[U-Boot] [PATCH v3 00/11] Allow secure boot on AM33xx devices
Hello all,
I've recently been tasked with enabling authenticated boot for AM33xx based devices. This work is similar to what has already been done for the AM43xx and AM57xx SoCs and leverages much of the infrastructure from them.
The big difference here is the size of SRAM available on AM33xx being much less than on the other SoCs, when performing a secure boot this limits the maximum size of the SPL to just ~41k, the SPL currently generated for AM33xx SoCs is ~70k.
I have added a defconfig for booting from mmc, but it is RFC for now as the generated SPL is still much too large to fit into SRAM on HS devices. If you would like to help out you can build this defconfig and it will report by how much we have overflowed SRAM, any help reducing this would be greatly appreciated.
Thanks, Andrew
Changes from v2: - Dropping the SPL_*_SUPPORT patches as Simon is already way ahead of me on this front[0]. - Minor re-organization of the patches, dropped a couple that I didn't feel were important enough to continue working right now.
Changes from v1: - I've moved the cleanup patches to the end of the series and now consider them RFCs. I also do not move any Kconfig options over as this can be performed automatically but will need to be done by someone who understands the build system better than me. - Separate additional AM33xx SOC based boards out from the SoC definition in patch #1.
[0] https://www.mail-archive.com/u-boot@lists.denx.de/msg222736.html
Andrew F. Davis (11): spl: Kconfig: Add SPL_<media>_BOOT as Kconfig option Kconfig: Separate AM33XX SOC config from target board config am33xx: config.mk: Add support for additional secure boot image types doc: Update info on using AM33xx secure devices from TI am33xx: config.mk: Fix option used to enable SPI SPL image type board: am33xx-hs: Allow post-processing of FIT image on AM33xx ti: omap-common: Allow AM33xx devices to be built securely am335x: configs: Use ISW_ENTRY_ADDR to set SPL_TEXT_BASE config: Remove usage of CONFIG_STORAGE_EMMC ti_armv7_common: Disable Falcon Mode on HS devices defconfig: Add a config for AM335x High Security EVM with SD Boot support
arch/arm/Kconfig | 98 +++------------------- arch/arm/cpu/armv7/am33xx/Kconfig | 86 +++++++++++++++++++ arch/arm/cpu/armv7/am33xx/config.mk | 29 ++++++- arch/arm/cpu/armv7/omap-common/Kconfig | 2 +- board/ti/am335x/board.c | 8 ++ common/Kconfig | 69 +++++++++++++++ configs/am335x_baltos_defconfig | 1 + configs/am335x_boneblack_defconfig | 1 + configs/am335x_boneblack_vboot_defconfig | 1 + configs/am335x_evm_defconfig | 1 + configs/am335x_evm_nor_defconfig | 1 + configs/am335x_evm_norboot_defconfig | 1 + configs/am335x_evm_spiboot_defconfig | 1 + configs/am335x_evm_usbspl_defconfig | 1 + ...x_evm_defconfig => am335x_hs_evm_mmc_defconfig} | 8 +- configs/am335x_igep0033_defconfig | 1 + configs/am335x_shc_defconfig | 1 + configs/am335x_shc_ict_defconfig | 1 + configs/am335x_shc_netboot_defconfig | 1 + configs/am335x_shc_prompt_defconfig | 1 + configs/am335x_shc_sdboot_defconfig | 1 + configs/am335x_shc_sdboot_prompt_defconfig | 1 + configs/am335x_sl50_defconfig | 1 + configs/birdland_bav335a_defconfig | 1 + configs/birdland_bav335b_defconfig | 1 + configs/cm_t335_defconfig | 1 + configs/pcm051_rev1_defconfig | 1 + configs/pcm051_rev3_defconfig | 1 + configs/pengwyn_defconfig | 1 + configs/pepper_defconfig | 1 + doc/README.ti-secure | 32 +++++++ include/configs/am335x_evm.h | 2 - include/configs/am335x_shc.h | 2 - include/configs/am335x_sl50.h | 2 - include/configs/bav335x.h | 2 - include/configs/ti_am335x_common.h | 3 +- include/configs/ti_armv7_common.h | 15 ++-- 37 files changed, 274 insertions(+), 107 deletions(-) copy configs/{am335x_evm_defconfig => am335x_hs_evm_mmc_defconfig} (86%)
Currently U-Boot proper has Kconfig options that enable the generation of U-Boot binaries that are capable of being booted from the selected boot media type. The same set of generation targets for SPL are assumed with various methods and config header hackery. On some platforms the options for SPL, such as load address, are dependent on boot type and cannot depend on boot image type selected for U-Boot proper. Add a Kconfig menu to select SPL boot image types, and populate it with the same media types as are already available for U-Boot proper.
NOTE: As only a couple TI devices use make correct use of these options we limit the menu to these devices for now. The only other users of these seem to be some PPC boards that incorrectly use these as both SPL and TPL build options.
Signed-off-by: Andrew F. Davis afd@ti.com --- common/Kconfig | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+)
diff --git a/common/Kconfig b/common/Kconfig index 46e7173..a05d2ab 100644 --- a/common/Kconfig +++ b/common/Kconfig @@ -156,6 +156,75 @@ config SPI_BOOT booted via SPI flash. This is not a must, some SoCs need this, somes not.
+menu "SPL Boot media" + depends on SPL && (AM33XX || AM43XX) + +config SPL_NOR_BOOT + bool "Support for booting SPL from NOR flash" + default n + help + Enabling this will make an SPL binary that is capable of being + booted via NOR flash. This is not a must, some SoCs need this, + some do not. + +config SPL_NAND_BOOT + bool "Support for booting SPL from NAND flash" + default n + help + Enabling this will make an SPL binary that is capable of being + booted via NAND flash. This is not a must, some SoCs need this, + some do not. + +config SPL_ONENAND_BOOT + bool "Support for booting SPL from ONENAND" + default n + help + Enabling this will make an SPL binary that is capable of being + booted via ONENAND. This is not a must, some SoCs need this, + some do not. + +config SPL_QSPI_BOOT + bool "Support for booting SPL from QSPI flash" + default n + help + Enabling this will make an SPL binary that is capable of being + booted via QSPI flash. This is not a must, some SoCs need this, + some do not. + +config SPL_SATA_BOOT + bool "Support for booting SPL from SATA" + default n + help + Enabling this will make an SPL binary that is capable of being + booted via SATA. This is not a must, some SoCs need this, + some do not. + +config SPL_SD_BOOT + bool "Support for booting SPL from SD/MMC/eMMC" + default n + help + Enabling this will make an SPL binary that is capable of being + booted via SD/MMC/eMMC. This is not a must, some SoCs need this, + some do not. + +config SPL_SPI_BOOT + bool "Support for booting SPL from SPI flash" + default n + help + Enabling this will make an SPL binary that is capable of being + booted via SPI flash. This is not a must, some SoCs need this, + some do not. + +config SPL_UART_BOOT + bool "Support for booting SPL from UART" + default n + help + Enabling this will make an SPL binary that is capable of being + booted via UART. This is not a must, some SoCs need this, + some do not. + +endmenu + endmenu
config BOOTDELAY
On Thu, Aug 25, 2016 at 04:45:31PM -0500, Andrew F. Davis wrote:
Currently U-Boot proper has Kconfig options that enable the generation of U-Boot binaries that are capable of being booted from the selected boot media type. The same set of generation targets for SPL are assumed with various methods and config header hackery. On some platforms the options for SPL, such as load address, are dependent on boot type and cannot depend on boot image type selected for U-Boot proper. Add a Kconfig menu to select SPL boot image types, and populate it with the same media types as are already available for U-Boot proper.
