From fd421f74dbd570dba8233f84780a3a0e91e2101e Mon Sep 17 00:00:00 2001
From: Ji Luo <ji.luo@nxp.com>
Date: Wed, 28 Nov 2018 16:19:51 +0800
Subject: [PATCH] MA-14051 Enable trusty for imx8q xen

Open configs to add trusty os support for imx8q xen
build. The rpmb keyslot package must be checked and
copied to secure memory before trusty os boot.

Change-Id: I66201783fa8439f2685377c10f257f064057dcfa
Signed-off-by: Ji Luo <ji.luo@nxp.com>
---
 arch/arm/mach-imx/imx8/Kconfig               |  3 +
 arch/arm/mach-imx/imx8/parser.c              | 11 ++-
 configs/imx8qm_mek_androidauto_xen_defconfig |  6 +-
 configs/imx8qm_mek_spl_trusty_defconfig      | 97 ++++++++++++++++++++
 include/configs/imx8qm_mek.h                 |  2 +
 include/configs/imx8qm_mek_trusty_xen.h      | 23 +++++
 lib/avb/fsl/fsl_avbkey.c                     |  8 +-
 7 files changed, 146 insertions(+), 4 deletions(-)
 create mode 100644 configs/imx8qm_mek_spl_trusty_defconfig
 create mode 100644 include/configs/imx8qm_mek_trusty_xen.h

diff --git a/arch/arm/mach-imx/imx8/Kconfig b/arch/arm/mach-imx/imx8/Kconfig
index e9bf6a134d..4d01db7668 100644
--- a/arch/arm/mach-imx/imx8/Kconfig
+++ b/arch/arm/mach-imx/imx8/Kconfig
@@ -40,6 +40,9 @@ config SYS_SOC
 config SMC_FUSE
         bool "Call fuse commands through SMC"
 
+config IMX8_TRUSTY_XEN
+	bool "Support Trusty Xen feature"
+
 choice
 	prompt "MX8 board select"
 	optional
diff --git a/arch/arm/mach-imx/imx8/parser.c b/arch/arm/mach-imx/imx8/parser.c
index d22ecee1a3..bc0e4c33bf 100644
--- a/arch/arm/mach-imx/imx8/parser.c
+++ b/arch/arm/mach-imx/imx8/parser.c
@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: GPL-2.0+
 /*
- * Copyright 2018 NXP
+ * Copyright 2018-2019 NXP
  */
 #include <common.h>
 #include <spl.h>
@@ -282,6 +282,15 @@ int mmc_load_image_parse_container(struct spl_image_info *spl_image,
 		 */
 #if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_DUAL_BOOTLOADER)
 		ret = check_rpmb_blob(mmc);
+#endif
+#if defined(CONFIG_IMX8_TRUSTY_XEN)
+		struct mmc *rpmb_mmc;
+
+		rpmb_mmc = find_mmc_device(0);
+		if (ret = mmc_init(rpmb_mmc))
+			printf("mmc init failed %s\n", __func__);
+		else
+			ret = check_rpmb_blob(rpmb_mmc);
 #endif
 	}
 	return ret;
diff --git a/configs/imx8qm_mek_androidauto_xen_defconfig b/configs/imx8qm_mek_androidauto_xen_defconfig
index a3d83b2023..600be95234 100644
--- a/configs/imx8qm_mek_androidauto_xen_defconfig
+++ b/configs/imx8qm_mek_androidauto_xen_defconfig
@@ -9,6 +9,7 @@ CONFIG_SYS_MALLOC_F_LEN=0x2000
 CONFIG_DM=y
 CONFIG_DM_WARN=n
 CONFIG_DM_DEVICE_REMOVE=n
+CONFIG_IMX_TRUSTY_OS=y
 
