Age | Commit message (Collapse) | Author |
|
For mpc85xx SoCs, the core begins execution from address 0xFFFFFFFC.
In non-secure boot scenario from NAND, this address will map to CPC
configured as SRAM. But in case of secure boot, this default address
always maps to IBR (Internal Boot ROM).
The IBR code requires that the bootloader(U-boot) must lie in 0 to 3.5G
address space i.e. 0x0 - 0xDFFFFFFF.
For secure boot target from NAND, the text base for SPL is kept same as
non-secure boot target i.e. 0xFFFx_xxxx but the SPL U-boot binary will
be copied to CPC configured as SRAM with address in 0-3.5G(0xBFFC_0000)
As a the virtual and physical address of CPC would be different. The
virtual address 0xFFFx_xxxx needs to be mapped to physical address
0xBFFx_xxxx.
Create a new PBI file to configure CPC as SRAM with address 0xBFFC0000
and update DCFG SCRTACH1 register with location of Header required for
secure boot.
The changes are similar to
commit 467a40dfe35f48d830f01a72617207d03ca85b4d
powerpc/mpc85xx: SECURE BOOT- NAND secure boot target for P3041
While P3041 has a 1MB CPC and does not require SPL. On T104x, CPC
is only 256K and thus SPL framework is used.
The changes are only applicable for SPL U-Boot running out of CPC SRAM
and not the next level U-Boot loaded on DDR.
Reviewed-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
|
|
As part of Chain of Trust for Secure boot, the SPL U-Boot will validate
the next level U-boot image. Add a new function spl_validate_uboot to
perform the validation.
Enable hardware crypto operations in SPL using SEC block.
In case of Secure Boot, PAMU is not bypassed. For allowing SEC block
access to CPC configured as SRAM, configure PAMU.
Reviewed-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: York Sun <york.sun@nxp.com>
|
|
Signed-off-by: Tom Rini <trini@konsulko.com>
Conflicts:
arch/arm/cpu/armv8/Makefile
arch/arm/lib/bootm-fdt.c
|
|
Set the enable-method in the cpu node to PSCI, and create device
node for PSCI, when PSCI was enabled.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
|
|
If the PSCI and PPA is ready, skip the fixup for spin-table and
waking secondary cores. Otherwise, change SMP method to spin-table,
and the device node of PSCI will be removed.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
|
|
The FSL Primary Protected Application (PPA) is a software component
loaded during boot which runs in TrustZone and remains resident
after boot.
Use the secure firmware framework to integrate FSL PPA into U-Boot.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
|
|
This framework is introduced for ARMv8 secure monitor mode firmware.
The main functions of the framework are, on EL3, verify the firmware,
load it to the secure memory and jump into it, and while it returned
to U-Boot, do some necessary setups at the 'target exception level'
that is determined by the respective secure firmware.
So far, the framework support only FIT format image, and need to define
the name of which config node should be used in 'configurations' and
the name of property for the raw secure firmware image in that config.
The FIT image should be stored in Byte accessing memory, such as NOR
Flash, or else it should be copied to main memory to use this framework.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
|
|
This function assume that the d-cache and MMU has been enabled earlier,
so it just created MMU table in main memory. But the assumption is not
always correct, for example, the early setup is done in EL3, while
enable_caches() is called when the PE has turned into another EL.
Define the function mmu_setup() for fsl-layerscape to cover the weak
one.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
|
|
Drop platform code to create static MMU tables. Use common framework
to create MMU tables on the run. Tested on LS2080ARDB with secure and
non-secure ram scenarios.
Signed-off-by: York Sun <york.sun@nxp.com>
|
|
Fix a number of typos, including:
* "compatble" -> "compatible"
* "eanbeld" -> "enabled"
* "envrionment" -> "environment"
* "FTD" -> "FDT" (for "flattened device tree")
* "ommitted" -> "omitted"
* "overriden" -> "overridden"
* "partiton" -> "partition"
* "propogate" -> "propagate"
* "resourse" -> "resource"
* "rest in piece" -> "rest in peace"
* "suport" -> "support"
* "varible" -> "variable"
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
|
|
Introduce virtual and physical addresses in the mapping table. This change
have no impact on existing boards because they all use idential mapping.
Signed-off-by: York Sun <york.sun@nxp.com>
|
|
When page tables are created, allow later table to be created on
previous block entry. Splitting block feature is already working
with current code. This patch only rearranges the code order and
adds one condition to call split_block().
Signed-off-by: York Sun <york.sun@nxp.com>
|
|
Make setup_pgtages() and get_tcr() available for platform code to
customize MMU tables.
Remove unintentional call of create_table().
Signed-off-by: York Sun <york.sun@nxp.com>
|
|
When secure ram is used, MMU tables have to be put into secure ram.
To use common MMU code, gd->arch.tlb_addr will be used to host TLB
entry pointer. To save allocated memory for later use, tlb_allocated
variable is added to global data structure.
