[U-Boot] [PATCH v3 00/11] Allow secure boot on AM33xx devices

[U-Boot] [PATCH v3 00/11] Allow secure boot on AM33xx devices

[Andrew F. Davis]

Hello all,

I've recently been tasked with enabling authenticated boot for AM33xx based
devices. This work is similar to what has already been done for the AM43xx
and AM57xx SoCs and leverages much of the infrastructure from them.

The big difference here is the size of SRAM available on AM33xx being much
less than on the other SoCs, when performing a secure boot this limits
the maximum size of the SPL to just ~41k, the SPL currently generated for
AM33xx SoCs is ~70k. 

I have added a defconfig for booting from mmc, but it is RFC for now as
the generated SPL is still much too large to fit into SRAM on HS devices.
If you would like to help out you can build this defconfig and it will
report by how much we have overflowed SRAM, any help reducing this would
be greatly appreciated.

Thanks,
Andrew

Changes from v2:
 - Dropping the SPL_*_SUPPORT patches as Simon is already way ahead
     of me on this front[0].
 - Minor re-organization of the patches, dropped a couple that I didn't
     feel were important enough to continue working right now.

Changes from v1:
 - I've moved the cleanup patches to the end of the series and now
    consider them RFCs. I also do not move any Kconfig options over
    as this can be performed automatically but will need to be done
    by someone who understands the build system better than me.
 - Separate additional AM33xx SOC based boards out from the SoC
    definition in patch #1.

[0] https://www.mail-archive.com/u-boot at lists.denx.de/msg222736.html

Andrew F. Davis (11):
  spl: Kconfig: Add SPL_<media>_BOOT as Kconfig option
  Kconfig: Separate AM33XX SOC config from target board config
  am33xx: config.mk: Add support for additional secure boot image types
  doc: Update info on using AM33xx secure devices from TI
  am33xx: config.mk: Fix option used to enable SPI SPL image type
  board: am33xx-hs: Allow post-processing of FIT image on AM33xx
  ti: omap-common: Allow AM33xx devices to be built securely
  am335x: configs: Use ISW_ENTRY_ADDR to set SPL_TEXT_BASE
  config: Remove usage of CONFIG_STORAGE_EMMC
  ti_armv7_common: Disable Falcon Mode on HS devices
  defconfig: Add a config for AM335x High Security EVM with SD Boot
    support

 arch/arm/Kconfig                                   | 98 +++-------------------
 arch/arm/cpu/armv7/am33xx/Kconfig                  | 86 +++++++++++++++++++
 arch/arm/cpu/armv7/am33xx/config.mk                | 29 ++++++-
 arch/arm/cpu/armv7/omap-common/Kconfig             |  2 +-
 board/ti/am335x/board.c                            |  8 ++
 common/Kconfig                                     | 69 +++++++++++++++
 configs/am335x_baltos_defconfig                    |  1 +
 configs/am335x_boneblack_defconfig                 |  1 +
 configs/am335x_boneblack_vboot_defconfig           |  1 +
 configs/am335x_evm_defconfig                       |  1 +
 configs/am335x_evm_nor_defconfig                   |  1 +
 configs/am335x_evm_norboot_defconfig               |  1 +
 configs/am335x_evm_spiboot_defconfig               |  1 +
 configs/am335x_evm_usbspl_defconfig                |  1 +
 ...x_evm_defconfig => am335x_hs_evm_mmc_defconfig} |  8 +-
 configs/am335x_igep0033_defconfig                  |  1 +
 configs/am335x_shc_defconfig                       |  1 +
 configs/am335x_shc_ict_defconfig                   |  1 +
 configs/am335x_shc_netboot_defconfig               |  1 +
 configs/am335x_shc_prompt_defconfig                |  1 +
 configs/am335x_shc_sdboot_defconfig                |  1 +
 configs/am335x_shc_sdboot_prompt_defconfig         |  1 +
 configs/am335x_sl50_defconfig                      |  1 +
 configs/birdland_bav335a_defconfig                 |  1 +
 configs/birdland_bav335b_defconfig                 |  1 +
 configs/cm_t335_defconfig                          |  1 +
 configs/pcm051_rev1_defconfig                      |  1 +
 configs/pcm051_rev3_defconfig                      |  1 +
 configs/pengwyn_defconfig                          |  1 +
 configs/pepper_defconfig                           |  1 +
 doc/README.ti-secure                               | 32 +++++++
 include/configs/am335x_evm.h                       |  2 -
 include/configs/am335x_shc.h                       |  2 -
 include/configs/am335x_sl50.h                      |  2 -
 include/configs/bav335x.h                          |  2 -
 include/configs/ti_am335x_common.h                 |  3 +-
 include/configs/ti_armv7_common.h                  | 15 ++--
 37 files changed, 274 insertions(+), 107 deletions(-)
 copy configs/{am335x_evm_defconfig => am335x_hs_evm_mmc_defconfig} (86%)

-- 
2.9.3

[U-Boot] [PATCH v3 01/11] spl: Kconfig: Add SPL_<media>_BOOT as Kconfig option

[Andrew F. Davis]

Currently U-Boot proper has Kconfig options that enable the generation
of U-Boot binaries that are capable of being booted from the selected
boot media type. The same set of generation targets for SPL are assumed
with various methods and config header hackery. On some platforms the
options for SPL, such as load address, are dependent on boot type
and cannot depend on boot image type selected for U-Boot proper.
Add a Kconfig menu to select SPL boot image types, and populate it
with the same media types as are already available for U-Boot proper.

NOTE: As only a couple TI devices use make correct use of these options
we limit the menu to these devices for now. The only other users
of these seem to be some PPC boards that incorrectly use these as both
SPL and TPL build options.

Signed-off-by: Andrew F. Davis <afd@ti.com>
---
 common/Kconfig | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)

diff --git a/common/Kconfig b/common/Kconfig
index 46e7173..a05d2ab 100644
--- a/common/Kconfig
+++ b/common/Kconfig
@@ -156,6 +156,75 @@ config SPI_BOOT
 	  booted via SPI flash. This is not a must, some SoCs need this,
 	  somes not.
 
+menu "SPL Boot media"
+	depends on SPL && (AM33XX || AM43XX)
+
+config SPL_NOR_BOOT
+	bool "Support for booting SPL from NOR flash"
+	default n
+	help
+	  Enabling this will make an SPL binary that is capable of being
+	  booted via NOR flash. This is not a must, some SoCs need this,
+	  some do not.
+
+config SPL_NAND_BOOT
+	bool "Support for booting SPL from NAND flash"
+	default n
+	help
+	  Enabling this will make an SPL binary that is capable of being
+	  booted via NAND flash. This is not a must, some SoCs need this,
+	  some do not.
+
+config SPL_ONENAND_BOOT
+	bool "Support for booting SPL from ONENAND"
+	default n
+	help
+	  Enabling this will make an SPL binary that is capable of being
+	  booted via ONENAND. This is not a must, some SoCs need this,
+	  some do not.
+
+config SPL_QSPI_BOOT
+	bool "Support for booting SPL from QSPI flash"
+	default n
+	help
+	  Enabling this will make an SPL binary that is capable of being
+	  booted via QSPI flash. This is not a must, some SoCs need this,
+	  some do not.
+
+config SPL_SATA_BOOT
+	bool "Support for booting SPL from SATA"
+	default n
+	help
+	  Enabling this will make an SPL binary that is capable of being
+	  booted via SATA. This is not a must, some SoCs need this,
+	  some do not.
+
+config SPL_SD_BOOT
+	bool "Support for booting SPL from SD/MMC/eMMC"
+	default n
+	help
+	  Enabling this will make an SPL binary that is capable of being
+	  booted via SD/MMC/eMMC. This is not a must, some SoCs need this,
+	  some do not.
+
+config SPL_SPI_BOOT
+	bool "Support for booting SPL from SPI flash"
+	default n
+	help
+	  Enabling this will make an SPL binary that is capable of being
+	  booted via SPI flash. This is not a must, some SoCs need this,
+	  some do not.
+
+config SPL_UART_BOOT
+	bool "Support for booting SPL from UART"
+	default n
+	help
+	  Enabling this will make an SPL binary that is capable of being
+	  booted via UART. This is not a must, some SoCs need this,
+	  some do not.
+
+endmenu
+
 endmenu
 
 config BOOTDELAY
-- 
2.9.3

[U-Boot] [PATCH v3 02/11] Kconfig: Separate AM33XX SOC config from target board config

[Andrew F. Davis]

The config option AM33XX is used in several boards and should be
defined as a stand-alone option for this SOC. We break this out
from target boards that use this SoC and common headers then enable
AM33XX on in all the boards that used these targets to eliminate any
functional change with this patch.