 CONFIG_DM_SERIAL=y
 CONFIG_FSL_LPUART=n
@@ -76,7 +77,7 @@ CONFIG_CMD_EXPORTENV=n
 CONFIG_CMD_IMPORTENV=n
 CONFIG_CMD_EDITENV=n
 CONFIG_CMD_ENV_EXISTS=n
-CONFIG_CMD_MEMORY=n
+CONFIG_CMD_MEMORY=y
 CONFIG_CMD_CRC32=n
 CONFIG_CMD_DM=n
 CONFIG_CMD_LOADB=n
@@ -118,3 +119,6 @@ CONFIG_SPL_FIT=y
 CONFIG_SPL_LOAD_FIT=y
 CONFIG_SPL_MMC_SUPPORT=y
 CONFIG_SPL_GPIO_SUPPORT=y
+
+CONFIG_SPL_ENV_SUPPORT=y
+CONFIG_SPL_LIBDISK_SUPPORT=y
diff --git a/configs/imx8qm_mek_spl_trusty_defconfig b/configs/imx8qm_mek_spl_trusty_defconfig
new file mode 100644
index 0000000000..0345a9b99d
--- /dev/null
+++ b/configs/imx8qm_mek_spl_trusty_defconfig
@@ -0,0 +1,97 @@
+CONFIG_ARM=y
+CONFIG_ARCH_IMX8=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-imx8qm-mek"
+CONFIG_TARGET_IMX8QM_MEK=y
+CONFIG_SYS_TEXT_BASE=0x80020000
+CONFIG_CMD_IMPORTENV=n
+CONFIG_SYS_MALLOC_F_LEN=0x2000
+CONFIG_DM=y
+CONFIG_CMD_CACHE=y
+
+CONFIG_DM_SERIAL=y
+CONFIG_FSL_LPUART=y
+CONFIG_OF_CONTROL=y
+CONFIG_DM_I2C=y
+# CONFIG_DM_I2C_COMPAT is not set
+CONFIG_SYS_I2C_IMX_LPI2C=y
+CONFIG_CMD_I2C=y
+
+CONFIG_SPL=y
+CONFIG_SPL_GPIO_SUPPORT=y
+CONFIG_SPL_MMC_SUPPORT=y
+CONFIG_FIT=y
+CONFIG_SPL_LOAD_FIT=y
+CONFIG_SPL_BOARD_INIT=y
+CONFIG_SPL_TINY_MEMSET=y
+CONFIG_SPL_OF_CONTROL=y
+
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_IMX8=y
+
+CONFIG_DM_USB=y
+
+CONFIG_USB=y
+CONFIG_USB_TCPC=y
+
+CONFIG_USB_GADGET=y
+#CONFIG_CI_UDC=y
+CONFIG_USB_GADGET_DOWNLOAD=y
+CONFIG_USB_GADGET_MANUFACTURER="FSL"
+CONFIG_USB_GADGET_VENDOR_NUM=0x0525
+CONFIG_USB_GADGET_PRODUCT_NUM=0xa4a5
+
+CONFIG_USB_CDNS3=y
+CONFIG_USB_CDNS3_GADGET=y
+CONFIG_USB_GADGET_DUALSPEED=y
+
+CONFIG_CMD_GPIO=y
+CONFIG_DM_GPIO=y
+CONFIG_DM_PCA953X=y
+CONFIG_BOOTDELAY=3
+CONFIG_IMX_BOOTAUX=y
+CONFIG_FS_FAT=y
+CONFIG_CMD_FAT=y
+CONFIG_CMD_MMC=y
+CONFIG_DM_MMC=y
+CONFIG_MMC_IO_VOLTAGE=y
+CONFIG_MMC_UHS_SUPPORT=y
+CONFIG_MMC_HS400_SUPPORT=y
+CONFIG_EFI_PARTITION=y
+CONFIG_FSL_FSPI=y
+CONFIG_DM_SPI=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_SPI_FLASH=y
+CONFIG_SPI_FLASH_4BYTES_ADDR=y
+CONFIG_SPI_FLASH_STMICRO=y
+CONFIG_CMD_SF=y
+
+CONFIG_CMD_PING=y
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_MII=y
+CONFIG_DM_ETH=y
+# CONFIG_EFI_LOADER is not set
+
+CONFIG_DM_REGULATOR=y
+CONFIG_DM_REGULATOR_FIXED=y
+CONFIG_DM_REGULATOR_GPIO=y
+
+CONFIG_VIDEO=y
+CONFIG_VIDEO_IMX_HDP_LOAD=y
+
+CONFIG_PINCTRL=y
+CONFIG_PINCTRL_IMX8=y
+
+CONFIG_POWER_DOMAIN=y
+CONFIG_IMX8_POWER_DOMAIN=y
+
+CONFIG_DM_THERMAL=y
+CONFIG_IMX_SC_THERMAL=y
+
+CONFIG_ENV_IS_IN_MMC=y
+
+CONFIG_SMC_FUSE=y
+CONFIG_CMD_MEMTEST=y
+CONFIG_IMX8_TRUSTY_XEN=y
+
+CONFIG_SPL_ENV_SUPPORT=y
+CONFIG_SPL_LIBDISK_SUPPORT=y
diff --git a/include/configs/imx8qm_mek.h b/include/configs/imx8qm_mek.h
index 3bee09ce7e..afc70e026c 100644
--- a/include/configs/imx8qm_mek.h
+++ b/include/configs/imx8qm_mek.h
@@ -437,6 +437,8 @@
 #include "imx8qm_mek_android.h"
 #elif defined (CONFIG_ANDROID_AUTO_SUPPORT)
 #include "imx8qm_mek_android_auto.h"
+#elif defined (CONFIG_IMX8_TRUSTY_XEN)
+#include "imx8qm_mek_trusty_xen.h"
 #endif
 
