With CONFIG_OPTEE_TA_AVB use the trusted application AVB provided by
OP-TEE to manage rollback indexes and device-lock status.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tests the TEE uclass with a sandbox tee driver.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
[trini: initialize session to 0 in dm_test_tee]
Signed-off-by: Tom Rini <trini@konsulko.com>
Adds a sandbox tee driver which emulates a generic TEE with the OP-TEE
AVB TA.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: Fix printf warnings in ta_avb_invoke_func, slots is uint]
Signed-off-by: Tom Rini <trini@konsulko.com>
Adds a sandbox_tee node to enable the sandbox tee driver in all the
sandbox dts files.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Adds configuration option OPTEE_TA_AVB and a header file describing the
interface to the Android Verified Boot 2.0 (AVB) trusted application
provided by OP-TEE.
Tested-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Adds support in optee supplicant to route signed (MACed) RPMB frames
from OP-TEE Secure OS to MMC and vice versa to manipulate the RPMB
partition.
Tested-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Sync with 14e21cb8f811 ("arm64: dt: hikey: Add optee node"
from Linux kernel.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Adds a OP-TEE driver.
* Targets ARM and ARM64
* Supports using any U-Boot memory as shared memory
* Probes OP-TEE version using SMCs
* Uses OPTEE message protocol version 2 to communicate with secure world
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Sync with c8bfafb15944 ("dt/bindings: add bindings for optee")
from Linux kernel.
Introduces linaro prefix and adds bindings for ARM TrustZone based OP-TEE
implementation.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Adds a uclass to interface with a TEE (Trusted Execution Environment).
A TEE driver is a driver that interfaces with a trusted OS running in
some secure environment, for example, TrustZone on ARM cpus, or a
separate secure co-processor etc.
The TEE subsystem can serve a TEE driver for a Global Platform compliant
TEE, but it's not limited to only Global Platform TEEs.
The over all design is based on the TEE subsystem in the Linux kernel,
tailored for U-Boot.
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Adds mmc_rpmb_route_frames() to route RPMB data frames from/to an
external entity.
Tested-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Prior to this patch was do_avb_write_rb() reading supplied rb_idx as a
hexadecimal number while do_avb_read_rb() printed the read out rb_idx as
decimal number. For consistency change do_avb_read_rb() to print rb_idx
as a hexadecimal number too.
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Just as /chosen may contain devices /firmware may contain devices, scan
for devices under /firmware too.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
The patch:
"spl: Weed out CONFIG_SYS_TEXT_BASE usage"
(sha1: 04ce5427bd)
introduced bug where assigning to u_boot_pos variable wasn't done
which end up in situation where SPL wasn't able to find out
image on the selected address.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
This allows to boot all STM32F7 and STM32H7 boards independently
of the amount of embedded SDRAM.
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Vikas Manocha <vikas.manocha@st.com>
Avoid CoverityScan warning SIGN_EXTENSION by changing the type of
parameter size of set_cluster().
Avoid leaking stack content when writing an incomplete last sector.
Reported-by: Coverity (CID: 184096)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Do not leak filename_copy in case of error.
Catch out of memory when calling strdup.
Reported-by: Coverity (CID: 184086)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
With there now being four device tree files, and 4 separate
defconfig files, the code necessary to determine which board is
being used is no longer necessary as the corresponding pin-muxing
and board names are determined by the device tree.
Signed-off-by: Adam Ford <aford173@gmail.com>
With the device trees doing most of the work of pin-muxing and
DM doing much of the peripheral initialization, this creates
new defconfig files for each of the Logic PD variants with
proper register settings/pin-muxing.
Signed-off-by: Adam Ford <aford173@gmail.com>
[trini: Update MAINTAINERS entry]
Signed-off-by: Tom Rini <trini@konsulko.com>
The baseboards and SOM's are virtually identical to their DM37
counterparts, but OMAP36/37 and OMAP3 have some minor register
differences. With the boards being mostly driven by device trees
now, this synchronizes their respective device trees with linux-omap
for-next branch destined for 4.20 (or whatever the version after 4.19
will be called)
Signed-off-by: Adam Ford <aford173@gmail.com>
With the introduction of the omap serial driver, the need for some
of these U-Boot specific modifications is gone. This cleans up
this unnneeded stuff.
