findfdt=" \
"setenv name_fdt k3-am654-base-board.dtb;" \
- "setenv fdtfile ${name_fdt};" \
- "setenv overlay_files ${name_overlays}\0" \
+ "setenv fdtfile ${name_fdt}\0" \
"loadaddr=0x8008\0" \
"fdtaddr=0x8200\0" \
"overlayaddr=0x8300\0" \
@@ -88,7 +87,7 @@
"get_overlay_mmc=" \
"fdt address ${fdtaddr};" \
"fdt resize 0x10;" \
- "for overlay in $overlay_files;"\
+ "for overlay in $name_overlays;"\
"do;" \
"load mmc ${bootpart} ${overlayaddr} ${bootdir}/${overlay};"
\
"fdt apply ${overlayaddr};" \
diff --git a/include/configs/j721e_evm.h b/include/configs/j721e_evm.h
index 5b35e22c85..f8d4d7bdf8 100644
--- a/include/configs/j721e_evm.h
+++ b/include/configs/j721e_evm.h
@@ -60,9 +60,7 @@
/* U-Boot general configuration */
#define EXTRA_ENV_J721E_BOARD_SETTINGS \
"default_device_tree=" CONFIG_DEFAULT_DEVICE_TREE ".dtb\0" \
- "findfdt=" \
- "setenv fdtfile ${default_device_tree};"\
- "setenv overlay_files ${name_overlays}\0" \
+ "findfdt=setenv fdtfile ${default_device_tree}\0" \
"loadaddr=0x8008\0" \
"fdtaddr=0x8200\0" \
"overlayaddr=0x8300\0" \
@@ -83,7 +81,7 @@
"get_overlay_mmc=" \
"fdt address ${fdtaddr};" \
"fdt resize 0x10;" \
- "for overlay in $overlay_files;"\
+ "for overlay in $name_overlays;"\
"do;" \
"load mmc ${bootpart} ${overlayaddr} ${bootdir}/${overlay} && "
\
"fdt apply ${overlayaddr};" \
--
2.17.1
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH v2] omap: Correct the fastboot product var
On 7/25/19 1:11 PM, Sam Protsenko wrote:
> "fastboot flashall" expects "fastboot getvar product" value to be one of
> values provided in android-info.txt file (in AOSP), from "require
> board=" list. Before this patch, "am57xx" is returned for all AM57xx
> based boards, as it's set in $board env var from SYS_BOARD in
> board/ti/am57xx/Kconfig file, which is used for default implementation
> of "fastboot getvar product".
>
> In order to fix that inconsistency, let's do next:
> 1. In U-Boot: override fastboot.product, reusing the value from
> $board_name
> 2. In AOSP: provide values for all AM57xx boards we can use to
> device/ti/beagle_x15/board-info.txt file
>
> This way requirements check in "fastboot flashall" will work as
> expected, verifying that user tries to flash images to the board which
> those images were built for.
>
> Signed-off-by: Sam Protsenko
> ---
Much cleaner like this, thanks,
Acked-by: Andrew F. Davis
> Changes in v2:
> - reuse the value from $board_name instead of hard-coding it to
> "beagle_x15board" (corresponding changes will be done in AOSP)
>
> arch/arm/mach-omap2/utils.c | 13 +
> 1 file changed, 13 insertions(+)
>
> diff --git a/arch/arm/mach-omap2/utils.c b/arch/arm/mach-omap2/utils.c
> index edf5edcb68..7d01446940 100644
> --- a/arch/arm/mach-omap2/utils.c
> +++ b/arch/arm/mach-omap2/utils.c
> @@ -129,12 +129,25 @@ static inline void omap_set_fastboot_userdata_size(void)
> {
> }
> #endif /* CONFIG_FASTBOOT_FLASH_MMC */
> +
> +static void omap_set_fastboot_product(void)
> +{
> + const char *board_name;
> +
> + board_name = env_get("board_name");
> + if (board_name == NULL)
> + printf("Warning: fastboot.product: unknown board\n");
> +
> + env_set("fastboot.product", board_name);
> +}
> +
> void omap_set_fastboot_vars(void)
> {
> omap_set_fastboot_cpu();
> omap_set_fastboot_secure();
> omap_set_fastboot_board_rev();
> omap_set_fastboot_userdata_size();
> + omap_set_fastboot_product();
> }
> #endif /* CONFIG_FASTBOOT_FLASH */
>
>
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH] board: ti: am57xx: Correct the fastboot product var
On 7/25/19 10:43 AM, Sam Protsenko wrote:
> On Thu, Jul 25, 2019 at 5:05 PM Andrew F. Davis wrote:
>>
>> On 7/25/19 9:22 AM, Sam Protsenko wrote:
>>> "fastboot flashall" expects "fastboot getvar product" to be
>>> "beagle_x15board". Instead, "am57xx" is returned, as it's set in $board
>>> env var from SYS_BOARD in board/ti/am57xx/Kconfig file.
>>>
>>> Override fastboot product variable and set it to correct value, to fix
>>> "fastboot flashall".
>>>
>>> Signed-off-by: Sam Protsenko
>>> ---
>>> board/ti/am57xx/board.c | 6 ++
>>> 1 file changed, 6 insertions(+)
>>>
>>> diff --git a/board/ti/am57xx/board.c b/board/ti/am57xx/board.c
>>> index 1a903f13a6..c8eac4edde 100644
>>> --- a/board/ti/am57xx/board.c
>>> +++ b/board/ti/am57xx/board.c
>>> @@ -685,6 +685,11 @@ static int device_okay(const char *path)
>>> }
>>> #endif
>>>
>>> +static void am57x_set_fastboot_vars(void)
>>> +{
>>> + env_set("fastboot.product", "beagle_x15board");
>>
>>
>> This doesn't seem right.. This is common source for all AM57x based
>> boards, the only thing we can return here is "am57xx". Either fastboot
>> needs some sort of conversion on its side, or we set the exact board
>> name the same way we do device-tree name detection.
>>
>
> The thing is, we have only beagle_x15 target in AOSP right now, which
> we use for all AM57xx based boards (as I understand). So "fastboot
> flashall" expects "getvar product" to be exactly that, otherwise it
> fails. We can check board_is_x15() to do what you're suggesting to do,
> but in that case we won't be able to use "fastboot flashall" e.g. for
> AM57xx EVM. How do you suggest to fix that case if we don't return
> "beagle_x15board"?
If we are a AM57x-EVM board then that is what U-Boot should return, if
we use "beagle_x15" as the name of the device for our Android product on
both AM57x-EVM and Beagle x15 then we need some conversion in our
Android fastboot to handle that.
>
> Anyway, do you know any other usages of "getvar product" than this
> use-case? As fastboot is Android protocol, I think we should make it
> work properly with Android first, and all custom down-stream usages
> should respect that.
>
BeagleBoard x15 is not the only AM57x based Android product, at least I
hope not. :) If we want to re-use one Android build for both boards we
should move that logic to our Android build, not hack that choice here
in U-boot. For all we know we may split those out and have a different
builds for each Beagle and EVM, then we would need to revert this.
Andrew
>> Andrew
>>
>>> +}
>>> +
>>> int board_late_init(void)
>>> {
>>> setup_board_eeprom_env();
>>> @@ -717,6 +722,7 @@ int board_late_init(void)
>>>
>>> omap_die_id_serial();
>>> omap_set_fastboot_vars();
>>> + am57x_set_fastboot_vars();
>>>
>>> am57x_idk_lcd_detect();
>>>
>>>
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH] board: ti: am57xx: Correct the fastboot product var
On 7/25/19 9:22 AM, Sam Protsenko wrote:
> "fastboot flashall" expects "fastboot getvar product" to be
> "beagle_x15board". Instead, "am57xx" is returned, as it's set in $board
> env var from SYS_BOARD in board/ti/am57xx/Kconfig file.
>
> Override fastboot product variable and set it to correct value, to fix
> "fastboot flashall".
>
> Signed-off-by: Sam Protsenko
> ---
> board/ti/am57xx/board.c | 6 ++
> 1 file changed, 6 insertions(+)
>
> diff --git a/board/ti/am57xx/board.c b/board/ti/am57xx/board.c
> index 1a903f13a6..c8eac4edde 100644
> --- a/board/ti/am57xx/board.c
> +++ b/board/ti/am57xx/board.c
> @@ -685,6 +685,11 @@ static int device_okay(const char *path)
> }
> #endif
>
> +static void am57x_set_fastboot_vars(void)
> +{
> + env_set("fastboot.product", "beagle_x15board");
This doesn't seem right.. This is common source for all AM57x based
boards, the only thing we can return here is "am57xx". Either fastboot
needs some sort of conversion on its side, or we set the exact board
name the same way we do device-tree name detection.
Andrew
> +}
> +
> int board_late_init(void)
> {
> setup_board_eeprom_env();
> @@ -717,6 +722,7 @@ int board_late_init(void)
>
> omap_die_id_serial();
> omap_set_fastboot_vars();
> + am57x_set_fastboot_vars();
>
> am57x_idk_lcd_detect();
>
>
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v2] arm: mach-keystone: Use appended original image size in image processing
When an image is signed/encrypted on K2 devices the image may get padded to meet alignment requirements for the signature/encryption type. The original size is appended as 4 bytes little-endian to the end of the final image. Normally the trailing extra bytes are ignored and so restoring the exact original size is not important. In the case of initrd the original size is important as the kernel uses it to look for additional filesystem data and can do the wrong thing when the size is not correct. Read off the original size and report it back from the image post processing stage. Signed-off-by: Andrew F. Davis --- Changes from v1: - Use get_unaligned_le32 - Fixup header/copyright while here arch/arm/mach-keystone/mon.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/arch/arm/mach-keystone/mon.c b/arch/arm/mach-keystone/mon.c index 51af028590..cc2ec88505 100644 --- a/arch/arm/mach-keystone/mon.c +++ b/arch/arm/mach-keystone/mon.c @@ -1,11 +1,11 @@ // SPDX-License-Identifier: GPL-2.0+ /* - * K2HK: secure kernel command file + * K2x: Secure commands file * - * (C) Copyright 2012-2014 - * Texas Instruments Incorporated, + * Copyright (C) 2012-2019 Texas Instruments Incorporated - http://www.ti.com/ */ +#include #include #include #include @@ -120,9 +120,9 @@ void board_fit_image_post_process(void **p_image, size_t *p_size) /* * Overwrite the image headers after authentication * and decryption. Update size to reflect removal -* of header. +* of header and restore original file size. */ - *p_size -= KS2_HS_SEC_HEADER_LEN; + *p_size = get_unaligned_le32(image + (*p_size - 4)); memcpy(image, image + KS2_HS_SEC_HEADER_LEN, *p_size); /* -- 2.17.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH] env: ti: boot: Use ttyS2 instead of ttyO2
On 7/16/19 9:15 AM, Sam Protsenko wrote: > Hi Andrew, > > On Mon, Jul 15, 2019 at 10:15 PM Andrew F. Davis wrote: >> >> On 7/12/19 1:38 PM, Sam Protsenko wrote: >>> ttyO2 console enables legacy CONFIG_SERIAL_OMAP driver in kernel. >>> Nowadays it's preferred to use the generic CONFIG_SERIAL_8250_OMAP >>> driver, which being enabled via ttyS2 console. Both drivers are enabled >>> in multi_v7_defconfig and in omap2plus_defconfig, for compatibility >>> reasons. Let's switch to ttyS2 console, to be sure that standard 8250 >>> serial driver is used. >>> >>> Similar behavior can be also achieved by enabling >>> CONFIG_SERIAL_8250_OMAP_TTYO_FIXUP option in kernel, but it's better not >>> to rely on that, as it can be disabled or removed after transitional >>> period. >>> >>> Right now on DRA7/AM57x platforms the 8250-omap driver is being probed >>> first, and omap-serial driver is only probed if the first one failed. >>> It can be seen from uart3 definition in arch/arm/boot/dts/dra7-l4.dtsi: >>> >>> compatible = "ti,dra742-uart", "ti,omap4-uart"; >>> >>> So the kernel already uses 8250 driver. This change basically allows >>> kernel developers to throw away the omap-serial driver and associated >>> compatibility options. Similar discussions [1,2] have started several >>> years ago, so it should be safe to do that now. >>> >>> [1] https://patchwork.kernel.org/patch/6198471/ >>> [2] >>> http://processors.wiki.ti.com/index.php/Sitara_Linux_UART_-_Switching_to_8250_Driver >>> >>> Signed-off-by: Sam Protsenko >>> --- >>> Changes in v2: >>> - use ttyS also in AM57x EVM and in DRA7xx EVM configs >>> >>> include/configs/am57xx_evm.h | 2 +- >>> include/configs/dra7xx_evm.h | 4 ++-- >>> include/environment/ti/boot.h | 2 +- >>> 3 files changed, 4 insertions(+), 4 deletions(-) >>> >>> diff --git a/include/configs/am57xx_evm.h b/include/configs/am57xx_evm.h >>> index 45fd21878c..e181b30564 100644 >>> --- a/include/configs/am57xx_evm.h >>> +++ b/include/configs/am57xx_evm.h >>> @@ -24,7 +24,7 @@ >>> >>> #define CONFIG_SYS_BOOTM_LEN SZ_64M >>> >>> -#define CONSOLEDEV "ttyO2" >>> +#define CONSOLEDEV "ttyS2" >>> #define CONFIG_SYS_NS16550_COM1 UART1_BASE /* Base EVM >>> has UART0 */ >>> #define CONFIG_SYS_NS16550_COM2 UART2_BASE /* UART2 */ >>> #define CONFIG_SYS_NS16550_COM3 UART3_BASE /* UART3 */ >>> diff --git a/include/configs/dra7xx_evm.h b/include/configs/dra7xx_evm.h >>> index 9c8141de2e..7ec6e691c7 100644 >>> --- a/include/configs/dra7xx_evm.h >>> +++ b/include/configs/dra7xx_evm.h >>> @@ -26,9 +26,9 @@ >>> #endif >>> >>> #if (CONFIG_CONS_INDEX == 1) >> >> This CONFIG_CONS_INDEX is not enabled for this platform, meaning the >> non-default console is chosen by default, it's not caused by this patch >> but while you are here could you fix that up? >> >> Just set: >> >> #define CONSOLEDEV "ttyS0" >> >> and drop all the #ifdef stuff, makes things a bit more clean. (and >> prevents a conflict with a patch I was going to send for the same) >> > > It's not that simple. Please look at commits [1,2]. Seems like that > #if selector you mentioned was implemented for a reason and serves the > purpose of using uart3, chosen via menuconfig, for UART boot mode. I > suggest we keep this patch as is, I really want it to be an atomical > change, as it's a big change as it is. If you still want to remove > that #if and only leave ttyS0, it can be done in the separate patch, > mentioning [1,2] and explaining, why do we want to get rid of UART > boot feature for DRA7. > > So if you are ok with my reasoning, please add your R-b tag here. A DRA7x EVM using UART2 doesn't exist, no reason to support it anymore than a AM57x with UART5 wired out. But it can be a separate patch, this patch as-is: Reviewed-by: Andrew F. Davis > > Thanks! > > [1] > https://gitlab.denx.de/u-boot/u-boot/commit/a13cbf5f208b59797d08199604f2701b6c3b9f64 > [2] > https://gitlab.denx.de/u-boot/u-boot/commit/cfd921f7cc8cb54320e2b2ac4dc9ec13fc4f96c3 > >> Andrew >> >>> -#define CONSOLEDEV "ttyO0" >>> +#define CONSOLEDEV "ttyS0" >>> #
Re: [U-Boot] [PATCH] env: ti: boot: Use ttyS2 instead of ttyO2
On 7/12/19 1:38 PM, Sam Protsenko wrote: > ttyO2 console enables legacy CONFIG_SERIAL_OMAP driver in kernel. > Nowadays it's preferred to use the generic CONFIG_SERIAL_8250_OMAP > driver, which being enabled via ttyS2 console. Both drivers are enabled > in multi_v7_defconfig and in omap2plus_defconfig, for compatibility > reasons. Let's switch to ttyS2 console, to be sure that standard 8250 > serial driver is used. > > Similar behavior can be also achieved by enabling > CONFIG_SERIAL_8250_OMAP_TTYO_FIXUP option in kernel, but it's better not > to rely on that, as it can be disabled or removed after transitional > period. > > Right now on DRA7/AM57x platforms the 8250-omap driver is being probed > first, and omap-serial driver is only probed if the first one failed. > It can be seen from uart3 definition in arch/arm/boot/dts/dra7-l4.dtsi: > > compatible = "ti,dra742-uart", "ti,omap4-uart"; > > So the kernel already uses 8250 driver. This change basically allows > kernel developers to throw away the omap-serial driver and associated > compatibility options. Similar discussions [1,2] have started several > years ago, so it should be safe to do that now. > > [1] https://patchwork.kernel.org/patch/6198471/ > [2] > http://processors.wiki.ti.com/index.php/Sitara_Linux_UART_-_Switching_to_8250_Driver > > Signed-off-by: Sam Protsenko > --- > Changes in v2: > - use ttyS also in AM57x EVM and in DRA7xx EVM configs > > include/configs/am57xx_evm.h | 2 +- > include/configs/dra7xx_evm.h | 4 ++-- > include/environment/ti/boot.h | 2 +- > 3 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/include/configs/am57xx_evm.h b/include/configs/am57xx_evm.h > index 45fd21878c..e181b30564 100644 > --- a/include/configs/am57xx_evm.h > +++ b/include/configs/am57xx_evm.h > @@ -24,7 +24,7 @@ > > #define CONFIG_SYS_BOOTM_LEN SZ_64M > > -#define CONSOLEDEV "ttyO2" > +#define CONSOLEDEV "ttyS2" > #define CONFIG_SYS_NS16550_COM1 UART1_BASE /* Base EVM has > UART0 */ > #define CONFIG_SYS_NS16550_COM2 UART2_BASE /* UART2 */ > #define CONFIG_SYS_NS16550_COM3 UART3_BASE /* UART3 */ > diff --git a/include/configs/dra7xx_evm.h b/include/configs/dra7xx_evm.h > index 9c8141de2e..7ec6e691c7 100644 > --- a/include/configs/dra7xx_evm.h > +++ b/include/configs/dra7xx_evm.h > @@ -26,9 +26,9 @@ > #endif > > #if (CONFIG_CONS_INDEX == 1) This CONFIG_CONS_INDEX is not enabled for this platform, meaning the non-default console is chosen by default, it's not caused by this patch but while you are here could you fix that up? Just set: #define CONSOLEDEV "ttyS0" and drop all the #ifdef stuff, makes things a bit more clean. (and prevents a conflict with a patch I was going to send for the same) Andrew > -#define CONSOLEDEV "ttyO0" > +#define CONSOLEDEV "ttyS0" > #elif (CONFIG_CONS_INDEX == 3) > -#define CONSOLEDEV "ttyO2" > +#define CONSOLEDEV "ttyS2" > #endif > #define CONFIG_SYS_NS16550_COM1 UART1_BASE /* Base EVM has > UART0 */ > #define CONFIG_SYS_NS16550_COM2 UART2_BASE /* UART2 */ > diff --git a/include/environment/ti/boot.h b/include/environment/ti/boot.h > index 01b2981c5b..22206b9467 100644 > --- a/include/environment/ti/boot.h > +++ b/include/environment/ti/boot.h > @@ -10,7 +10,7 @@ > #define __TI_BOOT_H > > #ifndef CONSOLEDEV > -#define CONSOLEDEV "ttyO2" > +#define CONSOLEDEV "ttyS2" > #endif > > #define VBMETA_PART_SIZE (64 * 1024) > ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH] arm: mach-keystone: Use appended original image size in image processing
When an image is signed/encrypted on K2 devices the image may get padded
to meet alignment requirements for the signature/encryption type. The
original size is appended as 4 bytes little-endian to the end of the
final image.
