[U-Boot] [PATCH v6 05/10] optee: Add optee_image_get_entry_point()

Add a helper function for extracting the least significant 32 bits from the OPTEE entry point address, which will be good enough to load OPTEE binaries up to (2^32)-1 bytes. We may need to extend this out later on but for now (2^32)-1 should be fine. Signed-off-by: Bryan O'Donoghu

[U-Boot] [PATCH v6 04/10] optee: Add CONFIG_OPTEE_LOAD_ADDR

CONFIG_OPTEE_LOAD_ADDR appear in u-boot.cfg. Adding new CONFIG entires to u-boot should be kconfig driven so this patch does just that. Signed-off-by: Bryan O'Donoghue Reviewed-by: Ryan Harkin --- lib/optee/Kconfig | 6 ++ 1 file changed, 6 insertions(+) diff --git a/lib/optee/Kconfig b/lib/

[U-Boot] [PATCH v6 10/10] bootm: optee: Add a bootm command for type IH_OS_TEE

This patch makes it possible to verify the contents and location of an OPTEE image in DRAM prior to handing off control to that image. If image verification fails we won't try to boot any further. Signed-off-by: Bryan O'Donoghue Suggested-by: Andrew F. Davis Cc: Harinarayan Bhatta Cc

Re: [U-Boot] [PATCH 1/4] imx: hab: Add routine to set HAB IVT address

On 16/03/18 08:17, Lothar Waßmann wrote: 'setexpr hab_ivt_addr ${loadaddr} + 0x400' could not do as well? That might work too. I'll check. ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot

Re: [U-Boot] [PATCH 3/4] imx: hab: Specify IVT padding size

On 15/03/18 16:54, Breno Matheus Lima wrote: Hi Bryan, 2018-03-09 14:35 GMT-03:00 Bryan O'Donoghue : This patch adds IVT_PAD_SIZE at 0xC00. The IVT header is padded to this size. Defining the size explicitly makes it possible to use the define to locate the start/end of an IVT header wi

Re: [U-Boot] [PATCH 4/4] imx: hab: Provide hab_auth_img_or_fail command

On 15/03/18 17:15, Breno Matheus Lima wrote: If I run this command without any parameter the code is wrongly executed, and the system goes to USB recovery mode. Oops. I'll fix that so. --- bod ___ U-Boot mailing list U-Boot@lists.denx.de https://l

Re: [U-Boot] [PATCH 3/4] imx: hab: Specify IVT padding size

On 20/03/18 01:53, Breno Matheus Lima wrote: Hi Bryan, 2018-03-17 8:06 GMT-03:00 Bryan O'Donoghue : On 15/03/18 16:54, Breno Matheus Lima wrote: Hi Bryan, 2018-03-09 14:35 GMT-03:00 Bryan O'Donoghue : This patch adds IVT_PAD_SIZE at 0xC00. The IVT header is padded to

[U-Boot] [PATCH v2 0/3] imx: hab: Add helper functions for scripted HAB auth

in one place - again allowing for scripting to reuse instead of replicate functionality over and over again. These helper functions could all be buried in the board-port but, they are made available here in the hopes they will be of use to others. Bryan O'Donoghue (3): imximage: Encase maj

[U-Boot] [PATCH v2 1/3] imximage: Encase majority of header in __ASSEMBLY__ declaration

Subsequent patches will want to include imageimage.h but in doing so include it on an assembly compile path causing a range of compile errors. Fix the errors pre-emptively by encasing the majority of the declarations in imximage.h inside an ifdef __ASSEMBLY__ block. Signed-off-by: Bryan

[U-Boot] [PATCH v2 2/3] imximage: Specify default IVT offset in IMX image

continue to follow the first-stage authentication layout. This patch defines the first stage offset with an upcoming set of BSP patches making use of that offset subsequently. Signed-off-by: Bryan O'Donoghue Cc: Utkarsh Gupta Cc: Breno Lima Cc: Fabio Estevam --- include/imximage.h | 3 +++ 1

[U-Boot] [PATCH v2 3/3] imx: hab: Provide hab_auth_img_or_fail command

images can be run. It's possible to script this logic but, when done over and over again the environment starts get very complex and repetitive, reducing that script repetition down to a command line function makes sense. Signed-off-by: Bryan O'Donoghue Cc: Utkarsh Gupta Cc: Breno Lima

[U-Boot] [PATCH v3 0/3] NXP WaARP7 set serial# from OTP fuses for USB iSerial

mated LAVA testing environment, hopefully its useful and acceptable to others. Bryan O'Donoghue (3): imx: mx7: Fix CONFIG_SERIAL_TAG compilation imx: mx7: Add comment to describe OTP TESTER registers warp7: Set u-boot serial# based on OTP value arch/arm/mach-imx

[U-Boot] [PATCH v3 1/3] imx: mx7: Fix CONFIG_SERIAL_TAG compilation

Currently when we define CONFIG_SERIAL_TAG we will barf with a failure to define "struct tag_serialnr". This structure is defined in , this patch includes to fix. Signed-off-by: Bryan O'Donoghue Cc: Fabio Estevam Cc: Peng Fan Cc: Stefano Babic Reviewed-by: Fabio Estevam ---

