- It provides a way to promise kernel dtb can be loaded successfully
even when the image is damaged.
- This makes developers easily to add what they what just like a "U-Boot" dtb.
- The kern.dtb file is pack into the end of u-boot.bin while ./dts/kern.dtb
is exist.
Change-Id: I93a36a9c65ea8719e5610cdcbcc7708e5337c53f
Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
The 0x0 address is usually allocated by 32-bit uncompressed kernel
and this alloc action is just a peek. Due to LMB core doesn't support
alloc at 0x0 address, we have to alloc the memblk backword a few bytes.
This patch is mainly to avoid fail message from sysmem/LMB.
Change-Id: I894ae2252a30a7690d10899484266191dfb12d15
Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
The commit point is updated to google external/avb/
which commit point is 868db2a514bbb02e166fb55b1592b27de8c9680c.
Change-Id: I10f7c0ac356a7666b518b62e59ccb62277668578
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
Porting from: https://tls.mbed.org/sha-512-source-code.
Update and follow sha1/256.c function name and coding style.
Change-Id: Idbe70b71e54e0e56a88aac5ec306c75fb2237f4f
Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
- Allow request region alloc within the first invisiable region reserved by
bidram when request region has flags M_ATTR_IGNORE_INVISIBLE. This is a
workaround for some firmware memory layout, eg: on RK3308-AArch32, the ATF
region is 0~1M(same as RK3308-AArch64), but the kernel would like to alloc
at 0x00058000.
- Always make kernel reserved-memory alloc successfully and check overlap
with invisible and sysmem allocated regions in sysmem_overflow_check()
before bootm. This makes alloc policy more easier.
Change-Id: I533c710a6e69bd930befda441b9ec64415e3f408
Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
Check if the region is overlap with reserved regions.
Change-Id: Ifd9b6a4438dcf954b7e48930e31d0c6cd5d1274c
Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
1.dev_desc->if_type == IF_TYPE_MMC for SD and eMMC device,
dev_desc->devnum == 1 is SD devices,
dev_desc->devnum == 0 is eMMC devices
2.SD devices do not have rpmb
3.we prefer to use rpmb for eMMC devices, use security
partition for nand or SD devices
Change-Id: Ifc21bd4da7c3ee91e2ecc845c343182c78d52dc1
Signed-off-by: Hisping Lin <hisping.lin@rock-chips.com>
The avb process have verify next level firmware to ensure its
availability. So there is no need to support lastboot in avb
process.
Change-Id: I1623a2bd93c54802ce0067cad7061ade6cc56313
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
Since we need to realize standard library function other than use them
with gcc tool chain in U-Boot. So add standard library function here.
Change-Id: I10009c5bbe31fabacd929df3c44218ae9c6a885f
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
If alloc buffer for storage read/write should be aligned to
cacheline size, please add the M_ATTR_CACHELINE_ALIGN flag
for this region.
Change-Id: I1e5d46405ddacfadd1cdb4670f943996d9b66426
Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
Modify the opensource nandc driver to compatible with
the NAND driver include FTL,which used udevice_id
"rockchip,rk-nandc".
Change-Id: I67b9beb43b9935f88c98802f6df3507248324a12
Signed-off-by: Yifeng Zhao <zyf@rock-chips.com>
- handle the case: the input base is 0;
- ignore the head region which can't visible for M_ATTR_PEEK;
Change-Id: I2c3609b9457a5e2e429e849228301bfee0e4c9b0
Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
Using malloc buffer to load image makes CONFIG_SYS_MALLOC_LEN must be
large enough, sysmem alloc is a better way.
Change-Id: I24e2b86c53b8d3307c0d155fc37cb499c321e1c6
Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
Because avb android image usually needs a large memory buffer,
always alloc avb android memblk right after U-Boot stack is a
better choice to avoid memblk overlap with others.
Since we have overflow protect magic for U-Boot stack, so we add
a pad(4KB) between them.
Change-Id: I72655d022f7e82f1ed9fbb381424d04bc86ccf6a
Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
- If the region is out of avaiable dram bank, return success;
- region can override allocated memblk with attr M_ATTR_OVERLAP;
Change-Id: I02171cdb51462e9cec3dd955ae3e0aaaa0ee7afd
Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
file not exist if ret < 0, file exist if ret >=0
Change-Id: I1a70b0a41773f03d552c5f6cda82b745d6e81421
Signed-off-by: Hisping Lin <hisping.lin@rock-chips.com>
Some platform provides more than one dram banks and reserved firmware
regions (eg. ATF, OP-TEE, etc) by pre-loader dynamically. It means
there are memory holes in board dram layout. What's more, U-Boot will
reserved regions at the late bootflow(eg. firmware reserved for AMP).
So we introduce bidram mechanism to manage GD board bi_dram[], which
provides a way to easily manage memory holes and update bi_dram[]. It
dpends on LMB which provides a good algorithm to manage memory blocks.
What's different from sysmem?