NOTE: As only a couple TI devices use make correct use of these options we limit the menu to these devices for now. The only other users of these seem to be some PPC boards that incorrectly use these as both SPL and TPL build options.
Signed-off-by: Andrew F. Davis afd@ti.com
OK, sorry, I feel we've gone off on a wild goose chase here. Of all the options that get added here, only two appear to be used at all and it's by the "old" Freescale SPL and not the current iteration of SPL. Those conversions should end up in board/freescale/Kconfig I think.
On 08/26/2016 04:27 PM, Tom Rini wrote:
On Thu, Aug 25, 2016 at 04:45:31PM -0500, Andrew F. Davis wrote:
Currently U-Boot proper has Kconfig options that enable the generation of U-Boot binaries that are capable of being booted from the selected boot media type. The same set of generation targets for SPL are assumed with various methods and config header hackery. On some platforms the options for SPL, such as load address, are dependent on boot type and cannot depend on boot image type selected for U-Boot proper. Add a Kconfig menu to select SPL boot image types, and populate it with the same media types as are already available for U-Boot proper.
NOTE: As only a couple TI devices use make correct use of these options we limit the menu to these devices for now. The only other users of these seem to be some PPC boards that incorrectly use these as both SPL and TPL build options.
Signed-off-by: Andrew F. Davis afd@ti.com
OK, sorry, I feel we've gone off on a wild goose chase here. Of all the options that get added here, only two appear to be used at all and it's by the "old" Freescale SPL and not the current iteration of SPL. Those conversions should end up in board/freescale/Kconfig I think.
These are used in patch 3 of this series, but I can drop that use by simply always building SPLs for all supported media types. Most of our platforms only need two image types anyway (QSPI and MLO for everything else).
We could do the same for the existing {media}_BOOT, they are rarely used correctly as described by the Kconfig help (formatting the U-Boot binary output image for a specific media type), often mistaken for {media}_SUPPORT options.
Masahiro would probably be happy to help remove these options altogether (taking this patch a step further: https://patchwork.ozlabs.org/patch/661706/).
Andrew
On Mon, Aug 29, 2016 at 01:30:01PM -0500, Andrew F. Davis wrote:
On 08/26/2016 04:27 PM, Tom Rini wrote:
On Thu, Aug 25, 2016 at 04:45:31PM -0500, Andrew F. Davis wrote:
Currently U-Boot proper has Kconfig options that enable the generation of U-Boot binaries that are capable of being booted from the selected boot media type. The same set of generation targets for SPL are assumed with various methods and config header hackery. On some platforms the options for SPL, such as load address, are dependent on boot type and cannot depend on boot image type selected for U-Boot proper. Add a Kconfig menu to select SPL boot image types, and populate it with the same media types as are already available for U-Boot proper.
NOTE: As only a couple TI devices use make correct use of these options we limit the menu to these devices for now. The only other users of these seem to be some PPC boards that incorrectly use these as both SPL and TPL build options.
Signed-off-by: Andrew F. Davis afd@ti.com
OK, sorry, I feel we've gone off on a wild goose chase here. Of all the options that get added here, only two appear to be used at all and it's by the "old" Freescale SPL and not the current iteration of SPL. Those conversions should end up in board/freescale/Kconfig I think.
These are used in patch 3 of this series, but I can drop that use by simply always building SPLs for all supported media types. Most of our platforms only need two image types anyway (QSPI and MLO for everything else).
Yes, this sounds best, thanks!
We could do the same for the existing {media}_BOOT, they are rarely used correctly as described by the Kconfig help (formatting the U-Boot binary output image for a specific media type), often mistaken for {media}_SUPPORT options.
Masahiro would probably be happy to help remove these options altogether (taking this patch a step further: https://patchwork.ozlabs.org/patch/661706/).
Yes, I think we're all in agreement here then, thanks.
The config option AM33XX is used in several boards and should be defined as a stand-alone option for this SOC. We break this out from target boards that use this SoC and common headers then enable AM33XX on in all the boards that used these targets to eliminate any functional change with this patch.
This is similar to what has already been done in 9de852642cae ("arm: Kconfig: Add support for AM43xx SoC specific Kconfig") and is done for the same reasons.
Signed-off-by: Andrew F. Davis afd@ti.com --- arch/arm/Kconfig | 98 ++++-------------------------- arch/arm/cpu/armv7/am33xx/Kconfig | 86 ++++++++++++++++++++++++++ configs/am335x_baltos_defconfig | 1 + configs/am335x_boneblack_defconfig | 1 + configs/am335x_boneblack_vboot_defconfig | 1 + configs/am335x_evm_defconfig | 1 + configs/am335x_evm_nor_defconfig | 1 + configs/am335x_evm_norboot_defconfig | 1 + configs/am335x_evm_spiboot_defconfig | 1 + configs/am335x_evm_usbspl_defconfig | 1 + configs/am335x_igep0033_defconfig | 1 + configs/am335x_shc_defconfig | 1 + configs/am335x_shc_ict_defconfig | 1 + configs/am335x_shc_netboot_defconfig | 1 + configs/am335x_shc_prompt_defconfig | 1 + configs/am335x_shc_sdboot_defconfig | 1 + configs/am335x_shc_sdboot_prompt_defconfig | 1 + configs/am335x_sl50_defconfig | 1 + configs/birdland_bav335a_defconfig | 1 + configs/birdland_bav335b_defconfig | 1 + configs/cm_t335_defconfig | 1 + configs/pcm051_rev1_defconfig | 1 + configs/pcm051_rev3_defconfig | 1 + configs/pengwyn_defconfig | 1 + configs/pepper_defconfig | 1 + include/configs/ti_am335x_common.h | 1 - 26 files changed, 120 insertions(+), 88 deletions(-)
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index aef901c..26d7707 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -315,38 +315,6 @@ config TARGET_BRPPT1 select CPU_V7 select SUPPORT_SPL
-config TARGET_CM_T335 - bool "Support cm_t335" - select CPU_V7 - select SUPPORT_SPL - select DM - select DM_SERIAL - select DM_GPIO - -config TARGET_PEPPER - bool "Support pepper" - select CPU_V7 - select SUPPORT_SPL - select DM - select DM_SERIAL - select DM_GPIO - -config TARGET_AM335X_IGEP0033 - bool "Support am335x_igep0033" - select CPU_V7 - select SUPPORT_SPL - select DM - select DM_SERIAL - select DM_GPIO - -config TARGET_PCM051 - bool "Support pcm051" - select CPU_V7 - select SUPPORT_SPL - select DM - select DM_SERIAL - select DM_GPIO - config TARGET_DRACO bool "Support draco" select CPU_V7 @@ -395,61 +363,6 @@ config TARGET_RUT select DM_SERIAL select DM_GPIO
-config TARGET_PENGWYN - bool "Support pengwyn" - select CPU_V7 - select SUPPORT_SPL - select DM - select DM_SERIAL - select DM_GPIO - -config TARGET_AM335X_BALTOS - bool "Support am335x_baltos" - select CPU_V7 - select SUPPORT_SPL - select DM - select DM_SERIAL - select DM_GPIO - -config TARGET_AM335X_EVM - bool "Support am335x_evm" - select CPU_V7 - select SUPPORT_SPL - select DM - select DM_SERIAL - select DM_GPIO - select TI_I2C_BOARD_DETECT - -config TARGET_AM335X_SHC - bool "Support am335x based shc board from bosch" - select CPU_V7 - select SUPPORT_SPL - select DM - select DM_SERIAL - select DM_GPIO - -config TARGET_AM335X_SL50 - bool "Support am335x_sl50" - select CPU_V7 - select SUPPORT_SPL - select DM - select DM_SERIAL - -config TARGET_BAV335X - bool "Support bav335x" - select CPU_V7 - select SUPPORT_SPL - select DM - select DM_SERIAL - help - The BAV335x OEM Network Processor integrates all the functions of an - embedded network computer in a small, easy to use SODIMM module which - incorporates the popular Texas Instruments Sitara 32bit ARM Coretex-A8 - processor, with fast DDR3 512MB SDRAM, 4GB of embedded MMC and a Gigabit - ethernet with simple connection to external connectors. - - For more information, visit: http://birdland.com/oem - config TARGET_TI814X_EVM bool "Support ti814x_evm" select CPU_V7 @@ -579,6 +492,17 @@ config AM43XX protocols, dual camera support, optional 3D graphics and an optional customer programmable secure boot.
