[U-Boot] [PATCH v2 0/11] Minor improvements to secure boot and enable on beaglebone
This series fixes a few problems that have come up since the secure boot series was merged:
- A recent commit broken the assumption that u-boot.bin ends at a known address (thus making things appended to U-Boot inaccessible from the code). This is fixed for Beaglebone and also a new test is added to the Makefile to ensure that it does not break again. All boards have been tested.
- A way is needed to provide an externally-build device tree binary for U-Boot. This allows signing to happen outside the U-Boot build system.
- The .img files generated by an OMAP build need to include the FDT if one is appended.
- Adding signatures to an FDT can cause the FDT to run out of space. The fix is to regenerate the FDT from scratch with different dtc parameters, so pretty painful. Instead, we automatically expand the FDT.
The last two commits enable secure boot on Beaglebone (this will have no effect unless signed images are used). This could be moved to a separate configuration if required, or these patches could even be ignored:
am33xx/omap: Enable FIT support am33xx/omap: Enable secure boot with CONFIG_FIT_SIGNATURE
This series has been run through buildman:
/tools/buildman/buildman -b talk2 -s Summary of 12 commits for 1210 boards (32 threads, 1 job per thread) 01: Prepare v2014.04 blackfin: + bf609-ezkit m68k: + M54455EVB_a66 M5329AFEE M5249EVB M5208EVBE eb_cpu5282 M54451EVB astro_mcf5373l M54418TWR_serial_rmii M54455EVB_intel M5475FFE M5282EVB M54455EVB_i66 M5475GFE M5253DEMO M54455EVB_stm33 M5485BFE M5485DFE TASREG M5329BFEE M52277EVB M5475EFE M5475CFE cobra5272 M5485AFE M53017EVB M5485HFE M5235EVB M5253EVBE M54418TWR_nand_mii M54418TWR_nand_rmii_lowfreq M5475BFE M54418TWR_nand_rmii M5475DFE M5275EVB M52277EVB_stmicro eb_cpu5282_internal M54451EVB_stmicro M5485GFE M5373EVB M5485EFE M5485FFE M54418TWR M5235EVB_Flash32 M54418TWR_serial_mii M5485CFE M54455EVB M5475AFE M5272C3 powerpc: + SIMPC8313_SP P1023RDS_NAND MPC8569MDS_NAND P2020RDB_NAND MPC8536DS_NAND P1020RDB_NAND MPC8315ERDB_NAND P1011RDB_NAND SIMPC8313_LP MPC8572DS_NAND P2010RDB_NAND sparc: + grsim grsim_leon2 gr_cpci_ax2000 gr_xc3s_1500 gr_ep2s60 sh: + rsk7269 rsk7264 rsk7203 nios2: + nios2-generic PK1C20 microblaze: + microblaze-generic openrisc: + openrisc-generic arm: + tricorder tricorder_flash 02: Check that u-boot.bin size looks correct arm: + am335x_evm_uart5 am335x_evm_uart4 am335x_evm_uart1 am335x_evm_uart3 am335x_boneblack am335x_evm_usbspl am335x_evm_nor cm_t335 am335x_evm_norboot am335x_evm_spiboot am335x_evm am335x_evm_uart2 mx31ads 03: ti: am335x: Fix the U-Boot binary output arm: am335x_evm_uart5 am335x_evm_uart4 am335x_evm_uart1 am335x_evm_uart3 am335x_boneblack am335x_evm_usbspl am335x_evm_nor am335x_evm_norboot am335x_evm_spiboot am335x_evm am335x_evm_uart2 04: am33xx/omap: Allow cache enable for all Sitara/OMAP 05: hash: Export functions to find and show hash 06: fdt: Add DEV_TREE_BIN option to specify a device tree binary file 07: fdt: Update functions which write to an FDT to return -ENOSPC 08: mkimage: Automatically make space in FDT when full 09: arm: ti: Increase malloc size to 16MB for armv7 boards 10: am33xx/omap: Enable CONFIG_OF_CONTROL 11: am33xx/omap: Enable FIT support 12: am33xx/omap: Enable secure boot with CONFIG_FIT_SIGNATURE
The breakage in 02 is because I add the check before fixing the problem, in order to verify what is affected. The order can be changed when applying if required.
Changes in v2: - Add new patch to check u-boot.bin size against symbol table - Add new patch to ensure the hash section is inside the image for am335x - Update to cover all omap devices - Adjust for kbuild changes - Fix line over 80cols - Move device tree files into arch/arm/dts
Simon Glass (11): Check that u-boot.bin size looks correct ti: am335x: Fix the U-Boot binary output am33xx/omap: Allow cache enable for all Sitara/OMAP hash: Export functions to find and show hash fdt: Add DEV_TREE_BIN option to specify a device tree binary file fdt: Update functions which write to an FDT to return -ENOSPC mkimage: Automatically make space in FDT when full arm: ti: Increase malloc size to 16MB for armv7 boards am33xx/omap: Enable CONFIG_OF_CONTROL am33xx/omap: Enable FIT support am33xx/omap: Enable secure boot with CONFIG_FIT_SIGNATURE
Makefile | 16 +- arch/arm/cpu/armv7/am33xx/board.c | 8 - arch/arm/cpu/armv7/omap-common/Makefile | 4 + arch/arm/cpu/armv7/omap-common/hwinit-common.c | 42 -- arch/arm/cpu/armv7/omap-common/omap-cache.c | 56 +++ arch/arm/cpu/armv7/omap3/board.c | 8 - arch/arm/dts/Makefile | 1 + arch/arm/dts/am335x-bone-common.dtsi | 262 ++++++++++ arch/arm/dts/am335x-boneblack.dts | 17 + arch/arm/dts/am33xx.dtsi | 649 +++++++++++++++++++++++++ arch/arm/dts/dt-bindings/gpio/gpio.h | 15 + arch/arm/dts/dt-bindings/pinctrl/am33xx.h | 42 ++ arch/arm/dts/dt-bindings/pinctrl/omap.h | 55 +++ arch/arm/dts/tps65217.dtsi | 56 +++ board/ti/am335x/u-boot.lds | 3 +- common/hash.c | 13 +- common/image-fit.c | 4 +- doc/README.fdt-control | 16 +- dts/Makefile | 4 + include/configs/am335x_evm.h | 9 + include/configs/ti_armv7_common.h | 2 +- include/hash.h | 22 + include/rsa.h | 3 +- lib/rsa/rsa-sign.c | 28 +- tools/fit_image.c | 165 +++++-- tools/image-host.c | 26 +- 26 files changed, 1381 insertions(+), 145 deletions(-) create mode 100644 arch/arm/cpu/armv7/omap-common/omap-cache.c create mode 100644 arch/arm/dts/am335x-bone-common.dtsi create mode 100644 arch/arm/dts/am335x-boneblack.dts create mode 100644 arch/arm/dts/am33xx.dtsi create mode 100644 arch/arm/dts/dt-bindings/gpio/gpio.h create mode 100644 arch/arm/dts/dt-bindings/pinctrl/am33xx.h create mode 100644 arch/arm/dts/dt-bindings/pinctrl/omap.h create mode 100644 arch/arm/dts/tps65217.dtsi
Check that the image size matches the size we get from u-boot.bin. If it doesn't, that generally means that some extra sections are being added to u-boot.bin, meaning that it is not possible to access data appended to the U-Boot binary. This is used for device tree, so needs to work.
This problem was introduced by commit b02bfc4. By adding a test we can prevent a reccurence.
Signed-off-by: Simon Glass sjg@chromium.org ---
Changes in v2: - Add new patch to check u-boot.bin size against symbol table
Makefile | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/Makefile b/Makefile index c91c10e..6ca4bf6 100644 --- a/Makefile +++ b/Makefile @@ -695,7 +695,7 @@ DO_STATIC_RELA = endif
# Always append ALL so that arch config.mk's can add custom ones -ALL-y += u-boot.srec u-boot.bin System.map +ALL-y += u-boot.srec u-boot.bin System.map binary_size_check
ALL-$(CONFIG_NAND_U_BOOT) += u-boot-nand.bin ALL-$(CONFIG_ONENAND_U_BOOT) += u-boot-onenand.bin @@ -768,6 +768,18 @@ u-boot.hex u-boot.srec: u-boot FORCE
OBJCOPYFLAGS_u-boot.bin := -O binary
+binary_size_check: u-boot.bin System.map FORCE + @file_size=`stat -c %s u-boot.bin` ; \ + map_size=$(shell cat System.map | \ + awk '/_image_copy_start/ {start = $$1} /_image_binary_end/ {end = $$1} END {if (start != "" && end != "") print strtonum("0x" end) - strtonum("0x" start)}'); \ + if [ "" != "$$map_size" ]; then \ + if test $$map_size -ne $$file_size; then \ + echo "System.map shows a binary size of $$map_size" >&2 ; \ + echo " but u-boot.bin shows $$file_size" >&2 ; \ + exit 1; \ + fi \ + fi + u-boot.bin: u-boot FORCE $(call if_changed,objcopy) $(call DO_STATIC_RELA,$<,$@,$(CONFIG_SYS_TEXT_BASE))
This should include the hash so that image_binary_size is really at the end of the image, and not some 300 bytes earlier.
Signed-off-by: Simon Glass sjg@chromium.org ---
Changes in v2: - Add new patch to ensure the hash section is inside the image for am335x
board/ti/am335x/u-boot.lds | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/board/ti/am335x/u-boot.lds b/board/ti/am335x/u-boot.lds index a9e3d34..a2dda92 100644 --- a/board/ti/am335x/u-boot.lds +++ b/board/ti/am335x/u-boot.lds @@ -77,6 +77,8 @@ SECTIONS *(.__rel_dyn_end) }
+ .hash : { *(.hash*) } + .end : { *(.__end) @@ -117,7 +119,6 @@ SECTIONS .dynbss : { *(.dynbss) } .dynstr : { *(.dynstr*) } .dynamic : { *(.dynamic*) } - .hash : { *(.hash*) } .gnu.hash : { *(.gnu.hash) } .plt : { *(.plt*) } .interp : { *(.interp*) }
Enable the cache for all devices, unless CONFIG_SYS_DCACHE_OFF is defined. This speeds up the Beaglebone Black boot considerable.
