From 58f75efeaf30c786c26fade79d127c988b813751 Mon Sep 17 00:00:00 2001 From: Breno Lima Date: Thu, 25 Mar 2021 17:30:13 +0800 Subject: mx7ulp: hab: Add hab_status command for HABv4 M4 boot When booting in low power or dual boot modes the M4 binary is authenticated by the M4 ROM code. Add an option in hab_status command so users can retrieve M4 HAB failure and warning events. => hab_status m4 Secure boot disabled HAB Configuration: 0xf0, HAB State: 0x66 No HAB Events Found! Add command documentation in mx6_mx7_secure_boot.txt guide. As HAB M4 API cannot be called from A7 core the code is parsing the M4 HAB persistent memory region. The HAB persistent memory stores HAB events, public keys and others HAB related information. The HAB persistent memory region addresses and sizes can be found in AN12263 "HABv4 RVT Guidelines and Recommendations". Reviewed-by: Utkarsh Gupta Reviewed-by: Ye Li Signed-off-by: Breno Lima Signed-off-by: Peng Fan --- doc/imx/habv4/guides/mx6_mx7_secure_boot.txt | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'doc') diff --git a/doc/imx/habv4/guides/mx6_mx7_secure_boot.txt b/doc/imx/habv4/guides/mx6_mx7_secure_boot.txt index 20fff937b6..53f71fbc3e 100644 --- a/doc/imx/habv4/guides/mx6_mx7_secure_boot.txt +++ b/doc/imx/habv4/guides/mx6_mx7_secure_boot.txt @@ -213,6 +213,30 @@ the example below: HAB Configuration: 0xf0, HAB State: 0x66 No HAB Events Found! +1.6.1 Verifying HAB events in i.MX7ULP +--------------------------------------- + +When booting i.MX7ULP in low power or dual boot modes the M4 binary is +authenticated by an independent HAB in M4 ROM code using a +different SRK key set. + +The U-Boot provides a M4 option in hab_status command so users can retrieve +M4 HAB failure and warning events. + +- Verify HAB M4 events: + + => hab_status m4 + + Secure boot disabled + + HAB Configuration: 0xf0, HAB State: 0x66 + No HAB Events Found! + +As HAB M4 API cannot be called from A7 core the command is parsing the M4 HAB +persistent memory region, M4 software should not modify this reserved region. + +Details about HAB persistent memory region can be found in AN12263[2]. + 1.7 Closing the device ----------------------- @@ -400,3 +424,4 @@ If no HAB events were found the zImage is successfully signed. References: [1] AN4581: "Secure Boot on i.MX 50, i.MX 53, i.MX 6 and i.MX 7 Series using HABv4" - Rev 2. +[2] AN12263: "HABv4 RVT Guidelines and Recommendations" - Rev 0. -- cgit v1.2.3 From a505fd3cc69e7c5af841cab92742f3ffc92d39ec Mon Sep 17 00:00:00 2001 From: Peng Fan Date: Tue, 6 Apr 2021 11:58:58 +0800 Subject: doc: imx8mm_evk: update doc after using binman Update doc after switch to binman to pack images Signed-off-by: Peng Fan --- doc/board/freescale/imx8mm_evk.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/board/freescale/imx8mm_evk.rst b/doc/board/freescale/imx8mm_evk.rst index a9ccdb7850..7fd3d72564 100644 --- a/doc/board/freescale/imx8mm_evk.rst +++ b/doc/board/freescale/imx8mm_evk.rst @@ -43,13 +43,14 @@ Build U-Boot $ export CROSS_COMPILE=aarch64-poky-linux- $ make imx8mm_evk_defconfig $ export ATF_LOAD_ADDR=0x920000 - $ make flash.bin + $ make Burn the flash.bin to MicroSD card offset 33KB: .. code-block:: bash $sudo dd if=flash.bin of=/dev/sd[x] bs=1024 seek=33 conv=notrunc + $sudo dd if=u-boot.itb of=/dev/sdc bs=1024 seek=384 conv=sync Boot ---- -- cgit v1.2.3 From 1ba917e150a3bed83a07c4d3db5e1fd1338d4878 Mon Sep 17 00:00:00 2001 From: Peng Fan Date: Tue, 6 Apr 2021 11:59:01 +0800 Subject: doc: imx8mn_evk: update doc after using binman Update doc after using binman to pack images Signed-off-by: Peng Fan --- doc/board/freescale/imx8mn_evk.