[U-Boot] [PATCH v3 2/3] imx: mx7: Add comment to describe OTP TESTER registers

Unique ID 10:0 - FSL-wide unique, encoded LOT ID STD II/SJC CHALLENGE/ Unique ID The 64 bits of data generate a unique serial number per-chip. Signed-off-by: Bryan O'Donoghue Cc: Fabio Estevam Cc: Peng Fan Cc: Stefano Babic Reviewed-by: Fabio Estevam --- arch/arm/mach-imx

[U-Boot] [PATCH v3 3/3] warp7: Set u-boot serial# based on OTP value

ad. With this patch in place the USB mass storage device will appear in /dev/disk/by-id with a unique name based on the OTP value. For example /dev/disk/by-id/usb-Linux_UMS_disk_0_WaRP7-0xf42400d301d4-0:0 Signed-off-by: Bryan O'Donoghue Cc: Fabio Estevam Cc: Rui Miguel Silva Cc: Ryan H

Re: [U-Boot] [PATCH v2 2/3] imximage: Specify default IVT offset in IMX image

On 26/03/18 15:15, Fabio Estevam wrote: On Mon, Mar 26, 2018 at 11:11 AM, Bryan O'Donoghue wrote: +/* Specify the offset of the IVT in the IMX header as expected by BootROM */ +#define BOOTROM_IVT_HDR_OFFSET 0xC00 You introduce this new define, but there is no user for it. Ah not

Re: [U-Boot] [PATCH v2 2/3] imximage: Specify default IVT offset in IMX image

On 26/03/18 15:31, Fabio Estevam wrote: On Mon, Mar 26, 2018 at 11:30 AM, Bryan O'Donoghue wrote: Ah not _yet_ There's a bunch of code in a BSP mod I plan to bomb the list with that makes use of this. In this case, please make this patch part of the series where we actually see

[U-Boot] [PATCH v3 0/2] imx: hab: Add helper functions for scripted HAB auth

they are made available here in the hopes they will be of use to others. Bryan O'Donoghue (2): imximage: Encase majority of header in __ASSEMBLY__ declaration imx: hab: Provide hab_auth_img_or_fail command arch/arm/mach-imx/hab.c | 35 +++ include/imximage

[U-Boot] [PATCH v3 1/2] imximage: Encase majority of header in __ASSEMBLY__ declaration

Subsequent patches will want to include imageimage.h but in doing so include it on an assembly compile path causing a range of compile errors. Fix the errors pre-emptively by encasing the majority of the declarations in imximage.h inside an ifdef __ASSEMBLY__ block. Signed-off-by: Bryan

[U-Boot] [PATCH v3 2/2] imx: hab: Provide hab_auth_img_or_fail command

images can be run. It's possible to script this logic but, when done over and over again the environment starts get very complex and repetitive, reducing that script repetition down to a command line function makes sense. Signed-off-by: Bryan O'Donoghue Cc: Utkarsh Gupta Cc: Breno Lima

[U-Boot] [PATCH] configs: warp7: Fix CAAM on boot with tip-of-tree

reeable) from [<8076aa38>] (kernel_init+0x8/0xe8) [<8076aa38>] (kernel_init) from [<8000f468>] (ret_from_fork+0x14/0x2c) Code: e59d300c e2832010 e5843008 e5834068 (e58a2004) ---[ end trace d5f941204ed8cb29 ]--- Kernel panic - not syncing: Attempted to kill init! exitcode=0x0

[U-Boot] [PATCH 01/18] imximage: Specify default IVT offset in IMX image

continue to follow the first-stage authentication layout. This patch defines the first stage offset which later patch make use of. Signed-off-by: Bryan O'Donoghue Cc: Utkarsh Gupta Cc: Breno Lima Cc: Fabio Estevam --- include/imximage.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/in

[U-Boot] [PATCH 00/18] warp7: Enable automated OPTEE/HAB boot flow

ID mmcpart will be used to pass root id to kernel setenv rootpart ${mmcpart} run finduuid; run mmcargs; # Now boot echo Booting secure Linux/OPTEE OS from mmc ...; bootm ${optee_addr} - ${fdt_addr}; # Failsafe if something goes wrong hab_failsafe Bryan O'Donoghue (18): imximage: Specify

[U-Boot] [PATCH 09/18] warp7: defconfig: Enable CONFIG_BOOTM_TEE

Signed-off-by: Bryan O'Donoghue --- configs/warp7_secure_defconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/configs/warp7_secure_defconfig b/configs/warp7_secure_defconfig index d1d2495..0d46aa7 100644 --- a/configs/warp7_secure_defconfig +++ b/configs/warp7_secure_defconf

[U-Boot] [PATCH 02/18] warp7: hab: Add a CSF location definition

nt because it gives the addresses for the HAB that we will require to sign the u-boot image using the CST. Since the addresses can change this logfile is a critical output. Signed-off-by: Bryan O'Donoghue --- board/warp7/imximage.cfg | 4 1 file changed, 4 insertions(+) diff --gi