 #endif /* __IMX8QM_MEK_H */
diff --git a/include/configs/imx8qm_mek_trusty_xen.h b/include/configs/imx8qm_mek_trusty_xen.h
new file mode 100644
index 0000000000..601b5165ba
--- /dev/null
+++ b/include/configs/imx8qm_mek_trusty_xen.h
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2019 NXP
+ *
+ * SPDX-License-Identifier:	GPL-2.0+
+ */
+
+#ifndef __IMX8QM_MEK_TRUSTY_XEN_H
+#define __IMX8QM_MEK_TRUSTY_XEN_H
+
+#ifdef CONFIG_SPL_BUILD
+
+#undef CONFIG_BLK
+#define CONFIG_AVB_SUPPORT
+#define AVB_RPMB
+#define KEYSLOT_HWPARTITION_ID   2
+#define KEYSLOT_BLKS             0x3FFF
+#define AVB_AB_I_UNDERSTAND_LIBAVB_AB_IS_DEPRECATED
+
+#define CONFIG_SUPPORT_EMMC_RPMB
+
+#endif
+
+#endif
diff --git a/lib/avb/fsl/fsl_avbkey.c b/lib/avb/fsl/fsl_avbkey.c
index 719ff02aac..26afe2448d 100644
--- a/lib/avb/fsl/fsl_avbkey.c
+++ b/lib/avb/fsl/fsl_avbkey.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2016 Freescale Semiconductor, Inc.
- * Copyright 2017 NXP
+ * Copyright 2017-2019 NXP
  * SPDX-License-Identifier:     GPL-2.0+
  *
  */
@@ -71,6 +71,9 @@ int read_keyslot_package(struct keyslot_package* kp) {
 	struct blk_desc *dev_desc = NULL;
 
 	struct mmc *mmc;
+#ifdef CONFIG_IMX8_TRUSTY_XEN
+	mmcc = 0;
+#endif
 	mmc = find_mmc_device(mmcc);
 	if (!mmc) {
 		printf("boota: cannot find '%d' mmc device\n", mmcc);
@@ -702,7 +705,8 @@ int rbkidx_erase(void) {
 #endif /* AVB_RPMB */
 
 #ifdef CONFIG_SPL_BUILD
-#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX)
+#if defined (CONFIG_IMX8_TRUSTY_XEN) || \
+	(defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX))
 int check_rpmb_blob(struct mmc *mmc)
 {
 	int ret = 0;