Fix coverity issue: CID 2970630: Resource leak (RESOURCE_LEAK)
leaked_storage: Variable cdns going out of scope leaks the storage
it points to.
Memory allocated by devm_kzalloc() won't be freed automatically in
u-boot, free the memory manually here.
Test: Coverity scan pass.
Change-Id: I3000a2385941cef3b8b7e01611cfdc999971a4ca
Signed-off-by: Luo Ji <ji.luo@nxp.com>
Currenlty U1 and U2 low power modes are allowed in device mode.
Allowing U1 and U2 low power modes during data transfers in
device mode is causing U1 exit failure on some USB3 host: which
will transite to SS.inactive instead of U0, then host will send
warm reset and ultimately result in reenumeration. This is observed
on UUU tool with some PC host. Hence disable U1 and U2 low power
modes for now.
USB3 spec 7.5.10.4.2 Exit from Recovery.Configuration
The port shall transition to eSS.Inactive when the following
conditions are met:
1. Either the Ux_EXIT_TIMER or the 6-ms timer
(tRecoveryConfigurationTimeout) times out.
2. For a downstream port, the transition to Recovery is not to
attempt a Hot Reset.
Signed-off-by: Li Jun <jun.li@nxp.com>
(cherry picked from commit ae0cdc741f7313398539f7b576ced73871f6cd71)
As endpoint.maxpackt is set at init for super speed, we can't use it
for USB2 connection, we need use the right max packet length according
to connection speed.
Signed-off-by: Li Jun <jun.li@nxp.com>
(cherry picked from commit 9c6bb3684649b4ae6f0275b5ad3799ea5c8f32df)
The usb mass storage (f_mass_storage.c) uses fixed usb index 0,
this causes problem while CDNS3 USB controller index is 1.
Modify the API of fsg to pass the controller index.
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Jun Li <jun.li@nxp.com>
For dual bootloader, slot selection is made at spl stage, go to
fastboot when current slot is marked as unbootable in AVB will
give the user a chance to recover current slot with fastboot
commands. But in this scenario, the device can't switch to another
bootable slot automatically when a slot is marked as unbootable.
Reboot the board when current slot is marked as unbootable to make the
slot switch happen in spl.
Test: Slot switch to 'b' automatically when 'a' is marked as unbootable
on imx8qxp_mek.
Change-Id: I94237965970d0c17ed564cf76e08d353f7b9c047
Signed-off-by: Luo Ji <ji.luo@nxp.com>
Support dual bootloader feature for imx8q which uses the
container format. Move the A/B slot select and verify to
SPL stage, the bootloader rollback index will be stored
at the last 8K bytes of eMMC rpmb storage.
Test: Boot and rbindex verify pass on imx8q.
Change-Id: I0a48210f65984a083037a0cd3f9558951029ed7d
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Add support to f_sdp to search and load iMX8 container image or iMX8M
FIT image by new UUU command SDPV.
When using the SDPV, the uuu will continue to send out data after first
level boot loader used by ROM. This means uuu won't skip to the offset
of the second boot loader, and the padding data before second boot loader
will be sent out. So we have to search the FIT header or container header
in the buffer that SDP received.
The new BCD value is used by uuu to distinguish if the SPL supports the
SDPV.
Signed-off-by: Ye Li <ye.li@nxp.com>
Because SDP directly jumps to next level boot image, we'd better
clean up the USB driver before it. Implement a weak callback function,
that spl sdp can use it to clean up USB driver.
Signed-off-by: Ye Li <ye.li@nxp.com>
Because the buffer length of sdp usb request is 65, we have to allocate
65 bytes not 64 bytes. Otherwise there is potential buffer overflow.
Signed-off-by: Ye Li <ye.li@nxp.com>
Add HS endpoint descriptor for SDP. So that we can use high speed endpoint,
and the SDP device can send packet with 512 byte size.
Signed-off-by: Ye Li <ye.li@nxp.com>
Pass the verified boot key hash to keymaster, it will be
treated as the root trust in keymaster service.
Also set the 'initialized' flag after initializing the
keymaster client or set keymaster boot parameters will fail.
Test: Pass CTS cases:
android.keystore.cts.KeyAttestationTest#testRsaAttestation
android.keystore.cts.KeyAttestationTest#testEcAttestation
Change-Id: I486b5493826160f42c61a3da0e6cd769df92254d
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Sometimes we need to set random rpmb key which is invisible
except for the device.
Generate the random key with hwcrypto interface and support
fastboot command "fastboot oem set-rpmb-random-key" to set it.
Test: build and boot on imx8q.