+config AM33XX + bool "AM33XX SoC" + select CPU_V7 + select SUPPORT_SPL + help + Support for AM335x SOC from Texas Instruments. + The AM335x high performance SOC features a Cortex-A8 + ARM core, a dual core PRU-ICSS for industrial Ethernet + protocols, optional 3D graphics and an optional customer + programmable secure boot. + config ARCH_RMOBILE bool "Renesas ARM SoCs" select DM diff --git a/arch/arm/cpu/armv7/am33xx/Kconfig b/arch/arm/cpu/armv7/am33xx/Kconfig index dc51e9b..e57e6fb 100644 --- a/arch/arm/cpu/armv7/am33xx/Kconfig +++ b/arch/arm/cpu/armv7/am33xx/Kconfig @@ -1,3 +1,87 @@ +if AM33XX + +choice + prompt "AM33xx board select" + optional + +config TARGET_AM335X_EVM + bool "Support am335x_evm" + select DM + select DM_SERIAL + select DM_GPIO + select TI_I2C_BOARD_DETECT + help + This option specifies support for the AM335x + GP and HS EVM development platforms. The AM335x + GP EVM is a standalone test, development, and + evaluation module system that enables developers + to write software and develop hardware around + an AM335x processor subsystem. + +config TARGET_AM335X_BALTOS + bool "Support am335x_baltos" + select DM + select DM_SERIAL + select DM_GPIO + +config TARGET_AM335X_IGEP0033 + bool "Support am335x_igep0033" + select DM + select DM_SERIAL + select DM_GPIO + +config TARGET_AM335X_SHC + bool "Support am335x based shc board from bosch" + select DM + select DM_SERIAL + select DM_GPIO + +config TARGET_AM335X_SL50 + bool "Support am335x_sl50" + select DM + select DM_SERIAL + +config TARGET_BAV335X + bool "Support bav335x" + select DM + select DM_SERIAL + help + The BAV335x OEM Network Processor integrates all the functions of an + embedded network computer in a small, easy to use SODIMM module which + incorporates the popular Texas Instruments Sitara 32bit ARM Coretex-A8 + processor, with fast DDR3 512MB SDRAM, 4GB of embedded MMC and a Gigabit + ethernet with simple connection to external connectors. + + For more information, visit: http://birdland.com/oem + +config TARGET_CM_T335 + bool "Support cm_t335" + select DM + select DM_SERIAL + select DM_GPIO + +config TARGET_PCM051 + bool "Support pcm051" + select DM + select DM_SERIAL + select DM_GPIO + +config TARGET_PENGWYN + bool "Support pengwyn" + select DM + select DM_SERIAL + select DM_GPIO + +config TARGET_PEPPER + bool "Support pepper" + select DM + select DM_SERIAL + select DM_GPIO + +endchoice + +endif + if AM43XX config TARGET_AM43XX_EVM bool "Support am43xx_evm" @@ -9,7 +93,9 @@ config TARGET_AM43XX_EVM evaluation module system that enables developers to write software and develop hardware around an AM43xx processor subsystem. +endif
+if AM43XX || AM33XX config ISW_ENTRY_ADDR hex "Address in memory or XIP flash of bootloader entry point" help diff --git a/configs/am335x_baltos_defconfig b/configs/am335x_baltos_defconfig index 78f55cc..b6cfd07 100644 --- a/configs/am335x_baltos_defconfig +++ b/configs/am335x_baltos_defconfig @@ -1,4 +1,5 @@ CONFIG_ARM=y +CONFIG_AM33XX=y CONFIG_TARGET_AM335X_BALTOS=y CONFIG_SPL_STACK_R_ADDR=0x82000000 CONFIG_SPL=y diff --git a/configs/am335x_boneblack_defconfig b/configs/am335x_boneblack_defconfig index d310e0b..5fabff6 100644 --- a/configs/am335x_boneblack_defconfig +++ b/configs/am335x_boneblack_defconfig @@ -1,4 +1,5 @@ CONFIG_ARM=y +CONFIG_AM33XX=y CONFIG_TARGET_AM335X_EVM=y CONFIG_SPL_STACK_R_ADDR=0x82000000 CONFIG_SPL=y diff --git a/configs/am335x_boneblack_vboot_defconfig b/configs/am335x_boneblack_vboot_defconfig index c2f09cb..b47b51f 100644 --- a/configs/am335x_boneblack_vboot_defconfig +++ b/configs/am335x_boneblack_vboot_defconfig @@ -1,4 +1,5 @@ CONFIG_ARM=y +CONFIG_AM33XX=y CONFIG_TARGET_AM335X_EVM=y CONFIG_SPL_STACK_R_ADDR=0x82000000 CONFIG_DEFAULT_DEVICE_TREE="am335x-boneblack" diff --git a/configs/am335x_evm_defconfig b/configs/am335x_evm_defconfig index 6885230..b344bb7 100644 --- a/configs/am335x_evm_defconfig +++ b/configs/am335x_evm_defconfig @@ -1,4 +1,5 @@ CONFIG_ARM=y +CONFIG_AM33XX=y CONFIG_TARGET_AM335X_EVM=y CONFIG_SPL_STACK_R_ADDR=0x82000000 CONFIG_DEFAULT_DEVICE_TREE="am335x-evm" diff --git a/configs/am335x_evm_nor_defconfig b/configs/am335x_evm_nor_defconfig index 76a004e..e434dec 100644 --- a/configs/am335x_evm_nor_defconfig +++ b/configs/am335x_evm_nor_defconfig @@ -1,4 +1,5 @@ CONFIG_ARM=y +CONFIG_AM33XX=y CONFIG_TARGET_AM335X_EVM=y CONFIG_SPL_STACK_R_ADDR=0x82000000 CONFIG_NOR=y diff --git a/configs/am335x_evm_norboot_defconfig b/configs/am335x_evm_norboot_defconfig index 99fc555..063eea7 100644 --- a/configs/am335x_evm_norboot_defconfig +++ b/configs/am335x_evm_norboot_defconfig @@ -1,4 +1,5 @@ CONFIG_ARM=y +CONFIG_AM33XX=y CONFIG_TARGET_AM335X_EVM=y CONFIG_NOR=y CONFIG_NOR_BOOT=y diff --git a/configs/am335x_evm_spiboot_defconfig b/configs/am335x_evm_spiboot_defconfig index 2fe1a25..89f472d 100644 --- a/configs/am335x_evm_spiboot_defconfig +++ b/configs/am335x_evm_spiboot_defconfig @@ -1,4 +1,5 @@ CONFIG_ARM=y +CONFIG_AM33XX=y CONFIG_TARGET_AM335X_EVM=y CONFIG_SPL_STACK_R_ADDR=0x82000000 CONFIG_SPL=y diff --git a/configs/am335x_evm_usbspl_defconfig b/configs/am335x_evm_usbspl_defconfig index