Signed-off-by: York Sun <york.sun@nxp.com>
|
|
Secure_ram variable was put in generic global data. But only ARMv8
uses this variable. Move it to ARM specific data structure.
Signed-off-by: York Sun <york.sun@nxp.com>
|
|
|
|
Now that we have a secure data section for storing variables, there
should be no need for platform code to get the stack address.
Make psci_get_cpu_stack_top a local function, as it should only be
used in armv7/psci.S and only by psci_stack_setup.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
Now that we have a secure data section and space to store per-CPU target
PC address, switch to it instead of storing the target PC on the stack.
Also save clobbered r4-r7 registers on the stack and restore them on
return in psci_cpu_on for Tegra, i.MX7, and LS102xA platforms.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
Now that we have a data section, add helper functions to save and fetch
per-CPU target PC.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
The secure monitor may need to store global or static values within the
secure section of memory, such as target PC or CPU power status.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
sunxi and i.mx7 both define the __secure modifier to put functions in
the secure section. Move this to a common place.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
As the PSCI implementation grows, we might exceed the size of the secure
memory that holds the firmware.
Add a configurable CONFIG_ARMV7_SECURE_MAX_SIZE so platforms can define
how much secure memory is available. The linker then checks the size of
the whole secure section against this.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
psci_text_end was used to calculate the PSCI stack address following the
secure monitor text. Now that we have an explicit secure stack section,
this is no longer used.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
Now that we have a secure stack section that guarantees usable memory,
allocate the PSCI stacks in that section.
Also add a diagram detailing how the stacks are placed in memory.
Reserved space for the target PC remains unchanged. This should be
moved to global variables within a secure data section in the future.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
Until now we've been using memory beyond psci_text_end as stack space
for the secure monitor or PSCI implementation, even if space was not
allocated for it.
This was partially fixed in ("ARM: allocate extra space for PSCI stack
in secure section during link phase"). However, calculating stack space
from psci_text_end in one place, while allocating the space in another
is error prone.
This patch adds a separate empty secure stack section, with space for
CONFIG_ARMV7_PSCI_NR_CPUS stacks, each 1 KB. There's also
__secure_stack_start and __secure_stack_end symbols. The linker script
handles calculating the correct VMAs for the stack section. For
platforms that relocate/copy the secure monitor before using it, the
space is not allocated in the executable, saving space.
For platforms that do not define CONFIG_ARMV7_PSCI_NR_CPUS, a whole page
of stack space for 4 CPUs is allocated, matching the previous behavior.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
Targets that define CONFIG_ARMV7_SECURE_BASE will copy the secure section
to another address before execution.
Since the secure section in the u-boot image is only storage, there's
no reason to page align it and increase the binary image size.
Page align the secure section only when CONFIG_ARMV7_SECURE_BASE is not
defined. And instead of just aligning the __secure_start symbol, align
the whole .__secure_start section. This also makes the section empty,
so we need to add KEEP() to the input entry to prevent the section from
being garbage collected.
Also use ld constant "COMMONPAGESIZE" instead of hardcoded page size.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
This patch finishes the rewrite of sunxi specific PSCI parts into C
code.
The assembly-only stack setup code has been factored out into a common
function for ARMv7. The GIC setup code can be renamed as psci_arch_init.
And we can use an empty stub function for psci_text_end.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
Every platform has the same stack setup code in assembly as part of
psci_arch_init.
Move this out into a common separate function, psci_stack_setup, for
all platforms. This will allow us to move the remaining parts of
psci_arch_init into C code, or drop it entirely.
Also provide a stub no-op psci_arch_init for platforms that don't need
their own specific setup code.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
The Orange Pi Lite SBC is a small H3 based SBC, with 512MB RAM,
micro-sd slot, HDMI out, 2 USB-A connectors, 1 micro-USB connector,
sdio attached rtl8189ftv wifi and an ir receiver.
The dts file is identical to the one submitted to the upstream kernel.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Ian Campbell <ijc@hellion.org.uk>
|
|
This enables extra USB controllers which enable use of the 3rd USB
port on the new Orange Pi Plus 2E variant.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Ian Campbell <ijc@hellion.org.uk>
|
|
Now that we know that the BROM stores a value indicating the boot-source
at the beginning of SRAM, use that instead of trying to recreate the
BROM's boot probing.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Ian Campbell <ijc@hellion.org.uk>
|
|
|
|
|
|
This patch add EMAC driver support for H3/A83T/A64 SoCs.
Tested on Pine64(A64-External PHY) and Orangepipc(H3-Internal PHY).
BIG Thanks to Andre for providing some of the DT code.
Signed-off-by: Amit Singh Tomar <amittomer25@gmail.com>
Acked-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
The patch converts one of the "reserved" fields in the sunxi SPL
header to a fel_uEnv_length entry. When booting over USB ("FEL
mode"), this enables the sunxi-fel utility to pass the string
length of uEnv.txt compatible data; at the same time requesting
that this data be imported into the U-Boot environment.
