| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Manorit Chawdhry <m-chawdhry@ti.com> says:
K3 devices have firewalls that are used to prevent illegal accesses to
memory regions that are deemed secure. The series prevents the illegal
accesses to ATF and OP-TEE regions that are present in different K3
devices.
AM62X, AM62AX and AM64X are currently in hold due to some firewall
configurations that our System Controller (TIFS) needs to handle.
The devices that are not configured with the firewalling nodes will not
be affected and can continue to work fine until the firewall nodes are
added so will be a non-blocking merge.
Test Logs: https://gist.github.com/manorit2001/4cead2fb3a19eb5d19005b3f54682627
CICD Run: https://github.com/u-boot/u-boot/pull/442
|
|
This commit adds a general flow to explain the usage of firewalls and
the chain of trust in K3 devices.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
|
|
The previous documentation had been very crude so refactor it to make it
cleaner and concise.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
|
|
The following commits adds the configuration of firewalls required to
protect ATF and OP-TEE memory region from non-secure reads and
writes using master and slave firewalls present in our K3 SOCs.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Tested-by: Thomas Richard <thomas.richard@bootlin.com>
|
|
The following commits adds the configuration of firewalls required to
protect ATF and OP-TEE memory region from non-secure reads and
writes using master and slave firewalls present in our K3 SOCs.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
|
|
The following commits adds the configuration of firewalls required to
protect ATF and OP-TEE memory region from non-secure reads and
writes using master and slave firewalls present in our K3 SOCs.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
|
|
For readability during configuring firewalls, adding k3-security.h file
and including it in k3-binman.dtsi to be accessible across K3 SoCs
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Reviewed-by: Andrew Davis <afd@ti.com>
|
|
Add test for TI firewalling node in ti-secure.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
|
|
We can now firewall entities while loading them through our secure
entity TIFS, the required information should be present in the
certificate that is being parsed by TIFS.
The following commit adds the support to enable the certificates to be
generated if the firewall configurations are present in the binman dtsi
nodes.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
|
|
Fix the error message to not use dst and use self as it is copying the
properties to self.
While using templating if there are no subnodes defined, we end up in
this situation where "dst" isn't defined and it tries to print the error
message and fails.
'UnboundLocalError: local variable 'dst' referenced before assignment'
Fixes: 55e1278d5eca ("dtoc: Allow inserting a list of nodes into another")
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Rsync all defconfig files using moveconfig.py
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
Prepare v2024.01-rc6
|
|
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
Rsync all defconfig files using moveconfig.py
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
Sync with kernel v6.7-rc1 and sync up the u-boot dts files accordingly.
Signed-off-by: Nishanth Menon <nm@ti.com>
|
|
main_timer0 is used by u-boot as the tick-timer. Add it to the soc
devices list so it an be enabled via the k3 power controller.
Signed-off-by: Nishanth Menon <nm@ti.com>
Reviewed-by: Neha Malcom Francis <n-francis@ti.com>
|
|
Bryan Brattlof <bb@ti.com> says:
Hello Again Everyone!
This series gets the am65x booting again along with syncing the device
tree files with v6.7-rc1 Linux.
The bulk of these patches unify the WKUP SPL board file with the arm64
files to make future syncs from Linux much easier. In the end the DTBs
should look a lot like what the DTBs look like for the am64x which
is fairly similar to the am65x.
For those interested in what UART boot looks like:
https://paste.sr.ht/~bryanb/7df8a645dc548912cd806abd5ecab967ef3287bc
|
|
Many nodes are reused between WKUP SPL, MAIN SPL, and U-Boot. Using
bootph-pre-ram is causing these nodes to be present in SPL builds but
pruned away during the U-Boot build. Convert these nodes to bootph-all
so they will remain no matter which dtb build is happening.
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
|
|
With the Linux and U-Boot board dtb files unified, we now have a
duplicate mcu secure proxy node. Remove it
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
|
|
The dummy_clock node is used to help the drivers probe the IO needed to
setup consoles and boot media to load firmware into the SoC.
This dummy_clock isn't a device that exists nor does it exist in the
mcu domain. So move it from cbass_mcu to the root node to avoid any
confusion.
