* [PATCH v2 00/29] i.MX8M HAB Fixes
@ 2023-10-17 14:51 Marco Felsch
2023-10-17 14:51 ` [PATCH v2 01/29] kbuild: clean start*_*.{p,ps}imximg files Marco Felsch
` (29 more replies)
0 siblings, 30 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
Hi all,
unfortunately with the addition of the FlexSPI image support I broke
the HAB support for i.MX8M devices because I didn't honored the new CSF
location. This PR will fix this for the MMC/SD/USB boot case.
Additional the PR adds the support to HAB boot the system from a QSPI
NOR as well. For the FlexSPI HAB boot a 2nd CSF slot/area is added to
keep the very user-friendly single-image approach.
Before reviewing Patch13 and onwards I do recommend to look at Patch26
first to get an overview of the final result.
Patch1-7:
Cleanup the hab command code and image artifacts and enable it support
for all i.MX8M devices.
Patch8-9:
Add the signing support to the Makefile.imx and convert the i.MX8M rules
to use the new macro to cleanup the code.
Patch10-12:
Prepare i.MX8M*-EVKs to be able to build signed images.
Patch13-14:
Add support for multiple CSF slots.
Patch15-23:
Fix the HAB support for MMC/SD card first and add/fix the HAB support
for FlexSPI images.
Patch24:
Make it possible to pass CST command line paramters via environment.
This is very useful for new CST versions which do support PKCS11
out-of-the box if the user specify the backend via '-b pkcs11'.
Patch25-26:
Documentation patches to become an overview of the FlexSPI HAB single
image implementation.
Testers are very welcome :)
Marco Felsch (20):
i.MX: HAB: remove unused init() hook
ARM: i.MX8M: add flexspi-imx8m{m,p}-cfg.h header
ARM: boards: i.MX8M: make use of new flexspi-imx8m{m,p}-cfg.h header
ARM: lds: introduce HAB_CSF_LEN define for the hab_csf section
ARM: lds: add support for a 2nd CSF area
scripts: imx: force flexspi and hab option order
scripts: imx: move flexspi_image() into header
scripts: imx: fix i.MX8M CSF header placement
scripts: imx: add imx8m_get_offset_size helper
scripts: imx-image: header_v2: add CSF slots
scripts: imx-image: hab_sign: refactor function
scripts: imx: replace static string allocation
scripts: imx: add hab_qspi support
scripts: imx: add helper to write CSF Blocks command
scripts: imx: fix HAB for FlexSPI boot
scripts: imx-image: add missing close()
scripts: imx-image: add support for CST_EXTRA_CMDLINE_OPTIONS
ARM: i.MX: add hab qspi support if enabled
Documentation: boards: imx: replace i.MX8MQ with i.MX8M
Documentation: boards: imx: add FlexSPI sub-section
Rouven Czerwinski (9):
kbuild: clean start*_*.{p,ps}imximg files
i.MX: HABv4: fix event status comparison
i.MX: HABv4: fix i.MX8MQ device lockdown
i.MX: HABv4: extend support to i.MX8M SoCs
i.MX: HABv4: retrieve HAB ROM version for i.MX8M
ARM: i.MX: allow HAB for i.MX8M family
ARM: i.MX: introduce build_imx8m_habv4img
ARM: i.MX: convert i.MX8M to helper
ARM: boards: i.MX8M: add HAB image support
Documentation/boards/imx.rst | 86 ++++++++++-
.../flash-header-imx8mm-evk.imxcfg | 4 +-
.../flash-header-imx8mn-evk.imxcfg | 4 +-
.../flash-header-imx8mp-evk.imxcfg | 4 +-
arch/arm/lib/pbl.lds.S | 8 +-
arch/arm/mach-imx/Kconfig | 10 +-
drivers/hab/hab.c | 65 ++++++---
drivers/hab/habv4.c | 40 +++--
images/Makefile | 3 +-
images/Makefile.imx | 110 +++++---------
include/mach/imx/flexspi-imx8mm-cfg.h | 8 +
include/mach/imx/flexspi-imx8mp-cfg.h | 8 +
include/mach/imx/habv4-imx8-gencsf.h | 3 +
include/mach/imx/imx-header.h | 4 +-
include/mach/imx/ocotp-fusemap.h | 3 +
scripts/imx/imx-image.c | 65 +++++----
scripts/imx/imx.c | 137 +++++++++++++++---
scripts/imx/imx.h | 13 ++
18 files changed, 413 insertions(+), 162 deletions(-)
create mode 100644 include/mach/imx/flexspi-imx8mm-cfg.h
create mode 100644 include/mach/imx/flexspi-imx8mp-cfg.h
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 01/29] kbuild: clean start*_*.{p,ps}imximg files
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 02/29] i.MX: HABv4: fix event status comparison Marco Felsch
` (28 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
From: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Cleanup files build during i.MX8M image generation.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
---
Changelog:
v2:
- unchanged
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
images/Makefile | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/images/Makefile b/images/Makefile
index 9739a15c06ba..90d596deabcd 100644
--- a/images/Makefile
+++ b/images/Makefile
@@ -225,5 +225,6 @@ $(flash-list): $(image-y-path)
clean-files := *.pbl *.pblb *.elf *.map start_*.imximg *.img barebox.z start_*.kwbimg \
start_*.kwbuartimg *.socfpgaimg *.mlo *.t20img *.t20img.cfg *.t30img \
*.t30img.cfg *.t124img *.t124img.cfg *.mlospi *.mlo *.mxsbs *.mxssd *.rkimg \
- start_*.simximg start_*.usimximg *.zynqimg *.image *.swapped *.missing-firmware
+ start_*.simximg start_*.usimximg start_*.pimximg start_*.psimximg *.zynqimg \
+ *.image *.swapped *.missing-firmware
clean-files += pbl.lds
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 02/29] i.MX: HABv4: fix event status comparison
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
2023-10-17 14:51 ` [PATCH v2 01/29] kbuild: clean start*_*.{p,ps}imximg files Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 03/29] i.MX: HABv4: fix i.MX8MQ device lockdown Marco Felsch
` (27 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
From: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Instead of only printing events belonging to a certain level, print all
events that have a higher status than the current event. This fixes
event printing for i.MX8M based boards.
Fixes: 8b35facbb971 ("i.MX: HABv4: Improve HAB event printing")
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
---
Changelog:
v2:
- unchanged
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
drivers/hab/habv4.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hab/habv4.c b/drivers/hab/habv4.c
index 9f54aed5f508..bbfbf697b520 100644
--- a/drivers/hab/habv4.c
+++ b/drivers/hab/habv4.c
@@ -224,7 +224,7 @@ static enum hab_status imx8m_read_sram_events(enum hab_status status,
}
}
while (i < num_events) {
- if (events[i]->status == status) {
+ if (events[i]->status >= status) {
if (internal_index == index) {
*bytes = sizeof(struct hab_event_record) +
be16_to_cpu(events[i]->hdr.len);
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 03/29] i.MX: HABv4: fix i.MX8MQ device lockdown
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
2023-10-17 14:51 ` [PATCH v2 01/29] kbuild: clean start*_*.{p,ps}imximg files Marco Felsch
2023-10-17 14:51 ` [PATCH v2 02/29] i.MX: HABv4: fix event status comparison Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 04/29] i.MX: HAB: remove unused init() hook Marco Felsch
` (26 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
From: Rouven Czerwinski <r.czerwinski@pengutronix.de>
The i.MX8M family of processors moved the SEC_CONFIG_1 fuse to a
different location. Fix this by adding dedicated imx8mq ops which uses
the new hook.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
[m.felsch@pengutronix.de: split commit into two]
[m.felsch@pengutronix.de: integrate review feedback]
[a.fatoum@pengutronix.de: fixup imx_hab_device_locked_down_ocotp logic for imx6 and imx8m]
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
---
Changelog:
v2:
- integrate Ahmads fixup patch
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
drivers/hab/hab.c | 47 +++++++++++++++++++++++++++-----
include/mach/imx/ocotp-fusemap.h | 3 ++
2 files changed, 43 insertions(+), 7 deletions(-)
diff --git a/drivers/hab/hab.c b/drivers/hab/hab.c
index afe6a6682276..29379ff871c8 100644
--- a/drivers/hab/hab.c
+++ b/drivers/hab/hab.c
@@ -150,7 +150,7 @@ static int imx_hab_permanent_write_enable_ocotp(int enable)
return imx_ocotp_permanent_write(enable);
}
-static int imx_hab_lockdown_device_ocotp(void)
+static int imx6_hab_lockdown_device_ocotp(void)
{
int ret;
@@ -161,7 +161,18 @@ static int imx_hab_lockdown_device_ocotp(void)
return imx_ocotp_write_field(OCOTP_SEC_CONFIG_1, 1);
}
-static int imx_hab_device_locked_down_ocotp(void)
+static int imx8m_hab_lockdown_device_ocotp(void)
+{
+ int ret;
+
+ ret = imx_ocotp_write_field(MX8M_OCOTP_SEC_CONFIG_1, 1);
+ if (ret < 0)
+ return ret;
+
+ return imx_ocotp_write_field(MX8MQ_OCOTP_DIR_BT_DIS, 1);
+}
+
+static int imx6_hab_device_locked_down_ocotp(void)
{
int ret;
unsigned int v;
@@ -173,6 +184,18 @@ static int imx_hab_device_locked_down_ocotp(void)
return v;
}
+static int imx8m_hab_device_locked_down_ocotp(void)
+{
+ int ret;
+ unsigned int v;
+
+ ret = imx_ocotp_read_field(MX8M_OCOTP_SEC_CONFIG_1, &v);
+ if (ret < 0)
+ return ret;
+
+ return v;
+}
+
struct imx_hab_ops {
int (*init)(void);
int (*write_srk_hash)(const u8 *srk, unsigned flags);
@@ -190,11 +213,19 @@ static struct imx_hab_ops imx_hab_ops_iim = {
.permanent_write_enable = imx_hab_permanent_write_enable_iim,
};
-static struct imx_hab_ops imx_hab_ops_ocotp = {
+static struct imx_hab_ops imx6_hab_ops_ocotp = {
+ .write_srk_hash = imx_hab_write_srk_hash_ocotp,
+ .read_srk_hash = imx_hab_read_srk_hash_ocotp,
+ .lockdown_device = imx6_hab_lockdown_device_ocotp,
+ .device_locked_down = imx6_hab_device_locked_down_ocotp,
+ .permanent_write_enable = imx_hab_permanent_write_enable_ocotp,
+};
+
+static struct imx_hab_ops imx8m_hab_ops_ocotp = {
.write_srk_hash = imx_hab_write_srk_hash_ocotp,
.read_srk_hash = imx_hab_read_srk_hash_ocotp,
- .lockdown_device = imx_hab_lockdown_device_ocotp,
- .device_locked_down = imx_hab_device_locked_down_ocotp,
+ .lockdown_device = imx8m_hab_lockdown_device_ocotp,
+ .device_locked_down = imx8m_hab_device_locked_down_ocotp,
.permanent_write_enable = imx_hab_permanent_write_enable_ocotp,
};
@@ -208,8 +239,10 @@ static struct imx_hab_ops *imx_get_hab_ops(void)
if (IS_ENABLED(CONFIG_HABV3) && (cpu_is_mx25() || cpu_is_mx35()))
tmp = &imx_hab_ops_iim;
- else if (IS_ENABLED(CONFIG_HABV4) && (cpu_is_mx6() || cpu_is_mx8mq()))
- tmp = &imx_hab_ops_ocotp;
+ else if (IS_ENABLED(CONFIG_HABV4) && cpu_is_mx6())
+ tmp = &imx6_hab_ops_ocotp;
+ else if (IS_ENABLED(CONFIG_HABV4) && cpu_is_mx8mq())
+ tmp = &imx8m_hab_ops_ocotp;
else
return NULL;
diff --git a/include/mach/imx/ocotp-fusemap.h b/include/mach/imx/ocotp-fusemap.h
index 6ba794c16619..823273895502 100644
--- a/include/mach/imx/ocotp-fusemap.h
+++ b/include/mach/imx/ocotp-fusemap.h
@@ -53,5 +53,8 @@
#define OCOTP_GP1 (OCOTP_WORD(0x660) | OCOTP_BIT(0) | OCOTP_WIDTH(32))
#define OCOTP_GP2 (OCOTP_WORD(0x670) | OCOTP_BIT(0) | OCOTP_WIDTH(32))
#define OCOTP_PAD_SETTINGS (OCOTP_WORD(0x6d0) | OCOTP_BIT(0) | OCOTP_WIDTH(6))
+/* i.MX8M moved the security related fuses */
+#define MX8M_OCOTP_SEC_CONFIG_1 (OCOTP_WORD(0x470) | OCOTP_BIT(25) | OCOTP_WIDTH(1))
+#define MX8MQ_OCOTP_DIR_BT_DIS (OCOTP_WORD(0x470) | OCOTP_BIT(27) | OCOTP_WIDTH(1))
#endif /* __MACH_IMX_OCOTP_FUSEMAP_H */
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 04/29] i.MX: HAB: remove unused init() hook
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (2 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 03/29] i.MX: HABv4: fix i.MX8MQ device lockdown Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 05/29] i.MX: HABv4: extend support to i.MX8M SoCs Marco Felsch
` (25 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
The init() hook was never used so we can remove it to cleanup the code a
bit.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
---
Changelog:
v2:
- unchanged
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
drivers/hab/hab.c | 18 ++++--------------
1 file changed, 4 insertions(+), 14 deletions(-)
diff --git a/drivers/hab/hab.c b/drivers/hab/hab.c
index 29379ff871c8..04f88175c857 100644
--- a/drivers/hab/hab.c
+++ b/drivers/hab/hab.c
@@ -197,7 +197,6 @@ static int imx8m_hab_device_locked_down_ocotp(void)
}
struct imx_hab_ops {
- int (*init)(void);
int (*write_srk_hash)(const u8 *srk, unsigned flags);
int (*read_srk_hash)(u8 *srk);
int (*permanent_write_enable)(int enable);
@@ -231,29 +230,20 @@ static struct imx_hab_ops imx8m_hab_ops_ocotp = {
static struct imx_hab_ops *imx_get_hab_ops(void)
{
- static struct imx_hab_ops *ops, *tmp;
- int ret;
+ static struct imx_hab_ops *ops;
if (ops)
return ops;
if (IS_ENABLED(CONFIG_HABV3) && (cpu_is_mx25() || cpu_is_mx35()))
- tmp = &imx_hab_ops_iim;
+ ops = &imx_hab_ops_iim;
else if (IS_ENABLED(CONFIG_HABV4) && cpu_is_mx6())
- tmp = &imx6_hab_ops_ocotp;
+ ops = &imx6_hab_ops_ocotp;
else if (IS_ENABLED(CONFIG_HABV4) && cpu_is_mx8mq())
- tmp = &imx8m_hab_ops_ocotp;
+ ops = &imx8m_hab_ops_ocotp;
else
return NULL;
- if (tmp->init) {
- ret = tmp->init();
- if (ret)
- return NULL;
- }
-
- ops = tmp;
-
return ops;
}
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 05/29] i.MX: HABv4: extend support to i.MX8M SoCs
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (3 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 04/29] i.MX: HAB: remove unused init() hook Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 06/29] i.MX: HABv4: retrieve HAB ROM version for i.MX8M Marco Felsch
` (24 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
From: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Instead of only supporting i.MX8MQ based boards, extend support to the
whole i.MX8M family.