Normally the trailing extra bytes are ignored and so restoring the
exact original size is not important. In the case of initrd the
original size is important as the kernel uses it to look for
additional filesystem data and can do the wrong thing when the
size is not correct.
Read off the original size and report it back from the image post
processing stage.
Signed-off-by: Andrew F. Davis
---
arch/arm/mach-keystone/mon.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/arch/arm/mach-keystone/mon.c b/arch/arm/mach-keystone/mon.c
index 51af028590..b7ffe277c1 100644
--- a/arch/arm/mach-keystone/mon.c
+++ b/arch/arm/mach-keystone/mon.c
@@ -105,6 +105,7 @@ void board_fit_image_post_process(void **p_image, size_t
*p_size)
{
int result = 0;
void *image = *p_image;
+ uint8_t *size_image = image + (*p_size - 4);
if (strncmp(image + KS2_HS_SEC_TAG_OFFSET, "KEYS", 4)) {
printf("No signature found in image!\n");
@@ -120,9 +121,12 @@ void board_fit_image_post_process(void **p_image, size_t
*p_size)
/*
* Overwrite the image headers after authentication
* and decryption. Update size to reflect removal
-* of header.
+* of header and restore original file size.
*/
- *p_size -= KS2_HS_SEC_HEADER_LEN;
+ *p_size = *(size_image+0) << 0 |
+ *(size_image+1) << 8 |
+ *(size_image+2) << 16 |
+ *(size_image+3) << 24;
memcpy(image, image + KS2_HS_SEC_HEADER_LEN, *p_size);
/*
--
2.17.1
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH] fs: fat: Fix possible double free of fatbuf
fat_itr_root() allocates fatbuf so we free it on the exit path, if
the function fails we should not free it, check the return value
and skip freeing if the function fails.
Signed-off-by: Andrew F. Davis
---
fs/fat/fat.c | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/fs/fat/fat.c b/fs/fat/fat.c
index c5997c2173..06c8ed14bd 100644
--- a/fs/fat/fat.c
+++ b/fs/fat/fat.c
@@ -1134,11 +1134,12 @@ int fat_size(const char *filename, loff_t *size)
* expected to fail if passed a directory path:
*/
free(fsdata.fatbuf);
- fat_itr_root(itr, );
- if (!fat_itr_resolve(itr, filename, TYPE_DIR)) {
+ ret = fat_itr_root(itr, );
+ if (ret)
+ goto out_free_itr;
+ ret = fat_itr_resolve(itr, filename, TYPE_DIR);
+ if (!ret)
*size = 0;
- ret = 0;
- }
goto out_free_both;
}
--
2.17.1
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH 13/18] arm: K3: am654: Map common EEPROM data into SRAM scratch space
On 5/8/19 11:52 PM, Lokesh Vutla wrote: > > > On 09/05/19 3:07 AM, Andreas Dannenberg wrote: >> The board detection scheme employed on various TI EVMs makes use of >> SRAM scratch space to share data read from an on-board EEPROM between >> the different bootloading stages. Map the associated definition that's >> used to locate this data into the SRAM scratch space we use on AM654x. >> >> Signed-off-by: Andreas Dannenberg >> --- >> arch/arm/mach-k3/include/mach/am6_hardware.h | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/arch/arm/mach-k3/include/mach/am6_hardware.h >> b/arch/arm/mach-k3/include/mach/am6_hardware.h >> index 3343233aa3..6df7631545 100644 >> --- a/arch/arm/mach-k3/include/mach/am6_hardware.h >> +++ b/arch/arm/mach-k3/include/mach/am6_hardware.h >> @@ -44,4 +44,7 @@ >> #define CTRLMMR_LOCK_KICK1 0x0100c >> #define CTRLMMR_LOCK_KICK1_UNLOCK_VAL 0xd172bc5a >> >> +/* MCU SCRATCHPAD usage */ >> +#define TI_SRAM_SCRATCH_BOARD_EEPROM_START CONFIG_SYS_K3_MCU_SCRATCHPAD_BASE > > Won't HS devices fail while accessing this region? We should drop it > altogether. > HS devices cannot read this before SYSFW is loaded as by default it is left firewalled by ROM. This read happens after SYSFW loading so it does work currently, but no guarantee SYSFW will always remove this firewall by default, we may need a driver that does an explicit device get for this region to be sure it is powered and accessible (it is on a different reset domain, it may need special handling). I think we should avoid using this scratchpad for a couple other reasons. After R5 SPL has finished bootloading is handled by A53 cores, the R5 will be repurposed and other software will run on it, possibly wiping out the memory here. Anything we want to pass form R5 to A53 should use a non-R5-local memory, not this scratchpad. We need the same for passing the original boot media info also. A lot of pitfalls for just 512 bytes of RAM.. Andrew > Thanks and regards, > Lokesh > >> + >> #endif /* __ASM_ARCH_AM6_HARDWARE_H */ >> > ___ > U-Boot mailing list > U-Boot@lists.denx.de > https://lists.denx.de/listinfo/u-boot > ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH 07/18] configs: am65x_hs_evm_defconfig: Enable I2C support
On 5/8/19 5:37 PM, Andreas Dannenberg wrote: > Enable I2C via driver model as well as the associated set of U-Boot > commands to allow us interacting with various I2C slave devices. > > Signed-off-by: Andreas Dannenberg > --- > configs/am65x_hs_evm_a53_defconfig | 4 > configs/am65x_hs_evm_r5_defconfig | 4 Thanks for not forgetting HS :) For all the _hs defconfig changes in this series: Acked-by: Andrew F. Davis > 2 files changed, 8 insertions(+) > > diff --git a/configs/am65x_hs_evm_a53_defconfig > b/configs/am65x_hs_evm_a53_defconfig > index 7af0046ee3..cebfbb93d9 100644 > --- a/configs/am65x_hs_evm_a53_defconfig > +++ b/configs/am65x_hs_evm_a53_defconfig > @@ -33,6 +33,7 @@ CONFIG_SPL_REMOTEPROC=y > CONFIG_SPL_YMODEM_SUPPORT=y > CONFIG_CMD_ASKENV=y > # CONFIG_CMD_FLASH is not set > +CONFIG_CMD_I2C=y > CONFIG_CMD_MMC=y > CONFIG_CMD_REMOTEPROC=y > # CONFIG_CMD_SETEXPR is not set > @@ -56,6 +57,9 @@ CONFIG_CLK_TI_SCI=y > CONFIG_DMA_CHANNELS=y > CONFIG_TI_K3_NAVSS_UDMA=y > CONFIG_TI_SCI_PROTOCOL=y > +CONFIG_DM_I2C=y > +CONFIG_I2C_SET_DEFAULT_BUS_NUM=y > +CONFIG_SYS_I2C_OMAP24XX=y > CONFIG_DM_MAILBOX=y > CONFIG_K3_SEC_PROXY=y > CONFIG_DM_MMC=y > diff --git a/configs/am65x_hs_evm_r5_defconfig > b/configs/am65x_hs_evm_r5_defconfig > index 8d5d3590b2..6977cd72a6 100644 > --- a/configs/am65x_hs_evm_r5_defconfig > +++ b/configs/am65x_hs_evm_r5_defconfig > @@ -37,6 +37,7 @@ CONFIG_CMD_BOOTZ=y > CONFIG_CMD_ASKENV=y > # CONFIG_CMD_FLASH is not set > CONFIG_CMD_GPT=y > +CONFIG_CMD_I2C=y > CONFIG_CMD_MMC=y > CONFIG_CMD_REMOTEPROC=y > # CONFIG_CMD_SETEXPR is not set > @@ -60,6 +61,9 @@ CONFIG_CLK_TI_SCI=y > CONFIG_TI_SCI_PROTOCOL=y > CONFIG_DM_GPIO=y > CONFIG_DA8XX_GPIO=y > +CONFIG_DM_I2C=y > +CONFIG_I2C_SET_DEFAULT_BUS_NUM=y > +CONFIG_SYS_I2C_OMAP24XX=y > CONFIG_DM_MAILBOX=y > CONFIG_K3_SEC_PROXY=y > CONFIG_MISC=y > ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH] firmware: ti_sci: Always request response from firmware
TI-SCI firmware will only respond to messages when the
TI_SCI_FLAG_REQ_ACK_ON_PROCESSED flag is set. Most messages
already do this, set this for the ones that do not.
Signed-off-by: Andrew F. Davis
Tested-by: Alejandro Hernandez
---
drivers/firmware/ti_sci.c | 11 ++-
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/firmware/ti_sci.c b/drivers/firmware/ti_sci.c
index 1196ce0712..9139f9787f 100644
--- a/drivers/firmware/ti_sci.c
+++ b/drivers/firmware/ti_sci.c
@@ -257,7 +257,8 @@ static int ti_sci_cmd_get_revision(struct ti_sci_handle
*handle)
info = handle_to_ti_sci_info(handle);
- xfer = ti_sci_setup_one_xfer(info, TI_SCI_MSG_VERSION, 0x0,
+ xfer = ti_sci_setup_one_xfer(info, TI_SCI_MSG_VERSION,
+TI_SCI_FLAG_REQ_ACK_ON_PROCESSED,
(u32 *), sizeof(struct ti_sci_msg_hdr),
sizeof(*rev_info));
if (IS_ERR(xfer)) {
@@ -499,8 +500,8 @@ static int ti_sci_get_device_state(const struct
ti_sci_handle *handle,
info = handle_to_ti_sci_info(handle);
- /* Response is expected, so need of any flags */
- xfer = ti_sci_setup_one_xfer(info, TI_SCI_MSG_GET_DEVICE_STATE, 0,
+ xfer = ti_sci_setup_one_xfer(info, TI_SCI_MSG_GET_DEVICE_STATE,
+TI_SCI_FLAG_REQ_ACK_ON_PROCESSED,
(u32 *), sizeof(req), sizeof(*resp));
if (IS_ERR(xfer)) {
ret = PTR_ERR(xfer);
@@ -2574,8 +2575,8 @@ static int ti_sci_cmd_change_fwl_owner(const struct
ti_sci_handle *handle,
info = handle_to_ti_sci_info(handle);
- xfer = ti_sci_setup_one_xfer(info, TISCI_MSG_FWL_GET,
-TISCI_MSG_FWL_CHANGE_OWNER,
+ xfer = ti_sci_setup_one_xfer(info, TISCI_MSG_FWL_CHANGE_OWNER,
+TI_SCI_FLAG_REQ_ACK_ON_PROCESSED,
(u32 *), sizeof(req), sizeof(*resp));
if (IS_ERR(xfer)) {
ret = PTR_ERR(xfer);
--
2.21.0
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH v3 0/7] AM65x HS device support
On 4/12/19 12:54 PM, Andrew F. Davis wrote: > Hello all, > > This series brings up HS device support on the AM65x platform. Support > for HS on K3 family devices is a bit different than previous devices > but for the most part all that has been abstracted into the SECDEV > package, allowing for a rather straight forward implementation here. > > Thanks, > Andrew > > Changes from v2: > - Rebased on latest master Ping? > > Changes from v1: > - Commented on use of .data section > - Use ti_sci_msg_hdr header directly when possible > - Rebase and add Reviewed-bys > - Will add makefile cleanup later as it also affects >files unrelated to this series > > Andrew F. Davis (7): > arm: K3: Avoid use of MCU_PSRAM0 before SYSFW is loaded > firmware: ti_sci: Add support for firewall management > firmware: ti_sci: Modify auth_boot TI-SCI API to match new version > arm: mach-k3: Add secure device support > arm: mach-k3: Add secure device build support > configs: Add configs for AM65x High Security EVM > doc: Update info on using K3 secure devices > > MAINTAINERS | 4 + > arch/arm/Kconfig | 2 +- > arch/arm/mach-k3/Makefile| 1 + > arch/arm/mach-k3/am6_init.c | 13 +- > arch/arm/mach-k3/config.mk | 25 +++ > arch/arm/mach-k3/config_secure.mk| 44 > arch/arm/mach-k3/include/mach/am6_hardware.h | 3 - > arch/arm/mach-k3/security.c | 63 ++ > configs/am65x_hs_evm_a53_defconfig | 77 +++ > configs/am65x_hs_evm_r5_defconfig| 90 + > doc/README.ti-secure | 20 +- > drivers/firmware/ti_sci.c| 202 ++- > drivers/firmware/ti_sci.h| 130 +++- > include/linux/soc/ti/ti_sci_protocol.h | 68 ++- > tools/k3_fit_atf.sh | 8 +- > 15 files changed, 721 insertions(+), 29 deletions(-) > create mode 100644 arch/arm/mach-k3/config_secure.mk > create mode 100644 arch/arm/mach-k3/security.c > create mode 100644 configs/am65x_hs_evm_a53_defconfig > create mode 100644 configs/am65x_hs_evm_r5_defconfig > ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [U-Boot,v2,0/7] AM65x HS device support
On 4/12/19 12:27 PM, Tom Rini wrote: > On Thu, Feb 21, 2019 at 04:35:05PM -0600, Andrew F. Davis wrote: > >> Hello all, >> >> This series brings up HS device support on the AM65x platform. Support >> for HS on K3 family devices is a bit different than previous devices >> but for the most part all that has been abstracted into the SECDEV >> package, allowing for a rather straight forward implementation here. >> >> Thanks, >> Andrew >> >> Changes from v1: >> - Commented on use of .data section >> - Use ti_sci_msg_hdr header directly when possible >> - Rebase and add Reviewed-bys >> - Will add makefile cleanup later as it also affects >>files unrelated to this series >> >> Andrew F. Davis (7): >> arm: K3: Avoid use of MCU_PSRAM0 before SYSFW is loaded >> firmware: ti_sci: Add support for firewall management >> firmware: ti_sci: Modify auth_boot TI-SCI API to match new version >> arm: mach-k3: Add secure device support >> arm: mach-k3: Add secure device build support >> configs: Add a config for AM65x High Security EVM >> doc: Update info on using K3 secure devices > > Can you please rebase this on master and repost? Thanks! > Done and sent. Thanks, Andrew ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v3 6/7] configs: Add configs for AM65x High Security EVM
Add new defconfig files for the AM65x High Security EVM.
