diff options
| author | Tom Rini <trini@konsulko.com> | 2024-05-24 11:01:56 -0600 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2024-05-24 11:01:56 -0600 |
| commit | 6b9ae5789e9beef7fb78893c7c831e2b31b705f6 (patch) | |
| tree | b5b14f99abfb9b9e29aecf3a0f3dcb3e70e7b766 | |
| parent | 377e91c162ab09ec20f96f966f380cb55c590edd (diff) | |
| parent | 7457dc6f183303aaf2d58fff0a622e6791aba33c (diff) | |
| download | u-boot-6b9ae5789e9beef7fb78893c7c831e2b31b705f6.zip u-boot-6b9ae5789e9beef7fb78893c7c831e2b31b705f6.tar.gz u-boot-6b9ae5789e9beef7fb78893c7c831e2b31b705f6.tar.bz2 | |
Merge tag 'u-boot-imx-next-20240524' of https://gitlab.denx.de/u-boot/custodians/u-boot-imx into next
CI: https://source.denx.de/u-boot/custodians/u-boot-imx/-/pipelines/20834
- Allow signing i.MX8M flash.bin via binman, which is a much more
elegant solution that using scripts.
- Improve i.MX8M HAB documentation.
- Increase PHY auto-negotiation timeout to 20s on MX8Menlo
- Add bmode support for the MX53 Menlo board.
- Update Update iMX8MM Menlo board configuration
| -rw-r--r-- | .gitignore | 2 | ||||
| -rw-r--r-- | MAINTAINERS | 1 | ||||
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | arch/arm/dts/imx8mm-u-boot.dtsi | 195 | ||||
| -rw-r--r-- | arch/arm/dts/imx8mm-verdin-wifi-dev-u-boot.dtsi | 8 | ||||
| -rw-r--r-- | arch/arm/dts/imx8mn-u-boot.dtsi | 209 | ||||
| -rw-r--r-- | arch/arm/dts/imx8mp-dhcom-u-boot.dtsi | 124 | ||||
| -rw-r--r-- | arch/arm/dts/imx8mp-rsb3720-a1-u-boot.dtsi | 26 | ||||
| -rw-r--r-- | arch/arm/dts/imx8mp-u-boot.dtsi | 172 | ||||
| -rw-r--r-- | arch/arm/dts/imx8mq-librem5-r4-u-boot.dtsi | 10 | ||||
| -rw-r--r-- | arch/arm/dts/imx8mq-u-boot.dtsi | 182 | ||||
| -rw-r--r-- | configs/imx8mm-mx8menlo_defconfig | 28 | ||||
| -rw-r--r-- | configs/m53menlo_defconfig | 3 | ||||
| -rw-r--r-- | doc/imx/habv4/csf_examples/mx8m/csf.sh | 92 | ||||
| -rw-r--r-- | doc/imx/habv4/csf_examples/mx8m/csf_fit.txt | 30 | ||||
| -rw-r--r-- | doc/imx/habv4/csf_examples/mx8m/csf_spl.txt | 33 | ||||
| -rw-r--r-- | doc/imx/habv4/guides/mx8m_spl_secure_boot.txt | 131 | ||||
| -rw-r--r-- | include/configs/imx8mm-mx8menlo.h | 3 | ||||
| -rw-r--r-- | include/configs/m53menlo.h | 2 | ||||
| -rw-r--r-- | tools/binman/btool/cst.py | 48 | ||||
| -rw-r--r-- | tools/binman/etype/nxp_imx8mcst.py | 164 |
21 files changed, 799 insertions, 666 deletions
@@ -73,6 +73,8 @@ fit-dtb.blob* /capsule.*.efi-capsule /capsule*.map /keep-syms-lto.* +/*imx8mimage* +/*imx8mcst* # # Generated include files diff --git a/MAINTAINERS b/MAINTAINERS index 6d02176..8e7a8dd 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -306,6 +306,7 @@ F: arch/arm/include/asm/mach-imx/ F: board/freescale/*mx*/ F: board/freescale/common/ F: common/spl/spl_imx_container.c +F: doc/imx/ F: drivers/serial/serial_mxc.c F: include/imx_container.h @@ -2213,7 +2213,7 @@ MRPROPER_DIRS += include/config include/generated spl tpl vpl \ # Remove include/asm symlink created by U-Boot before v2014.01 MRPROPER_FILES += .config .config.old include/autoconf.mk* include/config.h \ ctags etags tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \ - drivers/video/fonts/*.S include/asm + drivers/video/fonts/*.S include/asm *imx8mimage* *imx8mcst* # clean - Delete most, but leave enough to build external modules # diff --git a/arch/arm/dts/imx8mm-u-boot.dtsi b/arch/arm/dts/imx8mm-u-boot.dtsi index 6ab8f66..c02e11d 100644 --- a/arch/arm/dts/imx8mm-u-boot.dtsi +++ b/arch/arm/dts/imx8mm-u-boot.dtsi @@ -54,126 +54,151 @@ }; #endif - nxp-imx8mimage { - filename = "u-boot-spl-mkimage.bin"; - nxp,boot-from = "sd"; - nxp,rom-version = <1>; +#ifdef CONFIG_IMX_HAB + nxp-imx8mcst@0 { + filename = "u-boot-spl-mkimage.signed.bin"; nxp,loader-address = <CONFIG_SPL_TEXT_BASE>; + nxp,unlock; args; /* Needed by mkimage etype superclass */ +#endif - section { - align = <4>; - align-size = <4>; - filename = "u-boot-spl-ddr.bin"; - pad-byte = <0xff>; - - u-boot-spl { - align-end = <4>; - filename = "u-boot-spl.bin"; - }; + binman_imx_spl: nxp-imx8mimage { + filename = "u-boot-spl-mkimage.bin"; + nxp,boot-from = "sd"; + nxp,rom-version = <1>; + nxp,loader-address = <CONFIG_SPL_TEXT_BASE>; + args; /* Needed by mkimage etype superclass */ + + section { + align = <4>; + align-size = <4>; + filename = "u-boot-spl-ddr.bin"; + pad-byte = <0xff>; + + u-boot-spl { + align-end = <4>; + filename = "u-boot-spl.bin"; + }; - ddr-1d-imem-fw { - filename = "lpddr4_pmu_train_1d_imem.bin"; - align-end = <4>; - type = "blob-ext"; - }; + ddr-1d-imem-fw { + filename = "lpddr4_pmu_train_1d_imem.bin"; + align-end = <4>; + type = "blob-ext"; + }; - ddr-1d-dmem-fw { - filename = "lpddr4_pmu_train_1d_dmem.bin"; - align-end = <4>; - type = "blob-ext"; - }; + ddr-1d-dmem-fw { + filename = "lpddr4_pmu_train_1d_dmem.bin"; + align-end = <4>; + type = "blob-ext"; + }; - ddr-2d-imem-fw { - filename = "lpddr4_pmu_train_2d_imem.bin"; - align-end = <4>; - type = "blob-ext"; - }; + ddr-2d-imem-fw { + filename = "lpddr4_pmu_train_2d_imem.bin"; + align-end = <4>; + type = "blob-ext"; + }; - ddr-2d-dmem-fw { - filename = "lpddr4_pmu_train_2d_dmem.bin"; - align-end = <4>; - type = "blob-ext"; + ddr-2d-dmem-fw { + filename = "lpddr4_pmu_train_2d_dmem.bin"; + align-end = <4>; + type = "blob-ext"; + }; }; }; +#ifdef CONFIG_IMX_HAB }; - fit { - description = "Configuration to load ATF before U-Boot"; -#ifndef CONFIG_IMX_HAB - fit,external-offset = <CONFIG_FIT_EXTERNAL_OFFSET>; -#endif - fit,fdt-list = "of-list"; - #address-cells = <1>; + nxp-imx8mcst@1 { + filename = "u-boot-fit.signed.bin"; + nxp,loader-address = <CONFIG_SPL_LOAD_FIT_ADDRESS>; #ifdef CONFIG_FSPI_CONF_HEADER offset = <0x58C00>; #else offset = <0x57c00>; #endif - images { - uboot { - arch = "arm64"; - compression = "none"; - description = "U-Boot (64-bit)"; - load = <CONFIG_TEXT_BASE>; - type = "standalone"; + args; /* Needed by mkimage etype superclass */ +#endif - uboot-blob { - filename = "u-boot-nodtb.bin"; - type = "blob-ext"; + binman_imx_fit: fit { + description = "Configuration to load ATF before U-Boot"; +#ifndef CONFIG_IMX_HAB + fit,external-offset = <CONFIG_FIT_EXTERNAL_OFFSET>; +#endif + fit,fdt-list = "of-list"; + #address-cells = <1>; +#ifdef CONFIG_FSPI_CONF_HEADER + offset = <0x58C00>; +#else + offset = <0x57c00>; +#endif + + images { + uboot { + arch = "arm64"; + compression = "none"; + description = "U-Boot (64-bit)"; + load = <CONFIG_TEXT_BASE>; + type = "standalone"; + + uboot-blob { + filename = "u-boot-nodtb.bin"; + type = "blob-ext"; + }; }; - }; #ifndef CONFIG_ARMV8_PSCI - atf { - arch = "arm64"; - compression = "none"; - description = "ARM Trusted Firmware"; - entry = <0x920000>; - load = <0x920000>; - type = "firmware"; - - atf-blob { - filename = "bl31.bin"; - type = "atf-bl31"; + atf { + arch = "arm64"; + compression = "none"; + description = "ARM Trusted Firmware"; + entry = <0x920000>; + load = <0x920000>; + type = "firmware"; + + atf-blob { + filename = "bl31.bin"; + type = "atf-bl31"; + }; }; - }; #endif - binman_fip: fip { - arch = "arm64"; - compression = "none"; - description = "Trusted Firmware FIP"; - load = <0x40310000>; - type = "firmware"; - }; + binman_fip: fip { + arch = "arm64"; + compression = "none"; + description = "Trusted Firmware FIP"; + load = <0x40310000>; + type = "firmware"; + }; - @fdt-SEQ { - compression = "none"; - description = "NAME"; - type = "flat_dt"; + @fdt-SEQ { + compression = "none"; + description = "NAME"; + type = "flat_dt"; - uboot-fdt-blob { - filename = "u-boot.dtb"; - type = "blob-ext"; + uboot-fdt-blob { + filename = "u-boot.dtb"; + type = "blob-ext"; + }; }; }; - }; - configurations { - default = "@config-DEFAULT-SEQ"; + configurations { + default = "@config-DEFAULT-SEQ"; - @config-SEQ { - description = "NAME"; - fdt = "fdt-SEQ"; - firmware = "uboot"; + @config-SEQ { + description = "NAME"; + fdt = "fdt-SEQ"; + firmware = "uboot"; #ifndef CONFIG_ARMV8_PSCI - loadables = "atf"; + loadables = "atf"; #endif + }; }; }; +#ifdef CONFIG_IMX_HAB }; +#endif }; }; diff --git a/arch/arm/dts/imx8mm-verdin-wifi-dev-u-boot.dtsi b/arch/arm/dts/imx8mm-verdin-wifi-dev-u-boot.dtsi index 90183af..183de46 100644 --- a/arch/arm/dts/imx8mm-verdin-wifi-dev-u-boot.dtsi +++ b/arch/arm/dts/imx8mm-verdin-wifi-dev-u-boot.dtsi @@ -35,12 +35,8 @@ bootph-pre-ram; }; -&binman { - section { - fit { - offset = <0x5fc00>; - }; - }; +&binman_imx_fit { + offset = <0x5fc00>; }; &gpio1 { diff --git a/arch/arm/dts/imx8mn-u-boot.dtsi b/arch/arm/dts/imx8mn-u-boot.dtsi index ba9967d..732191f 100644 --- a/arch/arm/dts/imx8mn-u-boot.dtsi +++ b/arch/arm/dts/imx8mn-u-boot.dtsi @@ -103,147 +103,172 @@ }; #endif - nxp-imx8mimage { - filename = "u-boot-spl-mkimage.bin"; - nxp,boot-from = "sd"; - nxp,rom-version = <2>; +#ifdef CONFIG_IMX_HAB + nxp-imx8mcst@0 { + filename = "u-boot-spl-mkimage.signed.bin"; nxp,loader-address = <CONFIG_SPL_TEXT_BASE>; + nxp,unlock; args; /* Needed by mkimage etype superclass */ +#endif - section { - filename = "u-boot-spl-ddr.bin"; - pad-byte = <0xff>; - align-size = <4>; - align = <4>; - - u-boot-spl { - align-end = <4>; - filename = "u-boot-spl.bin"; - }; + binman_imx_spl: nxp-imx8mimage { + filename = "u-boot-spl-mkimage.bin"; + nxp,boot-from = "sd"; + nxp,rom-version = <2>; + nxp,loader-address = <CONFIG_SPL_TEXT_BASE>; + args; /* Needed by mkimage etype superclass */ + + section { + filename = "u-boot-spl-ddr.bin"; + pad-byte = <0xff>; + align-size = <4>; + align = <4>; + + u-boot-spl { + align-end = <4>; + filename = "u-boot-spl.bin"; + }; - ddr-1d-imem-fw { + ddr-1d-imem-fw { #ifdef CONFIG_IMX8M_LPDDR4 - filename = "lpddr4_pmu_train_1d_imem.bin"; + filename = "lpddr4_pmu_train_1d_imem.bin"; #elif CONFIG_IMX8M_DDR4 - filename = "ddr4_imem_1d_201810.bin"; + filename = "ddr4_imem_1d_201810.bin"; #else - filename = "ddr3_imem_1d.bin"; + filename = "ddr3_imem_1d.bin"; #endif - type = "blob-ext"; - align-end = <4>; - }; + type = "blob-ext"; + align-end = <4>; + }; - ddr-1d-dmem-fw { + ddr-1d-dmem-fw { #ifdef CONFIG_IMX8M_LPDDR4 - filename = "lpddr4_pmu_train_1d_dmem.bin"; + filename = "lpddr4_pmu_train_1d_dmem.bin"; #elif CONFIG_IMX8M_DDR4 - filename = "ddr4_dmem_1d_201810.bin"; + filename = "ddr4_dmem_1d_201810.bin"; #else - filename = "ddr3_dmem_1d.bin"; + filename = "ddr3_dmem_1d.bin"; #endif - type = "blob-ext"; - align-end = <4>; - }; + type = "blob-ext"; + align-end = <4>; + }; #if defined(CONFIG_IMX8M_LPDDR4) || defined(CONFIG_IMX8M_DDR4) - ddr-2d-imem-fw { + ddr-2d-imem-fw { #ifdef CONFIG_IMX8M_LPDDR4 - filename = "lpddr4_pmu_train_2d_imem.bin"; + filename = "lpddr4_pmu_train_2d_imem.bin"; #else - filename = "ddr4_imem_2d_201810.bin"; + filename = "ddr4_imem_2d_201810.bin"; #endif - type = "blob-ext"; - align-end = <4>; - }; + type = "blob-ext"; + align-end = <4>; + }; - ddr-2d-dmem-fw { + ddr-2d-dmem-fw { #ifdef CONFIG_IMX8M_LPDDR4 - filename = "lpddr4_pmu_train_2d_dmem.bin"; + filename = "lpddr4_pmu_train_2d_dmem.bin"; #else - filename = "ddr4_dmem_2d_201810.bin"; + filename = "ddr4_dmem_2d_201810.bin"; #endif - type = "blob-ext"; - align-end = <4>; - }; + type = "blob-ext"; + align-end = <4>; + }; #endif + }; }; + +#ifdef CONFIG_IMX_HAB }; - fit { - description = "Configuration to load ATF before U-Boot"; -#ifndef CONFIG_IMX_HAB - fit,external-offset = <CONFIG_FIT_EXTERNAL_OFFSET>; -#endif - fit,fdt-list = "of-list"; - #address-cells = <1>; + nxp-imx8mcst@1 { + filename = "u-boot-fit.signed.bin"; + nxp,loader-address = <CONFIG_SPL_LOAD_FIT_ADDRESS>; #ifdef CONFIG_FSPI_CONF_HEADER offset = <0x59000>; #else offset = <0x58000>; #endif + args; /* Needed by mkimage etype superclass */ +#endif - images { - uboot { - arch = "arm64"; - compression = "none"; - description = "U-Boot (64-bit)"; - load = <CONFIG_TEXT_BASE>; - type = "standalone"; + binman_imx_fit: fit { + description = "Configuration to load ATF before U-Boot"; +#ifndef CONFIG_IMX_HAB + fit,external-offset = <CONFIG_FIT_EXTERNAL_OFFSET>; +#endif + fit,fdt-list = "of-list"; + #address-cells = <1>; +#ifdef CONFIG_FSPI_CONF_HEADER + offset = <0x59000>; +#else + offset = <0x58000>; +#endif - uboot-blob { - filename = "u-boot-nodtb.bin"; - type = "blob-ext"; + images { + uboot { + arch = "arm64"; + compression = "none"; + description = "U-Boot (64-bit)"; + load = <CONFIG_TEXT_BASE>; + type = "standalone"; + + uboot-blob { + filename = "u-boot-nodtb.bin"; + type = "blob-ext"; + }; }; - }; #ifndef CONFIG_ARMV8_PSCI - atf { - arch = "arm64"; - compression = "none"; - description = "ARM Trusted Firmware"; - entry = <0x960000>; - load = <0x960000>; - type = "firmware"; - - atf-blob { - filename = "bl31.bin"; - type = "atf-bl31"; + atf { + arch = "arm64"; + compression = "none"; + description = "ARM Trusted Firmware"; + entry = <0x960000>; + load = <0x960000>; + type = "firmware"; + + atf-blob { + filename = "bl31.bin"; + type = "atf-bl31"; + }; }; - }; #endif - binman_fip: fip { - arch = "arm64"; - compression = "none"; - description = "Trusted Firmware FIP"; - load = <0x40310000>; - type = "firmware"; - }; + binman_fip: fip { + arch = "arm64"; + compression = "none"; + description = "Trusted Firmware FIP"; + load = <0x40310000>; + type = "firmware"; + }; - @fdt-SEQ { - compression = "none"; - description = "NAME"; - type = "flat_dt"; + @fdt-SEQ { + compression = "none"; + description = "NAME"; + type = "flat_dt"; - uboot-fdt-blob { - filename = "u-boot.dtb"; - type = "blob-ext"; + uboot-fdt-blob { + filename = "u-boot.dtb"; + type = "blob-ext"; + }; }; }; - }; - configurations { - default = "@config-DEFAULT-SEQ"; + configurations { + default = "@config-DEFAULT-SEQ"; - @config-SEQ { - description = "NAME"; - fdt = "fdt-SEQ"; - firmware = "uboot"; + @config-SEQ { + description = "NAME"; + fdt = "fdt-SEQ"; + firmware = "uboot"; #ifndef CONFIG_ARMV8_PSCI - loadables = "atf"; + loadables = "atf"; #endif + }; }; }; +#ifdef CONFIG_IMX_HAB }; +#endif }; }; diff --git a/arch/arm/dts/imx8mp-dhcom-u-boot.dtsi b/arch/arm/dts/imx8mp-dhcom-u-boot.dtsi index cb37e28..c065fb8 100644 --- a/arch/arm/dts/imx8mp-dhcom-u-boot.dtsi +++ b/arch/arm/dts/imx8mp-dhcom-u-boot.dtsi @@ -135,73 +135,69 @@ bootph-pre-ram; }; -&binman { - section { - fit { - images { - fdt-dto-imx8mp-dhcom-som-overlay-eth1xfast { - description = "imx8mp-dhcom-som-overlay-eth1xfast"; - type = "flat_dt"; - compression = "none"; - - blob-ext { - filename = "imx8mp-dhcom-som-overlay-eth1xfast.dtbo"; - }; - }; - - fdt-dto-imx8mp-dhcom-som-overlay-eth2xfast { - description = "imx8mp-dhcom-som-overlay-eth2xfast"; - type = "flat_dt"; - compression = "none"; - - blob-ext { - filename = "imx8mp-dhcom-som-overlay-eth2xfast.dtbo"; - }; - }; - - fdt-dto-imx8mp-dhcom-pdk-overlay-eth2xfast { - description = "imx8mp-dhcom-pdk-overlay-eth2xfast"; - type = "flat_dt"; - compression = "none"; - - blob-ext { - filename = "imx8mp-dhcom-pdk-overlay-eth2xfast.dtbo"; - }; - }; - - fdt-dto-imx8mp-dhcom-som-overlay-rev100 { - description = "imx8mp-dhcom-som-overlay-rev100"; - type = "flat_dt"; - compression = "none"; - - blob-ext { - filename = "imx8mp-dhcom-som-overlay-rev100.dtbo"; - }; - }; - - fdt-dto-imx8mp-dhcom-pdk3-overlay-rev100 { - description = "imx8mp-dhcom-pdk3-overlay-rev100"; - type = "flat_dt"; - compression = "none"; - - blob-ext { - filename = "imx8mp-dhcom-pdk3-overlay-rev100.dtbo"; - }; - }; +&binman_imx_fit { + images { + fdt-dto-imx8mp-dhcom-som-overlay-eth1xfast { + description = "imx8mp-dhcom-som-overlay-eth1xfast"; + type = "flat_dt"; + compression = "none"; + + blob-ext { + filename = "imx8mp-dhcom-som-overlay-eth1xfast.dtbo"; }; + }; + + fdt-dto-imx8mp-dhcom-som-overlay-eth2xfast { + description = "imx8mp-dhcom-som-overlay-eth2xfast"; + type = "flat_dt"; + compression = "none"; + + blob-ext { + filename = "imx8mp-dhcom-som-overlay-eth2xfast.dtbo"; + }; + }; + + fdt-dto-imx8mp-dhcom-pdk-overlay-eth2xfast { + description = "imx8mp-dhcom-pdk-overlay-eth2xfast"; + type = "flat_dt"; + compression = "none"; + + blob-ext { + filename = "imx8mp-dhcom-pdk-overlay-eth2xfast.dtbo"; + }; + }; - configurations { - default = "@config-DEFAULT-SEQ"; - - @config-SEQ { - fdt = "fdt-1", - "fdt-dto-imx8mp-dhcom-som-overlay-eth1xfast", - "fdt-dto-imx8mp-dhcom-som-overlay-eth2xfast", - "fdt-dto-imx8mp-dhcom-pdk-overlay-eth2xfast", - "fdt-dto-imx8mp-dhcom-som-overlay-rev100", - "fdt-dto-imx8mp-dhcom-pdk3-overlay-rev100"; - }; + fdt-dto-imx8mp-dhcom-som-overlay-rev100 { + description = "imx8mp-dhcom-som-overlay-rev100"; + type = "flat_dt"; + compression = "none"; + + blob-ext { + filename = "imx8mp-dhcom-som-overlay-rev100.dtbo"; + }; + }; + + fdt-dto-imx8mp-dhcom-pdk3-overlay-rev100 { + description = "imx8mp-dhcom-pdk3-overlay-rev100"; + type = "flat_dt"; + compression = "none"; + + blob-ext { + filename = "imx8mp-dhcom-pdk3-overlay-rev100.dtbo"; }; }; }; + + configurations { + default = "@config-DEFAULT-SEQ"; + + @config-SEQ { + fdt = "fdt-1", + "fdt-dto-imx8mp-dhcom-som-overlay-eth1xfast", + "fdt-dto-imx8mp-dhcom-som-overlay-eth2xfast", + "fdt-dto-imx8mp-dhcom-pdk-overlay-eth2xfast", + "fdt-dto-imx8mp-dhcom-som-overlay-rev100", + "fdt-dto-imx8mp-dhcom-pdk3-overlay-rev100"; + }; + }; }; diff --git a/arch/arm/dts/imx8mp-rsb3720-a1-u-boot.dtsi b/arch/arm/dts/imx8mp-rsb3720-a1-u-boot.dtsi index aff5dcf..21eff6d 100644 --- a/arch/arm/dts/imx8mp-rsb3720-a1-u-boot.dtsi +++ b/arch/arm/dts/imx8mp-rsb3720-a1-u-boot.dtsi @@ -135,21 +135,17 @@ assigned-clock-parents = <&clk IMX8MP_SYS_PLL1_400M>; }; -&binman { - section { - fit { - images { - fip { - description = "Trusted Firmware FIP"; - type = "firmware"; - arch = "arm64"; - compression = "none"; - load = <0x40310000>; - - fip_blob: blob-ext{ - filename = "fip.bin"; - }; - }; +&binman_imx_fit { + images { + fip { + description = "Trusted Firmware FIP"; + type = "firmware"; + arch = "arm64"; + compression = "none"; + load = <0x40310000>; + + fip_blob: blob-ext{ + filename = "fip.bin"; }; }; }; diff --git a/arch/arm/dts/imx8mp-u-boot.dtsi b/arch/arm/dts/imx8mp-u-boot.dtsi index c4c1a17..f2655a4 100644 --- a/arch/arm/dts/imx8mp-u-boot.dtsi +++ b/arch/arm/dts/imx8mp-u-boot.dtsi @@ -86,110 +86,130 @@ section { pad-byte = <0x00>; - nxp-imx8mimage { - filename = "u-boot-spl-mkimage.bin"; - nxp,boot-from = "sd"; - nxp,rom-version = <2>; +#ifdef CONFIG_IMX_HAB + nxp-imx8mcst@0 { + filename = "u-boot-spl-mkimage.signed.bin"; nxp,loader-address = <CONFIG_SPL_TEXT_BASE>; + nxp,unlock; args; /* Needed by mkimage etype superclass */ +#endif - section { - filename = "u-boot-spl-ddr.bin"; - pad-byte = <0xff>; - align-size = <4>; - align = <4>; - - u-boot-spl { - align-end = <4>; - }; + binman_imx_spl: nxp-imx8mimage { + filename = "u-boot-spl-mkimage.bin"; + nxp,boot-from = "sd"; + nxp,rom-version = <2>; + nxp,loader-address = <CONFIG_SPL_TEXT_BASE>; + args; /* Needed by mkimage etype superclass */ + + section { + filename = "u-boot-spl-ddr.bin"; + pad-byte = <0xff>; + align-size = <4>; + align = <4>; + + u-boot-spl { + align-end = <4>; + }; - ddr-1d-imem-fw { - filename = "lpddr4_pmu_train_1d_imem_202006.bin"; - type = "blob-ext"; - align-end = <4>; - }; + ddr-1d-imem-fw { + filename = "lpddr4_pmu_train_1d_imem_202006.bin"; + type = "blob-ext"; + align-end = <4>; + }; - ddr-1d-dmem-fw { - filename = "lpddr4_pmu_train_1d_dmem_202006.bin"; - type = "blob-ext"; - align-end = <4>; - }; + ddr-1d-dmem-fw { + filename = "lpddr4_pmu_train_1d_dmem_202006.bin"; + type = "blob-ext"; + align-end = <4>; + }; - ddr-2d-imem-fw { - filename = "lpddr4_pmu_train_2d_imem_202006.bin"; - type = "blob-ext"; - align-end = <4>; - }; + ddr-2d-imem-fw { + filename = "lpddr4_pmu_train_2d_imem_202006.bin"; + type = "blob-ext"; + align-end = <4>; + }; - ddr-2d-dmem-fw { - filename = "lpddr4_pmu_train_2d_dmem_202006.bin"; - type = "blob-ext"; - align-end = <4>; + ddr-2d-dmem-fw { + filename = "lpddr4_pmu_train_2d_dmem_202006.bin"; + type = "blob-ext"; + align-end = <4>; + }; }; }; +#ifdef CONFIG_IMX_HAB }; - fit { - description = "Configuration to load ATF before U-Boot"; -#ifndef CONFIG_IMX_HAB - fit,external-offset = <CONFIG_FIT_EXTERNAL_OFFSET>; -#endif - fit,fdt-list = "of-list"; - #address-cells = <1>; + nxp-imx8mcst@1 { + filename = "u-boot-fit.signed.bin"; + nxp,loader-address = <CONFIG_SPL_LOAD_FIT_ADDRESS>; offset = <0x58000>; + args; /* Needed by mkimage etype superclass */ +#endif - images { - uboot { - description = "U-Boot (64-bit)"; - type = "standalone"; - arch = "arm64"; - compression = "none"; - load = <CONFIG_TEXT_BASE>; - - uboot_blob: blob-ext { - filename = "u-boot-nodtb.bin"; + binman_imx_fit: fit { + description = "Configuration to load ATF before U-Boot"; +#ifndef CONFIG_IMX_HAB + fit,external-offset = <CONFIG_FIT_EXTERNAL_OFFSET>; +#endif + fit,fdt-list = "of-list"; + #address-cells = <1>; + offset = <0x58000>; + + images { + uboot { + description = "U-Boot (64-bit)"; + type = "standalone"; + arch = "arm64"; + compression = "none"; + load = <CONFIG_TEXT_BASE>; + + uboot_blob: blob-ext { + filename = "u-boot-nodtb.bin"; + }; }; - }; #ifndef CONFIG_ARMV8_PSCI - atf { - description = "ARM Trusted Firmware"; - type = "firmware"; - arch = "arm64"; - compression = "none"; - load = <0x970000>; - entry = <0x970000>; - - atf_blob: atf-blob { - filename = "bl31.bin"; - type = "atf-bl31"; + atf { + description = "ARM Trusted Firmware"; + type = "firmware"; + arch = "arm64"; + compression = "none"; + load = <0x970000>; + entry = <0x970000>; + + atf_blob: atf-blob { + filename = "bl31.bin"; + type = "atf-bl31"; + }; }; - }; #endif - @fdt-SEQ { - description = "NAME"; - type = "flat_dt"; - compression = "none"; + @fdt-SEQ { + description = "NAME"; + type = "flat_dt"; + compression = "none"; - blob-ext { - filename = "u-boot.dtb"; + blob-ext { + filename = "u-boot.dtb"; + }; }; }; - }; - configurations { - default = "@config-DEFAULT-SEQ"; + configurations { + default = "@config-DEFAULT-SEQ"; - @config-SEQ { - description = "NAME"; - fdt = "fdt-SEQ"; - firmware = "uboot"; + @config-SEQ { + description = "NAME"; + fdt = "fdt-SEQ"; + firmware = "uboot"; #ifndef CONFIG_ARMV8_PSCI - loadables = "atf"; + loadables = "atf"; #endif + }; }; }; +#ifdef CONFIG_IMX_HAB }; +#endif }; }; diff --git a/arch/arm/dts/imx8mq-librem5-r4-u-boot.dtsi b/arch/arm/dts/imx8mq-librem5-r4-u-boot.dtsi index 1a4568d..98da015 100644 --- a/arch/arm/dts/imx8mq-librem5-r4-u-boot.dtsi +++ b/arch/arm/dts/imx8mq-librem5-r4-u-boot.dtsi @@ -10,14 +10,10 @@ bootph-pre-ram; }; -&binman { +&binman_imx_spl { section { - nxp-imx8mimage { - section { - signed-hdmi-imx8m { - filename = "signed_dp_imx8m.bin"; - }; - }; + signed-hdmi-imx8m { + filename = "signed_dp_imx8m.bin"; }; }; }; diff --git a/arch/arm/dts/imx8mq-u-boot.dtsi b/arch/arm/dts/imx8mq-u-boot.dtsi index 48dbe94..e1cd6f8 100644 --- a/arch/arm/dts/imx8mq-u-boot.dtsi +++ b/arch/arm/dts/imx8mq-u-boot.dtsi @@ -38,116 +38,136 @@ section { pad-byte = <0x00>; - nxp-imx8mimage { - filename = "u-boot-spl-mkimage.bin"; - nxp,boot-from = "sd"; - nxp,rom-version = <1>; +#ifdef CONFIG_IMX_HAB + nxp-imx8mcst@0 { + filename = "u-boot-spl-mkimage.signed.bin"; nxp,loader-address = <CONFIG_SPL_TEXT_BASE>; + nxp,unlock; args; /* Needed by mkimage etype superclass */ +#endif - section { - align = <4>; - align-size = <4>; - filename = "u-boot-spl-ddr.bin"; - pad-byte = <0xff>; - - u-boot-spl { - align-end = <4>; - filename = "u-boot-spl.bin"; - }; + binman_imx_spl: nxp-imx8mimage { + filename = "u-boot-spl-mkimage.bin"; + nxp,boot-from = "sd"; + nxp,rom-version = <1>; + nxp,loader-address = <CONFIG_SPL_TEXT_BASE>; + args; /* Needed by mkimage etype superclass */ + + section { + align = <4>; + align-size = <4>; + filename = "u-boot-spl-ddr.bin"; + pad-byte = <0xff>; + + u-boot-spl { + align-end = <4>; + filename = "u-boot-spl.bin"; + }; - ddr-1d-imem-fw { - filename = "lpddr4_pmu_train_1d_imem.bin"; - align-end = <4>; - type = "blob-ext"; - }; + ddr-1d-imem-fw { + filename = "lpddr4_pmu_train_1d_imem.bin"; + align-end = <4>; + type = "blob-ext"; + }; - ddr-1d-dmem-fw { - filename = "lpddr4_pmu_train_1d_dmem.bin"; - align-end = <4>; - type = "blob-ext"; - }; + ddr-1d-dmem-fw { + filename = "lpddr4_pmu_train_1d_dmem.bin"; + align-end = <4>; + type = "blob-ext"; + }; - ddr-2d-imem-fw { - filename = "lpddr4_pmu_train_2d_imem.bin"; - align-end = <4>; - type = "blob-ext"; - }; + ddr-2d-imem-fw { + filename = "lpddr4_pmu_train_2d_imem.bin"; + align-end = <4>; + type = "blob-ext"; + }; - ddr-2d-dmem-fw { - filename = "lpddr4_pmu_train_2d_dmem.bin"; - align-end = <4>; - type = "blob-ext"; - }; + ddr-2d-dmem-fw { + filename = "lpddr4_pmu_train_2d_dmem.bin"; + align-end = <4>; + type = "blob-ext"; + }; - signed-hdmi-imx8m { - filename = "signed_hdmi_imx8m.bin"; - type = "blob-ext"; + signed-hdmi-imx8m { + filename = "signed_hdmi_imx8m.bin"; + type = "blob-ext"; + }; }; }; +#ifdef CONFIG_IMX_HAB }; - fit { - description = "Configuration to load ATF before U-Boot"; + nxp-imx8mcst@1 { + filename = "u-boot-fit.signed.bin"; + nxp,loader-address = <CONFIG_SPL_LOAD_FIT_ADDRESS>; + offset = <0x58000>; + args; /* Needed by mkimage etype superclass */ +#endif + + binman_imx_fit: fit { + description = "Configuration to load ATF before U-Boot"; #ifndef CONFIG_IMX_HAB - fit,external-offset = <CONFIG_FIT_EXTERNAL_OFFSET>; + fit,external-offset = <CONFIG_FIT_EXTERNAL_OFFSET>; #endif - #address-cells = <1>; - - images { - uboot { - arch = "arm64"; - compression = "none"; - description = "U-Boot (64-bit)"; - load = <CONFIG_TEXT_BASE>; - type = "standalone"; - - uboot-blob { - filename = "u-boot-nodtb.bin"; - type = "blob-ext"; + #address-cells = <1>; + + images { + uboot { + arch = "arm64"; + compression = "none"; + description = "U-Boot (64-bit)"; + load = <CONFIG_TEXT_BASE>; + type = "standalone"; + + uboot-blob { + filename = "u-boot-nodtb.bin"; + type = "blob-ext"; + }; }; - }; #ifndef CONFIG_ARMV8_PSCI - atf { - arch = "arm64"; - compression = "none"; - description = "ARM