This is similar to what has already been done in
9de852642cae ("arm: Kconfig: Add support for AM43xx SoC specific Kconfig")
and is done for the same reasons.

Signed-off-by: Andrew F. Davis <afd@ti.com>
---
 arch/arm/Kconfig                           | 98 ++++--------------------------
 arch/arm/cpu/armv7/am33xx/Kconfig          | 86 ++++++++++++++++++++++++++
 configs/am335x_baltos_defconfig            |  1 +
 configs/am335x_boneblack_defconfig         |  1 +
 configs/am335x_boneblack_vboot_defconfig   |  1 +
 configs/am335x_evm_defconfig               |  1 +
 configs/am335x_evm_nor_defconfig           |  1 +
 configs/am335x_evm_norboot_defconfig       |  1 +
 configs/am335x_evm_spiboot_defconfig       |  1 +
 configs/am335x_evm_usbspl_defconfig        |  1 +
 configs/am335x_igep0033_defconfig          |  1 +
 configs/am335x_shc_defconfig               |  1 +
 configs/am335x_shc_ict_defconfig           |  1 +
 configs/am335x_shc_netboot_defconfig       |  1 +
 configs/am335x_shc_prompt_defconfig        |  1 +
 configs/am335x_shc_sdboot_defconfig        |  1 +
 configs/am335x_shc_sdboot_prompt_defconfig |  1 +
 configs/am335x_sl50_defconfig              |  1 +
 configs/birdland_bav335a_defconfig         |  1 +
 configs/birdland_bav335b_defconfig         |  1 +
 configs/cm_t335_defconfig                  |  1 +
 configs/pcm051_rev1_defconfig              |  1 +
 configs/pcm051_rev3_defconfig              |  1 +
 configs/pengwyn_defconfig                  |  1 +
 configs/pepper_defconfig                   |  1 +
 include/configs/ti_am335x_common.h         |  1 -
 26 files changed, 120 insertions(+), 88 deletions(-)

diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index aef901c..26d7707 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -315,38 +315,6 @@ config TARGET_BRPPT1
 	select CPU_V7
 	select SUPPORT_SPL
 
-config TARGET_CM_T335
-	bool "Support cm_t335"
-	select CPU_V7
-	select SUPPORT_SPL
-	select DM
-	select DM_SERIAL
-	select DM_GPIO
-
-config TARGET_PEPPER
-	bool "Support pepper"
-	select CPU_V7
-	select SUPPORT_SPL
-	select DM
-	select DM_SERIAL
-	select DM_GPIO
-
-config TARGET_AM335X_IGEP0033
-	bool "Support am335x_igep0033"
-	select CPU_V7
-	select SUPPORT_SPL
-	select DM
-	select DM_SERIAL
-	select DM_GPIO
-
-config TARGET_PCM051
-	bool "Support pcm051"
-	select CPU_V7
-	select SUPPORT_SPL
-	select DM
-	select DM_SERIAL
-	select DM_GPIO
-
 config TARGET_DRACO
 	bool "Support draco"
 	select CPU_V7
@@ -395,61 +363,6 @@ config TARGET_RUT
 	select DM_SERIAL
 	select DM_GPIO
 
-config TARGET_PENGWYN
-	bool "Support pengwyn"
-	select CPU_V7
-	select SUPPORT_SPL
-	select DM
-	select DM_SERIAL
-	select DM_GPIO
-
-config TARGET_AM335X_BALTOS
-	bool "Support am335x_baltos"
-	select CPU_V7
-	select SUPPORT_SPL
-	select DM
-	select DM_SERIAL
-	select DM_GPIO
-
-config TARGET_AM335X_EVM
-	bool "Support am335x_evm"
-	select CPU_V7
-	select SUPPORT_SPL
-	select DM
-	select DM_SERIAL
-	select DM_GPIO
-	select TI_I2C_BOARD_DETECT
-
-config TARGET_AM335X_SHC
-	bool "Support am335x based shc board from bosch"
-	select CPU_V7
-	select SUPPORT_SPL
-	select DM
-	select DM_SERIAL
-	select DM_GPIO
-
-config TARGET_AM335X_SL50
-	bool "Support am335x_sl50"
-	select CPU_V7
-	select SUPPORT_SPL
-	select DM
-	select DM_SERIAL
-
-config TARGET_BAV335X
-	bool "Support bav335x"
-	select CPU_V7
-	select SUPPORT_SPL
-	select DM
-	select DM_SERIAL
-	help
-	  The BAV335x OEM Network Processor integrates all the functions of an
-	  embedded network computer in a small, easy to use SODIMM module which
-	  incorporates the popular Texas Instruments Sitara 32bit ARM Coretex-A8
-	  processor, with fast DDR3 512MB SDRAM, 4GB of embedded MMC and a Gigabit
-	  ethernet with simple connection to external connectors.
-
-	  For more information, visit: http://birdland.com/oem
-
 config TARGET_TI814X_EVM
 	bool "Support ti814x_evm"
 	select CPU_V7
@@ -579,6 +492,17 @@ config AM43XX
 	  protocols, dual camera support, optional 3D graphics
 	  and an optional customer programmable secure boot.
 
+config AM33XX
+	bool "AM33XX SoC"
+	select CPU_V7
+	select SUPPORT_SPL
+	help
+	  Support for AM335x SOC from Texas Instruments.
+	  The AM335x high performance SOC features a Cortex-A8
+	  ARM core, a dual core PRU-ICSS for industrial Ethernet
+	  protocols, optional 3D graphics and an optional customer
+	  programmable secure boot.
+
 config ARCH_RMOBILE
 	bool "Renesas ARM SoCs"
 	select DM
diff --git a/arch/arm/cpu/armv7/am33xx/Kconfig b/arch/arm/cpu/armv7/am33xx/Kconfig
index dc51e9b..e57e6fb 100644
--- a/arch/arm/cpu/armv7/am33xx/Kconfig
+++ b/arch/arm/cpu/armv7/am33xx/Kconfig
@@ -1,3 +1,87 @@
+if AM33XX
+
+choice
+	prompt "AM33xx board select"
+	optional
+
+config TARGET_AM335X_EVM
+	bool "Support am335x_evm"
+	select DM
+	select DM_SERIAL
+	select DM_GPIO
+	select TI_I2C_BOARD_DETECT
+	help
+	  This option specifies support for the AM335x
+	  GP and HS EVM development platforms. The AM335x
+	  GP EVM is a standalone test, development, and
+	  evaluation module system that enables developers
+	  to write software and develop hardware around
+	  an AM335x processor subsystem.
+
+config TARGET_AM335X_BALTOS
+	bool "Support am335x_baltos"
+	select DM
+	select DM_SERIAL
+	select DM_GPIO
+
+config TARGET_AM335X_IGEP0033
+	bool "Support am335x_igep0033"
+	select DM
+	select DM_SERIAL
+	select DM_GPIO
+
+config TARGET_AM335X_SHC
+	bool "Support am335x based shc board from bosch"
+	select DM
+	select DM_SERIAL
+	select DM_GPIO
+
+config TARGET_AM335X_SL50
+	bool "Support am335x_sl50"
+	select DM
+	select DM_SERIAL
+
+config TARGET_BAV335X
+	bool "Support bav335x"
+	select DM
+	select DM_SERIAL
+	help
+	  The BAV335x OEM Network Processor integrates all the functions of an
+	  embedded network computer in a small, easy to use SODIMM module which
+	  incorporates the popular Texas Instruments Sitara 32bit ARM Coretex-A8
+	  processor, with fast DDR3 512MB SDRAM, 4GB of embedded MMC and a Gigabit
+	  ethernet with simple connection to external connectors.
+
+	  For more information, visit: http://birdland.com/oem
+
+config TARGET_CM_T335
+	bool "Support cm_t335"
+	select DM
+	select DM_SERIAL
+	select DM_GPIO
+
+config TARGET_PCM051
+	bool "Support pcm051"
+	select DM
+	select DM_SERIAL
+	select DM_GPIO
+
+config TARGET_PENGWYN
+	bool "Support pengwyn"
+	select DM
+	select DM_SERIAL
+	select DM_GPIO
+
+config TARGET_PEPPER
+	bool "Support pepper"
+	select DM
+	select DM_SERIAL
+	select DM_GPIO
+
+endchoice
+
+endif
+
 if AM43XX
 config TARGET_AM43XX_EVM
 	bool "Support am43xx_evm"
@@ -9,7 +93,9 @@ config TARGET_AM43XX_EVM
 	  evaluation module system that enables developers
 	  to write software and develop hardware around
 	  an AM43xx processor subsystem.
+endif
 