cba5e84..b689181 100644 --- a/configs/am335x_evm_usbspl_defconfig +++ b/configs/am335x_evm_usbspl_defconfig @@ -1,4 +1,5 @@ CONFIG_ARM=y +CONFIG_AM33XX=y CONFIG_TARGET_AM335X_EVM=y CONFIG_SPL_STACK_R_ADDR=0x82000000 CONFIG_SPL=y diff --git a/configs/am335x_igep0033_defconfig b/configs/am335x_igep0033_defconfig index d6022a3..33e0637 100644 --- a/configs/am335x_igep0033_defconfig +++ b/configs/am335x_igep0033_defconfig @@ -1,4 +1,5 @@ CONFIG_ARM=y +CONFIG_AM33XX=y CONFIG_TARGET_AM335X_IGEP0033=y CONFIG_SPL_STACK_R_ADDR=0x82000000 CONFIG_SPL=y diff --git a/configs/am335x_shc_defconfig b/configs/am335x_shc_defconfig index c83311f..04d1c91 100644 --- a/configs/am335x_shc_defconfig +++ b/configs/am335x_shc_defconfig @@ -1,4 +1,5 @@ CONFIG_ARM=y +CONFIG_AM33XX=y CONFIG_TARGET_AM335X_SHC=y CONFIG_SERIES=y CONFIG_SPL_STACK_R_ADDR=0x82000000 diff --git a/configs/am335x_shc_ict_defconfig b/configs/am335x_shc_ict_defconfig index bfb56b2..999dc60 100644 --- a/configs/am335x_shc_ict_defconfig +++ b/configs/am335x_shc_ict_defconfig @@ -1,4 +1,5 @@ CONFIG_ARM=y +CONFIG_AM33XX=y CONFIG_TARGET_AM335X_SHC=y CONFIG_SHC_ICT=y CONFIG_SERIES=y diff --git a/configs/am335x_shc_netboot_defconfig b/configs/am335x_shc_netboot_defconfig index d16c5f0..a6eaf6b 100644 --- a/configs/am335x_shc_netboot_defconfig +++ b/configs/am335x_shc_netboot_defconfig @@ -1,4 +1,5 @@ CONFIG_ARM=y +CONFIG_AM33XX=y CONFIG_TARGET_AM335X_SHC=y CONFIG_SHC_NETBOOT=y CONFIG_SERIES=y diff --git a/configs/am335x_shc_prompt_defconfig b/configs/am335x_shc_prompt_defconfig index b9bc355..e174ba9 100644 --- a/configs/am335x_shc_prompt_defconfig +++ b/configs/am335x_shc_prompt_defconfig @@ -1,4 +1,5 @@ CONFIG_ARM=y +CONFIG_AM33XX=y CONFIG_TARGET_AM335X_SHC=y CONFIG_SERIES=y CONFIG_SPL_STACK_R_ADDR=0x82000000 diff --git a/configs/am335x_shc_sdboot_defconfig b/configs/am335x_shc_sdboot_defconfig index b0e8eff..7b3974c 100644 --- a/configs/am335x_shc_sdboot_defconfig +++ b/configs/am335x_shc_sdboot_defconfig @@ -1,4 +1,5 @@ CONFIG_ARM=y +CONFIG_AM33XX=y CONFIG_TARGET_AM335X_SHC=y CONFIG_SHC_SDBOOT=y CONFIG_SERIES=y diff --git a/configs/am335x_shc_sdboot_prompt_defconfig b/configs/am335x_shc_sdboot_prompt_defconfig index b0e8eff..7b3974c 100644 --- a/configs/am335x_shc_sdboot_prompt_defconfig +++ b/configs/am335x_shc_sdboot_prompt_defconfig @@ -1,4 +1,5 @@ CONFIG_ARM=y +CONFIG_AM33XX=y CONFIG_TARGET_AM335X_SHC=y CONFIG_SHC_SDBOOT=y CONFIG_SERIES=y diff --git a/configs/am335x_sl50_defconfig b/configs/am335x_sl50_defconfig index 01c1eeb..87ea29e 100644 --- a/configs/am335x_sl50_defconfig +++ b/configs/am335x_sl50_defconfig @@ -1,4 +1,5 @@ CONFIG_ARM=y +CONFIG_AM33XX=y CONFIG_TARGET_AM335X_SL50=y CONFIG_SPL_STACK_R_ADDR=0x82000000 CONFIG_SPL=y diff --git a/configs/birdland_bav335a_defconfig b/configs/birdland_bav335a_defconfig index bb5db5c..046260d 100644 --- a/configs/birdland_bav335a_defconfig +++ b/configs/birdland_bav335a_defconfig @@ -1,4 +1,5 @@ CONFIG_ARM=y +CONFIG_AM33XX=y CONFIG_TARGET_BAV335X=y CONFIG_BAV_VERSION=1 CONFIG_SPL=y diff --git a/configs/birdland_bav335b_defconfig b/configs/birdland_bav335b_defconfig index 39cc222..38a27ad 100644 --- a/configs/birdland_bav335b_defconfig +++ b/configs/birdland_bav335b_defconfig @@ -1,4 +1,5 @@ CONFIG_ARM=y +CONFIG_AM33XX=y CONFIG_TARGET_BAV335X=y CONFIG_BAV_VERSION=2 CONFIG_SPL=y diff --git a/configs/cm_t335_defconfig b/configs/cm_t335_defconfig index 1b29331..c89a723 100644 --- a/configs/cm_t335_defconfig +++ b/configs/cm_t335_defconfig @@ -1,4 +1,5 @@ CONFIG_ARM=y +CONFIG_AM33XX=y CONFIG_TARGET_CM_T335=y CONFIG_SPL=y CONFIG_HUSH_PARSER=y diff --git a/configs/pcm051_rev1_defconfig b/configs/pcm051_rev1_defconfig index 27f681f..41cb1cd 100644 --- a/configs/pcm051_rev1_defconfig +++ b/configs/pcm051_rev1_defconfig @@ -1,4 +1,5 @@ CONFIG_ARM=y +CONFIG_AM33XX=y CONFIG_TARGET_PCM051=y CONFIG_SPL=y CONFIG_SYS_EXTRA_OPTIONS="REV1" diff --git a/configs/pcm051_rev3_defconfig b/configs/pcm051_rev3_defconfig index b277b3a..3d1abd8 100644 --- a/configs/pcm051_rev3_defconfig +++ b/configs/pcm051_rev3_defconfig @@ -1,4 +1,5 @@ CONFIG_ARM=y +CONFIG_AM33XX=y CONFIG_TARGET_PCM051=y CONFIG_SPL=y CONFIG_SYS_EXTRA_OPTIONS="REV3" diff --git a/configs/pengwyn_defconfig b/configs/pengwyn_defconfig index 3eba3ce..2ddb858 100644 --- a/configs/pengwyn_defconfig +++ b/configs/pengwyn_defconfig @@ -1,4 +1,5 @@ CONFIG_ARM=y +CONFIG_AM33XX=y CONFIG_TARGET_PENGWYN=y CONFIG_SPL=y CONFIG_HUSH_PARSER=y diff --git a/configs/pepper_defconfig b/configs/pepper_defconfig index 4a46f24..4114cdc 100644 --- a/configs/pepper_defconfig +++ b/configs/pepper_defconfig @@ -1,4 +1,5 @@ CONFIG_ARM=y +CONFIG_AM33XX=y CONFIG_TARGET_PEPPER=y CONFIG_SPL=y CONFIG_HUSH_PARSER=y diff --git a/include/configs/ti_am335x_common.h b/include/configs/ti_am335x_common.h index bcd56fc..a0a60d4 100644 --- a/include/configs/ti_am335x_common.h +++ b/include/configs/ti_am335x_common.h @@ -12,7 +12,6 @@ #ifndef __CONFIG_TI_AM335X_COMMON_H__ #define __CONFIG_TI_AM335X_COMMON_H__
-#define CONFIG_AM33XX #define CONFIG_ARCH_CPU_INIT #define CONFIG_SYS_CACHELINE_SIZE 64 #define CONFIG_MAX_RAM_BANK_SIZE (1024 << 20) /* 1GB */