[U-Boot] [PATCH 06/18] warp7: Print out the OPTEE DRAM region

Right now a region of 0x30 bytes is allocated at the end of DRAM for the purposes of loading an OPTEE firmware inside of it. This patch adds the printout of the relevant address ranges. Signed-off-by: Bryan O'Donoghue --- board/warp7/warp7.c | 10 ++ 1 file changed, 10 inser

[U-Boot] [PATCH 15/18] warp7: Make load command an environment variable

This patch replaces the current "fatload" command with an environment variable. Making the load command into an environment variable means we can change filesystem type in boot.scr and reuse existing commands within that boot script. Signed-off-by: Bryan O'Donoghue --- include/

[U-Boot] [PATCH 04/18] warp7: defconfig: Enable OPTEE for WaRP7

Requires setting CONFIG_OPTEE=y and setting an OPTEE TrustZone DRAM base in include/configs/warp7.h. Signed-off-by: Bryan O'Donoghue --- configs/warp7_secure_defconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/configs/warp7_secure_defconfig b/configs/warp7_secure_defconfig

Re: [U-Boot] [PATCH 00/18] warp7: Enable automated OPTEE/HAB boot flow

+ Breno Forget to add you to the CC Breno bod < sleep ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH 08/18] warp7: defconfig: Enable CONFIG_SECURE_BOOT

Various function associated with booting the WaRP7 in High Assurance Boot (HAB) mode are enabled by switching on CONFIG_SECURE_BOOT. This patch enables CONFIG_SECURE_BOOT for the WaRP7 defconfig. Signed-off-by: Bryan O'Donoghue --- configs/warp7_secure_defconfig | 1 + 1 file chang

[U-Boot] [PATCH 16/18] warp7: hab: Set environment variable indicating IVT offset

have the real load addresses exported in uboot.cfg. ivt_offset represents the addition or subtraction from the load address that must happen to find an IVT header. Signed-off-by: Bryan O'Donoghue --- include/configs/warp7.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/co

[U-Boot] [PATCH 13/18] warp7: Define the name of a signed boot-script file

We need to know the name of a signed boot-script, its better to have a separate variable for this then to simply append some fixed string to an existing image name. Signed-off-by: Bryan O'Donoghue --- include/configs/warp7.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/co

[U-Boot] [PATCH 17/18] warp7_secure: defconfig: Enable CMD_SETEXPR

setexpr allows us to do arithmetic for env variables - something that is both useful and required when doing HAB authentication without hard-coding HAB load addresses. Enable setexpr in the secure defconfig - it's not required for the unsecure version. Signed-off-by: Bryan O

[U-Boot] [PATCH 14/18] warp7: add warp7_auth_or_fail

_addr} ${filesize} 0". Signed-off-by: Bryan O'Donoghue --- include/configs/warp7.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/configs/warp7.h b/include/configs/warp7.h index 53fbcb2..c957b2d 100644 --- a/include/configs/warp7.h +++ b/include/configs/warp7.h @@ -50,6 +50,7 @@

[U-Boot] [PATCH 03/18] warp7: hab: Set environment variable indicating HAB enable

Signed-off-by: Bryan O'Donoghue --- board/warp7/warp7.c | 8 include/configs/warp7.h | 3 +++ 2 files changed, 11 insertions(+) diff --git a/board/warp7/warp7.c b/board/warp7/warp7.c index 327f656..0d3d324 100644 --- a/board/warp7/warp7.c +++ b/board/warp7/warp7.c @@ -10,6 +10

[U-Boot] [PATCH 11/18] warp7: Add Kconfig WARP7_ROOT_PART

Adding CONFIG_WARP7_ROOT_PART allows a defconfig to specify which partition is use as the root partition on WaRP7, this is a desirable change in order to support a different partitioning schemes. The default is the current partition #1. Signed-off-by: Bryan O'Donoghue --- board/warp7/Kc

[U-Boot] [PATCH 12/18] warp7: select uuid partition based on rootpart

boot script to select ping or pong as necessary without reprogramming the bootloader. Signed-off-by: Bryan O'Donoghue --- include/configs/warp7.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/configs/warp7.h b/include/configs/warp7.h index a92e675..f2ee09b 1

[U-Boot] [PATCH 07/18] warp7: Specify CONFIG_OPTEE_LOAD_ADDR

makes the OPTEE_LOAD_ADDR available via u-boot.cfg for further parsing by external tools. Signed-off-by: Bryan O'Donoghue Reviewed-by: Ryan Harkin --- configs/warp7_secure_defconfig | 1 + include/configs/warp7.h| 1 + 2 files changed, 2 insertions(+) diff --git a/co

[U-Boot] [PATCH 05/18] warp7: Allocate specific region of memory to OPTEE

. Signed-off-by: Bryan O'Donoghue --- board/warp7/warp7.c | 5 + 1 file changed, 5 insertions(+) diff --git a/board/warp7/warp7.c b/board/warp7/warp7.c index 0d3d324..56f0cdd 100644 --- a/board/warp7/warp7.c +++ b/board/warp7/warp7.c @@ -58,6 +58,11 @@ int dram_init(void) { gd->