This defconfigs are the same as for the non-secure part, except for:
CONFIG_TI_SECURE_DEVICE option set to 'y'
CONFIG_FIT_IMAGE_POST_PROCESS option set to 'y'
CONFIG_SPL_FIT_IMAGE_POST_PROCESS option set to 'y'
Signed-off-by: Andrew F. Davis
Reviewed-by: Tom Rini
Reviewed-by: Andreas Dannenberg
---
MAINTAINERS| 2 +
configs/am65x_hs_evm_a53_defconfig | 77 +
configs/am65x_hs_evm_r5_defconfig | 90 ++
3 files changed, 169 insertions(+)
create mode 100644 configs/am65x_hs_evm_a53_defconfig
create mode 100644 configs/am65x_hs_evm_r5_defconfig
diff --git a/MAINTAINERS b/MAINTAINERS
index 69a6789c04..aae2838f5c 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -734,6 +734,8 @@ F: configs/k2hk_hs_evm_defconfig
F: configs/k2e_hs_evm_defconfig
F: configs/k2g_hs_evm_defconfig
F: configs/k2l_hs_evm_defconfig
+F: configs/am65x_hs_evm_r5_defconfig
+F: configs/am65x_hs_evm_a53_defconfig
TQ GROUP
#M:Martin Krause
diff --git a/configs/am65x_hs_evm_a53_defconfig
b/configs/am65x_hs_evm_a53_defconfig
new file mode 100644
index 00..dcafa458e0
--- /dev/null
+++ b/configs/am65x_hs_evm_a53_defconfig
@@ -0,0 +1,77 @@
+CONFIG_ARM=y
+CONFIG_ARCH_K3=y
+CONFIG_TI_SECURE_DEVICE=y
+CONFIG_SPL_LIBCOMMON_SUPPORT=y
+CONFIG_SPL_LIBGENERIC_SUPPORT=y
+CONFIG_SYS_MALLOC_F_LEN=0x2000
+CONFIG_SOC_K3_AM6=y
+CONFIG_TARGET_AM654_A53_EVM=y
+CONFIG_SPL_MMC_SUPPORT=y
+CONFIG_SPL_SERIAL_SUPPORT=y
+CONFIG_SPL_DRIVERS_MISC_SUPPORT=y
+CONFIG_SPL_STACK_R_ADDR=0x8200
+CONFIG_SPL_FS_FAT=y
+CONFIG_SPL_LIBDISK_SUPPORT=y
+CONFIG_DISTRO_DEFAULTS=y
+CONFIG_NR_DRAM_BANKS=2
+# CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set
+CONFIG_FIT_IMAGE_POST_PROCESS=y
+CONFIG_SPL_LOAD_FIT=y
+CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_BOOTCOMMAND="run findfdt; run envboot; run init_${boot}; run
get_kern_${boot}; run get_fdt_${boot}; run run_kern"
+# CONFIG_DISPLAY_CPUINFO is not set
+CONFIG_SPL_SYS_MALLOC_SIMPLE=y
+CONFIG_SPL_STACK_R=y
+CONFIG_SPL_SEPARATE_BSS=y
+CONFIG_SPL_I2C_SUPPORT=y
+CONFIG_SPL_DM_MAILBOX=y
+CONFIG_SPL_DM_RESET=y
+CONFIG_SPL_POWER_DOMAIN=y
+CONFIG_SPL_REMOTEPROC=y
+CONFIG_SPL_YMODEM_SUPPORT=y
+CONFIG_CMD_ASKENV=y
+# CONFIG_CMD_FLASH is not set
+CONFIG_CMD_MMC=y
+CONFIG_CMD_REMOTEPROC=y
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_TIME=y
+# CONFIG_ISO_PARTITION is not set
+# CONFIG_EFI_PARTITION is not set
+CONFIG_OF_CONTROL=y
+CONFIG_SPL_OF_CONTROL=y
+CONFIG_DEFAULT_DEVICE_TREE="k3-am654-base-board"
+CONFIG_SPL_MULTI_DTB_FIT=y
+CONFIG_SPL_MULTI_DTB_FIT_NO_COMPRESSION=y
+CONFIG_ENV_IS_IN_FAT=y
+CONFIG_ENV_FAT_INTERFACE="mmc"
+CONFIG_ENV_FAT_DEVICE_AND_PART="1:1"
+CONFIG_DM=y
+CONFIG_SPL_DM=y
+CONFIG_SPL_DM_SEQ_ALIAS=y
+CONFIG_CLK=y
+CONFIG_SPL_CLK=y
+CONFIG_CLK_TI_SCI=y
+CONFIG_DMA_CHANNELS=y
+CONFIG_TI_K3_NAVSS_UDMA=y
+CONFIG_TI_SCI_PROTOCOL=y
+CONFIG_DM_MAILBOX=y
+CONFIG_K3_SEC_PROXY=y
+CONFIG_DM_MMC=y
+CONFIG_MMC_SDHCI=y
+CONFIG_MMC_SDHCI_K3_ARASAN=y
+CONFIG_PINCTRL=y
+# CONFIG_PINCTRL_GENERIC is not set
+CONFIG_SPL_PINCTRL=y
+# CONFIG_SPL_PINCTRL_GENERIC is not set
+CONFIG_PINCTRL_SINGLE=y
+CONFIG_POWER_DOMAIN=y
+CONFIG_TI_SCI_POWER_DOMAIN=y
+CONFIG_K3_SYSTEM_CONTROLLER=y
+CONFIG_REMOTEPROC_K3=y
+CONFIG_DM_RESET=y
+CONFIG_RESET_TI_SCI=y
+CONFIG_DM_SERIAL=y
+CONFIG_SOC_TI=y
+CONFIG_SYSRESET=y
+CONFIG_SYSRESET_TI_SCI=y
diff --git a/configs/am65x_hs_evm_r5_defconfig
b/configs/am65x_hs_evm_r5_defconfig
new file mode 100644
index 00..1b9c138c03
--- /dev/null
+++ b/configs/am65x_hs_evm_r5_defconfig
@@ -0,0 +1,90 @@
+CONFIG_ARM=y
+CONFIG_ARCH_K3=y
+CONFIG_TI_SECURE_DEVICE=y
+CONFIG_SPL_GPIO_SUPPORT=y
+CONFIG_SPL_LIBCOMMON_SUPPORT=y
+CONFIG_SPL_LIBGENERIC_SUPPORT=y
+CONFIG_SYS_MALLOC_F_LEN=0x2000
+CONFIG_SOC_K3_AM6=y
+CONFIG_TARGET_AM654_R5_EVM=y
+CONFIG_SPL_MMC_SUPPORT=y
+CONFIG_SPL_SERIAL_SUPPORT=y
+CONFIG_SPL_DRIVERS_MISC_SUPPORT=y
+CONFIG_SPL_STACK_R_ADDR=0x8200
+CONFIG_SPL_FS_FAT=y
+CONFIG_SPL_LIBDISK_SUPPORT=y
+CONFIG_NR_DRAM_BANKS=2
+# CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set
+CONFIG_SPL_LOAD_FIT=y
+CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y
+CONFIG_USE_BOOTCOMMAND=y
+# CONFIG_DISPLAY_CPUINFO is not set
+CONFIG_SPL_SYS_MALLOC_SIMPLE=y
+CONFIG_SPL_STACK_R=y
+CONFIG_SPL_SEPARATE_BSS=y
+CONFIG_SPL_I2C_SUPPORT=y
+CONFIG_SPL_DM_MAILBOX=y
+CONFIG_SPL_DM_RESET=y
+CONFIG_SPL_POWER_SUPPORT=y
+CONFIG_SPL_POWER_DOMAIN=y
+CONFIG_SPL_RAM_SUPPORT=y
+CONFIG_SPL_RAM_DEVICE=y
+CONFIG_SPL_REMOTEPROC=y
+CONFIG_SPL_YMODEM_SUPPORT=y
+CONFIG_HUSH_PARSER=y
+CONFIG_CMD_BOOTZ=y
+CONFIG_CMD_ASKENV=y
+# CONFIG_CMD_FLASH is not set
+CONFIG_CMD_GPT=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_REMOTEPROC=y
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_TIME=y
+CONFIG_CMD_FAT=y
+CONFIG_OF_CONTROL=y
+CONFIG_SPL_OF_CONTROL=y
+CONFIG_DEFAULT_DEVICE_TREE="k3-am654-r5-base-board"
+CONFIG_SPL_MULTI_DTB_FIT=y
+CONFIG_SPL_MULT
[U-Boot] [PATCH v3 7/7] doc: Update info on using K3 secure devices
Signed-off-by: Andrew F. Davis Reviewed-by: Tom Rini Reviewed-by: Andreas Dannenberg --- doc/README.ti-secure | 20 +++- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/doc/README.ti-secure b/doc/README.ti-secure index 76950253ac..27c0eaa77f 100644 --- a/doc/README.ti-secure +++ b/doc/README.ti-secure @@ -138,7 +138,7 @@ Booting of U-Boot SPL Invoking the script for Keystone2 Secure Devices - = + create-boot-image.sh \ @@ -157,6 +157,18 @@ Booting of U-Boot SPL boot from all media. Secure boot from SPI NOR flash is not currently supported. + Invoking the script for K3 Secure Devices + = + + The signing steps required to produce a bootable SPL image on secure + K3 TI devices are the same as those performed on non-secure devices. + The only difference is the key is not checked on non-secure devices so + a dummy key is used when building U-Boot for those devices. For secure + K3 TI devices simply use the real hardware key for your device. This + real key can be set with the Kconfig option "K3_KEY". The environment + variable TI_SECURE_DEV_PKG is also searched for real keys when the + build targets secure devices. + Booting of Primary U-Boot (u-boot.img) == @@ -181,10 +193,8 @@ Booting of Primary U-Boot (u-boot.img) is enabled through the CONFIG_SPL_FIT_IMAGE_POST_PROCESS option which must be enabled for the secure boot scheme to work. In order to allow verifying proper operation of the secure boot chain in case of successful - authentication messages like "Authentication passed: CERT_U-BOOT-NOD" are - output by the SPL to the console for each blob that got extracted from the - FIT image. Note that the last part of this log message is the (truncated) - name of the signing certificate embedded into the blob that got processed. + authentication messages like "Authentication passed" are output by the + SPL to the console for each blob that got extracted from the FIT image. The exact details of the how the images are secured is handled by the SECDEV package. Within the SECDEV package exists a script to process -- 2.21.0 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v3 0/7] AM65x HS device support
Hello all, This series brings up HS device support on the AM65x platform. Support for HS on K3 family devices is a bit different than previous devices but for the most part all that has been abstracted into the SECDEV package, allowing for a rather straight forward implementation here. Thanks, Andrew Changes from v2: - Rebased on latest master Changes from v1: - Commented on use of .data section - Use ti_sci_msg_hdr header directly when possible - Rebase and add Reviewed-bys - Will add makefile cleanup later as it also affects files unrelated to this series Andrew F. Davis (7): arm: K3: Avoid use of MCU_PSRAM0 before SYSFW is loaded firmware: ti_sci: Add support for firewall management firmware: ti_sci: Modify auth_boot TI-SCI API to match new version arm: mach-k3: Add secure device support arm: mach-k3: Add secure device build support configs: Add configs for AM65x High Security EVM doc: Update info on using K3 secure devices MAINTAINERS | 4 + arch/arm/Kconfig | 2 +- arch/arm/mach-k3/Makefile| 1 + arch/arm/mach-k3/am6_init.c | 13 +- arch/arm/mach-k3/config.mk | 25 +++ arch/arm/mach-k3/config_secure.mk| 44 arch/arm/mach-k3/include/mach/am6_hardware.h | 3 - arch/arm/mach-k3/security.c | 63 ++ configs/am65x_hs_evm_a53_defconfig | 77 +++ configs/am65x_hs_evm_r5_defconfig| 90 + doc/README.ti-secure | 20 +- drivers/firmware/ti_sci.c| 202 ++- drivers/firmware/ti_sci.h| 130 +++- include/linux/soc/ti/ti_sci_protocol.h | 68 ++- tools/k3_fit_atf.sh | 8 +- 15 files changed, 721 insertions(+), 29 deletions(-) create mode 100644 arch/arm/mach-k3/config_secure.mk create mode 100644 arch/arm/mach-k3/security.c create mode 100644 configs/am65x_hs_evm_a53_defconfig create mode 100644 configs/am65x_hs_evm_r5_defconfig -- 2.21.0 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v3 2/7] firmware: ti_sci: Add support for firewall management
TI-SCI message protocol provides support for controlling the firewall
configurations available in SoC.
Introduce support for the set of TI-SCI message protocol APIs that
provide us with this capability of controlling firewalls.
Signed-off-by: Andrew F. Davis
Reviewed-by: Tom Rini
Reviewed-by: Andreas Dannenberg
---
drivers/firmware/ti_sci.c | 177 +
drivers/firmware/ti_sci.h | 121 +
include/linux/soc/ti/ti_sci_protocol.h | 64 +
3 files changed, 362 insertions(+)
diff --git a/drivers/firmware/ti_sci.c b/drivers/firmware/ti_sci.c
index d47d22fff3..44bbeb66c2 100644
--- a/drivers/firmware/ti_sci.c
+++ b/drivers/firmware/ti_sci.c
@@ -2428,6 +2428,178 @@ fail:
return ret;
}
+/**
+ * ti_sci_cmd_set_fwl_region() - Request for configuring a firewall region
+ * @handle:pointer to TI SCI handle
+ * @region:region configuration parameters
+ *
+ * Return: 0 if all went well, else returns appropriate error value.
