Merge pull request #1141 from Freescale/topic/secure-boot-rework

Secure boot rework
author: Otavio Salvador <otavio@ossystems.com.br> 2022-07-29 18:20:14 -0300
committer: GitHub <noreply@github.com> 2022-07-29 18:20:14 -0300
commit: 7effa525a29c048dcaca24d51bad816e73eac948 (patch)
tree: 4fce2610c0338b9c0b44b9cf99280e020fc8a36e
parent: fd5438e6eda1f99d1520e21fb44958d93a80ecd6 (diff)
parent: 453def7956c864818b6d6a1a44b2b267df3a44fc (diff)
download: meta-freescale-7effa525a29c048dcaca24d51bad816e73eac948.tar.gz
9 files changed, 36 insertions, 35 deletions
diff --git a/classes/imx-boot-container.bbclass b/classes/imx-boot-container.bbclass
index 711bbd9e..a420b4c4 100644
--- a/classes/imx-boot-container.bbclass
+++ b/classes/imx-boot-container.bbclass
@@ -20,6 +20,9 @@
 # by variable UBOOT_PROVIDES_BOOT_CONTAINER, which is defined in the
 # base machine include file (imx-base.inc), and is set to "1" when the
 # 'imx-boot-container' is present in MACHINEOVERRIDES.
+#
+# NOTE: A backwards-compatible symlink is added for 'flash.bin', named
+# 'imx-boot', during the deployment task.
 # Define ATF binary file to be deployed to the U-Boot build folder
 ATF_MACHINE_NAME = "bl31-${ATF_PLATFORM}.bin"
diff --git a/conf/machine/imx8mq-evk.conf b/conf/machine/imx8mq-evk.conf
index 1e8146a8..a2a81f4c 100644
--- a/conf/machine/imx8mq-evk.conf
+++ b/conf/machine/imx8mq-evk.conf
@@ -68,9 +68,6 @@ UBOOT_DTB_NAME = "imx8mq-evk.dtb"
 # Set ATF platform name
 ATF_PLATFORM = "imx8mq"
-# Extra firmware package name, that is required to build boot container for fslc bsp
-IMX_EXTRA_FIRMWARE = "firmware-imx-8m"
 # Set imx-mkimage boot target
 IMXBOOT_TARGETS = "flash_evk flash_evk_no_hdmi flash_dp_evk"
 IMX_BOOT_SOC_TARGET = "iMX8M"
diff --git a/conf/machine/include/imx-base.inc b/conf/machine/include/imx-base.inc
index e24e14e1..2962c9e9 100644
--- a/conf/machine/include/imx-base.inc
+++ b/conf/machine/include/imx-base.inc
@@ -113,6 +113,15 @@ UBOOT_PROVIDES_BOOT_CONTAINER:imx-boot-container = "1"
 # Default TF-A provider to NXP downstream fork
 IMX_DEFAULT_ATF_PROVIDER ??= "imx-atf"
+# Allow setting the UART used during the boot by ATF.
+# FIXME: We should return INVALID here but currently only i.MX8M has support to override the UART
+# base address in source code.
+SOC_ATF_BOOT_UART_BASE                    = ""
+SOC_ATF_BOOT_UART_BASE:mx8m-generic-bsp   = "0x30890000"
+ATF_BOOT_UART_BASE                       ?= "${SOC_ATF_BOOT_UART_BASE}"
 PREFERRED_PROVIDER_virtual/xserver      = "xserver-xorg"
 XSERVER_DRIVER                          = "xf86-video-fbdev"
 XSERVER_DRIVER:vf-generic-bsp           = "xf86-video-modesetting"
@@ -343,6 +352,12 @@ SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS:append = " \
    imx-test->virtual/imxvpu \
 "
+# Firmware used for boot.
+IMX_EXTRA_FIRMWARE                  ?= ""
+IMX_EXTRA_FIRMWARE:mx8-generic-bsp   = "firmware-imx-8 imx-sc-firmware imx-seco"
+IMX_EXTRA_FIRMWARE:mx8m-generic-bsp  = "firmware-imx-8m"
+IMX_EXTRA_FIRMWARE:mx8x-generic-bsp  = "imx-sc-firmware imx-seco"
 # Firmware
 MACHINE_FIRMWARE ?= ""
 MACHINE_FIRMWARE:append:mx27-generic-bsp   = " firmware-imx-vpu-imx27"
@@ -503,22 +518,18 @@ WKS_FILE_DEPENDS ?= " \
    ${@bb.utils.contains('MACHINE_FEATURES', 'optee', '${OPTEE_WKS_FILE_DEPENDS}', '', d)} \
 "
-WKS_FILE_DEPENDS:append:mx8-nxp-bsp  = " imx-boot"
-WKS_FILE_DEPENDS:append:mx8m-nxp-bsp = " imx-boot"
 # We need to restrict the append so we don't add this for other i.MX SoC's.
 # Derivatives that are not yet adopted the usage of boot container provided
 # by U-Boot build are still targeted to use 'imx-boot' package provided by
-# NXP. Moving those derivatives to mainline BSP would require to define an
+# NXP.