(Tested only on Beaglebone Black with SD card boot)
Signed-off-by: Simon Glass sjg@chromium.org ---
Changes in v2: - Update to cover all omap devices
arch/arm/cpu/armv7/am33xx/board.c | 8 ---- arch/arm/cpu/armv7/omap-common/Makefile | 4 ++ arch/arm/cpu/armv7/omap-common/hwinit-common.c | 42 ------------------- arch/arm/cpu/armv7/omap-common/omap-cache.c | 56 ++++++++++++++++++++++++++ arch/arm/cpu/armv7/omap3/board.c | 8 ---- 5 files changed, 60 insertions(+), 58 deletions(-) create mode 100644 arch/arm/cpu/armv7/omap-common/omap-cache.c
diff --git a/arch/arm/cpu/armv7/am33xx/board.c b/arch/arm/cpu/armv7/am33xx/board.c index fb44cc8..92f3f22 100644 --- a/arch/arm/cpu/armv7/am33xx/board.c +++ b/arch/arm/cpu/armv7/am33xx/board.c @@ -243,11 +243,3 @@ void s_init(void) sdram_init(); } #endif - -#ifndef CONFIG_SYS_DCACHE_OFF -void enable_caches(void) -{ - /* Enable D-cache. I-cache is already enabled in start.S */ - dcache_enable(); -} -#endif /* !CONFIG_SYS_DCACHE_OFF */ diff --git a/arch/arm/cpu/armv7/omap-common/Makefile b/arch/arm/cpu/armv7/omap-common/Makefile index 59f5352..b7400d5 100644 --- a/arch/arm/cpu/armv7/omap-common/Makefile +++ b/arch/arm/cpu/armv7/omap-common/Makefile @@ -22,6 +22,10 @@ obj-y += pipe3-phy.o obj-$(CONFIG_SCSI_AHCI_PLAT) += sata.o endif
+ifeq ($(CONFIG_SYS_DCACHE_OFF),) +obj-y += omap-cache.o +endif + ifeq ($(CONFIG_OMAP34XX),) obj-y += boot-common.o obj-y += lowlevel_init.o diff --git a/arch/arm/cpu/armv7/omap-common/hwinit-common.c b/arch/arm/cpu/armv7/omap-common/hwinit-common.c index 8ebc0ce..16baa73 100644 --- a/arch/arm/cpu/armv7/omap-common/hwinit-common.c +++ b/arch/arm/cpu/armv7/omap-common/hwinit-common.c @@ -18,13 +18,8 @@ #include <asm/emif.h> #include <asm/omap_common.h> #include <linux/compiler.h> -#include <asm/cache.h> #include <asm/system.h>
-#define ARMV7_DCACHE_WRITEBACK 0xe -#define ARMV7_DOMAIN_CLIENT 1 -#define ARMV7_DOMAIN_MASK (0x3 << 0) - DECLARE_GLOBAL_DATA_PTR;
void do_set_mux(u32 base, struct pad_conf_entry const *array, int size) @@ -260,40 +255,3 @@ int print_cpuinfo(void) return 0; } #endif - -#ifndef CONFIG_SYS_DCACHE_OFF -void enable_caches(void) -{ - /* Enable D-cache. I-cache is already enabled in start.S */ - dcache_enable(); -} - -void dram_bank_mmu_setup(int bank) -{ - bd_t *bd = gd->bd; - int i; - - u32 start = bd->bi_dram[bank].start >> 20; - u32 size = bd->bi_dram[bank].size >> 20; - u32 end = start + size; - - debug("%s: bank: %d\n", __func__, bank); - for (i = start; i < end; i++) - set_section_dcache(i, ARMV7_DCACHE_WRITEBACK); - -} - -void arm_init_domains(void) -{ - u32 reg; - - reg = get_dacr(); - /* - * Set DOMAIN to client access so that all permissions - * set in pagetables are validated by the mmu. - */ - reg &= ~ARMV7_DOMAIN_MASK; - reg |= ARMV7_DOMAIN_CLIENT; - set_dacr(reg); -} -#endif diff --git a/arch/arm/cpu/armv7/omap-common/omap-cache.c b/arch/arm/cpu/armv7/omap-common/omap-cache.c new file mode 100644 index 0000000..579bebf --- /dev/null +++ b/arch/arm/cpu/armv7/omap-common/omap-cache.c @@ -0,0 +1,56 @@ +/* + * + * Common functions for OMAP4/5 based boards + * + * (C) Copyright 2010 + * Texas Instruments, <www.ti.com> + * + * Author : + * Aneesh V aneesh@ti.com + * Steve Sakoman steve@sakoman.com + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include <common.h> +#include <asm/cache.h> + +DECLARE_GLOBAL_DATA_PTR; + +#define ARMV7_DCACHE_WRITEBACK 0xe +#define ARMV7_DOMAIN_CLIENT 1 +#define ARMV7_DOMAIN_MASK (0x3 << 0) + +void enable_caches(void) +{ + /* Enable D-cache. I-cache is already enabled in start.S */ + dcache_enable(); +} + +void dram_bank_mmu_setup(int bank) +{ + bd_t *bd = gd->bd; + int i; + + u32 start = bd->bi_dram[bank].start >> 20; + u32 size = bd->bi_dram[bank].size >> 20; + u32 end = start + size; + + debug("%s: bank: %d\n", __func__, bank); + for (i = start; i < end; i++) + set_section_dcache(i, ARMV7_DCACHE_WRITEBACK); +} + +void arm_init_domains(void) +{ + u32 reg; + + reg = get_dacr(); + /* + * Set DOMAIN to client access so that all permissions + * set in pagetables are validated by the mmu. + */ + reg &= ~ARMV7_DOMAIN_MASK; + reg |= ARMV7_DOMAIN_CLIENT; + set_dacr(reg); +} diff --git a/arch/arm/cpu/armv7/omap3/board.c b/arch/arm/cpu/armv7/omap3/board.c index 2922816..74c037b 100644 --- a/arch/arm/cpu/armv7/omap3/board.c +++ b/arch/arm/cpu/armv7/omap3/board.c @@ -478,11 +478,3 @@ void omap3_outer_cache_disable(void) omap3_update_aux_cr(0, 0x2); } #endif /* !CONFIG_SYS_L2CACHE_OFF */ - -#ifndef CONFIG_SYS_DCACHE_OFF -void enable_caches(void) -{ - /* Enable D-cache. I-cache is already enabled in start.S */ - dcache_enable(); -} -#endif /* !CONFIG_SYS_DCACHE_OFF */
These functions are generally useful for displaying a hash value and finding available algorithms, so export them.
Signed-off-by: Simon Glass sjg@chromium.org ---
Changes in v2: None
common/hash.c | 13 ++++++------- include/hash.h | 22 ++++++++++++++++++++++ 2 files changed, 28 insertions(+), 7 deletions(-)
diff --git a/common/hash.c b/common/hash.c index 872cd85..f82b9dd 100644 --- a/common/hash.c +++ b/common/hash.c @@ -204,7 +204,7 @@ static int parse_verify_sum(struct hash_algo *algo, char *verify_str, u8 *vsum, return 0; }
-static struct hash_algo *find_hash_algo(const char *name) +struct hash_algo *hash_find_algo(const char *name) { int i;
@@ -216,8 +216,7 @@ static struct hash_algo *find_hash_algo(const char *name) return NULL; }
-static void show_hash(struct hash_algo *algo, ulong addr, ulong len, - u8 *output) +void hash_show(struct hash_algo *algo, ulong addr, ulong len, u8 *output) { int i;
@@ -231,7 +230,7 @@ int hash_block(const char *algo_name, const void *data, unsigned int len, { struct hash_algo *algo;
- algo = find_hash_algo(algo_name); + algo = hash_find_algo(algo_name); if (!algo) { debug("Unknown hash algorithm '%s'\n", algo_name); return -EPROTONOSUPPORT; @@ -265,7 +264,7 @@ int hash_command(const char *algo_name, int flags, cmd_tbl_t *cmdtp, int flag, u8 vsum[HASH_MAX_DIGEST_SIZE]; void *buf;
- algo = find_hash_algo(algo_name); + algo = hash_find_algo(algo_name); if (!algo) { printf("Unknown hash algorithm '%s'\n", algo_name); return CMD_RET_USAGE; @@ -298,7 +297,7 @@ int hash_command(const char *algo_name, int flags, cmd_tbl_t *cmdtp, int flag, if (memcmp(output, vsum, algo->digest_size) != 0) { int i;
- show_hash(algo, addr, len, output); + hash_show(algo, addr, len, output); printf(" != "); for (i = 0; i < algo->digest_size; i++) printf("%02x", vsum[i]); @@ -306,7 +305,7 @@ int hash_command(const char *algo_name, int flags, cmd_tbl_t *cmdtp, int flag, return 1; } } else { - show_hash(algo, addr, len, output); + hash_show(algo, addr, len, output); printf("\n");
if (argc) { diff --git a/include/hash.h b/include/hash.h index e92d272..c69bc25 100644 --- a/include/hash.h +++ b/include/hash.h @@ -77,4 +77,26 @@ int hash_command(const char *algo_name, int flags, cmd_tbl_t *cmdtp, int flag, int hash_block(const char *algo_name, const void *data, unsigned int len, uint8_t *output, int *output_size);
+/** + * hash_find_algo() - Find an algorithm by name + * + * @name: Name of algorithm to search for + * @return pointer to algorithm structure, or NULL if not found + */ +struct hash_algo *hash_find_algo(const char *name); + +/** + * hash_show() - Print out a hash algorithm and value + * + * You will get a message like this (without a newline at the end): + * + * "sha1 for 9eb3337c ... 9eb3338f ==> 7942ef1df479fd3130f716eb9613d107dab7e257" + * + * @algo: Algorithm used for hash + * @addr: Address of data that was hashed + * @len: Length of data that was hashed + * @output: Hash value to display + */ +void hash_show(struct hash_algo *algo, ulong addr, ulong len, u8 *output); + #endif
In some cases, an externally-built device tree binary is required to be attached to U-Boot. An example is when using image signing, since in that case the .dtb file must include the public keys.
Add a DEV_TREE_BIN option to the Makefile, and update the documentation.
Usage is something like:
make DEV_TREE_BIN=boot/am335x-boneblack-pubkey.dtb
Signed-off-by: Simon Glass sjg@chromium.org ---
Changes in v2: - Adjust for kbuild changes
Makefile | 2 +- doc/README.fdt-control | 16 ++++++++++++++-- dts/Makefile | 4 ++++ 3 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/Makefile b/Makefile index 6ca4bf6..aed07a2 100644 --- a/Makefile +++ b/Makefile @@ -815,7 +815,7 @@ MKIMAGEFLAGS_u-boot.kwb = -n $(srctree)/$(CONFIG_SYS_KWD_CONFIG:"%"=%) \ MKIMAGEFLAGS_u-boot.pbl = -n $(srctree)/$(CONFIG_SYS_FSL_PBL_RCW:"%"=%) \ -R $(srctree)/$(CONFIG_SYS_FSL_PBL_PBI:"%"=%) -T pblimage
-u-boot.img u-boot.kwb u-boot.pbl: u-boot.bin FORCE +u-boot.img u-boot.kwb u-boot.pbl: u-boot$(if $(CONFIG_OF_SEPARATE),-dtb,).bin FORCE $(call if_changed,mkimage)
u-boot.sha1: u-boot.bin diff --git a/doc/README.fdt-control b/doc/README.fdt-control index 86bae68..8a4aa7a 100644 --- a/doc/README.fdt-control +++ b/doc/README.fdt-control @@ -122,7 +122,8 @@ This should include your CPU or SOC's device tree file, placed in arch/<arch>/dts, and then make any adjustments required.
If CONFIG_OF_EMBED is defined, then it will be picked up and built into -the U-Boot image (including u-boot.bin). +the U-Boot image (including u-boot.bin). This is suitable for debugging +and development only and is not recommended for production devices.
If CONFIG_OF_SEPARATE is defined, then it will be built and placed in a u-boot.dtb file alongside u-boot.bin. A common approach is then to @@ -130,7 +131,10 @@ join the two:
cat u-boot.bin u-boot.dtb >image.bin
-and then flash image.bin onto your board. +and then flash image.bin onto your board. Note that U-Boot creates +u-boot-dtb.bin which does the above step for you also. If you are using +CONFIG_SPL_FRAMEWORK, then u-boot.img will be built to include the device +tree binary.
If CONFIG_OF_HOSTFILE is defined, then it will be read from a file on startup. This is only useful for sandbox. Use the -d flag to U-Boot to @@ -138,6 +142,14 @@ specify the file to read.
You cannot use more than one of these options at the same time.
+To use a device tree file that you have compiled yourself, pass +DEV_TREE_BIN=<filename> to 'make', as in: + + make DEV_TREE_BIN=boot/am335x-boneblack-pubkey.dtb + +Then U-Boot will copy that file to u-boot.dtb, put it in the .img file +if used, and u-boot-dtb.bin. + If you wish to put the fdt at a different address in memory, you can define the "fdtcontroladdr" environment variable. This is the hex address of the fdt binary blob, and will override either of the options. diff --git a/dts/Makefile b/dts/Makefile index e59550c..8bb5212 100644 --- a/dts/Makefile +++ b/dts/Makefile @@ -12,7 +12,11 @@ ifeq ($(DEVICE_TREE),) DEVICE_TREE := unset endif
+ifneq ($(DEV_TREE_BIN),) +DTB := $(DEV_TREE_BIN) +else DTB := arch/$(ARCH)/dts/$(DEVICE_TREE).dtb +endif
quiet_cmd_copy = COPY $@ cmd_copy = cp $< $@
When writing values into an FDT it is possible that there will be insufficient space. If the caller gets a useful error in the then it can potentially deal with the situation.
Adjust these functions to return -ENOSPC when the FDT is full.