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
|
|
These aliases are not needed in U-Boot. Remove them
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
|
|
With the Linux and U-Boot board dtb files unified, we have duplicate
properties in the root node. Remove them
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
|
|
With the Linux and U-Boot board dtb files unified, we now have a
duplicate vtt_pinmux node. Remove it
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
|
|
With the Linux and U-Boot board dtb files unified, we now have a
duplicate mdio node. Remove it
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
|
|
The pinmux for usb0 is missing from the Linux board dtb file. Remove it
until we can introduce it in Linux
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
|
|
With the Linux and U-Boot board dtb files unified, we now have a
duplicate ospi0 node. Remove it
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
|
|
With the Linux and U-Boot board dtb files unified, we now have a
duplicate wkup_i2c0 node. Remove it
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
|
|
With the Linux and U-Boot board dtb files unified, we now have a
duplicate sdhci1 pinmux node. Remove it
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
|
|
With the Linux and U-Boot board dtb files unified, we now have
a duplicate sdhci0 pinmux node. Remove it
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
|
|
With the Linux and U-Boot board dtb files unified, we now have a
duplicate main_uart0 node. Remove it
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
|
|
With the Linux and U-Boot board dtb files unified we now have a
duplicate mcu_uart0 node. Remove it
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
|
|
Ethernet is one of a few IPs in U-Boot that depend on DMA to operate.
However there are a few missing registers ranges in the udmap nodes
need to properly setup DMA for the am65x.
A fix has been added to the Linux kernel[0] to add these ranges however
they have not made it to a Linux tag. To keep DMA operational until the
next DT sync from Linux, add these ranges to the *-u-boot.dtsi with a
note for our future selves.
[0] https://lore.kernel.org/r/20231213135138.929517-2-vigneshr@ti.com
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
|
|
With the Linux and U-Boot board dtb files unified, we now have a
duplicate mcu_udmap node. Remove it
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
|
|
With the Linux and U-Boot board dtb files unified, we now have a
duplicate mcu_ringacc node. Remove it
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
|
|
timer1 is really just the mcu_timer0 node redefined for the WKUP SPL.
Remove the timer1 and replace it with the mcu_timer0 from the Linux
device tree we imported into U-Boot.
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
|
|
With the Linux and U-Boot board files unified, we now have a duplicate
wkup_uart0 node. Remove it
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
|
|
With the Linux and U-Boot board dtb files unified we now have a
duplicate vtt_supply node. Remove it
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
|
|
To make things as organized as possible, start from the Linux board dtbs
and apply all properties needed for U-Boot in our *-u-boot.dtsi file for
the MAIN SPL and U-Boot builds.
We can then include these files for the WKUP SPL build making further
edits to the needed properties and nodes for the WKUP SPL bootloader's
view of the am65x.
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
|
|
In order to unify the R5 board dtb file with the Linux board dtb file,
we will need to copy all bootph-pre-ram properties to the *-u-boot.dtsi
overlay.
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
|
|
Pull in dtb updates for the am654 base board from v6.7-rc1 of Linux
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
|
|
The R5 board file for U-Boot should be the same as the board file copied
from Linux with a few alterations to work with the R5's view of the SoC.
First we need to unify the R5 board file and it's U-Boot overlay before
we can unify the Linux board file with this one.
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
|
|
We do not have a need to share a single console with the evaluation
board and disabling this option reduces the complexity of configuring
the consoles. Disable CONSOLE_MUX
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
|
|
Some of the regulators we need to successfully boot are fixed
regulators. Enable the driver to properly probe them.
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
|
|
https://source.denx.de/u-boot/custodians/u-boot-dm into next
support propagating supernode properties with bootph schema
align bloblist with v0.9 of Firmware Handoff spec
|
|
Align the documentation with the v0.9 spec.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Allow the alignment to be specified when creating a bloblist.
Signed-off-by: Simon Glass <sjg@chromium.org>
Co-developed-by: Raymond Mao <raymond.mao@linaro.org>
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
The v0.9 spec provides for a 24-byte header. Update the implementation
to match this.
Rename the fields of the bloblist header to align to the spec.
Adds an alignment field into the bloblist header.
Update the related bloblist APIs and UT testcases.
Signed-off-by: Simon Glass <sjg@chromium.org>
Co-developed-by: Raymond Mao <raymond.mao@linaro.org>
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
The v0.9 spec provides for an 8-byte header for each blob, with fewer
fields.
The blob data start address should be aligned to the alignment specified
by the bloblist header.
Update the implementation to match this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Co-developed-by: Raymond Mao <raymond.mao@linaro.org>
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
|
|
Rather than setting the alignment using the header size, add an entirely
new entry to cover the gap left by the alignment.
Signed-off-by: Simon Glass <sjg@chromium.org>
Co-developed-by: Raymond Mao <raymond.mao@linaro.org>
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Use a sinple 8-bit checksum for bloblist, as specified by the spec
version 0.9.
Spec v0.9 specifies that the entire bloblist area is checksummed,
including unused portions. Update the code to follow this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Co-developed-by: Raymond Mao <raymond.mao@linaro.org>
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