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/board/freescale/imx8mn_evk.rst b/doc/board/freescale/imx8mn_evk.rst index 375e0bb761..9fbb947032 100644 --- a/doc/board/freescale/imx8mn_evk.rst +++ b/doc/board/freescale/imx8mn_evk.rst @@ -43,13 +43,14 @@ Build U-Boot $ export CROSS_COMPILE=aarch64-poky-linux- $ make imx8mn_ddr4_evk_defconfig $ export ATF_LOAD_ADDR=0x960000 - $ make flash.bin + $ make Burn the flash.bin to MicroSD card offset 32KB: .. code-block:: bash $sudo dd if=flash.bin of=/dev/sd[x] bs=1024 seek=32 conv=notrunc + $sudo dd if=u-boot.itb of=/dev/sd[x] bs=1024 seek=384 conv=notrunc Boot ---- -- cgit v1.2.3 From 8a78e31d73d4392774b31497ae83203b27e5c37d Mon Sep 17 00:00:00 2001 From: Peng Fan Date: Tue, 6 Apr 2021 11:59:03 +0800 Subject: doc: imx8mp-evk: update after using binman update doc after using binman to pack images Signed-off-by: Peng Fan --- doc/board/freescale/imx8mp_evk.rst | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'doc') diff --git a/doc/board/freescale/imx8mp_evk.rst b/doc/board/freescale/imx8mp_evk.rst index 796a7611d0..609a29f3eb 100644 --- a/doc/board/freescale/imx8mp_evk.rst +++ b/doc/board/freescale/imx8mp_evk.rst @@ -40,18 +40,19 @@ Build U-Boot $ export CROSS_COMPILE=aarch64-poky-linux- $ make O=build imx8mp_evk_defconfig $ cp ../imx-atf/build/imx8mp/release/bl31.bin ./build/bl31.bin - $ cp ../firmware-imx-8.10/firmware/ddr/synopsys/lpddr4_pmu_train_1d_dmem_202006.bin ./build/lpddr4_pmu_train_1d_dmem.bin - $ cp ../firmware-imx-8.10/firmware/ddr/synopsys/lpddr4_pmu_train_1d_imem_202006.bin ./build/lpddr4_pmu_train_1d_imem.bin - $ cp ../firmware-imx-8.10/firmware/ddr/synopsys/lpddr4_pmu_train_2d_dmem_202006.bin ./build/lpddr4_pmu_train_2d_dmem.bin - $ cp ../firmware-imx-8.10/firmware/ddr/synopsys/lpddr4_pmu_train_2d_imem_202006.bin ./build/lpddr4_pmu_train_2d_imem.bin + $ cp ../firmware-imx-8.10/firmware/ddr/synopsys/lpddr4_pmu_train_1d_dmem_202006.bin ./build/ + $ cp ../firmware-imx-8.10/firmware/ddr/synopsys/lpddr4_pmu_train_1d_imem_202006.bin ./build/ + $ cp ../firmware-imx-8.10/firmware/ddr/synopsys/lpddr4_pmu_train_2d_dmem_202006.bin ./build/ + $ cp ../firmware-imx-8.10/firmware/ddr/synopsys/lpddr4_pmu_train_2d_imem_202006.bin ./build/ $ export ATF_LOAD_ADDR=0x970000 - $ make O=build flash.bin + $ make O=build Burn the flash.bin to the MicroSD card at offset 32KB: .. code-block:: bash $sudo dd if=build/flash.bin of=/dev/sd[x] bs=1K seek=32 conv=notrunc; sync + $sudo dd if=build/u-boot.itb of=/dev/sd[x] bs=1K seek=384 conv=notrunc; sync Boot ---- -- cgit v1.2.3 From f5c2c3705bd1ea42abe1e4e3b4b7661512c97c0b Mon Sep 17 00:00:00 2001 From: Oleksandr Suvorov Date: Thu, 11 Mar 2021 22:00:37 +0200 Subject: board: toradex: apalis-imx8x: fix build instructions Fix an URL for downloading the SCFW binary for an Apalis iMX8X and improve u-boot image build instructions. Signed-off-by: Oleksandr Suvorov --- doc/board/toradex/apalix-imx8x.rst | 33 ++++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) (limited to 'doc') diff --git a/doc/board/toradex/apalix-imx8x.rst b/doc/board/toradex/apalix-imx8x.rst index ce7dde8d00..efa7e0c72e 100644 --- a/doc/board/toradex/apalix-imx8x.rst +++ b/doc/board/toradex/apalix-imx8x.rst @@ -1,43 +1,46 @@ .. SPDX-License-Identifier: GPL-2.0+ -Apalis iMX8X V1.1A Module +Apalis iMX8X V1.1A Module (SoC NXP i.MX8QXP