Signed-off-by: Simon Glass sjg@chromium.org ---
Changes in v2: - Fix line over 80cols
common/image-fit.c | 4 ++-- include/rsa.h | 3 ++- lib/rsa/rsa-sign.c | 28 +++++++++++++++++++--------- 3 files changed, 23 insertions(+), 12 deletions(-)
diff --git a/common/image-fit.c b/common/image-fit.c index b94a3fe..8ba73a6 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -832,7 +832,7 @@ static int fit_image_hash_get_ignore(const void *fit, int noffset, int *ignore) * * returns: * 0, on success - * -1, on property read failure + * -ENOSPC if no space in device tree, -1 for other error */ int fit_set_timestamp(void *fit, int noffset, time_t timestamp) { @@ -846,7 +846,7 @@ int fit_set_timestamp(void *fit, int noffset, time_t timestamp) printf("Can't set '%s' property for '%s' node (%s)\n", FIT_TIMESTAMP_PROP, fit_get_name(fit, noffset, NULL), fdt_strerror(ret)); - return -1; + return ret == -FDT_ERR_NOSPACE ? -ENOSPC : -1; }
return 0; diff --git a/include/rsa.h b/include/rsa.h index add4c78..0db76cc 100644 --- a/include/rsa.h +++ b/include/rsa.h @@ -46,7 +46,8 @@ int rsa_sign(struct image_sign_info *info, * * @info: Specifies key and FIT information * @keydest: Destination FDT blob for public key data - * @return: 0, on success, -ve on error + * @return: 0, on success, -ENOSPC if the keydest FDT blob ran out of space, + other -ve value on error */ int rsa_add_verify_data(struct image_sign_info *info, void *keydest); #else diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c index 549130e..ef9a2f4 100644 --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c @@ -427,20 +427,30 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
ret = fdt_setprop_string(keydest, node, "key-name-hint", info->keyname); - ret |= fdt_setprop_u32(keydest, node, "rsa,num-bits", bits); - ret |= fdt_setprop_u32(keydest, node, "rsa,n0-inverse", n0_inv); - ret |= fdt_add_bignum(keydest, node, "rsa,modulus", modulus, bits); - ret |= fdt_add_bignum(keydest, node, "rsa,r-squared", r_squared, bits); - ret |= fdt_setprop_string(keydest, node, FIT_ALGO_PROP, - info->algo->name); + if (!ret) + ret = fdt_setprop_u32(keydest, node, "rsa,num-bits", bits); + if (!ret) + ret = fdt_setprop_u32(keydest, node, "rsa,n0-inverse", n0_inv); + if (!ret) { + ret = fdt_add_bignum(keydest, node, "rsa,modulus", modulus, + bits); + } + if (!ret) { + ret = fdt_add_bignum(keydest, node, "rsa,r-squared", r_squared, + bits); + } + if (!ret) { + ret = fdt_setprop_string(keydest, node, FIT_ALGO_PROP, + info->algo->name); + } if (info->require_keys) { - fdt_setprop_string(keydest, node, "required", - info->require_keys); + ret = fdt_setprop_string(keydest, node, "required", + info->require_keys); } BN_free(modulus); BN_free(r_squared); if (ret) - return -EIO; + return ret == FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
return 0; }
When adding hashes or signatures, the target FDT may be full. Detect this and automatically try again after making 1KB of space.
Signed-off-by: Simon Glass sjg@chromium.org ---
Changes in v2: None
tools/fit_image.c | 165 ++++++++++++++++++++++++++++++++++++----------------- tools/image-host.c | 26 ++++++--- 2 files changed, 129 insertions(+), 62 deletions(-)
diff --git a/tools/fit_image.c b/tools/fit_image.c index 1466164..fc70d51 100644 --- a/tools/fit_image.c +++ b/tools/fit_image.c @@ -35,10 +35,23 @@ static int fit_check_image_types (uint8_t type) return EXIT_FAILURE; }
-int mmap_fdt(struct image_tool_params *params, const char *fname, void **blobp, - struct stat *sbuf) +/** + * Map an FDT into memory, optionally increasing its size + * + * @params: Image parameters + * @fname: Filename containing FDT + * @size_inc: Amount to increase size by (0 = leave it alone) + * @delete_on_error: true to delete the file if we get an error + * @blobp: Returns pointer to FDT blob + * @sbuf: File status information is stored here + * @return 0 if OK, -1 on error. + */ +static int mmap_fdt(struct image_tool_params *params, const char *fname, + size_t size_inc, bool delete_on_error, void **blobp, + struct stat *sbuf) { void *ptr; + int ret; int fd;
/* Load FIT blob into memory (we need to write hashes/signatures) */ @@ -47,34 +60,103 @@ int mmap_fdt(struct image_tool_params *params, const char *fname, void **blobp, if (fd < 0) { fprintf(stderr, "%s: Can't open %s: %s\n", params->cmdname, fname, strerror(errno)); - unlink(fname); - return -1; + goto err; }
if (fstat(fd, sbuf) < 0) { fprintf(stderr, "%s: Can't stat %s: %s\n", params->cmdname, fname, strerror(errno)); - unlink(fname); - return -1; + goto err; + } + + if (size_inc) { + sbuf->st_size += size_inc; + if (ftruncate(fd, sbuf->st_size)) { + fprintf(stderr, "%s: Can't expand %s: %s\n", + params->cmdname, fname, strerror(errno)); + goto err; + } }
ptr = mmap(0, sbuf->st_size, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0); if (ptr == MAP_FAILED) { fprintf(stderr, "%s: Can't read %s: %s\n", params->cmdname, fname, strerror(errno)); - unlink(fname); - return -1; + goto err; }
/* check if ptr has a valid blob */ if (fdt_check_header(ptr)) { fprintf(stderr, "%s: Invalid FIT blob\n", params->cmdname); - unlink(fname); - return -1; + goto err; + } + + /* expand if needed */ + if (size_inc) { + ret = fdt_open_into(ptr, ptr, sbuf->st_size); + if (ret) { + fprintf(stderr, "%s: Cannot expand FDT: %s\n", + params->cmdname, fdt_strerror(ret)); + goto err; + } }
*blobp = ptr; return fd; + +err: + close(fd); + if (delete_on_error) + unlink(fname); + return -1; +} + +static int fit_add_file_data(struct image_tool_params *params, size_t size_inc, + const char *tmpfile) +{ + int tfd, destfd = 0; + void *dest_blob = NULL; + off_t destfd_size = 0; + struct stat sbuf; + void *ptr; + int ret = 0; + + tfd = mmap_fdt(params, tmpfile, size_inc, true, &ptr, &sbuf); + if (tfd < 0) + return -EIO; + + if (params->keydest) { + struct stat dest_sbuf; + + destfd = mmap_fdt(params, params->keydest, size_inc, false, + &dest_blob, &dest_sbuf); + if (destfd < 0) { + ret = -EIO; + goto err_keydest; + } + destfd_size = dest_sbuf.st_size; + } + + /* for first image creation, add a timestamp at offset 0 i.e., root */ + if (params->datafile) + ret = fit_set_timestamp(ptr, 0, sbuf.st_mtime); + + if (!ret) { + ret = fit_add_verification_data(params->keydir, dest_blob, ptr, + params->comment, + params->require_keys); + } + + if (dest_blob) { + munmap(dest_blob, destfd_size); + close(destfd); + } + +err_keydest: + munmap(ptr, sbuf.st_size); + close(tfd); + + return ret; }
/** @@ -93,11 +175,8 @@ static int fit_handle_file(struct image_tool_params *params) { char tmpfile[MKIMAGE_MAX_TMPFILE_LEN]; char cmd[MKIMAGE_MAX_DTC_CMDLINE_LEN]; - int tfd, destfd = 0; - void *dest_blob = NULL; - struct stat sbuf; - void *ptr; - off_t destfd_size = 0; + size_t size_inc; + int ret;
/* Flattened Image Tree (FIT) format handling */ debug ("FIT format handling\n"); @@ -128,39 +207,26 @@ static int fit_handle_file(struct image_tool_params *params) goto err_system; }
- if (params->keydest) { - destfd = mmap_fdt(params, params->keydest, &dest_blob, &sbuf); - if (destfd < 0) - goto err_keydest; - destfd_size = sbuf.st_size; + /* + * Set hashes for images in the blob. Unfortunately we may need more + * space in either FDT, so keep trying until we succeed. + * + * Note: this is pretty inefficient for signing, since we must + * calculate the signature every time. It would be better to calculate + * all the data and then store it in a separate step. However, this + * would be considerably more complex to implement. Generally a few + * steps of this loop is enough to sign with several keys. + */ + for (size_inc = 0; size_inc < 64 * 1024; size_inc += 1024) { + ret = fit_add_file_data(params, size_inc, tmpfile); + if (!ret || ret != -ENOSPC) + break; }
- tfd = mmap_fdt(params, tmpfile, &ptr, &sbuf); - if (tfd < 0) - goto err_mmap; - - /* set hashes for images in the blob */ - if (fit_add_verification_data(params->keydir, - dest_blob, ptr, params->comment, - params->require_keys)) { + if (ret) { fprintf(stderr, "%s Can't add hashes to FIT blob\n", params->cmdname); - goto err_add_hashes; - } - - /* for first image creation, add a timestamp at offset 0 i.e., root */ - if (params->datafile && fit_set_timestamp(ptr, 0, sbuf.st_mtime)) { - fprintf (stderr, "%s: Can't add image timestamp\n", - params->cmdname); - goto err_add_timestamp; - } - debug ("Added timestamp successfully\n"); - - munmap ((void *)ptr, sbuf.st_size); - close (tfd); - if (dest_blob) { - munmap(dest_blob, destfd_size); - close(destfd); + goto err_system; }
if (rename (tmpfile, params->imagefile) == -1) { @@ -169,17 +235,10 @@ static int fit_handle_file(struct image_tool_params *params) strerror (errno)); unlink (tmpfile); unlink (params->imagefile); - return (EXIT_FAILURE); + return EXIT_FAILURE; } - return (EXIT_SUCCESS); + return EXIT_SUCCESS;
-err_add_timestamp: -err_add_hashes: - munmap(ptr, sbuf.st_size); -err_mmap: - if (dest_blob) - munmap(dest_blob, destfd_size); -err_keydest: err_system: unlink(tmpfile); return -1; diff --git a/tools/image-host.c b/tools/image-host.c index 0d5c88c..cb36477 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -224,7 +224,9 @@ static int fit_image_process_sig(const char *keydir, void *keydest, ret = fit_image_write_sig(fit, noffset, value, value_len, comment, NULL, 0); if (ret) { - printf("Can't write signature for '%s' signature node in '%s' image node: %s\n", + if (ret == -FDT_ERR_NOSPACE) + return -ENOSPC; + printf("Can't write signature for '%s' signature node in '%s' conf node: %s\n", node_name, image_name, fdt_strerror(ret)); return -1; } @@ -589,10 +591,13 @@ static int fit_config_process_sig(const char *keydir, void *keydest, return -1; }
- if (fit_image_write_sig(fit, noffset, value, value_len, comment, - region_prop, region_proplen)) { - printf("Can't write signature for '%s' signature node in '%s' conf node\n", - node_name, conf_name); + ret = fit_image_write_sig(fit, noffset, value, value_len, comment, + region_prop, region_proplen); + if (ret) { + if (ret == -FDT_ERR_NOSPACE) + return -ENOSPC; + printf("Can't write signature for '%s' signature node in '%s' conf node: %s\n", + node_name, conf_name, fdt_strerror(ret)); return -1; } free(value); @@ -602,10 +607,13 @@ static int fit_config_process_sig(const char *keydir, void *keydest, info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
/* Write the public key into the supplied FDT file */ - if (keydest && info.algo->add_verify_data(&info, keydest)) { - printf("Failed to add verification data for '%s' signature node in '%s' image node\n", - node_name, conf_name); - return -1; + if (keydest) { + ret = info.algo->add_verify_data(&info, keydest); + if (ret) { + printf("Failed to add verification data for '%s' signature node in '%s' image node\n", + node_name, conf_name); + return ret == FDT_ERR_NOSPACE ? -ENOSPC : -EIO; + } }
return 0;
The current size of 1MB is not enough use to use DFU. Increase it for ARMv7 boards, all of which should have 32MB or more SDRAM.
With this change it is possible to do 'dfu mmc 0' on a Beaglebone Black.
Signed-off-by: Simon Glass sjg@chromium.org ---
Changes in v2: None
include/configs/ti_armv7_common.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/configs/ti_armv7_common.h b/include/configs/ti_armv7_common.h index 69d69a5..a48eef1 100644 --- a/include/configs/ti_armv7_common.h +++ b/include/configs/ti_armv7_common.h @@ -104,7 +104,7 @@ * we are on so we do not need to rely on the command prompt. We set a * console baudrate of 115200 and use the default baud rate table. */ -#define CONFIG_SYS_MALLOC_LEN (1024 << 10) +#define CONFIG_SYS_MALLOC_LEN (16 << 20) #define CONFIG_SYS_HUSH_PARSER #define CONFIG_SYS_PROMPT "U-Boot# " #define CONFIG_SYS_CONSOLE_INFO_QUIET
Add support for device tree control and add device tree files for the beaglebone black initially.