[U-Boot] [PATCH 18/18] warp7: Add support for automated secure boot.scr verification

prior to executing the commands contained in boot.scr. Signed-off-by: Bryan O'Donoghue --- include/configs/warp7.h | 9 + 1 file changed, 9 insertions(+) diff --git a/include/configs/warp7.h b/include/configs/warp7.h index adf25ac..2a2d431 100644 --- a/include/configs/warp7.h +++

[U-Boot] [PATCH 10/18] warp7: Make CONFIG_SYS_FDT_ADDR a define

-by: Bryan O'Donoghue Reviewed-by: Ryan Harkin --- board/warp7/Kconfig | 6 ++ include/configs/warp7.h | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/board/warp7/Kconfig b/board/warp7/Kconfig index 61c33fb..00df19d 100644 --- a/board/warp7/Kconfig +++ b/board/

Re: [U-Boot] [PATCH] configs: warp7: Fix CAAM on boot with tip-of-tree

On 30/03/18 15:53, Fabio Estevam wrote: Hi Bryan, On Fri, Mar 30, 2018 at 7:55 AM, Bryan O'Donoghue wrote: Booting the following image with tip-of-tree we get a CAAM DECO error (and subsequent crash due to a kernel bug in 4.1). For booting NXP based kernel you shoul

Re: [U-Boot] [PATCH 15/18] warp7: Make load command an environment variable

On 30/03/18 16:05, Fabio Estevam wrote: This will conflict with Pierre-Jean's recent patch series that makes use of the generic load command: https://lists.denx.de/pipermail/u-boot/2018-March/324065.html and https://lists.denx.de/pipermail/u-boot/2018-March/324066.html Would his approach w

[U-Boot] [PATCH v2 0/2] WaRP7 unify secure and non-secure defconfigs

x the bug and zap the fat ! Bryan O'Donoghue (2): warp7: defconfig: Fix CAAM on boot with tip-of-tree warp7: secure_defconfig: Remove secure_defconfig configs/warp7_defconfig| 1 + configs/warp7_secure_defconfig | 42 -- 2 files changed, 1

[U-Boot] [PATCH v2 1/2] warp7: defconfig: Fix CAAM on boot with tip-of-tree

reeable) from [<8076aa38>] (kernel_init+0x8/0xe8) [<8076aa38>] (kernel_init) from [<8000f468>] (ret_from_fork+0x14/0x2c) Code: e59d300c e2832010 e5843008 e5834068 (e58a2004) ---[ end trace d5f941204ed8cb29 ]--- Kernel panic - not syncing: Attempted to kill init! exitcode=0x0

[U-Boot] [PATCH v2 2/2] warp7: secure_defconfig: Remove secure_defconfig

there's no need to support the secure defconfig - drop it now. Signed-off-by: Bryan O'Donoghue Suggested-by: Fabio Estevam --- configs/warp7_secure_defconfig | 42 -- 1 file changed, 42 deletions(-) delete mode 100644 configs/warp7_secure_defconfig

[U-Boot] [PATCH v3 0/2] WaRP7 unify secure and non-secure defconfigs

as-is so, in this context there appears to be no justification for keeping separate configuration files. Fix the bug and zap the fat ! Bryan O'Donoghue (2): warp7: defconfig: Fix CAAM on boot with tip-of-tree warp7: secure_defconfig: Remove secure_defconfig board/warp7/MAINTAINERS

[U-Boot] [PATCH v3 2/2] warp7: secure_defconfig: Remove secure_defconfig

there's no need to support the secure defconfig - drop it now. Signed-off-by: Bryan O'Donoghue Suggested-by: Fabio Estevam Reviewed-by: Fabio Estevam --- board/warp7/MAINTAINERS| 1 - configs/warp7_secure_defconfig | 42 -- 2 files c

[U-Boot] [PATCH v3 1/2] warp7: defconfig: Fix CAAM on boot with tip-of-tree

reeable) from [<8076aa38>] (kernel_init+0x8/0xe8) [<8076aa38>] (kernel_init) from [<8000f468>] (ret_from_fork+0x14/0x2c) Code: e59d300c e2832010 e5843008 e5834068 (e58a2004) ---[ end trace d5f941204ed8cb29 ]--- Kernel panic - not syncing: Attempted to kill init! exitcode=0x00

Re: [U-Boot] [PATCH v2 1/2] warp7: configs: enable CONFIG_CMD_FS_GENERIC

93882/ Could you drop the part of this patch for warp7_secure_defconfig - in a v3 ? That way my patch and your patch can apply independently and in any order Acked-by: Bryan O'Donoghue --- bod ___ U-Boot mailing list U-Boot@lists.denx.de https://lis

Re: [U-Boot] [PATCH v3 2/2] warp7: configs: enable CONFIG_CMD_FS_GENERIC

_DFU_MMC=y CONFIG_USB=y Acked-by: Bryan O'Donoghue ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot

Re: [U-Boot] [PATCH v3 1/2] warp7: include/configs: use generic fs commands in CONFIG_EXTRA_ENV_SETTINGS

cdev}:${mmcpart} ${loadaddr} ${image}\0" \ + "loadfdt=load mmc ${mmcdev}:${mmcpart} ${fdt_addr} ${fdt_file}\0" \ "mmcboot=echo Booting from mmc ...; " \ "run finduuid; " \ "run mmcargs; " \ Acked-by: Bryan O'Donoghue ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH v2 00/17] warp7: Enable automated OPTEE/HAB boot flow

oot id to kernel setenv rootpart ${mmcpart} run finduuid; run mmcargs; # Now boot echo Booting secure Linux/OPTEE OS from mmc ...; bootm ${optee_addr} - ${fdt_addr}; # Failsafe if something goes wrong hab_failsafe Bryan O'Donoghue (17): imximage: Specify default IVT offset in IMX image warp7:

[U-Boot] [PATCH v2 01/17] imximage: Specify default IVT offset in IMX image

continue to follow the first-stage authentication layout. This patch defines the first stage offset which later patch make use of. Signed-off-by: Bryan O'Donoghue Cc: Utkarsh Gupta Cc: Breno Lima Cc: Fabio Estevam --- include/imximage.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/in

[U-Boot] [PATCH v2 04/17] warp7: defconfig: Enable OPTEE for WaRP7

Requires setting CONFIG_OPTEE=y and setting an OPTEE TrustZone DRAM base in include/configs/warp7.h. Signed-off-by: Bryan O'Donoghue --- configs/warp7_defconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/configs/warp7_defconfig b/configs/warp7_defconfig index d720bac..3dbcd69 1

[U-Boot] [PATCH v2 03/17] warp7: hab: Set environment variable indicating HAB enable

Signed-off-by: Bryan O'Donoghue --- board/warp7/warp7.c | 8 include/configs/warp7.h | 3 +++ 2 files changed, 11 insertions(+) diff --git a/board/warp7/warp7.c b/board/warp7/warp7.c index 327f656..0d3d324 100644 --- a/board/warp7/warp7.c +++ b/board/warp7/warp7.c @@ -10,6 +10

[U-Boot] [PATCH v2 10/17] warp7: Make CONFIG_SYS_FDT_ADDR a define

-by: Bryan O'Donoghue Reviewed-by: Ryan Harkin --- board/warp7/Kconfig | 6 ++ include/configs/warp7.h | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/board/warp7/Kconfig b/board/warp7/Kconfig index 61c33fb..00df19d 100644 --- a/board/warp7/Kconfig +++ b/board/

[U-Boot] [PATCH v2 11/17] warp7: Add Kconfig WARP7_ROOT_PART

Adding CONFIG_WARP7_ROOT_PART allows a defconfig to specify which partition is use as the root partition on WaRP7, this is a desirable change in order to support a different partitioning schemes. The default is the current partition #2. Signed-off-by: Bryan O'Donoghue --- board/warp7/Kc

[U-Boot] [PATCH v2 02/17] warp7: hab: Add a CSF location definition

nt because it gives the addresses for the HAB that we will require to sign the u-boot image using the CST. Since the addresses can change this logfile is a critical output. Signed-off-by: Bryan O'Donoghue --- board/warp7/imximage.cfg | 4 1 file changed, 4 insertions(+) diff --gi

[U-Boot] [PATCH v2 14/17] warp7: add warp7_auth_or_fail

_addr} ${filesize} 0". Signed-off-by: Bryan O'Donoghue --- include/configs/warp7.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/configs/warp7.h b/include/configs/warp7.h index 0ed95d8..454bc1c 100644 --- a/include/configs/warp7.h +++ b/include/configs/warp7.h @@ -50,6 +50,7 @@

[U-Boot] [PATCH v2 12/17] warp7: select uuid partition based on rootpart

boot script to select ping or pong as necessary without reprogramming the bootloader. Signed-off-by: Bryan O'Donoghue --- include/configs/warp7.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/configs/warp7.h b/include/configs/warp7.h index 344042c..54b3b31 1

[U-Boot] [PATCH v2 13/17] warp7: Define the name of a signed boot-script file

We need to know the name of a signed boot-script, its better to have a separate variable for this then to simply append some fixed string to an existing image name. Signed-off-by: Bryan O'Donoghue --- include/configs/warp7.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/co

[U-Boot] [PATCH v2 06/17] warp7: Print out the OPTEE DRAM region

Right now a region of 0x30 bytes is allocated at the end of DRAM for the purposes of loading an OPTEE firmware inside of it. This patch adds the printout of the relevant address ranges. Signed-off-by: Bryan O'Donoghue --- board/warp7/warp7.c | 10 ++ 1 file changed, 10 inser