OCRAM address values were taken from AN12263 Rev1 06/2020. While at it
turn the OCRAM addresses into defines as well and remove the superfluous
comment lines.
The fuses do match with the i.MX8MQ except for the DIR_BT_DIS fuse.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
[m.felsch@pengutronix.de: adapt commit message]
[m.felsch@pengutronix.de: integrate review feedback]
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
---
Changelog:
v2:
- unchanged
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
drivers/hab/hab.c | 6 +++++-
drivers/hab/habv4.c | 26 ++++++++++++++++++--------
2 files changed, 23 insertions(+), 9 deletions(-)
diff --git a/drivers/hab/hab.c b/drivers/hab/hab.c
index 04f88175c857..1edc495aee94 100644
--- a/drivers/hab/hab.c
+++ b/drivers/hab/hab.c
@@ -169,6 +169,10 @@ static int imx8m_hab_lockdown_device_ocotp(void)
if (ret < 0)
return ret;
+ /* Only i.MX8MQ requires fusing of DIR_BT_DIS */
+ if (!cpu_is_mx8mq())
+ return ret;
+
return imx_ocotp_write_field(MX8MQ_OCOTP_DIR_BT_DIS, 1);
}
@@ -239,7 +243,7 @@ static struct imx_hab_ops *imx_get_hab_ops(void)
ops = &imx_hab_ops_iim;
else if (IS_ENABLED(CONFIG_HABV4) && cpu_is_mx6())
ops = &imx6_hab_ops_ocotp;
- else if (IS_ENABLED(CONFIG_HABV4) && cpu_is_mx8mq())
+ else if (IS_ENABLED(CONFIG_HABV4) && cpu_is_mx8m())
ops = &imx8m_hab_ops_ocotp;
else
return NULL;
diff --git a/drivers/hab/habv4.c b/drivers/hab/habv4.c
index bbfbf697b520..0238b98dfb7e 100644
--- a/drivers/hab/habv4.c
+++ b/drivers/hab/habv4.c
@@ -193,18 +193,34 @@ static enum hab_status hab_sip_report_status(enum hab_config *config,
return (enum hab_status)res.a0;
}
+#define IMX8MQ_ROM_OCRAM_ADDRESS 0x9061C0
+#define IMX8MM_ROM_OCRAM_ADDRESS 0x908040
+#define IMX8MN_ROM_OCRAM_ADDRESS 0x908040
+#define IMX8MP_ROM_OCRAM_ADDRESS 0x90D040
+
static enum hab_status imx8m_read_sram_events(enum hab_status status,
uint32_t index, void *event,
uint32_t *bytes)
{
struct hab_event_record *events[10];
int num_events = 0;
- char *sram = (char *)0x9061c0;
+ char *sram;
int i = 0;
int internal_index = 0;
char *end = 0;
struct hab_event_record *search;
+ if (cpu_is_mx8mq())
+ sram = (char *)IMX8MQ_ROM_OCRAM_ADDRESS;
+ else if (cpu_is_mx8mm())
+ sram = (char *)IMX8MM_ROM_OCRAM_ADDRESS;
+ else if (cpu_is_mx8mn())
+ sram = (char *)IMX8MN_ROM_OCRAM_ADDRESS;
+ else if (cpu_is_mx8mp())
+ sram = (char *)IMX8MP_ROM_OCRAM_ADDRESS;
+ else
+ return HAB_STATUS_FAILURE;
+
/*
* AN12263 HABv4 Guidelines and Recommendations
* recommends the address and size, however errors are usually contained
@@ -590,7 +606,7 @@ static int imx8m_hab_get_status(void)
static int init_imx8m_hab_get_status(void)
{
- if (!cpu_is_mx8mq())
+ if (!cpu_is_mx8m())
/* can happen in multi-image builds and is not an error */
return 0;
@@ -602,12 +618,6 @@ static int init_imx8m_hab_get_status(void)
return 0;
}
-
-/*
- *
- *
- *
- */
postmmu_initcall(init_imx8m_hab_get_status);
static int init_imx6_hab_get_status(void)
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 06/29] i.MX: HABv4: retrieve HAB ROM version for i.MX8M
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (4 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 05/29] i.MX: HABv4: extend support to i.MX8M SoCs Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 07/29] ARM: i.MX: allow HAB for i.MX8M family Marco Felsch
` (23 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
From: Rouven Czerwinski <r.czerwinski@pengutronix.de>
The HAB userguide mentions this additional API calls introduced in 2018
(which coincides with the introduction of i.MX8M SoCs).
Call this API call unconditionally on i.MX8M SoCs to print the HAB
version the ROM code supports.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
---
Changelog:
v2:
- unchanged
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
drivers/hab/habv4.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/drivers/hab/habv4.c b/drivers/hab/habv4.c
index 0238b98dfb7e..f74de009fce0 100644
--- a/drivers/hab/habv4.c
+++ b/drivers/hab/habv4.c
@@ -168,6 +168,7 @@ struct habv4_rvt {
#define FSL_SIP_HAB_REPORT_STATUS 0x04
#define FSL_SIP_HAB_FAILSAFE 0x05
#define FSL_SIP_HAB_CHECK_TARGET 0x06
+#define FSL_SIP_HAB_GET_VERSION 0x07
static enum hab_status hab_sip_report_status(enum hab_config *config,
enum habv4_state *state)
@@ -193,6 +194,15 @@ static enum hab_status hab_sip_report_status(enum hab_config *config,
return (enum hab_status)res.a0;
}
+static uint32_t hab_sip_get_version(void)
+{
+ struct arm_smccc_res res;
+
+ arm_smccc_smc(FSL_SIP_HAB, FSL_SIP_HAB_GET_VERSION, 0, 0, 0, 0, 0, 0, &res);
+
+ return (uint32_t)res.a0;
+}
+
#define IMX8MQ_ROM_OCRAM_ADDRESS 0x9061C0
#define IMX8MM_ROM_OCRAM_ADDRESS 0x908040
#define IMX8MN_ROM_OCRAM_ADDRESS 0x908040
@@ -610,6 +620,8 @@ static int init_imx8m_hab_get_status(void)
/* can happen in multi-image builds and is not an error */
return 0;
+ pr_info("ROM version: 0x%x\n", hab_sip_get_version());
+
/*
* Nobody will check the return value if there were HAB errors, but the
* initcall will fail spectaculously with a strange error message.
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 07/29] ARM: i.MX: allow HAB for i.MX8M family
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (5 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 06/29] i.MX: HABv4: retrieve HAB ROM version for i.MX8M Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 08/29] ARM: i.MX: introduce build_imx8m_habv4img Marco Felsch
` (22 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
From: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Since the HAB driver can now parse events for the complete family,
allow selection for the whole family.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
---
Changelog:
v2:
- unchanged
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
arch/arm/mach-imx/Kconfig | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/mach-imx/Kconfig b/arch/arm/mach-imx/Kconfig
index 8da49a54b401..c60f1f949232 100644
--- a/arch/arm/mach-imx/Kconfig
+++ b/arch/arm/mach-imx/Kconfig
@@ -745,10 +745,10 @@ config HABV4
select HAB
select NVMEM
select IMX_OCOTP
- depends on ARCH_IMX6 || ARCH_IMX8MQ
+ depends on ARCH_IMX6 || ARCH_IMX8M
depends on OFDEVICE
help
- High Assurance Boot, as found on i.MX28/i.MX6/i.MX8MQ.
+ High Assurance Boot, as found on i.MX28/i.MX6/i.MX8M.
config HAB_CERTS_ENV
depends on HAB
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 08/29] ARM: i.MX: introduce build_imx8m_habv4img
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (6 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 07/29] ARM: i.MX: allow HAB for i.MX8M family Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 09/29] ARM: i.MX: convert i.MX8M to helper Marco Felsch
` (21 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
From: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Similar to the helper for i.MX6, this allows us to build HAB enabled
images by selecting KConfig symbols. So far I have only tested signed
images, so there is no support for usb-signed or encrypted images yet.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
---
Changelog:
v2:
- unchanged
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
images/Makefile.imx | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/images/Makefile.imx b/images/Makefile.imx
index 8f6e8740d165..76a0f606fe35 100644
--- a/images/Makefile.imx
+++ b/images/Makefile.imx
@@ -21,6 +21,19 @@ endif
)
endef
+define build_imx8m_habv4img =
+$(eval
+ifeq ($($(strip $(1))), y)
+ pblb-y += $(strip $(2))
+ CFG_$(strip $(2)).pblb.imximg = $(board)/$(strip $(3)).imxcfg
+ FILE_barebox-$(strip $(4)).img = $(strip $(2)).pblb.pimximg
+ FILE_barebox-$(strip $(4))-s.img = $(strip $(2)).pblb.psimximg
+ image-y += barebox-$(strip $(4)).img
+ image-$(CONFIG_HABV4_IMAGE_SIGNED) += barebox-$(strip $(4))-s.img
+endif
+)
+endef
+
# %.imximg - convert into i.MX image
# ----------------------------------------------------------------
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 09/29] ARM: i.MX: convert i.MX8M to helper
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (7 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 08/29] ARM: i.MX: introduce build_imx8m_habv4img Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 10/29] ARM: boards: i.MX8M: add HAB image support Marco Felsch
` (20 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
From: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Make use of the new helper function for all .pimximg images to cleanup
the Makefile and to have possible secure-boot image builds in place.