Trusted Firmware"; - entry = <0x910000>; - load = <0x910000>; - type = "firmware"; - - atf-blob { - filename = "bl31.bin"; - type = "blob-ext"; + atf { + arch = "arm64"; + compression = "none"; + description = "ARM Trusted Firmware"; + entry = <0x910000>; + load = <0x910000>; + type = "firmware"; + + atf-blob { + filename = "bl31.bin"; + type = "blob-ext"; + }; }; - }; #endif - fdt { - compression = "none"; - description = "NAME"; - type = "flat_dt"; + fdt { + compression = "none"; + description = "NAME"; + type = "flat_dt"; - uboot-fdt-blob { - filename = "u-boot.dtb"; - type = "blob-ext"; + uboot-fdt-blob { + filename = "u-boot.dtb"; + type = "blob-ext"; + }; }; }; - }; - configurations { - default = "conf"; + configurations { + default = "conf"; - conf { - description = "NAME"; - fdt = "fdt"; - firmware = "uboot"; + conf { + description = "NAME"; + fdt = "fdt"; + firmware = "uboot"; #ifndef CONFIG_ARMV8_PSCI - loadables = "atf"; + loadables = "atf"; #endif + }; }; }; +#ifdef CONFIG_IMX_HAB }; +#endif }; }; diff --git a/configs/imx8mm-mx8menlo_defconfig b/configs/imx8mm-mx8menlo_defconfig index e9b18ac..68b24ce 100644 --- a/configs/imx8mm-mx8menlo_defconfig +++ b/configs/imx8mm-mx8menlo_defconfig @@ -25,15 +25,19 @@ CONFIG_SPL_BSS_MAX_SIZE=0x2000 CONFIG_SPL=y CONFIG_SYS_BOOTCOUNT_SINGLEWORD=y CONFIG_ENV_OFFSET_REDUND=0xFFFFDE00 +CONFIG_IMX_BOOTAUX=y CONFIG_SYS_LOAD_ADDR=0x40480000 CONFIG_SYS_MEMTEST_START=0x40000000 CONFIG_SYS_MEMTEST_END=0x80000000 CONFIG_FIT=y CONFIG_FIT_EXTERNAL_OFFSET=0x3000 +CONFIG_FIT_VERBOSE=y CONFIG_SPL_LOAD_FIT=y CONFIG_DISTRO_DEFAULTS=y +CONFIG_BOOTDELAY=1 CONFIG_OF_SYSTEM_SETUP=y CONFIG_BOOTCOMMAND="mmc partconf 0 distro_bootpart && load ${devtype} ${devnum}:${distro_bootpart} ${loadaddr} boot/fitImage && source ${loadaddr}:bootscr-boot.cmd ; reset" +CONFIG_USE_PREBOOT=y CONFIG_DEFAULT_FDT_FILE="imx8mm-mx8menlo.dtb" CONFIG_SYS_CBSIZE=2048 CONFIG_SYS_PBSIZE=2081 @@ -57,19 +61,26 @@ CONFIG_SYS_PROMPT="Verdin iMX8MM # " # CONFIG_BOOTM_NETBSD is not set CONFIG_CMD_ASKENV=y # CONFIG_CMD_EXPORTENV is not set -# CONFIG_CMD_CRC32 is not set +CONFIG_CRC32_VERIFY=y +CONFIG_CMD_MD5SUM=y +CONFIG_MD5SUM_VERIFY=y CONFIG_CMD_MEMTEST=y CONFIG_CMD_CLK=y CONFIG_CMD_FUSE=y CONFIG_CMD_GPIO=y CONFIG_CMD_I2C=y CONFIG_CMD_MMC=y +CONFIG_CMD_READ=y CONFIG_CMD_USB=y CONFIG_CMD_USB_SDP=y CONFIG_CMD_USB_MASS_STORAGE=y +CONFIG_CMD_CAT=y +CONFIG_CMD_XXD=y CONFIG_CMD_BOOTCOUNT=y CONFIG_CMD_CACHE=y +CONFIG_CMD_TIME=y CONFIG_CMD_UUID=y +CONFIG_CMD_PMIC=y CONFIG_CMD_REGULATOR=y CONFIG_CMD_BTRFS=y CONFIG_CMD_EXT4_WRITE=y @@ -84,8 +95,9 @@ CONFIG_SYS_RELOC_GD_ENV_ADDR=y CONFIG_SYS_MMC_ENV_PART=1 CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG=y CONFIG_USE_ETHPRIME=y -CONFIG_ETHPRIME="FEC" +CONFIG_ETHPRIME="eth0" CONFIG_VERSION_VARIABLE=y +CONFIG_NET_RANDOM_ETHADDR=y CONFIG_IP_DEFRAG=y CONFIG_TFTP_BLOCKSIZE=4096 CONFIG_SPL_DM=y @@ -96,16 +108,26 @@ CONFIG_CLK_COMPOSITE_CCF=y CONFIG_SPL_CLK_IMX8MM=y CONFIG_CLK_IMX8MM=y CONFIG_GPIO_HOG=y +CONFIG_SPL_GPIO_HOG=y CONFIG_MXC_GPIO=y CONFIG_DM_I2C=y CONFIG_MISC=y CONFIG_I2C_EEPROM=y CONFIG_SUPPORT_EMMC_BOOT=y +CONFIG_MMC_IO_VOLTAGE=y +CONFIG_SPL_MMC_IO_VOLTAGE=y +CONFIG_MMC_UHS_SUPPORT=y +CONFIG_SPL_MMC_UHS_SUPPORT=y +CONFIG_MMC_HS400_ES_SUPPORT=y +CONFIG_MMC_HS400_SUPPORT=y +CONFIG_SPL_MMC_HS400_SUPPORT=y CONFIG_FSL_USDHC=y CONFIG_PHYLIB=y CONFIG_PHY_ADDR_ENABLE=y CONFIG_PHY_MICREL=y CONFIG_PHY_MICREL_KSZ90X1=y +CONFIG_PHY_FIXED=y +CONFIG_DM_MDIO=y CONFIG_FEC_MXC=y CONFIG_MII=y CONFIG_SPL_PHY=y @@ -128,6 +150,7 @@ CONFIG_SPL_SYSRESET=y CONFIG_SYSRESET_PSCI=y CONFIG_SYSRESET_WATCHDOG=y CONFIG_DM_THERMAL=y +CONFIG_IMX_TMU=y CONFIG_USB=y CONFIG_SPL_USB_HOST=y CONFIG_USB_EHCI_HCD=y @@ -143,3 +166,4 @@ CONFIG_SDP_LOADADDR=0x40400000 CONFIG_USB_GADGET_DOWNLOAD=y CONFIG_SPL_USB_SDP_SUPPORT=y CONFIG_IMX_WATCHDOG=y +CONFIG_HEXDUMP=y diff --git a/configs/m53menlo_defconfig b/configs/m53menlo_defconfig index 0ebda79..db3a5b9 100644 --- a/configs/m53menlo_defconfig +++ b/configs/m53menlo_defconfig @@ -22,6 +22,7 @@ CONFIG_SPL=y CONFIG_SYS_BOOTCOUNT_SINGLEWORD=y CONFIG_ENV_OFFSET_REDUND=0x180000 CONFIG_SYS_LOAD_ADDR=0x70800000 +CONFIG_CMD_BMODE=y CONFIG_FIT=y CONFIG_BOOTDELAY=1 CONFIG_OF_BOARD_SETUP=y @@ -71,7 +72,7 @@ CONFIG_ENV_RANGE=0x80000 CONFIG_SYS_REDUNDAND_ENVIRONMENT=y CONFIG_SYS_RELOC_GD_ENV_ADDR=y CONFIG_USE_BOOTFILE=y -CONFIG_BOOTFILE="boot/fitImage" +CONFIG_BOOTFILE="fitImage" CONFIG_USE_ETHPRIME=y CONFIG_ETHPRIME="FEC0" CONFIG_USE_HOSTNAME=y diff --git a/doc/imx/habv4/csf_examples/mx8m/csf.sh b/doc/imx/habv4/csf_examples/mx8m/csf.sh deleted file mode 100644 index cd3b261..0000000 --- a/doc/imx/habv4/csf_examples/mx8m/csf.sh +++ /dev/null @@ -1,92 +0,0 @@ -#!/bin/sh - -# 0) Generate keys -# -# WARNING: ECDSA keys are only supported by HAB 4.5 and newer (i.e. i.MX8M Plus) -# -# cd /path/to/cst-3.3.1/keys/ -# ./hab4_pki_tree.sh -existing-ca n -use-ecc n -kl 4096 -duration 10 -num-srk 4 -srk-ca y -# cd /path/to/cst-3.3.1/crts/ -# ../linux64/bin/srktool -h 4 -t SRK_1_2_3_4_table.bin -e SRK_1_2_3_4_fuse.bin -d sha256 -c ./SRK1_sha256_4096_65537_v3_ca_crt.pem,./SRK2_sha256_4096_65537_v3_ca_crt.pem,./SRK3_sha256_4096_65537_v3_ca_crt.pem,./SRK4_sha256_4096_65537_v3_ca_crt.pem -f 1 - -# 1) Build U-Boot (e.g. for i.MX8MM) -# -# cp -Lv /path/to/arm-trusted-firmware/build/imx8mm/release/bl31.bin . -# cp -Lv /path/to/firmware-imx-8.14/firmware/ddr/synopsys/ddr3* . -# make -j imx8mm_board_defconfig -# make -j`nproc` flash.bin - -# 2) Sign SPL and DRAM blobs - -cp doc/imx/habv4/csf_examples/mx8m/csf_spl.txt csf_spl.tmp -cp doc/imx/habv4/csf_examples/mx8m/csf_fit.txt csf_fit.tmp - -# update File Paths from env vars -if ! [ -r $CSF_KEY ]; then - echo "Error: \$CSF_KEY not found" - exit 1 -fi -if ! [ -r $IMG_KEY ]; then - echo "Error: \$IMG_KEY not found" - exit 1 -fi -if ! [ -r $SRK_TABLE ]; then - echo "Error: \$SRK_TABLE not found" - exit 1 -fi -sed -i "s:\$CSF_KEY:$CSF_KEY:" csf_spl.tmp -sed -i "s:\$IMG_KEY:$IMG_KEY:" csf_spl.tmp -sed -i "s:\$SRK_TABLE:$SRK_TABLE:" csf_spl.tmp -sed -i "s:\$CSF_KEY:$CSF_KEY:" csf_fit.tmp -sed -i "s:\$IMG_KEY:$IMG_KEY:" csf_fit.tmp -sed -i "s:\$SRK_TABLE:$SRK_TABLE:" csf_fit.tmp - -# update SPL Blocks -spl_block_base=$(printf "0x%x" $(( $(sed -n "/CONFIG_SPL_TEXT_BASE=/ s@.*=@@p" .config) - 0x40)) ) -spl_block_size=$(printf "0x%x" $(stat -tc %s u-boot-spl-ddr.bin)) -sed -i "/Blocks = / s@.