aboutsummaryrefslogtreecommitdiff
path: root/drivers/crypto
AgeCommit message (Collapse)Author
2021-04-08crypto: fsl: refactor for 32 bit version CAAM support on ARM64Ye Li
Previous patch "MLK-18044-4: crypto: caam: Fix pointer size to 32bit for i.MX8M" breaks the 64 bits CAAM. Since i.MX CAAM are all 32 bits no matter the ARM arch (32 or 64), to adapt and not break 64 bits CAAM support, add a new config CONFIG_CAAM_64BIT and new relevant type "caam_dma_addr_t". This config is default enabled when CONFIG_PHYS_64BIT is set except for iMX8M. Signed-off-by: Ye Li <ye.li@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08fsl_mfgprot: Fix typo in sign_mppubk()Breno Lima
The signature is generated using manufacturing protection private key. Fix typo in fsl_mfgprot.c. Signed-off-by: Breno Lima <breno.lima@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08imx8m: Add DEK blob encapsulation for imx8mClement Faure
Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08crypto: caam: Fix pointer size to 32bit for i.MX8MAymen Sghaier
The CAAM block used in i.MX8M is 32 bits address size but when the flag PHYS_64BIT is enabled for armv8, the CAAM driver will try to use a wrong pointer size. This patch fixes this issue. Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08crypto: caam: Fix build warnings pointer castingAymen Sghaier
Enabling CAAM driver for i.MX8M platforms, a 64 bits architecture, lead to casting warnings: from/to pointer to/from integer with different size. This patch fix these warnings Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08crypto: caam: Add CAAM support to i.MX8M platformsAymen Sghaier
This patch enable CAAM support for i.MX8M platforms. Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08caam: enable support for iMX7ULPFranck LENORMAND
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08crypto: caam: change JR running loopFranck LENORMAND
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08crypto: fsl: blob: Flush dcache range for destination addressBreno Lima
The blob command is not working on i.MX7D, i.MX8MQ and i.MX8MM devices. Due to different cache management it's necessary to flush dcache range for destination address so data can be available in memory. Add necessary operations in blob_encap() and blob_decap() functions. Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08imx: imx7 Support for Manufacturing ProtectionBreno Lima
This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-02-02common: Drop asm/global_data.h from common headerSimon Glass
Move this out of the common header and include it only where needed. In a number of cases this requires adding "struct udevice;" to avoid adding another large header or in other cases replacing / adding missing header files that had been pulled in, very indirectly. Finally, we have a few cases where we did not need to include <asm/global_data.h> at all, so remove that include. Signed-off-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
2021-01-05dm: Rename U_BOOT_DEVICE() to U_BOOT_DRVINFO()Simon Glass
The current macro is a misnomer since it does not declare a device directly. Instead, it declares driver_info record which U-Boot uses at runtime to create a device. The distinction seems somewhat minor most of the time, but is becomes quite confusing when we actually want to declare a device, with of-platdata. We are left trying to distinguish between a device which isn't actually device, and a device that is (perhaps an 'instance'?) It seems better to rename this macro to describe what it actually is. The macros is not widely used, since boards should use devicetree to declare devices. Rename it to U_BOOT_DRVINFO(), which indicates clearly that this is declaring a new driver_info record, not a device. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-13dm: treewide: Rename auto_alloc_size members to be shorterSimon Glass
This construct is quite long-winded. In earlier days it made some sense since auto-allocation was a strange concept. But with driver model now used pretty universally, we can shorten this to 'auto'. This reduces verbosity and makes it easier to read. Coincidentally it also ensures that every declaration is on one line, thus making dtoc's job easier. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-07-27crypto/fsl: add RNG supportMichael Walle
Register the random number generator with the rng subsystem in u-boot. This way it can be used by EFI as well as for the 'rng' command. Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2020-07-27crypto/fsl: instantiate the RNG with prediciton resistanceMichael Walle
If it is already instantiated tear it down first and then reinstanciate it again with prediction resistance. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2020-07-27crypto/fsl: don't regenerate secure keysMichael Walle