RevB) ========================== Quick Start ----------- -- Build the ARM trusted firmware binary -- Get scfw_tcm.bin and ahab-container.img +- Get and Build the ARM trusted firmware +- Get System Controller firmware +- Get SECO container - Build U-Boot - Load U-Boot binary using uuu - Flash U-Boot binary into the eMMC - Boot +Note: builddir is U-Boot build directory (source directory for in-tree builds) + Get and Build the ARM Trusted Firmware -------------------------------------- .. code-block:: bash - $ git clone -b toradex_imx_5.4.24_2.1.0 http://git.toradex.com/cgit/imx-atf.git - $ cd imx-atf/ - $ make PLAT=imx8qx bl31 + $ cd $(builddir) + $ git clone -b toradex_imx_5.4.70_2.3.0 http://git.toradex.com/cgit/imx-atf.git + $ make PLAT=imx8qx bl31 -C imx-atf + $ cp imx-atf/build/imx8qx/release/bl31.bin $(builddir) -Get scfw_tcm.bin and ahab-container.img +Get System Controller firmware --------------------------------------- .. code-block:: bash - $ wget https://github.com/toradex/i.MX-System-Controller-Firmware/blob/master/src/scfw_export_mx8qx_b0/build_mx8qx_b0/mx8qx-apalis-scfw-tcm.bin - $ wget https://www.nxp.com/lgfiles/NMG/MAD/YOCTO/imx-seco-3.6.3.bin - $ chmod +x imx-seco-3.6.3.bin - $ ./imx-seco-3.6.3.bin + $ wget https://github.com/toradex/i.MX-System-Controller-Firmware/raw/master/src/scfw_export_mx8qx_b0/build_mx8qx_b0/mx8qx-apalis-scfw-tcm.bin -Copy the following binaries to the U-Boot folder: +Get SECO container +--------------------------------------- .. code-block:: bash - $ cp imx-atf/build/imx8qx/release/bl31.bin . - $ cp imx-seco-3.6.3/firmware/seco/mx8qxb0-ahab-container.img mx8qx-ahab-container.imx8_defconfig + $ wget https://www.nxp.com/lgfiles/NMG/MAD/YOCTO/imx-seco-3.7.4.bin + $ sh imx-seco-3.7.4.bin + $ cp imx-seco-3.7.4/firmware/seco/mx8qxb0-ahab-container.img $(builddir)/mx8qx-ahab-container.img Build U-Boot ------------ @@ -58,7 +61,7 @@ to your host and execute uuu: .. code-block:: bash - sudo ./uuu u-boot/u-boot-dtb.imx + sudo ./uuu $(builddir)/u-boot-dtb.imx Flash the U-Boot Binary into the eMMC ------------------------------------- -- cgit v1.2.3 From 59e3d1bd4992b38b118887397632bf4d3568baaf Mon Sep 17 00:00:00 2001 From: Marek Vasut Date: Thu, 25 Mar 2021 01:20:48 +0100 Subject: doc: imx: psb: Document usage of SRC_GPR10 PERSIST_SECONDARY_BOOT for A/B switching Document SRC_GPR10 PERSIST_SECONDARY_BOOT functionality. This is useful for reliable bootloader A/B updates, as it permits switching between two copies of bootloader at different offsets of the same storage. The switch happens in case one copy is corrupted OR can be enforced by user. This functionality is present at least since i.MX53, however is poorly documented in all known SoC datasheets, hence this document aims to clarify the usage, currently on i.MX7D and i.MX8MM. Signed-off-by: Marek Vasut # Original MX7D work, this document Signed-off-by: Igor Opaniuk # All the MX8M work Cc: Christoph Niedermaier Cc: Fabio Estevam Cc: Harald Seiler Cc: Igor Opaniuk Cc: Jan Kiszka Cc: Ludwig Zenz Cc: Marcel Ziswiler Cc: Peng Fan Cc: Stefano Babic Cc: Ye Li Cc: uboot-imx Reviewed-by: Peng Fan --- doc/imx/index.rst | 9 +++ doc/imx/misc/index.rst | 9 +++ doc/imx/misc/psb.rst | 174 +++++++++++++++++++++++++++++++++++++++++++++++++ doc/index.rst | 11 ++++ 4 files changed, 203 insertions(+) create mode 100644 doc/imx/index.rst create mode 100644 doc/imx/misc/index.rst create mode 100644 doc/imx/misc/psb.rst (limited to 'doc') diff --git a/doc/imx/index.rst b/doc/imx/index.rst