- bidram manage and pass the avaliable memory blocks to kernel;
- sysmem is only for U-Boot memory management to avoid ram overlap,
it doesn't matter about kernel avaliable memory.
Change-Id: I697cbb80bdc961e4ad5ab94548e2dc93feefde6f
Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
- import memblk id to manage memory blocks;
- change "sysmem_property" to generic "memblock";
- use alloc instead of reserve for all memory blocks;
- clean up and fix some logic;
- add U-Boot cmd for sysmem;
Change-Id: I614223ce3bf97a7b3566412a9d1864fb30b68fd8
Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
With 8 bytes addressing even on 32 bit machines these checks
are no longer valid. Remove them.
Signed-off-by: Keerthy <j-keerthy@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
(cherry picked from commit f51f6715a5013f37620c38f0430e21d4736e235a)
Signed-off-by: Andy Yan <andy.yan@rock-chips.com>
Change-Id: I07d143dbd4dfeff1ce99d081d1279c4f70fa4e8f
Since we use the pre-loader public key to verify permanent attribute, then
we do not need to write permanent attribute hash to otp & efuse.
Change-Id: Ic5e19fed2fc9405ab5bc7504dd930fd5f02d847c
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
Since the stderr is not used in uboot, use printf to print the
message.
Change-Id: Ib522609e783acf8f407e2f9fb3805b553c543cba
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
Sometimes, framework or user would call fdt_increase_size() to update
fdt size, it's better reserve more space to avoid sysmem gives the fdt
region overflow report.
The CONFIG_SYS_FDT_PAD default value is sync with bootm framework
in: common/image-fdt.c
Change-Id: I363e9a4182e13b1628a76666acd8272d25db659d
Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
1.switch to RPMB partition when call init rpmb
2.switch to original partition when call finish rpmb
3.it will not switch to original partition when error
occurred, we should recover original partition after error
Change-Id: I41927e82fb2db690058a809f008ca1f59d334011
Signed-off-by: Hisping Lin <hisping.lin@rock-chips.com>
1.mmc testsecurestorage to test secure storage
2.test secure storage in rpmb and test secure storage in
security partition when use emmc
3.test secure storage in security partition when use nand
Change-Id: Id6f72893c002c5040cb1790051c9685911878df7
Signed-off-by: Hisping Lin <hisping.lin@rock-chips.com>
Extract keymaster CA module from OpteeClientInterface
refactoring code for keymaster reads and writes form caller module
Change-Id: I1069fce0d29d9d9815f71e7f3b4d231754382acd
Signed-off-by: Jian Qiu <qiujian@rock-chips.com>
Do not update the PIK version if it is equal to the value in the storage,
otherwise the error may occur in power failure test.
Change-Id: Ia478d9b404de3982b4de5b185e15d181b37f5fd9
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
Thomas reported U-Boot failed to build host tools if libfdt-devel
package is installed because tools include libfdt headers from
/usr/include/ instead of using internal ones.
This commit moves the header code:
include/libfdt.h -> include/linux/libfdt.h
include/libfdt_env.h -> include/linux/libfdt_env.h
and replaces include directives:
#include <libfdt.h> -> #include <linux/libfdt.h>
#include <libfdt_env.h> -> #include <linux/libfdt_env.h>
Change-Id: I6c0f7e50e8b571106627f25ddac008a62bd2994e
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
There is tons of code duplication between lib/libfdt/libfdt.h and
scripts/dtc/libfdt/libfdt.h. Evacuate the U-Boot own code to
include/libfdt.h and remove lib/libfdt/libfdt.h.
For host tools, <libfdt.h> should include scripts/dtc/libfdt/libfdt.h,
which is already suitable for user-space.
For compiling U-Boot, <linux/libfdt.h> should be included because we
need a different libfdt_env.h .
Change-Id: I61a718a3fecb9f316cf3ddbac7c125394532a9c5
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
The only difference between scripts/dtc/libfdt/fdt_rw.c and
lib/libfdt/fdt_rw.c is fdt_remove_unused_strings().
It is only used by fdtgrep, so we do not need to compile it for U-Boot
image. Move it to tools/libfdt/fdw_rw.c so that lib/libfdt/fdt_rw.c
can be a wrapper of scripts/dtc/libfdt/fdt_rw.c.
Change-Id: I6e2578d4bfdf75438d3aa1cb51f270f34527d37d
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
We can use fdtdec_get_is_enabled() instead of fdt_device_is_available().
Change-Id: I7aa03ed82f83fc72206659889a4f7f095dc66b36
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
- only allow "boot_android" as bootcmd;
- enter rockusb or fastboot when boot failed;
- don't allow ctrl+c to enter hush;
Change-Id: I7a67f4b738ed78370f19fe2c8c920a5abc104b4b
Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
This is more helpful than bootstage timing record since it
is quite possible for every developer to enable inicall
verbose for debug and find abnormal time cost as early as
possible.