+if AM43XX || AM33XX
 config ISW_ENTRY_ADDR
 	hex "Address in memory or XIP flash of bootloader entry point"
 	help
diff --git a/configs/am335x_baltos_defconfig b/configs/am335x_baltos_defconfig
index 78f55cc..b6cfd07 100644
--- a/configs/am335x_baltos_defconfig
+++ b/configs/am335x_baltos_defconfig
@@ -1,4 +1,5 @@
 CONFIG_ARM=y
+CONFIG_AM33XX=y
 CONFIG_TARGET_AM335X_BALTOS=y
 CONFIG_SPL_STACK_R_ADDR=0x82000000
 CONFIG_SPL=y
diff --git a/configs/am335x_boneblack_defconfig b/configs/am335x_boneblack_defconfig
index d310e0b..5fabff6 100644
--- a/configs/am335x_boneblack_defconfig
+++ b/configs/am335x_boneblack_defconfig
@@ -1,4 +1,5 @@
 CONFIG_ARM=y
+CONFIG_AM33XX=y
 CONFIG_TARGET_AM335X_EVM=y
 CONFIG_SPL_STACK_R_ADDR=0x82000000
 CONFIG_SPL=y
diff --git a/configs/am335x_boneblack_vboot_defconfig b/configs/am335x_boneblack_vboot_defconfig
index c2f09cb..b47b51f 100644
--- a/configs/am335x_boneblack_vboot_defconfig
+++ b/configs/am335x_boneblack_vboot_defconfig
@@ -1,4 +1,5 @@
 CONFIG_ARM=y
+CONFIG_AM33XX=y
 CONFIG_TARGET_AM335X_EVM=y
 CONFIG_SPL_STACK_R_ADDR=0x82000000
 CONFIG_DEFAULT_DEVICE_TREE="am335x-boneblack"
diff --git a/configs/am335x_evm_defconfig b/configs/am335x_evm_defconfig
index 6885230..b344bb7 100644
--- a/configs/am335x_evm_defconfig
+++ b/configs/am335x_evm_defconfig
@@ -1,4 +1,5 @@
 CONFIG_ARM=y
+CONFIG_AM33XX=y
 CONFIG_TARGET_AM335X_EVM=y
 CONFIG_SPL_STACK_R_ADDR=0x82000000
 CONFIG_DEFAULT_DEVICE_TREE="am335x-evm"
diff --git a/configs/am335x_evm_nor_defconfig b/configs/am335x_evm_nor_defconfig
index 76a004e..e434dec 100644
--- a/configs/am335x_evm_nor_defconfig
+++ b/configs/am335x_evm_nor_defconfig
@@ -1,4 +1,5 @@
 CONFIG_ARM=y
+CONFIG_AM33XX=y
 CONFIG_TARGET_AM335X_EVM=y
 CONFIG_SPL_STACK_R_ADDR=0x82000000
 CONFIG_NOR=y
diff --git a/configs/am335x_evm_norboot_defconfig b/configs/am335x_evm_norboot_defconfig
index 99fc555..063eea7 100644
--- a/configs/am335x_evm_norboot_defconfig
+++ b/configs/am335x_evm_norboot_defconfig
@@ -1,4 +1,5 @@
 CONFIG_ARM=y
+CONFIG_AM33XX=y
 CONFIG_TARGET_AM335X_EVM=y
 CONFIG_NOR=y
 CONFIG_NOR_BOOT=y
diff --git a/configs/am335x_evm_spiboot_defconfig b/configs/am335x_evm_spiboot_defconfig
index 2fe1a25..89f472d 100644
--- a/configs/am335x_evm_spiboot_defconfig
+++ b/configs/am335x_evm_spiboot_defconfig
@@ -1,4 +1,5 @@
 CONFIG_ARM=y
+CONFIG_AM33XX=y
 CONFIG_TARGET_AM335X_EVM=y
 CONFIG_SPL_STACK_R_ADDR=0x82000000
 CONFIG_SPL=y
diff --git a/configs/am335x_evm_usbspl_defconfig b/configs/am335x_evm_usbspl_defconfig
index cba5e84..b689181 100644
--- a/configs/am335x_evm_usbspl_defconfig
+++ b/configs/am335x_evm_usbspl_defconfig
@@ -1,4 +1,5 @@
 CONFIG_ARM=y
+CONFIG_AM33XX=y
 CONFIG_TARGET_AM335X_EVM=y
 CONFIG_SPL_STACK_R_ADDR=0x82000000
 CONFIG_SPL=y
diff --git a/configs/am335x_igep0033_defconfig b/configs/am335x_igep0033_defconfig
index d6022a3..33e0637 100644
--- a/configs/am335x_igep0033_defconfig
+++ b/configs/am335x_igep0033_defconfig
@@ -1,4 +1,5 @@
 CONFIG_ARM=y
+CONFIG_AM33XX=y
 CONFIG_TARGET_AM335X_IGEP0033=y
 CONFIG_SPL_STACK_R_ADDR=0x82000000
 CONFIG_SPL=y
diff --git a/configs/am335x_shc_defconfig b/configs/am335x_shc_defconfig
index c83311f..04d1c91 100644
--- a/configs/am335x_shc_defconfig
+++ b/configs/am335x_shc_defconfig
@@ -1,4 +1,5 @@
 CONFIG_ARM=y
+CONFIG_AM33XX=y
 CONFIG_TARGET_AM335X_SHC=y
 CONFIG_SERIES=y
 CONFIG_SPL_STACK_R_ADDR=0x82000000
diff --git a/configs/am335x_shc_ict_defconfig b/configs/am335x_shc_ict_defconfig
index bfb56b2..999dc60 100644
--- a/configs/am335x_shc_ict_defconfig
+++ b/configs/am335x_shc_ict_defconfig
@@ -1,4 +1,5 @@
 CONFIG_ARM=y
+CONFIG_AM33XX=y
 CONFIG_TARGET_AM335X_SHC=y
 CONFIG_SHC_ICT=y
 CONFIG_SERIES=y
diff --git a/configs/am335x_shc_netboot_defconfig b/configs/am335x_shc_netboot_defconfig
index d16c5f0..a6eaf6b 100644
--- a/configs/am335x_shc_netboot_defconfig
+++ b/configs/am335x_shc_netboot_defconfig
@@ -1,4 +1,5 @@
 CONFIG_ARM=y
+CONFIG_AM33XX=y
 CONFIG_TARGET_AM335X_SHC=y
 CONFIG_SHC_NETBOOT=y
 CONFIG_SERIES=y
diff --git a/configs/am335x_shc_prompt_defconfig b/configs/am335x_shc_prompt_defconfig
index b9bc355..e174ba9 100644
--- a/configs/am335x_shc_prompt_defconfig
+++ b/configs/am335x_shc_prompt_defconfig
@@ -1,4 +1,5 @@
 CONFIG_ARM=y
+CONFIG_AM33XX=y
 CONFIG_TARGET_AM335X_SHC=y
 CONFIG_SERIES=y
 CONFIG_SPL_STACK_R_ADDR=0x82000000
diff --git a/configs/am335x_shc_sdboot_defconfig b/configs/am335x_shc_sdboot_defconfig
index b0e8eff..7b3974c 100644
--- a/configs/am335x_shc_sdboot_defconfig
+++ b/configs/am335x_shc_sdboot_defconfig
@@ -1,4 +1,5 @@
 CONFIG_ARM=y
+CONFIG_AM33XX=y
 CONFIG_TARGET_AM335X_SHC=y
 CONFIG_SHC_SDBOOT=y
 CONFIG_SERIES=y
diff --git a/configs/am335x_shc_sdboot_prompt_defconfig b/configs/am335x_shc_sdboot_prompt_defconfig
index b0e8eff..7b3974c 100644
--- a/configs/am335x_shc_sdboot_prompt_defconfig
+++ b/configs/am335x_shc_sdboot_prompt_defconfig
@@ -1,4 +1,5 @@
 CONFIG_ARM=y
+CONFIG_AM33XX=y
 CONFIG_TARGET_AM335X_SHC=y
 CONFIG_SHC_SDBOOT=y
 CONFIG_SERIES=y
diff --git a/configs/am335x_sl50_defconfig b/configs/am335x_sl50_defconfig
index 01c1eeb..87ea29e 100644
--- a/configs/am335x_sl50_defconfig
+++ b/configs/am335x_sl50_defconfig
@@ -1,4 +1,5 @@
 CONFIG_ARM=y
+CONFIG_AM33XX=y
 CONFIG_TARGET_AM335X_SL50=y
 CONFIG_SPL_STACK_R_ADDR=0x82000000
 CONFIG_SPL=y
diff --git a/configs/birdland_bav335a_defconfig b/configs/birdland_bav335a_defconfig
index bb5db5c..046260d 100644
--- a/configs/birdland_bav335a_defconfig
+++ b/configs/birdland_bav335a_defconfig
@@ -1,4 +1,5 @@
 CONFIG_ARM=y
+CONFIG_AM33XX=y
 CONFIG_TARGET_BAV335X=y
 CONFIG_BAV_VERSION=1
 CONFIG_SPL=y
diff --git a/configs/birdland_bav335b_defconfig b/configs/birdland_bav335b_defconfig
index 39cc222..38a27ad 100644
--- a/configs/birdland_bav335b_defconfig
+++ b/configs/birdland_bav335b_defconfig
@@ -1,4 +1,5 @@
 CONFIG_ARM=y
+CONFIG_AM33XX=y
 CONFIG_TARGET_BAV335X=y
 CONFIG_BAV_VERSION=2
 CONFIG_SPL=y
diff --git a/configs/cm_t335_defconfig b/configs/cm_t335_defconfig
index 1b29331..c89a723 100644
--- a/configs/cm_t335_defconfig
+++ b/configs/cm_t335_defconfig
@@ -1,4 +1,5 @@
 CONFIG_ARM=y
+CONFIG_AM33XX=y
 CONFIG_TARGET_CM_T335=y
 CONFIG_SPL=y
 CONFIG_HUSH_PARSER=y
diff --git a/configs/pcm051_rev1_defconfig b/configs/pcm051_rev1_defconfig
index 27f681f..41cb1cd 100644
--- a/configs/pcm051_rev1_defconfig
+++ b/configs/pcm051_rev1_defconfig
@@ -1,4 +1,5 @@
 CONFIG_ARM=y
+CONFIG_AM33XX=y
 CONFIG_TARGET_PCM051=y
 CONFIG_SPL=y
 CONFIG_SYS_EXTRA_OPTIONS="REV1"
diff --git a/configs/pcm051_rev3_defconfig b/configs/pcm051_rev3_defconfig
index b277b3a..3d1abd8 100644
--- a/configs/pcm051_rev3_defconfig
+++ b/configs/pcm051_rev3_defconfig
@@ -1,4 +1,5 @@
 CONFIG_ARM=y
+CONFIG_AM33XX=y
 CONFIG_TARGET_PCM051=y
 CONFIG_SPL=y
 CONFIG_SYS_EXTRA_OPTIONS="REV3"
diff --git a/configs/pengwyn_defconfig b/configs/pengwyn_defconfig
index 3eba3ce..2ddb858 100644
--- a/configs/pengwyn_defconfig
+++ b/configs/pengwyn_defconfig
@@ -1,4 +1,5 @@
 CONFIG_ARM=y
+CONFIG_AM33XX=y
 CONFIG_TARGET_PENGWYN=y
 CONFIG_SPL=y
 CONFIG_HUSH_PARSER=y
diff --git a/configs/pepper_defconfig b/configs/pepper_defconfig
index 4a46f24..4114cdc 100644
--- a/configs/pepper_defconfig
+++ b/configs/pepper_defconfig
@@ -1,4 +1,5 @@
 CONFIG_ARM=y
+CONFIG_AM33XX=y
 CONFIG_TARGET_PEPPER=y
 CONFIG_SPL=y
 CONFIG_HUSH_PARSER=y
diff --git a/include/configs/ti_am335x_common.h b/include/configs/ti_am335x_common.h
index bcd56fc..a0a60d4 100644
--- a/include/configs/ti_am335x_common.h
+++ b/include/configs/ti_am335x_common.h
@@ -12,7 +12,6 @@
 #ifndef __CONFIG_TI_AM335X_COMMON_H__
 #define __CONFIG_TI_AM335X_COMMON_H__
 
