summaryrefslogtreecommitdiff
path: root/doc/imx
AgeCommit message (Collapse)AuthorFilesLines
2024-05-24imx: hab: add documentation about the required keys/certsClaudius Heine1-0/+17
For CST to find the certificates and keys for signing, some keys and certs need to be copied into the u-boot build directory. Signed-off-by: Claudius Heine <ch@denx.de>
2024-05-24imx: hab: Use nxp_imx8mcst etype for i.MX8M flash.bin signingMarek Vasut4-235/+34
Update documentation and use nxp_imx8mcst binman etype for signing of flash.bin instead of previous horrible shell scripting. Reviewed-by: Tim Harvey <tharvey@gateworks.com> Signed-off-by: Marek Vasut <marex@denx.de>
2023-10-16mx8m: csf.sh: pad csf blob for u-boot.itb to CSF_SIZE minus IVT headerRasmus Villemoes1-0/+13
When built with CONFIG_IMX_HAB, the full FIT image, including stuff tacked on beyond the end of the fdt structure, is expected to be (fdt size rounded up to 0x1000 boundary)+CONFIG_CSF_SIZE. Now, when the FIT image is loaded from a storage device, it doesn't really matter that the flash.bin that gets written to target isn't quite that big - we will just load some garbage bytes that are never read or used for anything. But when flash.bin is uploaded via uuu, it's important that we actually serve at least as many bytes as the target expects, or we will hang in rom_api_download_image(). Extend the logic in the csf.sh script so that the csf blob is padded to CONFIG_CSF_SIZE minus the size of the IVT header. Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk> Reviewed-by: Fabio Estevam <festevam@denx.de> Reviewed-by: Marek Vasut <marex@denx.de>
2023-10-16imx: hab: Use CONFIG_SPL_LOAD_FIT_ADDRESS in the CSF exampleMarek Vasut1-1/+1
The SPL authenticates image starting from CONFIG_SPL_LOAD_FIT_ADDRESS address, update the csf_fit.txt to match. Signed-off-by: Marek Vasut <marex@denx.de> Reviewed-by: Fabio Estevam <festevam@denx.de>
2023-09-21global: Use proper project name U-Boot (next2)Michal Simek1-1/+1
Use proper project name in README, rst and comment. Done in connection to commit bb922ca3eb4b ("global: Use proper project name U-Boot (next)"). Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Alexander Graf <graf@csgraf.de> (ppce500) Signed-off-by: Michal Simek <michal.simek@amd.com> Link: https://lore.kernel.org/r/536af05e7061982f15b668e87f941cdabfa25392.1694157084.git.michal.simek@amd.com
2023-08-19doc: csf_examples: csf.sh: Remove unneeded export ATF_LOAD_ADDR lineFabio Estevam1-1/+0
Originally, exporting the ATF_LOAD_ADDR was required, but since binman has been used to generate the flash.bin, it is no longer needed to do such manual export. The ATF address is now passed via binman. Remove the unneeded export ATF_LOAD_ADDR line. Signed-off-by: Fabio Estevam <festevam@denx.de>
2023-07-13mx8m: csf.sh: use vars for keys to avoid file edits when signingTim Harvey4-12/+43
The csf_spl.txt and csf_fit.txt templates contain file paths which must be edited for the location of your NXP CST generated key files. Streamline the process of signing an image by assigning unique var names to these which can be expended from env variables in the csf.sh script. The following vars are used: SRK_TABLE - full path to SRK_1_2_3_4_table.bin CSF_KEY - full path to the CSF Key CSF1_1_sha256_4096_65537_v3_usr_crt.pem IMG_KEY - full path to the IMG Key IMG1_1_sha256_4096_65537_v3_usr_crt.pem Additionally provide an example of running the csf.sh script. Signed-off-by: Tim Harvey <tharvey@gateworks.com> Reviewed-by: Fabio Estevam <festevam@denx.de> Reviewed-by: Peng Fan <peng.fan@nxp.com>
2023-07-03doc: imx: habv4: Fix typo in 'signing'Fabio Estevam2-2/+2
Fix two occurrences where 'signing' is misspelled. Signed-off-by: Fabio Estevam <festevam@denx.de> Reviewed-by: Tim Harvey <tharvey@gateworks.com>
