* changes:
feat(imx8mp): enable BL32 fdt overlay support on imx8mp
feat(imx8mq): enable optee fdt overlay support
feat(imx8mn): enable optee fdt overlay support
feat(imx8mm): enable optee fdt overlay support
feat(imx8mp): add trusty for imx8mp
feat(imx8mq): enable trusty for imx8mq
feat(imx8mn): enable Trusty OS for imx8mn
feat(imx8mm): enable Trusty OS on imx8mm
feat(imx8/imx8m): switch to xlat_tables_v2
feat(imx8m): enable the coram_s tz by default on imx8mn/mp
feat(imx8m): enable the csu init on imx8m
feat(imx8m): add a simple csu driver for imx8m family
refactor(imx8m): replace magic number with enum type
feat(imx8m): add imx csu/rdc enum type defines for imx8m
fix(imx8m): check the validation of domain id
feat(imx8m): enable conditional build for SDEI
Allow OP-TEE to generate a device-tree overlay binary
that will be applied by u-boot on the regular dtb.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: Idfd268cdd8b7ba321f8e1b9b85c2bba7ffdeddf0
Add trusty support for imx8mq, default load address
and size for trusty os will be 0xfe000000 and 0x2000000.
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I2b35ee525b25b80bf6c9599a0adcc2d9f069aa41
Add trusty support for imx8mn, default load address and
size of trusty are 0xbe000000 and 0x2000000.
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I63fd5159027d7400b8c6bfc03193dd1330c43140
Add trusty support for imx8mm, default load address
and size of trusty are 0xbe000000 anx 0x2000000.
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I3f8b1adc08933e38a39f1ab1723947319d19a703
spd trusty requires memory dynamic mapping feature to be
enabled, so we have to use xlat table library v2 instead
of v1.
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I2813af9c7878b1fc2a59e27619c5b643af6a1e91
Enable the OCRAM_S TZ for secure protection by default on
i.MX8MN/i.MX8MP. And lock the ocram secure access configure
on i.MX8MM/i.MX8MP.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I2e24f4b823ee5f804415218d5c2e371f4e4c6fe1
Enable the CSU init on i.MX8M SoC family. The 'csu_cfg' array
is just a placeholder for now as example with limited config listed.
In real use case,user can add the CSU config as needed based on system design.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I1f7999efa346f18f6625ed8c478d088ed75f7833
Replace those RDC config related magic numbers with enum type
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I6245ccfa74d079179dc0f205980c2daf5c7af786
Add various enum type defines for CSU & RDC module for i.MX8M
family
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I70c050286919eab51c6c553912bd4be57bc60f81
check the domain id to make sure it is in the valid range
to make sure no out of range access to the array.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: Iccd7298eea390b6e68156bb356226839a23417ea
SDEI support on imx8m is an optional feature, so
make it conditional build, not enabled by default.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I6e7e8d77959ea352bc019f8468793992ec7ecfc4
In case JR0 is used by the HAB for secure boot, it can be used later
for authenticating kernel or other binaries.
We are checking if the HAB is using the JR by the DID set.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I6e9595012262ffabfc3f3d4841f446f34e48e059
Add helper functions to generate event log for imx8mm
when MEASURED_BOOT=1.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: Ifc947d749055787fbda0b39170aa2eb8865b7802
Change BL31 load address to 0x970000. This was done by Change-Id
I96d572fc. But then changed back to 0x960000 by Change-Id I8308c629.
However, 0x970000 is the correct value thus we change it back again.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
Change-Id: Ia0db4877123b89072f723d18e2bcce25ef38f47d
Use long instead of long long on aarch64 for 64_t stdint types.
Introduce inttypes.h to properly support printf format specifiers for
fixed width types for such change.