new file mode 100644 index 0000000000..b225b1d183 --- /dev/null +++ b/doc/imx/index.rst @@ -0,0 +1,9 @@ +.. SPDX-License-Identifier: GPL-2.0+ + +NXP i.MX Machine-specific doc +============================= + +.. toctree:: + :maxdepth: 2 + + misc/index diff --git a/doc/imx/misc/index.rst b/doc/imx/misc/index.rst new file mode 100644 index 0000000000..85fbdb6588 --- /dev/null +++ b/doc/imx/misc/index.rst @@ -0,0 +1,9 @@ +.. SPDX-License-Identifier: GPL-2.0+ + +Miscellaneous +============= + +.. toctree:: + :maxdepth: 2 + + psb diff --git a/doc/imx/misc/psb.rst b/doc/imx/misc/psb.rst new file mode 100644 index 0000000000..4d6f001b74 --- /dev/null +++ b/doc/imx/misc/psb.rst @@ -0,0 +1,174 @@ +i.MX7D/i.MX8MM SRC_GPR10 PERSIST_SECONDARY_BOOT for bootloader A/B switching +============================================================================ + +Introduction +------------ +Since at least iMX53 until iMX8MM, it is possible to have two copies of +bootloader in SD/eMMC and switch between them. The switch is triggered +either by the BootROM in case the bootloader image is faulty OR can be +enforced by the user. + +Operation +--------- + #. Upon Power-On Reset (POR) + + - SRC_GPR10 bit PERSIST_SECONDARY_BOOT is set to 0 + - BootROM attempts to start bootloader A-copy + + - if A-copy valid + + - BootROM starts A-copy + - END + + - if A-copy NOT valid + + - BootROM sets SRC_GPR10 bit PERSIST_SECONDARY_BOOT to 1 + - BootROM triggers WARM reset, GOTO 1) + - END + + #. Upon COLD Reset + + - GOTO 1) + - END + + #. Upon WARM Reset + + - SRC_GPR10 bit PERSIST_SECONDARY_BOOT is retained + + - if SRC_GPR10 bit PERSIST_SECONDARY_BOOT is 0 + + - BootROM attempts to start bootloader A-copy + + - if A-copy valid + + - BootROM starts A-copy + - END + + - if A-copy NOT valid + + - BootROM sets SRC_GPR10 bit PERSIST_SECONDARY_BOOT to 1 + - BootROM triggers WARM reset. GOTO 1.3) + - END + + - if SRC_GPR10 bit PERSIST_SECONDARY_BOOT is 1 + + - BootROM attempts to start bootloader B-copy + + - if B-copy valid + + - BootROM starts B-copy + - END + + - if B-copy NOT valid + - System hangs + - END + +Setup +----- +The bootloader A-copy must be placed at predetermined offset in SD/eMMC. The +bootloader B-copy area offset is determined by an offset stored in Secondary +Image Table (SIT). The SIT must be placed at predetermined offset in SD/eMMC. + +The following table contains offset of SIT, bootloader A-copy and recommended +bootloader B-copy offset. The offsets are in 512 Byte sector units (that is +offset 0x1 means 512 Bytes from the start of SD/eMMC card data partition). +For details on the addition of two numbers in recommended B-copy offset, see +SIT format below. + ++----------+--------------------+-----------------------+-----------------------------+ +| SoC | SIT offset (fixed) | A-copy offset (fixed) | B-copy offset (recommended) | ++----------+--------------------+-----------------------+-----------------------------+ +| iMX7D | 0x1 | 0x2 | 0x800+0x2 | ++----------+--------------------+-----------------------+-----------------------------+ +| iMX8MM | 0x41 | 0x42 | 0x1000+0x42 | ++----------+--------------------+-----------------------+-----------------------------+ + +SIT format +~~~~~~~~~~ +SIT is a 20 byte long structure containing of 5 32-bit words. Those encode +bootloader B-copy area offset (called "firstSectorNumber"), magic value +(called "tag") that is always 0x00112233, and three unused words set to 0. +SIT is documented in [1] and [2]. Example SIT