2023-06-24imx: hab: Simplify the mechanismMarek Vasut3-90/+22
The current mechanism is unnecessarily complex. Simplify the whole mechanism such that the entire fitImage is signed, IVT is placed at the end, followed by CSF, and this entire bundle is also authenticated. This makes the signing scripting far simpler. Signed-off-by: Marek Vasut <marex@denx.de>
2022-12-05global: Move remaining CONFIG_SYS_* to CFG_SYS_*Tom Rini1-1/+1
The rest of the unmigrated CONFIG symbols in the CONFIG_SYS namespace do not easily transition to Kconfig. In many cases they likely should come from the device tree instead. Move these out of CONFIG namespace and in to CFG namespace. Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2022-10-31Rename CONFIG_SYS_TEXT_BASE to CONFIG_TEXT_BASESimon Glass2-3/+3
The current name is inconsistent with SPL which uses CONFIG_SPL_TEXT_BASE and this makes it imposible to use CONFIG_VAL(). Rename it to resolve this problem. Signed-off-by: Simon Glass <sjg@chromium.org>
2022-09-21mx8m: csf.sh: Fix the calculation of fit_block_sizeFabio Estevam1-1/+1
When running the script to sign SPL/U-Boot on a kontron-sl-mx8mm board, the fit_block_size was calculated as 0x1000 instead of 0x1020. Add an extra parenthesis pair to fix it. Signed-off-by: Fabio Estevam <festevam@denx.de> Reviewed-by: Marek Vasut <marex@denx.de>
2022-09-18doc: imx: habv4: Add Secure Boot guide for i.MX8M SPL targetsMarek Vasut4-0/+411
Add HABv4 documentation extension for SPL targets covering the following topics: - How to sign an securely boot an flash.bin container image. - How to extend the root of trust for additional boot images. - Add SPL and fitImage CSF examples. - Add signature generation script example. Signed-off-by: Marek Vasut <marex@denx.de> Cc: Breno Lima <breno.lima@nxp.com> Cc: Fabio Estevam <festevam@denx.de> Cc: Heiko Schocher <hs@denx.de> Cc: Peng Fan <peng.fan@nxp.com> Cc: Stefano Babic <sbabic@denx.de> Cc: Utkarsh Gupta <utkarsh.gupta@nxp.com> Cc: Ye Li <ye.li@nxp.com>
2022-06-06imx7: Update CONFIG_SPL_STACK defaults in KconfigTom Rini1-0/+23
Update the Kconfig entry to have the correct defaults for i.MX7 platforms, and move the existing large comment from imx7_spl.h to doc/imx/common/imx7.txt so that it's not lost. Signed-off-by: Tom Rini <trini@konsulko.com>
2022-06-06imx6: Update CONFIG_SPL_STACK defaults in KconfigTom Rini1-0/+31
Update the Kconfig entry to have the correct defaults for i.MX6 platforms, and move the existing large comment from imx6_spl.h to doc/imx/common/imx6.txt so that it's not lost. Signed-off-by: Tom Rini <trini@konsulko.com>
2021-10-01arm: Remove zmx25 board and ARCH_MX25Tom Rini1-10/+0
This board has not been converted to CONFIG_DM by the deadline. Remove it. As this is the last ARCH_MX25 platform, remove those references as well. Cc: Matthias Weisser <weisserm@arcor.de> Cc: Stefano Babic <sbabic@denx.de> Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-30WS cleanup: remove trailing white spaceWolfgang Denk1-1/+1
Signed-off-by: Wolfgang Denk <wd@denx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
2021-08-17doc: move i.MX7D/i.MX8MM A/B booting to board specificHeinrich Schuchardt3-192/+0
Having "i.MX7D/i.MX8MM SRC_GPR10 PERSIST_SECONDARY_BOOT for bootloader A/B switching" at the top level of the documentation tree does not make sense. Move it to board specific information. Fixes: 59e3d1bd4992 ("doc: imx: psb: Document usage of SRC_GPR10 PERSIST_SECONDARY_BOOT for A/B switching") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-24doc: imx: psb: Fix missing setexpr argumentsMarek Vasut1-1/+1