-#define CONFIG_AM33XX
 #define CONFIG_ARCH_CPU_INIT
 #define CONFIG_SYS_CACHELINE_SIZE       64
 #define CONFIG_MAX_RAM_BANK_SIZE	(1024 << 20)	/* 1GB */
-- 
2.9.3

[U-Boot] [PATCH v3 03/11] am33xx: config.mk: Add support for additional secure boot image types

[Andrew F. Davis]

Depending on the boot media, different images are needed
for secure devices. The build generates u-boot*_HS_* files
as appropriate for the different boot modes.

For AM33xx devices additional image types are needed for
various SPL boot modes as the ROM checks for the name of
the boot mode in the file it loads.

Signed-off-by: Andrew F. Davis <afd@ti.com>
---
 arch/arm/cpu/armv7/am33xx/config.mk | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/arch/arm/cpu/armv7/am33xx/config.mk b/arch/arm/cpu/armv7/am33xx/config.mk
index d4eb21c..8e655d7 100644
--- a/arch/arm/cpu/armv7/am33xx/config.mk
+++ b/arch/arm/cpu/armv7/am33xx/config.mk
@@ -12,13 +12,36 @@ ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
 # For booting from SPI use
 # u-boot-spl_HS_SPI_X-LOADER to program flash
 #
-# For booting spl from all other  media
-# use u-boot-spl_HS_ISSW
+# On AM43XX:
+#
+# For booting spl from all other media use
+# u-boot-spl_HS_ISSW
+#
+# On AM33XX:
+#
+# For booting spl from NOR flash or QSPI use
+# u-boot-spl_HS_XIP_X-LOADER
+#
+# For booting spl from NAND flash use
+# u-boot-spl_HS_X-LOADER
+#
+# For booting spl from SD/MMC/eMMC media use
+# u-boot-spl_HS_MLO
+#
+# For booting spl over UART, USB, or Ethernet use
+# u-boot-spl_HS_2ND
 #
 # Refer to README.ti-secure for more info
 #
 ALL-y	+= u-boot-spl_HS_ISSW
 ALL-$(CONFIG_SPL_SPI_SUPPORT) += u-boot-spl_HS_SPI_X-LOADER
+ALL-$(CONFIG_SPL_QSPI_BOOT) += u-boot-spl_HS_XIP_X-LOADER
+ALL-$(CONFIG_SPL_NOR_BOOT) += u-boot-spl_HS_XIP_X-LOADER
+ALL-$(CONFIG_SPL_NAND_BOOT) += u-boot-spl_HS_X-LOADER
+ALL-$(CONFIG_SPL_SD_BOOT) += u-boot-spl_HS_MLO
+ALL-$(CONFIG_SPL_UART_BOOT) += u-boot-spl_HS_2ND
+ALL-$(CONFIG_SPL_USB_BOOT) += u-boot-spl_HS_2ND
+ALL-$(CONFIG_SPL_NET_BOOT) += u-boot-spl_HS_2ND
 else
 ALL-y	+= MLO
 ALL-$(CONFIG_SPL_SPI_SUPPORT) += MLO.byteswap
-- 
2.9.3

[U-Boot] [PATCH v3 04/11] doc: Update info on using AM33xx secure devices from TI

[Andrew F. Davis]

Add a section describing the additional boot types used on AM33xx
secure devices.

Signed-off-by: Andrew F. Davis <afd@ti.com>
---
 doc/README.ti-secure | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/doc/README.ti-secure b/doc/README.ti-secure
index 54c996d..9b0fbf9 100644
--- a/doc/README.ti-secure
+++ b/doc/README.ti-secure
@@ -43,6 +43,38 @@ Booting of U-Boot SPL
 	The script is basically the only required interface to the TI SECDEV
 	package for creating a bootable SPL image for secure TI devices.
 