On Thu, Aug 25, 2016 at 04:45:32PM -0500, Andrew F. Davis wrote:
The config option AM33XX is used in several boards and should be defined as a stand-alone option for this SOC. We break this out from target boards that use this SoC and common headers then enable AM33XX on in all the boards that used these targets to eliminate any functional change with this patch.
This is similar to what has already been done in 9de852642cae ("arm: Kconfig: Add support for AM43xx SoC specific Kconfig") and is done for the same reasons.
Signed-off-by: Andrew F. Davis afd@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
Depending on the boot media, different images are needed for secure devices. The build generates u-boot*_HS_* files as appropriate for the different boot modes.
For AM33xx devices additional image types are needed for various SPL boot modes as the ROM checks for the name of the boot mode in the file it loads.
Signed-off-by: Andrew F. Davis afd@ti.com --- arch/arm/cpu/armv7/am33xx/config.mk | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-)
diff --git a/arch/arm/cpu/armv7/am33xx/config.mk b/arch/arm/cpu/armv7/am33xx/config.mk index d4eb21c..8e655d7 100644 --- a/arch/arm/cpu/armv7/am33xx/config.mk +++ b/arch/arm/cpu/armv7/am33xx/config.mk @@ -12,13 +12,36 @@ ifeq ($(CONFIG_TI_SECURE_DEVICE),y) # For booting from SPI use # u-boot-spl_HS_SPI_X-LOADER to program flash # -# For booting spl from all other media -# use u-boot-spl_HS_ISSW +# On AM43XX: +# +# For booting spl from all other media use +# u-boot-spl_HS_ISSW +# +# On AM33XX: +# +# For booting spl from NOR flash or QSPI use +# u-boot-spl_HS_XIP_X-LOADER +# +# For booting spl from NAND flash use +# u-boot-spl_HS_X-LOADER +# +# For booting spl from SD/MMC/eMMC media use +# u-boot-spl_HS_MLO +# +# For booting spl over UART, USB, or Ethernet use +# u-boot-spl_HS_2ND # # Refer to README.ti-secure for more info # ALL-y += u-boot-spl_HS_ISSW ALL-$(CONFIG_SPL_SPI_SUPPORT) += u-boot-spl_HS_SPI_X-LOADER +ALL-$(CONFIG_SPL_QSPI_BOOT) += u-boot-spl_HS_XIP_X-LOADER +ALL-$(CONFIG_SPL_NOR_BOOT) += u-boot-spl_HS_XIP_X-LOADER +ALL-$(CONFIG_SPL_NAND_BOOT) += u-boot-spl_HS_X-LOADER +ALL-$(CONFIG_SPL_SD_BOOT) += u-boot-spl_HS_MLO +ALL-$(CONFIG_SPL_UART_BOOT) += u-boot-spl_HS_2ND +ALL-$(CONFIG_SPL_USB_BOOT) += u-boot-spl_HS_2ND +ALL-$(CONFIG_SPL_NET_BOOT) += u-boot-spl_HS_2ND else ALL-y += MLO ALL-$(CONFIG_SPL_SPI_SUPPORT) += MLO.byteswap
On Thu, Aug 25, 2016 at 04:45:33PM -0500, Andrew F. Davis wrote:
Depending on the boot media, different images are needed for secure devices. The build generates u-boot*_HS_* files as appropriate for the different boot modes.
For AM33xx devices additional image types are needed for various SPL boot modes as the ROM checks for the name of the boot mode in the file it loads.
Signed-off-by: Andrew F. Davis afd@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
Add a section describing the additional boot types used on AM33xx secure devices.
Signed-off-by: Andrew F. Davis afd@ti.com --- doc/README.ti-secure | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+)
diff --git a/doc/README.ti-secure b/doc/README.ti-secure index 54c996d..9b0fbf9 100644 --- a/doc/README.ti-secure +++ b/doc/README.ti-secure @@ -43,6 +43,38 @@ Booting of U-Boot SPL The script is basically the only required interface to the TI SECDEV package for creating a bootable SPL image for secure TI devices.
+ Invoking the script for AM33xx Secure Devices + ============================================= + + create-boot-image.sh \ + <IMAGE_FLAG> <INPUT_FILE> <OUTPUT_FILE> <SPL_LOAD_ADDR> + + <IMAGE_FLAG> is a value that specifies the type of the image to + generate OR the action the image generation tool will take. Valid + values are: + SPI_X-LOADER - Generates an image for SPI flash (byte swapped) + X-LOADER - Generates an image for non-XIP flash + MLO - Generates an image for SD/MMC/eMMC media + 2ND - Generates an image for USB, UART and Ethernet + XIP_X-LOADER - Generates a single stage u-boot for NOR/QSPI XiP + + <INPUT_FILE> is the full path and filename of the public world boot + loaderbinary file (depending on the boot media, this is usually + either u-boot-spl.bin or u-boot.bin). + + <OUTPUT_FILE> is the full path and filename of the final secure + image. The output binary images should be used in place of the standard + non-secure binary images (see the platform-specific user's guides and + releases notes for how the non-secure images are typically used) + u-boot-spl_HS_SPI_X-LOADER - byte swapped boot image for SPI flash + u-boot-spl_HS_X-LOADER - boot image for NAND or SD/MMC/eMMC rawmode + u-boot-spl_HS_MLO - boot image for SD/MMC/eMMC media + u-boot-spl_HS_2ND - boot image for USB, UART and Ethernet + u-boot_HS_XIP_X-LOADER - boot image for NOR or QSPI Xip flash + + <SPL_LOAD_ADDR> is the address at which SOC ROM should load the + <INPUT_FILE> + Invoking the script for AM43xx Secure Devices =============================================
On Thu, Aug 25, 2016 at 04:45:34PM -0500, Andrew F. Davis wrote:
Add a section describing the additional boot types used on AM33xx secure devices.