Due to copy-paste error, two of the setexpr arguments were missing. Add the missing arguments. Signed-off-by: Marek Vasut <marex@denx.de> Cc: Peng Fan <peng.fan@nxp.com> Cc: Stefano Babic <sbabic@denx.de> Cc: Ye Li <ye.li@nxp.com> Cc: uboot-imx <uboot-imx@nxp.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-17doc: imx: psb: fix footnotesHeinrich Schuchardt1-1/+1
In reStructured text footnotes are referenced like [1]_. Add missing underscores. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Acked-by: Marek Vasut <marex@denx.de>
2021-04-08doc: imx: psb: Document usage of SRC_GPR10 PERSIST_SECONDARY_BOOT for A/B ↵Marek Vasut3-0/+192
switching Document SRC_GPR10 PERSIST_SECONDARY_BOOT functionality. This is useful for reliable bootloader A/B updates, as it permits switching between two copies of bootloader at different offsets of the same storage. The switch happens in case one copy is corrupted OR can be enforced by user. This functionality is present at least since i.MX53, however is poorly documented in all known SoC datasheets, hence this document aims to clarify the usage, currently on i.MX7D and i.MX8MM. Signed-off-by: Marek Vasut <marex@denx.de> # Original MX7D work, this document Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io> # All the MX8M work Cc: Christoph Niedermaier <cniedermaier@dh-electronics.de> Cc: Fabio Estevam <festevam@gmail.com> Cc: Harald Seiler <hws@denx.de> Cc: Igor Opaniuk <igor.opaniuk@foundries.io> Cc: Jan Kiszka <jan.kiszka@siemens.com> Cc: Ludwig Zenz <lzenz@dh-electronics.com> Cc: Marcel Ziswiler <marcel.ziswiler@toradex.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Stefano Babic <sbabic@denx.de> Cc: Ye Li <ye.li@nxp.com> Cc: uboot-imx <uboot-imx@nxp.com> Reviewed-by: Peng Fan <peng.fan@nxp.com>
2021-04-08mx7ulp: hab: Add hab_status command for HABv4 M4 bootBreno Lima1-0/+25
When booting in low power or dual boot modes the M4 binary is authenticated by the M4 ROM code. Add an option in hab_status command so users can retrieve M4 HAB failure and warning events. => hab_status m4 Secure boot disabled HAB Configuration: 0xf0, HAB State: 0x66 No HAB Events Found! Add command documentation in mx6_mx7_secure_boot.txt guide. As HAB M4 API cannot be called from A7 core the code is parsing the M4 HAB persistent memory region. The HAB persistent memory stores HAB events, public keys and others HAB related information. The HAB persistent memory region addresses and sizes can be found in AN12263 "HABv4 RVT Guidelines and Recommendations". Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
2020-12-13dm: treewide: Rename auto_alloc_size members to be shorterSimon Glass1-1/+1
This construct is quite long-winded. In earlier days it made some sense since auto-allocation was a strange concept. But with driver model now used pretty universally, we can shorten this to 'auto'. This reduces verbosity and makes it easier to read. Coincidentally it also ensures that every declaration is on one line, thus making dtoc's job easier. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-07-01clk: Always use the supplied struct clkSean Anderson1-31/+32
CCF clocks should always use the struct clock passed to their methods for extracting the driver-specific clock information struct. Previously, many functions would use the clk->dev->priv if the device was bound. This could cause problems with composite clocks. The individual clocks in a composite clock did not have the ->dev field filled in. This was fine, because the device-specific clock information would be used. However, since there was no ->dev, there was no way to get the parent clock. This caused the recalc_rate method of the CCF divider clock to fail. One option would be to use the clk->priv field to get the composite clock and from there get the appropriate parent device. However, this would tie the implementation to the composite clock. In general, different devices should not rely on the contents of ->priv from another device. The simple solution to this problem is to just always use the supplied struct clock. The composite clock now fills in the ->dev pointer of its child clocks. This allows child clocks to make calls like clk_get_parent() without issue. imx avoided the above problem by using a custom get_rate function with composite clocks. Signed-off-by: Sean Anderson <seanga2@gmail.com> Acked-by: Lukasz Majewski <lukma@denx.de>