Signed-off-by: Simon Glass sjg@chromium.org ---
Changes in v2: - Move device tree files into arch/arm/dts
arch/arm/dts/Makefile | 1 + arch/arm/dts/am335x-bone-common.dtsi | 262 ++++++++++++ arch/arm/dts/am335x-boneblack.dts | 17 + arch/arm/dts/am33xx.dtsi | 649 ++++++++++++++++++++++++++++++ arch/arm/dts/dt-bindings/gpio/gpio.h | 15 + arch/arm/dts/dt-bindings/pinctrl/am33xx.h | 42 ++ arch/arm/dts/dt-bindings/pinctrl/omap.h | 55 +++ arch/arm/dts/tps65217.dtsi | 56 +++ include/configs/am335x_evm.h | 6 + 9 files changed, 1103 insertions(+) create mode 100644 arch/arm/dts/am335x-bone-common.dtsi create mode 100644 arch/arm/dts/am335x-boneblack.dts create mode 100644 arch/arm/dts/am33xx.dtsi create mode 100644 arch/arm/dts/dt-bindings/gpio/gpio.h create mode 100644 arch/arm/dts/dt-bindings/pinctrl/am33xx.h create mode 100644 arch/arm/dts/dt-bindings/pinctrl/omap.h create mode 100644 arch/arm/dts/tps65217.dtsi
diff --git a/arch/arm/dts/Makefile b/arch/arm/dts/Makefile index 2c3c773..da68a4f 100644 --- a/arch/arm/dts/Makefile +++ b/arch/arm/dts/Makefile @@ -30,6 +30,7 @@ dtb-$(CONFIG_ZYNQ) += zynq-zc702.dtb \ zynq-zc770-xm010.dtb \ zynq-zc770-xm012.dtb \ zynq-zc770-xm013.dtb +dtb-$(CONFIG_AM33XX) += am335x-boneblack.dtb
targets += $(dtb-y)
diff --git a/arch/arm/dts/am335x-bone-common.dtsi b/arch/arm/dts/am335x-bone-common.dtsi new file mode 100644 index 0000000..2f66ded --- /dev/null +++ b/arch/arm/dts/am335x-bone-common.dtsi @@ -0,0 +1,262 @@ +/* + * Copyright (C) 2012 Texas Instruments Incorporated - http://www.ti.com/ + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ + +/ { + model = "TI AM335x BeagleBone"; + compatible = "ti,am335x-bone", "ti,am33xx"; + + cpus { + cpu@0 { + cpu0-supply = <&dcdc2_reg>; + }; + }; + + memory { + device_type = "memory"; + reg = <0x80000000 0x10000000>; /* 256 MB */ + }; + + am33xx_pinmux: pinmux@44e10800 { + pinctrl-names = "default"; + pinctrl-0 = <&clkout2_pin>; + + user_leds_s0: user_leds_s0 { + pinctrl-single,pins = < + 0x54 (PIN_OUTPUT_PULLDOWN | MUX_MODE7) /* gpmc_a5.gpio1_21 */ + 0x58 (PIN_OUTPUT_PULLUP | MUX_MODE7) /* gpmc_a6.gpio1_22 */ + 0x5c (PIN_OUTPUT_PULLDOWN | MUX_MODE7) /* gpmc_a7.gpio1_23 */ + 0x60 (PIN_OUTPUT_PULLUP | MUX_MODE7) /* gpmc_a8.gpio1_24 */ + >; + }; + + i2c0_pins: pinmux_i2c0_pins { + pinctrl-single,pins = < + 0x188 (PIN_INPUT_PULLUP | MUX_MODE0) /* i2c0_sda.i2c0_sda */ + 0x18c (PIN_INPUT_PULLUP | MUX_MODE0) /* i2c0_scl.i2c0_scl */ + >; + }; + + uart0_pins: pinmux_uart0_pins { + pinctrl-single,pins = < + 0x170 (PIN_INPUT_PULLUP | MUX_MODE0) /* uart0_rxd.uart0_rxd */ + 0x174 (PIN_OUTPUT_PULLDOWN | MUX_MODE0) /* uart0_txd.uart0_txd */ + >; + }; + + clkout2_pin: pinmux_clkout2_pin { + pinctrl-single,pins = < + 0x1b4 (PIN_OUTPUT_PULLDOWN | MUX_MODE3) /* xdma_event_intr1.clkout2 */ + >; + }; + + cpsw_default: cpsw_default { + pinctrl-single,pins = < + /* Slave 1 */ + 0x110 (PIN_INPUT_PULLUP | MUX_MODE0) /* mii1_rxerr.mii1_rxerr */ + 0x114 (PIN_OUTPUT_PULLDOWN | MUX_MODE0) /* mii1_txen.mii1_txen */ + 0x118 (PIN_INPUT_PULLUP | MUX_MODE0) /* mii1_rxdv.mii1_rxdv */ + 0x11c (PIN_OUTPUT_PULLDOWN | MUX_MODE0) /* mii1_txd3.mii1_txd3 */ + 0x120 (PIN_OUTPUT_PULLDOWN | MUX_MODE0) /* mii1_txd2.mii1_txd2 */ + 0x124 (PIN_OUTPUT_PULLDOWN | MUX_MODE0) /* mii1_txd1.mii1_txd1 */ + 0x128 (PIN_OUTPUT_PULLDOWN | MUX_MODE0) /* mii1_txd0.mii1_txd0 */ + 0x12c (PIN_INPUT_PULLUP | MUX_MODE0) /* mii1_txclk.mii1_txclk */ + 0x130 (PIN_INPUT_PULLUP | MUX_MODE0) /* mii1_rxclk.mii1_rxclk */ + 0x134 (PIN_INPUT_PULLUP | MUX_MODE0) /* mii1_rxd3.mii1_rxd3 */ + 0x138 (PIN_INPUT_PULLUP | MUX_MODE0) /* mii1_rxd2.mii1_rxd2 */ + 0x13c (PIN_INPUT_PULLUP | MUX_MODE0) /* mii1_rxd1.mii1_rxd1 */ + 0x140 (PIN_INPUT_PULLUP | MUX_MODE0) /* mii1_rxd0.mii1_rxd0 */ + >; + }; + + cpsw_sleep: cpsw_sleep { + pinctrl-single,pins = < + /* Slave 1 reset value */ + 0x110 (PIN_INPUT_PULLDOWN | MUX_MODE7) + 0x114 (PIN_INPUT_PULLDOWN | MUX_MODE7) + 0x118 (PIN_INPUT_PULLDOWN | MUX_MODE7) + 0x11c (PIN_INPUT_PULLDOWN | MUX_MODE7) + 0x120 (PIN_INPUT_PULLDOWN | MUX_MODE7) + 0x124 (PIN_INPUT_PULLDOWN | MUX_MODE7) + 0x128 (PIN_INPUT_PULLDOWN | MUX_MODE7) + 0x12c (PIN_INPUT_PULLDOWN | MUX_MODE7) + 0x130 (PIN_INPUT_PULLDOWN | MUX_MODE7) + 0x134 (PIN_INPUT_PULLDOWN | MUX_MODE7) + 0x138 (PIN_INPUT_PULLDOWN | MUX_MODE7) + 0x13c (PIN_INPUT_PULLDOWN | MUX_MODE7) + 0x140 (PIN_INPUT_PULLDOWN | MUX_MODE7) + >; + }; + + davinci_mdio_default: davinci_mdio_default { + pinctrl-single,pins = < + /* MDIO */ + 0x148 (PIN_INPUT_PULLUP | SLEWCTRL_FAST | MUX_MODE0) /* mdio_data.mdio_data */ + 0x14c (PIN_OUTPUT_PULLUP | MUX_MODE0) /* mdio_clk.mdio_clk */ + >; + }; + + davinci_mdio_sleep: davinci_mdio_sleep { + pinctrl-single,pins = < + /* MDIO reset value */ + 0x148 (PIN_INPUT_PULLDOWN | MUX_MODE7) + 0x14c (PIN_INPUT_PULLDOWN | MUX_MODE7) + >; + }; + }; + + ocp { + uart0: serial@44e09000 { + pinctrl-names = "default"; + pinctrl-0 = <&uart0_pins>; + + status = "okay"; + }; + + musb: usb@47400000 { + status = "okay"; + + control@44e10000 { + status = "okay"; + }; + + usb-phy@47401300 { + status = "okay"; + }; + + usb-phy@47401b00 { + status = "okay"; + }; + + usb@47401000 { + status = "okay"; + }; + + usb@47401800 { + status = "okay"; + dr_mode = "host"; + }; + + dma-controller@07402000 { + status = "okay"; + }; + }; + + i2c0: i2c@44e0b000 { + pinctrl-names = "default"; + pinctrl-0 = <&i2c0_pins>; + + status = "okay"; + clock-frequency = <400000>; + + tps: tps@24 { + reg = <0x24>; + }; + + }; + }; + + leds { + pinctrl-names = "default"; + pinctrl-0 = <&user_leds_s0>; + + compatible = "gpio-leds"; + + led@2 { + label = "beaglebone:green:heartbeat"; + gpios = <&gpio1 21 GPIO_ACTIVE_HIGH>; + linux,default-trigger = "heartbeat"; + default-state = "off"; + }; + + led@3 { + label = "beaglebone:green:mmc0"; + gpios = <&gpio1 22 GPIO_ACTIVE_HIGH>; + linux,default-trigger = "mmc0"; + default-state = "off"; + }; + + led@4 { + label = "beaglebone:green:usr2"; + gpios = <&gpio1 23 GPIO_ACTIVE_HIGH>; + default-state = "off"; + }; + + led@5 { + label = "beaglebone:green:usr3"; + gpios = <&gpio1 24 GPIO_ACTIVE_HIGH>; + default-state = "off"; + }; + }; +}; + +/include/ "tps65217.dtsi" + +&tps { + regulators { + dcdc1_reg: regulator@0 { + regulator-always-on; + }; + + dcdc2_reg: regulator@1 { + /* VDD_MPU voltage limits 0.95V - 1.26V with +/-4% tolerance */ + regulator-name = "vdd_mpu"; + regulator-min-microvolt = <925000>; + regulator-max-microvolt = <1325000>; + regulator-boot-on; + regulator-always-on; + }; + + dcdc3_reg: regulator@2 { + /* VDD_CORE voltage limits 0.95V - 1.1V with +/-4% tolerance */ + regulator-name = "vdd_core"; + regulator-min-microvolt = <925000>; + regulator-max-microvolt = <1150000>; + regulator-boot-on; + regulator-always-on; + }; + + ldo1_reg: regulator@3 { + regulator-always-on; + }; + + ldo2_reg: regulator@4 { + regulator-always-on; + }; + + ldo3_reg: regulator@5 { + regulator-always-on; + }; + + ldo4_reg: regulator@6 { + regulator-always-on; + }; + }; +}; + +&cpsw_emac0 { + phy_id = <&davinci_mdio>, <0>; + phy-mode = "mii"; +}; + +&cpsw_emac1 { + phy_id = <&davinci_mdio>, <1>; + phy-mode = "mii"; +}; + +&mac { + pinctrl-names = "default", "sleep"; + pinctrl-0 = <&cpsw_default>; + pinctrl-1 = <&cpsw_sleep>; + +}; + +&davinci_mdio { + pinctrl-names = "default", "sleep"; + pinctrl-0 = <&davinci_mdio_default>; + pinctrl-1 = <&davinci_mdio_sleep>; +}; diff --git a/arch/arm/dts/am335x-boneblack.dts b/arch/arm/dts/am335x-boneblack.dts new file mode 100644 index 0000000..197cadf --- /dev/null +++ b/arch/arm/dts/am335x-boneblack.dts @@ -0,0 +1,17 @@ +/* + * Copyright (C) 2012 Texas Instruments Incorporated - http://www.ti.com/ + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ +/dts-v1/; + +#include "am33xx.dtsi" +#include "am335x-bone-common.dtsi" + +&ldo3_reg { + regulator-min-microvolt = <1800000>; + regulator-max-microvolt = <1800000>; + regulator-always-on; +}; diff --git a/arch/arm/dts/am33xx.dtsi b/arch/arm/dts/am33xx.dtsi new file mode 100644 index 0000000..f9c5da9 --- /dev/null +++ b/arch/arm/dts/am33xx.dtsi @@ -0,0 +1,649 @@ +/* + * Device Tree Source for AM33XX SoC + * + * Copyright (C) 2012 Texas Instruments Incorporated - http://www.ti.com/ + * + * This file is licensed under the terms of the GNU General Public License + * version 2. This program is licensed "as is" without any warranty of any + * kind, whether express or implied. + */ + +#include <dt-bindings/gpio/gpio.h> +#include <dt-bindings/pinctrl/am33xx.h> + +#include "skeleton.dtsi" + +/ { + compatible = "ti,am33xx"; + interrupt-parent = <&intc>; + + aliases { + serial0 = &uart0; + serial1 = &uart1; + serial2 = &uart2; + serial3 = &uart3; + serial4 = &uart4; + serial5 = &uart5; + d_can0 = &dcan0; + d_can1 = &dcan1; + usb0 = &usb0; + usb1 = &usb1; + phy0 = &usb0_phy; + phy1 = &usb1_phy; + }; + + cpus { + #address-cells = <1>; + #size-cells = <0>; + cpu@0 { + compatible = "arm,cortex-a8"; + device_type = "cpu"; + reg = <0>; + + /* + * To consider voltage drop between PMIC and SoC, + * tolerance value is reduced to 2% from 4% and + * voltage value is increased as a precaution. + */ + operating-points = < + /* kHz uV */ + 720000 1285000 + 600000 1225000 + 500000 1125000 + 275000 1125000 + >; + voltage-tolerance = <2>; /* 2 percentage */ + clock-latency = <300000>; /* From omap-cpufreq driver */ + }; + }; + + /* + * The soc node represents the soc top level view. It is uses for IPs + * that are not memory mapped in the MPU view or for the MPU itself. + */ + soc { + compatible = "ti,omap-infra"; + mpu { + compatible = "ti,omap3-mpu"; + ti,hwmods = "mpu"; + }; + }; + + am33xx_pinmux: pinmux@44e10800 { + compatible = "pinctrl-single"; + reg = <0x44e10800 0x0238>; + #address-cells = <1>; + #size-cells = <0>; + pinctrl-single,register-width = <32>; + pinctrl-single,function-mask = <0x7f>; + }; + + /* + * XXX: Use a flat representation of the AM33XX interconnect. + * The real AM33XX interconnect network is quite complex.Since + * that will not bring real advantage to represent that in DT + * for the moment, just use a fake OCP bus entry to represent + * the whole bus hierarchy. + */ + ocp { + compatible = "simple-bus"; + #address-cells = <1>; + #size-cells = <1>; + ranges; + ti,hwmods = "l3_main"; + + intc: interrupt-controller@48200000 { + compatible = "ti,omap2-intc"; + interrupt-controller; + #interrupt-cells = <1>; + ti,intc-size = <128>; + reg = <0x48200000 0x1000>; + }; + + gpio0: gpio@44e07000 { + compatible = "ti,omap4-gpio"; + ti,hwmods = "gpio1"; + gpio-controller; + #gpio-cells = <2>; + interrupt-controller; + #interrupt-cells = <1>; + reg = <0x44e07000 0x1000>; + interrupts = <96>; + }; + + gpio1: gpio@4804c000 { + compatible = "ti,omap4-gpio"; + ti,hwmods = "gpio2"; + gpio-controller; + #gpio-cells = <2>; + interrupt-controller; + #interrupt-cells = <1>; + reg = <0x4804c000 0x1000>; + interrupts = <98>; + }; + + gpio2: gpio@481ac000 { + compatible = "ti,omap4-gpio"; + ti,hwmods = "gpio3"; + gpio-controller; + #gpio-cells = <2>; + interrupt-controller; + #interrupt-cells = <1>; + reg = <0x481ac000 0x1000>; + interrupts = <32>; + }; + + gpio3: gpio@481ae000 { + compatible = "ti,omap4-gpio"; + ti,hwmods = "gpio4"; + gpio-controller; + #gpio-cells = <2>; + interrupt-controller; + #interrupt-cells = <1>; + reg = <0x481ae000 0x1000>; + interrupts = <62>; + }; + + uart0: serial@44e09000 { + compatible = "ti,omap3-uart"; + ti,hwmods = "uart1"; + clock-frequency = <48000000>; + reg = <0x44e09000 0x2000>; + interrupts = <72>; + status = "disabled"; + }; + + uart1: serial@48022000 { + compatible = "ti,omap3-uart"; + ti,hwmods = "uart2"; + clock-frequency = <48000000>; + reg = <0x48022000 0x2000>; + interrupts = <73>; + status = "disabled"; + }; + + uart2: serial@48024000 { + compatible = "ti,omap3-uart"; + ti,hwmods = "uart3"; + clock-frequency = <48000000>; + reg = <0x48024000 0x2000>; + interrupts = <74>; + status = "disabled"; + }; + + uart3: serial@481a6000 { + compatible = "ti,omap3-uart"; + ti,hwmods = "uart4"; + clock-frequency = <48000000>; + reg = <0x481a6000 0x2000>; + interrupts = <44>; + status = "disabled"; + }; + + uart4: serial@481a8000 { + compatible = "ti,omap3-uart"; + ti,hwmods = "uart5"; + clock-frequency = <48000000>; + reg = <0x481a8000 0x2000>; + interrupts = <45>; + status = "disabled"; + }; + + uart5: serial@481aa000 { + compatible = "ti,omap3-uart"; + ti,hwmods = "uart6"; + clock-frequency = <48000000>; + reg = <0x481aa000 0x2000>; + interrupts = <46>; + status = "disabled"; + }; + + i2c0: i2c@44e0b000 { + compatible = "ti,omap4-i2c"; + #address-cells = <1>; + #size-cells = <0>; + ti,hwmods = "i2c1"; + reg = <0x44e0b000 0x1000>; + interrupts = <70>; + status = "disabled"; + }; + + i2c1: i2c@4802a000 { + compatible = "ti,omap4-i2c"; + #address-cells = <1>; + #size-cells = <0>; + ti,hwmods = "i2c2"; + reg = <0x4802a000 0x1000>; + interrupts = <71>; + status = "disabled"; + }; + + i2c2: i2c@4819c000 { + compatible = "ti,omap4-i2c"; + #address-cells = <1>; + #size-cells = <0>; + ti,hwmods = "i2c3"; + reg = <0x4819c000 0x1000>; + interrupts = <30>; + status = "disabled"; + }; + + wdt2: wdt@44e35000 { + compatible = "ti,omap3-wdt"; + ti,hwmods = "wd_timer2"; + reg = <0x44e35000 0x1000>; + interrupts = <91>; + }; + + dcan0: d_can@481cc000 { + compatible = "bosch,d_can"; + ti,hwmods = "d_can0"; + reg = <0x481cc000 0x2000 + 0x44e10644 0x4>; + interrupts = <52>; + status = "disabled"; + }; + + dcan1: d_can@481d0000 { + compatible = "bosch,d_can"; + ti,hwmods = "d_can1"; + reg = <0x481d0000 0x2000 + 0x44e10644 0x4>; + interrupts = <55>; + status = "disabled"; + }; + + timer1: timer@44e31000 { + compatible = "ti,am335x-timer-1ms"; + reg = <0x44e31000 0x400>; + interrupts = <67>; + ti,hwmods = "timer1"; + ti,timer-alwon; + }; + + timer2: timer@48040000 { + compatible = "ti,am335x-timer"; + reg = <0x48040000 0x400>; + interrupts = <68>; + ti,hwmods = "timer2"; + }; + + timer3: timer@48042000 { + compatible = "ti,am335x-timer"; + reg = <0x48042000 0x400>; + interrupts = <69>; + ti,hwmods = "timer3"; + }; + + timer4: timer@48044000 { + compatible = "ti,am335x-timer"; + reg = <0x48044000 0x400>; + interrupts = <92>; + ti,hwmods = "timer4"; + ti,timer-pwm; + }; + + timer5: timer@48046000 { + compatible = "ti,am335x-timer"; + reg = <0x48046000 0x400>; + interrupts = <93>; + ti,hwmods = "timer5"; + ti,timer-pwm; + }; + + timer6: timer@48048000 { + compatible = "ti,am335x-timer"; + reg = <0x48048000 0x400>; + interrupts = <94>; + ti,hwmods = "timer6"; + ti,timer-pwm; + }; + + timer7: timer@4804a000 { + compatible = "ti,am335x-timer"; + reg = <0x4804a000 0x400>; + interrupts = <95>; + ti,hwmods = "timer7"; + ti,timer-pwm; + }; + + rtc@44e3e000 { + compatible = "ti,da830-rtc"; + reg = <0x44e3e000 0x1000>; + interrupts = <75 + 76>; + ti,hwmods = "rtc"; + }; + + spi0: spi@48030000 { + compatible = "ti,omap4-mcspi"; + #address-cells = <1>; + #size-cells = <0>; + reg = <0x48030000 0x400>; + interrupts = <65>; + ti,spi-num-cs = <2>; + ti,hwmods = "spi0"; + status = "disabled"; + }; + + spi1: spi@481a0000 { + compatible = "ti,omap4-mcspi"; + #address-cells = <1>; + #size-cells = <0>; + reg = <0x481a0000 0x400>; + interrupts = <125>; + ti,spi-num-cs = <2>; + ti,hwmods = "spi1"; + status = "disabled"; + }; + + usb: usb@47400000 { + compatible = "ti,am33xx-usb"; + reg = <0x47400000 0x1000>; + ranges; + #address-cells = <1>; + #size-cells = <1>; + ti,hwmods = "usb_otg_hs"; + status = "disabled"; + + ctrl_mod: control@44e10000 { + compatible = "ti,am335x-usb-ctrl-module"; + reg = <0x44e10620 0x10 + 0x44e10648 0x4>; + reg-names = "phy_ctrl", "wakeup"; + status = "disabled"; + }; + + usb0_phy: usb-phy@47401300 { + compatible = "ti,am335x-usb-phy"; + reg = <0x47401300 0x100>; + reg-names = "phy"; + status = "disabled"; + ti,ctrl_mod = <&ctrl_mod>; + }; + + usb0: usb@47401000 { + compatible = "ti,musb-am33xx"; + status = "disabled"; + reg = <0x47401400 0x400 + 0x47401000 0x200>; + reg-names = "mc", "control"; + + interrupts = <18>; + interrupt-names = "mc"; + dr_mode = "otg"; + mentor,multipoint = <1>; + mentor,num-eps = <16>; + mentor,ram-bits = <12>; + mentor,power = <500>; + phys = <&usb0_phy>; + + dmas = <&cppi41dma 0 0 &cppi41dma 1 0 + &cppi41dma 2 0 &cppi41dma 3 0 + &cppi41dma 4 0 &cppi41dma 5 0 + &cppi41dma 6 0 &cppi41dma 7 0 + &cppi41dma 8 0 &cppi41dma 9 0 + &cppi41dma 10 0 &cppi41dma 11 0 + &cppi41dma 12 0 &cppi41dma 13 0 + &cppi41dma 14 0 &cppi41dma 0 1 + &cppi41dma 1 1 &cppi41dma 2 1 + &cppi41dma 3 1 &cppi41dma 4 1 + &cppi41dma 5 1 &cppi41dma 6 1 + &cppi41dma 7 1 &cppi41dma 8 1 + &cppi41dma 9 1 &cppi41dma 10 1 + &cppi41dma 11 1 &cppi41dma 12 1 + &cppi41dma 13 1 &cppi41dma 14 1>; + dma-names = + "rx1", "rx2", "rx3", "rx4", "rx5", "rx6", "rx7", + "rx8", "rx9", "rx10", "rx11", "rx12", "rx13", + "rx14", "rx15", + "tx1", "tx2", "tx3", "tx4", "tx5", "tx6", "tx7", + "tx8", "tx9", "tx10", "tx11", "tx12", "tx13", + "tx14", "tx15"; + }; + + usb1_phy: usb-phy@47401b00 { + compatible = "ti,am335x-usb-phy"; + reg = <0x47401b00 0x100>; + reg-names = "phy"; + status = "disabled"; + ti,ctrl_mod = <&ctrl_mod>; + }; + + usb1: usb@47401800 { + compatible = "ti,musb-am33xx"; + status = "disabled"; + reg = <0x47401c00 0x400 + 0x47401800 0x200>; + reg-names = "mc", "control"; + interrupts = <19>; + interrupt-names = "mc"; + dr_mode = "otg"; + mentor,multipoint = <1>; + mentor,num-eps = <16>; + mentor,ram-bits = <12>; + mentor,power = <500>; + phys = <&usb1_phy>; + + dmas = <&cppi41dma 15 0 &cppi41dma 16 0 + &cppi41dma 17 0 &cppi41dma 18 0 + &cppi41dma 19 0 &cppi41dma 20 0 + &cppi41dma 21 0 &cppi41dma 22 0 + &cppi41dma 23 0 &cppi41dma 24 0 + &cppi41dma 25 0 &cppi41dma 26 0 + &cppi41dma 27 0 &cppi41dma 28 0 + &cppi41dma 29 0 &cppi41dma 15 1 + &cppi41dma 16 1 &cppi41dma 17 1 + &cppi41dma 18 1 &cppi41dma 19 1 + &cppi41dma 20 1 &cppi41dma 21 1 + &cppi41dma 22 1 &cppi41dma 23 1 + &cppi41dma 24 1 &cppi41dma 25 1 + &cppi41dma 26 1 &cppi41dma 27 1 + &cppi41dma 28 1 &cppi41dma 29 1>; + dma-names = + "rx1", "rx2", "rx3", "rx4", "rx5", "rx6", "rx7", + "rx8", "rx9", "rx10", "rx11", "rx12", "rx13", + "rx14", "rx15", + "tx1", "tx2", "tx3", "tx4", "tx5", "tx6", "tx7", + "tx8", "tx9", "tx10", "tx11", "tx12", "tx13", + "tx14", "tx15"; + }; + + cppi41dma: dma-controller@07402000 { + compatible = "ti,am3359-cppi41"; + reg = <0x47400000 0x1000 + 0x47402000 0x1000 + 0x47403000 0x1000 + 0x47404000 0x4000>; + reg-names = "glue", "controller", "scheduler", "queuemgr"; + interrupts = <17>; + interrupt-names = "glue"; + #dma-cells = <2>; + #dma-channels = <30>; + #dma-requests = <256>; + status = "disabled"; + }; + }; + + epwmss0: epwmss@48300000 { + compatible = "ti,am33xx-pwmss"; + reg = <0x48300000 0x10>; + ti,hwmods = "epwmss0"; + #address-cells = <1>; + #size-cells = <1>; + status = "disabled"; + ranges = <0x48300100 0x48300100 0x80 /* ECAP */ + 0x48300180 0x48300180 0x80 /* EQEP */ + 0x48300200 0x48300200 0x80>; /* EHRPWM */ + + ecap0: ecap@48300100 { + compatible = "ti,am33xx-ecap"; + #pwm-cells = <3>; + reg = <0x48300100 0x80>; + ti,hwmods = "ecap0"; + status = "disabled"; + }; + + ehrpwm0: ehrpwm@48300200 { + compatible = "ti,am33xx-ehrpwm"; + #pwm-cells = <3>; + reg = <0x48300200 0x80>; + ti,hwmods = "ehrpwm0"; + status = "disabled"; + }; + }; + + epwmss1: epwmss@48302000 { + compatible = "ti,am33xx-pwmss"; + reg = <0x48302000 0x10>; + ti,hwmods = "epwmss1"; + #address-cells = <1>; + #size-cells = <1>; + status = "disabled"; + ranges = <0x48302100 0x48302100 0x80 /* ECAP */ + 0x48302180 0x48302180 0x80 /* EQEP */ + 0x48302200 0x48302200 0x80>; /* EHRPWM */ + + ecap1: ecap@48302100 { + compatible = "ti,am33xx-ecap"; + #pwm-cells = <3>; + reg = <0x48302100 0x80>; + ti,hwmods = "ecap1"; + status = "disabled"; + }; + + ehrpwm1: ehrpwm@48302200 { + compatible = "ti,am33xx-ehrpwm"; + #pwm-cells = <3>; + reg = <0x48302200 0x80>; + ti,hwmods = "ehrpwm1"; + status = "disabled"; + }; + }; + + epwmss2: epwmss@48304000 { + compatible = "ti,am33xx-pwmss"; + reg = <0x48304000 0x10>; + ti,hwmods = "epwmss2"; + #address-cells = <1>; + #size-cells = <1>; + status = "disabled"; + ranges = <0x48304100 0x48304100 0x80 /* ECAP */ + 0x48304180 0x48304180 0x80 /* EQEP */ + 0x48304200 0x48304200 0x80>; /* EHRPWM */ + + ecap2: ecap@48304100 { + compatible = "ti,am33xx-ecap"; + #pwm-cells = <3>; + reg = <0x48304100 0x80>; + ti,hwmods = "ecap2"; + status = "disabled"; + }; + + ehrpwm2: ehrpwm@48304200 { + compatible = "ti,am33xx-ehrpwm"; + #pwm-cells = <3>; + reg = <0x48304200 0x80>; + ti,hwmods = "ehrpwm2"; + status = "disabled"; + }; + }; + + mac: ethernet@4a100000 { + compatible = "ti,cpsw"; + ti,hwmods = "cpgmac0"; + cpdma_channels = <8>; + ale_entries = <1024>; + bd_ram_size = <0x2000>; + no_bd_ram = <0>; + rx_descs = <64>; + mac_control = <0x20>; + slaves = <2>; + active_slave = <0>; + cpts_clock_mult = <0x80000000>; + cpts_clock_shift = <29>; + reg = <0x4a100000 0x800 + 0x4a101200 0x100>; + #address-cells = <1>; + #size-cells = <1>; + interrupt-parent = <&intc>; + /* + * c0_rx_thresh_pend + * c0_rx_pend + * c0_tx_pend + * c0_misc_pend + */ + interrupts = <40 41 42 43>; + ranges; + + davinci_mdio: mdio@4a101000 { + compatible = "ti,davinci_mdio"; + #address-cells = <1>; + #size-cells = <0>; + ti,hwmods = "davinci_mdio"; + bus_freq = <1000000>; + reg = <0x4a101000 0x100>; + }; + + cpsw_emac0: slave@4a100200 { + /* Filled in by U-Boot */ + mac-address = [ 00 00 00 00 00 00 ]; + }; + + cpsw_emac1: slave@4a100300 { + /* Filled in by U-Boot */ + mac-address = [ 00 00 00 00 00 00 ]; + }; + }; + + ocmcram: ocmcram@40300000 { + compatible = "ti,am3352-ocmcram"; + reg = <0x40300000 0x10000>; + ti,hwmods = "ocmcram"; + }; + + wkup_m3: wkup_m3@44d00000 { + compatible = "ti,am3353-wkup-m3"; + reg = <0x44d00000 0x4000 /* M3 UMEM */ + 0x44d80000 0x2000>; /* M3 DMEM */ + ti,hwmods = "wkup_m3"; + }; + + elm: elm@48080000 { + compatible = "ti,am3352-elm"; + reg = <0x48080000 0x2000>; + interrupts = <4>; + ti,hwmods = "elm"; + status = "disabled"; + }; + + tscadc: tscadc@44e0d000 { + compatible = "ti,am3359-tscadc"; + reg = <0x44e0d000 0x1000>; + interrupt-parent = <&intc>; + interrupts = <16>; + ti,hwmods = "adc_tsc"; + status = "disabled"; + + tsc { + compatible = "ti,am3359-tsc"; + }; + am335x_adc: adc { + #io-channel-cells = <1>; + compatible = "ti,am3359-adc"; + }; + }; + + gpmc: gpmc@50000000 { + compatible = "ti,am3352-gpmc"; + ti,hwmods = "gpmc"; + reg = <0x50000000 0x2000>; + interrupts = <100>; + gpmc,num-cs = <7>; + gpmc,num-waitpins = <2>; + #address-cells = <2>; + #size-cells = <1>; + status = "disabled"; + }; + }; +}; diff --git a/arch/arm/dts/dt-bindings/gpio/gpio.h b/arch/arm/dts/dt-bindings/gpio/gpio.h new file mode 100644 index 0000000..e6b1e0a --- /dev/null +++ b/arch/arm/dts/dt-bindings/gpio/gpio.h @@ -0,0 +1,15 @@ +/* + * This header provides constants for most GPIO bindings. + * + * Most GPIO bindings include a flags cell as part of the GPIO specifier. + * In most cases, the format of the flags cell uses the standard values + * defined in this header. + */ + +#ifndef _DT_BINDINGS_GPIO_GPIO_H +#define _DT_BINDINGS_GPIO_GPIO_H + +#define GPIO_ACTIVE_HIGH 0 +#define GPIO_ACTIVE_LOW 1 + +#endif diff --git a/arch/arm/dts/dt-bindings/pinctrl/am33xx.h b/arch/arm/dts/dt-bindings/pinctrl/am33xx.h new file mode 100644 index 0000000..2fbc804 --- /dev/null +++ b/arch/arm/dts/dt-bindings/pinctrl/am33xx.h @@ -0,0 +1,42 @@ +/* + * This header provides constants specific to AM33XX pinctrl bindings. + */ + +#ifndef _DT_BINDINGS_PINCTRL_AM33XX_H +#define _DT_BINDINGS_PINCTRL_AM33XX_H + +#include <dt-bindings/pinctrl/omap.h> + +/* am33xx specific mux bit defines */ +#undef PULL_ENA +#undef INPUT_EN + +#define PULL_DISABLE (1 << 3) +#define INPUT_EN (1 << 5) +#define SLEWCTRL_FAST (1 << 6) + +/* update macro depending on INPUT_EN and PULL_ENA */ +#undef PIN_OUTPUT +#undef PIN_OUTPUT_PULLUP +#undef PIN_OUTPUT_PULLDOWN +#undef PIN_INPUT +#undef PIN_INPUT_PULLUP +#undef PIN_INPUT_PULLDOWN + +#define PIN_OUTPUT (PULL_DISABLE) +#define PIN_OUTPUT_PULLUP (PULL_UP) +#define PIN_OUTPUT_PULLDOWN 0 +#define PIN_INPUT (INPUT_EN | PULL_DISABLE) +#define PIN_INPUT_PULLUP (INPUT_EN | PULL_UP) +#define PIN_INPUT_PULLDOWN (INPUT_EN) + +/* undef non-existing modes */ +#undef PIN_OFF_NONE +#undef PIN_OFF_OUTPUT_HIGH +#undef PIN_OFF_OUTPUT_LOW +#undef PIN_OFF_INPUT_PULLUP +#undef PIN_OFF_INPUT_PULLDOWN +#undef PIN_OFF_WAKEUPENABLE + +#endif + diff --git a/arch/arm/dts/dt-bindings/pinctrl/omap.h b/arch/arm/dts/dt-bindings/pinctrl/omap.h new file mode 100644 index 0000000..edbd250 --- /dev/null +++ b/arch/arm/dts/dt-bindings/pinctrl/omap.h @@ -0,0 +1,55 @@ +/* + * This header provides constants for OMAP pinctrl bindings. + * + * Copyright (C) 2009 Nokia + * Copyright (C) 2009-2010 Texas Instruments + */ + +#ifndef _DT_BINDINGS_PINCTRL_OMAP_H +#define _DT_BINDINGS_PINCTRL_OMAP_H + +/* 34xx mux mode options for each pin. See TRM for options */ +#define MUX_MODE0 0 +#define MUX_MODE1 1 +#define MUX_MODE2 2 +#define MUX_MODE3 3 +#define MUX_MODE4 4 +#define MUX_MODE5 5 +#define MUX_MODE6 6 +#define MUX_MODE7 7 + +/* 24xx/34xx mux bit defines */ +#define PULL_ENA (1 << 3) +#define PULL_UP (1 << 4) +#define ALTELECTRICALSEL (1 << 5) + +/* 34xx specific mux bit defines */ +#define INPUT_EN (1 << 8) +#define OFF_EN (1 << 9) +#define OFFOUT_EN (1 << 10) +#define OFFOUT_VAL (1 << 11) +#define OFF_PULL_EN (1 << 12) +#define OFF_PULL_UP (1 << 13) +#define WAKEUP_EN (1 << 14) + +/* 44xx specific mux bit defines */ +#define WAKEUP_EVENT (1 << 15) + +/* Active pin states */ +#define PIN_OUTPUT 0 +#define PIN_OUTPUT_PULLUP (PIN_OUTPUT | PULL_ENA | PULL_UP) +#define PIN_OUTPUT_PULLDOWN (PIN_OUTPUT | PULL_ENA) +#define PIN_INPUT INPUT_EN +#define PIN_INPUT_PULLUP (PULL_ENA | INPUT_EN | PULL_UP) +#define PIN_INPUT_PULLDOWN (PULL_ENA | INPUT_EN) + +/* Off mode states */ +#define PIN_OFF_NONE 0 +#define PIN_OFF_OUTPUT_HIGH (OFF_EN | OFFOUT_EN | OFFOUT_VAL) +#define PIN_OFF_OUTPUT_LOW (OFF_EN | OFFOUT_EN) +#define PIN_OFF_INPUT_PULLUP (OFF_EN | OFF_PULL_EN | OFF_PULL_UP) +#define PIN_OFF_INPUT_PULLDOWN (OFF_EN | OFF_PULL_EN) +#define PIN_OFF_WAKEUPENABLE WAKEUP_EN + +#endif + diff --git a/arch/arm/dts/tps65217.dtsi b/arch/arm/dts/tps65217.dtsi new file mode 100644 index 0000000..a632724 --- /dev/null +++ b/arch/arm/dts/tps65217.dtsi @@ -0,0 +1,56 @@ +/* + * Copyright (C) 2012 Texas Instruments Incorporated - http://www.ti.com/ + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ + +/* + * Integrated Power Management Chip + * http://www.ti.com/lit/ds/symlink/tps65217.pdf + */ + +&tps { + compatible = "ti,tps65217"; + + regulators { + #address-cells = <1>; + #size-cells = <0>; + + dcdc1_reg: regulator@0 { + reg = <0>; + regulator-compatible = "dcdc1"; + }; + + dcdc2_reg: regulator@1 { + reg = <1>; + regulator-compatible = "dcdc2"; + }; + + dcdc3_reg: regulator@2 { + reg = <2>; + regulator-compatible = "dcdc3"; + }; + + ldo1_reg: regulator@3 { + reg = <3>; + regulator-compatible = "ldo1"; + }; + + ldo2_reg: regulator@4 { + reg = <4>; + regulator-compatible = "ldo2"; + }; + + ldo3_reg: regulator@5 { + reg = <5>; + regulator-compatible = "ldo3"; + }; + + ldo4_reg: regulator@6 { + reg = <6>; + regulator-compatible = "ldo4"; + }; + }; +}; diff --git a/include/configs/am335x_evm.h b/include/configs/am335x_evm.h index ea9e758..3642dc6 100644 --- a/include/configs/am335x_evm.h +++ b/include/configs/am335x_evm.h @@ -18,6 +18,12 @@
#include <configs/ti_am335x_common.h>
+#ifndef CONFIG_SPL_BUILD +# define CONFIG_OF_CONTROL +# define CONFIG_OF_SEPARATE +# define CONFIG_DEFAULT_DEVICE_TREE am335x-boneblack +#endif + #define MACH_TYPE_TIAM335EVM 3589 /* Until the next sync */ #define CONFIG_MACH_TYPE MACH_TYPE_TIAM335EVM #define CONFIG_BOARD_LATE_INIT
Enable booting a FIT containing a kernel/device tree.