+	Invoking the script for AM33xx Secure Devices
+	=============================================
+
+	create-boot-image.sh \
+		<IMAGE_FLAG> <INPUT_FILE> <OUTPUT_FILE> <SPL_LOAD_ADDR>
+
+	<IMAGE_FLAG> is a value that specifies the type of the image to
+	generate OR the action the image generation tool will take. Valid
+	values are:
+		SPI_X-LOADER - Generates an image for SPI flash (byte swapped)
+		X-LOADER - Generates an image for non-XIP flash
+		MLO - Generates an image for SD/MMC/eMMC media
+		2ND - Generates an image for USB, UART and Ethernet
+		XIP_X-LOADER - Generates a single stage u-boot for NOR/QSPI XiP
+
+	<INPUT_FILE> is the full path and filename of the public world boot
+	loaderbinary file (depending on the boot media, this is usually
+	either u-boot-spl.bin or u-boot.bin).
+
+	<OUTPUT_FILE> is the full path and filename of the final secure
+	image. The output binary images should be used in place of the standard
+	non-secure binary images (see the platform-specific user's guides and
+	releases notes for how the non-secure images are typically used)
+	u-boot-spl_HS_SPI_X-LOADER - byte swapped boot image for SPI flash
+	u-boot-spl_HS_X-LOADER - boot image for NAND or SD/MMC/eMMC rawmode
+	u-boot-spl_HS_MLO - boot image for SD/MMC/eMMC media
+	u-boot-spl_HS_2ND - boot image for USB, UART and Ethernet
+	u-boot_HS_XIP_X-LOADER - boot image for NOR or QSPI Xip flash
+
+	<SPL_LOAD_ADDR> is the address at which SOC ROM should load the
+	<INPUT_FILE>
+
 	Invoking the script for AM43xx Secure Devices
 	=============================================
 
-- 
2.9.3

[U-Boot] [PATCH v3 05/11] am33xx: config.mk: Fix option used to enable SPI SPL image type

[Andrew F. Davis]

Before the addition of SPL boot media type Kconfig options there was no
way to determine what boot media the SPL would be booted from, so
it was assumed that if the SPL could load U-Boot proper via SPI then
the SPL itself would probably also be loaded from SPI.

Use the new SPL_SPI_BOOT option to enable the generation an SPL image
capable of being booted from SPI, and not have this depend on the SPL's
media loading capabilities.

Signed-off-by: Andrew F. Davis <afd@ti.com>
---
 arch/arm/cpu/armv7/am33xx/config.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm/cpu/armv7/am33xx/config.mk b/arch/arm/cpu/armv7/am33xx/config.mk
index 8e655d7..2f53df8 100644
--- a/arch/arm/cpu/armv7/am33xx/config.mk
+++ b/arch/arm/cpu/armv7/am33xx/config.mk
@@ -34,7 +34,7 @@ ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
 # Refer to README.ti-secure for more info
 #
 ALL-y	+= u-boot-spl_HS_ISSW
-ALL-$(CONFIG_SPL_SPI_SUPPORT) += u-boot-spl_HS_SPI_X-LOADER
+ALL-$(CONFIG_SPL_SPI_BOOT) += u-boot-spl_HS_SPI_X-LOADER
 ALL-$(CONFIG_SPL_QSPI_BOOT) += u-boot-spl_HS_XIP_X-LOADER
 ALL-$(CONFIG_SPL_NOR_BOOT) += u-boot-spl_HS_XIP_X-LOADER
 ALL-$(CONFIG_SPL_NAND_BOOT) += u-boot-spl_HS_X-LOADER
-- 
2.9.3

[U-Boot] [PATCH v3 06/11] board: am33xx-hs: Allow post-processing of FIT image on AM33xx

[Andrew F. Davis]

When CONFIG_FIT_IMAGE_POST_PROCESS or CONFIG_SPL_FIT_IMAGE_POST_PROCESS
is enabled board_fit_image_post_process will be called, add this
function to am33xx boards when CONFIG_TI_SECURE_DEVICE is set to
verify the loaded image.

Signed-off-by: Andrew F. Davis <afd@ti.com>
---
 board/ti/am335x/board.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/board/ti/am335x/board.c b/board/ti/am335x/board.c
index 56f4984..0ed16ca 100644
--- a/board/ti/am335x/board.c
+++ b/board/ti/am335x/board.c
@@ -25,6 +25,7 @@
 #include <asm/io.h>
 #include <asm/emif.h>
 #include <asm/gpio.h>
+#include <asm/omap_sec_common.h>
 #include <i2c.h>
 #include <miiphy.h>
 #include <cpsw.h>
@@ -775,3 +776,10 @@ int board_fit_config_name_match(const char *name)
 		return -1;
 }
 #endif
+
+#ifdef CONFIG_TI_SECURE_DEVICE
+void board_fit_image_post_process(void **p_image, size_t *p_size)
+{
+	secure_boot_verify_image(p_image, p_size);
+}
+#endif
-- 
2.9.3

[U-Boot] [PATCH v3 07/11] ti: omap-common: Allow AM33xx devices to be built securely

[Andrew F. Davis]

Like OMAP54xx and AM43xx family SoCs, AM33xx based SoCs have high
security enabled models. Allow AM33xx devices to be built with
HS Device Type Support.

Signed-off-by: Andrew F. Davis <afd@ti.com>
---
 arch/arm/cpu/armv7/omap-common/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm/cpu/armv7/omap-common/Kconfig b/arch/arm/cpu/armv7/omap-common/Kconfig
index 7b39506..4daccd9 100644
--- a/arch/arm/cpu/armv7/omap-common/Kconfig
+++ b/arch/arm/cpu/armv7/omap-common/Kconfig
@@ -1,6 +1,6 @@
 config TI_SECURE_DEVICE
 	bool "HS Device Type Support"
-	depends on OMAP54XX || AM43XX
+	depends on OMAP54XX || AM43XX || AM33XX
 	help
 	  If a high secure (HS) device type is being used, this config
 	  must be set. This option impacts various aspects of the
-- 
2.9.3

[U-Boot] [PATCH v3 08/11] am335x: configs: Use ISW_ENTRY_ADDR to set SPL_TEXT_BASE

[Andrew F. Davis]

The SPL load address changes based on boot time in HS devices,
ISW_ENTRY_ADDR is used to set this address for AM43xx based SoCs
for similar reasons. Add this same logic for AM33xx devices.

Signed-off-by: Andrew F. Davis <afd@ti.com>
---
 include/configs/ti_am335x_common.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/configs/ti_am335x_common.h b/include/configs/ti_am335x_common.h
index a0a60d4..52f4ed6 100644
--- a/include/configs/ti_am335x_common.h
+++ b/include/configs/ti_am335x_common.h
@@ -57,7 +57,7 @@
  * supports X-MODEM loading via UART, and we leverage this and then use
  * Y-MODEM to load u-boot.img, when booted over UART.
  */
-#define CONFIG_SPL_TEXT_BASE		0x402F0400
+#define CONFIG_SPL_TEXT_BASE		CONFIG_ISW_ENTRY_ADDR
 #define CONFIG_SPL_MAX_SIZE		(0x4030B800 - CONFIG_SPL_TEXT_BASE)
 #define CONFIG_SYS_SPL_ARGS_ADDR	(CONFIG_SYS_SDRAM_BASE + \
 					 (128 << 20))
-- 
2.9.3

[U-Boot] [PATCH v3 09/11] config: Remove usage of CONFIG_STORAGE_EMMC

[Andrew F. Davis]

This config option seems to be unused and is probably vestigial.
Remove it.