*@ Blocks = $spl_block_base 0x0 $spl_block_size \"flash.bin\"@" csf_spl.tmp - -# Generate CSF blob -cst -i csf_spl.tmp -o csf_spl.bin - -# Patch CSF blob into flash.bin -spl_csf_offset=$(xxd -s 24 -l 4 -e flash.bin | cut -d " " -f 2 | sed "s@^@0x@") -spl_bin_offset=$(xxd -s 4 -l 4 -e flash.bin | cut -d " " -f 2 | sed "s@^@0x@") -spl_dd_offset=$((${spl_csf_offset} - ${spl_bin_offset} + 0x40)) -dd if=csf_spl.bin of=flash.bin bs=1 seek=${spl_dd_offset} conv=notrunc - -# 3) Sign u-boot.itb - -# fitImage -fit_block_base=$(printf "0x%x" $(sed -n "/CONFIG_SPL_LOAD_FIT_ADDRESS=/ s@.*=@@p" .config) ) -fit_block_offset=$(printf "0x%s" $(fdtget -t x u-boot.dtb /binman/imx-boot/uboot offset)) -fit_block_size=$(printf "0x%x" $(( ( ( $(stat -tc %s u-boot.itb) + 0x1000 - 0x1 ) & ~(0x1000 - 0x1)) + 0x20 )) ) -sed -i "/Blocks = / s@.*@ Blocks = $fit_block_base $fit_block_offset $fit_block_size \"flash.bin\"@" csf_fit.tmp - -# IVT -ivt_ptr_base=$(printf "%08x" ${fit_block_base} | sed "s@\(..\)\(..\)\(..\)\(..\)@0x\4\3\2\1@") -ivt_block_base=$(printf "%08x" $(( ${fit_block_base} + ${fit_block_size} - 0x20 )) | sed "s@\(..\)\(..\)\(..\)\(..\)@0x\4\3\2\1@") -csf_block_base=$(printf "%08x" $(( ${fit_block_base} + ${fit_block_size} )) | sed "s@\(..\)\(..\)\(..\)\(..\)@0x\4\3\2\1@") -ivt_block_offset=$((${fit_block_offset} + ${fit_block_size} - 0x20)) -csf_block_offset=$((${ivt_block_offset} + 0x20)) - -echo "0xd1002041 ${ivt_block_base} 0x00000000 0x00000000 0x00000000 ${ivt_block_base} ${csf_block_base} 0x00000000" | xxd -r -p > ivt.bin -dd if=ivt.bin of=flash.bin bs=1 seek=${ivt_block_offset} conv=notrunc - -# Generate CSF blob -cst -i csf_fit.tmp -o csf_fit.bin - -# When loading flash.bin via USB, we must ensure that the file being -# served is as large as the target expects (see -# board_spl_fit_size_align()), otherwise the target will hang in -# rom_api_download_image() waiting for the remaining bytes. -# -# Note that in order for dd to actually extend the file, one must not -# pass conv=notrunc here. With a non-zero seek= argument, dd is -# documented to preserve the contents of the file seeked past; in -# particular, dd does not open the file with O_TRUNC. -CSF_SIZE=$(sed -n "/CONFIG_CSF_SIZE=/ s@.*=@@p" .config) -dd if=/dev/null of=csf_fit.bin bs=1 seek=$((CSF_SIZE - 0x20)) count=0 - -# Patch CSF blob into flash.bin -dd if=csf_fit.bin of=flash.bin bs=1 seek=${csf_block_offset} conv=notrunc diff --git a/doc/imx/habv4/csf_examples/mx8m/csf_fit.txt b/doc/imx/habv4/csf_examples/mx8m/csf_fit.txt deleted file mode 100644 index 97f3eea..0000000 --- a/doc/imx/habv4/csf_examples/mx8m/csf_fit.txt +++ /dev/null @@ -1,30 +0,0 @@ -[Header] - Version = 4.3 - Hash Algorithm = sha256 - Engine = CAAM - Engine Configuration = 0 - Certificate Format = X509 - Signature Format = CMS - -[Install SRK] - # SRK_TABLE is full path to SRK_1_2_3_4_table.bin - File = "$SRK_TABLE" - Source index = 0 - -[Install CSFK] - # CSF_KEY is full path to CSF1_1_sha256_4096_65537_v3_usr_crt.pem - File = "$CSF_KEY" - -[Authenticate CSF] - -[Install Key] - Verification index = 0 - Target Index = 2 - # IMG_KEY is full path to IMG1_1_sha256_4096_65537_v3_usr_crt.pem - File = "$IMG_KEY" - -[Authenticate Data] - Verification index = 2 - # FIXME: - # Line 1 -- fitImage - Blocks = CONFIG_SPL_LOAD_FIT_ADDRESS 0x57c00 0xffff "flash.bin" diff --git a/doc/imx/habv4/csf_examples/mx8m/csf_spl.txt b/doc/imx/habv4/csf_examples/mx8m/csf_spl.txt deleted file mode 100644 index 88fa420..0000000 --- a/doc/imx/habv4/csf_examples/mx8m/csf_spl.txt +++ /dev/null @@ -1,33 +0,0 @@ -[Header] - Version = 4.3 - Hash Algorithm = sha256 - Engine = CAAM - Engine Configuration = 0 - Certificate Format = X509 - Signature Format = CMS - -[Install SRK] - # SRK_TABLE is full path to SRK_1_2_3_4_table.bin - File = "$SRK_TABLE" - Source index = 0 - -[Install CSFK] - # CSF_KEY is full path to CSF1_1_sha256_4096_65537_v3_usr_crt.pem - File = "$CSF_KEY" - -[Authenticate CSF] - -[Unlock] - Engine = CAAM - Features = MID - -[Install Key] - Verification index = 0 - Target Index = 2 - # IMG_KEY is full path to IMG1_1_sha256_4096_65537_v3_usr_crt.pem - File = "$IMG_KEY" - -[Authenticate Data] - Verification index = 2 - # FIXME: Adjust start (first column) and size (third column) here - Blocks = 0x7e0fc0 0x0 0x306f0 "flash.bin" diff --git a/doc/imx/habv4/guides/mx8m_spl_secure_boot.txt b/doc/imx/habv4/guides/mx8m_spl_secure_boot.txt index e16e541..1bea091 100644 --- a/doc/imx/habv4/guides/mx8m_spl_secure_boot.txt +++ b/doc/imx/habv4/guides/mx8m_spl_secure_boot.txt @@ -121,6 +121,9 @@ build configuration: - Defconfig: CONFIG_IMX_HAB=y + CONFIG_FSL_CAAM=y + CONFIG_ARCH_MISC_INIT=y + CONFIG_SPL_CRYPTO=y - Kconfig: @@ -131,91 +134,59 @@ build configuration: The CSF contains all the commands that the HAB executes during the secure boot. These commands instruct the HAB code on which memory areas of the image -to authenticate, which keys to install, use and etc. - -CSF examples are available under doc/imx/habv4/csf_examples/ directory. - -CSF "Blocks" line for csf_spl.txt can be generated as follows: - -``` -spl_block_base=$(printf "0x%x" $(( $(sed -n "/CONFIG_SPL_TEXT_BASE=/ s@.*=@@p" .config) - 0x40)) ) -spl_block_size=$(printf "0x%x" $(stat -tc %s u-boot-spl-ddr.bin)) -sed -i "/Blocks = / s@.*@ Blocks = $spl_block_base 0x0 $spl_block_size \"flash.bin\"@" csf_spl.txt -``` - -The resulting line looks as follows: -``` - Blocks = 0x7e0fc0 0x0 0x306f0 "flash.bin" -``` - -The columns mean: - - CONFIG_SPL_TEXT_BASE - 0x40 -- Start address of signed data, in DRAM - - 0x0 -- Start address of signed data, in "flash.bin" - - 0x306f0 -- Length of signed data, in "flash.bin" - - Filename -- "flash.bin" - -To generate signature for the SPL part of flash.bin container, use CST: -``` -cst -i csf_spl.tmp -o csf_spl.bin -``` - -The newly generated CST blob has to be patched into existing flash.bin -container. Conveniently, flash.bin IVT contains physical address of the -CSF blob. Remember, the SPL part of flash.bin container is loaded by the -BootROM at CONFIG_SPL_TEXT_BASE - 0x40 , so the offset of CSF blob in -the fitImage can be calculated and inserted into the flash.bin in the -correct location as follows: -``` -# offset = IVT_HEADER[6 = CSF address] - CONFIG_SPL_TEXT_BASE - 0x40 -spl_csf_offset=$(xxd -s 24 -l 4 -e flash.bin | cut -d " " -f 2 | sed "s@^@0x@") -spl_bin_offset=$(xxd -s 4 -l 4 -e flash.bin | cut -d " " -f 2 | sed "s@^@0x@") -spl_dd_offset=$((${spl_csf_offset} - ${spl_bin_offset} + 0x40)) -dd if=csf_spl.bin of=flash.bin bs=1 seek=${spl_dd_offset} conv=notrunc -``` - -CSF "Blocks" line for csf_fit.txt can be generated as follows: -``` -# fitImage -fit_block_base=$(printf "0x%x" $(sed -n "/CONFIG_SPL_LOAD_FIT_ADDRESS=/ s@.