Signed-off-by: Adam Ford <aford173@gmail.com>
The device tree entries are from linux-omap's for-next branch
destined to me put into 4.20 (or whatever the version is after 4.19)
Signed-off-by: Adam Ford <aford173@gmail.com>
Add support for the Arm Versatile Express config bus that is
being used for exposing various subsystems via a generic
configuration bus. This driver adds support for generating
transactions on this configuration bus and can be used by
other drivers to abstract the communication with the actual
function providers.
Signed-off-by: Liviu Dudau <liviu.dudau@foss.arm.com>
Reviewed-by: Heiko Schocher <hs@denx.de>
Instead of manually specifying CONFIG_SYS_EXTRA_ENV_RELOC
for every board that needs it, it shouldn't hurt to let
initr_reloc_global_data() always relocate gd->env_addr
unless we know this pointer is outside the initial binary.
To achieve this, the relocation is omitted if
CONFIG_ENV_ADDR is defined (and ENV_IS_EMBEDDED is not).
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
After Siomon's comment, add a descriptive comment (docstring) to each of
helper functions in conftest.py. No functionality changed.
Signed-off-by: Akashi Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Since there is no use of fs_type in umount_fs(), just remove it.
Signed-off-by: Akashi Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
After a test has failed, test/py drains the U-Boot console log to ensure
that any relevant output is captured. At this point, we don't care about
detecting any additional errors, since the test is already known to have
failed, and U-Boot will be restarted. To ensure that the test cleanup code
is not interrupted, and can correctly terminate the log sections for the
failed test, ignore any exception that occurs while reading the U-Boot
console output during this limited period of time.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
- fixes to rkimage for SPL boot via USB
- fixes to make_fit_atf.py, incl. entry-point calculation and python3
compatibility
- OP-TEE support for ARMv7-based SoCs
- fixes to RGMII/GMII selection on the RK3328
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJbt0FOAAoJECaAFcEOcohNZmcH/A1mKO0/R4tHCqFP2j0I+OuP
PClkA1HUZuD5phvPMaxdHQBwsq7sAa8AljK1oPCNkslP7mFxToUUBx7xc0vB89P/
D+XsI4uce89hIyTULR2FdhR22MOk41zaLVeNicpQ1keCNbzCwsHsHTA+B4XN/xNe
tdPpu6wN2D+g88DAv+/ebVYgjmxRvFD4qpL9bbZpOqqA8XCcD31ukCR2E4fsESgn
mzwKaKcX6SeYgTVCT8Q15SLTNI1WRUY1Y1laj1WKl4abY+HsTt4Whm9imM2l3K5W
ODj6vnFlwEC9rgdxmtXGcmBfwtyXubSfuZDrMGFAiOlyIUgpPXWZI7i8LYQbZ7s=
=NdBl
-----END PGP SIGNATURE-----
Merge tag 'rockchip-for-v2018.11-rc2' of git://git.denx.de/u-boot-rockchip
Rockchip-focused changes for v2018.11-rc2:
- fixes to rkimage for SPL boot via USB
- fixes to make_fit_atf.py, incl. entry-point calculation and python3
compatibility
- OP-TEE support for ARMv7-based SoCs
- fixes to RGMII/GMII selection on the RK3328
Signed-off-by: Tom Rini <trini@konsulko.com>
Here we do a couple of impovements for all ARC boards
as well as introduce yet another developemnt board.
1. Now for ARC boards we print CPU and board info
which is useful for users and helps with
analysis of logs "post-mortem".
2. Synopsys IoT development kit support is added
This one might bw a bit too late as we're past RC1
but:
1) This doesn't affect any other arches etc
as we change purely ARC code.
2) I've got a chance to talk about U-Boot on
IoT platforms during ELCE (my proposal was on
a wait list and only this week I've got
an update and invitation to talk) so it would
be good to have this board as a primer in upstream
code-base by the time of ELCE 2018.