[U-Boot] [PATCH v2 05/17] warp7: Allocate specific region of memory to OPTEE

. Signed-off-by: Bryan O'Donoghue --- board/warp7/warp7.c | 5 + 1 file changed, 5 insertions(+) diff --git a/board/warp7/warp7.c b/board/warp7/warp7.c index 0d3d324..56f0cdd 100644 --- a/board/warp7/warp7.c +++ b/board/warp7/warp7.c @@ -58,6 +58,11 @@ int dram_init(void) { gd->

[U-Boot] [PATCH v2 09/17] warp7: defconfig: Enable CONFIG_BOOTM_TEE

Signed-off-by: Bryan O'Donoghue --- configs/warp7_defconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/configs/warp7_defconfig b/configs/warp7_defconfig index efb6f51..d5dc009 100644 --- a/configs/warp7_defconfig +++ b/configs/warp7_defconfig @@ -47,3 +47,4 @@ CONFIG_USBNET_HOST_

[U-Boot] [PATCH v2 08/17] warp7: defconfig: Enable CONFIG_SECURE_BOOT

Various function associated with booting the WaRP7 in High Assurance Boot (HAB) mode are enabled by switching on CONFIG_SECURE_BOOT. This patch enables CONFIG_SECURE_BOOT for the WaRP7 defconfig. Signed-off-by: Bryan O'Donoghue --- configs/warp7_defconfig | 1 + 1 file changed, 1 inse

[U-Boot] [PATCH v2 16/17] warp7: defconfig: Enable CMD_SETEXPR

setexpr allows us to do arithmetic for env variables - something that is both useful and required when doing HAB authentication without hard-coding HAB load addresses. Enable setexpr in the secure defconfig - it's not required for the unsecure version. Signed-off-by: Bryan O

[U-Boot] [PATCH v2 07/17] warp7: Specify CONFIG_OPTEE_LOAD_ADDR

makes the OPTEE_LOAD_ADDR available via u-boot.cfg for further parsing by external tools. Signed-off-by: Bryan O'Donoghue Reviewed-by: Ryan Harkin --- configs/warp7_defconfig | 1 + include/configs/warp7.h | 1 + 2 files changed, 2 insertions(+) diff --git a/configs/warp7_defconfig b/co

[U-Boot] [PATCH v2 17/17] warp7: Add support for automated secure boot.scr verification

prior to executing the commands contained in boot.scr. Signed-off-by: Bryan O'Donoghue --- include/configs/warp7.h | 9 + 1 file changed, 9 insertions(+) diff --git a/include/configs/warp7.h b/include/configs/warp7.h index fe9b7d5..f340bff 100644 --- a/include/configs/warp7.h +++

[U-Boot] [PATCH v2 15/17] warp7: hab: Set environment variable indicating IVT offset

have the real load addresses exported in uboot.cfg. ivt_offset represents the addition or subtraction from the load address that must happen to find an IVT header. Signed-off-by: Bryan O'Donoghue --- include/configs/warp7.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/co

[U-Boot] [PATCH] imx: mx7: snvs: Add an SNVS init routine

i.MX processors but for now this is only tested on i.MX7 as working. Signed-off-by: Bryan O'Donoghue --- arch/arm/include/asm/mach-imx/sys_proto.h | 1 + arch/arm/mach-imx/mx7/Makefile| 2 +- arch/arm/mach-imx/mx7/snvs.c | 22 ++ arch/arm/ma

Re: [U-Boot] [PATCH] imx: mx7: snvs: Add an SNVS init routine

+ Stefano On 05/04/18 19:46, Bryan O'Donoghue wrote: Working with HAB on the i.MX7 we've encountered a case where a board that successfully authenticates u-boot when booting Linux via OPTEE subsequently fails to properly bring up the RTC. The RTC registers live in the low-power bl

Re: [U-Boot] [PATCH] imx: mx7: snvs: Add an SNVS init routine

On 05/04/18 20:29, Fabio Estevam wrote: Hi Bryan, On Thu, Apr 5, 2018 at 3:46 PM, Bryan O'Donoghue wrote: --- a/arch/arm/mach-imx/mx7/soc.c +++ b/arch/arm/mach-imx/mx7/soc.c @@ -180,6 +180,8 @@ int arch_cpu_init(void) isolate_resource(); #endif + init_snvs(); Shou

Re: [U-Boot] [PATCH v2 06/17] warp7: Print out the OPTEE DRAM region

On 07/04/18 13:36, Breno Matheus Lima wrote: Hi Bryan, 2018-04-02 19:42 GMT-03:00 Bryan O'Donoghue : Right now a region of 0x30 bytes is allocated at the end of DRAM for the purposes of loading an OPTEE firmware inside of it. This patch adds the printout of the relevant address r

Re: [U-Boot] [PATCH v2 09/17] warp7: defconfig: Enable CONFIG_BOOTM_TEE

On 07/04/18 13:32, Breno Matheus Lima wrote: Hi Bryan, 2018-04-02 19:42 GMT-03:00 Bryan O'Donoghue : This patch enables CONFIG_BOOTM_TEE. Once enabled its possible to chain-load Linux through OPTEE. Loading kernel to 0x8080 => run loadimage Load FDT to 0x8300 => run lo