It looks like:
initcall: 000000000061015c
# 183 us
initcall: 000000000ff3e614
# 0 us
initcall: 000000000ff3e408
# 0 us
initcall: 00000000006105fc (relocated to 000000000ff3e5fc)
# 6401 us
initcall: 0000000000610420 (relocated to 000000000ff3e420)
# 1 us
initcall: 0000000000604444 (relocated to 000000000ff32444)
# 5 us
Change-Id: Ib59f3e5052f921d0046a6fa73cbfb968000fd34e
Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
Split attestation key into AttestationKey.ec and AttestationKey.rsa,
then write to secure storage.
Change-Id: I8e00d602c4174a002e6ecad2e4cfa846f32a681f
Signed-off-by: Tony Xu <tony.xu@rock-chips.com>
keymaster ta is too large, so we change store data
to static ta and remove keymaster ta
Change-Id: Icdb694138caf005d2cb2821714a8526d0391b18b
Signed-off-by: Hisping Lin <hisping.lin@rock-chips.com>
bug make error R&W when security partition is not defined
Change-Id: Iddf840d3f9c090292e58f73492c20f84e4b3b4ea
Signed-off-by: Hisping Lin <hisping.lin@rock-chips.com>
use R&W multi blocks and cache used flag to
speed up secure store.
Change-Id: Ib534fa33e1bb03006ed3b85992d1d48b5fe36f39
Signed-off-by: Hisping Lin <hisping.lin@rock-chips.com>
If the item is not existent, trust will return TEE_ERROR_GENERIC
TEE_ERROR_NO_DATA and TEE_ERROR_ITEM_NOT_FOUND. We initialize
the item when return these value.
TEST: fastboot getvar at-vboot-state
ERROR: avb-perm-attr-set=0
avb-locked=
avb-unlock-disabled=
Change-Id: Ie1b4e1ce7d1dc419a0af11e5701b0130f2f7f553
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
Bug: Run 'fastboot getvar at-vboot-state', then HANG
in the fastboot without any message.
Cause: The fastboot can not decide the vboot size when
the return information size of vboot state is larger
than the VBOOT_STATE_SIZE. This makes the device will not
response to console.
Solution: 1. Enlarge VBOOT_STATE_SIZE. The max size of
vboot state may be 862, so define VBOOT_STATE_SIZE
to 1000.
2. Use snprintf to get the info.
Change-Id: I2d0fda76ca9034c596993ab27a02cbf2fa550977
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
This patch add auto parse the compress format of kernel image.
Then decompress the compressed kernel image for arm64, as for
arm32 zImage, we only need to load it to a higher memory, then
the kernel will handle the decompress itself.
Test on RK3308 AARCH64 mode (Cortex A35 816 MHZ) boot with eMMC:
------------------------------------------------------------------
Format | Size(Byte) | Ratio | Decomp time(ms) | Boot time(ms) |
-------------------------------------------------------------------
Image | 7720968 | | | 488 |
-------------------------------------------------------------------
Image.lz4 | 4119448 | 53% | 59 | 455 |
-------------------------------------------------------------------
Image.lzo | 3858322 | 49% | 141 | 536 |
-------------------------------------------------------------------
Image.gz | 3529108 | 45% | 222 | 609 |
-------------------------------------------------------------------
Image.bz2 | 3295914 | 42% | 2940 | |
-------------------------------------------------------------------
Image.lzma| 2683750 | 34% | | |
-------------------------------------------------------------------
Note: the boot time is counted from first ddr init log to first Kernel log.
Change-Id: I73b12ec944fbc8238b0e061a37e2f31aa3093231
Signed-off-by: Andy Yan <andy.yan@rock-chips.com>
CONFIG_OPTEE_ALWAYS_USE_SECURITY_PARTITION is support
for OPTEE_V1
Change-Id: Ic83d06a08a1d409905dcc61e0f7346ab23261b0c
Signed-off-by: Hisping Lin <hisping.lin@rock-chips.com>
Use the function get_timer to get the random
seed. Then the seed is used by function srand
to initialize the random data.
Change-Id: Iaae6a17d22b8e85fb4d4b6c6247cd11003b64eea
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
according to google lib avb
commit id: 44e07124afb1f46af0d745d83481f49c482900b1
Change-Id: Ie59a7265699e3e6b1673bb64da6d1c7a1e7b6201
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
compile form keymaster 8.0/develop commit:ddd71dca
Features:
ddd71dca ta: support emmc/nand storage for keymaster & gatekeeper
2692c551 Update export-user_ta/ to support dual filesystems
bc288722 keymaster: uboot write data overwrite
Change-Id: I51b84f62db15bd4825035089dbb6ee38d11d4cac
Signed-off-by: Hisping Lin <hisping.lin@rock-chips.com>
Joseph Chen
Jason Zhu
Hisping Lin
Alexey Brodkin
Yifeng Zhao
Keerthy
Jian Qiu
Tony Xu
Masahiro Yamada
Kever Yang
Andy Yan