Signed-off-by: Andrew F. Davis <afd@ti.com>
---
 include/configs/am335x_evm.h  | 2 --
 include/configs/am335x_shc.h  | 2 --
 include/configs/am335x_sl50.h | 2 --
 include/configs/bav335x.h     | 2 --
 4 files changed, 8 deletions(-)

diff --git a/include/configs/am335x_evm.h b/include/configs/am335x_evm.h
index ba4c215..23ee75c 100644
--- a/include/configs/am335x_evm.h
+++ b/include/configs/am335x_evm.h
@@ -301,8 +301,6 @@
 #define CONFIG_FASTBOOT_BUF_ADDR	CONFIG_SYS_LOAD_ADDR
 #define CONFIG_FASTBOOT_BUF_SIZE	0x07000000
 
-/* To support eMMC booting */
-#define CONFIG_STORAGE_EMMC
 #define CONFIG_FASTBOOT_FLASH_MMC_DEV   1
 #endif
 
diff --git a/include/configs/am335x_shc.h b/include/configs/am335x_shc.h
index f2484cb..8708c91 100644
--- a/include/configs/am335x_shc.h
+++ b/include/configs/am335x_shc.h
@@ -287,8 +287,6 @@
 #define CONFIG_SPL_LDSCRIPT		"$(CPUDIR)/am33xx/u-boot-spl.lds"
 
 #ifndef CONFIG_SPL_USBETH_SUPPORT
-/* To support eMMC booting */
-#define CONFIG_STORAGE_EMMC
 #define CONFIG_FASTBOOT_FLASH_MMC_DEV   1
 #endif
 
diff --git a/include/configs/am335x_sl50.h b/include/configs/am335x_sl50.h
index 8454872..06ce4e9 100644
--- a/include/configs/am335x_sl50.h
+++ b/include/configs/am335x_sl50.h
@@ -91,8 +91,6 @@
 #define CONFIG_SPL_LDSCRIPT		"$(CPUDIR)/am33xx/u-boot-spl.lds"
 
 #ifndef CONFIG_SPL_USBETH_SUPPORT
-/* To support eMMC booting */
-#define CONFIG_STORAGE_EMMC
 #define CONFIG_FASTBOOT_FLASH_MMC_DEV   1
 #endif
 
diff --git a/include/configs/bav335x.h b/include/configs/bav335x.h
index e391c91..05fc6d9 100644
--- a/include/configs/bav335x.h
+++ b/include/configs/bav335x.h
@@ -451,8 +451,6 @@ DEFAULT_LINUX_BOOT_ENV \
 #define CONFIG_FASTBOOT_BUF_ADDR	CONFIG_SYS_LOAD_ADDR
 #define CONFIG_FASTBOOT_BUF_SIZE	0x07000000
 
-/* To support eMMC booting */
-#define CONFIG_STORAGE_EMMC
 #define CONFIG_FASTBOOT_FLASH_MMC_DEV   1
 #endif
 
-- 
2.9.3

[U-Boot] [PATCH v3 10/11] ti_armv7_common: Disable Falcon Mode on HS devices

[Andrew F. Davis]

Authentication of images in Falcon Mode is not supported. Do not enable
SPL_OS_BOOT when TI_SECURE_DEVICE is enabled. This prevents attempting
to directly load kernel images which will fail, for security reasons,
on HS devices, the board is locked if a non-authenticatable image load
is attempted, so we disable attempting Falcon Mode.

Signed-off-by: Andrew F. Davis <afd@ti.com>
---
 include/configs/ti_armv7_common.h | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/include/configs/ti_armv7_common.h b/include/configs/ti_armv7_common.h
index 9f947ee..949b6d1 100644
--- a/include/configs/ti_armv7_common.h
+++ b/include/configs/ti_armv7_common.h
@@ -198,16 +198,21 @@
 
 /*
  * Our platforms make use of SPL to initalize the hardware (primarily
- * memory) enough for full U-Boot to be loaded.  We also support Falcon
- * Mode so that the Linux kernel can be booted directly from SPL
- * instead, if desired.  We make use of the general SPL framework found
- * under common/spl/.  Given our generally common memory map, we set a
- * number of related defaults and sizes here.
+ * memory) enough for full U-Boot to be loaded. We make use of the general
+ * SPL framework found under common/spl/.  Given our generally common memory
+ * map, we set a number of related defaults and sizes here.
  */
 #if !defined(CONFIG_NOR_BOOT) && \
 	!(defined(CONFIG_QSPI_BOOT) && defined(CONFIG_AM43XX))
 #define CONFIG_SPL_FRAMEWORK
+
+/*
+ * We also support Falcon Mode so that the Linux kernel can be booted
+ * directly from SPL. This is not currently available on HS devices.
+ */
+#if !defined(CONFIG_TI_SECURE_DEVICE)
 #define CONFIG_SPL_OS_BOOT
+#endif
 
 /*
  * Place the image at the start of the ROM defined image space (per
-- 
2.9.3

[U-Boot] [RFC PATCH v3 11/11] defconfig: Add a config for AM335x High Security EVM with SD Boot support

[Andrew F. Davis]

Add a new defconfig file for the AM335x High Security EVM. This config
is specific for the case of SD card booting, we the boot types to be
seperate defconfigs as some options change depending on boot type, in
addition this allows us to trim the SPL size as we only need to support
one boot media.

This defconfig is the same as for the non-secure part, except for:
	CONFIG_TI_SECURE_DEVICE option set to 'y'
	CONFIG_ISW_ENTRY_ADDR updated for secure images.
	CONFIG_FIT_IMAGE_POST_PROCESS option set to 'y'
	CONFIG_SPL_FIT_IMAGE_POST_PROCESS option set to 'y'
	CONFIG_SPL_SD_BOOT option set to 'y' so we will build an MMC
	  compatible SPL
	CONFIG_USE_TINY_PRINTF option set to 'y' to reduce SPL size
	NAND removed from CONFIG_SYS_EXTRA_OPTIONS as this adds NAND
	  support to SPL, not just U-Boot proper, when this is fixed
	  this can be added back

Signed-off-by: Andrew F. Davis <afd@ti.com>
---
 configs/am335x_hs_evm_mmc_defconfig | 58 +++++++++++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 configs/am335x_hs_evm_mmc_defconfig

diff --git a/configs/am335x_hs_evm_mmc_defconfig b/configs/am335x_hs_evm_mmc_defconfig
new file mode 100644
index 0000000..d10faaa
--- /dev/null
+++ b/configs/am335x_hs_evm_mmc_defconfig
@@ -0,0 +1,58 @@
+CONFIG_ARM=y
+CONFIG_AM33XX=y
+CONFIG_TI_SECURE_DEVICE=y
+CONFIG_TARGET_AM335X_EVM=y
+CONFIG_SPL_STACK_R_ADDR=0x82000000
+CONFIG_DEFAULT_DEVICE_TREE="am335x-evm"
+CONFIG_SPL=y
+CONFIG_ISW_ENTRY_ADDR=0x40301750
+CONFIG_SPL_STACK_R=y
+CONFIG_HUSH_PARSER=y
+CONFIG_CMD_BOOTZ=y
+# CONFIG_CMD_IMLS is not set
+CONFIG_CMD_ASKENV=y
+# CONFIG_CMD_FLASH is not set
+CONFIG_CMD_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_SPI=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_USB=y
+CONFIG_CMD_DFU=y
+CONFIG_CMD_GPIO=y
+# CONFIG_CMD_SETEXPR is not set
+CONFIG_CMD_DHCP=y
+CONFIG_CMD_MII=y
+CONFIG_CMD_PING=y
+CONFIG_CMD_EXT2=y
+CONFIG_CMD_EXT4=y
+CONFIG_CMD_EXT4_WRITE=y
+CONFIG_CMD_FAT=y
+CONFIG_CMD_FS_GENERIC=y
+CONFIG_OF_CONTROL=y
+CONFIG_DM_MMC=y
+CONFIG_SPI_FLASH=y
+CONFIG_SPI_FLASH_WINBOND=y
+CONFIG_DM_ETH=y
+CONFIG_SYS_NS16550=y
+CONFIG_TIMER=y
+CONFIG_OMAP_TIMER=y
+CONFIG_USB=y
+CONFIG_USB_MUSB_HOST=y
+CONFIG_USB_MUSB_GADGET=y
+CONFIG_USB_GADGET=y
+CONFIG_USB_GADGET_DOWNLOAD=y
+CONFIG_G_DNL_MANUFACTURER="Texas Instruments"
+CONFIG_G_DNL_VENDOR_NUM=0x0451
+CONFIG_G_DNL_PRODUCT_NUM=0xd022
+CONFIG_OF_LIBFDT=y
+CONFIG_SPL_NET_VCI_STRING="AM335x U-Boot SPL"
+CONFIG_RSA=y
+CONFIG_FIT=y
+CONFIG_SPL_OF_LIBFDT=y
+CONFIG_SPL_LOAD_FIT=y
+CONFIG_SPL_FIT_IMAGE_POST_PROCESS=y
+CONFIG_OF_LIST="am335x-evm am335x-bone am335x-boneblack am335x-evmsk am335x-bonegreen am335x-icev2"
+CONFIG_DM_I2C=y
+CONFIG_FIT_IMAGE_POST_PROCESS=y
+CONFIG_SPL_SD_BOOT=y
+CONFIG_USE_TINY_PRINTF=y
-- 
2.9.3

[U-Boot] [PATCH v3 05/11] am33xx: config.mk: Fix option used to enable SPI SPL image type

[Lokesh Vutla]