Signed-off-by: Andrew F. Davis afd@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
Before the addition of SPL boot media type Kconfig options there was no way to determine what boot media the SPL would be booted from, so it was assumed that if the SPL could load U-Boot proper via SPI then the SPL itself would probably also be loaded from SPI.
Use the new SPL_SPI_BOOT option to enable the generation an SPL image capable of being booted from SPI, and not have this depend on the SPL's media loading capabilities.
Signed-off-by: Andrew F. Davis afd@ti.com --- arch/arm/cpu/armv7/am33xx/config.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/cpu/armv7/am33xx/config.mk b/arch/arm/cpu/armv7/am33xx/config.mk index 8e655d7..2f53df8 100644 --- a/arch/arm/cpu/armv7/am33xx/config.mk +++ b/arch/arm/cpu/armv7/am33xx/config.mk @@ -34,7 +34,7 @@ ifeq ($(CONFIG_TI_SECURE_DEVICE),y) # Refer to README.ti-secure for more info # ALL-y += u-boot-spl_HS_ISSW -ALL-$(CONFIG_SPL_SPI_SUPPORT) += u-boot-spl_HS_SPI_X-LOADER +ALL-$(CONFIG_SPL_SPI_BOOT) += u-boot-spl_HS_SPI_X-LOADER ALL-$(CONFIG_SPL_QSPI_BOOT) += u-boot-spl_HS_XIP_X-LOADER ALL-$(CONFIG_SPL_NOR_BOOT) += u-boot-spl_HS_XIP_X-LOADER ALL-$(CONFIG_SPL_NAND_BOOT) += u-boot-spl_HS_X-LOADER
On Friday 26 August 2016 03:15 AM, Andrew F. Davis wrote:
Before the addition of SPL boot media type Kconfig options there was no way to determine what boot media the SPL would be booted from, so it was assumed that if the SPL could load U-Boot proper via SPI then the SPL itself would probably also be loaded from SPI.
Use the new SPL_SPI_BOOT option to enable the generation an SPL image capable of being booted from SPI, and not have this depend on the SPL's media loading capabilities.
Signed-off-by: Andrew F. Davis afd@ti.com
arch/arm/cpu/armv7/am33xx/config.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/cpu/armv7/am33xx/config.mk b/arch/arm/cpu/armv7/am33xx/config.mk index 8e655d7..2f53df8 100644 --- a/arch/arm/cpu/armv7/am33xx/config.mk +++ b/arch/arm/cpu/armv7/am33xx/config.mk @@ -34,7 +34,7 @@ ifeq ($(CONFIG_TI_SECURE_DEVICE),y) # Refer to README.ti-secure for more info # ALL-y += u-boot-spl_HS_ISSW -ALL-$(CONFIG_SPL_SPI_SUPPORT) += u-boot-spl_HS_SPI_X-LOADER +ALL-$(CONFIG_SPL_SPI_BOOT) += u-boot-spl_HS_SPI_X-LOADER
With this change CONFIG_SPL_SPI_BOOT needs to be enabled for am43xx_hs_evm_defconfig or else SPI boot will break on AM43xx HS.
Thanks and regards, Lokesh
ALL-$(CONFIG_SPL_QSPI_BOOT) += u-boot-spl_HS_XIP_X-LOADER ALL-$(CONFIG_SPL_NOR_BOOT) += u-boot-spl_HS_XIP_X-LOADER ALL-$(CONFIG_SPL_NAND_BOOT) += u-boot-spl_HS_X-LOADER
When CONFIG_FIT_IMAGE_POST_PROCESS or CONFIG_SPL_FIT_IMAGE_POST_PROCESS is enabled board_fit_image_post_process will be called, add this function to am33xx boards when CONFIG_TI_SECURE_DEVICE is set to verify the loaded image.
Signed-off-by: Andrew F. Davis afd@ti.com --- board/ti/am335x/board.c | 8 ++++++++ 1 file changed, 8 insertions(+)
diff --git a/board/ti/am335x/board.c b/board/ti/am335x/board.c index 56f4984..0ed16ca 100644 --- a/board/ti/am335x/board.c +++ b/board/ti/am335x/board.c @@ -25,6 +25,7 @@ #include <asm/io.h> #include <asm/emif.h> #include <asm/gpio.h> +#include <asm/omap_sec_common.h> #include <i2c.h> #include <miiphy.h> #include <cpsw.h> @@ -775,3 +776,10 @@ int board_fit_config_name_match(const char *name) return -1; } #endif + +#ifdef CONFIG_TI_SECURE_DEVICE +void board_fit_image_post_process(void **p_image, size_t *p_size) +{ + secure_boot_verify_image(p_image, p_size); +} +#endif
On Thu, Aug 25, 2016 at 04:45:36PM -0500, Andrew F. Davis wrote:
When CONFIG_FIT_IMAGE_POST_PROCESS or CONFIG_SPL_FIT_IMAGE_POST_PROCESS is enabled board_fit_image_post_process will be called, add this function to am33xx boards when CONFIG_TI_SECURE_DEVICE is set to verify the loaded image.
Signed-off-by: Andrew F. Davis afd@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
Like OMAP54xx and AM43xx family SoCs, AM33xx based SoCs have high security enabled models. Allow AM33xx devices to be built with HS Device Type Support.
Signed-off-by: Andrew F. Davis afd@ti.com --- arch/arm/cpu/armv7/omap-common/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/cpu/armv7/omap-common/Kconfig b/arch/arm/cpu/armv7/omap-common/Kconfig index 7b39506..4daccd9 100644 --- a/arch/arm/cpu/armv7/omap-common/Kconfig +++ b/arch/arm/cpu/armv7/omap-common/Kconfig @@ -1,6 +1,6 @@ config TI_SECURE_DEVICE bool "HS Device Type Support" - depends on OMAP54XX || AM43XX + depends on OMAP54XX || AM43XX || AM33XX help If a high secure (HS) device type is being used, this config must be set. This option impacts various aspects of the
On Thu, Aug 25, 2016 at 04:45:37PM -0500, Andrew F. Davis wrote:
Like OMAP54xx and AM43xx family SoCs, AM33xx based SoCs have high security enabled models. Allow AM33xx devices to be built with HS Device Type Support.
Signed-off-by: Andrew F. Davis afd@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
The SPL load address changes based on boot time in HS devices, ISW_ENTRY_ADDR is used to set this address for AM43xx based SoCs for similar reasons. Add this same logic for AM33xx devices.
Signed-off-by: Andrew F. Davis afd@ti.com --- include/configs/ti_am335x_common.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/configs/ti_am335x_common.h b/include/configs/ti_am335x_common.h index a0a60d4..52f4ed6 100644 --- a/include/configs/ti_am335x_common.h +++ b/include/configs/ti_am335x_common.h @@ -57,7 +57,7 @@ * supports X-MODEM loading via UART, and we leverage this and then use * Y-MODEM to load u-boot.img, when booted over UART. */ -#define CONFIG_SPL_TEXT_BASE 0x402F0400 +#define CONFIG_SPL_TEXT_BASE CONFIG_ISW_ENTRY_ADDR #define CONFIG_SPL_MAX_SIZE (0x4030B800 - CONFIG_SPL_TEXT_BASE) #define CONFIG_SYS_SPL_ARGS_ADDR (CONFIG_SYS_SDRAM_BASE + \ (128 << 20))
On Friday 26 August 2016 03:15 AM, Andrew F. Davis wrote:
The SPL load address changes based on boot time in HS devices, ISW_ENTRY_ADDR is used to set this address for AM43xx based SoCs for similar reasons. Add this same logic for AM33xx devices.
Signed-off-by: Andrew F. Davis afd@ti.com
include/configs/ti_am335x_common.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/configs/ti_am335x_common.h b/include/configs/ti_am335x_common.h index a0a60d4..52f4ed6 100644 --- a/include/configs/ti_am335x_common.h +++ b/include/configs/ti_am335x_common.h @@ -57,7 +57,7 @@
- supports X-MODEM loading via UART, and we leverage this and then use
- Y-MODEM to load u-boot.img, when booted over UART.
*/ -#define CONFIG_SPL_TEXT_BASE 0x402F0400 +#define CONFIG_SPL_TEXT_BASE CONFIG_ISW_ENTRY_ADDR
Please include the below change as well or else am33xx gp boot might break as fefault address is different.
diff --git a/arch/arm/cpu/armv7/am33xx/Kconfig b/arch/arm/cpu/armv7/am33xx/Kconfig index dc51e9b..3a48664 100644 --- a/arch/arm/cpu/armv7/am33xx/Kconfig +++ b/arch/arm/cpu/armv7/am33xx/Kconfig @@ -22,7 +22,8 @@ config ISW_ENTRY_ADDR point address depending on the device type (secure/non-secure), boot media (xip/non-xip) and image headers. - default 0x402F4000 + default 0x402F4000 if AM43XX + default 0x402F0400 if AM33XX
config PUB_ROM_DATA_SIZE hex "Size in bytes of the L3 SRAM reserved by ROM to store data"
Thanks and regards, Lokesh
#define CONFIG_SPL_MAX_SIZE (0x4030B800 - CONFIG_SPL_TEXT_BASE) #define CONFIG_SYS_SPL_ARGS_ADDR (CONFIG_SYS_SDRAM_BASE + \ (128 << 20))
On 08/26/2016 12:01 AM, Lokesh Vutla wrote:
On Friday 26 August 2016 03:15 AM, Andrew F. Davis wrote:
The SPL load address changes based on boot time in HS devices, ISW_ENTRY_ADDR is used to set this address for AM43xx based SoCs for similar reasons. Add this same logic for AM33xx devices.
Signed-off-by: Andrew F. Davis afd@ti.com
include/configs/ti_am335x_common.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/configs/ti_am335x_common.h b/include/configs/ti_am335x_common.h index a0a60d4..52f4ed6 100644 --- a/include/configs/ti_am335x_common.h +++ b/include/configs/ti_am335x_common.h @@ -57,7 +57,7 @@
- supports X-MODEM loading via UART, and we leverage this and then use
- Y-MODEM to load u-boot.img, when booted over UART.
*/ -#define CONFIG_SPL_TEXT_BASE 0x402F0400 +#define CONFIG_SPL_TEXT_BASE CONFIG_ISW_ENTRY_ADDR
Please include the below change as well or else am33xx gp boot might break as fefault address is different.
diff --git a/arch/arm/cpu/armv7/am33xx/Kconfig b/arch/arm/cpu/armv7/am33xx/Kconfig index dc51e9b..3a48664 100644 --- a/arch/arm/cpu/armv7/am33xx/Kconfig +++ b/arch/arm/cpu/armv7/am33xx/Kconfig @@ -22,7 +22,8 @@ config ISW_ENTRY_ADDR point address depending on the device type (secure/non-secure), boot media (xip/non-xip) and image headers.
- default 0x402F4000
- default 0x402F4000 if AM43XX
- default 0x402F0400 if AM33XX
Good eye, for some reason I mistook them for the same value, will fix.
config PUB_ROM_DATA_SIZE hex "Size in bytes of the L3 SRAM reserved by ROM to store data"
Thanks and regards, Lokesh
#define CONFIG_SPL_MAX_SIZE (0x4030B800 - CONFIG_SPL_TEXT_BASE) #define CONFIG_SYS_SPL_ARGS_ADDR (CONFIG_SYS_SDRAM_BASE + \ (128 << 20))
This config option seems to be unused and is probably vestigial. Remove it.
Signed-off-by: Andrew F. Davis afd@ti.com --- include/configs/am335x_evm.h | 2 -- include/configs/am335x_shc.h | 2 -- include/configs/am335x_sl50.h | 2 -- include/configs/bav335x.h | 2 -- 4 files changed, 8 deletions(-)
diff --git a/include/configs/am335x_evm.h b/include/configs/am335x_evm.h index ba4c215..23ee75c 100644 --- a/include/configs/am335x_evm.h +++ b/include/configs/am335x_evm.h @@ -301,8 +301,6 @@ #define CONFIG_FASTBOOT_BUF_ADDR CONFIG_SYS_LOAD_ADDR #define CONFIG_FASTBOOT_BUF_SIZE 0x07000000
-/* To support eMMC booting */ -#define CONFIG_STORAGE_EMMC #define CONFIG_FASTBOOT_FLASH_MMC_DEV 1 #endif
diff --git a/include/configs/am335x_shc.h b/include/configs/am335x_shc.h index f2484cb..8708c91 100644 --- a/include/configs/am335x_shc.h +++ b/include/configs/am335x_shc.h @@ -287,8 +287,6 @@ #define CONFIG_SPL_LDSCRIPT "$(CPUDIR)/am33xx/u-boot-spl.lds"
#ifndef CONFIG_SPL_USBETH_SUPPORT -/* To support eMMC booting */ -#define CONFIG_STORAGE_EMMC #define CONFIG_FASTBOOT_FLASH_MMC_DEV 1 #endif
diff --git a/include/configs/am335x_sl50.h b/include/configs/am335x_sl50.h index 8454872..06ce4e9 100644 --- a/include/configs/am335x_sl50.h +++ b/include/configs/am335x_sl50.h @@ -91,8 +91,6 @@ #define CONFIG_SPL_LDSCRIPT "$(CPUDIR)/am33xx/u-boot-spl.lds"
#ifndef CONFIG_SPL_USBETH_SUPPORT -/* To support eMMC booting */ -#define CONFIG_STORAGE_EMMC #define CONFIG_FASTBOOT_FLASH_MMC_DEV 1 #endif
diff --git a/include/configs/bav335x.h b/include/configs/bav335x.h index e391c91..05fc6d9 100644 --- a/include/configs/bav335x.h +++ b/include/configs/bav335x.h @@ -451,8 +451,6 @@ DEFAULT_LINUX_BOOT_ENV \ #define CONFIG_FASTBOOT_BUF_ADDR CONFIG_SYS_LOAD_ADDR #define CONFIG_FASTBOOT_BUF_SIZE 0x07000000
-/* To support eMMC booting */ -#define CONFIG_STORAGE_EMMC #define CONFIG_FASTBOOT_FLASH_MMC_DEV 1 #endif
On Thu, Aug 25, 2016 at 04:45:39PM -0500, Andrew F. Davis wrote:
This config option seems to be unused and is probably vestigial. Remove it.
Signed-off-by: Andrew F. Davis afd@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
Authentication of images in Falcon Mode is not supported. Do not enable SPL_OS_BOOT when TI_SECURE_DEVICE is enabled. This prevents attempting to directly load kernel images which will fail, for security reasons, on HS devices, the board is locked if a non-authenticatable image load is attempted, so we disable attempting Falcon Mode.
Signed-off-by: Andrew F. Davis afd@ti.com --- include/configs/ti_armv7_common.h | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/include/configs/ti_armv7_common.h b/include/configs/ti_armv7_common.h index 9f947ee..949b6d1 100644 --- a/include/configs/ti_armv7_common.h +++ b/include/configs/ti_armv7_common.h @@ -198,16 +198,21 @@
/* * Our platforms make use of SPL to initalize the hardware (primarily - * memory) enough for full U-Boot to be loaded. We also support Falcon - * Mode so that the Linux kernel can be booted directly from SPL - * instead, if desired. We make use of the general SPL framework found - * under common/spl/. Given our generally common memory map, we set a - * number of related defaults and sizes here. + * memory) enough for full U-Boot to be loaded. We make use of the general + * SPL framework found under common/spl/. Given our generally common memory + * map, we set a number of related defaults and sizes here. */ #if !defined(CONFIG_NOR_BOOT) && \ !(defined(CONFIG_QSPI_BOOT) && defined(CONFIG_AM43XX)) #define CONFIG_SPL_FRAMEWORK + +/* + * We also support Falcon Mode so that the Linux kernel can be booted + * directly from SPL. This is not currently available on HS devices. + */ +#if !defined(CONFIG_TI_SECURE_DEVICE) #define CONFIG_SPL_OS_BOOT +#endif
/* * Place the image at the start of the ROM defined image space (per
On Thu, Aug 25, 2016 at 04:45:40PM -0500, Andrew F. Davis wrote:
Authentication of images in Falcon Mode is not supported. Do not enable SPL_OS_BOOT when TI_SECURE_DEVICE is enabled. This prevents attempting to directly load kernel images which will fail, for security reasons, on HS devices, the board is locked if a non-authenticatable image load is attempted, so we disable attempting Falcon Mode.
Signed-off-by: Andrew F. Davis afd@ti.com
Reviewed-by: Tom Rini trini@konsulko.com
Add a new defconfig file for the AM335x High Security EVM. This config is specific for the case of SD card booting, we the boot types to be seperate defconfigs as some options change depending on boot type, in addition this allows us to trim the SPL size as we only need to support one boot media.
This defconfig is the same as for the non-secure part, except for: CONFIG_TI_SECURE_DEVICE option set to 'y' CONFIG_ISW_ENTRY_ADDR updated for secure images. CONFIG_FIT_IMAGE_POST_PROCESS option set to 'y' CONFIG_SPL_FIT_IMAGE_POST_PROCESS option set to 'y' CONFIG_SPL_SD_BOOT option set to 'y' so we will build an MMC compatible SPL CONFIG_USE_TINY_PRINTF option set to 'y' to reduce SPL size NAND removed from CONFIG_SYS_EXTRA_OPTIONS as this adds NAND support to SPL, not just U-Boot proper, when this is fixed this can be added back
Signed-off-by: Andrew F. Davis afd@ti.com --- configs/am335x_hs_evm_mmc_defconfig | 58 +++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 configs/am335x_hs_evm_mmc_defconfig
diff --git a/configs/am335x_hs_evm_mmc_defconfig b/configs/am335x_hs_evm_mmc_defconfig new file mode 100644 index 0000000..d10faaa --- /dev/null +++ b/configs/am335x_hs_evm_mmc_defconfig @@ -0,0 +1,58 @@ +CONFIG_ARM=y +CONFIG_AM33XX=y +CONFIG_TI_SECURE_DEVICE=y +CONFIG_TARGET_AM335X_EVM=y +CONFIG_SPL_STACK_R_ADDR=0x82000000 +CONFIG_DEFAULT_DEVICE_TREE="am335x-evm" +CONFIG_SPL=y +CONFIG_ISW_ENTRY_ADDR=0x40301750 +CONFIG_SPL_STACK_R=y +CONFIG_HUSH_PARSER=y +CONFIG_CMD_BOOTZ=y +# CONFIG_CMD_IMLS is not set +CONFIG_CMD_ASKENV=y +# CONFIG_CMD_FLASH is not set +CONFIG_CMD_MMC=y +CONFIG_CMD_SF=y +CONFIG_CMD_SPI=y +CONFIG_CMD_I2C=y +CONFIG_CMD_USB=y +CONFIG_CMD_DFU=y +CONFIG_CMD_GPIO=y +# CONFIG_CMD_SETEXPR is not set +CONFIG_CMD_DHCP=y +CONFIG_CMD_MII=y +CONFIG_CMD_PING=y +CONFIG_CMD_EXT2=y +CONFIG_CMD_EXT4=y +CONFIG_CMD_EXT4_WRITE=y +CONFIG_CMD_FAT=y +CONFIG_CMD_FS_GENERIC=y +CONFIG_OF_CONTROL=y +CONFIG_DM_MMC=y +CONFIG_SPI_FLASH=y +CONFIG_SPI_FLASH_WINBOND=y +CONFIG_DM_ETH=y +CONFIG_SYS_NS16550=y +CONFIG_TIMER=y +CONFIG_OMAP_TIMER=y +CONFIG_USB=y +CONFIG_USB_MUSB_HOST=y +CONFIG_USB_MUSB_GADGET=y +CONFIG_USB_GADGET=y +CONFIG_USB_GADGET_DOWNLOAD=y +CONFIG_G_DNL_MANUFACTURER="Texas Instruments" +CONFIG_G_DNL_VENDOR_NUM=0x0451 +CONFIG_G_DNL_PRODUCT_NUM=0xd022 +CONFIG_OF_LIBFDT=y +CONFIG_SPL_NET_VCI_STRING="AM335x U-Boot SPL" +CONFIG_RSA=y +CONFIG_FIT=y +CONFIG_SPL_OF_LIBFDT=y +CONFIG_SPL_LOAD_FIT=y +CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y +CONFIG_OF_LIST="am335x-evm am335x-bone am335x-boneblack am335x-evmsk am335x-bonegreen am335x-icev2" +CONFIG_DM_I2C=y +CONFIG_FIT_IMAGE_POST_PROCESS=y +CONFIG_SPL_SD_BOOT=y +CONFIG_USE_TINY_PRINTF=y
participants (3)
-
Andrew F. Davis -
Lokesh Vutla -
Tom Rini