+ */
+static int ti_sci_cmd_set_fwl_region(const struct ti_sci_handle *handle,
+const struct ti_sci_msg_fwl_region *region)
+{
+ struct ti_sci_msg_fwl_set_firewall_region_req req;
+ struct ti_sci_msg_hdr *resp;
+ struct ti_sci_info *info;
+ struct ti_sci_xfer *xfer;
+ int ret = 0;
+
+ if (IS_ERR(handle))
+ return PTR_ERR(handle);
+ if (!handle)
+ return -EINVAL;
+
+ info = handle_to_ti_sci_info(handle);
+
+ xfer = ti_sci_setup_one_xfer(info, TISCI_MSG_FWL_SET,
+TI_SCI_FLAG_REQ_ACK_ON_PROCESSED,
+(u32 *), sizeof(req), sizeof(*resp));
+ if (IS_ERR(xfer)) {
+ ret = PTR_ERR(xfer);
+ dev_err(info->dev, "Message alloc failed(%d)\n", ret);
+ return ret;
+ }
+
+ req.fwl_id = region->fwl_id;
+ req.region = region->region;
+ req.n_permission_regs = region->n_permission_regs;
+ req.control = region->control;
+ req.permissions[0] = region->permissions[0];
+ req.permissions[1] = region->permissions[1];
+ req.permissions[2] = region->permissions[2];
+ req.start_address = region->start_address;
+ req.end_address = region->end_address;
+
+ ret = ti_sci_do_xfer(info, xfer);
+ if (ret) {
+ dev_err(info->dev, "Mbox send fail %d\n", ret);
+ return ret;
+ }
+
+ resp = (struct ti_sci_msg_hdr *)xfer->tx_message.buf;
+
+ if (!ti_sci_is_response_ack(resp))
+ return -ENODEV;
+
+ return 0;
+}
+
+/**
+ * ti_sci_cmd_get_fwl_region() - Request for getting a firewall region
+ * @handle:pointer to TI SCI handle
+ * @region:region configuration parameters
+ *
+ * Return: 0 if all went well, else returns appropriate error value.
+ */
+static int ti_sci_cmd_get_fwl_region(const struct ti_sci_handle *handle,
+struct ti_sci_msg_fwl_region *region)
+{
+ struct ti_sci_msg_fwl_get_firewall_region_req req;
+ struct ti_sci_msg_fwl_get_firewall_region_resp *resp;
+ struct ti_sci_info *info;
+ struct ti_sci_xfer *xfer;
+ int ret = 0;
+
+ if (IS_ERR(handle))
+ return PTR_ERR(handle);
+ if (!handle)
+ return -EINVAL;
+
+ info = handle_to_ti_sci_info(handle);
+
+ xfer = ti_sci_setup_one_xfer(info, TISCI_MSG_FWL_GET,
+TI_SCI_FLAG_REQ_ACK_ON_PROCESSED,
+(u32 *), sizeof(req), sizeof(*resp));
+ if (IS_ERR(xfer)) {
+ ret = PTR_ERR(xfer);
+ dev_err(info->dev, "Message alloc failed(%d)\n", ret);
+ return ret;
+ }
+
+ req.fwl_id = region->fwl_id;
+ req.region = region->region;
+ req.n_permission_regs = region->n_permission_regs;
+
+ ret = ti_sci_do_xfer(info, xfer);
+ if (ret) {
+ dev_err(info->dev, "Mbox send fail %d\n", ret);
+ return ret;
+ }
+
+ resp = (struct ti_sci_msg_fwl_get_firewall_region_resp
*)xfer->tx_message.buf;
+
+ if (!ti_sci_is_response_ack(resp))
+ return -ENODEV;
+
+ region->fwl_id = resp->fwl_id;
+ region->region = resp->region;
+ region->n_permission_regs = resp->n_permission_regs;
+ region->control = resp->control;
+ region->permissions[0] = resp->permissions[0];
+ region->permissions[1] = resp->permissions[1];
+ region->permissions[2] = resp->permissions[2];
+ region->start_address = resp->start_address;
+ region->end_address = resp->end_address;
+
+ return 0;
+}
+
+/**
+ * ti_sci_cmd_change_fwl_owner() - Request for changin
[U-Boot] [PATCH v3 1/7] arm: K3: Avoid use of MCU_PSRAM0 before SYSFW is loaded
On HS devices the 512b region of reset isolated memory called
MCU_PSRAM0 is firewalled by default. Until SYSFW is loaded we
cannot use this memory. It is only used to store a single value
left at the end of SRAM by ROM that will be needed later. Save
that value to a global variable stored in the .data section.
This section is used as .bss will be cleared between saving
this value and using it.
Signed-off-by: Andrew F. Davis
Reviewed-by: Andreas Dannenberg
Reviewed-by: Lokesh Vutla
---
arch/arm/mach-k3/am6_init.c | 13 -
arch/arm/mach-k3/include/mach/am6_hardware.h | 3 ---
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/arch/arm/mach-k3/am6_init.c b/arch/arm/mach-k3/am6_init.c
index 77cd15f388..60a580305d 100644
--- a/arch/arm/mach-k3/am6_init.c
+++ b/arch/arm/mach-k3/am6_init.c
@@ -49,11 +49,16 @@ static void ctrl_mmr_unlock(void)
mmr_unlock(CTRL_MMR0_BASE, 7);
}
+/*
+ * This uninitialized global variable would normal end up in the .bss section,
+ * but the .bss is cleared between writing and reading this variable, so move
+ * it to the .data section.
+ */
+u32 bootindex __attribute__((section(".data")));
+
static void store_boot_index_from_rom(void)
{
- u32 *boot_index = (u32 *)K3_BOOT_PARAM_TABLE_INDEX_VAL;
-
- *boot_index = *(u32 *)(CONFIG_SYS_K3_BOOT_PARAM_TABLE_INDEX);
+ bootindex = *(u32 *)(CONFIG_SYS_K3_BOOT_PARAM_TABLE_INDEX);
}
void board_init_f(ulong dummy)
@@ -92,7 +97,6 @@ u32 spl_boot_mode(const u32 boot_device)
{
#if defined(CONFIG_SUPPORT_EMMC_BOOT)
u32 devstat = readl(CTRLMMR_MAIN_DEVSTAT);
- u32 bootindex = readl(K3_BOOT_PARAM_TABLE_INDEX_VAL);
u32 bootmode = (devstat & CTRLMMR_MAIN_DEVSTAT_BOOTMODE_MASK) >>
CTRLMMR_MAIN_DEVSTAT_BOOTMODE_SHIFT;
@@ -168,7 +172,6 @@ static u32 __get_primary_bootmedia(u32 devstat)
u32 spl_boot_device(void)
{
u32 devstat = readl(CTRLMMR_MAIN_DEVSTAT);
- u32 bootindex = readl(K3_BOOT_PARAM_TABLE_INDEX_VAL);
if (bootindex == K3_PRIMARY_BOOTMODE)
return __get_primary_bootmedia(devstat);
diff --git a/arch/arm/mach-k3/include/mach/am6_hardware.h
b/arch/arm/mach-k3/include/mach/am6_hardware.h
index b5244609af..3343233aa3 100644
--- a/arch/arm/mach-k3/include/mach/am6_hardware.h
+++ b/arch/arm/mach-k3/include/mach/am6_hardware.h
@@ -44,7 +44,4 @@
#define CTRLMMR_LOCK_KICK1 0x0100c
#define CTRLMMR_LOCK_KICK1_UNLOCK_VAL 0xd172bc5a
-/* MCU SCRATCHPAD usage */
-#define K3_BOOT_PARAM_TABLE_INDEX_VAL CONFIG_SYS_K3_MCU_SCRATCHPAD_BASE
-
#endif /* __ASM_ARCH_AM6_HARDWARE_H */
--
2.21.0
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v3 3/7] firmware: ti_sci: Modify auth_boot TI-SCI API to match new version
SYSFW version 2019.01 introduces a slightly modified version of this API,
add support for it here.
Signed-off-by: Andrew F. Davis
Reviewed-by: Tom Rini
Reviewed-by: Andreas Dannenberg
---
drivers/firmware/ti_sci.c | 25 -
drivers/firmware/ti_sci.h | 9 +++--
include/linux/soc/ti/ti_sci_protocol.h | 4 ++--
3 files changed, 25 insertions(+), 13 deletions(-)
diff --git a/drivers/firmware/ti_sci.c b/drivers/firmware/ti_sci.c
index 44bbeb66c2..1196ce0712 100644
--- a/drivers/firmware/ti_sci.c
+++ b/drivers/firmware/ti_sci.c
@@ -1915,16 +1915,19 @@ static int ti_sci_cmd_set_proc_boot_ctrl(const struct
ti_sci_handle *handle,
* ti_sci_cmd_proc_auth_boot_image() - Command to authenticate and load the
* image and then set the processor configuration flags.
* @handle:Pointer to TI SCI handle
- * @proc_id: Processor ID this request is for
- * @cert_addr: Memory address at which payload image certificate is located.
+ * @image_addr:Memory address at which payload image and certificate is
+ * located in memory, this is updated if the image data is
+ * moved during authentication.
+ * @image_size: This is updated with the final size of the image after
+ * authentication.
*
* Return: 0 if all went well, else returns appropriate error value.
*/
static int ti_sci_cmd_proc_auth_boot_image(const struct ti_sci_handle *handle,
- u8 proc_id, u64 cert_addr)
+ u64 *image_addr, u32 *image_size)
{
struct ti_sci_msg_req_proc_auth_boot_image req;
- struct ti_sci_msg_hdr *resp;
+ struct ti_sci_msg_resp_proc_auth_boot_image *resp;
struct ti_sci_info *info;
struct ti_sci_xfer *xfer;
int ret = 0;
@@ -1944,9 +1947,8 @@ static int ti_sci_cmd_proc_auth_boot_image(const struct
ti_sci_handle *handle,
dev_err(info->dev, "Message alloc failed(%d)\n", ret);
return ret;
}
- req.processor_id = proc_id;
- req.cert_addr_low = cert_addr & TISCI_ADDR_LOW_MASK;
- req.cert_addr_high = (cert_addr & TISCI_ADDR_HIGH_MASK) >>
+ req.cert_addr_low = *image_addr & TISCI_ADDR_LOW_MASK;
+ req.cert_addr_high = (*image_addr & TISCI_ADDR_HIGH_MASK) >>
TISCI_ADDR_HIGH_SHIFT;
ret = ti_sci_do_xfer(info, xfer);
@@ -1955,10 +1957,15 @@ static int ti_sci_cmd_proc_auth_boot_image(const struct
ti_sci_handle *handle,
return ret;
}
- resp = (struct ti_sci_msg_hdr *)xfer->tx_message.buf;
+ resp = (struct ti_sci_msg_resp_proc_auth_boot_image
*)xfer->tx_message.buf;
if (!ti_sci_is_response_ack(resp))
- ret = -ENODEV;
+ return -ENODEV;
+
+ *image_addr = (resp->image_addr_low & TISCI_ADDR_LOW_MASK) |
+ (((u64)resp->image_addr_high <<
+ TISCI_ADDR_HIGH_SHIFT) & TISCI_ADDR_HIGH_MASK);
+ *image_size = resp->image_size;
return ret;
}
diff --git a/drivers/firmware/ti_sci.h b/drivers/firmware/ti_sci.h
index 1b601ff01b..a484b1fa40 100644
--- a/drivers/firmware/ti_sci.h
+++ b/drivers/firmware/ti_sci.h
@@ -708,7 +708,6 @@ struct ti_sci_msg_req_set_proc_boot_ctrl {
/**
* struct ti_sci_msg_req_proc_auth_start_image - Authenticate and start image
* @hdr: Generic Header
- * @processor_id: ID of processor
* @cert_addr_low: Lower 32bit (Little Endian) of certificate
* @cert_addr_high:Higher 32bit (Little Endian) of certificate
*
@@ -717,11 +716,17 @@ struct ti_sci_msg_req_set_proc_boot_ctrl {
*/
struct ti_sci_msg_req_proc_auth_boot_image {
struct ti_sci_msg_hdr hdr;
- u8 processor_id;
u32 cert_addr_low;
u32 cert_addr_high;
} __packed;
+struct ti_sci_msg_resp_proc_auth_boot_image {
+ struct ti_sci_msg_hdr hdr;
+ u32 image_addr_low;
+ u32 image_addr_high;
+ u32 image_size;
+} __packed;
+
/**
* struct ti_sci_msg_req_get_proc_boot_status - Get processor boot status
* @hdr: Generic Header
diff --git a/include/linux/soc/ti/ti_sci_protocol.h
b/include/linux/soc/ti/ti_sci_protocol.h
index 895cb1b911..c57802f293 100644
--- a/include/linux/soc/ti/ti_sci_protocol.h
+++ b/include/linux/soc/ti/ti_sci_protocol.h
@@ -279,8 +279,8 @@ struct ti_sci_proc_ops {
u64 bv, u32 cfg_set, u32 cfg_clr);
int (*set_proc_boot_ctrl)(const struct ti_sci_handle *handle, u8 pid,
u32 ctrl_set, u32 ctrl_clr);
- int (*proc_auth_boot_image)(const struct ti_sci_handle *handle, u8 pid,
- u64 caddr);
+ int (*proc_auth_boot_image)(const struct ti_sci_handle *handle,
+ u64 *i
[U-Boot] [PATCH v3 5/7] arm: mach-k3: Add secure device build support
K3 HS devices require signed binaries for boot, use the SECDEV tools
to sign the boot artifacts during build.
Signed-off-by: Andrew F. Davis
Reviewed-by: Tom Rini
Reviewed-by: Andreas Dannenberg
---
MAINTAINERS | 1 +
arch/arm/mach-k3/config.mk| 25 ++
arch/arm/mach-k3/config_secure.mk | 44 +++
tools/k3_fit_atf.sh | 8 --
4 files changed, 76 insertions(+), 2 deletions(-)
create mode 100644 arch/arm/mach-k3/config_secure.mk
diff --git a/MAINTAINERS b/MAINTAINERS
index de1ea20930..69a6789c04 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -722,6 +722,7 @@ F: arch/arm/mach-omap2/omap5/sec_entry_cpu1.S
F: arch/arm/mach-omap2/sec-common.c
F: arch/arm/mach-omap2/config_secure.mk
F: arch/arm/mach-k3/security.c
+F: arch/arm/mach-k3/config_secure.mk
F: configs/am335x_hs_evm_defconfig
F: configs/am335x_hs_evm_uart_defconfig
F: configs/am43xx_hs_evm_defconfig
diff --git a/arch/arm/mach-k3/config.mk b/arch/arm/mach-k3/config.mk
index be00d79fb0..2d8f61f9db 100644
--- a/arch/arm/mach-k3/config.mk
+++ b/arch/arm/mach-k3/config.mk
@@ -36,6 +36,14 @@ cmd_gencert = cat $(srctree)/tools/k3_x509template.txt | sed
$(SED_OPTS) > u-boo
# If external key is not provided, generate key using openssl.
ifeq ($(CONFIG_SYS_K3_KEY), "")
KEY=u-boot-spl-eckey.pem
+# On HS use real key or warn if not available
+ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
+ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/keys/custMpk.pem),)
+KEY=$(TI_SECURE_DEV_PKG)/keys/custMpk.pem
+else
+$(warning "WARNING: signing key not found. Random key will NOT work on HS
hardware!")