[U-Boot] [PATCH] bootm: Align cache flush begin address

operation. The load address may not be aligned to a cache-line boundary, so ensure the passed address is aligned. Signed-off-by: Bryan O'Donoghue Reported-by: Breno Matheus Lima Cc: Simon Glass --- common/bootm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/c

Re: [U-Boot] [PATCH v2 07/17] warp7: Specify CONFIG_OPTEE_LOAD_ADDR

On 07/04/18 13:23, Breno Matheus Lima wrote: Hi Bryan, 2018-04-02 19:42 GMT-03:00 Bryan O'Donoghue : In order to sign images with the IMX code-signing-tool (CST) we need to know the load address of a given image. The best way to derive this load address is to make it into a define - so

[U-Boot] [PATCH v3 01/17] imximage: Specify default IVT offset in IMX image

continue to follow the first-stage authentication layout. This patch defines the first stage offset which later patch make use of. Signed-off-by: Bryan O'Donoghue Cc: Utkarsh Gupta Cc: Breno Lima Cc: Fabio Estevam --- include/imximage.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/in

[U-Boot] [PATCH v3 00/17] warp7: Enable automated OPTEE/HAB boot flow

ptee_addr} - ${fdt_addr}; # Failsafe if something goes wrong hab_failsafe Bryan O'Donoghue (17): imximage: Specify default IVT offset in IMX image warp7: hab: Add a CSF location definition warp7: hab: Set environment variable indicating HAB enable warp7: defconfig: Enable OPTEE for Wa

[U-Boot] [PATCH v3 09/17] warp7: defconfig: Enable CONFIG_BOOTM_TEE

Signed-off-by: Bryan O'Donoghue --- configs/warp7_defconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/configs/warp7_defconfig b/configs/warp7_defconfig index efb6f51..d5dc009 100644 --- a/configs/warp7_defconfig +++ b/configs/warp7_defconfig @@ -47,3 +47,4 @@ CONFIG_USBNET_HOST_

[U-Boot] [PATCH v3 03/17] warp7: hab: Set environment variable indicating HAB enable

Signed-off-by: Bryan O'Donoghue --- board/warp7/warp7.c | 8 include/configs/warp7.h | 3 +++ 2 files changed, 11 insertions(+) diff --git a/board/warp7/warp7.c b/board/warp7/warp7.c index 327f656..0d3d324 100644 --- a/board/warp7/warp7.c +++ b/board/warp7/warp7.c @@ -10,6 +10

[U-Boot] [PATCH v3 04/17] warp7: defconfig: Enable OPTEE for WaRP7

Requires setting CONFIG_OPTEE=y and setting an OPTEE TrustZone DRAM base in include/configs/warp7.h. Signed-off-by: Bryan O'Donoghue --- configs/warp7_defconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/configs/warp7_defconfig b/configs/warp7_defconfig index d720bac..3dbcd69 1

[U-Boot] [PATCH v3 15/17] warp7: hab: Set environment variable indicating IVT offset

have the real load addresses exported in uboot.cfg. ivt_offset represents the addition or subtraction from the load address that must happen to find an IVT header. Signed-off-by: Bryan O'Donoghue --- include/configs/warp7.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/co

[U-Boot] [PATCH v3 11/17] warp7: Add Kconfig WARP7_ROOT_PART

Adding CONFIG_WARP7_ROOT_PART allows a defconfig to specify which partition is use as the root partition on WaRP7, this is a desirable change in order to support a different partitioning schemes. The default is the current partition #2. Signed-off-by: Bryan O'Donoghue --- board/warp7/Kc

[U-Boot] [PATCH v3 02/17] warp7: hab: Add a CSF location definition

nt because it gives the addresses for the HAB that we will require to sign the u-boot image using the CST. Since the addresses can change this logfile is a critical output. Signed-off-by: Bryan O'Donoghue --- board/warp7/imximage.cfg | 4 1 file changed, 4 insertions(+) diff --gi

[U-Boot] [PATCH v3 17/17] warp7: Add support for automated secure boot.scr verification

prior to executing the commands contained in boot.scr. Signed-off-by: Bryan O'Donoghue --- include/configs/warp7.h | 9 + 1 file changed, 9 insertions(+) diff --git a/include/configs/warp7.h b/include/configs/warp7.h index fe9b7d5..f340bff 100644 --- a/include/configs/warp7.h +++

[U-Boot] [PATCH v3 08/17] warp7: defconfig: Enable CONFIG_SECURE_BOOT

Various function associated with booting the WaRP7 in High Assurance Boot (HAB) mode are enabled by switching on CONFIG_SECURE_BOOT. This patch enables CONFIG_SECURE_BOOT for the WaRP7 defconfig. Signed-off-by: Bryan O'Donoghue --- configs/warp7_defconfig | 1 + 1 file changed, 1 inse

[U-Boot] [PATCH v3 16/17] warp7: defconfig: Enable CMD_SETEXPR

setexpr allows us to do arithmetic for env variables - something that is both useful and required when doing HAB authentication without hard-coding HAB load addresses. This patch enables CMD_SETEXPR for the WaRP7 defconfig. Signed-off-by: Bryan O'Donoghue --- configs/warp7_defconfig | 2