There are 3 i.MX8MQ platforms which don't use the .pimximg. I'm not sure
if this is intended but I left these out for now.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
[m.felsch@pengutronix.de: convert all possible make targets]
[m.felsch@pengutronix.de: adapt commit message]
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
---
Changelog:
v2:
- unchanged
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
images/Makefile.imx | 97 ++++++++++++---------------------------------
1 file changed, 26 insertions(+), 71 deletions(-)
diff --git a/images/Makefile.imx b/images/Makefile.imx
index 76a0f606fe35..7fc40132fc95 100644
--- a/images/Makefile.imx
+++ b/images/Makefile.imx
@@ -444,83 +444,38 @@ FILE_barebox-kamstrup-mx7-concentrator.img = start_kamstrup_mx7_concentrator.pbl
image-$(CONFIG_MACH_KAMSTRUP_MX7_CONCENTRATOR) += barebox-kamstrup-mx7-concentrator.img
# ----------------------- i.MX8mm based boards --------------------------
-pblb-$(CONFIG_MACH_NXP_IMX8MM_EVK) += start_nxp_imx8mm_evk
-CFG_start_nxp_imx8mm_evk.pblb.imximg = $(board)/nxp-imx8mm-evk/flash-header-imx8mm-evk.imxcfg
-FILE_barebox-nxp-imx8mm-evk.img = start_nxp_imx8mm_evk.pblb.pimximg
-image-$(CONFIG_MACH_NXP_IMX8MM_EVK) += barebox-nxp-imx8mm-evk.img
-
-pblb-$(CONFIG_MACH_PHYTEC_SOM_IMX8MM) += start_phyboard_polis_rdk_ddr_autodetect
-CFG_start_phyboard_polis_rdk_ddr_autodetect.pblb.imximg = $(board)/phytec-som-imx8mm/flash-header-imx8mm-phyboard-polis-rdk.imxcfg
-FILE_barebox-phyboard-polis-rdk-ddr-autodetect.img = start_phyboard_polis_rdk_ddr_autodetect.pblb.pimximg
-image-$(CONFIG_MACH_PHYTEC_SOM_IMX8MM) += barebox-phyboard-polis-rdk-ddr-autodetect.img
-
-pblb-$(CONFIG_MACH_PHYTEC_SOM_IMX8MM) += start_phyboard_polis_rdk_ddr_1g
-CFG_start_phyboard_polis_rdk_ddr_1g.pblb.imximg = $(board)/phytec-som-imx8mm/flash-header-imx8mm-phyboard-polis-rdk.imxcfg
-FILE_barebox-phyboard-polis-rdk-ddr-1g.img = start_phyboard_polis_rdk_ddr_1g.pblb.pimximg
-image-$(CONFIG_MACH_PHYTEC_SOM_IMX8MM) += barebox-phyboard-polis-rdk-ddr-1g.img
-
-pblb-$(CONFIG_MACH_PHYTEC_SOM_IMX8MM) += start_phyboard_polis_rdk_ddr_2g
-CFG_start_phyboard_polis_rdk_ddr_2g.pblb.imximg = $(board)/phytec-som-imx8mm/flash-header-imx8mm-phyboard-polis-rdk.imxcfg
-FILE_barebox-phyboard-polis-rdk-ddr-2g.img = start_phyboard_polis_rdk_ddr_2g.pblb.pimximg
-image-$(CONFIG_MACH_PHYTEC_SOM_IMX8MM) += barebox-phyboard-polis-rdk-ddr-2g.img
-
-pblb-$(CONFIG_MACH_PHYTEC_SOM_IMX8MM) += start_phyboard_polis_rdk_ddr_4g
-CFG_start_phyboard_polis_rdk_ddr_4g.pblb.imximg = $(board)/phytec-som-imx8mm/flash-header-imx8mm-phyboard-polis-rdk.imxcfg
-FILE_barebox-phyboard-polis-rdk-ddr-4g.img = start_phyboard_polis_rdk_ddr_4g.pblb.pimximg
-image-$(CONFIG_MACH_PHYTEC_SOM_IMX8MM) += barebox-phyboard-polis-rdk-ddr-4g.img
-
-pblb-$(CONFIG_MACH_PROTONIC_IMX8M) += start_prt_prt8mm
-CFG_start_prt_prt8mm.pblb.imximg = $(board)/protonic-imx8m/flash-header-prt8mm.imxcfg
-FILE_barebox-prt-prt8mm.img = start_prt_prt8mm.pblb.pimximg
-image-$(CONFIG_MACH_PROTONIC_IMX8M) += barebox-prt-prt8mm.img
-
-pblb-$(CONFIG_MACH_INNOCOMM_WB15) += start_innocomm_wb15_evk
-CFG_start_innocomm_wb15_evk.pblb.imximg = $(board)/innocomm-imx8mm-wb15/flash-header-imx8mm-wb15.imxcfg
-FILE_barebox-innocomm-imx8mm-wb15-evk.img = start_innocomm_wb15_evk.pblb.pimximg
-image-$(CONFIG_MACH_INNOCOMM_WB15) += barebox-innocomm-imx8mm-wb15-evk.img
+$(call build_imx8m_habv4img, CONFIG_MACH_NXP_IMX8MM_EVK, start_nxp_imx8mm_evk, nxp-imx8mm-evk/flash-header-imx8mm-evk, nxp-imx8mm-evk)
+
+$(call build_imx8m_habv4img, CONFIG_MACH_PHYTEC_SOM_IMX8MM, start_phyboard_polis_rdk_ddr_autodetect, phytec-som-imx8mm/flash-header-imx8mm-phyboard-polis-rdk, phyboard-polis-rdk-ddr-autodetect)
+
+$(call build_imx8m_habv4img, CONFIG_MACH_PHYTEC_SOM_IMX8MM, start_phyboard_polis_rdk_ddr_1g, phytec-som-imx8mm/flash-header-imx8mm-phyboard-polis-rdk, phyboard-polis-rdk-ddr-1g)
+
+$(call build_imx8m_habv4img, CONFIG_MACH_PHYTEC_SOM_IMX8MM, start_phyboard_polis_rdk_ddr_2g, phytec-som-imx8mm/flash-header-imx8mm-phyboard-polis-rdk, phyboard-polis-rdk-ddr-2g)
+
+$(call build_imx8m_habv4img, CONFIG_MACH_PHYTEC_SOM_IMX8MM, start_phyboard_polis_rdk_ddr_4g, phytec-som-imx8mm/flash-header-imx8mm-phyboard-polis-rdk, phyboard-polis-rdk-ddr-4g)
+
+$(call build_imx8m_habv4img, CONFIG_MACH_PROTONIC_IMX8M, start_prt_prt8mm, protonic-imx8m/flash-header-prt8mm, prt-prt8mm)
+
+$(call build_imx8m_habv4img, CONFIG_MACH_INNOCOMM_WB15, start_innocomm_wb15_evk, innocomm-imx8mm-wb15/flash-header-imx8mm-wb15, innocomm-imx8mm-wb15-evk)
# ----------------------- i.MX8mn based boards --------------------------
-pblb-$(CONFIG_MACH_NXP_IMX8MN_EVK) += start_nxp_imx8mn_evk
-CFG_start_nxp_imx8mn_evk.pblb.imximg = $(board)/nxp-imx8mn-evk/flash-header-imx8mn-evk.imxcfg
-FILE_barebox-nxp-imx8mn-evk.img = start_nxp_imx8mn_evk.pblb.pimximg
-image-$(CONFIG_MACH_NXP_IMX8MN_EVK) += barebox-nxp-imx8mn-evk.img
+$(call build_imx8m_habv4img, CONFIG_MACH_NXP_IMX8MN_EVK, start_nxp_imx8mn_evk, nxp-imx8mn-evk/flash-header-imx8mn-evk, nxp-imx8mn-evk)
# ----------------------- i.MX8mp based boards --------------------------
-pblb-$(CONFIG_MACH_NXP_IMX8MP_EVK) += start_nxp_imx8mp_evk
-CFG_start_nxp_imx8mp_evk.pblb.imximg = $(board)/nxp-imx8mp-evk/flash-header-imx8mp-evk.imxcfg
-FILE_barebox-nxp-imx8mp-evk.img = start_nxp_imx8mp_evk.pblb.pimximg
-image-$(CONFIG_MACH_NXP_IMX8MP_EVK) += barebox-nxp-imx8mp-evk.img
-
-pblb-$(CONFIG_MACH_SKOV_IMX8MP) += start_skov_imx8mp
-CFG_start_skov_imx8mp.pblb.imximg = $(board)/skov-imx8mp/flash-header-skov-imx8mp.imxcfg
-FILE_barebox-skov-imx8mp.img = start_skov_imx8mp.pblb.pimximg
-image-$(CONFIG_MACH_SKOV_IMX8MP) += barebox-skov-imx8mp.img
-
-pblb-$(CONFIG_MACH_TQ_MBA8MPXL) += start_tqma8mpxl
-CFG_start_tqma8mpxl.pblb.imximg = $(board)/tqma8mpxl/flash-header-tqma8mpxl.imxcfg
-FILE_barebox-tqma8mpxl.img = start_tqma8mpxl.pblb.pimximg
-image-$(CONFIG_MACH_TQ_MBA8MPXL) += barebox-tqma8mpxl.img
-
-pblb-$(CONFIG_MACH_POLYHEX_DEBIX) += start_polyhex_debix
-CFG_start_polyhex_debix.pblb.imximg = $(board)/polyhex-debix/flash-header-polyhex-debix.imxcfg
-FILE_barebox-polyhex-debix.img = start_polyhex_debix.pblb.pimximg
-image-$(CONFIG_MACH_POLYHEX_DEBIX) += barebox-polyhex-debix.img
-
-pblb-$(CONFIG_MACH_POLYHEX_DEBIX) += start_polyhex_debix_som_a_8g
-CFG_start_polyhex_debix_som_a_8g.pblb.imximg = $(board)/polyhex-debix/flash-header-polyhex-debix.imxcfg
-FILE_barebox-polyhex-debix-som-a-8g.img = start_polyhex_debix_som_a_8g.pblb.pimximg
-image-$(CONFIG_MACH_POLYHEX_DEBIX) += barebox-polyhex-debix-som-a-8g.img
-
-pblb-$(CONFIG_MACH_VARISCITE_DT8MCUSTOMBOARD_IMX8MP) += start_variscite_imx8mp_dart
-CFG_start_variscite_imx8mp_dart.pblb.imximg = $(board)/variscite-dt8mcustomboard-imx8mp/flash-header-imx8mp-dart.imxcfg
-FILE_barebox-variscite-imx8mp-dart-cb.img = start_variscite_imx8mp_dart.pblb.pimximg
-image-$(CONFIG_MACH_VARISCITE_DT8MCUSTOMBOARD_IMX8MP) += barebox-variscite-imx8mp-dart-cb.img
+$(call build_imx8m_habv4img, CONFIG_MACH_NXP_IMX8MP_EVK, start_nxp_imx8mp_evk, nxp-imx8mp-evk/flash-header-imx8mp-evk, nxp-imx8mp-evk)
+
+$(call build_imx8m_habv4img, CONFIG_MACH_SKOV_IMX8MP, start_skov_imx8mp, skov-imx8mp/flash-header-skov-imx8mp, skov-imx8mp)
+
+$(call build_imx8m_habv4img, CONFIG_MACH_TQ_MBA8MPXL, start_tqma8mpxl, tqma8mpxl/flash-header-tqma8mpxl, tqma8mpxl)
+
+$(call build_imx8m_habv4img, CONFIG_MACH_POLYHEX_DEBIX, start_polyhex_debix, polyhex-debix/flash-header-polyhex-debix, polyhex-debix)
+
+$(call build_imx8m_habv4img, CONFIG_MACH_POLYHEX_DEBIX, start_polyhex_debix_som_a_8g, polyhex-debix/flash-header-polyhex-debix, polyhex-debix-som-a-8g)
+
+$(call build_imx8m_habv4img, CONFIG_MACH_VARISCITE_DT8MCUSTOMBOARD_IMX8MP, start_variscite_imx8mp_dart, variscite-dt8mcustomboard-imx8mp/flash-header-imx8mp-dart, variscite-imx8mp-dart-cb)
# ----------------------- i.MX8mq based boards --------------------------
-pblb-$(CONFIG_MACH_NXP_IMX8MQ_EVK) += start_nxp_imx8mq_evk
-CFG_start_nxp_imx8mq_evk.pblb.imximg = $(board)/nxp-imx8mq-evk/flash-header-imx8mq-evk.imxcfg
-FILE_barebox-nxp-imx8mq-evk.img = start_nxp_imx8mq_evk.pblb.pimximg
-image-$(CONFIG_MACH_NXP_IMX8MQ_EVK) += barebox-nxp-imx8mq-evk.img
+$(call build_imx8m_habv4img, CONFIG_MACH_NXP_IMX8MQ_EVK, start_nxp_imx8mq_evk, nxp-imx8mq-evk/flash-header-imx8mq-evk, nxp-imx8mq-evk)
pblb-$(CONFIG_MACH_ZII_IMX8MQ_DEV) += start_zii_imx8mq_dev
CFG_start_zii_imx8mq_dev.pblb.imximg = $(board)/zii-imx8mq-dev/flash-header-zii-imx8mq-dev.imxcfg