+#
+# Moving those derivatives to mainline BSP would require to define an
 # 'imx-boot-container' override, and test if the U-Boot built 'flash.bin'
 # binary is used a replacement.
-# Note, that the results binary name of the boot container is set to 'imx-boot'
+#
+# NOTE: the results binary name of the boot container is set to 'imx-boot'
 # for both NXP and Mainline BSP.
-# For Mainline BSP: the 'flash.bin' boot container is renamed during the
+WKS_FILE_DEPENDS:append:imx-generic-bsp:aarch64 = " \
-# deployment task extesion execution defined in imx-boot-container class.
-# For NXP BSP: rename is done in 'imx-boot' recipe at the execution of compile
-# task.
-WKS_FILE_DEPENDS:append:imx-mainline-bsp:aarch64 = " \
    ${@oe.utils.ifelse(d.getVar('UBOOT_PROVIDES_BOOT_CONTAINER') == '0', 'imx-boot', '')} \
 "
diff --git a/conf/machine/include/imx8mm-evk.inc b/conf/machine/include/imx8mm-evk.inc
index 41f7bad4..6d317f11 100644
--- a/conf/machine/include/imx8mm-evk.inc
+++ b/conf/machine/include/imx8mm-evk.inc
@@ -37,9 +37,6 @@ SPL_BINARY = "spl/u-boot-spl.bin"
 ATF_PLATFORM = "imx8mm"
-# Extra firmware package name, that is required to build boot container for fslc bsp
-IMX_EXTRA_FIRMWARE = "firmware-imx-8m"
 IMXBOOT_TARGETS = "${@bb.utils.contains('UBOOT_CONFIG', 'fspi', '${IMXBOOT_TARGETS_BASENAME}_flexspi', '${IMXBOOT_TARGETS_BASENAME}', d)}"
 IMX_BOOT_SOC_TARGET = "iMX8MM"
diff --git a/conf/machine/include/imx8mn-evk.inc b/conf/machine/include/imx8mn-evk.inc
index 5a5b447f..2f2c02f9 100644
--- a/conf/machine/include/imx8mn-evk.inc
+++ b/conf/machine/include/imx8mn-evk.inc
@@ -42,9 +42,6 @@ SPL_BINARY = "spl/u-boot-spl.bin"
 ATF_PLATFORM = "imx8mn"
-# Extra firmware package name, that is required to build boot container for fslc bsp
-IMX_EXTRA_FIRMWARE = "firmware-imx-8m"
 IMXBOOT_TARGETS = "${@bb.utils.contains('UBOOT_CONFIG', 'fspi', '${IMXBOOT_TARGETS_BASENAME}_flexspi', '${IMXBOOT_TARGETS_BASENAME}', d)}"
 IMX_BOOT_SOC_TARGET = "iMX8MN"
diff --git a/conf/machine/include/imx8mp-evk.inc b/conf/machine/include/imx8mp-evk.inc
index 3e98d3c1..d93557d2 100644
--- a/conf/machine/include/imx8mp-evk.inc
+++ b/conf/machine/include/imx8mp-evk.inc
@@ -37,9 +37,6 @@ SPL_BINARY = "spl/u-boot-spl.bin"
 ATF_PLATFORM = "imx8mp"
-# Extra firmware package name, that is required to build boot container for fslc bsp
-IMX_EXTRA_FIRMWARE = "firmware-imx-8m"
 IMXBOOT_TARGETS = \
    "${@bb.utils.contains('UBOOT_CONFIG', 'fspi', '${IMXBOOT_TARGETS_BASENAME}_flexspi', \
                                                  '${IMXBOOT_TARGETS_BASENAME}', d)}"
diff --git a/recipes-bsp/imx-atf/imx-atf_2.6.bb b/recipes-bsp/imx-atf/imx-atf_2.6.bb
index b0cd4d3d..194ef935 100644
--- a/recipes-bsp/imx-atf/imx-atf_2.6.bb
+++ b/recipes-bsp/imx-atf/imx-atf_2.6.bb
@@ -18,9 +18,11 @@ S = "${WORKDIR}/git"
 inherit deploy
-BOOT_TOOLS = "imx-boot-tools"
+ATF_PLATFORM          ??= "INVALID"
-ATF_PLATFORM ??= "INVALID"
+# FIXME: We should return INVALID here but currently only i.MX8M has support to override the UART
+# base address in source code.