Signed-off-by: Simon Glass sjg@chromium.org ---
Changes in v2: None
include/configs/am335x_evm.h | 1 + 1 file changed, 1 insertion(+)
diff --git a/include/configs/am335x_evm.h b/include/configs/am335x_evm.h index 3642dc6..4356d37 100644 --- a/include/configs/am335x_evm.h +++ b/include/configs/am335x_evm.h @@ -19,6 +19,7 @@ #include <configs/ti_am335x_common.h>
#ifndef CONFIG_SPL_BUILD +# define CONFIG_FIT # define CONFIG_OF_CONTROL # define CONFIG_OF_SEPARATE # define CONFIG_DEFAULT_DEVICE_TREE am335x-boneblack
Enable secure boot functionality.
Signed-off-by: Simon Glass sjg@chromium.org ---
Changes in v2: None
include/configs/am335x_evm.h | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/include/configs/am335x_evm.h b/include/configs/am335x_evm.h index 4356d37..7b4d7bf 100644 --- a/include/configs/am335x_evm.h +++ b/include/configs/am335x_evm.h @@ -20,6 +20,8 @@
#ifndef CONFIG_SPL_BUILD # define CONFIG_FIT +# define CONFIG_FIT_SIGNATURE +# define CONFIG_RSA # define CONFIG_OF_CONTROL # define CONFIG_OF_SEPARATE # define CONFIG_DEFAULT_DEVICE_TREE am335x-boneblack
Hi Simon,
On Wed, Apr 16, 2014 at 4:41 PM, Simon Glass sjg@chromium.org wrote:
This series fixes a few problems that have come up since the secure boot series was merged:
- A recent commit broken the assumption that u-boot.bin ends at a known
address (thus making things appended to U-Boot inaccessible from the code). This is fixed for Beaglebone and also a new test is added to the Makefile to ensure that it does not break again. All boards have been tested.
- A way is needed to provide an externally-build device tree binary for
U-Boot. This allows signing to happen outside the U-Boot build system.
- The .img files generated by an OMAP build need to include the FDT if one
is appended.
- Adding signatures to an FDT can cause the FDT to run out of space. The
fix is to regenerate the FDT from scratch with different dtc parameters, so pretty painful. Instead, we automatically expand the FDT.
The last two commits enable secure boot on Beaglebone (this will have no effect unless signed images are used). This could be moved to a separate configuration if required, or these patches could even be ignored:
I've tested this patch series and I found some issues. When I use dtb build from latest 3.15-rc3 kernel I got during signing this errors: Couldn't create signature node: FDT_ERR_NOSPACE Failed to add verification data for 'signature@1' signature node in 'conf@1' image node
which was fixed by those 2 small patches: - this one doesn't overwrite return value because upper layer then stop with no space error and doesn't allocate more space --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c @@ -405,7 +405,7 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest) if (parent < 0) { fprintf(stderr, "Couldn't create signature node: %s\n", fdt_strerror(parent)); - return -EINVAL; + return parent; } }
--- a/tools/image-host.c +++ b/tools/image-host.c @@ -612,7 +612,7 @@ static int fit_config_process_sig(const char *keydir, void *keydest, if (ret) { printf("Failed to add verification data for '%s' signature node in '%s' image node\n", node_name, conf_name); - return ret == FDT_ERR_NOSPACE ? -ENOSPC : -EIO; + return ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO; } }
With this small changes I can create signed fit image. Other problem appear during booting. I'm using simple uEnv.txt to get fit image to ram and boot (setenv loadaddr '0x8050000'; run loadimage; bootm). Booting of kernel fails with data abort:
Importing environment from mmc ... Running uenvcmd ... reading /uImage 4322274 bytes read in 585 ms (7 MiB/s) ## Loading kernel from FIT Image at 80500000 ... Using 'conf@1' configuration Verifying Hash Integrity ... sha1,rsa2048:dev+ OK Trying 'kernel@1' kernel subimage Description: Linux kernel Type: Kernel Image Compression: uncompressed Data Start: 0x805000e4 Data Size: 4289584 Bytes = 4.1 MiB Architecture: ARM OS: Linux Load Address: 0x80008000 Entry Point: 0x80008000 Hash algo: sha1 Hash value: 74d429a5c48d72ce3f569ba7eaa072c8c1eaab20 Verifying Hash Integrity ... sha1+ OK ## Loading fdt from FIT Image at 80500000 ... Using 'conf@1' configuration Trying 'fdt@1' fdt subimage Description: Flattened Device Tree blob Type: Flat Device Tree Compression: uncompressed Data Start: 0x80917608 Data Size: 29802 Bytes = 29.1 KiB Architecture: ARM Hash algo: sha1 Hash value: e86cfd55c3e869c6b3014c758825b2a1ade3991e Verifying Hash Integrity ... sha1+ OK Booting using the fdt blob at 0x80917608 Loading Kernel Image ... OK Using Device Tree in place at 80917608, end 80921a71
Starting kernel ...
data abort pc : [<81a80020>] lr : [<80008008>] sp : 8e71b528 ip : 0000000c fp : 00000400 r10: 8f7a3d60 r9 : 8e723f28 r8 : 00000000 r7 : 00000000 r6 : 00000ffc r5 : 0ffc0004 r4 : 000000f7 r3 : fc7391ff r2 : 80917608 r1 : 00000e05 r0 : 80917608 Flags: Nzcv IRQs off FIQs on Mode SVC_32 Resetting CPU ...
I wasn't able yet track down what is causing this issue but it happened when jumping to kernel image (kernel_entry(0, machid, r2);). Any ideas what to check? Thanks in advance.
am33xx/omap: Enable FIT support am33xx/omap: Enable secure boot with CONFIG_FIT_SIGNATURE
This series has been run through buildman:
/tools/buildman/buildman -b talk2 -s Summary of 12 commits for 1210 boards (32 threads, 1 job per thread) 01: Prepare v2014.04 blackfin: + bf609-ezkit m68k: + M54455EVB_a66 M5329AFEE M5249EVB M5208EVBE eb_cpu5282 M54451EVB astro_mcf5373l M54418TWR_serial_rmii M54455EVB_intel M5475FFE M5282EVB M54455EVB_i66 M5475GFE M5253DEMO M54455EVB_stm33 M5485BFE M5485DFE TASREG M5329BFEE M52277EVB M5475EFE M5475CFE cobra5272 M5485AFE M53017EVB M5485HFE M5235EVB M5253EVBE M54418TWR_nand_mii M54418TWR_nand_rmii_lowfreq M5475BFE M54418TWR_nand_rmii M5475DFE M5275EVB M52277EVB_stmicro eb_cpu5282_internal M54451EVB_stmicro M5485GFE M5373EVB M5485EFE M5485FFE M54418TWR M5235EVB_Flash32 M54418TWR_serial_mii M5485CFE M54455EVB M5475AFE M5272C3 powerpc: + SIMPC8313_SP P1023RDS_NAND MPC8569MDS_NAND P2020RDB_NAND MPC8536DS_NAND P1020RDB_NAND MPC8315ERDB_NAND P1011RDB_NAND SIMPC8313_LP MPC8572DS_NAND P2010RDB_NAND sparc: + grsim grsim_leon2 gr_cpci_ax2000 gr_xc3s_1500 gr_ep2s60 sh: + rsk7269 rsk7264 rsk7203 nios2: + nios2-generic PK1C20 microblaze: + microblaze-generic openrisc: + openrisc-generic arm: + tricorder tricorder_flash 02: Check that u-boot.bin size looks correct arm: + am335x_evm_uart5 am335x_evm_uart4 am335x_evm_uart1 am335x_evm_uart3 am335x_boneblack am335x_evm_usbspl am335x_evm_nor cm_t335 am335x_evm_norboot am335x_evm_spiboot am335x_evm am335x_evm_uart2 mx31ads 03: ti: am335x: Fix the U-Boot binary output arm: am335x_evm_uart5 am335x_evm_uart4 am335x_evm_uart1 am335x_evm_uart3 am335x_boneblack am335x_evm_usbspl am335x_evm_nor am335x_evm_norboot am335x_evm_spiboot am335x_evm am335x_evm_uart2 04: am33xx/omap: Allow cache enable for all Sitara/OMAP 05: hash: Export functions to find and show hash 06: fdt: Add DEV_TREE_BIN option to specify a device tree binary file 07: fdt: Update functions which write to an FDT to return -ENOSPC 08: mkimage: Automatically make space in FDT when full 09: arm: ti: Increase malloc size to 16MB for armv7 boards 10: am33xx/omap: Enable CONFIG_OF_CONTROL 11: am33xx/omap: Enable FIT support 12: am33xx/omap: Enable secure boot with CONFIG_FIT_SIGNATURE
The breakage in 02 is because I add the check before fixing the problem, in order to verify what is affected. The order can be changed when applying if required.
Changes in v2:
- Add new patch to check u-boot.bin size against symbol table
- Add new patch to ensure the hash section is inside the image for am335x
- Update to cover all omap devices
- Adjust for kbuild changes
- Fix line over 80cols
- Move device tree files into arch/arm/dts
Simon Glass (11): Check that u-boot.bin size looks correct ti: am335x: Fix the U-Boot binary output am33xx/omap: Allow cache enable for all Sitara/OMAP hash: Export functions to find and show hash fdt: Add DEV_TREE_BIN option to specify a device tree binary file fdt: Update functions which write to an FDT to return -ENOSPC mkimage: Automatically make space in FDT when full arm: ti: Increase malloc size to 16MB for armv7 boards am33xx/omap: Enable CONFIG_OF_CONTROL am33xx/omap: Enable FIT support am33xx/omap: Enable secure boot with CONFIG_FIT_SIGNATURE
Makefile | 16 +- arch/arm/cpu/armv7/am33xx/board.c | 8 - arch/arm/cpu/armv7/omap-common/Makefile | 4 + arch/arm/cpu/armv7/omap-common/hwinit-common.c | 42 -- arch/arm/cpu/armv7/omap-common/omap-cache.c | 56 +++ arch/arm/cpu/armv7/omap3/board.c | 8 - arch/arm/dts/Makefile | 1 + arch/arm/dts/am335x-bone-common.dtsi | 262 ++++++++++ arch/arm/dts/am335x-boneblack.dts | 17 + arch/arm/dts/am33xx.dtsi | 649 +++++++++++++++++++++++++ arch/arm/dts/dt-bindings/gpio/gpio.h | 15 + arch/arm/dts/dt-bindings/pinctrl/am33xx.h | 42 ++ arch/arm/dts/dt-bindings/pinctrl/omap.h | 55 +++ arch/arm/dts/tps65217.dtsi | 56 +++ board/ti/am335x/u-boot.lds | 3 +- common/hash.c | 13 +- common/image-fit.c | 4 +- doc/README.fdt-control | 16 +- dts/Makefile | 4 + include/configs/am335x_evm.h | 9 + include/configs/ti_armv7_common.h | 2 +- include/hash.h | 22 + include/rsa.h | 3 +- lib/rsa/rsa-sign.c | 28 +- tools/fit_image.c | 165 +++++-- tools/image-host.c | 26 +- 26 files changed, 1381 insertions(+), 145 deletions(-) create mode 100644 arch/arm/cpu/armv7/omap-common/omap-cache.c create mode 100644 arch/arm/dts/am335x-bone-common.dtsi create mode 100644 arch/arm/dts/am335x-boneblack.dts create mode 100644 arch/arm/dts/am33xx.dtsi create mode 100644 arch/arm/dts/dt-bindings/gpio/gpio.h create mode 100644 arch/arm/dts/dt-bindings/pinctrl/am33xx.h create mode 100644 arch/arm/dts/dt-bindings/pinctrl/omap.h create mode 100644 arch/arm/dts/tps65217.dtsi
-- 1.9.1.423.g4596e3a
Hi Belisko,
On 28 April 2014 00:30, Belisko Marek marek.belisko@gmail.com wrote:
Hi Simon,
On Wed, Apr 16, 2014 at 4:41 PM, Simon Glass sjg@chromium.org wrote:
This series fixes a few problems that have come up since the secure boot series was merged:
- A recent commit broken the assumption that u-boot.bin ends at a known
address (thus making things appended to U-Boot inaccessible from the code). This is fixed for Beaglebone and also a new test is added to the Makefile to ensure that it does not break again. All boards have been tested.