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 10/29] ARM: boards: i.MX8M: add HAB image support
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (8 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 09/29] ARM: i.MX: convert i.MX8M to helper Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 11/29] ARM: i.MX8M: add flexspi-imx8m{m,p}-cfg.h header Marco Felsch
` (19 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
From: Rouven Czerwinski <r.czerwinski@pengutronix.de>
This adds the habv4-imx8-gencsf.h header to include HAB image commands
which are enabled if CONFIG_HABV4 is enabled.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
[m.felsch@pengutronix.de: split commit]
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
---
Changelog:
v2:
- unchanged
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
| 1 +
| 1 +
| 1 +
3 files changed, 3 insertions(+)
--git a/arch/arm/boards/nxp-imx8mm-evk/flash-header-imx8mm-evk.imxcfg b/arch/arm/boards/nxp-imx8mm-evk/flash-header-imx8mm-evk.imxcfg
index d6a536053e7d..a89243a78aed 100644
--- a/arch/arm/boards/nxp-imx8mm-evk/flash-header-imx8mm-evk.imxcfg
+++ b/arch/arm/boards/nxp-imx8mm-evk/flash-header-imx8mm-evk.imxcfg
@@ -8,3 +8,4 @@ ivtofs 0x400
flexspi_ivtofs 0x1000
flexspi_fcfbofs 0x0
+#include <mach/imx/habv4-imx8-gencsf.h>
--git a/arch/arm/boards/nxp-imx8mn-evk/flash-header-imx8mn-evk.imxcfg b/arch/arm/boards/nxp-imx8mn-evk/flash-header-imx8mn-evk.imxcfg
index a9b592e6242b..755140e7ce51 100644
--- a/arch/arm/boards/nxp-imx8mn-evk/flash-header-imx8mn-evk.imxcfg
+++ b/arch/arm/boards/nxp-imx8mn-evk/flash-header-imx8mn-evk.imxcfg
@@ -8,3 +8,4 @@ ivtofs 0x0
flexspi_ivtofs 0x0
flexspi_fcfbofs 0x400
+#include <mach/imx/habv4-imx8-gencsf.h>
--git a/arch/arm/boards/nxp-imx8mp-evk/flash-header-imx8mp-evk.imxcfg b/arch/arm/boards/nxp-imx8mp-evk/flash-header-imx8mp-evk.imxcfg
index 3bb44d199c6a..6b05c2c38c03 100644
--- a/arch/arm/boards/nxp-imx8mp-evk/flash-header-imx8mp-evk.imxcfg
+++ b/arch/arm/boards/nxp-imx8mp-evk/flash-header-imx8mp-evk.imxcfg
@@ -8,3 +8,4 @@ ivtofs 0x0
flexspi_ivtofs 0x0
flexspi_fcfbofs 0x400
+#include <mach/imx/habv4-imx8-gencsf.h>
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 11/29] ARM: i.MX8M: add flexspi-imx8m{m,p}-cfg.h header
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (9 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 10/29] ARM: boards: i.MX8M: add HAB image support Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 12/29] ARM: boards: i.MX8M: make use of new " Marco Felsch
` (18 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
Add dedicated configuration headers to be more user-friendly. No
functional change.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
---
Changelog:
v2:
- dropped ifdef guard
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
include/mach/imx/flexspi-imx8mm-cfg.h | 8 ++++++++
include/mach/imx/flexspi-imx8mp-cfg.h | 8 ++++++++
2 files changed, 16 insertions(+)
create mode 100644 include/mach/imx/flexspi-imx8mm-cfg.h
create mode 100644 include/mach/imx/flexspi-imx8mp-cfg.h
diff --git a/include/mach/imx/flexspi-imx8mm-cfg.h b/include/mach/imx/flexspi-imx8mm-cfg.h
new file mode 100644
index 000000000000..81de224fa704
--- /dev/null
+++ b/include/mach/imx/flexspi-imx8mm-cfg.h
@@ -0,0 +1,8 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+
+/*
+ * This snippet can be included from a i.MX flash header configuration
+ * file for generating FlexSPI compatible images.
+ */
+flexspi_ivtofs 0x1000
+flexspi_fcfbofs 0x0
diff --git a/include/mach/imx/flexspi-imx8mp-cfg.h b/include/mach/imx/flexspi-imx8mp-cfg.h
new file mode 100644
index 000000000000..d01adaf62cca
--- /dev/null
+++ b/include/mach/imx/flexspi-imx8mp-cfg.h
@@ -0,0 +1,8 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+
+/*
+ * This snippet can be included from a i.MX flash header configuration
+ * file for generating FlexSPI compatible images.
+ */
+flexspi_ivtofs 0x0
+flexspi_fcfbofs 0x400
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 12/29] ARM: boards: i.MX8M: make use of new flexspi-imx8m{m,p}-cfg.h header
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (10 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 11/29] ARM: i.MX8M: add flexspi-imx8m{m,p}-cfg.h header Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 13/29] ARM: lds: introduce HAB_CSF_LEN define for the hab_csf section Marco Felsch
` (17 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
Use the new config header to make it more user-friendly.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
---
Changelog:
v2:
- unchanged
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
| 3 +--
| 3 +--
| 3 +--
3 files changed, 3 insertions(+), 6 deletions(-)
--git a/arch/arm/boards/nxp-imx8mm-evk/flash-header-imx8mm-evk.imxcfg b/arch/arm/boards/nxp-imx8mm-evk/flash-header-imx8mm-evk.imxcfg
index a89243a78aed..d1d223a8ee7a 100644
--- a/arch/arm/boards/nxp-imx8mm-evk/flash-header-imx8mm-evk.imxcfg
+++ b/arch/arm/boards/nxp-imx8mm-evk/flash-header-imx8mm-evk.imxcfg
@@ -6,6 +6,5 @@ loadaddr 0x007e1000
max_load_size 0x3f000
ivtofs 0x400
-flexspi_ivtofs 0x1000
-flexspi_fcfbofs 0x0
+#include <mach/imx/flexspi-imx8mm-cfg.h>
#include <mach/imx/habv4-imx8-gencsf.h>
--git a/arch/arm/boards/nxp-imx8mn-evk/flash-header-imx8mn-evk.imxcfg b/arch/arm/boards/nxp-imx8mn-evk/flash-header-imx8mn-evk.imxcfg
index 755140e7ce51..f47ea082667c 100644
--- a/arch/arm/boards/nxp-imx8mn-evk/flash-header-imx8mn-evk.imxcfg
+++ b/arch/arm/boards/nxp-imx8mn-evk/flash-header-imx8mn-evk.imxcfg
@@ -6,6 +6,5 @@ loadaddr 0x912000
max_load_size 0x3f000
ivtofs 0x0
-flexspi_ivtofs 0x0
-flexspi_fcfbofs 0x400
+#include <mach/imx/flexspi-imx8mp-cfg.h>
#include <mach/imx/habv4-imx8-gencsf.h>
--git a/arch/arm/boards/nxp-imx8mp-evk/flash-header-imx8mp-evk.imxcfg b/arch/arm/boards/nxp-imx8mp-evk/flash-header-imx8mp-evk.imxcfg
index 6b05c2c38c03..c896c9f24832 100644
--- a/arch/arm/boards/nxp-imx8mp-evk/flash-header-imx8mp-evk.imxcfg
+++ b/arch/arm/boards/nxp-imx8mp-evk/flash-header-imx8mp-evk.imxcfg
@@ -6,6 +6,5 @@ loadaddr 0x920000
max_load_size 0x3f000
ivtofs 0x0
-flexspi_ivtofs 0x0
-flexspi_fcfbofs 0x400
+#include <mach/imx/flexspi-imx8mp-cfg.h>
#include <mach/imx/habv4-imx8-gencsf.h>
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 13/29] ARM: lds: introduce HAB_CSF_LEN define for the hab_csf section
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (11 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 12/29] ARM: boards: i.MX8M: make use of new " Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 14/29] ARM: lds: add support for a 2nd CSF area Marco Felsch
` (16 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
Introduce the HAB_CSF_LEN to make conditional size changes easier later
on. No functional change.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
---
Changelog:
v2:
- unchanged
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
arch/arm/lib/pbl.lds.S | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/arm/lib/pbl.lds.S b/arch/arm/lib/pbl.lds.S
index 2b4b1d6a9513..898d6be33b54 100644
--- a/arch/arm/lib/pbl.lds.S
+++ b/arch/arm/lib/pbl.lds.S
@@ -12,6 +12,8 @@
#define BASE (TEXT_BASE - SZ_2M)
#endif
+#define HAB_CSF_LEN 0x2000
+
OUTPUT_FORMAT(BAREBOX_OUTPUT_FORMAT)
OUTPUT_ARCH(BAREBOX_OUTPUT_ARCH)
@@ -85,7 +87,7 @@ SECTIONS
__csf_start = .;
.hab_csf : {
BYTE(0x5a);
- . += + 0x1fff;
+ . += + HAB_CSF_LEN - 1;
} = 0x5a
__csf_end = .;
#endif /* CONFIG_CPU_64 && CONFIG_HABV4 */
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 14/29] ARM: lds: add support for a 2nd CSF area
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (12 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 13/29] ARM: lds: introduce HAB_CSF_LEN define for the hab_csf section Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 15/29] scripts: imx: force flexspi and hab option order Marco Felsch
` (15 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
Extend the CSF area to be able two store two CSF slots. The 2nd CSF slot
is required in case of FlexSPI HAB boot support. The first slot is used
for the MMC-IVT + barebox-pbl; the 2nd slot is used for the FlexSPI-IVT
+ barebox-pbl. This is necessary because of the fact that the HAB ROM
code requires that the IVT is signed as well.
Make the 2nd CSF slot optional since early SRAM space is limited and 4K
can make a difference here.