If parse_spl_header() in the sunxi board.c encounters a non-zero
value in this header field, it will therefore call himport_r() to
merge the string (lines) passed via FEL into the default settings.
Environment vars can be changed this way even before U-Boot will
attempt to autoboot - specifically, this also allows overriding
"bootcmd".
With fel_script_addr set and a zero fel_uEnv_length, U-Boot is
safe to assume that data in .scr format (a mkimage-type script)
was passed at fel_script_addr, and will handle it using the
existing mechanism ("bootcmd_fel").
Signed-off-by: Bernhard Nortmann <bernhard.nortmann@web.de>
Acked-by: Siarhei Siamashka <siarhei.siamashka@gmail.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
Allwinner devices support SPI flash as one of the possible
bootable media type. The SPI flash chip needs to be connected
to SPI0 pins (port C) to make this work. More information is
available at:
https://linux-sunxi.org/Bootable_SPI_flash
This patch adds the initial support for booting from SPI flash.
The existing SPI frameworks are not used in order to reduce the
SPL code size. Right now the SPL size grows by ~370 bytes when
CONFIG_SPL_SPI_SUNXI option is enabled.
While there are no popular Allwinner devices with SPI flash at
the moment, testing can be done using a SPI flash module (it
can be bought for ~2$ on ebay) and jumper wires with the boards,
which expose relevant pins on the expansion header. The SPI flash
chips themselves are very cheap (some prices are even listed as
low as 4 cents) and should not cost much if somebody decides to
design a development board with an SPI flash chip soldered on
the PCB.
Another nice feature of the SPI flash is that it can be safely
accessed in a device-independent way (since we know that the
boot ROM is already probing these pins during the boot time).
And if, for example, Olimex boards opted to use SPI flash instead
of EEPROM, then they would have been able to have U-Boot installed
in the SPI flash now and boot the rest of the system from the SATA
hard drive. Hopefully we may see new interesting Allwinner based
development boards in the future, now that the software support
for the SPI flash is in a better shape :-)
Testing can be done by enabling the CONFIG_SPL_SPI_SUNXI option
in a board defconfig, then building U-Boot and finally flashing
the resulting u-boot-sunxi-with-spl.bin binary over USB OTG with
a help of the sunxi-fel tool:
sunxi-fel spiflash-write 0 u-boot-sunxi-with-spl.bin
The device needs to be switched into FEL (USB recovery) mode first.
The most suitable boards for testing are Orange Pi PC and Pine64.
Because these boards are cheap, have no built-in NAND/eMMC and
expose SPI0 pins on the Raspberry Pi compatible expansion header.
The A13-OLinuXino-Micro board also can be used.
Signed-off-by: Siarhei Siamashka <siarhei.siamashka@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
Add support for of-platdata with rk3288 SDRAM initr. This requires decoding
the of-platdata struct and setting up the device from that. Also the driver
needs to be renamed to match the string that of-platdata will search for.
The platform data is copied from the of-platdata structure to the one used
by the driver. This allows the same code to be used with device tree and
of-platdata.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
It is more correct to avoid touching the device tree in the probe() method.
Update the driver to work this way. Note that only SPL needs to fiddle with
the SDRAM registers, so decoding the platform data fully is not necessary in
U-Boot proper.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
The syscon devices all end up having diffent driver names with of-platdata,
since the driver name comes from the first string in the compatible list.
Add separate device declarations for each one, and add a bind method to set
up driver_data correctly.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
This function cannot look at the device tree when of-platdata is used.
Update the code to handle this.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
When the boot ROM sets up MMC we don't need to do it again. Remove the
MMC setup code entirely.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Add an extra byte so that this data is not byteswapped. Add a comment to
the code to explain the purpose.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Start up the test devices. These print out of-platdata contents, providing a
check that the of-platdata feature is working correctly.
The device-tree changes are made to sandbox.dts rather than test.dts. since
the former controls the of-platdata generation.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
It is useful to be able to build SPL for sandbox. It provides additional
build coverage and allows SPL features to be tested in sandbox. However
it does not need worthwhile to always create an SPL build. It nearly
doubles the build time and the feature is (so far) seldom used.
So for now, create a separate build target for sandbox SPL. This allows
experimentation with this new feature without impacting existing workflows.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Add an sandbox implementation for the generic SPL framework. This supports
locating and running U-Boot proper.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
SPL does not have a command interface so we should not include the main loop
code.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
PCI is not supported in SPL for sandbox, so avoid using it.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
These headers are needed in case they are not transitively included.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
The dm/ file should go at the end. Move it.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
When building an SPL image, override the link flags so that it uses the
system libraries. This is similar to the way the non-SPL image is built.
Signed-off-by: Simon Glass <sjg@chromium.org>
|