*=@@p" .config) ) -fit_block_offset=$(printf "0x%s" $(fdtget -t x u-boot.dtb /binman/imx-boot/uboot offset)) -fit_block_size=$(printf "0x%x" $(( ( ( $(stat -tc %s u-boot.itb) + 0x1000 - 0x1 ) & ~(0x1000 - 0x1)) + 0x20 )) ) -sed -i "/Blocks = / s@.*@ Blocks = $fit_block_base $fit_block_offset $fit_block_size \"flash.bin\"@" csf_fit.tmp -``` - -The fitImage part of flash.bin requires separate IVT. Generate the IVT and -patch it into the correct aligned location of flash.bin as follows: -``` -# IVT -ivt_ptr_base=$(printf "%08x" ${fit_block_base} | sed "s@\(..\)\(..\)\(..\)\(..\)@0x\4\3\2\1@") -ivt_block_base=$(printf "%08x" $(( ${fit_block_base} + ${fit_block_size} - 0x20 )) | sed "s@\(..\)\(..\)\(..\)\(..\)@0x\4\3\2\1@") -csf_block_base=$(printf "%08x" $(( ${fit_block_base} + ${fit_block_size} )) | sed "s@\(..\)\(..\)\(..\)\(..\)@0x\4\3\2\1@") -ivt_block_offset=$((${fit_block_offset} + ${fit_block_size} - 0x20)) -csf_block_offset=$((${ivt_block_offset} + 0x20)) - -echo "0xd1002041 ${ivt_block_base} 0x00000000 0x00000000 0x00000000 ${ivt_block_base} ${csf_block_base} 0x00000000" | xxd -r -p > ivt.bin -dd if=ivt.bin of=flash.bin bs=1 seek=${ivt_block_offset} conv=notrunc -``` - -To generate CSF signature for the fitImage part of flash.bin container, use CST: -``` -cst -i csf_fit.tmp -o csf_fit.bin -``` - -Finally, patch the CSF signature into the fitImage right past the IVT: -``` -dd if=csf_fit.bin of=flash.bin bs=1 seek=${csf_block_offset} conv=notrunc -``` - -The entire script is available in doc/imx/habv4/csf_examples/mx8m/csf.sh -and can be used as follows to modify flash.bin to be signed -(adjust paths as needed): +to authenticate, which keys to install, use and etc. The CSF is generated +using the CST Code Signing Tool based on input configuration file. This tool +input configuration file is generated using binman, and the tool is invoked +from binman as well. + +The SPL and fitImage sections of the generated image are signed separately. +The signing is activated by wrapping SPL and fitImage sections into nxp-imx8mcst +etype, which is done automatically in arch/arm/dts/imx8m{m,n,p,q}-u-boot.dtsi +in case CONFIG_IMX_HAB Kconfig symbol is enabled. + +Per default the HAB keys and certificates need to be located in the build +directory, this means creating a symbolic link or copying the following files +from the HAB keys directory flat (e.g. removing the `keys` and `cert` +subdirectory) into the u-boot build directory for the CST Code Signing Tool to +locate them: + +- `crts/SRK_1_2_3_4_table.bin` +- `crts/CSF1_1_sha256_4096_65537_v3_usr_crt.pem` +- `keys/CSF1_1_sha256_4096_65537_v3_usr_key.pem` +- `crts/IMG1_1_sha256_4096_65537_v3_usr_crt.pem` +- `keys/IMG1_1_sha256_4096_65537_v3_usr_key.pem` +- `keys/key_pass.txt` + +The paths to the SRK table and the certificates can be modified via changes to +the nxp_imx8mcst device tree node(s), however the other files are required by +the CST tools as well, and will be searched for in relation to them. + +Build of flash.bin target then produces a signed flash.bin automatically. + +The nxp-imx8mcst etype is configurable using either DT properties or environment +variables. The following DT properties and environment variables are supported. +Note that environment variables override DT properties. + ++--------------------+-----------+------------------------------------------------------------------+ +| DT property | Variable | Description | ++====================+===========+==================================================================+ +| nxp,loader-address | | SPL base address | ++--------------------+-----------+------------------------------------------------------------------+ +| nxp,srk-table | SRK_TABLE | full path to SRK_1_2_3_4_table.bin | ++--------------------+-----------+------------------------------------------------------------------+ +| nxp,csf-crt | CSF_KEY | full path to the CSF Key CSF1_1_sha256_4096_65537_v3_usr_crt.pem | ++--------------------+-----------+------------------------------------------------------------------+ +| nxp,img-crt | IMG_KEY | full path to the IMG Key IMG1_1_sha256_4096_65537_v3_usr_crt.pem | ++--------------------+-----------+------------------------------------------------------------------+ + +Environment variables can be set as follows to point the build process +to external key material: ``` export CST_DIR=/usr/src/cst-3.3.1/ export CSF_KEY=$CST_DIR/crts/CSF1_1_sha256_4096_65537_v3_usr_crt.pem export IMG_KEY=$CST_DIR/crts/IMG1_1_sha256_4096_65537_v3_usr_crt.pem export SRK_TABLE=$CST_DIR/crts/SRK_1_2_3_4_table.bin -export PATH=$CST_DIR/linux64/bin:$PATH -/bin/sh doc/imx/habv4/csf_examples/mx8m/csf.sh +make flash.bin ``` 1.4 Closing the device diff --git a/include/configs/imx8mm-mx8menlo.h b/include/configs/imx8mm-mx8menlo.h index a86bd76..5cc60af 100644 --- a/include/configs/imx8mm-mx8menlo.h +++ b/include/configs/imx8mm-mx8menlo.h @@ -8,6 +8,9 @@ #include <configs/verdin-imx8mm.h> +/* PHY needs a longer autoneg timeout */ +#define PHY_ANEG_TIMEOUT 20000 + /* Custom initial environment variables */ #undef CFG_EXTRA_ENV_SETTINGS #define CFG_EXTRA_ENV_SETTINGS \ diff --git a/include/configs/m53menlo.h b/include/configs/m53menlo.h index 1ecbba1..9cf46b2 100644 --- a/include/configs/m53menlo.h +++ b/include/configs/m53menlo.h @@ -119,7 +119,7 @@ "addargs=run addcons addmisc addmtd\0" \ "mmcload=" \ "mmc rescan || reset ; load mmc ${mmcdev}:${mmcpart} " \ - "${kernel_addr_r} ${bootfile} || reset\0" \ + "${kernel_addr_r} boot/${bootfile} || reset\0" \ "miscargs=nohlt panic=1\0" \ "mmcargs=setenv bootargs root=/dev/mmcblk0p${mmcpart} rw " \ "rootwait\0" \ diff --git a/tools/binman/btool/cst.py b/tools/binman/btool/cst.py new file mode 100644 index 0000000..30e78bd --- /dev/null +++ b/tools/binman/btool/cst.py @@ -0,0 +1,48 @@ +# SPDX-License-Identifier: GPL-2.0+ +# Copyright 2024 Marek Vasut <marex@denx.de> +# +"""Bintool implementation for cst""" + +import re + +from binman import bintool + +class Bintoolcst(bintool.Bintool): + """Image generation for U-Boot + + This bintool supports running `cst` with some basic parameters as + needed by binman. + """ + def __init__(self, name): + super().