On Friday 26 August 2016 03:15 AM, Andrew F. Davis wrote:
> Before the addition of SPL boot media type Kconfig options there was no
> way to determine what boot media the SPL would be booted from, so
> it was assumed that if the SPL could load U-Boot proper via SPI then
> the SPL itself would probably also be loaded from SPI.
> 
> Use the new SPL_SPI_BOOT option to enable the generation an SPL image
> capable of being booted from SPI, and not have this depend on the SPL's
> media loading capabilities.
> 
> Signed-off-by: Andrew F. Davis <afd@ti.com>
> ---
>  arch/arm/cpu/armv7/am33xx/config.mk | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/arch/arm/cpu/armv7/am33xx/config.mk b/arch/arm/cpu/armv7/am33xx/config.mk
> index 8e655d7..2f53df8 100644
> --- a/arch/arm/cpu/armv7/am33xx/config.mk
> +++ b/arch/arm/cpu/armv7/am33xx/config.mk
> @@ -34,7 +34,7 @@ ifeq ($(CONFIG_TI_SECURE_DEVICE),y)
>  # Refer to README.ti-secure for more info
>  #
>  ALL-y	+= u-boot-spl_HS_ISSW
> -ALL-$(CONFIG_SPL_SPI_SUPPORT) += u-boot-spl_HS_SPI_X-LOADER
> +ALL-$(CONFIG_SPL_SPI_BOOT) += u-boot-spl_HS_SPI_X-LOADER

With this change CONFIG_SPL_SPI_BOOT needs to be enabled for
am43xx_hs_evm_defconfig or else SPI boot will break on AM43xx HS.

Thanks and regards,
Lokesh

>  ALL-$(CONFIG_SPL_QSPI_BOOT) += u-boot-spl_HS_XIP_X-LOADER
>  ALL-$(CONFIG_SPL_NOR_BOOT) += u-boot-spl_HS_XIP_X-LOADER
>  ALL-$(CONFIG_SPL_NAND_BOOT) += u-boot-spl_HS_X-LOADER
> 

[U-Boot] [PATCH v3 08/11] am335x: configs: Use ISW_ENTRY_ADDR to set SPL_TEXT_BASE

[Lokesh Vutla]

On Friday 26 August 2016 03:15 AM, Andrew F. Davis wrote:
> The SPL load address changes based on boot time in HS devices,
> ISW_ENTRY_ADDR is used to set this address for AM43xx based SoCs
> for similar reasons. Add this same logic for AM33xx devices.
> 
> Signed-off-by: Andrew F. Davis <afd@ti.com>
> ---
>  include/configs/ti_am335x_common.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/include/configs/ti_am335x_common.h b/include/configs/ti_am335x_common.h
> index a0a60d4..52f4ed6 100644
> --- a/include/configs/ti_am335x_common.h
> +++ b/include/configs/ti_am335x_common.h
> @@ -57,7 +57,7 @@
>   * supports X-MODEM loading via UART, and we leverage this and then use
>   * Y-MODEM to load u-boot.img, when booted over UART.
>   */
> -#define CONFIG_SPL_TEXT_BASE		0x402F0400
> +#define CONFIG_SPL_TEXT_BASE		CONFIG_ISW_ENTRY_ADDR

Please include the below change as well or else am33xx gp boot might
break as fefault address is different.

diff --git a/arch/arm/cpu/armv7/am33xx/Kconfig
b/arch/arm/cpu/armv7/am33xx/Kconfig
index dc51e9b..3a48664 100644
--- a/arch/arm/cpu/armv7/am33xx/Kconfig
+++ b/arch/arm/cpu/armv7/am33xx/Kconfig
@@ -22,7 +22,8 @@ config ISW_ENTRY_ADDR
 	  point address depending on the device type
 	  (secure/non-secure), boot media (xip/non-xip) and
 	  image headers.
-	default 0x402F4000
+	default 0x402F4000 if AM43XX
+	default 0x402F0400 if AM33XX

 config PUB_ROM_DATA_SIZE
 	hex "Size in bytes of the L3 SRAM reserved by ROM to store data"


Thanks and regards,
Lokesh

>  #define CONFIG_SPL_MAX_SIZE		(0x4030B800 - CONFIG_SPL_TEXT_BASE)
>  #define CONFIG_SYS_SPL_ARGS_ADDR	(CONFIG_SYS_SDRAM_BASE + \
>  					 (128 << 20))
> 

[U-Boot] [PATCH v3 01/11] spl: Kconfig: Add SPL_<media>_BOOT as Kconfig option

[Tom Rini]

On Thu, Aug 25, 2016 at 04:45:31PM -0500, Andrew F. Davis wrote:

> Currently U-Boot proper has Kconfig options that enable the generation
> of U-Boot binaries that are capable of being booted from the selected
> boot media type. The same set of generation targets for SPL are assumed
> with various methods and config header hackery. On some platforms the
> options for SPL, such as load address, are dependent on boot type
> and cannot depend on boot image type selected for U-Boot proper.
> Add a Kconfig menu to select SPL boot image types, and populate it
> with the same media types as are already available for U-Boot proper.
> 
> NOTE: As only a couple TI devices use make correct use of these options
> we limit the menu to these devices for now. The only other users
> of these seem to be some PPC boards that incorrectly use these as both
> SPL and TPL build options.
> 
> Signed-off-by: Andrew F. Davis <afd@ti.com>

OK, sorry, I feel we've gone off on a wild goose chase here.  Of all the
options that get added here, only two appear to be used at all and it's
by the "old" Freescale SPL and not the current iteration of SPL.  Those
conversions should end up in board/freescale/Kconfig I think.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20160826/6936cfa9/attachment.sig>

[U-Boot] [PATCH v3 02/11] Kconfig: Separate AM33XX SOC config from target board config

[Tom Rini]

On Thu, Aug 25, 2016 at 04:45:32PM -0500, Andrew F. Davis wrote:

> The config option AM33XX is used in several boards and should be
> defined as a stand-alone option for this SOC. We break this out
> from target boards that use this SoC and common headers then enable
> AM33XX on in all the boards that used these targets to eliminate any
> functional change with this patch.
> 
> This is similar to what has already been done in
> 9de852642cae ("arm: Kconfig: Add support for AM43xx SoC specific Kconfig")
> and is done for the same reasons.
> 
> Signed-off-by: Andrew F. Davis <afd@ti.com>

Reviewed-by: Tom Rini <trini@konsulko.com>

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20160826/142bdd02/attachment.sig>

[U-Boot] [PATCH v3 03/11] am33xx: config.mk: Add support for additional secure boot image types

[Tom Rini]

On Thu, Aug 25, 2016 at 04:45:33PM -0500, Andrew F. Davis wrote:

> Depending on the boot media, different images are needed
> for secure devices. The build generates u-boot*_HS_* files
> as appropriate for the different boot modes.
> 
> For AM33xx devices additional image types are needed for
> various SPL boot modes as the ROM checks for the name of
> the boot mode in the file it loads.
> 
> Signed-off-by: Andrew F. Davis <afd@ti.com>

Reviewed-by: Tom Rini <trini@konsulko.com>

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20160826/b8f16d16/attachment.sig>

[U-Boot] [PATCH v3 04/11] doc: Update info on using AM33xx secure devices from TI

[Tom Rini]

On Thu, Aug 25, 2016 at 04:45:34PM -0500, Andrew F. Davis wrote:

> Add a section describing the additional boot types used on AM33xx
> secure devices.
> 
> Signed-off-by: Andrew F. Davis <afd@ti.com>

Reviewed-by: Tom Rini <trini@konsulko.com>

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20160826/22a5521d/attachment.sig>

[U-Boot] [PATCH v3 06/11] board: am33xx-hs: Allow post-processing of FIT image on AM33xx

[Tom Rini]

On Thu, Aug 25, 2016 at 04:45:36PM -0500, Andrew F. Davis wrote:

> When CONFIG_FIT_IMAGE_POST_PROCESS or CONFIG_SPL_FIT_IMAGE_POST_PROCESS
> is enabled board_fit_image_post_process will be called, add this
> function to am33xx boards when CONFIG_TI_SECURE_DEVICE is set to
> verify the loaded image.
> 
> Signed-off-by: Andrew F. Davis <afd@ti.com>

Reviewed-by: Tom Rini <trini@konsulko.com>

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20160826/d5754023/attachment.sig>

[U-Boot] [PATCH v3 07/11] ti: omap-common: Allow AM33xx devices to be built securely

[Tom Rini]