are below:: + + $ hexdump -vC sit-mx7d.bin + 00000000 00 00 00 00 + 00000004 00 00 00 00 + 00000008 33 22 11 00 <--- This is the "tag" + 0000000c 00 08 00 00 <--- This is the "firstSectorNumber" + 00000010 00 00 00 00 + + $ hexdump -vC sit-mx8mm.bin + 00000000 00 00 00 00 + 00000004 00 00 00 00 + 00000008 33 22 11 00 <--- This is the "tag" + 0000000c 00 10 00 00 <--- This is the "firstSectorNumber" + 00000010 00 00 00 00 + +B-copy area offset ("firstSectorNumber") is offset, in units of 512 Byte +sectors, that is added to the start of boot media when switching between +A-copy and B-copy. For A-copy, this offset is 0x0. For B-copy, this offset +is determined by SIT (e.g. if firstSectorNumber is 0x1000 as it is above +in sit-mx8mm.bin, then the B-copy offset is 0x1000 sectors = 2 MiB). + +Bootloader A-copy (e.g. u-boot.imx or flash.bin) is placed at fixed offset +from A-copy area offset (e.g. 0x2 sectors from sector 0x0 for iMX7D, which +means u-boot.imx A-copy must be written to sector 0x2). + +The same applies to bootloader B-copy, which is placed at fixed offset from +B-copy area offset determined by SIT (e.g. 0x2 sectors from sector 0x800 [see +sit-mx7d.bin example above, this can be changed in SIT firstSectorNumber] for +iMX7D, which means u-boot.imx B-copy must be written to sector 0x802) + +**WARNING:** +B-copy area offset ("firstSectorNumber") is NOT equal to bootloader +(image, which is u-boot.imx or flash.bin) B-copy offset. + +To generate SIT, use for example the following bourne shell printf command:: + +$ printf '\x0\x0\x0\x0\x0\x0\x0\x0\x33\x22\x11\x00\x00\x08\x00\x00\x0\x0\x0\x0' > sit-mx7d.bin +$ printf '\x0\x0\x0\x0\x0\x0\x0\x0\x33\x22\x11\x00\x00\x10\x00\x00\x0\x0\x0\x0' > sit-mx8mm.bin + +Write bootloader A/B copy and SIT to SD/eMMC +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Examples of writing SIT and two copies of bootloader to SD or eMMC: + +- iMX8MM, SD card at /dev/sdX, Linux command line + :: + + $ dd if=sit-mx8mm.bin of=/dev/sdX bs=512 seek=65 + $ dd if=flash.bin of=/dev/sdX bs=512 seek=66 + $ dd if=flash.bin of=/dev/sdX bs=512 seek=4162 + +- iMX8MM, eMMC 1 data partition, U-Boot command line + :: + + => mmc partconf 1 0 0 0 + + => dhcp ${loadaddr} sit-mx8mm.bin + => mmc dev 1 + => mmc write ${loadaddr} 0x41 0x1 + + => dhcp ${loadaddr} flash.bin + => setexpr blkcnt ${filesize} + 0x1ff && setexpr blkcnt + => mmc dev 1 + => mmc write ${loadaddr} 0x42 ${blkcnt} + => mmc write ${loadaddr} 0x1042 ${blkcnt} + +WARM reset into B-copy using WDT +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +To perform a reboot into B-copy, the PERSIST_SECONDARY_BOOT must be set +in SRC_GPR0 register. Example on iMX8MM:: + + => mw 0x30390098 0x40000000 + +A WARM reset can be triggered using WDT as follows:: + + => mw.w 0x30280000 0x25 + +References +---------- + +.. [1] i.MX 7Dual Applications Processor Reference Manual, Rev. 1, 01/2018 ; section 6.6.5.3.5 Redundant boot support for expansion device +.. [2] i.MX 8M Mini Applications Processor Reference Manual, Rev. 3, 11/2020 ; section 6.1.5.4.5 Redundant boot support for expansion device diff --git a/doc/index.rst b/doc/index.rst index 02de1d4684..8066fcbfc0 100644 --- a/doc/index.rst +++ b/doc/index.rst @@ -64,6 +64,17 @@ implementation. arch/index +Machine-specific doc +-------------------- + +These books provide programming details about machine-specific +implementation. + +.. toctree:: + :maxdepth: 2 + + imx/index + Board-specific doc ------------------ -- cgit v1.2.3