Please check the documentation for a more detailed information about the
i.MX8M image layout.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
---
Changelog:
v2:
- add new Kconfig entry to select QSPI HAB support
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
arch/arm/lib/pbl.lds.S | 4 ++++
arch/arm/mach-imx/Kconfig | 6 ++++++
2 files changed, 10 insertions(+)
diff --git a/arch/arm/lib/pbl.lds.S b/arch/arm/lib/pbl.lds.S
index 898d6be33b54..cafb27b2d55e 100644
--- a/arch/arm/lib/pbl.lds.S
+++ b/arch/arm/lib/pbl.lds.S
@@ -12,7 +12,11 @@
#define BASE (TEXT_BASE - SZ_2M)
#endif
+#ifdef CONFIG_HABV4_QSPI
+#define HAB_CSF_LEN 0x4000
+#else
#define HAB_CSF_LEN 0x2000
+#endif
OUTPUT_FORMAT(BAREBOX_OUTPUT_FORMAT)
OUTPUT_ARCH(BAREBOX_OUTPUT_ARCH)
diff --git a/arch/arm/mach-imx/Kconfig b/arch/arm/mach-imx/Kconfig
index c60f1f949232..6a7d90e2c853 100644
--- a/arch/arm/mach-imx/Kconfig
+++ b/arch/arm/mach-imx/Kconfig
@@ -750,6 +750,12 @@ config HABV4
help
High Assurance Boot, as found on i.MX28/i.MX6/i.MX8M.
+config HABV4_QSPI
+ depends on HABV4
+ bool "HABv4 QPSI support"
+ help
+ Enable this option to build signed QSPI/FlexSPI images.
+
config HAB_CERTS_ENV
depends on HAB
bool "Specify certificates in environment"
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 15/29] scripts: imx: force flexspi and hab option order
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (13 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 14/29] ARM: lds: add support for a 2nd CSF area Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 16/29] scripts: imx: move flexspi_image() into header Marco Felsch
` (14 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
Force the order to ensure that the hab options are parsed after the
flexspi options. This is important since we need to know which memory
regions need to be verified and/or en-/decrypted and with the flexspi
support a 2nd header is added in between the first header and the
barebox pbl binary.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
---
Changelog:
v2:
- unchanged
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
scripts/imx/imx.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/scripts/imx/imx.c b/scripts/imx/imx.c
index e3169bace6a6..32488455b7a8 100644
--- a/scripts/imx/imx.c
+++ b/scripts/imx/imx.c
@@ -614,6 +614,12 @@ static int do_flexspi_ivtofs(struct config_data *data, int argc, char *argv[])
if (argc < 2)
return -EINVAL;
+ if (data->csf) {
+ fprintf(stderr, "#include <mach/imx/flexspi-imx8m*-cfg.h> must be placed in front "
+ "of #include <mach/imx/habv4-imx8-gencsf.h>\n");
+ return -EINVAL;
+ }
+
data->image_flexspi_ivt_offset = strtoul(argv[1], NULL, 0);
return 0;
@@ -624,6 +630,12 @@ static int do_flexspi_fcfbofs(struct config_data *data, int argc, char *argv[])
if (argc < 2)
return -EINVAL;
+ if (data->csf) {
+ fprintf(stderr, "#include <mach/imx/flexspi-imx8m*-cfg.h> must be placed in front "
+ "of #include <mach/imx/habv4-imx8-gencsf.h>\n");
+ return -EINVAL;
+ }
+
data->image_flexspi_fcfb_offset = strtoul(argv[1], NULL, 0);
return 0;
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 16/29] scripts: imx: move flexspi_image() into header
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (14 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 15/29] scripts: imx: force flexspi and hab option order Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 17/29] scripts: imx: fix i.MX8M CSF header placement Marco Felsch
` (13 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
Move the flexspi_image() into the imx.h header to make the code reusable
between imx.c and imx-image.c. No functional change.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
---
Changelog:
v2:
- unchanged
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
scripts/imx/imx-image.c | 12 ------------
scripts/imx/imx.h | 13 +++++++++++++
2 files changed, 13 insertions(+), 12 deletions(-)
diff --git a/scripts/imx/imx-image.c b/scripts/imx/imx-image.c
index 1f96b383901f..ecb16187de17 100644
--- a/scripts/imx/imx-image.c
+++ b/scripts/imx/imx-image.c
@@ -290,18 +290,6 @@ static int write_mem_v1(uint32_t addr, uint32_t val, int width, int set_bits, in
return 0;
}
-static bool flexspi_image(const struct config_data *data)
-{
- /*
- * | FlexSPI-FCFB | FlexSPI-IVT
- * -----------------------------------------
- * i.MX8MM | 0x0 | 0x1000
- * i.MX8MN/P | 0x400 | 0x0
- */
-
- return data->image_flexspi_ivt_offset || data->image_flexspi_fcfb_offset;
-}
-
/*
* ============================================================================
* i.MX flash header v2 handling. Found on i.MX50, i.MX53 and i.MX6
diff --git a/scripts/imx/imx.h b/scripts/imx/imx.h
index 08cdf8321a09..65697a9b0d43 100644
--- a/scripts/imx/imx.h
+++ b/scripts/imx/imx.h
@@ -15,4 +15,17 @@ static inline int cpu_is_mx8m(const struct config_data *data)
}
}
+static inline bool flexspi_image(const struct config_data *data)
+{
+ /*
+ * | FlexSPI-FCFB | FlexSPI-IVT
+ * -----------------------------------------
+ * i.MX8MM | 0x0 | 0x1000
+ * i.MX8MN/P | 0x400 | 0x0
+ */
+
+ return data->image_flexspi_ivt_offset ||
+ data->image_flexspi_fcfb_offset;
+}
+
int parse_config(struct config_data *data, const char *filename);
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 17/29] scripts: imx: fix i.MX8M CSF header placement
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (15 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 16/29] scripts: imx: move flexspi_image() into header Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 18/29] scripts: imx: add imx8m_get_offset_size helper Marco Felsch
` (12 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
The current boot flow is broken if both the FlexSPI image and the HAB
support is enabled. The HAB/CST tool need to take the additional FlexSPI
IVT header into account which is added in between the first IVT header
and the barebox pbl code.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
---
Changelog:
v2:
- unchanged
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
| 1 +
scripts/imx/imx-image.c | 9 +++++----
scripts/imx/imx.c | 7 ++++++-
3 files changed, 12 insertions(+), 5 deletions(-)
--git a/include/mach/imx/imx-header.h b/include/mach/imx/imx-header.h
index b11b57c37227..0ad3485eb261 100644
--- a/include/mach/imx/imx-header.h
+++ b/include/mach/imx/imx-header.h
@@ -7,6 +7,7 @@
#define HEADER_LEN 0x1000 /* length of the blank area + IVT + DCD */
#define CSF_LEN 0x2000 /* length of the CSF (needed for HAB) */
+#define FLEXSPI_HEADER_LEN HEADER_LEN
#define DEK_BLOB_HEADER 8 /* length of DEK blob header */
#define DEK_BLOB_KEY 32 /* length of DEK blob AES-256 key */
diff --git a/scripts/imx/imx-image.c b/scripts/imx/imx-image.c
index ecb16187de17..01da4cc36467 100644
--- a/scripts/imx/imx-image.c
+++ b/scripts/imx/imx-image.c
@@ -408,8 +408,6 @@ static size_t add_flexspi_fcfb_header(const struct config_data *data, void *buf)
return sizeof(nor_conf);
}
-#define FLEXSPI_HEADER_LEN HEADER_LEN
-
static size_t
add_flexspi_header(const struct config_data *data, void **_buf, size_t *header_len)
{
@@ -812,8 +810,11 @@ static int hab_sign(struct config_data *data)
* For i.MX8 insert the CSF data into the reserved CSF area
* right behind the PBL
*/
- offset = roundup(data->header_gap + data->pbl_code_size +
- HEADER_LEN, 0x1000);
+ offset = data->header_gap + data->pbl_code_size + HEADER_LEN;
+ if (flexspi_image(data))
+ offset += FLEXSPI_HEADER_LEN;
+
+ offset = roundup(offset, 0x1000);
if (data->signed_hdmi_firmware_file)
offset += PLUGIN_HDMI_SIZE;
diff --git a/scripts/imx/imx.c b/scripts/imx/imx.c
index 32488455b7a8..3cfa046504e3 100644
--- a/scripts/imx/imx.c
+++ b/scripts/imx/imx.c
@@ -347,8 +347,13 @@ static int do_hab_blocks(struct config_data *data, int argc, char *argv[])
* Ensure we only sign the PBL for i.MX8MQ
*/
if (data->pbl_code_size && cpu_is_mx8m(data)) {
+ unsigned int hdrlen = HEADER_LEN;
+
+ if (flexspi_image(data))
+ hdrlen += FLEXSPI_HEADER_LEN;
+
offset += data->header_gap;
- signed_size = roundup(data->pbl_code_size + HEADER_LEN, 0x1000);
+ signed_size = roundup(data->pbl_code_size + hdrlen, 0x1000);
if (data->signed_hdmi_firmware_file)
offset += PLUGIN_HDMI_SIZE;
}
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 18/29] scripts: imx: add imx8m_get_offset_size helper
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (16 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 17/29] scripts: imx: fix i.MX8M CSF header placement Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 19/29] scripts: imx-image: header_v2: add CSF slots Marco Felsch
` (11 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
No functional change, just move the offset and signed_size calculation
into a dedicated helper.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
---
Changelog:
v2:
- unchanged
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
scripts/imx/imx.c | 29 ++++++++++++++++++-----------
1 file changed, 18 insertions(+), 11 deletions(-)
diff --git a/scripts/imx/imx.c b/scripts/imx/imx.c
index 3cfa046504e3..933019eba449 100644
--- a/scripts/imx/imx.c
+++ b/scripts/imx/imx.c
@@ -325,6 +325,22 @@ static int do_hab(struct config_data *data, int argc, char *argv[])
return 0;
}
+static void
+imx8m_get_offset_size(struct config_data *data,
+ uint32_t *offset, uint32_t *signed_length)
+{
+ unsigned int hdrlen = HEADER_LEN;
+
+ if (flexspi_image(data))
+ hdrlen += FLEXSPI_HEADER_LEN;
+
+ *signed_size = roundup(data->pbl_code_size + hdrlen, 0x1000);
+
+ *offset += data->header_gap;
+ if (data->signed_hdmi_firmware_file)
+ *offset += PLUGIN_HDMI_SIZE;
+}
+
static int do_hab_blocks(struct config_data *data, int argc, char *argv[])
{
char *str;
@@ -346,17 +362,8 @@ static int do_hab_blocks(struct config_data *data, int argc, char *argv[])
/*
* Ensure we only sign the PBL for i.MX8MQ
*/
- if (data->pbl_code_size && cpu_is_mx8m(data)) {
- unsigned int hdrlen = HEADER_LEN;
-
- if (flexspi_image(data))
- hdrlen += FLEXSPI_HEADER_LEN;
-
- offset += data->header_gap;
- signed_size = roundup(data->pbl_code_size + hdrlen, 0x1000);
- if (data->signed_hdmi_firmware_file)
- offset += PLUGIN_HDMI_SIZE;
- }
+ if (data->pbl_code_size && cpu_is_mx8m(data))
+ imx8m_get_offset_size(data, &offset, &signed_size)
if (signed_size > 0) {
ret = asprintf(&str, "Blocks = 0x%08x 0x%08x 0x%08x \"%s\"",
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 19/29] scripts: imx-image: header_v2: add CSF slots
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (17 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 18/29] scripts: imx: add imx8m_get_offset_size helper Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 20/29] scripts: imx-image: hab_sign: refactor function Marco Felsch
` (10 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
Place the MMC/SD CSF data int slot-0 and the FlexSPI CSF data into
slot-1. This must be done since the MMC/SD and FlexSPI CSF data are
different.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
---
Changelog:
v2:
- unchanged
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
scripts/imx/imx-image.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/scripts/imx/imx-image.c b/scripts/imx/imx-image.c
index 01da4cc36467..e9eded7f0828 100644
--- a/scripts/imx/imx-image.c
+++ b/scripts/imx/imx-image.c
@@ -298,7 +298,7 @@ static int write_mem_v1(uint32_t addr, uint32_t val, int width, int set_bits, in
static size_t
add_header_v2(const struct config_data *data, void *buf, uint32_t offset,
- size_t header_len)
+ size_t header_len, unsigned int csf_slot)
{
struct imx_flash_header_v2 *hdr;
int dcdsize = curdcd * sizeof(uint32_t);
@@ -341,7 +341,7 @@ add_header_v2(const struct config_data *data, void *buf, uint32_t offset,
hdr->boot_data.size = imagesize;
if (data->sign_image) {
- hdr->csf = loadaddr + imagesize;
+ hdr->csf = loadaddr + imagesize + (csf_slot * CSF_LEN);
hdr->boot_data.size += CSF_LEN;
} else if (data->pbl_code_size && data->csf) {
/*
@@ -463,7 +463,7 @@ add_flexspi_header(const struct config_data *data, void **_buf, size_t *header_l
data->cpu_type == IMX_CPU_IMX8MN)
buf += SZ_4K;
- size += add_header_v2(data, buf, ivt_offset, len);
+ size += add_header_v2(data, buf, ivt_offset, len, 1);
*header_len += FLEXSPI_HEADER_LEN;
@@ -1018,7 +1018,7 @@ int main(int argc, char *argv[])
barebox_image_size += add_flexspi_header(&data, &buf, &header_len);
barebox_image_size += add_header_v2(&data, buf +
signed_hdmi_firmware_size,
- data.image_ivt_offset, header_len);
+ data.image_ivt_offset, header_len, 0);
break;
default:
fprintf(stderr, "Congratulations! You're welcome to implement header version %d\n",
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 20/29] scripts: imx-image: hab_sign: refactor function
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (18 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 19/29] scripts: imx-image: header_v2: add CSF slots Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 21/29] scripts: imx: replace static string allocation Marco Felsch
` (9 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
Refactor the code to make it possible to write multiple CSF blocks. This
is required for the upcoming FlexSPI CSF data fix.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
---
Changelog:
v2:
- unchanged
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
scripts/imx/imx-image.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/scripts/imx/imx-image.c b/scripts/imx/imx-image.c
index e9eded7f0828..4372ff85067b 100644
--- a/scripts/imx/imx-image.c
+++ b/scripts/imx/imx-image.c
@@ -660,7 +660,8 @@ static int nop(const struct config_data *data)
* The cst is expected to be executable as 'cst' or if exists, the content
* of the environment variable 'CST' is used.