Change-Id: I0bca594687a996fde0a9702d7a383055b99f10a1
Signed-off-by: Scott Branden <scott.branden@broadcom.com>
We need to add #include <arch.h> to platform_def.h to fix MODE_RW_64
undeclared.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: I358bc6644243a7ea1befd87f946b4087feddd857
This patch enables Trusted Boot on the i.MX8MP with BL2 doing image
verification from a FIP prior to hand-over to BL31.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: Iac1d1d62ea9858f67326a47c1e5ba377f23f9db5
Adds bl2 with FIP to the build required for mbed Linux booting where
we do:
BootROM -> SPL -> BL2 -> OPTEE -> u-boot
If NEED_BL2 is specified then BL2 will be built and BL31 will have its
address range modified upwards to accommodate. BL31 must be loaded from a
FIP in this case.
If NEED_BL2 is not specified then the current BL31 boot flow is unaffected
and u-boot SPL will load and execute BL31 directly.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: I78914d6002755f733ea866127cb47982a00f9700
This commit makes the image load logic from imx8mm common for all
imx8m platform.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: Ibfe2e9cc09d198cb9e309afaf381a0237a4b82ed
Adds a number of definitions consistent with the established RSB3720
equivalents specifying number of io_handles and block devices.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: I401e48216d67257137351ee4d0b98904a76fa789
This commit makes imx image io-storage logic common for all
imx platform.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: I15045ac8f9dfa8cb714e32f9e7475d5eae4e86e4
Allows for exporting of FIP related methods cleanly in a private header.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: Iaaad4e69ef89c8a8a74648647d7fd09cd0fdd12a
When enabling U-boot with UEFI and secure boot, the size of U-boot
becomes more than 1MB. So we enlarge BL33 to 2MB.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: I9d9d24132bb1ec17ef6080dc72e93c7f531c97b5
Add imx_system_reset2 which extends existing SYSTEM_RESET. It provides
architectural reset definitions and vendor-specific resets.
By default warm reset is triggered.
Also refactor existing implementation of wdog reset, add details about
each flag used.
Change-Id: Ia7348c32c385f1c61f8085776e81dd1e38ddda5c
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Add sdei support for i.MX8MM, this is to let jailhouse Hypervisor
could use SDEI to do hypervisor management, after physical IRQ
has been disabled routing.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Change-Id: I8308c629448bd8adca9d3d25701adcf0c5a6afc2
Add sdei support for i.MX8MN, this is to let jailhouse Hypervisor
could use SDEI to do hypervisor management, after physical IRQ
has been disabled routing.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Change-Id: Ie15fffdd09e1bba1b22334b8ccac2335c96b8b4d
Create a dedicated static struct mmc_device_info mmc_info mmc_info
instead of having this in stack.
A boot issue has been seen on some platform when applying patch [1].
[1] 13f3c5166f ("mmc:prevent accessing to the released space in case of wrong usage")
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Iba0424a5787f9e510a60696d4033db1b49b243b2
In iMX8MM it is possible to have two copies of bootloader in
SD/eMMC and switch between them. The switch is triggered either
by the BootROM in case the bootloader image is faulty OR can be
enforced by the user. To trigger that switch the
PERSIST_SECONDARY_BOOT bit should be set in GPR10 SRC register.
As the bit is retained after WARM reset, that permits to control
BootROM behavior regarding what boot image it will boot after
reset: primary or secondary.
This is useful for reliable bootloader A/B updates, as it permits
switching between two copies of bootloader at different offsets of
the same storage.
If the PERSIST_SECONDARY_BOOT is 0, the boot ROM uses address
0x8400 for the primary image. If the PERSIST_SECONDARY_BOOT is 1,
the boot ROM reads that secondary image table from address 0x8200
on the boot media and uses the address specified in the table for
the secondary image.