+ATF_BOOT_UART_BASE     ?= ""
 EXTRA_OEMAKE += " \
    CROSS_COMPILE="${TARGET_PREFIX}" \
@@ -34,7 +36,8 @@ AS[unexport] = "1"
 LD[unexport] = "1"
 # Baremetal, just need a compiler
-DEPENDS:remove = "virtual/${TARGET_PREFIX}compilerlibs virtual/libc"
+INHIBIT_DEFAULT_DEPS = "1"
+DEPENDS = "virtual/${HOST_PREFIX}gcc"
 BUILD_OPTEE = "${@bb.utils.contains('MACHINE_FEATURES', 'optee', 'true', 'false', d)}"
@@ -49,6 +52,11 @@ EXTRA_OEMAKE += 'LD="${@remove_options_tail(d.getVar('LD'))}"'
 EXTRA_OEMAKE += 'CC="${@remove_options_tail(d.getVar('CC'))}"'
+# Set the UART to use during the boot.
+EXTRA_OEMAKE += 'IMX_BOOT_UART_BASE=${ATF_BOOT_UART_BASE}'
+do_configure[noexec] = "1"
 do_compile() {
    # Clear LDFLAGS to avoid the option -Wl recognize issue
    oe_runmake bl31
@@ -68,5 +76,5 @@ do_deploy() {
 }
 addtask deploy after do_compile
-PACKAGE_ARCH = "${MACHINE_SOCARCH}"
+PACKAGE_ARCH = "${MACHINE_ARCH}"
 COMPATIBLE_MACHINE = "(mx8-generic-bsp)"
diff --git a/recipes-bsp/imx-mkimage/imx-boot_1.0.bb b/recipes-bsp/imx-mkimage/imx-boot_1.0.bb
index f35561de..ae7e2638 100644
--- a/recipes-bsp/imx-mkimage/imx-boot_1.0.bb
+++ b/recipes-bsp/imx-mkimage/imx-boot_1.0.bb
@@ -9,9 +9,6 @@ SECTION = "BSP"
 inherit use-imx-security-controller-firmware uboot-sign
-IMX_EXTRA_FIRMWARE      = "firmware-imx-8 imx-sc-firmware imx-seco"
-IMX_EXTRA_FIRMWARE:mx8m-generic-bsp = "firmware-imx-8m"
-IMX_EXTRA_FIRMWARE:mx8x-generic-bsp = "imx-sc-firmware imx-seco"
 DEPENDS += " \
    u-boot \
    ${IMX_EXTRA_FIRMWARE} \
diff --git a/recipes-bsp/u-boot/u-boot-fslc_2022.07.bb b/recipes-bsp/u-boot/u-boot-fslc_2022.07.bb
index de6d22d0..1953d788 100644
--- a/recipes-bsp/u-boot/u-boot-fslc_2022.07.bb
+++ b/recipes-bsp/u-boot/u-boot-fslc_2022.07.bb
@@ -10,12 +10,6 @@ inherit ${@oe.utils.ifelse(d.getVar('UBOOT_PROVIDES_BOOT_CONTAINER') == '1', 'im
 DEPENDS += "bc-native dtc-native python3-setuptools-native"
-# Location known to imx-boot component, where U-Boot artifacts
-# should be additionally deployed.
-# See below note above do_deploy:append:mx8m-nxp-bsp for the purpose of
-# this delopyment location
-BOOT_TOOLS = "imx-boot-tools"
 PROVIDES += "u-boot"
 B = "${WORKDIR}/build"
author	Otavio Salvador <otavio@ossystems.com.br>	2022-07-29 18:20:14 -0300
committer	GitHub <noreply@github.com>	2022-07-29 18:20:14 -0300
commit	7effa525a29c048dcaca24d51bad816e73eac948 (patch)
tree	4fce2610c0338b9c0b44b9cf99280e020fc8a36e
parent	fd5438e6eda1f99d1520e21fb44958d93a80ecd6 (diff)
parent	453def7956c864818b6d6a1a44b2b267df3a44fc (diff)
download	meta-freescale-7effa525a29c048dcaca24d51bad816e73eac948.tar.gz