+endif
+endif
else
KEY=$(patsubst "%",$(srctree)/%,$(CONFIG_SYS_K3_KEY))
endif
@@ -65,6 +73,15 @@ ALL-y+= tiboot3.bin
endif
ifdef CONFIG_ARM64
+ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
+SPL_ITS := u-boot-spl-k3_HS.its
+$(SPL_ITS): FORCE
+ IS_HS=1 \
+ $(srctree)/tools/k3_fit_atf.sh \
+ $(patsubst %,$(obj)/dts/%.dtb,$(subst ",,$(CONFIG_SPL_OF_LIST))) > $@
+
+ALL-y += tispl.bin_HS
+else
SPL_ITS := u-boot-spl-k3.its
$(SPL_ITS): FORCE
$(srctree)/tools/k3_fit_atf.sh \
@@ -72,7 +89,15 @@ $(SPL_ITS): FORCE
ALL-y += tispl.bin
endif
+endif
+
+else
+ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
+ALL-y += u-boot.img_HS
else
ALL-y += u-boot.img
endif
+endif
+
+include $(srctree)/arch/arm/mach-k3/config_secure.mk
diff --git a/arch/arm/mach-k3/config_secure.mk
b/arch/arm/mach-k3/config_secure.mk
new file mode 100644
index 00..6d63c57665
--- /dev/null
+++ b/arch/arm/mach-k3/config_secure.mk
@@ -0,0 +1,44 @@
+# SPDX-License-Identifier: GPL-2.0
+#
+# Copyright (C) 2018 Texas Instruments, Incorporated - http://www.ti.com/
+# Andrew F. Davis
+
+quiet_cmd_k3secureimg = SECURE $@
+ifneq ($(TI_SECURE_DEV_PKG),)
+ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh),)
+cmd_k3secureimg = $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \
+ $< $@ \
+ $(if $(KBUILD_VERBOSE:1=), >/dev/null)
+else
+cmd_k3secureimg = echo "WARNING:" \
+ "$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \
+ "$@ was NOT secured!"; cp $< $@
+endif
+else
+cmd_k3secureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \
+ "variable must be defined for TI secure devices." \
+ "$@ was NOT secured!"; cp $< $@
+endif
+
+%.dtb_HS: %.dtb FORCE
+ $(call if_changed,k3secureimg)
+
+$(obj)/u-boot-spl-nodtb.bin_HS: $(obj)/u-boot-spl-nodtb.bin FORCE
+ $(call if_changed,k3secureimg)
+
+tispl.bin_HS: $(obj)/u-boot-spl-nodtb.bin_HS $(patsubst
%,$(obj)/dts/%.dtb_HS,$(subst ",,$(CONFIG_SPL_OF_LIST))) $(SPL_ITS) FORCE
+ $(call if_changed,mkfitimage)
+
+MKIMAGEFLAGS_u-boot.img_HS = -f auto -A $(ARCH) -T firmware -C none -O u-boot \
+ -a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
+ -n "U-Boot $(UBOOTRELEASE) for $(BOARD) board" -E \
+ $(patsubst %,-b arch/$(ARCH)/dts/%.dtb_HS,$(subst ",,$(CONFIG_OF_LIST)))
+
+OF_LIST_TARGETS = $(patsubst %,arch/$(ARCH)/dts/%.dtb,$(subst
",,$(CONFIG_OF_LIST)))
+$(OF_LIST_TARGETS): dtbs
+
+u-boot-nodtb.bin_HS: u-boot-nodtb.bin FORCE
+ $(call if_changed,k3secureimg)
+
+u-boot.img_HS: u-boot-nodtb.bin_HS u-boot.img $(patsubst
%.dtb,%.dtb_HS,$(OF_LIST_TARGETS)) FORCE
+ $(call if_changed,mkimage)
diff --git a/tools/k3_fit_atf.sh b/tools/k3_fit_atf.sh
index 430b5ca616..4e9f69c087 100755
--- a/tools/k3_fit_atf.sh
+++ b/tools/k3_fit_atf.sh
@@ -21,6 +21,10 @@ if [ ! -f $TEE ]; then
TEE=/dev/null
fi
+if [ ! -z "$IS_HS" ]; then
+ HS_APPEND=_HS
+fi
+
cat << __HEADER_EOF
/dts-v1/;
@@ -51,7 +55,7 @@ cat << __HEADER_EOF
};
spl {
description = "SPL (64-bit)";
-
[U-Boot] [PATCH v3 4/7] arm: mach-k3: Add secure device support
K3 devices have High Security (HS) variants along with the non-HS already
supported. Like the previous generation devices (OMAP/Keystone2) K3
supports boot chain-of-trust by authenticating and optionally decrypting
images as they are unpacked from FIT images. Add support for this here.
Signed-off-by: Andrew F. Davis
Reviewed-by: Tom Rini
Reviewed-by: Andreas Dannenberg
---
MAINTAINERS | 1 +
arch/arm/Kconfig| 2 +-
arch/arm/mach-k3/Makefile | 1 +
arch/arm/mach-k3/security.c | 63 +
4 files changed, 66 insertions(+), 1 deletion(-)
create mode 100644 arch/arm/mach-k3/security.c
diff --git a/MAINTAINERS b/MAINTAINERS
index f9ee4281d9..de1ea20930 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -721,6 +721,7 @@ S: Supported
F: arch/arm/mach-omap2/omap5/sec_entry_cpu1.S
F: arch/arm/mach-omap2/sec-common.c
F: arch/arm/mach-omap2/config_secure.mk
+F: arch/arm/mach-k3/security.c
F: configs/am335x_hs_evm_defconfig
F: configs/am335x_hs_evm_uart_defconfig
F: configs/am43xx_hs_evm_defconfig
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 398dbef1cb..f89e590464 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -1456,7 +1456,7 @@ endchoice
config TI_SECURE_DEVICE
bool "HS Device Type Support"
- depends on ARCH_KEYSTONE || ARCH_OMAP2PLUS
+ depends on ARCH_KEYSTONE || ARCH_OMAP2PLUS || ARCH_K3
help
If a high secure (HS) device type is being used, this config
must be set. This option impacts various aspects of the
diff --git a/arch/arm/mach-k3/Makefile b/arch/arm/mach-k3/Makefile
index bd4ab361b2..0c3a4f7db1 100644
--- a/arch/arm/mach-k3/Makefile
+++ b/arch/arm/mach-k3/Makefile
@@ -6,4 +6,5 @@
obj-$(CONFIG_SOC_K3_AM6) += am6_init.o
obj-$(CONFIG_ARM64) += arm64-mmu.o
obj-$(CONFIG_CPU_V7R) += r5_mpu.o lowlevel_init.o
+obj-$(CONFIG_TI_SECURE_DEVICE) += security.o
obj-y += common.o
diff --git a/arch/arm/mach-k3/security.c b/arch/arm/mach-k3/security.c
new file mode 100644
index 00..52f49bf01f
--- /dev/null
+++ b/arch/arm/mach-k3/security.c
@@ -0,0 +1,63 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * K3: Security functions
+ *
+ * Copyright (C) 2018 Texas Instruments Incorporated - http://www.ti.com/
+ * Andrew F. Davis
+ */
+
+#include
+#include
+#include
+#include
+#include
+
+void board_fit_image_post_process(void **p_image, size_t *p_size)
+{
+ struct udevice *dev;
+ struct ti_sci_handle *ti_sci;
+ struct ti_sci_proc_ops *proc_ops;
+ u64 image_addr;
+ u32 image_size;
+ int ret;
+
+ /* Get handle to Device Management and Security Controller (SYSFW) */
+ ret = uclass_get_device_by_name(UCLASS_FIRMWARE, "dmsc", );
+ if (ret) {
+ printf("Failed to get handle to SYSFW (%d)\n", ret);
+ hang();
+ }
+ ti_sci = (struct ti_sci_handle *)(ti_sci_get_handle_from_sysfw(dev));
+ proc_ops = _sci->ops.proc_ops;
+
+ image_addr = (uintptr_t)*p_image;
+
+ debug("Authenticating image at address 0x%016llx\n", image_addr);
+
+ /* Authenticate image */
+ ret = proc_ops->proc_auth_boot_image(ti_sci, _addr, _size);
+ if (ret) {
+ printf("Authentication failed!\n");
+ hang();
+ }
+
+ /*
+* The image_size returned may be 0 when the authentication process has
+* moved the image. When this happens no further processing on the
+* image is needed or often even possible as it may have also been
+* placed behind a firewall when moved.
+*/
+ *p_size = image_size;
+
+ /*
+* Output notification of successful authentication to re-assure the
+* user that the secure code is being processed as expected. However
+* suppress any such log output in case of building for SPL and booting
+* via YMODEM. This is done to avoid disturbing the YMODEM serial
+* protocol transactions.
+*/
+ if (!(IS_ENABLED(CONFIG_SPL_BUILD) &&
+ IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) &&
+ spl_boot_device() == BOOT_DEVICE_UART))
+ printf("Authentication passed\n");
+}
--
2.21.0
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH v2 1/7] arm: K3: Avoid use of MCU_PSRAM0 before SYSFW is loaded
On 2/21/19 6:10 PM, Tom Rini wrote: > On Thu, Feb 21, 2019 at 04:35:06PM -0600, Andrew F. Davis wrote: > >> On HS devices the 512b region of reset isolated memory called >> MCU_PSRAM0 is firewalled by default. Until SYSFW is loaded we >> cannot use this memory. It is only used to store a single value >> left at the end of SRAM by ROM that will be needed later. Save >> that value to a global variable stored in the .data section. >> This section is used as .bss will be cleared between saving >> this value and using it. >> >> Signed-off-by: Andrew F. Davis >> Reviewed-by: Andreas Dannenberg >> Reviewed-by: Lokesh Vutla > > Reviewed-by: Tom Rini > Ping, these all still apply to latest master. Andrew ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH v3 06/13] mmc: sdhci: Add support for sdhci-caps-mask
On 2/12/19 2:58 AM, Faiz Abbas wrote:
> Add Support for masking some bits in the capabilities
> register of a host controller.
>
> Also remove the redundant readl() into caps1.
>
> Signed-off-by: Faiz Abbas
> Reviewed-by: Tom Rini
> ---
> drivers/mmc/sdhci.c | 15 ++-
> 1 file changed, 10 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/mmc/sdhci.c b/drivers/mmc/sdhci.c
> index cdeba914f9..c8a8a299ba 100644
> --- a/drivers/mmc/sdhci.c
> +++ b/drivers/mmc/sdhci.c
> @@ -8,6 +8,7 @@
> */
>
> #include
> +#include
> #include
> #include
> #include
> @@ -561,8 +562,15 @@ int sdhci_setup_cfg(struct mmc_config *cfg, struct
> sdhci_host *host,
> u32 f_max, u32 f_min)
> {
> u32 caps, caps_1 = 0;
> + u32 mask[2] = {0};
> + int ret;
> +
> + ret = dev_read_u32_array(host->mmc->dev, "sdhci-caps-mask",
> + mask, 2);
You can't do this, host->mmc is not setup at this point, you will get a
null pointer deref here. (On K3 dereferencing zero does not throw an
error so it masks this problem, other platforms (and HS K3) are not so
lucky)
Andrew
> + if (ret && ret != -1)
> + return ret;
>
> - caps = sdhci_readl(host, SDHCI_CAPABILITIES);
> + caps = ~mask[1] & sdhci_readl(host, SDHCI_CAPABILITIES);
>
> #ifdef CONFIG_MMC_SDHCI_SDMA
> if (!(caps & SDHCI_CAN_DO_SDMA)) {
> @@ -584,7 +592,7 @@ int sdhci_setup_cfg(struct mmc_config *cfg, struct
> sdhci_host *host,
>
> /* Check whether the clock multiplier is supported or not */
> if (SDHCI_GET_VERSION(host) >= SDHCI_SPEC_300) {
> - caps_1 = sdhci_readl(host, SDHCI_CAPABILITIES_1);
> + caps_1 = ~mask[0] & sdhci_readl(host, SDHCI_CAPABILITIES_1);
> host->clk_mul = (caps_1 & SDHCI_CLOCK_MUL_MASK) >>
> SDHCI_CLOCK_MUL_SHIFT;
> }
> @@ -641,9 +649,6 @@ int sdhci_setup_cfg(struct mmc_config *cfg, struct
> sdhci_host *host,
> cfg->host_caps &= ~MMC_MODE_HS_52MHz;
> }
>
> - if (SDHCI_GET_VERSION(host) >= SDHCI_SPEC_300)
> - caps_1 = sdhci_readl(host, SDHCI_CAPABILITIES_1);
> -
> if (!(cfg->voltages & MMC_VDD_165_195) ||
> (host->quirks & SDHCI_QUIRK_NO_1_8_V))
> caps_1 &= ~(SDHCI_SUPPORT_SDR104 | SDHCI_SUPPORT_SDR50 |
>
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH] configs: ti: Move FIT image load address to avoid overwrite
On 3/26/19 11:21 AM, Tom Rini wrote:
> On Tue, Mar 26, 2019 at 10:12:01AM -0500, Andrew F. Davis wrote:
>
>> The FIT image is loaded to 0x8700_ followed by extracting from that
>> several large images also into the 0x8x00_ range. Large images
>> can end up overwriting the FIT image as it is being extracted from.
>> Move the FIT load address clear out to 0x9000_, this will require
>> a board to have at least 256MB of DRAM, if less then more careful
>> planning will be required for that platform.
>>
>> Signed-off-by: Andrew F. Davis
>> ---
>> include/configs/ti_armv7_common.h | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/include/configs/ti_armv7_common.h
>> b/include/configs/ti_armv7_common.h
>> index 1e2a62dd6f..828fb1b2a5 100644
>> --- a/include/configs/ti_armv7_common.h
>> +++ b/include/configs/ti_armv7_common.h
>> @@ -52,7 +52,7 @@
>>
>> #define DEFAULT_FIT_TI_ARGS \
>> "boot_fit=0\0" \
>> -"fit_loadaddr=0x8700\0" \
>> +"fit_loadaddr=0x9000\0" \
>> "fit_bootfile=fitImage\0" \
>> "update_to_fit=setenv loadaddr ${fit_loadaddr}; setenv bootfile
>> ${fit_bootfile}\0" \
>> "loadfit=run args_mmc; bootm ${loadaddr}#${fdtfile};\0" \
>
> What are the large images that are being extracted and can we just use
> them in-place instead?
>
Currently a large ramdisk in the FIT image is causing problems. The FIT
image itself determines if it is in place or not, most FIT images just
move things to spots in the 0x8x00_ area where they would have been
loaded in the non-FIT boot case.
The other option is making the FIT creators always step around the FIT
image itself, which they can't know where it will be loaded. In the end
the guidance I think we want to follow is anything in 0x8x00_ is
safe as that is where historically all the images have been loaded, FIT
being new will stay out of that area and be loaded up in the 0x9x00_
range out of the way.
Outside of that I agree that in-place is the way to go to save copy time
and such, but it is not what we have right now in a lot of FIT images.
Andrew
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH] configs: ti: Move FIT image load address to avoid overwrite
The FIT image is loaded to 0x8700_ followed by extracting from that
several large images also into the 0x8x00_ range. Large images
can end up overwriting the FIT image as it is being extracted from.
Move the FIT load address clear out to 0x9000_, this will require
a board to have at least 256MB of DRAM, if less then more careful
planning will be required for that platform.