- A way is needed to provide an externally-build device tree binary for
U-Boot. This allows signing to happen outside the U-Boot build system.
- The .img files generated by an OMAP build need to include the FDT if one
is appended.
- Adding signatures to an FDT can cause the FDT to run out of space. The
fix is to regenerate the FDT from scratch with different dtc parameters, so pretty painful. Instead, we automatically expand the FDT.
The last two commits enable secure boot on Beaglebone (this will have no effect unless signed images are used). This could be moved to a separate configuration if required, or these patches could even be ignored:
I've tested this patch series and I found some issues. When I use dtb build from latest 3.15-rc3 kernel I got during signing this errors: Couldn't create signature node: FDT_ERR_NOSPACE Failed to add verification data for 'signature@1' signature node in 'conf@1' image node
which was fixed by those 2 small patches:
- this one doesn't overwrite return value because upper layer then
stop with no space error and doesn't allocate more space --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c @@ -405,7 +405,7 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest) if (parent < 0) { fprintf(stderr, "Couldn't create signature node: %s\n", fdt_strerror(parent));
return -EINVAL;
return parent; } }--- a/tools/image-host.c +++ b/tools/image-host.c @@ -612,7 +612,7 @@ static int fit_config_process_sig(const char *keydir, void *keydest, if (ret) { printf("Failed to add verification data for '%s' signature node in '%s' image node\n", node_name, conf_name);
return ret == FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
return ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO; } }With this small changes I can create signed fit image. Other problem appear during booting. I'm using simple uEnv.txt to get fit image to ram and boot (setenv loadaddr '0x8050000'; run loadimage; bootm). Booting of kernel fails with data abort:
Importing environment from mmc ... Running uenvcmd ... reading /uImage 4322274 bytes read in 585 ms (7 MiB/s) ## Loading kernel from FIT Image at 80500000 ... Using 'conf@1' configuration Verifying Hash Integrity ... sha1,rsa2048:dev+ OK Trying 'kernel@1' kernel subimage Description: Linux kernel Type: Kernel Image Compression: uncompressed Data Start: 0x805000e4 Data Size: 4289584 Bytes = 4.1 MiB Architecture: ARM OS: Linux Load Address: 0x80008000 Entry Point: 0x80008000 Hash algo: sha1 Hash value: 74d429a5c48d72ce3f569ba7eaa072c8c1eaab20 Verifying Hash Integrity ... sha1+ OK ## Loading fdt from FIT Image at 80500000 ... Using 'conf@1' configuration Trying 'fdt@1' fdt subimage Description: Flattened Device Tree blob Type: Flat Device Tree Compression: uncompressed Data Start: 0x80917608 Data Size: 29802 Bytes = 29.1 KiB Architecture: ARM Hash algo: sha1 Hash value: e86cfd55c3e869c6b3014c758825b2a1ade3991e Verifying Hash Integrity ... sha1+ OK Booting using the fdt blob at 0x80917608 Loading Kernel Image ... OK Using Device Tree in place at 80917608, end 80921a71
Starting kernel ...
data abort pc : [<81a80020>] lr : [<80008008>] sp : 8e71b528 ip : 0000000c fp : 00000400 r10: 8f7a3d60 r9 : 8e723f28 r8 : 00000000 r7 : 00000000 r6 : 00000ffc r5 : 0ffc0004 r4 : 000000f7 r3 : fc7391ff r2 : 80917608 r1 : 00000e05 r0 : 80917608 Flags: Nzcv IRQs off FIQs on Mode SVC_32 Resetting CPU ...
I wasn't able yet track down what is causing this issue but it happened when jumping to kernel image (kernel_entry(0, machid, r2);). Any ideas what to check? Thanks in advance.
For this I'm not sure, perhaps your load address is wrong?
I just sent out a new series (available in u-boot-x86.git branch 'bone') which adds some step-by-step documentation. It also collects all the fixes in one place.
[snip]
Regards, Simon
Dear Simon Glass,
On Tue, Jun 3, 2014 at 6:42 AM, Simon Glass sjg@chromium.org wrote:
Hi Belisko,
On 28 April 2014 00:30, Belisko Marek marek.belisko@gmail.com wrote:
Hi Simon,
On Wed, Apr 16, 2014 at 4:41 PM, Simon Glass sjg@chromium.org wrote:
This series fixes a few problems that have come up since the secure boot series was merged:
- A recent commit broken the assumption that u-boot.bin ends at a known
address (thus making things appended to U-Boot inaccessible from the code). This is fixed for Beaglebone and also a new test is added to the Makefile to ensure that it does not break again. All boards have been tested.
- A way is needed to provide an externally-build device tree binary for
U-Boot. This allows signing to happen outside the U-Boot build system.
- The .img files generated by an OMAP build need to include the FDT if one
is appended.
- Adding signatures to an FDT can cause the FDT to run out of space. The
fix is to regenerate the FDT from scratch with different dtc parameters, so pretty painful. Instead, we automatically expand the FDT.
The last two commits enable secure boot on Beaglebone (this will have no effect unless signed images are used). This could be moved to a separate configuration if required, or these patches could even be ignored:
I've tested this patch series and I found some issues. When I use dtb build from latest 3.15-rc3 kernel I got during signing this errors: Couldn't create signature node: FDT_ERR_NOSPACE Failed to add verification data for 'signature@1' signature node in 'conf@1' image node
which was fixed by those 2 small patches:
- this one doesn't overwrite return value because upper layer then
stop with no space error and doesn't allocate more space --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c @@ -405,7 +405,7 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest) if (parent < 0) { fprintf(stderr, "Couldn't create signature node: %s\n", fdt_strerror(parent));
return -EINVAL;
return parent; } }--- a/tools/image-host.c +++ b/tools/image-host.c @@ -612,7 +612,7 @@ static int fit_config_process_sig(const char *keydir, void *keydest, if (ret) { printf("Failed to add verification data for '%s' signature node in '%s' image node\n", node_name, conf_name);
return ret == FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
return ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO; } }With this small changes I can create signed fit image. Other problem appear during booting. I'm using simple uEnv.txt to get fit image to ram and boot (setenv loadaddr '0x8050000'; run loadimage; bootm). Booting of kernel fails with data abort:
Importing environment from mmc ... Running uenvcmd ... reading /uImage 4322274 bytes read in 585 ms (7 MiB/s) ## Loading kernel from FIT Image at 80500000 ... Using 'conf@1' configuration Verifying Hash Integrity ... sha1,rsa2048:dev+ OK Trying 'kernel@1' kernel subimage Description: Linux kernel Type: Kernel Image Compression: uncompressed Data Start: 0x805000e4 Data Size: 4289584 Bytes = 4.1 MiB Architecture: ARM OS: Linux Load Address: 0x80008000 Entry Point: 0x80008000 Hash algo: sha1 Hash value: 74d429a5c48d72ce3f569ba7eaa072c8c1eaab20 Verifying Hash Integrity ... sha1+ OK ## Loading fdt from FIT Image at 80500000 ... Using 'conf@1' configuration Trying 'fdt@1' fdt subimage Description: Flattened Device Tree blob Type: Flat Device Tree Compression: uncompressed Data Start: 0x80917608 Data Size: 29802 Bytes = 29.1 KiB Architecture: ARM Hash algo: sha1 Hash value: e86cfd55c3e869c6b3014c758825b2a1ade3991e Verifying Hash Integrity ... sha1+ OK Booting using the fdt blob at 0x80917608 Loading Kernel Image ... OK Using Device Tree in place at 80917608, end 80921a71
Starting kernel ...
data abort pc : [<81a80020>] lr : [<80008008>] sp : 8e71b528 ip : 0000000c fp : 00000400 r10: 8f7a3d60 r9 : 8e723f28 r8 : 00000000 r7 : 00000000 r6 : 00000ffc r5 : 0ffc0004 r4 : 000000f7 r3 : fc7391ff r2 : 80917608 r1 : 00000e05 r0 : 80917608 Flags: Nzcv IRQs off FIQs on Mode SVC_32 Resetting CPU ...
I wasn't able yet track down what is causing this issue but it happened when jumping to kernel image (kernel_entry(0, machid, r2);). Any ideas what to check? Thanks in advance.
For this I'm not sure, perhaps your load address is wrong?
Yes I've fixed this issue some time ago. What about those two mentioned patches? Without them I cannot create FIT properly.
I just sent out a new series (available in u-boot-x86.git branch 'bone') which adds some step-by-step documentation. It also collects all the fixes in one place.
Thanks I'll look on that.
[snip]
Regards, Simon
BR,
marek
Hi,
On 2 June 2014 23:17, Belisko Marek marek.belisko@gmail.com wrote:
Dear Simon Glass,
On Tue, Jun 3, 2014 at 6:42 AM, Simon Glass sjg@chromium.org wrote:
Hi Belisko,
On 28 April 2014 00:30, Belisko Marek marek.belisko@gmail.com wrote:
Hi Simon,
On Wed, Apr 16, 2014 at 4:41 PM, Simon Glass sjg@chromium.org wrote:
This series fixes a few problems that have come up since the secure boot series was merged:
- A recent commit broken the assumption that u-boot.bin ends at a known
address (thus making things appended to U-Boot inaccessible from the code). This is fixed for Beaglebone and also a new test is added to the Makefile to ensure that it does not break again. All boards have been tested.
- A way is needed to provide an externally-build device tree binary for
U-Boot. This allows signing to happen outside the U-Boot build system.
- The .img files generated by an OMAP build need to include the FDT if one
is appended.
- Adding signatures to an FDT can cause the FDT to run out of space. The
fix is to regenerate the FDT from scratch with different dtc parameters, so pretty painful. Instead, we automatically expand the FDT.
The last two commits enable secure boot on Beaglebone (this will have no effect unless signed images are used). This could be moved to a separate configuration if required, or these patches could even be ignored:
I've tested this patch series and I found some issues. When I use dtb build from latest 3.15-rc3 kernel I got during signing this errors: Couldn't create signature node: FDT_ERR_NOSPACE Failed to add verification data for 'signature@1' signature node in 'conf@1' image node
which was fixed by those 2 small patches:
- this one doesn't overwrite return value because upper layer then
stop with no space error and doesn't allocate more space --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c @@ -405,7 +405,7 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest) if (parent < 0) { fprintf(stderr, "Couldn't create signature node: %s\n", fdt_strerror(parent));
return -EINVAL;
return parent;
Here we must return a value like -ENOSPC if we want to signal that. Also it should be done before printing the error.
} }--- a/tools/image-host.c +++ b/tools/image-host.c @@ -612,7 +612,7 @@ static int fit_config_process_sig(const char *keydir, void *keydest, if (ret) { printf("Failed to add verification data for '%s' signature node in '%s' image node\n", node_name, conf_name);
return ret == FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
return ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
This looks right to me.
} }With this small changes I can create signed fit image.
[snip]
For this I'm not sure, perhaps your load address is wrong?
Yes I've fixed this issue some time ago. What about those two mentioned patches? Without them I cannot create FIT properly.
I think your patches are useful - my code was aimed at fixing this problem for the FIT image, and adding the large signature block, but it can just as easily happen with the U-Boot fdt.
I will take a look at rolling it into a new version, but if you come up with a patch on top of my latest series, please send it (u-boot-x86.git branch 'bone')
Regards, Simon
participants (2)
-
Belisko Marek -
Simon Glass