Change-Id: I44e1b6b091366d8ffceb1159fc65c17610ce5243
Signed-off-by: Ji Luo <ji.luo@nxp.com>
For mek_8qm, bootloader offset in SD card is 32kb, in eMMC
bootpartition, it's 0kb. This patch fix the issue that bootloader offset
used in uboot is always based on the device that the board boot from.
Now, if uboot environment variable "target_ubootdev" is set, bootloader
offset used in uboot is based on the device "target_ubootdev" specified.
So boot from eMMC to flash SD, the board can boot from SD and vice versa.
Change-Id: Ia2cd64ba6ece02b98ea3d2addbce00b1661077de
Signed-off-by: faqiang.zhu <faqiang.zhu@nxp.com>
To avoid end user executing uboot command through fastboot, the fastboot
command of "ucmd" and "acmd" in the uboot to be flashed into
non-volatile storage device is removed in this partch.
Change-Id: I999b8688a53c2201d02979be68266afc110dfb15
Signed-off-by: faqiang.zhu <faqiang.zhu@nxp.com>
Change to use wMaxPacketSize of current speed EP desc for request
length wrap up.
Reviewed-by: Peter Chen <peter.chen@nxp.com>
Signed-off-by: Li Jun <jun.li@nxp.com>
Remove the gadget driver speed check, and set its max_speed to
be USB_SPEED_HIGH.
Reviewed-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peter Chen <peter.chen@nxp.com>
Tested-by: faqiang.zhu <faqiang.zhu@nxp.com>
Signed-off-by: Li Jun <jun.li@nxp.com>
If one of functions is not super speed capable, we need force the udc
to be high speed, this is an equivalent implementation of
usb_gadget_udc_set_speed() in kernel but simple, which set the gadget
max_speed to be high speed, so afterwards when start gadget duc can
set the HW to be USB 2.0 mode.
Reviewed-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peter Chen <peter.chen@nxp.com>
Tested-by: faqiang.zhu <faqiang.zhu@nxp.com>
Signed-off-by: Li Jun <jun.li@nxp.com>
Change the dwc3 device mode to be super speed capable.
Reviewed-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peter Chen <peter.chen@nxp.com>
Tested-by: faqiang.zhu <faqiang.zhu@nxp.com>
Signed-off-by: Li Jun <jun.li@nxp.com>
Remove high speed force and set it to super speed by default.
Reviewed-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peter Chen <peter.chen@nxp.com>
Tested-by: faqiang.zhu <faqiang.zhu@nxp.com>
Signed-off-by: Li Jun <jun.li@nxp.com>
Set its max_speed to be super speed.
Reviewed-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peter Chen <peter.chen@nxp.com>
Tested-by: faqiang.zhu <faqiang.zhu@nxp.com>
Signed-off-by: Li Jun <jun.li@nxp.com>
Add super speed EP config.
Reviewed-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peter Chen <peter.chen@nxp.com>
Tested-by: faqiang.zhu <faqiang.zhu@nxp.com>
Signed-off-by: Li Jun <jun.li@nxp.com>
This patch is to add usb gadget super speed support in common
driver, including BOS descriptor and select the super speed
descriptor from function driver.
Reviewed-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peter Chen <peter.chen@nxp.com>
Tested-by: faqiang.zhu <faqiang.zhu@nxp.com>
Signed-off-by: Li Jun <jun.li@nxp.com>
Open configs to enable trusty for imx8mm_evk and also
add new config imx8mm_evk_android_trusty_defconfig based
on imx8mm_evk_android_defconfig.
Test: Trusty starts ok.
Change-Id: Iaea90de21f886ed23082a5e8e8d2fa7fb139a9cb
Signed-off-by: Ji Luo <ji.luo@nxp.com>
When moving to support partition reboot or android auto on XEN,
linux kernel will runs into runtime suspend state, and the usb
will be configured to low power suspend state by Linux.
Then we reboot and runs into U-Boot, however the usb already in
suspended state and uboot not able to lock the phy pll,
after clearing PHCD to out of suspended state, the phy pll could be
locked and fastboot works.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Suggested-by: Li Jun <jun.li@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Now "is_boot_from_usb()" can work for imx6, imx7 and imx8, use this
function to judge whether boot from USB, and then return
FASTBOOT_UNLOCK.
This can save some time for imx8 to flash images if the board is
locked.
Change-Id: Iaa63f326f33400f2fdf13bf2e175cd9ac7d60317
Signed-off-by: faqiang.zhu <faqiang.zhu@nxp.com>
When change lock status, misc partition, which stores data generated
by users, is erased.