On Thu, Aug 25, 2016 at 04:45:37PM -0500, Andrew F. Davis wrote:

> Like OMAP54xx and AM43xx family SoCs, AM33xx based SoCs have high
> security enabled models. Allow AM33xx devices to be built with
> HS Device Type Support.
> 
> Signed-off-by: Andrew F. Davis <afd@ti.com>

Reviewed-by: Tom Rini <trini@konsulko.com>

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20160826/fbda13b6/attachment.sig>

[U-Boot] [PATCH v3 09/11] config: Remove usage of CONFIG_STORAGE_EMMC

[Tom Rini]

On Thu, Aug 25, 2016 at 04:45:39PM -0500, Andrew F. Davis wrote:

> This config option seems to be unused and is probably vestigial.
> Remove it.
> 
> Signed-off-by: Andrew F. Davis <afd@ti.com>

Reviewed-by: Tom Rini <trini@konsulko.com>

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20160826/7c0629ee/attachment.sig>

[U-Boot] [PATCH v3 10/11] ti_armv7_common: Disable Falcon Mode on HS devices

[Tom Rini]

On Thu, Aug 25, 2016 at 04:45:40PM -0500, Andrew F. Davis wrote:

> Authentication of images in Falcon Mode is not supported. Do not enable
> SPL_OS_BOOT when TI_SECURE_DEVICE is enabled. This prevents attempting
> to directly load kernel images which will fail, for security reasons,
> on HS devices, the board is locked if a non-authenticatable image load
> is attempted, so we disable attempting Falcon Mode.
> 
> Signed-off-by: Andrew F. Davis <afd@ti.com>

Reviewed-by: Tom Rini <trini@konsulko.com>

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20160826/e75c94fc/attachment.sig>

[U-Boot] [PATCH v3 01/11] spl: Kconfig: Add SPL_<media>_BOOT as Kconfig option

[Andrew F. Davis]

On 08/26/2016 04:27 PM, Tom Rini wrote:
> On Thu, Aug 25, 2016 at 04:45:31PM -0500, Andrew F. Davis wrote:
> 
>> Currently U-Boot proper has Kconfig options that enable the generation
>> of U-Boot binaries that are capable of being booted from the selected
>> boot media type. The same set of generation targets for SPL are assumed
>> with various methods and config header hackery. On some platforms the
>> options for SPL, such as load address, are dependent on boot type
>> and cannot depend on boot image type selected for U-Boot proper.
>> Add a Kconfig menu to select SPL boot image types, and populate it
>> with the same media types as are already available for U-Boot proper.
>>
>> NOTE: As only a couple TI devices use make correct use of these options
>> we limit the menu to these devices for now. The only other users
>> of these seem to be some PPC boards that incorrectly use these as both
>> SPL and TPL build options.
>>
>> Signed-off-by: Andrew F. Davis <afd@ti.com>
> 
> OK, sorry, I feel we've gone off on a wild goose chase here.  Of all the
> options that get added here, only two appear to be used at all and it's
> by the "old" Freescale SPL and not the current iteration of SPL.  Those
> conversions should end up in board/freescale/Kconfig I think.
> 

These are used in patch 3 of this series, but I can drop that use by
simply always building SPLs for all supported media types. Most of our
platforms only need two image types anyway (QSPI and MLO for everything
else).

We could do the same for the existing {media}_BOOT, they are rarely used
correctly as described by the Kconfig help (formatting the U-Boot binary
output image for a specific media type), often mistaken for
{media}_SUPPORT options.

Masahiro would probably be happy to help remove these options altogether
(taking this patch a step further:
https://patchwork.ozlabs.org/patch/661706/).

Andrew

[U-Boot] [PATCH v3 01/11] spl: Kconfig: Add SPL_<media>_BOOT as Kconfig option

[Tom Rini]

On Mon, Aug 29, 2016 at 01:30:01PM -0500, Andrew F. Davis wrote:
> On 08/26/2016 04:27 PM, Tom Rini wrote:
> > On Thu, Aug 25, 2016 at 04:45:31PM -0500, Andrew F. Davis wrote:
> > 
> >> Currently U-Boot proper has Kconfig options that enable the generation
> >> of U-Boot binaries that are capable of being booted from the selected
> >> boot media type. The same set of generation targets for SPL are assumed
> >> with various methods and config header hackery. On some platforms the
> >> options for SPL, such as load address, are dependent on boot type
> >> and cannot depend on boot image type selected for U-Boot proper.
> >> Add a Kconfig menu to select SPL boot image types, and populate it
> >> with the same media types as are already available for U-Boot proper.
> >>
> >> NOTE: As only a couple TI devices use make correct use of these options
> >> we limit the menu to these devices for now. The only other users
> >> of these seem to be some PPC boards that incorrectly use these as both
> >> SPL and TPL build options.
> >>
> >> Signed-off-by: Andrew F. Davis <afd@ti.com>
> > 
> > OK, sorry, I feel we've gone off on a wild goose chase here.  Of all the
> > options that get added here, only two appear to be used at all and it's
> > by the "old" Freescale SPL and not the current iteration of SPL.  Those
> > conversions should end up in board/freescale/Kconfig I think.
> > 
> 
> These are used in patch 3 of this series, but I can drop that use by
> simply always building SPLs for all supported media types. Most of our
> platforms only need two image types anyway (QSPI and MLO for everything
> else).

Yes, this sounds best, thanks!

> We could do the same for the existing {media}_BOOT, they are rarely used
> correctly as described by the Kconfig help (formatting the U-Boot binary
> output image for a specific media type), often mistaken for
> {media}_SUPPORT options.
> 
> Masahiro would probably be happy to help remove these options altogether
> (taking this patch a step further:
> https://patchwork.ozlabs.org/patch/661706/).

Yes, I think we're all in agreement here then, thanks.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20160829/c539e87a/attachment.sig>

[U-Boot] [PATCH v3 08/11] am335x: configs: Use ISW_ENTRY_ADDR to set SPL_TEXT_BASE

[Andrew F. Davis]

On 08/26/2016 12:01 AM, Lokesh Vutla wrote:
> 
> 
> On Friday 26 August 2016 03:15 AM, Andrew F. Davis wrote:
>> The SPL load address changes based on boot time in HS devices,
>> ISW_ENTRY_ADDR is used to set this address for AM43xx based SoCs
>> for similar reasons. Add this same logic for AM33xx devices.
>>
>> Signed-off-by: Andrew F. Davis <afd@ti.com>
>> ---
>>  include/configs/ti_am335x_common.h | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/include/configs/ti_am335x_common.h b/include/configs/ti_am335x_common.h
>> index a0a60d4..52f4ed6 100644
>> --- a/include/configs/ti_am335x_common.h
>> +++ b/include/configs/ti_am335x_common.h
>> @@ -57,7 +57,7 @@
>>   * supports X-MODEM loading via UART, and we leverage this and then use
>>   * Y-MODEM to load u-boot.img, when booted over UART.
>>   */
>> -#define CONFIG_SPL_TEXT_BASE		0x402F0400
>> +#define CONFIG_SPL_TEXT_BASE		CONFIG_ISW_ENTRY_ADDR
> 
> Please include the below change as well or else am33xx gp boot might
> break as fefault address is different.
> 
> diff --git a/arch/arm/cpu/armv7/am33xx/Kconfig
> b/arch/arm/cpu/armv7/am33xx/Kconfig
> index dc51e9b..3a48664 100644
> --- a/arch/arm/cpu/armv7/am33xx/Kconfig
> +++ b/arch/arm/cpu/armv7/am33xx/Kconfig
> @@ -22,7 +22,8 @@ config ISW_ENTRY_ADDR
>  	  point address depending on the device type
>  	  (secure/non-secure), boot media (xip/non-xip) and
>  	  image headers.
> -	default 0x402F4000
> +	default 0x402F4000 if AM43XX
> +	default 0x402F0400 if AM33XX
> 

Good eye, for some reason I mistook them for the same value, will fix.

>  config PUB_ROM_DATA_SIZE
>  	hex "Size in bytes of the L3 SRAM reserved by ROM to store data"
> 
> 
> Thanks and regards,
> Lokesh
> 
>>  #define CONFIG_SPL_MAX_SIZE		(0x4030B800 - CONFIG_SPL_TEXT_BASE)
>>  #define CONFIG_SYS_SPL_ARGS_ADDR	(CONFIG_SYS_SDRAM_BASE + \
>>  					 (128 << 20))
>>