Secondary Image Table contains the sector of secondary bootloader
image, exluding the offset to that image (explained below in the
note). To generate the Secondary Image Table, use e.g.:
$ printf '\x0\x0\x0\x0\x0\x0\x0\x0\x33\x22\x11'
'\x00\x00\x10\x0\x0\x00\x0\x0\x0'
> /tmp/sit.bin
$ hexdump -vC /tmp/sit.bin
00000000 00 00 00 00
00000004 00 00 00 00
00000008 33 22 11 00 <--- This is the "tag"
0000000c 00 10 00 00 <--- This is the "firstSectorNumber"
00000010 00 00 00 00
You can also use NXP script from [1][2] imx-mkimage tool for
SIT generation. Note that the firstSectorNumber is NOT the offset
of the IVT, but an offset of the IVT decremented by Image Vector
Table offset (Table 6-25. Image Vector Table Offset and Initial
Load Region Size for iMX8MM/MQ), so for secondary SPL copy at
offset 0x1042 sectors, firstSectorNumber must be 0x1000
(0x42 sectors * 512 = 0x8400 bytes offset).
In order to test redundant boot board should be closed and
SD/MMC manufacture mode disabled, as secondary boot is not
supported in the SD/MMC manufacture mode, which can be disabled
by blowing DISABLE_SDMMC_MFG (example for iMX8MM):
> fuse prog -y 2 1 0x00800000
For additional details check i.MX 8M Mini Apllication Processor
Reference Manual, 6.1.5.4.5 Redundant boot support for
expansion device chapter.
[1] https://source.codeaurora.org/external/imx/imx-mkimage/
[2] scripts/gen_sit.sh
Change-Id: I0a5cea7295a4197f6c89183d74b4011cada52d4c
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
on i.MX8MP A1 silicon, the OCRAM space is extended to 512K + 64K,
currently, OCRAM @0x960000-0x980000 is reserved for BL31, it will
leave the last 64KB in non-continuous space. To provide a continuous
384KB + 64KB space for generic use, so move the BL31 space to
0x970000-0x990000 range.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I96d572fc0f87f05a60f55e0552a68b6e70f8e7f4
the 'always_on' member should be initialized from 'on'.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I5746ff40075b4fcda2ac7d04a8d7f1269af17e91
Adds bl2 with FIP to the build required for mbed Linux booting where
we do:
BootROM -> SPL -> BL2 -> OPTEE -> u-boot
If NEED_BL2 is specified then BL2 will be built and BL31 will have
its address range modified upwards to accommodate. BL31 must be
loaded from a FIP in this case.
If NEED_BL2 is not specified then the current BL31 boot flow is
unaffected and u-boot SPL will load and execute BL31 directly.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: I655343b3b689b1fc57cfbedda4d3dc2fbd549a96
This patch enables Trusted Boot on the i.MX8MM with BL2 doing image
verification from a FIP prior to hand-over to BL31.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: I3c22783a5c49544d0bace8ef3724784b9b7cc64a
Adds a number of definitions consistent with the established WaRP7
equivalents specifying number of io_handles and block devices.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: If1d7ef1ad3ac3dfc860f949392c7534ce8d206e3
Allows for exporting of FIP related methods cleanly in a private header.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: I8523f1370312ed22ff7ca710cd916be52f725e3c
And from crash_console_flush.
We ignore the error information return by console_flush in _every_
place where we call it, and casting the return type to void does not
work around the MISRA violation that this causes. Instead, we collect
the error information from the driver (to avoid changing that API), and
don't return it to the caller.
Change-Id: I1e35afe01764d5c8f0efd04f8949d333ffb688c1
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
CPU hotplug & cpuidle have some race condition when doing CPU hotplug
stress test. different CPU cores have the chance to access the same
GPC register(A53_AD), so lock is necessary to do exlusive access.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I1296592e05fa78429c3f0fac066951521db755e3
The number of gpc imr mask reg & the offset is different
on some SOC, so correct it & replace the magic number with
macro define.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: Ic701675cdd92e043dcd7f06722f2e871068aec74
Keep A53 PLAT(SCU) power domain on in wait mode(ret).
RBC count only need to be set in PLAT OFF mode, so
change it accordingly.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: Ie55e25c8210d298506fc4dca7a9653583db45e0c