Commit 51645701 authored by Tom Rini's avatar Tom Rini

Merge branch 'master' of git://www.denx.de/git/u-boot-imx

parents 99b02b4d 7c4f0ff8
......@@ -31,7 +31,7 @@
# Top-level generic files
#
/MLO*
/SPL
/SPL*
/System.map
/u-boot*
/boards.cfg
......
......@@ -763,7 +763,11 @@ ALL-$(CONFIG_RAMBOOT_PBL) += u-boot.pbl
endif
endif
ALL-$(CONFIG_SPL) += spl/u-boot-spl.bin
ifeq ($(CONFIG_MX6)$(CONFIG_SECURE_BOOT), yy)
ALL-$(CONFIG_SPL_FRAMEWORK) += u-boot-ivt.img
else
ALL-$(CONFIG_SPL_FRAMEWORK) += u-boot.img
endif
ALL-$(CONFIG_TPL) += tpl/u-boot-tpl.bin
ALL-$(CONFIG_OF_SEPARATE) += u-boot.dtb
ifeq ($(CONFIG_SPL_FRAMEWORK),y)
......@@ -809,9 +813,11 @@ cmd_zobjcopy = $(OBJCOPY) $(OBJCOPYFLAGS) $(OBJCOPYFLAGS_$(@F)) $< $@
quiet_cmd_efipayload = OBJCOPY $@
cmd_efipayload = $(OBJCOPY) -I binary -O $(EFIPAYLOAD_BFDTARGET) -B $(EFIPAYLOAD_BFDARCH) $< $@
MKIMAGEOUTPUT ?= /dev/null
quiet_cmd_mkimage = MKIMAGE $@
cmd_mkimage = $(objtree)/tools/mkimage $(MKIMAGEFLAGS_$(@F)) -d $< $@ \
$(if $(KBUILD_VERBOSE:1=), >/dev/null)
$(if $(KBUILD_VERBOSE:1=), >$(MKIMAGEOUTPUT))
quiet_cmd_cat = CAT $@
cmd_cat = cat $(filter-out $(PHONY), $^) > $@
......@@ -938,6 +944,11 @@ else
MKIMAGEFLAGS_u-boot.img = -A $(ARCH) -T firmware -C none -O u-boot \
-a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
-n "U-Boot $(UBOOTRELEASE) for $(BOARD) board"
MKIMAGEFLAGS_u-boot-ivt.img = -A $(ARCH) -T firmware_ivt -C none -O u-boot \
-a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
-n "U-Boot $(UBOOTRELEASE) for $(BOARD) board"
u-boot-ivt.img: MKIMAGEOUTPUT = u-boot-ivt.img.log
CLEAN_FILES += u-boot-ivt.img.log u-boot-dtb.imx.log SPL.log u-boot.imx.log
endif
MKIMAGEFLAGS_u-boot-dtb.img = $(MKIMAGEFLAGS_u-boot.img)
......@@ -951,7 +962,7 @@ MKIMAGEFLAGS_u-boot-spl.kwb = -n $(srctree)/$(CONFIG_SYS_KWD_CONFIG:"%"=%) \
MKIMAGEFLAGS_u-boot.pbl = -n $(srctree)/$(CONFIG_SYS_FSL_PBL_RCW:"%"=%) \
-R $(srctree)/$(CONFIG_SYS_FSL_PBL_PBI:"%"=%) -T pblimage
u-boot-dtb.img u-boot.img u-boot.kwb u-boot.pbl: \
u-boot-dtb.img u-boot.img u-boot.kwb u-boot.pbl u-boot-ivt.img: \
$(if $(CONFIG_SPL_LOAD_FIT),u-boot-nodtb.bin dts/dt.dtb,u-boot.bin) FORCE
$(call if_changed,mkimage)
......
......@@ -95,7 +95,7 @@ libs-y += arch/arm/cpu/
libs-y += arch/arm/lib/
ifeq ($(CONFIG_SPL_BUILD),y)
ifneq (,$(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_MX35)$(filter $(SOC), mx25 mx27 mx5 mx6 mx7 mx31 mx35))
ifneq (,$(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_MX35)$(filter $(SOC), mx25 mx5 mx6 mx7 mx35))
libs-y += arch/arm/imx-common/
endif
else
......
......@@ -34,9 +34,11 @@ endif
ifeq ($(SOC),$(filter $(SOC),vf610))
obj-y += ddrmc-vf610.o
endif
ifneq ($(CONFIG_SPL_BUILD),y)
obj-$(CONFIG_CMD_BMODE) += cmd_bmode.o
obj-$(CONFIG_CMD_HDMIDETECT) += cmd_hdmidet.o
obj-$(CONFIG_CMD_DEKBLOB) += cmd_dek.o
endif
PLUGIN = board/$(BOARDDIR)/plugin
......@@ -66,6 +68,7 @@ $(IMX_CONFIG): %.cfgtmp: % FORCE
MKIMAGEFLAGS_u-boot.imx = -n $(filter-out $(PLUGIN).bin $< $(PHONY),$^) -T imximage \
-e $(CONFIG_SYS_TEXT_BASE)
u-boot.imx: MKIMAGEOUTPUT = u-boot.imx.log
u-boot.imx: u-boot.bin $(IMX_CONFIG) $(PLUGIN).bin FORCE
$(call if_changed,mkimage)
......@@ -73,6 +76,7 @@ u-boot.imx: u-boot.bin $(IMX_CONFIG) $(PLUGIN).bin FORCE
ifeq ($(CONFIG_OF_SEPARATE),y)
MKIMAGEFLAGS_u-boot-dtb.imx = -n $(filter-out $(PLUGIN).bin $< $(PHONY),$^) -T imximage \
-e $(CONFIG_SYS_TEXT_BASE)
u-boot-dtb.imx: MKIMAGEOUTPUT = u-boot-dtb.imx.log
u-boot-dtb.imx: u-boot-dtb.bin $(IMX_CONFIG) $(PLUGIN).bin FORCE
$(call if_changed,mkimage)
......@@ -81,6 +85,8 @@ endif
MKIMAGEFLAGS_SPL = -n $(filter-out $(PLUGIN).bin $< $(PHONY),$^) -T imximage \
-e $(CONFIG_SPL_TEXT_BASE)
SPL: MKIMAGEOUTPUT = SPL.log
SPL: spl/u-boot-spl.bin $(IMX_CONFIG) $(PLUGIN).bin FORCE
$(call if_changed,mkimage)
......
......@@ -110,6 +110,10 @@
* +------------+ + CSF_PAD_SIZE
*/
static bool is_hab_enabled(void);
#if !defined(CONFIG_SPL_BUILD)
#define MAX_RECORD_BYTES (8*1024) /* 4 kbytes */
struct record {
......@@ -257,22 +261,6 @@ uint8_t hab_engines[16] = {
-1
};
bool is_hab_enabled(void)
{
struct imx_sec_config_fuse_t *fuse =
(struct imx_sec_config_fuse_t *)&imx_sec_config_fuse;
uint32_t reg;
int ret;
ret = fuse_read(fuse->bank, fuse->word, &reg);
if (ret) {
puts("\nSecure boot fuse read error\n");
return ret;
}
return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT;
}
static inline uint8_t get_idx(uint8_t *list, uint8_t tgt)
{
uint8_t idx = 0;
......@@ -359,6 +347,68 @@ int get_hab_status(void)
return 0;
}
int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
{
if ((argc != 1)) {
cmd_usage(cmdtp);
return 1;
}
get_hab_status();
return 0;
}
static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[])
{
ulong addr, ivt_offset;
int rcode = 0;
if (argc < 3)
return CMD_RET_USAGE;
addr = simple_strtoul(argv[1], NULL, 16);
ivt_offset = simple_strtoul(argv[2], NULL, 16);
rcode = authenticate_image(addr, ivt_offset);
return rcode;
}
U_BOOT_CMD(
hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status,
"display HAB status",
""
);
U_BOOT_CMD(
hab_auth_img, 3, 0, do_authenticate_image,
"authenticate image via HAB",
"addr ivt_offset\n"
"addr - image hex address\n"
"ivt_offset - hex offset of IVT in the image"
);
#endif /* !defined(CONFIG_SPL_BUILD) */
static bool is_hab_enabled(void)
{
struct imx_sec_config_fuse_t *fuse =
(struct imx_sec_config_fuse_t *)&imx_sec_config_fuse;
uint32_t reg;
int ret;
ret = fuse_read(fuse->bank, fuse->word, &reg);
if (ret) {
puts("\nSecure boot fuse read error\n");
return ret;
}
return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT;
}
uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size)
{
uint32_t load_addr = 0;
......@@ -400,7 +450,9 @@ uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size)
(void *)(ddr_start + ivt_offset+IVT_SIZE),
4, 0x10, 0);
#if !defined(CONFIG_SPL_BUILD)
get_hab_status();
#endif
puts("\nCalling authenticate_image in ROM\n");
printf("\tivt_offset = 0x%x\n", ivt_offset);
......@@ -449,7 +501,9 @@ uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size)
hab_caam_clock_enable(0);
#if !defined(CONFIG_SPL_BUILD)
get_hab_status();
#endif
} else {
puts("hab fuse not enabled\n");
}
......@@ -459,46 +513,3 @@ uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size)
return result;
}
int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
{
if ((argc != 1)) {
cmd_usage(cmdtp);
return 1;
}
get_hab_status();
return 0;
}
static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[])
{
ulong addr, ivt_offset;
int rcode = 0;
if (argc < 3)
return CMD_RET_USAGE;
addr = simple_strtoul(argv[1], NULL, 16);
ivt_offset = simple_strtoul(argv[2], NULL, 16);
rcode = authenticate_image(addr, ivt_offset);
return rcode;
}
U_BOOT_CMD(
hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status,
"display HAB status",
""
);
U_BOOT_CMD(
hab_auth_img, 3, 0, do_authenticate_image,
"authenticate image via HAB",
"addr ivt_offset\n"
"addr - image hex address\n"
"ivt_offset - hex offset of IVT in the image"
);
......@@ -12,6 +12,7 @@
#include <asm/arch/imx-regs.h>
#include <asm/spl.h>
#include <spl.h>
#include <asm/imx-common/hab.h>
#if defined(CONFIG_MX6)
/* determine boot device from SRC_SBMR1 (BOOT_CFG[4:1]) or SRC_GPR9 register */
......@@ -90,3 +91,27 @@ u32 spl_boot_mode(const u32 boot_device)
}
}
#endif
#if defined(CONFIG_SECURE_BOOT)
__weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image)
{
typedef void __noreturn (*image_entry_noargs_t)(void);
image_entry_noargs_t image_entry =
(image_entry_noargs_t)(unsigned long)spl_image->entry_point;
debug("image entry point: 0x%X\n", spl_image->entry_point);
/* HAB looks for the CSF at the end of the authenticated data therefore,
* we need to subtract the size of the CSF from the actual filesize */
if (authenticate_image(spl_image->load_addr,
spl_image->size - CONFIG_CSF_SIZE)) {
image_entry();
} else {
puts("spl: ERROR: image authentication unsuccessful\n");
hang();
}
}
#endif
......@@ -4,5 +4,15 @@
* SPDX-License-Identifier: GPL-2.0+
*/
#define __ASSEMBLY__
#include <config.h>
IMAGE_VERSION 2
BOOT_FROM sd
/*
* Secure boot support
*/
#ifdef CONFIG_SECURE_BOOT
CSF CONFIG_CSF_SIZE
#endif
\ No newline at end of file
......@@ -145,4 +145,6 @@ typedef void hapi_clock_init_t(void);
/* ----------- end of HAB API updates ------------*/
uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size);
#endif
......@@ -4,3 +4,4 @@ S: Maintained
F: board/engicam/geam6ul
F: include/configs/imx6ul_geam.h
F: configs/imx6ul_geam_mmc_defconfig
F: configs/imx6ul_geam_nand_defconfig
......@@ -231,6 +231,33 @@ static void eimnor_cs_setup(void)
set_chipselect_size(CS0_128);
}
static void eim_clk_setup(void)
{
struct mxc_ccm_reg *imx_ccm = (struct mxc_ccm_reg *)CCM_BASE_ADDR;
int cscmr1, ccgr6;
/* Turn off EIM clock */
ccgr6 = readl(&imx_ccm->CCGR6);
ccgr6 &= ~(0x3 << 10);
writel(ccgr6, &imx_ccm->CCGR6);
/*
* Configure clk_eim_slow_sel = 00 --> derive clock from AXI clk root
* and aclk_eim_slow_podf = 01 --> divide by 2
* so that we can have EIM at the maximum clock of 132MHz
*/
cscmr1 = readl(&imx_ccm->cscmr1);
cscmr1 &= ~(MXC_CCM_CSCMR1_ACLK_EMI_SLOW_MASK |
MXC_CCM_CSCMR1_ACLK_EMI_SLOW_PODF_MASK);
cscmr1 |= (1 << MXC_CCM_CSCMR1_ACLK_EMI_SLOW_PODF_OFFSET);
writel(cscmr1, &imx_ccm->cscmr1);
/* Turn on EIM clock */
ccgr6 |= (0x3 << 10);
writel(ccgr6, &imx_ccm->CCGR6);
}
static void setup_iomux_eimnor(void)
{
imx_iomux_v3_setup_multiple_pads(eimnor_pads, ARRAY_SIZE(eimnor_pads));
......@@ -519,6 +546,7 @@ int board_early_init_f(void)
#ifdef CONFIG_NAND_MXS
setup_gpmi_nand();
#endif
eim_clk_setup();
return 0;
}
......
......@@ -349,9 +349,9 @@ int board_init(void)
/* Active high for ncp692 */
gpio_direction_output(IMX_GPIO_NR(4, 16) , 1);
#ifdef CONFIG_SYS_I2C_MXC
#ifdef CONFIG_SYS_I2C_MXC
setup_i2c(0, CONFIG_SYS_I2C_SPEED, 0x7f, &i2c_pad_info1);
#endif
#endif
return 0;
}
......@@ -389,9 +389,8 @@ int board_early_init_f(void)
return 0;
}
static struct fsl_esdhc_cfg usdhc_cfg[2] = {
static struct fsl_esdhc_cfg usdhc_cfg[1] = {
{USDHC2_BASE_ADDR, 0, 4},
{USDHC3_BASE_ADDR, 0, 4},
};
#define USDHC2_PWR_GPIO IMX_GPIO_NR(6, 1)
......
......@@ -19,6 +19,7 @@
#include <mmc.h>
#include <asm/arch/crm_regs.h>
#include <usb.h>
#include <netdev.h>
#include <power/pmic.h>
#include <power/pfuze3000_pmic.h>
#include "../freescale/common/pfuze.h"
......@@ -138,6 +139,19 @@ int power_init_board(void)
}
#endif
int board_eth_init(bd_t *bis)
{
int ret = 0;
#ifdef CONFIG_USB_ETHER
ret = usb_eth_initialize(bis);
if (ret < 0)
printf("Error %d registering USB ether.\n", ret);
#endif
return ret;
}
int board_init(void)
{
/* address of boot parameters */
......
......@@ -166,6 +166,7 @@ static const table_entry_t uimage_type[] = {
{ IH_TYPE_ZYNQMPIMAGE, "zynqmpimage", "Xilinx ZynqMP Boot Image" },
{ IH_TYPE_FPGA, "fpga", "FPGA Image" },
{ IH_TYPE_TEE, "tee", "Trusted Execution Environment Image",},
{ IH_TYPE_FIRMWARE_IVT, "firmware_ivt", "Firmware with HABv4 IVT" },
{ -1, "", "", },
};
......@@ -365,6 +366,11 @@ void image_print_contents(const void *ptr)
printf("%s Offset = 0x%08lx\n", p, data);
}
}
} else if (image_check_type(hdr, IH_TYPE_FIRMWARE_IVT)) {
printf("HAB Blocks: 0x%08x 0x0000 0x%08x\n",
image_get_load(hdr) - image_get_header_size(),
image_get_size(hdr) + image_get_header_size()
- 0x1FE0);
}
}
......
......@@ -16,7 +16,9 @@ CONFIG_DEFAULT_FDT_FILE="imx6dl-icore.dtb"
CONFIG_SPL=y
CONFIG_HUSH_PARSER=y
CONFIG_SYS_PROMPT="icorem6qdl> "
CONFIG_CMD_BOOTZ=y
CONFIG_FIT=y
CONFIG_FIT_VERBOSE=y
CONFIG_FIT_SIGNATURE=y
# CONFIG_CMD_IMLS is not set
CONFIG_CMD_MEMTEST=y
CONFIG_CMD_MMC=y
......
......@@ -15,15 +15,23 @@ CONFIG_SPL=y
CONFIG_SPL_DMA_SUPPORT=y
CONFIG_HUSH_PARSER=y
CONFIG_SYS_PROMPT="icorem6qdl> "
CONFIG_CMD_BOOTZ=y
CONFIG_FIT=y
CONFIG_FIT_VERBOSE=y
CONFIG_FIT_SIGNATURE=y
# CONFIG_CMD_IMLS is not set
CONFIG_CMD_MEMTEST=y
CONFIG_CMD_MMC=y
CONFIG_CMD_NAND=y
CONFIG_CMD_UBI=y
CONFIG_CMD_I2C=y
CONFIG_CMD_GPIO=y
CONFIG_CMD_MII=y
CONFIG_CMD_PING=y
CONFIG_CMD_CACHE=y
CONFIG_CMD_EXT4=y
CONFIG_CMD_EXT4_WRITE=y
CONFIG_CMD_FAT=y
CONFIG_CMD_FS_GENERIC=y
# CONFIG_BLK is not set
CONFIG_SYS_I2C_MXC=y
# CONFIG_DM_MMC_OPS is not set
......
......@@ -14,8 +14,10 @@ CONFIG_BOOTDELAY=3
CONFIG_DEFAULT_FDT_FILE="imx6dl-icore-rqs.dtb"
CONFIG_SPL=y
CONFIG_HUSH_PARSER=y
CONFIG_FIT=y
CONFIG_FIT_VERBOSE=y
CONFIG_FIT_SIGNATURE=y
CONFIG_SYS_PROMPT="icorem6qdl-rqs> "
CONFIG_CMD_BOOTZ=y
# CONFIG_CMD_IMLS is not set
CONFIG_CMD_MEMTEST=y
CONFIG_CMD_MMC=y
......
......@@ -15,8 +15,10 @@ CONFIG_BOOTDELAY=3
CONFIG_DEFAULT_FDT_FILE="imx6q-icore.dtb"
CONFIG_SPL=y
CONFIG_HUSH_PARSER=y
CONFIG_FIT=y
CONFIG_FIT_VERBOSE=y
CONFIG_FIT_SIGNATURE=y
CONFIG_SYS_PROMPT="icorem6qdl> "
CONFIG_CMD_BOOTZ=y
# CONFIG_CMD_IMLS is not set
CONFIG_CMD_MEMTEST=y
CONFIG_CMD_MMC=y
......
......@@ -14,16 +14,24 @@ CONFIG_DEFAULT_FDT_FILE="imx6q-icore.dtb"
CONFIG_SPL=y
CONFIG_SPL_DMA_SUPPORT=y
CONFIG_HUSH_PARSER=y
CONFIG_FIT=y
CONFIG_FIT_VERBOSE=y
CONFIG_FIT_SIGNATURE=y
CONFIG_SYS_PROMPT="icorem6qdl> "
CONFIG_CMD_BOOTZ=y
# CONFIG_CMD_IMLS is not set
CONFIG_CMD_MEMTEST=y
CONFIG_CMD_MMC=y
CONFIG_CMD_NAND=y
CONFIG_CMD_UBI=y
CONFIG_CMD_I2C=y
CONFIG_CMD_GPIO=y
CONFIG_CMD_MII=y
CONFIG_CMD_PING=y
CONFIG_CMD_CACHE=y
CONFIG_CMD_EXT4=y
CONFIG_CMD_EXT4_WRITE=y
CONFIG_CMD_FAT=y
CONFIG_CMD_FS_GENERIC=y
# CONFIG_BLK is not set
CONFIG_SYS_I2C_MXC=y
# CONFIG_DM_MMC_OPS is not set
......
......@@ -14,8 +14,10 @@ CONFIG_BOOTDELAY=3
CONFIG_DEFAULT_FDT_FILE="imx6q-icore-rqs.dtb"
CONFIG_SPL=y
CONFIG_HUSH_PARSER=y
CONFIG_FIT=y
CONFIG_FIT_VERBOSE=y
CONFIG_FIT_SIGNATURE=y
CONFIG_SYS_PROMPT="icorem6qdl-rqs> "
CONFIG_CMD_BOOTZ=y
# CONFIG_CMD_IMLS is not set
CONFIG_CMD_MEMTEST=y
CONFIG_CMD_MMC=y
......
......@@ -14,8 +14,10 @@ CONFIG_BOOTDELAY=3
CONFIG_DEFAULT_FDT_FILE="imx6ul-geam-kit.dtb"
CONFIG_SPL=y
CONFIG_HUSH_PARSER=y
CONFIG_FIT=y
CONFIG_FIT_VERBOSE=y
CONFIG_FIT_SIGNATURE=y
CONFIG_SYS_PROMPT="geam6ul> "
CONFIG_CMD_BOOTZ=y
# CONFIG_CMD_IMLS is not set
CONFIG_CMD_MEMTEST=y
CONFIG_CMD_MMC=y
......
......@@ -13,20 +13,30 @@ CONFIG_DEFAULT_FDT_FILE="imx6ul-geam-kit.dtb"
CONFIG_SPL=y
CONFIG_SPL_DMA_SUPPORT=y
CONFIG_HUSH_PARSER=y
CONFIG_FIT=y
CONFIG_FIT_VERBOSE=y
CONFIG_FIT_SIGNATURE=y
CONFIG_SYS_PROMPT="geam6ul> "
CONFIG_CMD_BOOTZ=y
# CONFIG_CMD_IMLS is not set
CONFIG_CMD_MEMTEST=y
CONFIG_CMD_MMC=y
CONFIG_CMD_NAND=y
CONFIG_CMD_UBI=y
CONFIG_CMD_GPIO=y
CONFIG_CMD_MII=y
CONFIG_CMD_PING=y
CONFIG_CMD_CACHE=y
CONFIG_CMD_I2C=y
CONFIG_CMD_EXT4=y
CONFIG_CMD_EXT4_WRITE=y
CONFIG_CMD_FAT=y
CONFIG_CMD_FS_GENERIC=y
# CONFIG_BLK is not set
# CONFIG_DM_MMC_OPS is not set
CONFIG_NAND_MXS=y
CONFIG_FEC_MXC=y
CONFIG_PINCTRL=y
CONFIG_PINCTRL_IMX6=y
CONFIG_SYS_I2C_MXC=y
CONFIG_MXC_UART=y
CONFIG_IMX_THERMAL=y
......@@ -35,3 +35,8 @@ CONFIG_G_DNL_MANUFACTURER="FSL"
CONFIG_G_DNL_VENDOR_NUM=0x0525
CONFIG_G_DNL_PRODUCT_NUM=0xa4a5
CONFIG_OF_LIBFDT=y
CONFIG_CMD_NET=y
CONFIG_NET_RANDOM_ETHADDR=y
CONFIG_CMD_DHCP=y
......@@ -138,3 +138,52 @@ c
The last "c" command tells kermit (from ckermit package in most distros)
to switch from command line mode to communication mode, and when the
script is finished, the U-Boot prompt is shown in the same shell.
3. Using Secure Boot on i.MX6 machines with SPL support
-------------------------------------------------------
This version of U-Boot is able to build a signable version of the SPL
as well as a signable version of the U-Boot image. The signature can
be verified through High Assurance Boot (HAB).
CONFIG_SECURE_BOOT is needed to build those two binaries.
After building, you need to create a command sequence file and use
Freescales Code Signing Tool to sign both binaries. After creation,
the mkimage tool outputs the required information about the HAB Blocks
parameter for the CSF. During the build, the information is preserved
in log files named as the binaries. (SPL.log and u-boot-ivt.log).
More information about the CSF and HAB can be found in the AN4581.
https://cache.freescale.com/files/32bit/doc/app_note/AN4581.pdf
We don't want to explain how to create a PKI tree or SRK table as
this is well explained in the Application Note.
Example Output of the SPL (imximage) creation:
Image Type: Freescale IMX Boot Image
Image Ver: 2 (i.MX53/6/7 compatible)
Mode: DCD
Data Size: 61440 Bytes = 60.00 kB = 0.06 MB
Load Address: 00907420
Entry Point: 00908000
HAB Blocks: 00907400 00000000 0000cc00
Example Output of the u-boot-ivt.img (firmware_ivt) creation:
Image Name: U-Boot 2016.11-rc1-31589-g2a4411
Created: Sat Nov 5 21:53:28 2016
Image Type: ARM U-Boot Firmware with HABv4 IVT (uncompressed)
Data Size: 352192 Bytes = 343.94 kB = 0.34 MB
Load Address: 17800000
Entry Point: 00000000
HAB Blocks: 0x177fffc0 0x0000 0x00054020
The CST (Code Signing Tool) can be downloaded from NXP.
# Compile CSF and create signature
./cst --o csf-u-boot.bin < command_sequence_uboot.csf
./cst --o csf-SPL.bin < command_sequence_spl.csf
# Append compiled CSF to Binary
cat SPL csf-SPL.bin > SPL-signed
cat u-boot-ivt.img csf-u-boot.bin > u-boot-signed.img
These two signed binaries can be used on an i.MX6 in closed
configuration when the according SRK Table Hash has been flashed.
\ No newline at end of file
......@@ -10,7 +10,7 @@ if DM_THERMAL
config IMX_THERMAL
bool "Temperature sensor driver for Freescale i.MX SoCs"
depends on MX6
depends on MX6 || MX7
help
Support for Temperature Monitor (TEMPMON) found on Freescale i.MX SoCs.
It supports one critical trip point and one passive trip point. The
......
......@@ -38,7 +38,8 @@
#define CONFIG_EXTRA_ENV_SETTINGS \
"script=boot.scr\0" \
"splashpos=m,m\0" \
"image=zImage\0" \
"image=uImage\0" \
"fit_image=fit.itb\0" \
"console=ttymxc3\0" \
"fdt_high=0xffffffff\0" \
"fdt_file=" CONFIG_DEFAULT_FDT_FILE "\0" \
......@@ -47,42 +48,67 @@
"mmcdev=0\0" \
"mmcpart=1\0" \
"mmcroot=/dev/mmcblk0p2 rootwait rw\0" \
"nandroot=ubi0:rootfs rootfstype=ubifs\0" \
"mmcautodetect=yes\0" \
"mmcargs=setenv bootargs console=${console},${baudrate} " \
"root=${mmcroot}\0" \
"ubiargs=setenv bootargs console=${console},${baudrate} " \
"ubi.mtd=5 root=${nandroot} ${mtdparts}\0" \
"loadbootscript=" \
"fatload mmc ${mmcdev}:${mmcpart} ${loadaddr} ${script};\0" \
"bootscript=echo Running bootscript from mmc ...; " \
"source\0" \
"loadimage=fatload mmc ${mmcdev}:${mmcpart} ${loadaddr} ${image}\0" \
"loadfdt=fatload mmc ${mmcdev}:${mmcpart} ${fdt_addr} ${fdt_file}\0" \
"loadfit=fatload mmc ${mmcdev}:${mmcpart} ${loadaddr} ${fit_image}\0" \
"fitboot=echo Booting FIT image from mmc ...; " \
"run mmcargs; " \
"bootm ${loadaddr}\0" \
"mmcboot=echo Booting from mmc ...; " \
"run mmcargs; " \
"if test ${boot_fdt} = yes || test ${boot_fdt} = try; then " \
"if run loadfdt; then " \
"bootz ${loadaddr} - ${fdt_addr}; " \
"bootm ${loadaddr} - ${fdt_addr}; " \
"else " \
"if test ${boot_fdt} = try; then " \
"bootz; " \
"bootm; " \
"else " \
"echo WARN: Cannot load the DT; " \
"fi; " \
"fi; " \
"else " \
"bootz; " \
"fi\0"
#define CONFIG_BOOTCOMMAND \
"mmc dev ${mmcdev};" \
"mmc dev ${mmcdev}; if mmc rescan; then " \
"if run loadbootscript; then " \
"run bootscript; " \
"else " \
"if run loadimage; then " \
"run mmcboot; " \
"bootm; " \
"fi\0" \
"nandboot=echo Booting from nand ...; " \
"if mtdparts; then " \
"echo Starting nand boot ...; " \
"else " \
"mtdparts default; " \
"fi; " \
"run ubiargs; " \
"nand read ${loadaddr} kernel 0x800000; " \
"nand read ${fdt_addr} dtb 0x100000; " \
"bootm ${loadaddr} - ${fdt_addr}\0"
#ifdef CONFIG_NAND_MXS
# define CONFIG_BOOTCOMMAND "run nandboot"
#else
# define CONFIG_BOOTCOMMAND \
"mmc dev ${mmcdev};" \
"if mmc rescan; then " \
"if run loadbootscript; then " \
"run bootscript; " \
"else " \
"if run loadfit; then " \
"run fitboot; " \
"else " \
"if run loadimage; then " \
"run mmcboot; " \
"fi; " \
"fi; " \
"fi; " \
"fi"
"fi; " \
"fi"
#endif