Signed-off-by: Andrew F. Davis
---
include/configs/ti_armv7_common.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/configs/ti_armv7_common.h
b/include/configs/ti_armv7_common.h
index 1e2a62dd6f..828fb1b2a5 100644
--- a/include/configs/ti_armv7_common.h
+++ b/include/configs/ti_armv7_common.h
@@ -52,7 +52,7 @@
#define DEFAULT_FIT_TI_ARGS \
"boot_fit=0\0" \
- "fit_loadaddr=0x8700\0" \
+ "fit_loadaddr=0x9000\0" \
"fit_bootfile=fitImage\0" \
"update_to_fit=setenv loadaddr ${fit_loadaddr}; setenv bootfile
${fit_bootfile}\0" \
"loadfit=run args_mmc; bootm ${loadaddr}#${fdtfile};\0" \
--
2.21.0
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH 00/11] Fix Ethernet boot in am335x
On 3/21/19 10:22 AM, Andrew F. Davis wrote: > On 3/18/19 3:24 AM, Faiz Abbas wrote: >> The following patches fix ethernet boot in am335x. >> >> Enabling OF_CONTROL in SPL makes it overflow the sram size. To avoid > > If you are overflowing SRAM on the non-HS devices you are even more > constrained on HS, you don't need an HS to test, just build for > am335x_hs_evm_defconfig and it should break build if you out of space. > Oh, and if build complains about not having SECDEV tools use this: https://github.com/glneo/dummy-secdev Andrew > Thanks, > Andrew > >> this, I am using static platdata in the am335x board file instead of >> the fdtdec_*() calls used in ofdata_to_platdata(). >> >> Patches 1-5 isolate the two operations of getting platform data (all of >> which should happen in _ofdata_to_platdata()) and initial configurations >> (all of which should happen in _probe()). >> >> Patch 6 makes sure the cpsw driver gets probed in SPL. >> Patch 7 adds static platdata to the am335 board file. >> Patches 8-10 makes changes in the config to make space for and enable >> ETH_SUPPORT in SPL. >> Patch 11 removes non-DM_ETH code from the am335x board file. >> >> Tested ethernet boot and tftp in am335x-evm. Regression tested on dra71x-evm. >> >> Faiz Abbas (11): >> net: Add priv_pdata to eth_pdata >> net: ti: cpsw: Move cpsw_phy_sel() to _probe() >> net: ti: cpsw: Convert cpsw_platform_data to a pointer in cpsw_priv >> net: ti: cpsw-common: Isolate getting syscon address from assigning >> macid >> net: ti: cpsw: Block off ofdata_to_platdata with OF_CONTROL >> net: ti: cpsw: Enable DM_FLAG_PRE_RELOC >> board: ti: am335x: Add platdata for cpsw in SPL >> configs: am335x_evm: Reduce size of SPL >> configs: am335x_evm: Add Support for SPL_ETH >> configs: am335x_evm: Update VCI String >> board: ti: am335x: Remove non DM_ETH code >> >> board/ti/am335x/board.c | 170 ++--- >> configs/am335x_evm_defconfig | 8 +- >> drivers/net/ti/cpsw-common.c | 127 ++ >> drivers/net/ti/cpsw.c| 202 --- >> include/cpsw.h | 25 - >> include/net.h| 2 + >> 6 files changed, 217 insertions(+), 317 deletions(-) >> > ___ > U-Boot mailing list > U-Boot@lists.denx.de > https://lists.denx.de/listinfo/u-boot > ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH 00/11] Fix Ethernet boot in am335x
On 3/18/19 3:24 AM, Faiz Abbas wrote: > The following patches fix ethernet boot in am335x. > > Enabling OF_CONTROL in SPL makes it overflow the sram size. To avoid If you are overflowing SRAM on the non-HS devices you are even more constrained on HS, you don't need an HS to test, just build for am335x_hs_evm_defconfig and it should break build if you out of space. Thanks, Andrew > this, I am using static platdata in the am335x board file instead of > the fdtdec_*() calls used in ofdata_to_platdata(). > > Patches 1-5 isolate the two operations of getting platform data (all of > which should happen in _ofdata_to_platdata()) and initial configurations > (all of which should happen in _probe()). > > Patch 6 makes sure the cpsw driver gets probed in SPL. > Patch 7 adds static platdata to the am335 board file. > Patches 8-10 makes changes in the config to make space for and enable > ETH_SUPPORT in SPL. > Patch 11 removes non-DM_ETH code from the am335x board file. > > Tested ethernet boot and tftp in am335x-evm. Regression tested on dra71x-evm. > > Faiz Abbas (11): > net: Add priv_pdata to eth_pdata > net: ti: cpsw: Move cpsw_phy_sel() to _probe() > net: ti: cpsw: Convert cpsw_platform_data to a pointer in cpsw_priv > net: ti: cpsw-common: Isolate getting syscon address from assigning > macid > net: ti: cpsw: Block off ofdata_to_platdata with OF_CONTROL > net: ti: cpsw: Enable DM_FLAG_PRE_RELOC > board: ti: am335x: Add platdata for cpsw in SPL > configs: am335x_evm: Reduce size of SPL > configs: am335x_evm: Add Support for SPL_ETH > configs: am335x_evm: Update VCI String > board: ti: am335x: Remove non DM_ETH code > > board/ti/am335x/board.c | 170 ++--- > configs/am335x_evm_defconfig | 8 +- > drivers/net/ti/cpsw-common.c | 127 ++ > drivers/net/ti/cpsw.c| 202 --- > include/cpsw.h | 25 - > include/net.h| 2 + > 6 files changed, 217 insertions(+), 317 deletions(-) > ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v2 5/7] arm: mach-k3: Add secure device build support
K3 HS devices require signed binaries for boot, use the SECDEV tools
to sign the boot artifacts during build.
Signed-off-by: Andrew F. Davis
Reviewed-by: Tom Rini
Reviewed-by: Andreas Dannenberg
---
MAINTAINERS | 1 +
arch/arm/mach-k3/config.mk| 25 ++
arch/arm/mach-k3/config_secure.mk | 44 +++
tools/k3_fit_atf.sh | 8 --
4 files changed, 76 insertions(+), 2 deletions(-)
create mode 100644 arch/arm/mach-k3/config_secure.mk
diff --git a/MAINTAINERS b/MAINTAINERS
index 5dd69562e0..bddfaf50c8 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -717,6 +717,7 @@ F: arch/arm/mach-omap2/omap5/sec_entry_cpu1.S
F: arch/arm/mach-omap2/sec-common.c
F: arch/arm/mach-omap2/config_secure.mk
F: arch/arm/mach-k3/security.c
+F: arch/arm/mach-k3/config_secure.mk
F: configs/am335x_hs_evm_defconfig
F: configs/am335x_hs_evm_uart_defconfig
F: configs/am43xx_hs_evm_defconfig
diff --git a/arch/arm/mach-k3/config.mk b/arch/arm/mach-k3/config.mk
index be00d79fb0..2d8f61f9db 100644
--- a/arch/arm/mach-k3/config.mk
+++ b/arch/arm/mach-k3/config.mk
@@ -36,6 +36,14 @@ cmd_gencert = cat $(srctree)/tools/k3_x509template.txt | sed
$(SED_OPTS) > u-boo
# If external key is not provided, generate key using openssl.
ifeq ($(CONFIG_SYS_K3_KEY), "")
KEY=u-boot-spl-eckey.pem
+# On HS use real key or warn if not available
+ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
+ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/keys/custMpk.pem),)
+KEY=$(TI_SECURE_DEV_PKG)/keys/custMpk.pem
+else
+$(warning "WARNING: signing key not found. Random key will NOT work on HS
hardware!")
+endif
+endif
else
KEY=$(patsubst "%",$(srctree)/%,$(CONFIG_SYS_K3_KEY))
endif
@@ -65,6 +73,15 @@ ALL-y+= tiboot3.bin
endif
ifdef CONFIG_ARM64
+ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
+SPL_ITS := u-boot-spl-k3_HS.its
+$(SPL_ITS): FORCE
+ IS_HS=1 \
+ $(srctree)/tools/k3_fit_atf.sh \
+ $(patsubst %,$(obj)/dts/%.dtb,$(subst ",,$(CONFIG_SPL_OF_LIST))) > $@
+
+ALL-y += tispl.bin_HS
+else
SPL_ITS := u-boot-spl-k3.its
$(SPL_ITS): FORCE
$(srctree)/tools/k3_fit_atf.sh \
@@ -72,7 +89,15 @@ $(SPL_ITS): FORCE
ALL-y += tispl.bin
endif
+endif
+
+else
+ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
+ALL-y += u-boot.img_HS
else
ALL-y += u-boot.img
endif
+endif
+
+include $(srctree)/arch/arm/mach-k3/config_secure.mk
diff --git a/arch/arm/mach-k3/config_secure.mk
b/arch/arm/mach-k3/config_secure.mk
new file mode 100644
index 00..6d63c57665
--- /dev/null
+++ b/arch/arm/mach-k3/config_secure.mk
@@ -0,0 +1,44 @@
+# SPDX-License-Identifier: GPL-2.0
+#
+# Copyright (C) 2018 Texas Instruments, Incorporated - http://www.ti.com/
+# Andrew F. Davis
+
+quiet_cmd_k3secureimg = SECURE $@
+ifneq ($(TI_SECURE_DEV_PKG),)
+ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh),)
+cmd_k3secureimg = $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \
+ $< $@ \
+ $(if $(KBUILD_VERBOSE:1=), >/dev/null)
+else
+cmd_k3secureimg = echo "WARNING:" \
+ "$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \
+ "$@ was NOT secured!"; cp $< $@
+endif
+else
+cmd_k3secureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \
+ "variable must be defined for TI secure devices." \
+ "$@ was NOT secured!"; cp $< $@
+endif
+
+%.dtb_HS: %.dtb FORCE
+ $(call if_changed,k3secureimg)
+
+$(obj)/u-boot-spl-nodtb.bin_HS: $(obj)/u-boot-spl-nodtb.bin FORCE
+ $(call if_changed,k3secureimg)
+
+tispl.bin_HS: $(obj)/u-boot-spl-nodtb.bin_HS $(patsubst
%,$(obj)/dts/%.dtb_HS,$(subst ",,$(CONFIG_SPL_OF_LIST))) $(SPL_ITS) FORCE
+ $(call if_changed,mkfitimage)
+
+MKIMAGEFLAGS_u-boot.img_HS = -f auto -A $(ARCH) -T firmware -C none -O u-boot \
+ -a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
+ -n "U-Boot $(UBOOTRELEASE) for $(BOARD) board" -E \
+ $(patsubst %,-b arch/$(ARCH)/dts/%.dtb_HS,$(subst ",,$(CONFIG_OF_LIST)))
+
+OF_LIST_TARGETS = $(patsubst %,arch/$(ARCH)/dts/%.dtb,$(subst
",,$(CONFIG_OF_LIST)))
+$(OF_LIST_TARGETS): dtbs
+
+u-boot-nodtb.bin_HS: u-boot-nodtb.bin FORCE
+ $(call if_changed,k3secureimg)
+
+u-boot.img_HS: u-boot-nodtb.bin_HS u-boot.img $(patsubst
%.dtb,%.dtb_HS,$(OF_LIST_TARGETS)) FORCE
+ $(call if_changed,mkimage)
diff --git a/tools/k3_fit_atf.sh b/tools/k3_fit_atf.sh
index 430b5ca616..4e9f69c087 100755
--- a/tools/k3_fit_atf.sh
+++ b/tools/k3_fit_atf.sh
@@ -21,6 +21,10 @@ if [ ! -f $TEE ]; then
TEE=/dev/null
fi
+if [ ! -z "$IS_HS" ]; then
+ HS_APPEND=_HS
+fi
+
cat << __HEADER_EOF
/dts-v1/;
@@ -51,7 +55,7 @@ cat << __HEADER_EOF
};
spl {
description = "SPL (64-bit)";
-
[U-Boot] [PATCH v2 6/7] configs: Add a config for AM65x High Security EVM
Add new defconfig files for the AM65x High Security EVM.
This defconfigs are the same as for the non-secure part, except for:
CONFIG_TI_SECURE_DEVICE option set to 'y'
CONFIG_FIT_IMAGE_POST_PROCESS option set to 'y'
CONFIG_SPL_FIT_IMAGE_POST_PROCESS option set to 'y'
Signed-off-by: Andrew F. Davis
Reviewed-by: Tom Rini
Reviewed-by: Andreas Dannenberg
---
MAINTAINERS| 2 +
configs/am65x_hs_evm_a53_defconfig | 74
configs/am65x_hs_evm_r5_defconfig | 90 ++
3 files changed, 166 insertions(+)
create mode 100644 configs/am65x_hs_evm_a53_defconfig
create mode 100644 configs/am65x_hs_evm_r5_defconfig
diff --git a/MAINTAINERS b/MAINTAINERS
index bddfaf50c8..4c0be61f28 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -729,6 +729,8 @@ F: configs/k2hk_hs_evm_defconfig
F: configs/k2e_hs_evm_defconfig
F: configs/k2g_hs_evm_defconfig
F: configs/k2l_hs_evm_defconfig
+F: configs/am65x_hs_evm_r5_defconfig
+F: configs/am65x_hs_evm_a53_defconfig
TQ GROUP
#M:Martin Krause
diff --git a/configs/am65x_hs_evm_a53_defconfig
b/configs/am65x_hs_evm_a53_defconfig
new file mode 100644
index 00..b9b5a921af
--- /dev/null
+++ b/configs/am65x_hs_evm_a53_defconfig
@@ -0,0 +1,74 @@
+CONFIG_ARM=y
+CONFIG_ARCH_K3=y
+CONFIG_TI_SECURE_DEVICE=y
+CONFIG_SPL_LIBCOMMON_SUPPORT=y
+CONFIG_SPL_LIBGENERIC_SUPPORT=y
+CONFIG_SYS_MALLOC_F_LEN=0x2000
+CONFIG_SOC_K3_AM6=y
+CONFIG_TARGET_AM654_A53_EVM=y
+CONFIG_SPL_MMC_SUPPORT=y
+CONFIG_SPL_SERIAL_SUPPORT=y
+CONFIG_SPL_DRIVERS_MISC_SUPPORT=y
+CONFIG_SPL_STACK_R_ADDR=0x8200
+CONFIG_SPL_FS_FAT=y
+CONFIG_SPL_LIBDISK_SUPPORT=y
+CONFIG_DISTRO_DEFAULTS=y
+CONFIG_NR_DRAM_BANKS=2
+# CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set
+CONFIG_FIT_IMAGE_POST_PROCESS=y
+CONFIG_SPL_LOAD_FIT=y
+CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y
+CONFIG_BOOTCOMMAND="run findfdt; run envboot; run init_${boot}; run
get_kern_${boot}; run get_fdt_${boot}; run run_kern"
+# CONFIG_DISPLAY_CPUINFO is not set
+CONFIG_SPL_SYS_MALLOC_SIMPLE=y
+CONFIG_SPL_STACK_R=y
+CONFIG_SPL_SEPARATE_BSS=y
+CONFIG_SPL_I2C_SUPPORT=y
+CONFIG_SPL_DM_MAILBOX=y
+CONFIG_SPL_DM_RESET=y
+CONFIG_SPL_POWER_DOMAIN=y
+CONFIG_SPL_REMOTEPROC=y
+CONFIG_SPL_YMODEM_SUPPORT=y
+CONFIG_CMD_ASKENV=y
+# CONFIG_CMD_FLASH is not set
+CONFIG_CMD_MMC=y
+CONFIG_CMD_REMOTEPROC=y
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_TIME=y