*/
-static int hab_sign(struct config_data *data)
+static int hab_sign(struct config_data *data, const char *csfcmds,
+ unsigned int csf_slot)
{
int fd, outfd, ret, lockfd;
char *csffile, *command;
@@ -674,7 +675,7 @@ static int hab_sign(struct config_data *data)
if (!cst)
cst = "cst";
- ret = asprintf(&csffile, "%s.csfbin", data->outfile);
+ ret = asprintf(&csffile, "%s.slot%u.csfbin", data->outfile, csf_slot);
if (ret < 0)
exit(1);
@@ -743,7 +744,7 @@ static int hab_sign(struct config_data *data)
return -errno;
}
- fwrite(data->csf, 1, strlen(data->csf) + 1, f);
+ fwrite(csfcmds, 1, strlen(csfcmds) + 1, f);
pclose(f);
@@ -814,6 +815,8 @@ static int hab_sign(struct config_data *data)
if (flexspi_image(data))
offset += FLEXSPI_HEADER_LEN;
+ offset += csf_slot * CSF_LEN;
+
offset = roundup(offset, 0x1000);
if (data->signed_hdmi_firmware_file)
offset += PLUGIN_HDMI_SIZE;
@@ -1104,7 +1107,7 @@ int main(int argc, char *argv[])
}
if (data.csf && data.sign_image) {
- ret = hab_sign(&data);
+ ret = hab_sign(&data, data.csf, 0);
if (ret)
exit(1);
}
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 21/29] scripts: imx: replace static string allocation
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (19 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 20/29] scripts: imx-image: hab_sign: refactor function Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 22/29] scripts: imx: add hab_qspi support Marco Felsch
` (8 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
Make the CSF command string allocation more dynamic by introducing
strcata(lloc)(). To make it more straight forward.
Suggested-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
---
Changelog:
v2:
- new patch suggested by Sascha
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
| 1 -
scripts/imx/imx.c | 34 +++++++++++++++++++---------------
2 files changed, 19 insertions(+), 16 deletions(-)
--git a/include/mach/imx/imx-header.h b/include/mach/imx/imx-header.h
index 0ad3485eb261..372dee6cb8e9 100644
--- a/include/mach/imx/imx-header.h
+++ b/include/mach/imx/imx-header.h
@@ -115,7 +115,6 @@ struct config_data {
int (*write_mem)(const struct config_data *data, uint32_t addr,
uint32_t val, int width, int set_bits, int clear_bits);
int (*nop)(const struct config_data *data);
- int csf_space;
char *csf;
int sign_image;
char *signed_hdmi_firmware_file;
diff --git a/scripts/imx/imx.c b/scripts/imx/imx.c
index 933019eba449..50f44d5cb896 100644
--- a/scripts/imx/imx.c
+++ b/scripts/imx/imx.c
@@ -20,6 +20,23 @@
*/
#define ENCRYPT_OFFSET (HEADER_LEN + 0x10)
+static char *strcata(char *str, const char *add)
+{
+ size_t size = (str ? strlen(str) : 0) + strlen(add) + 1;
+ bool need_init = str ? false : true;
+
+ str = realloc(str, size);
+ if (!str)
+ return NULL;
+
+ if (need_init)
+ memset(str, 0, size);
+
+ strcat(str, add);
+
+ return str;
+}
+
static int parse_line(char *line, char *argv[])
{
int nargs = 0;
@@ -284,15 +301,10 @@ static int do_max_load_size(struct config_data *data, int argc, char *argv[])
static int hab_add_str(struct config_data *data, const char *str)
{
- int len = strlen(str);
-
- if (data->csf_space < len)
+ data->csf = strcata(data->csf, str);
+ if (!data->csf)
return -ENOMEM;
- strcat(data->csf, str);
-
- data->csf_space -= len;
-
return 0;
}
@@ -300,14 +312,6 @@ static int do_hab(struct config_data *data, int argc, char *argv[])
{
int i, ret;
- if (!data->csf) {
- data->csf_space = 0x10000;
-
- data->csf = calloc(data->csf_space + 1, 1);
- if (!data->csf)
- return -ENOMEM;
- }
-
for (i = 1; i < argc; i++) {
ret = hab_add_str(data, argv[i]);
if (ret)
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 22/29] scripts: imx: add hab_qspi support
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (20 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 21/29] scripts: imx: replace static string allocation Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 23/29] scripts: imx: add helper to write CSF Blocks command Marco Felsch
` (7 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
Add 'hab_qspi' command which can be specified by .imxcfg board config
files to request building HAB compatible QSPI images.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
---
Changelog:
v2:
- new patch
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
| 1 +
scripts/imx/imx.c | 20 ++++++++++++++++++++
2 files changed, 21 insertions(+)
--git a/include/mach/imx/imx-header.h b/include/mach/imx/imx-header.h
index 372dee6cb8e9..d0381f4763ee 100644
--- a/include/mach/imx/imx-header.h
+++ b/include/mach/imx/imx-header.h
@@ -120,6 +120,7 @@ struct config_data {
char *signed_hdmi_firmware_file;
int encrypt_image;
size_t dek_size;
+ bool hab_qspi_support;
};
#define MAX_RECORDS_DCD_V2 1024
diff --git a/scripts/imx/imx.c b/scripts/imx/imx.c
index 50f44d5cb896..12c0df063469 100644
--- a/scripts/imx/imx.c
+++ b/scripts/imx/imx.c
@@ -299,6 +299,23 @@ static int do_max_load_size(struct config_data *data, int argc, char *argv[])
return 0;
}
+static int do_hab_qspi(struct config_data *data, int argc, char *argv[])
+{
+ /*
+ * Force 'hab_qspi' to specified before any 'hab' to ensure correct CSF
+ * generation.
+ */
+ if (data->csf) {
+ fprintf(stderr,
+ "'hab_qspi' must be specified before any 'hab' command\n");
+ return -EINVAL;
+ }
+
+ data->hab_qspi_support = true;
+
+ return 0;
+}
+
static int hab_add_str(struct config_data *data, const char *str)
{
data->csf = strcata(data->csf, str);
@@ -709,6 +726,9 @@ struct command cmds[] = {
}, {
.name = "hab_encrypt_blocks",
.parse = do_hab_encrypt_blocks,
+ }, {
+ .name = "hab_qspi",
+ .parse = do_hab_qspi,
}, {
.name = "super_root_key",
.parse = do_super_root_key,
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 23/29] scripts: imx: add helper to write CSF Blocks command
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (21 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 22/29] scripts: imx: add hab_qspi support Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 24/29] scripts: imx: fix HAB for FlexSPI boot Marco Felsch
` (6 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
The upcoming commit fixes the HAB support for FlexSPI enabled barebox
images. This commit prepares the source to keep the diff smaller.
For the upcoming fix we need a 2nd CSF command sequence which is
basically the same as the first except for the "Blocks = ...." command.
Therefore we need to handle the blocks command separately which is done
by this commit. Please note that the struct config_data 'flexspi_csf'
member is added in the follow up commit.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
---
Changelog:
v2:
- use new strcata() helper
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
scripts/imx/imx.c | 22 ++++++++++++++++++++--
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/scripts/imx/imx.c b/scripts/imx/imx.c
index 12c0df063469..5526fe41b477 100644
--- a/scripts/imx/imx.c
+++ b/scripts/imx/imx.c
@@ -325,6 +325,24 @@ static int hab_add_str(struct config_data *data, const char *str)
return 0;
}
+static int hab_add_barebox_blocks(struct config_data *data,
+ const char *csf_str,
+ const char *flexspi_csf_str)
+{
+ data->csf = strcata(data->csf, csf_str);
+ if (!data->csf)
+ return -ENOMEM;
+
+ if (!flexspi_csf_str)
+ return 0;
+
+ data->flexspi_csf = strcata(data->flexspi_csf, flexspi_csf_str);
+ if (!data->flexspi_csf)
+ return -ENOMEM;
+
+ return 0;
+}
+
static int do_hab(struct config_data *data, int argc, char *argv[])
{
int i, ret;
@@ -364,7 +382,7 @@ imx8m_get_offset_size(struct config_data *data,
static int do_hab_blocks(struct config_data *data, int argc, char *argv[])
{
- char *str;
+ char *str, *flexspi_str = NULL;
int ret;
int i;
uint32_t signed_size = data->load_size;
@@ -399,7 +417,7 @@ static int do_hab_blocks(struct config_data *data, int argc, char *argv[])
if (ret < 0)
return -ENOMEM;
- ret = hab_add_str(data, str);
+ ret = hab_add_barebox_blocks(data, str, flexspi_str);
free(str);
if (ret)
return ret;
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 24/29] scripts: imx: fix HAB for FlexSPI boot
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (22 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 23/29] scripts: imx: add helper to write CSF Blocks command Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 25/29] scripts: imx-image: add missing close() Marco Felsch
` (5 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
The HAB FlexSPI boot use-case is currently broken, albeit the BootROM
does the same steps as for MMC/SD. To fix this we need a 2nd CSF slot,
since the HAB ROM code expect the IVT and payload data to be signed by
the code signing tool (CST) and the MMC/SD IVT does differ slightly from
the FlexSPI IVT.
Please check the upcoming documentation patch for a in detail image
layout overview.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
---
Changelog:
v2:
- always use 'flexspi_csf' to decide if HAB signing for QSPI is required
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
| 1 +
scripts/imx/imx-image.c | 9 +++++++++
scripts/imx/imx.c | 37 ++++++++++++++++++++++++++++++++---
3 files changed, 44 insertions(+), 3 deletions(-)
--git a/include/mach/imx/imx-header.h b/include/mach/imx/imx-header.h
index d0381f4763ee..08329e3d0561 100644
--- a/include/mach/imx/imx-header.h
+++ b/include/mach/imx/imx-header.h
@@ -116,6 +116,7 @@ struct config_data {
uint32_t val, int width, int set_bits, int clear_bits);
int (*nop)(const struct config_data *data);
char *csf;
+ char *flexspi_csf;
int sign_image;
char *signed_hdmi_firmware_file;
int encrypt_image;
diff --git a/scripts/imx/imx-image.c b/scripts/imx/imx-image.c
index 4372ff85067b..8c4cc771ee28 100644
--- a/scripts/imx/imx-image.c
+++ b/scripts/imx/imx-image.c
@@ -343,6 +343,8 @@ add_header_v2(const struct config_data *data, void *buf, uint32_t offset,
if (data->sign_image) {
hdr->csf = loadaddr + imagesize + (csf_slot * CSF_LEN);
hdr->boot_data.size += CSF_LEN;
+ if (data->flexspi_csf)
+ hdr->boot_data.size += CSF_LEN;
} else if (data->pbl_code_size && data->csf) {
/*
* For i.MX8 the CSF space is added via the linker script, so
@@ -350,6 +352,8 @@ add_header_v2(const struct config_data *data, void *buf, uint32_t offset,
* signing is not.