[U-Boot] [PATCH v3 06/17] warp7: Print out the OPTEE DRAM region

Right now a region of 0x30 bytes is allocated at the end of DRAM for the purposes of loading an OPTEE firmware inside of it. This patch adds the printout of the relevant address ranges. Signed-off-by: Bryan O'Donoghue --- board/warp7/warp7.c | 10 ++ 1 file changed, 10 inser

[U-Boot] [PATCH v3 07/17] warp7: Specify CONFIG_OPTEE_LOAD_ADDR

makes the OPTEE_LOAD_ADDR available via u-boot.cfg for further parsing by external tools. Signed-off-by: Bryan O'Donoghue Reviewed-by: Ryan Harkin --- configs/warp7_defconfig | 1 + include/configs/warp7.h | 1 + 2 files changed, 2 insertions(+) diff --git a/configs/warp7_defconfig b/co

[U-Boot] [PATCH v3 05/17] warp7: Allocate specific region of memory to OPTEE

. Signed-off-by: Bryan O'Donoghue --- board/warp7/warp7.c | 5 + 1 file changed, 5 insertions(+) diff --git a/board/warp7/warp7.c b/board/warp7/warp7.c index 0d3d324..56f0cdd 100644 --- a/board/warp7/warp7.c +++ b/board/warp7/warp7.c @@ -58,6 +58,11 @@ int dram_init(void) { gd->

[U-Boot] [PATCH v3 10/17] warp7: Make CONFIG_SYS_FDT_ADDR a define

-by: Bryan O'Donoghue Reviewed-by: Ryan Harkin --- board/warp7/Kconfig | 6 ++ include/configs/warp7.h | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/board/warp7/Kconfig b/board/warp7/Kconfig index 61c33fb..00df19d 100644 --- a/board/warp7/Kconfig +++ b/board/

[U-Boot] [PATCH v3 14/17] warp7: add warp7_auth_or_fail

_addr} ${filesize} 0". Signed-off-by: Bryan O'Donoghue --- include/configs/warp7.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/configs/warp7.h b/include/configs/warp7.h index 0ed95d8..454bc1c 100644 --- a/include/configs/warp7.h +++ b/include/configs/warp7.h @@ -50,6 +50,7 @@

[U-Boot] [PATCH v3 12/17] warp7: select uuid partition based on rootpart

boot script to select ping or pong as necessary without reprogramming the bootloader. Signed-off-by: Bryan O'Donoghue --- include/configs/warp7.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/configs/warp7.h b/include/configs/warp7.h index 344042c..54b3b31 1

[U-Boot] [PATCH v3 13/17] warp7: Define the name of a signed boot-script file

We need to know the name of a signed boot-script, its better to have a separate variable for this then to simply append some fixed string to an existing image name. Signed-off-by: Bryan O'Donoghue --- include/configs/warp7.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/co

Re: [U-Boot] [PATCH] bootm: Align cache flush begin address

On 13/04/18 17:27, Tom Rini wrote: - flush_cache(load, ALIGN(*load_end - load, ARCH_DMA_MINALIGN)); + flush_cache(ALIGN(load, ARCH_DMA_MINALIGN), + ALIGN(*load_end - load, ARCH_DMA_MINALIGN)); Am I wrong in thinking that we would want ALIGN_DOWN for load here? N

[U-Boot] [PATCH v2] bootm: Align cache flush begin address

operation. The load address may not be aligned to a cache-line boundary, so ensure the passed address is aligned. Signed-off-by: Bryan O'Donoghue Reported-by: Breno Matheus Lima Suggested-by: Tom Rini Cc: Simon Glass --- common/bootm.c | 8 +++- 1 file changed, 7 insertions(+), 1 de

Re: [U-Boot] [PATCH v2] bootm: Align cache flush begin address

On 16/04/18 17:49, Simon Glass wrote: On 15 April 2018 at 04:48, Bryan O'Donoghue wrote: commit b4d956f6bc0f ("bootm: Align cache flush end address correctly") aligns the end address of the cache flush operation to a cache-line size to ensure lower-layers in the code a

Re: [U-Boot] [PATCH v2] bootm: Align cache flush begin address

On 17/04/18 23:21, Simon Glass wrote: Hi Bryan, On 17 April 2018 at 03:27, Bryan O'Donoghue wrote: On 16/04/18 17:49, Simon Glass wrote: On 15 April 2018 at 04:48, Bryan O'Donoghue wrote: commit b4d956f6bc0f ("bootm: Align cache flush end address correctly") al

Re: [U-Boot] [PATCH] mx7dsabresd: Remove the mx7dsabresd_secure_defconfig target

and select CONFIG_ARMV7_BOOT_SEC_DEFAULT inside mx7dsabresd_defconfig so that this target could be used to boot both mainline and the vendor kernel. This makes maintenance task easier and avoid potentially confusion for the end user. Signed-off-by: Fabio Estevam Acked-by: Bryan O'Don

<    1   2   3   4   5   6   >