Before, we take different actions on misc partition for Android and
Android Things. The situation of Android Auto is not handled.
Change-Id: Ia290b8e351b7a688d7a3a562cd30fca858e5a30c
Signed-off-by: faqiang.zhu <faqiang.zhu@nxp.com>
Add commands to write/read vbmeta public key to/from secure
storage. The vbmeta public key can only be set once.
Comands to set the public key:
fastboot stage <path-to-your-public-key>
fastboot oem set-public-key
Test: build and boot on imx8qxp_mek.
Change-Id: Id3ad4aa5aacef4fc8443f6a2d6ccb931310970ca
Signed-off-by: Ji Luo <ji.luo@nxp.com>
now the uboot used by uuu is compiled indepently from the one flashed to
the board, and for imx6 and imx7, defconfig from BSP team is used to
configure the uboot for uuu, so there is no need to unlock the device
when flash the board.
Change-Id: Ieefbd67e095dd51eab87e9a32b586cdf88f05d81
Signed-off-by: faqiang.zhu <faqiang.zhu@nxp.com>
to handle situations that it is not allowed to unlock but the board is
already unlocked, unlock logic is modified in this patch
Change-Id: I90b22c2dfbc1c64ed9514032986e98b27526c7b9
Signed-off-by: faqiang.zhu <faqiang.zhu@nxp.com>
Too many macros are used in fsl_avbkey.c and
make it difficult to maintain.
This patch made some refine by:
1. Move all avb/atx operations to fsl_avb.c.
2. Refine the functions logic.
3. Drop some unsupported conditions/functions.
Test: build and boot on
imx8qm_mek/imx8mq_evk/imx6qp_sabresd/imx7d_pico/imx8m_aiy.
Change-Id: I5c99732acfc47d53cdf188d69223983777e577f4
Signed-off-by: Luo Ji <ji.luo@nxp.com>
Fix coverity issue CID 5015449: Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking mmc suggests that it may be null, but it has
already been dereferenced on all paths leading to the check
Signed-off-by: Ye Li <ye.li@nxp.com>
Fix coverity issue CID 1898965: Dereference null return value (NULL_RETURNS)
dereference: Dereferencing a pointer that might be NULL dev_desc when calling
write_backup_gpt_partitions
Signed-off-by: Ye Li <ye.li@nxp.com>
Fix coverity issue CID 3826473: Destination buffer too small (STRING_OVERFLOW)
string_overflow: You might overrun the 16-character destination string buffer by
writing 20 characters from
The size of g_ptable->name is 20, but we use 16 bytes buffer for strcpy. It may
cause buffer overflow.
Signed-off-by: Ye Li <ye.li@nxp.com>
The rollback index should be updated when avb verify pass
and the slot has been marked as successful, update the
rollback index also for those enabled dual bootloader
feature.
This commit also fix some configs condition issue so
read/write rollback index with trusty will work.
Test: rollback index updated successfully on
imx7d_pico and AIY.
Change-Id: I2344d6462249d8d88f0622d331cdeffc7e12f885
Signed-off-by: Ji Luo <ji.luo@nxp.com>
SHA256 hash of the entire verified software stack should be calculated
and passed to 'trusty_set_boot_params'. This commit will calculate the
SHA256 hash which represents spl.bin and bootloader.img, and then extend
that hash with the hash of vbmeta image into the final VBH.
Bug: 110905171
Test: VBH is calculated and passed ok on AIY.
Change-Id: Id83ad36f3de79bedd435ca8f26035a35cca66b07
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Add support for fastboot variable 'at-vboot-state', it's composed
by 6 sub-variable: 'bootloader-locked', 'bootloader-min-versions',
'avb-perm-attr-set', 'avb-locked', 'avb-unlock-disabled' and
'avb-min-versions'.
Test: All 'at-vboot-state' variables are returned
correctly on imx7d_pico and AIY.
Change-Id: Ibb855cbcc7c41657af62dafb98a96c4dfb96ef22
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Device will be locked permanently after disabling the unlcok vboot, store
the disable unlock vboot status into fuse. Since the fuse write operation
is irreversible so config 'CONFIG_AVB_FUSE' is disabled by default, user
need to add this config manually and run this command again.
Test: Disable unlock vboot bit is set after enabling "CONFIG_AVB_FUSE",
device was locked permanently after running this command. This is
verified on both imx7d_pico and AIY.
Change-Id: Iad8991a238763b1d662e33cba65f0b9eb44e97ef
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Supoort "fastboot oem at-lock-vboot" command for Android
Things, this command can only be called after perm-attr
have been fused.
Test: build and boot ok on imx7d_pico and AIY.