*/
hdr->boot_data.size += CSF_LEN;
+ if (data->flexspi_csf)
+ hdr->boot_data.size += CSF_LEN;
}
buf += sizeof(*hdr);
@@ -1110,6 +1114,11 @@ int main(int argc, char *argv[])
ret = hab_sign(&data, data.csf, 0);
if (ret)
exit(1);
+ if (data.flexspi_csf) {
+ ret = hab_sign(&data, data.flexspi_csf, 1);
+ if (ret)
+ exit(1);
+ }
}
if (create_usb_image) {
diff --git a/scripts/imx/imx.c b/scripts/imx/imx.c
index 5526fe41b477..5ccc116cfe3c 100644
--- a/scripts/imx/imx.c
+++ b/scripts/imx/imx.c
@@ -322,6 +322,13 @@ static int hab_add_str(struct config_data *data, const char *str)
if (!data->csf)
return -ENOMEM;
+ if (!data->hab_qspi_support)
+ return 0;
+
+ data->flexspi_csf = strcata(data->flexspi_csf, str);
+ if (!data->flexspi_csf)
+ return -ENOMEM;
+
return 0;
}
@@ -366,7 +373,8 @@ static int do_hab(struct config_data *data, int argc, char *argv[])
static void
imx8m_get_offset_size(struct config_data *data,
- uint32_t *offset, uint32_t *signed_length)
+ uint32_t *offset, uint32_t *signed_size,
+ uint32_t *flexspi_offset, uint32_t *flexspi_signed_size)
{
unsigned int hdrlen = HEADER_LEN;
@@ -374,10 +382,22 @@ imx8m_get_offset_size(struct config_data *data,
hdrlen += FLEXSPI_HEADER_LEN;
*signed_size = roundup(data->pbl_code_size + hdrlen, 0x1000);
+ *flexspi_signed_size = roundup(data->pbl_code_size + FLEXSPI_HEADER_LEN,
+ 0x1000);
*offset += data->header_gap;
- if (data->signed_hdmi_firmware_file)
+ *flexspi_offset += data->header_gap;
+ /*
+ * Starting with i.MX8MP/N the FlexSPI IVT offset is 0x0 but the primary
+ * image offset is at 0x1000.
+ */
+ if (data->cpu_type != IMX_CPU_IMX8MM)
+ *flexspi_offset += HEADER_LEN;
+
+ if (data->signed_hdmi_firmware_file) {
*offset += PLUGIN_HDMI_SIZE;
+ *flexspi_offset += PLUGIN_HDMI_SIZE;
+ }
}
static int do_hab_blocks(struct config_data *data, int argc, char *argv[])
@@ -386,7 +406,9 @@ static int do_hab_blocks(struct config_data *data, int argc, char *argv[])
int ret;
int i;
uint32_t signed_size = data->load_size;
+ uint32_t flexspi_signed_size = signed_size;
uint32_t offset = data->image_ivt_offset;
+ uint32_t flexspi_offset = data->image_flexspi_ivt_offset;
if (!data->csf)
return -EINVAL;
@@ -402,12 +424,20 @@ static int do_hab_blocks(struct config_data *data, int argc, char *argv[])
* Ensure we only sign the PBL for i.MX8MQ
*/
if (data->pbl_code_size && cpu_is_mx8m(data))
- imx8m_get_offset_size(data, &offset, &signed_size)
+ imx8m_get_offset_size(data, &offset, &signed_size,
+ &flexspi_offset, &flexspi_signed_size);
if (signed_size > 0) {
ret = asprintf(&str, "Blocks = 0x%08x 0x%08x 0x%08x \"%s\"",
data->image_load_addr + data->image_ivt_offset, offset,
signed_size - data->image_ivt_offset, data->outfile);
+ if (data->flexspi_csf)
+ ret |= asprintf(&flexspi_str,
+ "Blocks = 0x%08x 0x%08x 0x%08x \"%s\"",
+ data->image_load_addr +
+ data->image_flexspi_ivt_offset,
+ flexspi_offset, flexspi_signed_size,
+ data->outfile);
} else {
fprintf(stderr, "Invalid signed size area 0x%08x\n",
signed_size);
@@ -419,6 +449,7 @@ static int do_hab_blocks(struct config_data *data, int argc, char *argv[])
ret = hab_add_barebox_blocks(data, str, flexspi_str);
free(str);
+ free(flexspi_str);
if (ret)
return ret;
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 25/29] scripts: imx-image: add missing close()
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (23 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 24/29] scripts: imx: fix HAB for FlexSPI boot Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 26/29] scripts: imx-image: add support for CST_EXTRA_CMDLINE_OPTIONS Marco Felsch
` (4 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
Close the csfbin file after we read it into buf.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
---
Changelog:
v2:
- unchaned
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
scripts/imx/imx-image.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/scripts/imx/imx-image.c b/scripts/imx/imx-image.c
index 8c4cc771ee28..4a0a44b3a9b3 100644
--- a/scripts/imx/imx-image.c
+++ b/scripts/imx/imx-image.c
@@ -796,6 +796,8 @@ static int hab_sign(struct config_data *data, const char *csfcmds,
xread(fd, buf, s.st_size);
+ close(fd);
+
/*
* For i.MX8M, write into the reserved CSF section
*/
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 26/29] scripts: imx-image: add support for CST_EXTRA_CMDLINE_OPTIONS
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (24 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 25/29] scripts: imx-image: add missing close() Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 27/29] ARM: i.MX: add hab qspi support if enabled Marco Felsch
` (3 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
Add CST_EXTRA_CMDLINE_OPTIONS environment variable to allow build tools
like PTXdist or Yocto to pass additional cst command line options. This
becomes important for newer cst versions (> 3.3.1) since they support
multiple backends: ssl (default) and pkcs11.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
---
Changelog:
v2:
- unchaned
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
scripts/imx/imx-image.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/scripts/imx/imx-image.c b/scripts/imx/imx-image.c
index 4a0a44b3a9b3..8a5768ca8b62 100644
--- a/scripts/imx/imx-image.c
+++ b/scripts/imx/imx-image.c
@@ -670,7 +670,7 @@ static int hab_sign(struct config_data *data, const char *csfcmds,
int fd, outfd, ret, lockfd;
char *csffile, *command;
struct stat s;
- char *cst;
+ char *cst, *cstopts;
void *buf;
size_t csf_space = CSF_LEN;
unsigned int offset = 0;
@@ -679,6 +679,10 @@ static int hab_sign(struct config_data *data, const char *csfcmds,
if (!cst)
cst = "cst";
+ cstopts = getenv("CST_EXTRA_CMDLINE_OPTIONS");
+ if (!cstopts)
+ cstopts = "";
+
ret = asprintf(&csffile, "%s.slot%u.csfbin", data->outfile, csf_slot);
if (ret < 0)
exit(1);
@@ -716,11 +720,11 @@ static int hab_sign(struct config_data *data, const char *csfcmds,
if (ret == -1)
return -EINVAL;
else if (ret == 0)
- ret = asprintf(&command, "%s -o %s -i /dev/stdin",
- cst, csffile);
+ ret = asprintf(&command, "%s -o %s -i /dev/stdin %s",
+ cst, csffile, cstopts);
else
- ret = asprintf(&command, "%s -o %s;",
- cst, csffile);
+ ret = asprintf(&command, "%s -o %s %s;",
+ cst, csffile, cstopts);
if (ret < 0)
return -ENOMEM;
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 27/29] ARM: i.MX: add hab qspi support if enabled
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (25 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 26/29] scripts: imx-image: add support for CST_EXTRA_CMDLINE_OPTIONS Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 28/29] Documentation: boards: imx: replace i.MX8MQ with i.MX8M Marco Felsch
` (2 subsequent siblings)
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
Set the 'hab_qspi' commando if CONFIG_HABV4_QSPI is enabled to build
QSPI HAB images.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
---
Changelog:
v2:
- new patch
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
include/mach/imx/habv4-imx8-gencsf.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/include/mach/imx/habv4-imx8-gencsf.h b/include/mach/imx/habv4-imx8-gencsf.h
index b50788127eff..5f92ceceab00 100644
--- a/include/mach/imx/habv4-imx8-gencsf.h
+++ b/include/mach/imx/habv4-imx8-gencsf.h
@@ -10,6 +10,9 @@
* CONFIG_HABV4_IMG_CRT_PEM
*/
#if defined(CONFIG_HABV4) && defined(CONFIG_CPU_64)
+#if defined(CONFIG_HABV4_QSPI)
+hab_qspi
+#endif
hab [Header]
hab Version = 4.3
hab Hash Algorithm = sha256
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 28/29] Documentation: boards: imx: replace i.MX8MQ with i.MX8M
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (26 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 27/29] ARM: i.MX: add hab qspi support if enabled Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-17 14:51 ` [PATCH v2 29/29] Documentation: boards: imx: add FlexSPI sub-section Marco Felsch
2023-10-18 8:08 ` [PATCH v2 00/29] i.MX8M HAB Fixes Sascha Hauer
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
Some parts of the documentation refer to the i.MX8MQ which are valid for
all i.MX8M SoCs. Also rename the i.MX8 to i.MX8M to make it clear which
family we meant.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
---
Changelog:
v2:
- unchaned
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
Documentation/boards/imx.rst | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/Documentation/boards/imx.rst b/Documentation/boards/imx.rst
index c64446aff640..a8f014dd1b91 100644
--- a/Documentation/boards/imx.rst
+++ b/Documentation/boards/imx.rst
@@ -21,7 +21,7 @@ The Internal Boot Mode is supported on:
* i.MX53
* i.MX6
* i.MX7
-* i.MX8MQ
+* i.MX8M
With the Internal Boot Mode, the images contain a header which describes
where the binary shall be loaded and started. These headers also contain
@@ -64,8 +64,8 @@ of the image to the card, use:
dd if=images/barebox-freescale-imx51-babbage.img of=/dev/sdd bs=1024 skip=1 seek=1
-Note that MaskROM on i.MX8 expects the image to start at the +33KiB mark, so the
-following command has to be used instead:
+Note that MaskROM on i.MX8M expects the image to start at the +33KiB mark, so
+the following command has to be used instead:
.. code-block:: sh
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* [PATCH v2 29/29] Documentation: boards: imx: add FlexSPI sub-section
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (27 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 28/29] Documentation: boards: imx: replace i.MX8MQ with i.MX8M Marco Felsch
@ 2023-10-17 14:51 ` Marco Felsch
2023-10-18 8:08 ` [PATCH v2 00/29] i.MX8M HAB Fixes Sascha Hauer
29 siblings, 0 replies; 31+ messages in thread
From: Marco Felsch @ 2023-10-17 14:51 UTC (permalink / raw)
To: barebox
Document the FlexSPI image and boot feature to make it easier for users
to enable the support. Also document the image layout since it became
more complex with FlexSPI and HAB, so a detailed overview is very
helpful.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
---
Changelog:
v2:
- Adapt wording to reflect new CONFIG_HABV4_QSPI config
- v1-link: https://lore.barebox.org/barebox/20231010143314.2031253-1-m.felsch@pengutronix.de/T/#t
Documentation/boards/imx.rst | 80 ++++++++++++++++++++++++++++++++++++
1 file changed, 80 insertions(+)
diff --git a/Documentation/boards/imx.rst b/Documentation/boards/imx.rst
index a8f014dd1b91..2a5168190620 100644
--- a/Documentation/boards/imx.rst
+++ b/Documentation/boards/imx.rst
@@ -394,6 +394,86 @@ with only the image name as argument:
scripts/imx/imx-usb-loader images/barebox-freescale-imx51-babbage.img
+FlexSPI Boot
+^^^^^^^^^^^^
+
+FlexSPI boot is currently supported on: i.MX8MM, i.MX8MN and i.MX8MP.