3) For complete support of IoT devkit I'm yet to
significantly rework regmap subsystem in U-Boot
but that's a different topic and hopefully it will
be done sometime soon... though not this release
cycle for sure.
The DesignWare ARC IoT Development Kit is a versatile platform
that includes the necessary hardware and software to accelerate
software development and debugging of sensor fusion,
voice recognition and face detection designs.
More information is avaialble here [1] and here [2].
The board is based on real silicon with
ARC EM9D-based Data Fusion IP Subsystem.
It sports a rich set of I/O including
* DW USB OTG
* DW MobileStorage (used for micro SD-card)
* GPIO
* multiple serial interface including DW APB UART
* ADC, PWM and eFlash, SRAM and SPI Flash memory
* Real-Time Clock (RTC)
* Bluetooth module with worldwide regulatory compliance
(FCC, IC, CE, ETSI, TELEC)
* On-board 9-axis sensor (gyro, accelerometer and compass)
Extensible with Arduino, Pmod, mikroBUS connectors and a 2x18
extension header.
One of the most interesting features for developers is built-in
Digilent USB JTAG probe so only micro-USB cable is needed!
[1] https://www.synopsys.com/dw/ipdir.php?ds=arc_iot_development_kit
[2] https://www.synopsys.com/dw/doc.php/ds/cc/iot_dev_kit.pdf
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
With implemented print_cpuinfo() and model property in .dts
we're ready to print nice info about ARC cores and boards on boot.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Even though arc-linux- prefix is used in ARC prebuilt tools and
in Buildroot there're other options like Linux distro cross-tools
etc where prefix is different so let's not rely on this default.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
The 'rkimage' format used for booting rockchip boards over USB seems to
have been broken since commit 7bf274b9ca ("rockchip: mkimage: use
imagename to select spl hdr & spl size"). That commit adds an offset of
RK_SPL_HDR_START(=2048) to the location the 'RKxx' header is written
at. However the bootrom expects this header to be the first four bytes of
the image, not at offset 2048. This appears to have been a copy paste
error since the 'rksd' and 'rkspi' image types do require this offset.
Furthermore commit 111bcc4fb6 ("rockchip: mkimage: pad the header to
8-bytes (using a 'nop') for RK3399"), commit 3d54eabcaf ("rockchip:
spl: RK3399: use boot0 hook to create space for SPL magic") and
commit 3082775692 ("rockchip: mkimage: update rkimage to support
pre-padded payloads") changed the way the space for the 'RKxx' header is
allocated and written to the image without adjusting 'rkimage'.
This commit fixes those mistakes and makes it possible to load u-boot SPL
over USB once more.
(Tested on RK3399)
Signed-off-by: Daniel Gröber <daniel@dps.uibk.ac.at>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
u-boot.itb depends on u-boot-nodtb.bin, which in turn depends on u-boot.
u-boot.its from Rockchip make_fit_atf.py (used by {evb,firefly}-rk3399)
wants to read u-boot but is lacking this dependency, so that u-boot.itb
cannot be built in one go. Detect its use and add the missing dependency.
Reported-by: Yousaf Kaukab <yousaf.kaukab@suse.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Using PHY internal delays in combination with the phy-mode
rgmii-id/rxid/txid was not possible. Only rgmii was supported.
Now we can disable rockchip's gmac delay lines and also use
rgmii-id/rxid/txid.
Based on commit eaf70ad14cbb ("net: stmmac: dwmac-rk: Add
handling for RGMII_ID/RXID/TXID") for mainline linux kernel.
Signed-off-by: Janine Hagemann <j.hagemann@phytec.de>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Reviewed-by: David Wu <david.wu@rock-chips.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
We have to use RK3328_RXCLK_DLY_ENA_GMAC_ENABLE instead of
RK3328_RXCLK_DLY_ENA_GMAC_MASK in rk3328_gmac_set_to_rgmii()
to enable the RX delay.
The MASK was used in a wrong way.
