mediatek: mt7986: only protect BL32 memory if needed #6
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Enable debug symbols for release build which will be convenient for debugging over JTAG. Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add support to use prebuilt libraries for BL2 and BL31 Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
This utility is used for adding a BootROM readable header for BL2 image. The BL2 image is directly loaded by the BootROM and supports RSA signing for secure boot. Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add tools to generate anti-rollback table with an example Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
There's a situation that ROT_KEY(private) does not exist in building
environment, and thus signing is impossible during build stage.
This tool is used to sign certificate without knowing ROT_KEY
Since ROT_KEY is used to sign trusted_key.cert, we only need to make sure
trusted_key.crt is signed correctly.
This tool does the first, and third actions within following flow:
1. Extract sign body from trusted_key.cert
2. Sign body using ROT_KEY [Done by user after build]
3. Use signature to assemble new trusted_key.cert
4. use fiptool to generate new FIP image
Usage:
Extract sign body from trusted_key.crt:
signoffline -p [fip_public_key] -c [trusted_key.crt] \
-m [message to be signed]
Use signature to assemble new trusted_key.crt:
signoffline -p [fip_public_key] -c [trusted_key.crt] \
-s [signature] -o [new trusted_key.crt]
Signed-off-by: Tim-cy Yang <Tim-cy.Yang@mediatek.com>
Add GPT editor for generate GPT table for SD/eMMC Add single image (ROM dump image) making tool Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Some eMMC chips have wrong value of field spec_vers in CSD register. spec_vers is not checked by both linux kernel and u-boot. So it better to remove this check. Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add support to poll card busy state for R1b command Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add oob_size field for nand framework Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Support more 4-byte address flashes Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add interface for gpio driver to change gpio mode Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
This patch adds UBI loading support for BL2. The main UBI code comes from u-boot (drivers/mtd/ubispl.c) with modifications. The original code permits BSD-3-Clause license. Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
The APSoC platform includes mt7622, mt7629, filogic chips and future chips. These common files are shared between all chips list above. Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
We have detached from upstream spi-nand driver and implement this dedicated spi-nand driver with more features. Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
We have detached from upstream platforms, and thus implement APSoC's own SiP implementation. Signed-off-by: Weijie Gao <weijie.gao@mediatek.com> fixup to apsoc imp
Add MediaTek SD/eMMC controller driver Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add SNFI driver for SPI-NAND flashes. Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add generic high-speed UART console driver. This driver can be used to register console. When baud <= 115200, 16550-compatible mode will be used, otherwise high-speed mode will be used. An option can be used to force using high-speed mode. Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add general-purpose timer driver Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add generic efuse driver Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
This patch add i2c frameowrk for medaitek SoC. Also add rt5190 PMIC and ds3232 HWRTC example drivers Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
This patch adds spi-mem controller driver with support for quad-spi Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add support for BL2 (boot from RAM ver.) to receive FIP from serial port. Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add NAND mapping block management (NMBM) common library. This library acts as a translation layer to hide bad blocks of a raw NAND device. It's very useful for factory production where data may shift due to bad blocks. Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add xz-embedded-20210201 from https://tukaani.org/xz/embedded.html Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add support to compress images using xz Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
This patch adds a new bootloader stage named BL2PL (aka. BL2 preloader) to support BL2 compression. This stage only implements XZ decompression for BL2 payload, and the BL2 payload must be compressed by XZ with crc32 checksum support. To make use of this stage, a BL2PL specific image header must be added to the compressed BL2 payload to record its load address and size. Then this payload with header should be directly appended to the end of BL2PL raw binary without any padding. ------------------------------- | BL2PL | Header | XZ payload | ------------------------------- On startup, BL2PL will first relocate itself to On-Chip SRAM and setup the C environment, and then decompress the real BL2 to its load address, and finally jump to the real BL2. --------------------------------------------------------------- | Stage | On-Chip SRAM | L2 shared SRAM | --------------------------------------------------------------- | 1 | | BL2PL | XZ payload | --------------------------------------------------------------- | 2 | BL2PL | XZ payload | --------------------------------------------------------------- | 3 | BL2PL | BL2 | XZ payload | --------------------------------------------------------------- Also, add a tool named bl2plimage to generate BL2PL image header for XZ compressed BL2 payload. Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
