tkaratapanis opened a new pull request, #16332: URL: https://github.com/apache/nuttx/pull/16332
*Note: Please adhere to [Contributing Guidelines](https://github.com/apache/nuttx/blob/master/CONTRIBUTING.md).* ## Summary This PR extends the i.MX9 ELE API with commands required for AHAB authentication. A new file, `imx9_ahab.c`, encapsulates the AHAB-specific image authentication logic, building on top of the lower-level ELE API. In addition, `imx9_romapi.c` introduces support for the i.MX ROM API to enable boot device–agnostic image loading. This allows BL2 to load container headers from the boot device and authenticate them using the new AHAB and ELE infrastructure. **For now the ROM API is required by AHAB boot to load the images from the boot device.** Finally, this PR adds an option to disable MMU support for i.MX9 builds. Disabling the MMU is appropriate in BL2/SPL stages, where TF-A will reinitialize the MMU in EL3, rendering early setup redundant. Omitting the MMU also reduces memory usage by ~50 KB in some cases, depending on the size of the translation tables. ## Impact There is no impact on existing builds since the new functionality is guarded by `CONFIG_IMX9_ROMAPI` and `IMX9_AHAB_BOOT`. The modification on imx9_ele.[ch] simply extends the current functionality. The MMU disablement however, requires usage of `CONFIG_ARCH_USE_MMU=y` which is sometimes mistaken with `CONFIG_ARCH_HAVE_MMU`. imx9 builds that don't use `CONFIG_ARCH_USE_MMU=y ` will now run with the MMU disabled. Imx9 builds with `CONFIG_ARCH_USE_MMU=y` will not be affected. ## Testing ### Hardware: Custom i.MX93 board booting from FLEXSPI NOR. (Other boot devices, like NAND were not tested). ### Software: Various tests have been done using several images of TF-A (Bl31), optee(BL32), BL33. For the tests `tools/imx9/Config.mk` was modified to generate a multi-image container, i.e: ` $(Q) tools$(DELIM)imx9$(DELIM)mkimage_imx9$(HOSTEXEEXT) -soc IMX9 -dev flexspi -append $(BASE_PATH)$(AHAB)$(DELIM)mx93a1-ahab-container.img -c -ap nuttx.bin a55 0x2049a000 -c -ap ../../imx-atf/build/imx93/debug/bl31.bin a55 0x204e0000 -ap ../../imx-optee-os/build.imx-mx93evk/core/tee-raw.bin a55 0x96000000 -ap bl33_image a55 0x80200000 -out flash.bin` The functionality provided by the PR still needs a bootloader implementation that uses them, the following logs are from my custom bootloader. Sample logs: ``` [BL2/SPL terminal output] image offset 0x1000, pagesize 0x1, ivt offset 0x0 ATF cntr image header is valid! Image index is 0 number of container images are 3 [read_auth_image]: container: 0x80000000 offset: 284672 size: 61440 [read_auth_image]: Image succesfully verified. Image index is 1 number of container images are 3 [read_auth_image]: container: 0x80000000 offset: 346112 size: 585728 [read_auth_image]: Image succesfully verified. Image index is 2 number of container images are 3 [read_auth_image]: container: 0x80000000 offset: 931840 size: 267264 [read_auth_image]: Image succesfully verified. [ahab_auth_release]: Container sucessfully released jumping 204e0000... [BL31/ IMX-ATF] NOTICE: TRDC init done NOTICE: BL31: v2.10.0 (debug):android-15.0.0_1.2.0-dirty NOTICE: BL31: Built : 15:03:23, May 6 2025 INFO: GICv3 without legacy support detected. INFO: ARM GICv3 driver initialized in EL3 INFO: Maximum SPI INTID supported: 991 INFO: BL31: Initializing runtime services WARNING: BL31: cortex_a55: CPU workaround for erratum 1530923 was missing! INFO: BL31: Initializing BL32 INFO: BL31: Preparing for EL3 exit to normal world INFO: Entry point address = 0x80200000 [BL32/optee logs were disabled] [BL33 Logs/PX4] [boot] Rev 0x0 : Ver 0x1 SalukiNXP93001000 Initializing SDIO slot 0 Bind SDIO to the MMC/SD driver, minor=0 ERROR: Failed to mount procfs at /proc: -1 gimbal [0:100] gps [0:100] hott_sensors [0:100] hott_telemetry [0:100] airspeed_selector [0:100] cdcacm [0:100] commander [0:100] control_allocator [0:100] dataman [0:100] send_event [0:100] flight_mode_manager [0:100] gyro_calibration [0:100] land_detector [0:100] landing_target_estimator [0:100] local_position_estimator [0:100] logger [0:100] mavlink [0:100] mc_hover_thrust_estimator [0:100] mc_pos_control [0:100] navigator [0:100] rc_update [0:100] [...] ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@nuttx.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