+# CONFIG_ISO_PARTITION is not set
+# CONFIG_EFI_PARTITION is not set
+CONFIG_OF_CONTROL=y
+CONFIG_SPL_OF_CONTROL=y
+CONFIG_DEFAULT_DEVICE_TREE="k3-am654-base-board"
+CONFIG_SPL_MULTI_DTB_FIT=y
+CONFIG_SPL_MULTI_DTB_FIT_NO_COMPRESSION=y
+CONFIG_ENV_IS_IN_FAT=y
+CONFIG_ENV_FAT_INTERFACE="mmc"
+CONFIG_ENV_FAT_DEVICE_AND_PART="1:1"
+CONFIG_DM=y
+CONFIG_SPL_DM=y
+CONFIG_SPL_DM_SEQ_ALIAS=y
+CONFIG_CLK=y
+CONFIG_SPL_CLK=y
+CONFIG_CLK_TI_SCI=y
+CONFIG_TI_SCI_PROTOCOL=y
+CONFIG_DM_MAILBOX=y
+CONFIG_K3_SEC_PROXY=y
+CONFIG_MISC=y
+CONFIG_DM_MMC=y
+CONFIG_MMC_SDHCI=y
+CONFIG_MMC_SDHCI_K3_ARASAN=y
+CONFIG_PINCTRL=y
+# CONFIG_PINCTRL_GENERIC is not set
+CONFIG_SPL_PINCTRL=y
+# CONFIG_SPL_PINCTRL_GENERIC is not set
+CONFIG_PINCTRL_SINGLE=y
+CONFIG_POWER_DOMAIN=y
+CONFIG_TI_SCI_POWER_DOMAIN=y
+CONFIG_K3_SYSTEM_CONTROLLER=y
+CONFIG_REMOTEPROC_K3=y
+CONFIG_DM_RESET=y
+CONFIG_RESET_TI_SCI=y
+CONFIG_DM_SERIAL=y
+CONFIG_SYSRESET=y
+CONFIG_SYSRESET_TI_SCI=y
diff --git a/configs/am65x_hs_evm_r5_defconfig
b/configs/am65x_hs_evm_r5_defconfig
new file mode 100644
index 00..1b9c138c03
--- /dev/null
+++ b/configs/am65x_hs_evm_r5_defconfig
@@ -0,0 +1,90 @@
+CONFIG_ARM=y
+CONFIG_ARCH_K3=y
+CONFIG_TI_SECURE_DEVICE=y
+CONFIG_SPL_GPIO_SUPPORT=y
+CONFIG_SPL_LIBCOMMON_SUPPORT=y
+CONFIG_SPL_LIBGENERIC_SUPPORT=y
+CONFIG_SYS_MALLOC_F_LEN=0x2000
+CONFIG_SOC_K3_AM6=y
+CONFIG_TARGET_AM654_R5_EVM=y
+CONFIG_SPL_MMC_SUPPORT=y
+CONFIG_SPL_SERIAL_SUPPORT=y
+CONFIG_SPL_DRIVERS_MISC_SUPPORT=y
+CONFIG_SPL_STACK_R_ADDR=0x8200
+CONFIG_SPL_FS_FAT=y
+CONFIG_SPL_LIBDISK_SUPPORT=y
+CONFIG_NR_DRAM_BANKS=2
+# CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set
+CONFIG_SPL_LOAD_FIT=y
+CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y
+CONFIG_USE_BOOTCOMMAND=y
+# CONFIG_DISPLAY_CPUINFO is not set
+CONFIG_SPL_SYS_MALLOC_SIMPLE=y
+CONFIG_SPL_STACK_R=y
+CONFIG_SPL_SEPARATE_BSS=y
+CONFIG_SPL_I2C_SUPPORT=y
+CONFIG_SPL_DM_MAILBOX=y
+CONFIG_SPL_DM_RESET=y
+CONFIG_SPL_POWER_SUPPORT=y
+CONFIG_SPL_POWER_DOMAIN=y
+CONFIG_SPL_RAM_SUPPORT=y
+CONFIG_SPL_RAM_DEVICE=y
+CONFIG_SPL_REMOTEPROC=y
+CONFIG_SPL_YMODEM_SUPPORT=y
+CONFIG_HUSH_PARSER=y
+CONFIG_CMD_BOOTZ=y
+CONFIG_CMD_ASKENV=y
+# CONFIG_CMD_FLASH is not set
+CONFIG_CMD_GPT=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_REMOTEPROC=y
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_TIME=y
+CONFIG_CMD_FAT=y
+CONFIG_OF_CONTROL=y
+CONFIG_SPL_OF_CONTROL=y
+CONFIG_DEFAULT_DEVICE_TREE="k3-am654-r5-base-board"
+CONFIG_SPL_MULTI_DTB_FIT=y
+CONFIG_SPL_MULTI_DTB_FIT_NO_COMPRESSION=y
+CONFIG_ENV_IS_IN_FAT=y
+CONFIG_ENV_FAT_INTERFACE="
[U-Boot] [PATCH v2 7/7] doc: Update info on using K3 secure devices
Signed-off-by: Andrew F. Davis Reviewed-by: Tom Rini Reviewed-by: Andreas Dannenberg --- doc/README.ti-secure | 20 +++- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/doc/README.ti-secure b/doc/README.ti-secure index 76950253ac..27c0eaa77f 100644 --- a/doc/README.ti-secure +++ b/doc/README.ti-secure @@ -138,7 +138,7 @@ Booting of U-Boot SPL Invoking the script for Keystone2 Secure Devices - = + create-boot-image.sh \ @@ -157,6 +157,18 @@ Booting of U-Boot SPL boot from all media. Secure boot from SPI NOR flash is not currently supported. + Invoking the script for K3 Secure Devices + = + + The signing steps required to produce a bootable SPL image on secure + K3 TI devices are the same as those performed on non-secure devices. + The only difference is the key is not checked on non-secure devices so + a dummy key is used when building U-Boot for those devices. For secure + K3 TI devices simply use the real hardware key for your device. This + real key can be set with the Kconfig option "K3_KEY". The environment + variable TI_SECURE_DEV_PKG is also searched for real keys when the + build targets secure devices. + Booting of Primary U-Boot (u-boot.img) == @@ -181,10 +193,8 @@ Booting of Primary U-Boot (u-boot.img) is enabled through the CONFIG_SPL_FIT_IMAGE_POST_PROCESS option which must be enabled for the secure boot scheme to work. In order to allow verifying proper operation of the secure boot chain in case of successful - authentication messages like "Authentication passed: CERT_U-BOOT-NOD" are - output by the SPL to the console for each blob that got extracted from the - FIT image. Note that the last part of this log message is the (truncated) - name of the signing certificate embedded into the blob that got processed. + authentication messages like "Authentication passed" are output by the + SPL to the console for each blob that got extracted from the FIT image. The exact details of the how the images are secured is handled by the SECDEV package. Within the SECDEV package exists a script to process -- 2.19.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v2 3/7] firmware: ti_sci: Modify auth_boot TI-SCI API to match new version
SYSFW version 2019.01 introduces a slightly modified version of this API,
add support for it here.
Signed-off-by: Andrew F. Davis
Reviewed-by: Tom Rini
Reviewed-by: Andreas Dannenberg
---
drivers/firmware/ti_sci.c | 25 -
drivers/firmware/ti_sci.h | 9 +++--
include/linux/soc/ti/ti_sci_protocol.h | 4 ++--
3 files changed, 25 insertions(+), 13 deletions(-)
diff --git a/drivers/firmware/ti_sci.c b/drivers/firmware/ti_sci.c
index 534a1e6497..406b2306a9 100644
--- a/drivers/firmware/ti_sci.c
+++ b/drivers/firmware/ti_sci.c
@@ -1700,16 +1700,19 @@ static int ti_sci_cmd_set_proc_boot_ctrl(const struct
ti_sci_handle *handle,
* ti_sci_cmd_proc_auth_boot_image() - Command to authenticate and load the
* image and then set the processor configuration flags.
* @handle:Pointer to TI SCI handle
- * @proc_id: Processor ID this request is for
- * @cert_addr: Memory address at which payload image certificate is located.
+ * @image_addr:Memory address at which payload image and certificate is
+ * located in memory, this is updated if the image data is
+ * moved during authentication.
+ * @image_size: This is updated with the final size of the image after
+ * authentication.
*
* Return: 0 if all went well, else returns appropriate error value.
*/
static int ti_sci_cmd_proc_auth_boot_image(const struct ti_sci_handle *handle,
- u8 proc_id, u64 cert_addr)
+ u64 *image_addr, u32 *image_size)
{
struct ti_sci_msg_req_proc_auth_boot_image req;
- struct ti_sci_msg_hdr *resp;
+ struct ti_sci_msg_resp_proc_auth_boot_image *resp;
struct ti_sci_info *info;
struct ti_sci_xfer *xfer;
int ret = 0;
@@ -1729,9 +1732,8 @@ static int ti_sci_cmd_proc_auth_boot_image(const struct
ti_sci_handle *handle,
dev_err(info->dev, "Message alloc failed(%d)\n", ret);
return ret;
}
- req.processor_id = proc_id;
- req.cert_addr_low = cert_addr & TISCI_ADDR_LOW_MASK;
- req.cert_addr_high = (cert_addr & TISCI_ADDR_HIGH_MASK) >>
+ req.cert_addr_low = *image_addr & TISCI_ADDR_LOW_MASK;
+ req.cert_addr_high = (*image_addr & TISCI_ADDR_HIGH_MASK) >>
TISCI_ADDR_HIGH_SHIFT;
ret = ti_sci_do_xfer(info, xfer);
@@ -1740,10 +1742,15 @@ static int ti_sci_cmd_proc_auth_boot_image(const struct
ti_sci_handle *handle,
return ret;
}
- resp = (struct ti_sci_msg_hdr *)xfer->tx_message.buf;
+ resp = (struct ti_sci_msg_resp_proc_auth_boot_image
*)xfer->tx_message.buf;
if (!ti_sci_is_response_ack(resp))
- ret = -ENODEV;
+ return -ENODEV;
+
+ *image_addr = (resp->image_addr_low & TISCI_ADDR_LOW_MASK) |
+ (((u64)resp->image_addr_high <<
+ TISCI_ADDR_HIGH_SHIFT) & TISCI_ADDR_HIGH_MASK);
+ *image_size = resp->image_size;
return ret;
}
diff --git a/drivers/firmware/ti_sci.h b/drivers/firmware/ti_sci.h
index 3b1f637f04..24b97d5f2c 100644
--- a/drivers/firmware/ti_sci.h
+++ b/drivers/firmware/ti_sci.h
@@ -622,7 +622,6 @@ struct ti_sci_msg_req_set_proc_boot_ctrl {
/**
* struct ti_sci_msg_req_proc_auth_start_image - Authenticate and start image
* @hdr: Generic Header
- * @processor_id: ID of processor
* @cert_addr_low: Lower 32bit (Little Endian) of certificate
* @cert_addr_high:Higher 32bit (Little Endian) of certificate
*
@@ -631,11 +630,17 @@ struct ti_sci_msg_req_set_proc_boot_ctrl {
*/
struct ti_sci_msg_req_proc_auth_boot_image {
struct ti_sci_msg_hdr hdr;
- u8 processor_id;
u32 cert_addr_low;
u32 cert_addr_high;
} __packed;
+struct ti_sci_msg_resp_proc_auth_boot_image {
+ struct ti_sci_msg_hdr hdr;
+ u32 image_addr_low;
+ u32 image_addr_high;
+ u32 image_size;
+} __packed;
+
/**
* struct ti_sci_msg_req_get_proc_boot_status - Get processor boot status
* @hdr: Generic Header
diff --git a/include/linux/soc/ti/ti_sci_protocol.h
b/include/linux/soc/ti/ti_sci_protocol.h
index f3c5b72860..c3bfa57253 100644
--- a/include/linux/soc/ti/ti_sci_protocol.h
+++ b/include/linux/soc/ti/ti_sci_protocol.h
@@ -250,8 +250,8 @@ struct ti_sci_proc_ops {
u64 bv, u32 cfg_set, u32 cfg_clr);
int (*set_proc_boot_ctrl)(const struct ti_sci_handle *handle, u8 pid,
u32 ctrl_set, u32 ctrl_clr);
- int (*proc_auth_boot_image)(const struct ti_sci_handle *handle, u8 pid,
- u64 caddr);
+ int (*proc_auth_boot_image)(const struct ti_sci_handle *handle,
+ u64 *i
[U-Boot] [PATCH v2 1/7] arm: K3: Avoid use of MCU_PSRAM0 before SYSFW is loaded
On HS devices the 512b region of reset isolated memory called
MCU_PSRAM0 is firewalled by default. Until SYSFW is loaded we
cannot use this memory. It is only used to store a single value
left at the end of SRAM by ROM that will be needed later. Save
that value to a global variable stored in the .data section.
This section is used as .bss will be cleared between saving
this value and using it.
Signed-off-by: Andrew F. Davis
Reviewed-by: Andreas Dannenberg
Reviewed-by: Lokesh Vutla
---
arch/arm/mach-k3/am6_init.c | 13 -
arch/arm/mach-k3/include/mach/am6_hardware.h | 3 ---
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/arch/arm/mach-k3/am6_init.c b/arch/arm/mach-k3/am6_init.c
index a5553190b4..2301061848 100644
--- a/arch/arm/mach-k3/am6_init.c
+++ b/arch/arm/mach-k3/am6_init.c
@@ -49,11 +49,16 @@ static void ctrl_mmr_unlock(void)
mmr_unlock(CTRL_MMR0_BASE, 7);
}
+/*
+ * This uninitialized global variable would normal end up in the .bss section,
+ * but the .bss is cleared between writing and reading this variable, so move
+ * it to the .data section.
+ */
+u32 bootindex __attribute__((section(".data")));
+
static void store_boot_index_from_rom(void)
{
- u32 *boot_index = (u32 *)K3_BOOT_PARAM_TABLE_INDEX_VAL;
-
- *boot_index = *(u32 *)(CONFIG_SYS_K3_BOOT_PARAM_TABLE_INDEX);
+ bootindex = *(u32 *)(CONFIG_SYS_K3_BOOT_PARAM_TABLE_INDEX);
}
void board_init_f(ulong dummy)
@@ -94,7 +99,6 @@ u32 spl_boot_mode(const u32 boot_device)
{
#if defined(CONFIG_SUPPORT_EMMC_BOOT)
u32 devstat = readl(CTRLMMR_MAIN_DEVSTAT);
- u32 bootindex = readl(K3_BOOT_PARAM_TABLE_INDEX_VAL);
u32 bootmode = (devstat & CTRLMMR_MAIN_DEVSTAT_BOOTMODE_MASK) >>
CTRLMMR_MAIN_DEVSTAT_BOOTMODE_SHIFT;
@@ -170,7 +174,6 @@ static u32 __get_primary_bootmedia(u32 devstat)
u32 spl_boot_device(void)
{
u32 devstat = readl(CTRLMMR_MAIN_DEVSTAT);
- u32 bootindex = readl(K3_BOOT_PARAM_TABLE_INDEX_VAL);
if (bootindex == K3_PRIMARY_BOOTMODE)
return __get_primary_bootmedia(devstat);
diff --git a/arch/arm/mach-k3/include/mach/am6_hardware.h
b/arch/arm/mach-k3/include/mach/am6_hardware.h
index b5244609af..3343233aa3 100644
--- a/arch/arm/mach-k3/include/mach/am6_hardware.h
+++ b/arch/arm/mach-k3/include/mach/am6_hardware.h
@@ -44,7 +44,4 @@
#define CTRLMMR_LOCK_KICK1 0x0100c
#define CTRLMMR_LOCK_KICK1_UNLOCK_VAL 0xd172bc5a
-/* MCU SCRATCHPAD usage */
-#define K3_BOOT_PARAM_TABLE_INDEX_VAL CONFIG_SYS_K3_MCU_SCRATCHPAD_BASE
-
#endif /* __ASM_ARCH_AM6_HARDWARE_H */
--
2.19.1
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v2 4/7] arm: mach-k3: Add secure device support
K3 devices have High Security (HS) variants along with the non-HS already
supported. Like the previous generation devices (OMAP/Keystone2) K3
supports boot chain-of-trust by authenticating and optionally decrypting
images as they are unpacked from FIT images. Add support for this here.