2020-05-01doc: ahab: Add encrypted boot documentation for i.MX8/8x devicesBreno Lima2-0/+320
Add AHAB encrypted boot documentation for i.MX8/8x family devices covering the following topics: - How to encrypt and sign the 2nd container in flash.bin image. - How to encrypt and sign a standalone container image. Include a CSF example to encrypt 2nd container in flash.bin image. Reviewed-by: Fabio Estevam <festevam@gmail.com> Signed-off-by: Catia Han <yaqian.han@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
2020-04-16doc: update reference to README.imximagePatrick Delaunay1-1/+1
Update reference in many files detected by scripts/documentation-file-ref-check README.imximage => imx/mkimage/imximage.txt Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
2019-10-08imx: replace CONFIG_SECURE_BOOT with CONFIG_IMX_HABStefano Babic3-7/+7
CONFIG_SECURE_BOOT is too generic and forbids to use it for cross architecture purposes. If Secure Boot is required for imx, this means to enable and use the HAB processor in the soc. Signed-off-by: Stefano Babic <sbabic@denx.de>
2019-10-08imx: mxs: Fix location for the elftosb toolFabio Estevam1-1/+1
The Denx FTP location is no longer reachable. Switch to the Timesys repository instead. Signed-off-by: Fabio Estevam <festevam@gmail.com>
2019-10-08doc: imx: mkimage: introduce i.MX8 image formatPeng Fan1-0/+45
Introduce i.MX8 container set configuration file and add example Signed-off-by: Peng Fan <peng.fan@nxp.com>
2019-07-19doc: imx: Add documentation for nandbcb commandShyam Saini1-0/+74
Signed-off-by: Shyam Saini <shyam.saini@amarulasolutions.com>
2019-07-19clk: doc: Add documentation entry for Common Clock Framework [CCF] (i.MX)Lukasz Majewski1-0/+101
This patch describes the design decisions considerations and taken approach for porting in a separate documentation entry. Signed-off-by: Lukasz Majewski <lukma@denx.de>
2019-02-15doc: imx: habv4: Remove secure_boot.txt guideBreno Matheus Lima1-100/+0
The secure_boot.txt guide was replaced by mx6_mx7_secure_boot.txt and mx6_mx7_spl_secure_boot.txt documents. Both documents covers all steps needed for SPL and non-SPL tagets, so remove secure_boot.txt file to avoid duplicated content. Signed-off-by: Breno Lima <breno.lima@nxp.com>
2019-02-15doc: imx: habv4: Move encrypted boot guideBreno Matheus Lima1-0/+0
All guides are currently located at doc/imx/habv4/guides/ directory. Move encrypted_boot.txt document to guides directory. Signed-off-by: Breno Lima <breno.lima@nxp.com>
2019-02-15doc: imx: habv4: Add Secure Boot guide for i.MX6 and i.MX7 SPL targetsBreno Matheus Lima1-0/+181
The current U-Boot implementation includes SPL targets for some NXP development boards: - mx6sabreauto_defconfig - mx6sabresd_defconfig - mx6ul_14x14_evk_defconfig - mx6ul_9x9_evk_defconfig Add additional steps needed to completly secure the bootloader image. Signed-off-by: Breno Lima <breno.lima@nxp.com>
2019-02-15doc: imx: habv4: Add Secure Boot guide for i.MX6 and i.MX7 non-SPL targetsBreno Matheus Lima5-0/+503
Add HABv4 documentation for non-SPL targets covering the following topics: - How to sign an securely boot an u-boot-dtb.imx image. - How to extend the root of trust for additional boot images. - Add 3 CSF examples. - Add IVT generation script example. Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com>
2019-02-15doc: imx: habv4: Add HABv4 introductionBreno Matheus Lima1-0/+262
The HABv4 is supported in i.MX50, i.MX53, i.MX6, i.MX7, series and i.MX 8M, i.MX8MM devices. Add an introductory document containing the following topics: - HABv4 Introduction - HABv4 Secure Boot - HABv4 Encrypted Boot - HAB PKI tree generation - HAB Fast Authentication PKI tree generation - SRK Table and SRK Hash generation Reviewed-by: Ye Li <ye.li@nxp.com> Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com>
2019-02-15doc: imx: habv4: Remove extra hab directory for a cleaner documentation ↵Breno Matheus Lima2-0/+0
structure There is no need to have an extra hab directory under doc/imx/. Habv4 and AHAB documentation can be added directly in doc/imx/ for a cleaner documentation structure. Signed-off-by: Breno Lima <breno.lima@nxp.com>
2019-01-01doc: imx: fix typos in mxsimage.txtMichael Heimpold1-2/+2
This fixes two small typos in mxsimage.txt. Signed-off-by: Michael Heimpold <mhei@heimpold.de> Reviewed-by: Breno Lima <breno.lima@nxp.com>
2019-01-01doc: imx: fix typo in imximage.txtMichael Heimpold1-1/+1
Signed-off-by: Michael Heimpold <mhei@heimpold.de> Reviewed-by: Breno Lima <breno.lima@nxp.com>
2018-10-22doc: imx: Improve i.MX documentation namingBreno Matheus Lima8-0/+0
There is no need to have README in all i.MX documents name. Remove README from i.MX docs name and add .txt file extension. Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com>
2018-10-22doc: imx: misc: Reorganize miscellaneous documentationBreno Matheus Lima1-0/+0
The Serial Download Protocol feature is availible in various i.MX SoCs. Move README.sdp document to imx/misc directory. Signed-off-by: Breno Lima <breno.lima@nxp.com>
2018-10-22doc: imx: hab: Reorganize High Assurance Boot documentationBreno Matheus Lima2-44/+43
The current High Assurance Boot document README.mxc_hab include details for the following features in a single file: - HAB Secure Boot - HAB Encrypted Boot Split HAB documentation in a specific directory for a cleaner documentation structure, subsequent patches will include more content in HAB documentation. Signed-off-by: Breno Lima <breno.lima@nxp.com>
2018-10-22doc: imx: Reorganize i.MX SoC common documentationBreno Matheus Lima5-0/+0
The following documents describe device details according to the i.MX family: - README.imx25 - README.imx27 - README.imx5 - README.imx6 - README.mxs Move all device common related document to doc/imx/common for a better directory structure. Signed-off-by: Breno Lima <breno.lima@nxp.com>
2018-10-22doc: imx: mkimage: reorganize i.MX mkimage documentationBreno Matheus Lima2-0/+0
The following documents describe the image type used by the mkimage tool to generate U-Boot images for i.MX devices. - README.imximage - README.mxsimage Move all mkimage related document to doc/imx/mkimage for a better directory structure. Signed-off-by: Breno Lima <breno.lima@nxp.com>
2018-10-22doc: imx: Move SPD related info to the appropriate docBreno Matheus Lima2-27/+20
Currently the Serial Download Protocol tools and procedure are documented in two places: - doc/imx/README.sdp - doc/imx/README.imx6 It is better to consolidate all SDP related information into README.sdp file, so move the content from README.imx6 to README.sdp. Signed-off-by: Breno Lima <breno.lima@nxp.com>
2018-10-22doc: imx: reorganize i.MX documentationBreno Matheus Lima9-0/+1118
Currently the U-Boot doc/ directory contains the following files that are only relevant for i.MX devices: - doc/README.imx25 - doc/README.imx27 - doc/README.imx5 - doc/README.imx6 - doc/README.imximage - doc/README.mxc_hab - doc/README.mxs - doc/README.mxsimage - doc/README.sdp Move all content to a common i.MX folder for a better documentation structure. Signed-off-by: Breno Lima <breno.lima@nxp.com>