Signed-off-by: Janine Hagemann <j.hagemann@phytec.de>
Reviewed-by: Philipp Tomisch <philipp.tomisch@theobroma-systems.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
make_fit_atf.py uses physical address of first segment as the
entry point to bl31. It is incorrect and causes following abort
when bl31_entry() is called:
U-Boot SPL board initTrying to boot from MMC1
"Synchronous Abort" handler, esr 0x02000000
elr: 0000000000000000 lr : 00000000ff8c7e8c
x 0: 00000000ff8e0000 x 1: 0000000000000000
x 2: 0000000000000000 x 3: 00000000ff8e0180
x 4: 0000000000000000 x 5: 0000000000000000
x 6: 0000000000000030 x 7: 00000000ff8e0188
x 8: 00000000000001e0 x 9: 0000000000000000
x10: 000000000007fcdc x11: 00000000002881b8
x12: 00000000000001a2 x13: 0000000000000198
x14: 000000000007fdcc x15: 00000000002881b8
x16: 00000000003c0724 x17: 00000000003c0718
x18: 000000000007fe80 x19: 00000000ff8e0000
x20: 0000000000200000 x21: 00000000ff8e0000
x22: 0000000000000000 x23: 000000000007fe30
x24: 00000000ff8d1c3c x25: 00000000ff8d5000
x26: 00000000deadbeef x27: 00000000000004a0
x28: 000000000000009c x29: 000000000007fd90
Fix it by using the entry point from the elf header.
Signed-off-by: Mian Yousaf Kaukab <yousaf.kaukab@suse.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
We package U-Boot and OP-TEE into one itb file for SPL,
so that we can support OP-TEE in SPL.
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Acked-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
OP-TEE is an open source trusted OS, in armv7, its loading and
running are like this:
loading:
- SPL load both OP-TEE and U-Boot
running:
- SPL run into OP-TEE in secure mode;
- OP-TEE run into U-Boot in non-secure mode;
To make code simple, it would be fine to use IH_OS_TEE for the
os tyle in TPL(just like IH_OS_LINUX is using both in SPL and U-Boot).
Here is the diagram for SPL loading OP-TEE,
IH_OS_TEE:(make u-boot.itb for SPL)
Non-Secure Secure
BootROM
|
v
SPL
|
v
--------- OP-TEE
|
v
U-Boot
|
V
Linux
For other two king of OP-TEE loading/booting, see commit message:
45b55712d4 image: Add IH_OS_TEE for TEE chain-load boot
More detail:
https://github.com/OP-TEE/optee_os
and search for 'boot arguments' for detail entry parameter in:
core/arch/arm/kernel/generic_entry_a32.S
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Cc: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Patch fix warning:
/builddir/BUILD/u-boot-2018.05-rc2/"arch/arm/mach-rockchip/make_fit_atf.py" \
arch/arm/dts/rk3399-firefly.dtb > u-boot.its
./tools/mkimage -f u-boot.its -E u-boot.itb >/dev/null && cat
/dev/null
u-boot.itb.tmp: Warning (unit_address_vs_reg): Node /images/uboot@1
has a unit name, but no reg property
u-boot.itb.tmp: Warning (unit_address_vs_reg): Node /images/atf@1 has
a unit name, but no reg property
u-boot.itb.tmp: Warning (unit_address_vs_reg): Node /images/atf@2 has
a unit name, but no reg property
u-boot.itb.tmp: Warning (unit_address_vs_reg): Node /images/atf@3 has
a unit name, but no reg property
u-boot.itb.tmp: Warning (unit_address_vs_reg): Node /images/fdt@1 has
a unit name, but no reg property
u-boot.itb.tmp: Warning (unit_address_vs_reg): Node
/configurations/config@1 has a unit name, but no reg property
make[1]: Leaving directory
'/builddir/BUILD/u-boot-2018.05-rc2/builds/firefly-rk3399'
Reported-by: Peter Robinson <pbrobinson@gmail.com>
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Tested-by: Peter Robinson <pbrobinson@gmail.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Acked-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>