Signed-off-by: Andrew F. Davis
Reviewed-by: Tom Rini
Reviewed-by: Andreas Dannenberg
---
MAINTAINERS | 1 +
arch/arm/Kconfig| 2 +-
arch/arm/mach-k3/Makefile | 1 +
arch/arm/mach-k3/security.c | 63 +
4 files changed, 66 insertions(+), 1 deletion(-)
create mode 100644 arch/arm/mach-k3/security.c
diff --git a/MAINTAINERS b/MAINTAINERS
index f1f8818d6b..5dd69562e0 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -716,6 +716,7 @@ S: Supported
F: arch/arm/mach-omap2/omap5/sec_entry_cpu1.S
F: arch/arm/mach-omap2/sec-common.c
F: arch/arm/mach-omap2/config_secure.mk
+F: arch/arm/mach-k3/security.c
F: configs/am335x_hs_evm_defconfig
F: configs/am335x_hs_evm_uart_defconfig
F: configs/am43xx_hs_evm_defconfig
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 455f06cfee..da397097e5 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -1417,7 +1417,7 @@ endchoice
config TI_SECURE_DEVICE
bool "HS Device Type Support"
- depends on ARCH_KEYSTONE || ARCH_OMAP2PLUS
+ depends on ARCH_KEYSTONE || ARCH_OMAP2PLUS || ARCH_K3
help
If a high secure (HS) device type is being used, this config
must be set. This option impacts various aspects of the
diff --git a/arch/arm/mach-k3/Makefile b/arch/arm/mach-k3/Makefile
index bd4ab361b2..0c3a4f7db1 100644
--- a/arch/arm/mach-k3/Makefile
+++ b/arch/arm/mach-k3/Makefile
@@ -6,4 +6,5 @@
obj-$(CONFIG_SOC_K3_AM6) += am6_init.o
obj-$(CONFIG_ARM64) += arm64-mmu.o
obj-$(CONFIG_CPU_V7R) += r5_mpu.o lowlevel_init.o
+obj-$(CONFIG_TI_SECURE_DEVICE) += security.o
obj-y += common.o
diff --git a/arch/arm/mach-k3/security.c b/arch/arm/mach-k3/security.c
new file mode 100644
index 00..52f49bf01f
--- /dev/null
+++ b/arch/arm/mach-k3/security.c
@@ -0,0 +1,63 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * K3: Security functions
+ *
+ * Copyright (C) 2018 Texas Instruments Incorporated - http://www.ti.com/
+ * Andrew F. Davis
+ */
+
+#include
+#include
+#include
+#include
+#include
+
+void board_fit_image_post_process(void **p_image, size_t *p_size)
+{
+ struct udevice *dev;
+ struct ti_sci_handle *ti_sci;
+ struct ti_sci_proc_ops *proc_ops;
+ u64 image_addr;
+ u32 image_size;
+ int ret;
+
+ /* Get handle to Device Management and Security Controller (SYSFW) */
+ ret = uclass_get_device_by_name(UCLASS_FIRMWARE, "dmsc", );
+ if (ret) {
+ printf("Failed to get handle to SYSFW (%d)\n", ret);
+ hang();
+ }
+ ti_sci = (struct ti_sci_handle *)(ti_sci_get_handle_from_sysfw(dev));
+ proc_ops = _sci->ops.proc_ops;
+
+ image_addr = (uintptr_t)*p_image;
+
+ debug("Authenticating image at address 0x%016llx\n", image_addr);
+
+ /* Authenticate image */
+ ret = proc_ops->proc_auth_boot_image(ti_sci, _addr, _size);
+ if (ret) {
+ printf("Authentication failed!\n");
+ hang();
+ }
+
+ /*
+* The image_size returned may be 0 when the authentication process has
+* moved the image. When this happens no further processing on the
+* image is needed or often even possible as it may have also been
+* placed behind a firewall when moved.
+*/
+ *p_size = image_size;
+
+ /*
+* Output notification of successful authentication to re-assure the
+* user that the secure code is being processed as expected. However
+* suppress any such log output in case of building for SPL and booting
+* via YMODEM. This is done to avoid disturbing the YMODEM serial
+* protocol transactions.
+*/
+ if (!(IS_ENABLED(CONFIG_SPL_BUILD) &&
+ IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) &&
+ spl_boot_device() == BOOT_DEVICE_UART))
+ printf("Authentication passed\n");
+}
--
2.19.1
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v2 2/7] firmware: ti_sci: Add support for firewall management
TI-SCI message protocol provides support for controlling the firewall
configurations available in SoC.
Introduce support for the set of TI-SCI message protocol APIs that
provide us with this capability of controlling firewalls.
Signed-off-by: Andrew F. Davis
Reviewed-by: Tom Rini
Reviewed-by: Andreas Dannenberg
---
drivers/firmware/ti_sci.c | 177 +
drivers/firmware/ti_sci.h | 121 +
include/linux/soc/ti/ti_sci_protocol.h | 64 +
3 files changed, 362 insertions(+)
diff --git a/drivers/firmware/ti_sci.c b/drivers/firmware/ti_sci.c
index 9148126041..534a1e6497 100644
--- a/drivers/firmware/ti_sci.c
+++ b/drivers/firmware/ti_sci.c
@@ -1803,6 +1803,178 @@ static int ti_sci_cmd_get_proc_boot_status(const struct
ti_sci_handle *handle,
return ret;
}
+/**
+ * ti_sci_cmd_set_fwl_region() - Request for configuring a firewall region
+ * @handle:pointer to TI SCI handle
+ * @region:region configuration parameters
+ *
+ * Return: 0 if all went well, else returns appropriate error value.
+ */
+static int ti_sci_cmd_set_fwl_region(const struct ti_sci_handle *handle,
+const struct ti_sci_msg_fwl_region *region)
+{
+ struct ti_sci_msg_fwl_set_firewall_region_req req;
+ struct ti_sci_msg_hdr *resp;
+ struct ti_sci_info *info;
+ struct ti_sci_xfer *xfer;
+ int ret = 0;
+
+ if (IS_ERR(handle))
+ return PTR_ERR(handle);
+ if (!handle)
+ return -EINVAL;
+
+ info = handle_to_ti_sci_info(handle);
+
+ xfer = ti_sci_setup_one_xfer(info, TISCI_MSG_FWL_SET,
+TI_SCI_FLAG_REQ_ACK_ON_PROCESSED,
+(u32 *), sizeof(req), sizeof(*resp));
+ if (IS_ERR(xfer)) {
+ ret = PTR_ERR(xfer);
+ dev_err(info->dev, "Message alloc failed(%d)\n", ret);
+ return ret;
+ }
+
+ req.fwl_id = region->fwl_id;
+ req.region = region->region;
+ req.n_permission_regs = region->n_permission_regs;
+ req.control = region->control;
+ req.permissions[0] = region->permissions[0];
+ req.permissions[1] = region->permissions[1];
+ req.permissions[2] = region->permissions[2];
+ req.start_address = region->start_address;
+ req.end_address = region->end_address;
+
+ ret = ti_sci_do_xfer(info, xfer);
+ if (ret) {
+ dev_err(info->dev, "Mbox send fail %d\n", ret);
+ return ret;
+ }
+
+ resp = (struct ti_sci_msg_hdr *)xfer->tx_message.buf;
+
+ if (!ti_sci_is_response_ack(resp))
+ return -ENODEV;
+
+ return 0;
+}
+
+/**
+ * ti_sci_cmd_get_fwl_region() - Request for getting a firewall region
+ * @handle:pointer to TI SCI handle
+ * @region:region configuration parameters
+ *
+ * Return: 0 if all went well, else returns appropriate error value.
+ */
+static int ti_sci_cmd_get_fwl_region(const struct ti_sci_handle *handle,
+struct ti_sci_msg_fwl_region *region)
+{
+ struct ti_sci_msg_fwl_get_firewall_region_req req;
+ struct ti_sci_msg_fwl_get_firewall_region_resp *resp;
+ struct ti_sci_info *info;
+ struct ti_sci_xfer *xfer;
+ int ret = 0;
+
+ if (IS_ERR(handle))
+ return PTR_ERR(handle);
+ if (!handle)
+ return -EINVAL;
+
+ info = handle_to_ti_sci_info(handle);
+
+ xfer = ti_sci_setup_one_xfer(info, TISCI_MSG_FWL_GET,
+TI_SCI_FLAG_REQ_ACK_ON_PROCESSED,
+(u32 *), sizeof(req), sizeof(*resp));
+ if (IS_ERR(xfer)) {
+ ret = PTR_ERR(xfer);
+ dev_err(info->dev, "Message alloc failed(%d)\n", ret);
+ return ret;
+ }
+
+ req.fwl_id = region->fwl_id;
+ req.region = region->region;
+ req.n_permission_regs = region->n_permission_regs;
+
+ ret = ti_sci_do_xfer(info, xfer);
+ if (ret) {
+ dev_err(info->dev, "Mbox send fail %d\n", ret);
+ return ret;
+ }
+
+ resp = (struct ti_sci_msg_fwl_get_firewall_region_resp
*)xfer->tx_message.buf;
+
+ if (!ti_sci_is_response_ack(resp))
+ return -ENODEV;
+
+ region->fwl_id = resp->fwl_id;
+ region->region = resp->region;
+ region->n_permission_regs = resp->n_permission_regs;
+ region->control = resp->control;
+ region->permissions[0] = resp->permissions[0];
+ region->permissions[1] = resp->permissions[1];
+ region->permissions[2] = resp->permissions[2];
+ region->start_address = resp->start_address;
+ region->end_address = resp->end_address;
+
+
[U-Boot] [PATCH v2 0/7] AM65x HS device support
Hello all, This series brings up HS device support on the AM65x platform. Support for HS on K3 family devices is a bit different than previous devices but for the most part all that has been abstracted into the SECDEV package, allowing for a rather straight forward implementation here. Thanks, Andrew Changes from v1: - Commented on use of .data section - Use ti_sci_msg_hdr header directly when possible - Rebase and add Reviewed-bys - Will add makefile cleanup later as it also affects files unrelated to this series Andrew F. Davis (7): arm: K3: Avoid use of MCU_PSRAM0 before SYSFW is loaded firmware: ti_sci: Add support for firewall management firmware: ti_sci: Modify auth_boot TI-SCI API to match new version arm: mach-k3: Add secure device support arm: mach-k3: Add secure device build support configs: Add a config for AM65x High Security EVM doc: Update info on using K3 secure devices MAINTAINERS | 4 + arch/arm/Kconfig | 2 +- arch/arm/mach-k3/Makefile| 1 + arch/arm/mach-k3/am6_init.c | 13 +- arch/arm/mach-k3/config.mk | 25 +++ arch/arm/mach-k3/config_secure.mk| 44 arch/arm/mach-k3/include/mach/am6_hardware.h | 3 - arch/arm/mach-k3/security.c | 63 ++ configs/am65x_hs_evm_a53_defconfig | 74 +++ configs/am65x_hs_evm_r5_defconfig| 90 + doc/README.ti-secure | 20 +- drivers/firmware/ti_sci.c| 202 ++- drivers/firmware/ti_sci.h| 130 +++- include/linux/soc/ti/ti_sci_protocol.h | 68 ++- tools/k3_fit_atf.sh | 8 +- 15 files changed, 718 insertions(+), 29 deletions(-) create mode 100644 arch/arm/mach-k3/config_secure.mk create mode 100644 arch/arm/mach-k3/security.c create mode 100644 configs/am65x_hs_evm_a53_defconfig create mode 100644 configs/am65x_hs_evm_r5_defconfig -- 2.19.1 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH 5/7] arm: mach-k3: Add secure device build support
On 2/16/19 4:18 PM, Tom Rini wrote: > On Fri, Feb 15, 2019 at 05:43:32PM +0530, Lokesh Vutla wrote: >> >> >> On 2/15/2019 4:25 AM, Andrew F. Davis wrote: >>> On 2/13/19 9:46 PM, Lokesh Vutla wrote: >>>> >>>> >>>> On 14/02/19 12:07 AM, Andrew F. Davis wrote: >>>>> K3 HS devices require signed binaries for boot, use the SECDEV tools >>>>> to sign the boot artifacts during build. >>>>> >>>>> Signed-off-by: Andrew F. Davis >>>>> --- >>>>> MAINTAINERS | 1 + >>>>> arch/arm/mach-k3/config.mk| 25 ++ >>>>> arch/arm/mach-k3/config_secure.mk | 44 +++ >>>>> tools/k3_fit_atf.sh | 8 -- >>>>> 4 files changed, 76 insertions(+), 2 deletions(-) >>>>> create mode 100644 arch/arm/mach-k3/config_secure.mk >>>>> >>>>> diff --git a/MAINTAINERS b/MAINTAINERS >>>>> index 18cdca9447..ac6bd8cfca 100644 >>>>> --- a/MAINTAINERS >>>>> +++ b/MAINTAINERS >>>>> @@ -717,6 +717,7 @@ F:arch/arm/mach-omap2/omap5/sec_entry_cpu1.S >>>>> F: arch/arm/mach-omap2/sec-common.c >>>>> F: arch/arm/mach-omap2/config_secure.mk >>>>> F: arch/arm/mach-k3/security.c >>>>> +F: arch/arm/mach-k3/config_secure.mk >>>>> F: configs/am335x_hs_evm_defconfig >>>>> F: configs/am335x_hs_evm_uart_defconfig >>>>> F: configs/am43xx_hs_evm_defconfig >>>>> diff --git a/arch/arm/mach-k3/config.mk b/arch/arm/mach-k3/config.mk >>>>> index be00d79fb0..2d8f61f9db 100644 >>>>> --- a/arch/arm/mach-k3/config.mk >>>>> +++ b/arch/arm/mach-k3/config.mk >>>>> @@ -36,6 +36,14 @@ cmd_gencert = cat $(srctree)/tools/k3_x509template.txt >>>>> | sed $(SED_OPTS) > u-boo >>>>> # If external key is not provided, generate key using openssl. >>>>> ifeq ($(CONFIG_SYS_K3_KEY), "") >>>>> KEY=u-boot-spl-eckey.pem >>>>> +# On HS use real key or warn if not available >>>>> +ifeq ($(CONFIG_TI_SECURE_DEVICE),y) >>>>> +ifneq ($(wildcard $(TI_SECURE_DEV_PKG)/keys/custMpk.pem),) >>>>> +KEY=$(TI_SECURE_DEV_PKG)/keys/custMpk.pem >>>>> +else >>>>> +$(warning "WARNING: signing key not found. Random key will NOT work on >>>>> HS hardware!") >>>>> +endif >>>>> +endif >>>>> else >>>>> KEY=$(patsubst "%",$(srctree)/%,$(CONFIG_SYS_K3_KEY)) >>>>> endif >>>>> @@ -65,6 +73,15 @@ ALL-y += tiboot3.bin >>>>> endif >>>>> >>>>> ifdef CONFIG_ARM64 >>>>> +ifeq ($(CONFIG_TI_SECURE_DEVICE),y) >>>>> +SPL_ITS := u-boot-spl-k3_HS.its >>>>> +$(SPL_ITS): FORCE >>>>> + IS_HS=1 \ >>>>> + $(srctree)/tools/k3_fit_atf.sh \ >>>>> + $(patsubst %,$(obj)/dts/%.dtb,$(subst ",,$(CONFIG_SPL_OF_LIST))) > $@ >>>>> + >>>>> +ALL-y+= tispl.bin_HS >>>>> +else >>>>> SPL_ITS := u-boot-spl-k3.its >>>>> $(SPL_ITS): FORCE >>>>> $(srctree)/tools/k3_fit_atf.sh \ >>>>> @@ -72,7 +89,15 @@ $(SPL_ITS): FORCE >>>>> >>>>> ALL-y+= tispl.bin >>>>> endif >>>>> +endif >>>>> + >>>>> +else >>>>> >>>>> +ifeq ($(CONFIG_TI_SECURE_DEVICE),y) >>>>> +ALL-y+= u-boot.img_HS >>>>> else >>>>> ALL-y+= u-boot.img >>>>> endif >>>>> +endif >>>>> + >>>>> +include $(srctree)/arch/arm/mach-k3/config_secure.mk >>>>> diff --git a/arch/arm/mach-k3/config_secure.mk >>>>> b/arch/arm/mach-k3/config_secure.mk >>>>> new file mode 100644 >>>>> index 00..6d63c57665 >>>>> --- /dev/null >>>>> +++ b/arch/arm/mach-k3/config_secure.mk >>>>> @@ -0,0 +1,44 @@ >>>>> +# SPDX-License-Identifier: GPL-2.0 >>>>> +# >>>>> +# Copyright (C) 2018 Texas Instruments, Incorporated - http://www.ti.com/ >>>>> +#Andrew F. Davis >>>>> + >>>>> +quiet_cmd_k3secureimg = SECURE