__init__(name, 'Sign NXP i.MX image') + + # pylint: disable=R0913 + def run(self, output_fname=None): + """Run cst + + Args: + output_fname: Output filename to write to + """ + args = [] + if output_fname: + args += ['-o', output_fname] + return self.run_cmd(*args) + + def fetch(self, method): + """Fetch handler for cst + + This installs cst using the apt utility. + + Args: + method (FETCH_...): Method to use + + Returns: + True if the file was fetched and now installed, None if a method + other than FETCH_BIN was requested + + Raises: + Valuerror: Fetching could not be completed + """ + if method != bintool.FETCH_BIN: + return None + return self.apt_install('imx-code-signing-tool') diff --git a/tools/binman/etype/nxp_imx8mcst.py b/tools/binman/etype/nxp_imx8mcst.py new file mode 100644 index 0000000..8221517 --- /dev/null +++ b/tools/binman/etype/nxp_imx8mcst.py @@ -0,0 +1,164 @@ +# SPDX-License-Identifier: GPL-2.0+ +# Copyright 2023-2024 Marek Vasut <marex@denx.de> +# Written with much help from Simon Glass <sjg@chromium.org> +# +# Entry-type module for generating the i.MX8M code signing tool +# input configuration file and invocation of cst on generated +# input configuration file and input data to be signed. +# + +import configparser +import os +import struct + +from collections import OrderedDict + +from binman.entry import Entry +from binman.etype.mkimage import Entry_mkimage +from binman.etype.section import Entry_section +from binman import elf +from dtoc import fdt_util +from u_boot_pylib import tools + +MAGIC_NXP_IMX_IVT = 0x412000d1 +MAGIC_FITIMAGE = 0xedfe0dd0 + +csf_config_template = """ +[Header] + Version = 4.3 + Hash Algorithm = sha256 + Engine = CAAM + Engine Configuration = 0 + Certificate Format = X509 + Signature Format = CMS + +[Install SRK] + File = "SRK_1_2_3_4_table.bin" + Source index = 0 + +[Install CSFK] + File = "CSF1_1_sha256_4096_65537_v3_usr_crt.pem" + +[Authenticate CSF] + +[Unlock] + Engine = CAAM + Features = MID + +[Install Key] + Verification index = 0 + Target Index = 2 + File = "IMG1_1_sha256_4096_65537_v3_usr_crt.pem" + +[Authenticate Data] + Verification index = 2 + Blocks = 0x1234 0x78 0xabcd "data.bin" +""" + +class Entry_nxp_imx8mcst(Entry_mkimage): + """NXP i.MX8M CST .cfg file generator and cst invoker + + Properties / Entry arguments: + - nxp,loader-address - loader address (SPL text base) + """ + + def __init__(self, section, etype, node): + super().__init__(section, etype, node) + self.required_props = ['nxp,loader-address'] + + def ReadNode(self): + super().ReadNode() + self.loader_address = fdt_util.GetInt(self._node, 'nxp,loader-address') + self.srk_table = os.getenv('SRK_TABLE', fdt_util.GetString(self._node, 'nxp,srk-table', 'SRK_1_2_3_4_table.bin')) + self.csf_crt = os.getenv('CSF_KEY', fdt_util.GetString(self._node, 'nxp,csf-crt', 'CSF1_1_sha256_4096_65537_v3_usr_crt.pem')) + self.img_crt = os.getenv('IMG_KEY', fdt_util.GetString(self._node, 'nxp,img-crt', 'IMG1_1_sha256_4096_65537_v3_usr_crt.pem')) + self.unlock = fdt_util.GetBool(self._node, 'nxp,unlock') + self.ReadEntries() + + def BuildSectionData(self, required): + data, input_fname, uniq = self.collect_contents_to_file( + self._entries.values(), 'input') + + # Parse the input data and figure out what it is that is being signed. + # - If it is mkimage'd imx8mimage, then extract to be signed data size + # from imx8mimage header, and calculate CSF blob offset right past + # the SPL from this information. + # - If it is fitImage, then pad the image to 4k, add generated IVT and + # sign the whole payload, then append CSF blob at the end right past + # the IVT. + signtype = struct.unpack('<I', data[:4])[0] + signbase = self.loader_address + signsize = 0 + if signtype == MAGIC_NXP_IMX_IVT: # SPL/imx8mimage + # Sign the payload including imx8mimage header + # (extra 0x40 bytes before the payload) + signbase -= 0x40 + signsize = struct.unpack('<I', data[24:28])[0] - signbase + # Remove mkimage generated padding from the end of data + data = data[:signsize] + elif signtype == MAGIC_FITIMAGE: # fitImage + # Align fitImage to 4k + signsize = tools.align(len(data), 0x1000) + data += tools.get_bytes(0, signsize - len(data)) + # Add generated IVT + data += struct.pack('<I', MAGIC_NXP_IMX_IVT) + data += struct.pack('<I', signbase + signsize) # IVT base + data += struct.pack('<I', 0) + data += struct.pack('<I', 0) + data += struct.pack('<I', 0) + data += struct.pack('<I', signbase + signsize) # IVT base + data += struct.pack('<I', signbase + signsize + 0x20) # CSF base + data += struct.pack('<I', 0) + else: + # Unknown section type, pass input data through. + return data + + # Write out customized data to be signed + output_dname = tools.get_output_filename(f'nxp.cst-input-data.{uniq}') + tools.write_file(output_dname, data) + + # Generate CST configuration file used to sign payload + cfg_fname = tools.get_output_filename('nxp.csf-config-txt.%s' % uniq) + config = configparser.ConfigParser() + # Do not make key names lowercase + config.optionxform = str + # Load configuration template and modify keys of interest + config.read_string(csf_config_template) + config['Install SRK']['File'] = '"' + self.srk_table + '"' + config['Install CSFK']['File'] = '"' + self.csf_crt + '"' + config['Install Key']['File'] = '"' + self.img_crt + '"' + config['Authenticate Data']['Blocks'] = hex(signbase) + ' 0 ' + hex(len(data)) + ' "' + str(output_dname) + '"' + if not self.unlock: + config.remove_section('Unlock') + with open(cfg_fname, 'w') as cfgf: + config.write(cfgf) + + output_fname = tools.get_output_filename(f'nxp.csf-output-blob.{uniq}') + args = ['-i', cfg_fname, '-o', output_fname] + if self.cst.run_cmd(*args) is not None: + outdata = tools.read_file(output_fname) + return data + outdata + else: + # Bintool is missing; just use the input data as the output + self.record_missing_bintool(self.cst) + return data + + def SetImagePos(self, image_pos): + # Customized SoC specific SetImagePos which skips the mkimage etype + # implementation and removes the 0x48 offset introduced there. That + # offset is only used for uImage/fitImage, which is not the case in + # here. + upto = 0x00 + for entry in super().GetEntries().values(): + entry.SetOffsetSize(upto, None) + + # Give up if any entries lack a size + if entry.size is None: + return + upto += entry.size + + Entry_section.SetImagePos(self, image_pos) + + def AddBintools(self, btools): + super().AddBintools(btools) + self.cst = self.AddBintool(btools, 'cst') |