+
+To generate FlexSPI/QSPI image(s) the board flash header file must specify:
+``flexspi_ivtofs`` and ``flexspi_fcfbofs``.
+
+It is recommended to do this via the ``include/mach/imx/flexspi-imx8m*-cfg.h``
+header files.
+
+.. code-block:: none
+
+ #include <mach/imx/flexspi-imx8mp-cfg.h>
+
+There are two different headers, one for the i.MX8MM and one for the i.MX8MP/N.
+It's important to use the correct one because the BootROM expects the IVT and
+flash configuration block (FCB) on different offsets.
+
+Barebox doesn't generate a separate FlexSPI image instead the same image used
+for SD/MMC/USB is extended to support FlexSPI boot. This is done by adding a 2nd
+IVT header and the required FCB at the required boot offsets.
+
+Barebox also support `High Assurance Boot`_ images for QSPI boot mediums. This
+feature must be enabled via the ``CONFIG_HABV4_QSPI`` option. The below figures
+show a fully featured MMC/SD/USB/FlexSPI image with enabled HAB support for the
+i.MX8M family.
+
+i.MX8MM layout::
+
+ 0x0 +------------------------------------------+
+ | Barebox Header |
+ header_gap +------------------------------------------+
+ | FlexSPI Flash Configuration Block (FCFB) |
+ header_gap + 0x400 +------------------------------------------+ ---
+ | i.MX MMC/SD/USB IVT Header | |
+ | Boot Data +--. |
+ | CSF Pointer +--|--. |
+ header_gap + 0x1000 +------------------------------------------+ | | --- |
+ | i.MX FlexSPI IVT Header | | | | | Signed Area
+ | Boot Data +--+ | | | MMC/SD/
+ | CSF Pointer +--|--|--. | Signed Area | USB
+ header_gap + 0x2000 +------------------------------------------+ | | | | FlexSPI |
+ | Barebox Prebootloader (PBL) |<-´ | | | |
+ | Piggydata Hash (SHA256) | | | | |
+ +------------------------------------------+ | | --- ---
+ | Command Sequence File (CSF) Slot-0 |<----´ |
+ +------------------------------------------+ |
+ | Command Sequence File (CSF) Slot-1 |<-------´
+ +------------------------------------------+ ---
+ | Piggydata (Main Barebox Binary) | | Hashed Area
+ +------------------------------------------+ ---
+
+i.MX8MP/N layout::
+
+ 0x0 +------------------------------------------+
+ | Barebox Header |
+ header_gap +------------------------------------------+ ---
+ | i.MX MMC/SD/USB IVT Header | |
+ | Boot Data +--. |
+ | CSF Pointer +--|--. |
+ header_gap + 0x400 +------------------------------------------+ | | |
+ | FlexSPI Flash Configuration Block (FCFB) | | | | Signed Area
+ header_gap + 0x1000 +------------------------------------------+ | | --- | MMC/SD/
+ | i.MX FlexSPI IVT Header | | | | | USB
+ | Boot Data +--+ | | |
+ | CSF Pointer +--|--|--. | Signed Area |
+ header_gap + 0x2000 +------------------------------------------+ | | | | FlexSPI |
+ | Barebox Prebootloader (PBL) |<-´ | | | |
+ | Piggydata Hash (SHA256) | | | | |
+ +------------------------------------------+ | | --- ---
+ | Command Sequence File (CSF) Slot-0 |<----´ |
+ +------------------------------------------+ |
+ | Command Sequence File (CSF) Slot-1 |<-------´
+ +------------------------------------------+ ---
+ | Piggydata (Main Barebox Binary) | | Hashed Area
+ +------------------------------------------+ ---
+
+At the moment ``header_gap`` is always 32K for all supported devices.
+
External Boot Mode
------------------
--
2.39.2
^ permalink raw reply [flat|nested] 31+ messages in thread
* Re: [PATCH v2 00/29] i.MX8M HAB Fixes
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
` (28 preceding siblings ...)
2023-10-17 14:51 ` [PATCH v2 29/29] Documentation: boards: imx: add FlexSPI sub-section Marco Felsch
@ 2023-10-18 8:08 ` Sascha Hauer
29 siblings, 0 replies; 31+ messages in thread
From: Sascha Hauer @ 2023-10-18 8:08 UTC (permalink / raw)
To: Marco Felsch; +Cc: barebox
On Tue, Oct 17, 2023 at 04:51:02PM +0200, Marco Felsch wrote:
> Hi all,
>
> unfortunately with the addition of the FlexSPI image support I broke
> the HAB support for i.MX8M devices because I didn't honored the new CSF
> location. This PR will fix this for the MMC/SD/USB boot case.
>
> Additional the PR adds the support to HAB boot the system from a QSPI
> NOR as well. For the FlexSPI HAB boot a 2nd CSF slot/area is added to
> keep the very user-friendly single-image approach.
>
> Before reviewing Patch13 and onwards I do recommend to look at Patch26
> first to get an overview of the final result.
>
> Patch1-7:
> Cleanup the hab command code and image artifacts and enable it support
> for all i.MX8M devices.
>
> Patch8-9:
> Add the signing support to the Makefile.imx and convert the i.MX8M rules
> to use the new macro to cleanup the code.
>
> Patch10-12:
> Prepare i.MX8M*-EVKs to be able to build signed images.
>
> Patch13-14:
> Add support for multiple CSF slots.
>
> Patch15-23:
> Fix the HAB support for MMC/SD card first and add/fix the HAB support
> for FlexSPI images.
>
> Patch24:
> Make it possible to pass CST command line paramters via environment.
> This is very useful for new CST versions which do support PKCS11
> out-of-the box if the user specify the backend via '-b pkcs11'.
>
> Patch25-26:
> Documentation patches to become an overview of the FlexSPI HAB single
> image implementation.
>
> Testers are very welcome :)
>
> Marco Felsch (20):
> i.MX: HAB: remove unused init() hook
> ARM: i.MX8M: add flexspi-imx8m{m,p}-cfg.h header
> ARM: boards: i.MX8M: make use of new flexspi-imx8m{m,p}-cfg.h header
> ARM: lds: introduce HAB_CSF_LEN define for the hab_csf section
> ARM: lds: add support for a 2nd CSF area
> scripts: imx: force flexspi and hab option order
> scripts: imx: move flexspi_image() into header
> scripts: imx: fix i.MX8M CSF header placement
> scripts: imx: add imx8m_get_offset_size helper
> scripts: imx-image: header_v2: add CSF slots
> scripts: imx-image: hab_sign: refactor function
> scripts: imx: replace static string allocation
> scripts: imx: add hab_qspi support
> scripts: imx: add helper to write CSF Blocks command
> scripts: imx: fix HAB for FlexSPI boot
> scripts: imx-image: add missing close()
> scripts: imx-image: add support for CST_EXTRA_CMDLINE_OPTIONS
> ARM: i.MX: add hab qspi support if enabled
> Documentation: boards: imx: replace i.MX8MQ with i.MX8M
> Documentation: boards: imx: add FlexSPI sub-section
>
> Rouven Czerwinski (9):
> kbuild: clean start*_*.{p,ps}imximg files
> i.MX: HABv4: fix event status comparison
> i.MX: HABv4: fix i.MX8MQ device lockdown
> i.MX: HABv4: extend support to i.MX8M SoCs
> i.MX: HABv4: retrieve HAB ROM version for i.MX8M
> ARM: i.MX: allow HAB for i.MX8M family
> ARM: i.MX: introduce build_imx8m_habv4img
> ARM: i.MX: convert i.MX8M to helper
> ARM: boards: i.MX8M: add HAB image support
Applied, thanks
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 31+ messages in thread
end of thread, other threads:[~2023-10-18 8:09 UTC | newest]
Thread overview: 31+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-10-17 14:51 [PATCH v2 00/29] i.MX8M HAB Fixes Marco Felsch
2023-10-17 14:51 ` [PATCH v2 01/29] kbuild: clean start*_*.{p,ps}imximg files Marco Felsch
2023-10-17 14:51 ` [PATCH v2 02/29] i.MX: HABv4: fix event status comparison Marco Felsch
2023-10-17 14:51 ` [PATCH v2 03/29] i.MX: HABv4: fix i.MX8MQ device lockdown Marco Felsch
2023-10-17 14:51 ` [PATCH v2 04/29] i.MX: HAB: remove unused init() hook Marco Felsch
2023-10-17 14:51 ` [PATCH v2 05/29] i.MX: HABv4: extend support to i.MX8M SoCs Marco Felsch
2023-10-17 14:51 ` [PATCH v2 06/29] i.MX: HABv4: retrieve HAB ROM version for i.MX8M Marco Felsch
2023-10-17 14:51 ` [PATCH v2 07/29] ARM: i.MX: allow HAB for i.MX8M family Marco Felsch
2023-10-17 14:51 ` [PATCH v2 08/29] ARM: i.MX: introduce build_imx8m_habv4img Marco Felsch
2023-10-17 14:51 ` [PATCH v2 09/29] ARM: i.MX: convert i.MX8M to helper Marco Felsch
2023-10-17 14:51 ` [PATCH v2 10/29] ARM: boards: i.MX8M: add HAB image support Marco Felsch
2023-10-17 14:51 ` [PATCH v2 11/29] ARM: i.MX8M: add flexspi-imx8m{m,p}-cfg.h header Marco Felsch
2023-10-17 14:51 ` [PATCH v2 12/29] ARM: boards: i.MX8M: make use of new " Marco Felsch
2023-10-17 14:51 ` [PATCH v2 13/29] ARM: lds: introduce HAB_CSF_LEN define for the hab_csf section Marco Felsch
2023-10-17 14:51 ` [PATCH v2 14/29] ARM: lds: add support for a 2nd CSF area Marco Felsch
2023-10-17 14:51 ` [PATCH v2 15/29] scripts: imx: force flexspi and hab option order Marco Felsch
2023-10-17 14:51 ` [PATCH v2 16/29] scripts: imx: move flexspi_image() into header Marco Felsch
2023-10-17 14:51 ` [PATCH v2 17/29] scripts: imx: fix i.MX8M CSF header placement Marco Felsch
2023-10-17 14:51 ` [PATCH v2 18/29] scripts: imx: add imx8m_get_offset_size helper Marco Felsch
2023-10-17 14:51 ` [PATCH v2 19/29] scripts: imx-image: header_v2: add CSF slots Marco Felsch
2023-10-17 14:51 ` [PATCH v2 20/29] scripts: imx-image: hab_sign: refactor function Marco Felsch
2023-10-17 14:51 ` [PATCH v2 21/29] scripts: imx: replace static string allocation Marco Felsch
2023-10-17 14:51 ` [PATCH v2 22/29] scripts: imx: add hab_qspi support Marco Felsch
2023-10-17 14:51 ` [PATCH v2 23/29] scripts: imx: add helper to write CSF Blocks command Marco Felsch
2023-10-17 14:51 ` [PATCH v2 24/29] scripts: imx: fix HAB for FlexSPI boot Marco Felsch
2023-10-17 14:51 ` [PATCH v2 25/29] scripts: imx-image: add missing close() Marco Felsch
2023-10-17 14:51 ` [PATCH v2 26/29] scripts: imx-image: add support for CST_EXTRA_CMDLINE_OPTIONS Marco Felsch
2023-10-17 14:51 ` [PATCH v2 27/29] ARM: i.MX: add hab qspi support if enabled Marco Felsch
2023-10-17 14:51 ` [PATCH v2 28/29] Documentation: boards: imx: replace i.MX8MQ with i.MX8M Marco Felsch
2023-10-17 14:51 ` [PATCH v2 29/29] Documentation: boards: imx: add FlexSPI sub-section Marco Felsch
2023-10-18 8:08 ` [PATCH v2 00/29] i.MX8M HAB Fixes Sascha Hauer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox