[PATCH 1/6] mips: cpu: Use plain puts() in restart handler
This removes dependency on fprintf() , which is not available in SPL unless full printf support is enabled.
Signed-off-by: Marek Vasut marex@denx.de --- Cc: Daniel Schwierzeck daniel.schwierzeck@gmail.com Cc: Marek Vasut marex@denx.de --- arch/mips/cpu/cpu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/mips/cpu/cpu.c b/arch/mips/cpu/cpu.c index b304026a67c..f0e20da28f7 100644 --- a/arch/mips/cpu/cpu.c +++ b/arch/mips/cpu/cpu.c @@ -15,7 +15,7 @@ #if !CONFIG_IS_ENABLED(SYSRESET) void __weak _machine_restart(void) { - fprintf(stderr, "*** reset failed ***\n"); + puts("*** reset failed ***\n");
while (1) /* NOP */;
To avoid SRAM overflow in the SPL build, use simple malloc implementation.
Signed-off-by: Marek Vasut marex@denx.de --- Cc: Eugen Hristev eugen.hristev@collabora.com --- configs/sama5d2_icp_mmc_defconfig | 1 + 1 file changed, 1 insertion(+)
diff --git a/configs/sama5d2_icp_mmc_defconfig b/configs/sama5d2_icp_mmc_defconfig index 6b7e308680e..185694d4319 100644 --- a/configs/sama5d2_icp_mmc_defconfig +++ b/configs/sama5d2_icp_mmc_defconfig @@ -41,6 +41,7 @@ CONFIG_SPL_MAX_SIZE=0x10000 CONFIG_SPL_HAS_BSS_LINKER_SECTION=y CONFIG_SPL_BSS_START_ADDR=0x20000000 CONFIG_SPL_BSS_MAX_SIZE=0x80000 +CONFIG_SPL_SYS_MALLOC_SIMPLE=y # CONFIG_SPL_SHARES_INIT_SP_ADDR is not set CONFIG_SYS_SPL_MALLOC=y CONFIG_SYS_SPL_MALLOC_SIZE=0x80000
On 6/26/23 11:52, Marek Vasut wrote:
To avoid SRAM overflow in the SPL build, use simple malloc implementation.
Signed-off-by: Marek Vasut marex@denx.de
Cc: Eugen Hristev eugen.hristev@collabora.com
configs/sama5d2_icp_mmc_defconfig | 1 + 1 file changed, 1 insertion(+)
diff --git a/configs/sama5d2_icp_mmc_defconfig b/configs/sama5d2_icp_mmc_defconfig index 6b7e308680e..185694d4319 100644 --- a/configs/sama5d2_icp_mmc_defconfig +++ b/configs/sama5d2_icp_mmc_defconfig @@ -41,6 +41,7 @@ CONFIG_SPL_MAX_SIZE=0x10000 CONFIG_SPL_HAS_BSS_LINKER_SECTION=y CONFIG_SPL_BSS_START_ADDR=0x20000000 CONFIG_SPL_BSS_MAX_SIZE=0x80000 +CONFIG_SPL_SYS_MALLOC_SIMPLE=y # CONFIG_SPL_SHARES_INIT_SP_ADDR is not set CONFIG_SYS_SPL_MALLOC=y CONFIG_SYS_SPL_MALLOC_SIZE=0x80000
why is the email patch arriving after patch was already applied? not to say that it was applied so fast and without going through at91 tree.
Add weak default reset_cpu() implementation needed by e.g. panic().
Signed-off-by: Marek Vasut marex@denx.de --- Cc: "NXP i.MX U-Boot Team" uboot-imx@nxp.com Cc: Fabio Estevam festevam@gmail.com Cc: Stefano Babic sbabic@denx.de --- arch/arm/mach-imx/cpu.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/arch/arm/mach-imx/cpu.c b/arch/arm/mach-imx/cpu.c index 702cfc33275..488638c9058 100644 --- a/arch/arm/mach-imx/cpu.c +++ b/arch/arm/mach-imx/cpu.c @@ -510,3 +510,7 @@ char nxp_board_rev_string(void) return (*rev + nxp_board_rev() - 1); } #endif + +__weak void reset_cpu(void) +{ +}
Hi Marek,
On Mon, Jun 26, 2023 at 5:53 AM Marek Vasut marex@denx.de wrote:
Add weak default reset_cpu() implementation needed by e.g. panic().
Signed-off-by: Marek Vasut marex@denx.de
Cc: "NXP i.MX U-Boot Team" uboot-imx@nxp.com Cc: Fabio Estevam festevam@gmail.com Cc: Stefano Babic sbabic@denx.de
arch/arm/mach-imx/cpu.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/arch/arm/mach-imx/cpu.c b/arch/arm/mach-imx/cpu.c index 702cfc33275..488638c9058 100644 --- a/arch/arm/mach-imx/cpu.c +++ b/arch/arm/mach-imx/cpu.c @@ -510,3 +510,7 @@ char nxp_board_rev_string(void) return (*rev + nxp_board_rev() - 1); } #endif
+__weak void reset_cpu(void) +{ +}
This patch causes the 'reset' command to not reset the imx7d-sdb and smegw01 boards anymore.
If I do the change below, the board resets again:
diff --git a/drivers/watchdog/imx_watchdog.c b/drivers/watchdog/imx_watchdog.c index 894158b304a7..709e437c8bd0 100644 --- a/drivers/watchdog/imx_watchdog.c +++ b/drivers/watchdog/imx_watchdog.c @@ -44,7 +44,7 @@ static void imx_watchdog_expire_now(struct watchdog_regs *wdog, bool ext_reset)
#if !defined(CONFIG_IMX_WATCHDOG) || \ (defined(CONFIG_IMX_WATCHDOG) && !CONFIG_IS_ENABLED(WDT)) -void __attribute__((weak)) reset_cpu(void) +void reset_cpu(void) { struct watchdog_regs *wdog = (struct watchdog_regs *)WDOG1_BASE_ADDR;
Is this a correct fix?
Thanks
On 8/8/23 21:17, Fabio Estevam wrote:
Hi Marek,
On Mon, Jun 26, 2023 at 5:53 AM Marek Vasut marex@denx.de wrote:
Add weak default reset_cpu() implementation needed by e.g. panic().
Signed-off-by: Marek Vasut marex@denx.de
Cc: "NXP i.MX U-Boot Team" uboot-imx@nxp.com Cc: Fabio Estevam festevam@gmail.com Cc: Stefano Babic sbabic@denx.de
arch/arm/mach-imx/cpu.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/arch/arm/mach-imx/cpu.c b/arch/arm/mach-imx/cpu.c index 702cfc33275..488638c9058 100644 --- a/arch/arm/mach-imx/cpu.c +++ b/arch/arm/mach-imx/cpu.c @@ -510,3 +510,7 @@ char nxp_board_rev_string(void) return (*rev + nxp_board_rev() - 1); } #endif
+__weak void reset_cpu(void) +{ +}
This patch causes the 'reset' command to not reset the imx7d-sdb and smegw01 boards anymore.
If I do the change below, the board resets again:
diff --git a/drivers/watchdog/imx_watchdog.c b/drivers/watchdog/imx_watchdog.c index 894158b304a7..709e437c8bd0 100644 --- a/drivers/watchdog/imx_watchdog.c +++ b/drivers/watchdog/imx_watchdog.c @@ -44,7 +44,7 @@ static void imx_watchdog_expire_now(struct watchdog_regs *wdog, bool ext_reset)
#if !defined(CONFIG_IMX_WATCHDOG) || \ (defined(CONFIG_IMX_WATCHDOG) && !CONFIG_IS_ENABLED(WDT)) -void __attribute__((weak)) reset_cpu(void) +void reset_cpu(void) { struct watchdog_regs *wdog = (struct watchdog_regs *)WDOG1_BASE_ADDR;
Is this a correct fix?
No, this will likely fail on other machines which will now define two "strong" reset_cpu() functions. Drivers should really not provide any reset_cpu() implementation at all (except maybe for sysreset drivers), all that reset_cpu() should be in arch/ .
I think the proper fix is to use drivers/sysreset/sysreset_watchdog.c to expire that imx watchdog and cause a reset.
Check whether the loaded image or entry point does not overlap SPL.
Signed-off-by: Marek Vasut marex@denx.de --- Cc: "NXP i.MX U-Boot Team" uboot-imx@nxp.com Cc: Fabio Estevam festevam@denx.de Cc: Heiko Schocher hs@denx.de Cc: Heinrich Schuchardt xypron.glpk@gmx.de Cc: Rasmus Villemoes rasmus.villemoes@prevas.dk Cc: Simon Glass sjg@chromium.org Cc: Stefano Babic sbabic@denx.de Cc: Tom Rini trini@konsulko.com Cc: Ye Li ye.li@nxp.com --- V2: - Use _start instead of __image_copy_start and __bss_end for end - Define SYS_BOOTM_LEN for LEGACY_IMAGE_FORMAT || SPL_LEGACY_IMAGE_FORMAT --- cmd/Kconfig | 3 ++- common/spl/spl_legacy.c | 20 ++++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-)
diff --git a/cmd/Kconfig b/cmd/Kconfig index 365371fb511..02e54f1e50f 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -362,7 +362,8 @@ config BOOTM_VXWORKS
config SYS_BOOTM_LEN hex "Maximum size of a decompresed OS image" - depends on CMD_BOOTM || CMD_BOOTI || CMD_BOOTZ + depends on CMD_BOOTM || CMD_BOOTI || CMD_BOOTZ || \ + LEGACY_IMAGE_FORMAT || SPL_LEGACY_IMAGE_FORMAT default 0x4000000 if PPC || ARM64 default 0x1000000 if X86 || ARCH_MX6 || ARCH_MX7 default 0x800000 diff --git a/common/spl/spl_legacy.c b/common/spl/spl_legacy.c index 16851c55eb5..d34bc5492e8 100644 --- a/common/spl/spl_legacy.c +++ b/common/spl/spl_legacy.c @@ -7,6 +7,7 @@ #include <image.h> #include <log.h> #include <malloc.h> +#include <asm/sections.h> #include <spl.h>
#include <lzma/LzmaTypes.h> @@ -15,6 +16,22 @@
#define LZMA_LEN (1 << 20)
+static void spl_parse_legacy_validate(uintptr_t start, uintptr_t size) +{ + uintptr_t spl_start = (uintptr_t)_start; + uintptr_t spl_end = (uintptr_t)__bss_end; + uintptr_t end = start + size; + + if ((start >= spl_start && start < spl_end) || + (end > spl_start && end <= spl_end) || + (start < spl_start && end >= spl_end) || + (start > end && end > spl_start)) + panic("SPL: Image overlaps SPL\n"); + + if (size > CONFIG_SYS_BOOTM_LEN) + panic("SPL: Image too large\n"); +} + int spl_parse_legacy_header(struct spl_image_info *spl_image, const struct legacy_img_hdr *header) { @@ -58,6 +75,9 @@ int spl_parse_legacy_header(struct spl_image_info *spl_image, "payload image: %32s load addr: 0x%lx size: %d\n", spl_image->name, spl_image->load_addr, spl_image->size);
+ spl_parse_legacy_validate(spl_image->load_addr, spl_image->size); + spl_parse_legacy_validate(spl_image->entry_point, 0); + return 0; }
In case the DEBUG is enabled, these three lines warn about cast of pointer to integer of different size, add the missing casts to fix the warnings.
Signed-off-by: Marek Vasut marex@denx.de --- Cc: "NXP i.MX U-Boot Team" uboot-imx@nxp.com Cc: Fabio Estevam festevam@denx.de Cc: Heiko Schocher hs@denx.de Cc: Heinrich Schuchardt xypron.glpk@gmx.de Cc: Rasmus Villemoes rasmus.villemoes@prevas.dk Cc: Simon Glass sjg@chromium.org Cc: Stefano Babic sbabic@denx.de Cc: Tom Rini trini@konsulko.com Cc: Ye Li ye.li@nxp.com --- V2: No change --- arch/arm/mach-imx/hab.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index c6747b257c4..439cdaf07a7 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -932,10 +932,10 @@ int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry, ivt->dcd, ivt->csf); puts("Dumping IVT\n"); - print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0); + print_buffer(ivt_addr, (void *)(uintptr_t)(ivt_addr), 4, 0x8, 0);
puts("Dumping CSF Header\n"); - print_buffer(ivt->csf, (void *)(ivt->csf), 4, 0x10, 0); + print_buffer(ivt->csf, (void *)(uintptr_t)(ivt->csf), 4, 0x10, 0);
#if !defined(CONFIG_SPL_BUILD) get_hab_status(); @@ -944,7 +944,7 @@ int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, puts("\nCalling authenticate_image in ROM\n"); printf("\tivt_offset = 0x%x\n", ivt_offset); printf("\tstart = 0x%08lx\n", start); - printf("\tbytes = 0x%x\n", bytes); + printf("\tbytes = 0x%lx\n", (ulong)bytes); #endif
#ifndef CONFIG_ARM64
The current mechanism is unnecessarily complex. Simplify the whole mechanism such that the entire fitImage is signed, IVT is placed at the end, followed by CSF, and this entire bundle is also authenticated. This makes the signing scripting far simpler.
Signed-off-by: Marek Vasut marex@denx.de --- Cc: "NXP i.MX U-Boot Team" uboot-imx@nxp.com Cc: Fabio Estevam festevam@denx.de Cc: Heiko Schocher hs@denx.de Cc: Heinrich Schuchardt xypron.glpk@gmx.de Cc: Rasmus Villemoes rasmus.villemoes@prevas.dk Cc: Simon Glass sjg@chromium.org Cc: Stefano Babic sbabic@denx.de Cc: Tom Rini trini@konsulko.com Cc: Ye Li ye.li@nxp.com --- V2: Use CONFIG_TEXT_BASE + CONFIG_SYS_BOOTM_LEN if CONFIG_SPL_LOAD_FIT_ADDRESS is not defined --- arch/arm/dts/imx8mm-u-boot.dtsi | 2 + arch/arm/dts/imx8mn-u-boot.dtsi | 2 + arch/arm/dts/imx8mp-u-boot.dtsi | 2 + arch/arm/dts/imx8mq-u-boot.dtsi | 2 + arch/arm/mach-imx/spl.c | 67 ++++++----------- common/spl/spl_fit.c | 7 -- doc/imx/habv4/csf_examples/mx8m/csf.sh | 28 ++----- doc/imx/habv4/csf_examples/mx8m/csf_fit.txt | 10 +-- doc/imx/habv4/guides/mx8m_spl_secure_boot.txt | 74 ++++--------------- include/spl.h | 6 -- 10 files changed, 54 insertions(+), 146 deletions(-)
diff --git a/arch/arm/dts/imx8mm-u-boot.dtsi b/arch/arm/dts/imx8mm-u-boot.dtsi index 9c8ec1cf5b1..391fb10ed96 100644 --- a/arch/arm/dts/imx8mm-u-boot.dtsi +++ b/arch/arm/dts/imx8mm-u-boot.dtsi @@ -81,7 +81,9 @@
fit { description = "Configuration to load ATF before U-Boot"; +#ifndef CONFIG_IMX_HAB fit,external-offset = <CONFIG_FIT_EXTERNAL_OFFSET>; +#endif fit,fdt-list = "of-list"; #address-cells = <1>;
diff --git a/arch/arm/dts/imx8mn-u-boot.dtsi b/arch/arm/dts/imx8mn-u-boot.dtsi index cef20dab468..5046b38e4e2 100644 --- a/arch/arm/dts/imx8mn-u-boot.dtsi +++ b/arch/arm/dts/imx8mn-u-boot.dtsi @@ -145,7 +145,9 @@
fit { description = "Configuration to load ATF before U-Boot"; +#ifndef CONFIG_IMX_HAB fit,external-offset = <CONFIG_FIT_EXTERNAL_OFFSET>; +#endif fit,fdt-list = "of-list"; #address-cells = <1>;
diff --git a/arch/arm/dts/imx8mp-u-boot.dtsi b/arch/arm/dts/imx8mp-u-boot.dtsi index 18d1728e1d2..68cd0e10f02 100644 --- a/arch/arm/dts/imx8mp-u-boot.dtsi +++ b/arch/arm/dts/imx8mp-u-boot.dtsi @@ -103,7 +103,9 @@
fit { description = "Configuration to load ATF before U-Boot"; +#ifndef CONFIG_IMX_HAB fit,external-offset = <CONFIG_FIT_EXTERNAL_OFFSET>; +#endif fit,fdt-list = "of-list"; #address-cells = <1>;
diff --git a/arch/arm/dts/imx8mq-u-boot.dtsi b/arch/arm/dts/imx8mq-u-boot.dtsi index b3fef862b49..90b2274754b 100644 --- a/arch/arm/dts/imx8mq-u-boot.dtsi +++ b/arch/arm/dts/imx8mq-u-boot.dtsi @@ -97,7 +97,9 @@
fit { description = "Configuration to load ATF before U-Boot"; +#ifndef CONFIG_IMX_HAB fit,external-offset = <CONFIG_FIT_EXTERNAL_OFFSET>; +#endif #address-cells = <1>;
images { diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c index cb9801b7a13..6c13b00ef10 100644 --- a/arch/arm/mach-imx/spl.c +++ b/arch/arm/mach-imx/spl.c @@ -20,6 +20,7 @@ #include <asm/mach-imx/boot_mode.h> #include <g_dnl.h> #include <linux/libfdt.h> +#include <memalign.h>
DECLARE_GLOBAL_DATA_PTR;
@@ -315,47 +316,21 @@ ulong board_spl_fit_size_align(ulong size) size = ALIGN(size, 0x1000); size += CONFIG_CSF_SIZE;
- return size; -} + if (size > CONFIG_SYS_BOOTM_LEN) + panic("spl: ERROR: image too big\n");
-void board_spl_fit_post_load(const void *fit) -{ - u32 offset = ALIGN(fdt_totalsize(fit), 0x1000); - - if (imx_hab_authenticate_image((uintptr_t)fit, - offset + IVT_SIZE + CSF_PAD_SIZE, - offset)) { - panic("spl: ERROR: image authentication unsuccessful\n"); - } + return size; } #endif
void *board_spl_fit_buffer_addr(ulong fit_size, int sectors, int bl_len) { - int align_len = ARCH_DMA_MINALIGN - 1; - - /* Some devices like SDP, NOR, NAND, SPI are using bl_len =1, so their fit address - * is different with SD/MMC, this cause mismatch with signed address. Thus, adjust - * the bl_len to align with SD/MMC. - */ - if (bl_len < 512) - bl_len = 512; - - return (void *)((CONFIG_TEXT_BASE - fit_size - bl_len - - align_len) & ~align_len); -} +#if defined(CONFIG_SPL_LOAD_FIT_ADDRESS) + return (void *)CONFIG_SPL_LOAD_FIT_ADDRESS; +#else + return (void *)(CONFIG_TEXT_BASE + CONFIG_SYS_BOOTM_LEN); #endif - -#if defined(CONFIG_MX6) && defined(CONFIG_SPL_OS_BOOT) -int dram_init_banksize(void) -{ - gd->bd->bi_dram[0].start = CFG_SYS_SDRAM_BASE; - gd->bd->bi_dram[0].size = imx_ddr_size(); - - return 0; } -#endif - /* * read the address where the IVT header must sit * from IVT image header, loaded from SPL into @@ -365,7 +340,6 @@ int dram_init_banksize(void) void *spl_load_simple_fit_fix_load(const void *fit) { struct ivt *ivt; - unsigned long new; unsigned long offset; unsigned long size; u8 *tmp = (u8 *)fit; @@ -375,16 +349,23 @@ void *spl_load_simple_fit_fix_load(const void *fit) size = board_spl_fit_size_align(size); tmp += offset; ivt = (struct ivt *)tmp; - if (ivt->hdr.magic != IVT_HEADER_MAGIC) { - debug("no IVT header found\n"); - return (void *)fit; - } + debug("%s: ivt: %p offset: %lx size: %lx\n", __func__, ivt, offset, size); debug("%s: ivt self: %x\n", __func__, ivt->self); - new = ivt->self; - new -= offset; - debug("%s: new %lx\n", __func__, new); - memcpy((void *)new, fit, size);
- return (void *)new; + if (imx_hab_authenticate_image((uintptr_t)fit, (uintptr_t)ivt, offset)) + panic("spl: ERROR: image authentication unsuccessful\n"); + + return (void *)fit; } +#endif /* CONFIG_IMX_HAB */ + +#if defined(CONFIG_MX6) && defined(CONFIG_SPL_OS_BOOT) +int dram_init_banksize(void) +{ + gd->bd->bi_dram[0].start = CFG_SYS_SDRAM_BASE; + gd->bd->bi_dram[0].size = imx_ddr_size(); + + return 0; +} +#endif diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c index c51482b3b65..730639f7562 100644 --- a/common/spl/spl_fit.c +++ b/common/spl/spl_fit.c @@ -27,10 +27,6 @@ struct spl_fit_info { int conf_node; /* FDT offset to selected configuration node */ };
-__weak void board_spl_fit_post_load(const void *fit) -{ -} - __weak ulong board_spl_fit_size_align(ulong size) { return size; @@ -829,8 +825,5 @@ int spl_load_simple_fit(struct spl_image_info *spl_image,
spl_image->flags |= SPL_FIT_FOUND;
- if (IS_ENABLED(CONFIG_IMX_HAB)) - board_spl_fit_post_load(ctx.fit); - return 0; } diff --git a/doc/imx/habv4/csf_examples/mx8m/csf.sh b/doc/imx/habv4/csf_examples/mx8m/csf.sh index b79f09e1f45..7cb38e02254 100644 --- a/doc/imx/habv4/csf_examples/mx8m/csf.sh +++ b/doc/imx/habv4/csf_examples/mx8m/csf.sh @@ -34,29 +34,11 @@ dd if=csf_spl.bin of=flash.bin bs=1 seek=${spl_dd_offset} conv=notrunc
# 3) Sign u-boot.itb
-# fitImage tree -fit_block_base=$(printf "0x%x" $(( $(sed -n "/CONFIG_TEXT_BASE=/ s@.*=@@p" .config) - $(sed -n "/CONFIG_FIT_EXTERNAL_OFFSET=/ s@.*=@@p" .config) - 0x200 - 0x40)) ) +# fitImage +fit_block_base=$(printf "0x%x" $(sed -n "/CONFIG_SPL_LOAD_FIT_ADDRESS=/ s@.*=@@p" .config) ) fit_block_offset=$(printf "0x%s" $(fdtget -t x u-boot.dtb /binman/imx-boot/uboot offset)) -fit_block_size=$(printf "0x%x" $(( ( ($(fdtdump u-boot.itb 2>/dev/null | sed -n "/^...totalsize:/ s@.*(0x[0-9a-f]+).*@\1@p") + 0x1000 - 0x1 ) & ~(0x1000 - 0x1)) + 0x20 )) ) -sed -i "/Blocks = / s@.*@ Blocks = $fit_block_base $fit_block_offset $fit_block_size "flash.bin", \\@" csf_fit.tmp - -# U-Boot -uboot_block_base=$(printf "0x%s" $(fdtget -t x u-boot.itb /images/uboot load)) -uboot_block_offset=$(printf "0x%x" $(( $(printf "0x%s" $(fdtget -t x u-boot.itb /images/uboot data-position)) + ${fit_block_offset} ))) -uboot_block_size=$(printf "0x%s" $(fdtget -t x u-boot.itb /images/uboot data-size)) -sed -i "/0xuuuu/ s@.*@ $uboot_block_base $uboot_block_offset $uboot_block_size "flash.bin", \\@" csf_fit.tmp - -# ATF -atf_block_base=$(printf "0x%s" $(fdtget -t x u-boot.itb /images/atf load)) -atf_block_offset=$(printf "0x%x" $(( $(printf "0x%s" $(fdtget -t x u-boot.itb /images/atf data-position)) + ${fit_block_offset} ))) -atf_block_size=$(printf "0x%s" $(fdtget -t x u-boot.itb /images/atf data-size)) -sed -i "/0xaaaa/ s@.*@ $atf_block_base $atf_block_offset $atf_block_size "flash.bin", \\@" csf_fit.tmp - -# DTB -dtb_block_base=$(printf "0x%x" $(( ${uboot_block_base} + ${uboot_block_size} ))) -dtb_block_offset=$(printf "0x%x" $(( $(printf "0x%s" $(fdtget -t x u-boot.itb /images/fdt-1 data-position)) + ${fit_block_offset} ))) -dtb_block_size=$(printf "0x%s" $(fdtget -t x u-boot.itb /images/fdt-1 data-size)) -sed -i "/0xdddd/ s@.*@ $dtb_block_base $dtb_block_offset $dtb_block_size "flash.bin"@" csf_fit.tmp +fit_block_size=$(printf "0x%x" $(( ( ( $(stat -tc %s u-boot.itb) + 0x1000 - 0x1 ) & ~(0x1000 - 0x1)) + 0x20 )) ) +sed -i "/Blocks = / s@.*@ Blocks = $fit_block_base $fit_block_offset $fit_block_size "flash.bin"@" csf_fit.tmp
# IVT ivt_ptr_base=$(printf "%08x" ${fit_block_base} | sed "s@(..)(..)(..)(..)@0x\4\3\2\1@") @@ -65,7 +47,7 @@ csf_block_base=$(printf "%08x" $(( ${fit_block_base} + ${fit_block_size} )) | se ivt_block_offset=$((${fit_block_offset} + ${fit_block_size} - 0x20)) csf_block_offset=$((${ivt_block_offset} + 0x20))
-echo "0xd1002041 ${ivt_ptr_base} 0x00000000 0x00000000 0x00000000 ${ivt_block_base} ${csf_block_base} 0x00000000" | xxd -r -p > ivt.bin +echo "0xd1002041 ${ivt_block_base} 0x00000000 0x00000000 0x00000000 ${ivt_block_base} ${csf_block_base} 0x00000000" | xxd -r -p > ivt.bin dd if=ivt.bin of=flash.bin bs=1 seek=${ivt_block_offset} conv=notrunc
# Generate CSF blob diff --git a/doc/imx/habv4/csf_examples/mx8m/csf_fit.txt b/doc/imx/habv4/csf_examples/mx8m/csf_fit.txt index cd1d4070a5e..bbb82f69448 100644 --- a/doc/imx/habv4/csf_examples/mx8m/csf_fit.txt +++ b/doc/imx/habv4/csf_examples/mx8m/csf_fit.txt @@ -26,11 +26,5 @@ [Authenticate Data] Verification index = 2 # FIXME: - # Line 1 -- fitImage tree - # Line 2 -- U-Boot u-boot-nodtb.bin blob - # Line 3 -- ATF BL31 blob - # Line 4 -- DT blob - Blocks = 0x401fcdc0 0x57c00 0xffff "flash.bin", \ - 0x40200000 0x62c00 0xuuuu "flash.bin", \ - 0x920000 0x00000 0xaaaa "flash.bin", \ - 0x40200000 0x00000 0xdddd "flash.bin" + # Line 1 -- fitImage + Blocks = 0x401fcdc0 0x57c00 0xffff "flash.bin" diff --git a/doc/imx/habv4/guides/mx8m_spl_secure_boot.txt b/doc/imx/habv4/guides/mx8m_spl_secure_boot.txt index 3e3d38440f9..e79726bf2c5 100644 --- a/doc/imx/habv4/guides/mx8m_spl_secure_boot.txt +++ b/doc/imx/habv4/guides/mx8m_spl_secure_boot.txt @@ -79,18 +79,16 @@ code within it:
The diagram below illustrate a signed U-Boot binary, DT blob and external ATF BL31 blob combined to form fitImage part of flash.bin container layout. -The *load_address is derived from CONFIG_TEXT_BASE such that the U-Boot -binary *start is placed exactly at CONFIG_SPL_TEXT_BASE in DRAM, however the -SPL moves the fitImage tree further to location: - *load_address = CONFIG_SPL_TEXT_BASE - CONFIG_FIT_EXTERNAL_OFFSET (=12kiB) - - 512 Byte sector - sizeof(mkimage header) +The *load_address is CONFIG_SPL_LOAD_FIT_ADDRESS, the fitImage is loaded +including all of its embedded data, authenticated using IVT+CSF concatenated +at the end of the fitImage at offset aligned to 4 kiB. The fitImage with +external data is not supported.
------- +-----------------------------+ <-- *load_address ^ | | | | fitImage tree | - | | with external data at | - | | offset 12 kiB from tree | - | | (cca. 1 kiB) | + | | with embedded data | + | | (cca. 1 MiB) | Signed | | | .----- Tree | +-----------------------------+ | Data | | Padding to next 4k aligned | @@ -101,34 +99,9 @@ SPL moves the fitImage tree further to location: | ------- +-----------------------------+ <-- *csf | | Command Sequence File (CSF) | | | for all signed entries in | - >--------------->| the fitImage, tree and data | - | | (cca 6-7 kiB) | - | +-----------------------------+ - | | Padding to 12 kiB offset | - | | from *load_address | - | ------- +-----------------------------+ <-- *start - | ^ | | - | Signed | | | - |---- Payload | | U-Boot external data blob | - | Data | | | - | v | | - | ------- +-----------------------------+ - | | Padding to 4 Bytes | - | ------- +-----------------------------+ - | ^ | | - | Signed | | | - |---- Payload | | ATF external data blob | - | Data | | | - | v | | - | ------- +-----------------------------+ - | | Padding to 4 Bytes | - | ------- +-----------------------------+ - | ^ | | - | Signed | | | - '---- Payload | | DTB external data blob | - Data | | | - v | | - ------- +-----------------------------+ + '---------------->| the fitImage, tree and data | + | (cca 6-7 kiB) | + +-----------------------------+
The diagram below illustrate a combined flash.bin container layout:
@@ -202,29 +175,11 @@ dd if=csf_spl.bin of=flash.bin bs=1 seek=${spl_dd_offset} conv=notrunc
CSF "Blocks" line for csf_fit.txt can be generated as follows: ``` -# fitImage tree -fit_block_base=$(printf "0x%x" $(( $(sed -n "/CONFIG_TEXT_BASE=/ s@.*=@@p" .config) - $(sed -n "/CONFIG_FIT_EXTERNAL_OFFSET=/ s@.*=@@p" .config) - 0x200 - 0x40)) ) +# fitImage +fit_block_base=$(printf "0x%x" $(sed -n "/CONFIG_SPL_LOAD_FIT_ADDRESS=/ s@.*=@@p" .config) ) fit_block_offset=$(printf "0x%s" $(fdtget -t x u-boot.dtb /binman/imx-boot/uboot offset)) -fit_block_size=$(printf "0x%x" $(( ( $(fdtdump u-boot.itb 2>/dev/null | sed -n "/^...totalsize:/ s@.*(0x[0-9a-f]+).*@\1@p") + 0x1000 - 0x1 ) & ~(0x1000 - 0x1) + 0x20 )) ) -sed -i "/Blocks = / s@.*@ Blocks = $fit_block_base $fit_block_offset $fit_block_size "flash.bin", \\@" csf_fit.tmp - -# U-Boot -uboot_block_base=$(printf "0x%s" $(fdtget -t x u-boot.itb /images/uboot load)) -uboot_block_offset=$(printf "0x%x" $(( $(printf "0x%s" $(fdtget -t x u-boot.itb /images/uboot data-position)) + ${fit_block_offset} ))) -uboot_block_size=$(printf "0x%s" $(fdtget -t x u-boot.itb /images/uboot data-size)) -sed -i "/0xuuuu/ s@.*@ $uboot_block_base $uboot_block_offset $uboot_block_size "flash.bin", \\@" csf_fit.tmp - -# ATF -atf_block_base=$(printf "0x%s" $(fdtget -t x u-boot.itb /images/atf load)) -atf_block_offset=$(printf "0x%x" $(( $(printf "0x%s" $(fdtget -t x u-boot.itb /images/atf data-position)) + ${fit_block_offset} ))) -atf_block_size=$(printf "0x%s" $(fdtget -t x u-boot.itb /images/atf data-size)) -sed -i "/0xaaaa/ s@.*@ $atf_block_base $atf_block_offset $atf_block_size "flash.bin", \\@" csf_fit.tmp - -# DTB -dtb_block_base=$(printf "0x%x" $(( ${uboot_block_base} + ${uboot_block_size} ))) -dtb_block_offset=$(printf "0x%x" $(( $(printf "0x%s" $(fdtget -t x u-boot.itb /images/fdt-1 data-position)) + ${fit_block_offset} ))) -dtb_block_size=$(printf "0x%s" $(fdtget -t x u-boot.itb /images/fdt-1 data-size)) -sed -i "/0xdddd/ s@.*@ $dtb_block_base $dtb_block_offset $dtb_block_size "flash.bin"@" csf_fit.tmp +fit_block_size=$(printf "0x%x" $(( ( ( $(stat -tc %s u-boot.itb) + 0x1000 - 0x1 ) & ~(0x1000 - 0x1)) + 0x20 )) ) +sed -i "/Blocks = / s@.*@ Blocks = $fit_block_base $fit_block_offset $fit_block_size "flash.bin"@" csf_fit.tmp ```
The fitImage part of flash.bin requires separate IVT. Generate the IVT and @@ -237,8 +192,9 @@ csf_block_base=$(printf "%08x" $(( ${fit_block_base} + ${fit_block_size} )) | se ivt_block_offset=$((${fit_block_offset} + ${fit_block_size} - 0x20)) csf_block_offset=$((${ivt_block_offset} + 0x20))
-echo "0xd1002041 ${ivt_ptr_base} 0x00000000 0x00000000 0x00000000 ${ivt_block_base} ${csf_block_base} 0x00000000" | xxd -r -p > ivt.bin +echo "0xd1002041 ${ivt_block_base} 0x00000000 0x00000000 0x00000000 ${ivt_block_base} ${csf_block_base} 0x00000000" | xxd -r -p > ivt.bin dd if=ivt.bin of=flash.bin bs=1 seek=${ivt_block_offset} conv=notrunc +```
To generate CSF signature for the fitImage part of flash.bin container, use CST: ``` diff --git a/include/spl.h b/include/spl.h index 7e0f5ac63b0..98f57328a53 100644 --- a/include/spl.h +++ b/include/spl.h @@ -871,12 +871,6 @@ void spl_invoke_opensbi(struct spl_image_info *spl_image); int board_return_to_bootrom(struct spl_image_info *spl_image, struct spl_boot_device *bootdev);
-/** - * board_spl_fit_post_load - allow process images after loading finished - * @fit: Pointer to a valid Flattened Image Tree blob - */ -void board_spl_fit_post_load(const void *fit); - /** * board_spl_fit_size_align - specific size align before processing payload *
participants (3)
-
Eugen Hristev -
Fabio Estevam -
Marek Vasut