This patch adds a simple build option dependency checking mechanism, which makes changes of build options to take effect immediately without a clean. Currently we have many C macros defined in gcc command line by build options passed from the make command line. However in ATF build framework, the macros defined in gcc command line will not be treated as dependency, which means changes in those macros will not take effect to C source files using those macros. This mechanism is done by adding a dependency rule explictly for a specific source file, and the dependency rule is a new header file. Everytime before building, the mechanism writes all registered build options of a file to the dependency rule file. Once the build option is changed, the content of the dependency rule file will also be changed, which will trigger a rebuild of the source file. Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
The Anti-Rollback mechanism of MediaTek uses NV-counter for the minimum allowed version, and discard the original purpose of NV-counter. Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
The FSEK is used to help decrypt rootfs data. Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add eFuse prebuilt library and relative SIP services for BL31 to allow BL33 to manipulate the eFuse features (SecureBoot, Anti-Rollback, ...) Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add basic anti-rollback framework for mt7622 (PATCH-v3) - Add ar_table tool which support parsing customer's version control xml file to generate auto-config file, and embeded those information into atf code - Modify platform.mk that allow us feed customer's version control xml file and build anti-rollback atf image in one step Usage: Add following parameters to make input: ANTI_ROLLBACK=1 ANTI_ROLLBACK_CONF=./ar_table_example.xml Add following make target to make input: ar_table For example: make PLAT=mt7622 BOOT_DEVICE=snand BROM_SIGN_KEY=/path/to/key \ BL33=/path/to/u-boot-binary MBEDTLS_DIR=/path/to/mbedtls \ TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 ROT_KEY=/path/to/key \ ANTI_ROLLBACK=1 ANTI_ROLLBACK_CONF=path/to/version-xml \ ar_table all fip Change since v2: - Fix multiple cert_tool --tfw-nvctr and --ntfw-nvctr parameters exist in the CERT_ARGS variable - Remove duplicate ar_table make target in platform.mk Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add build option dependency rules to make sure option changes take effect on .o files immediately to avoid cleaning current build. Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add initial BL2/BL32 support for mt7629. Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add DDR initialization support for mt7629 Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add eFuse prebuilt library and relative SIP services for BL32 to allow BL33 to manipulate the eFuse features (SecureBoot, Anti-Rollback, ...) Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add build option dependency rules to make sure option changes take effect on .o files immediately to avoid cleaning current build. Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add initial BL2/BL31 support for mt7986. Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add DDR initialization support for mt7986 Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add eFuse prebuilt library and relative SIP services for BL31 to allow BL33 to manipulate the eFuse features (SecureBoot, Anti-Rollback, ...) Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
This patch adds anti-rollback v2 support for mt7986 Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add FSEK (FS encryption key) helper support for FS data decryption Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add build option dependency rules to make sure option changes take effect on .o files immediately to avoid cleaning current build. Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add initial BL2/BL31 support for mt7981. Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add DDR initialization support for mt7981 Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add eFuse prebuilt library and relative SIP services for BL31 to allow BL33 to manipulate the eFuse features (SecureBoot, Anti-Rollback, ...) Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
This patch adds anti-rollback v2 support for mt7981 Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add build option dependency rules to make sure option changes take effect on .o files immediately to avoid cleaning current build. Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add initial BL2/BL31 support for mt7988. Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add DDR initialization support for mt7988 Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add eFuse prebuilt library and relative SIP services for BL31 to allow BL33 to manipulate the eFuse features (SecureBoot, Anti-Rollback, ...) Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
This patch adds anti-rollback v2 support for mt7988 Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Add build option dependency rules to make sure option changes take effect on .o files immediately to avoid cleaning current build. Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Existing non-secure images for MT7986 exepect the reserved memory to span 0x43000000~0x4303ffff. Now, however, TZRAM2_SIZE added another 0x10000 on top of that which renders existing images incompatible with the updated TF-A build. To maintain compatibility, only protect memory for BL32 if NEED_BL32 is set and hence BL32 will be used at all. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
dangowrt
pushed a commit
to dangowrt/arm-trusted-firmware
that referenced
this pull request
Jul 23, 2023
The current putc version test for TXEMPTY bit set (mtk-openwrt#6) instead of waiting for TXFULL bit clear (mtk-openwrt#4), that slows the global boot time as we are not taking benefit of the 32-byte FIFO. We then need to implement the flush function to be sure the transmit is complete (FIFO and shift register empty). Signed-off-by: Loic Poulain <loic.poulain@linaro.org> Change-Id: I54873a5203e2afdc230e44ce73284e7a80985b4f
|
updated |
|
All fixed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Existing non-secure images for MT7986 exepect the reserved memory to span
0x43000000~0x4303ffff.Now, however, TZRAM2_SIZE added another
0x10000on top of that which renders existing images incompatible with the updated TF-A build.To maintain compatibility, only protect memory for BL32 if NEED_BL32 is set and hence BL32 will be used at all.