Change-Id: Ifcfeb2a38d88c5d12b46a1d9ea61b182ae2e7bcb
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Add fastboot commands "fastboot oem at-get-vboot-unlock-challenge"
and "fastboot oem at-unlock-vboot" to support the authenticated
unlock feature for Android Things devices. Use software random
numbers generator to generate the 16 bytes random challenge, it
should be replaced with hardware encrypted random generator when
the TEE part is ready.
Test: Generate unlock challenge by:
./avbtool make_atx_unlock_credential
--output=atx_unlock_credential.bin
--intermediate_key_certificate=atx_pik_certificate.bin
--unlock_key_certificate=atx_puk_certificate.bin
--challenge=my_generated_challenge.bin
--unlock_key=testkey_atx_puk.pem
validated the unlock credential successfully on imx7d_pico
and AIY.
Change-Id: I4b8cee87c9e96924169479b65020a081136681f6
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Per security requirement, attestation of keymaster
supported by Trusty OS should support both P256
and curve25519 algorithm for Diffie-Hellman.
TEST: Works on AIY boards by below commands:
$fastboot getvar at-attest-dh
Change-Id: I3244f8d8b677222463b4e8fc75412e54dadeb23e
Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
Flashing a signed vbmeta image adds extra
parameters to the kernel command line, overflowing
the buffer and corrupting the global data struct.
Increase the command line buffer size from 512
to 1024 to accomodate the extra data, and change
the sprintf's to snprintf's to prevent this from
happening if more parameters are added later.
This bug was exposed by
Idd55dde79eed793dccdd7319600fbd04e11ca12d.
Bug: 112397808
Test: Device boots with images from console and
from local build.
Change-Id: If73d04007d54193527e11e11c6ef326110e899b6
When booting from NAND/SPINOR/WEIMNOR boot devices, the fastboot will
print "unsupported boot device". This warning is used by android fastboot
when setting its "bootcmd". Since android does not support these devices.
so it gives the warning correctly.
But for BSP normal boot, this warning will bring confuse to users. So
change to check the "bootcmd" before giving such warning.
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
On iMX8 platforms like 8QM/QXP, we must power up the USB PHY resource
before accessing the PHY. However, current init flow access the USB PHY
in ehci_mx6_common_init prior than ehci_usb_phy_mode where the PHY is power
up.
Fix the issue by adding ehci_get_usb_phy function to parse the PHY address
from DTB and power up the PHY before ehci_mx6_common_init.
Signed-off-by: Ye Li <ye.li@nxp.com>
Type "ulong" will be 32 bits long on imx6/7 but we may have
userdate partition more than 4G on 32 bits platforms. Use
"uint64_t" instead of "ulong" here to fix this issue.
Test: Get correct userdata partition size on both imx6dl
and imx8qxp.
Change-Id: Ia6b242f3998a65b157737e83da0ad3126b689713
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Currently the clocks and power of USB controller and USB PHY are both
controlled by ehci-mx6 driver in device probe. However, the function
"ehci_usb_ofdata_to_platdata" calls "ehci_usb_phy_mode"
to access PHY registers when "dr_mode" is set to OTG, both "dr_mode" and
"extcon" properties are not set in DTB. This may cause hang at accessing
USB PHY registers if the power and clocks are not enabled.
Change the usb type logic to more clear way:
1. plat->init_type: The requested USB mode type from uplayers
2. priv->init_type: The USB mode type specified by DTB or by the USB ID pin or
by external controller like tcpc or GPIO.
3. If two init_type are not same, return failure. Align with non-DM driver.
4. USB PHY access is moved after power and clock enabled.
Signed-off-by: Ye Li <ye.li@nxp.com>
Add fastboot command "fastboot oem set-rpmb-key" to program the rpmb
key which should be staged first.
Usage:
1. fastboot stage my-rpmb-key.bin
2. fastboot oem set-rpmb-key
Test: rpmb key programed successfully on imx8qxp.
Change-Id: I95474a6367eb8ef0db16bb38680975b8c45b84f1
Signed-off-by: Ji Luo <ji.luo@nxp.com>
For imx8 chips, if boot from usb, lock status will be ignored for the
convenience of using uuu. For imx6 and imx7, the presistdata partition
is ignored, so unlock operation can alway succeed.
Change-Id: I842bab9fd2c04f8a864f4a134b63efc4436f71a4
Signed-off-by: faqiang.zhu <faqiang.zhu@nxp.com>
Luo Ji
Li Jun
Ye Li
faqiang.zhu
Peng Fan
Haoran.Wang
Braden Kell