The secure keys (TDKEK, JDKEK, TDSK) can only be generated once after a POR. Otherwise the RNG4 will throw an error. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2020-07-27crypto/fsl: support newer SEC modulesMichael Walle
Since Era 10, the version registers changed. Add the version registers and use them on newer modules. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2020-07-27crypto/fsl: export caam_get_era()Michael Walle
We need the era in other modules, too. For example, to get the RNG version. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2020-07-27crypto/fsl: make SEC%u status line consistentMichael Walle
Align the status line with all the other output in U-Boot. Before the change: DDR 3.9 GiB (DDR3, 32-bit, CL=11, ECC on) SEC0: RNG instantiated WDT: Started with servicing (60s timeout) After the change: DDR 3.9 GiB (DDR3, 32-bit, CL=11, ECC on) SEC0: RNG instantiated WDT: Started with servicing (60s timeout) Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2020-07-27crypto/fsl: unused value in caam_hash_update()Heinrich Schuchardt
The value 0 assigned to final is overwritten before ever being used. Remove the assignment. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2020-07-27crypto/fsl: correct printf() statement.Heinrich Schuchardt
The sequence of arguments should match the format string. For printing unsigned numbers we should use %u. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2020-07-27crypto/fsl: fix unaligned accessMichael Walle
On aarch64 running with dcache off, will result in an unaligned access exception: => dcache off => hash sha1 $kernel_addr_r 100 "Synchronous Abort" handler, esr 0x96000061 elr: 00000000960317d8 lr : 00000000960316a4 (reloc) elr: 00000000fbd787d8 lr : 00000000fbd786a4 [..] The compiler emits a "stur x1, [x0, #12]". x1 is might just be 32 bit aligned pointer. Remove the unused u64 element from the union to drop the minimal alignment to 32 bit. Also remove the union, because it is no more needed. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2020-05-19drivers: crypto: mod_exp_sw: Re-add DM_FLAG_PRE_RELOCJan Kiszka
This driver is safe to use in SPL without relocation. Denying DM_FLAG_PRE_RELOC prevents its usability for verifying the main U-Boot or other artifacts from the SPL unless needless enabling the full driver set (SPL_OF_PLATDATA). Fixes: 17e117408571 ("drivers: crypto: rsa_mod_exp: avoid DM_FLAG_PRE_RELOC") CC: Heinrich Schuchardt <xypron.glpk@gmx.de> CC: Marek Vasut <marex@denx.de> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2020-05-18common: Drop log.h from common headerSimon Glass
Move this header out of the common header. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18common: Drop net.h from common headerSimon Glass
Move this header out of the common header. Network support is used in quite a few places but it still does not warrant blanket inclusion. Note that this net.h header itself has quite a lot in it. It could be split into the driver-mode support, functions, structures, checksumming, etc. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-04-16drivers: crypto: rsa_mod_exp: avoid DM_FLAG_PRE_RELOCHeinrich Schuchardt
Function rsa_verify_key() is not called before relocation. So there is no need to load the UCLASS_MOD_EXP drivers before relocation. This avoid a failure to boot for pine64-lts_defconfig with CONFIG_RSA=y. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-01-25crypto: make mod_exp_sw() staticHeinrich Schuchardt
Function mod_exp_sw() is only used via the operators of the uclass. It is not defined in any include. Make mod_exp_sw() static. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2019-12-02common: Move ARM cache operations out of common.hSimon Glass
These functions are CPU-related and do not use driver model. Move them to cpu_func.h Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com> Reviewed-by: Tom Rini <trini@konsulko.com>
2019-12-02common: Move some time functions out of common.hSimon Glass
These functions belong in time.h so move them over and add comments. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com>
2019-10-24drivers: crypto: rsa_mod_exp: Add manual relocation for ops->mod_exp()T Karthik Reddy
This patch adds manual relocation for Modular Exponentiation if CONFIG_NEEDS_MANUAL_RELOC is enabled. Signed-off-by: T Karthik Reddy <t.karthik.reddy@xilinx.com> Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com> Signed-off-by: Michal Simek <michal.simek@xilinx.com>
2019-06-11Revert "drivers/crypto/fsl: assign job-rings to non-TrustZone"Breno Matheus Lima
Commit 22191ac35344 ("drivers/crypto/fsl: assign job-rings to non-TrustZone") breaks HABv4 encrypted boot support in the following i.MX devices: - i.MX6UL - i.MX7S - i.MX7D - i.MX7ULP For preparing a HABv4 encrypted boot image it's necessary to encapsulate the generated DEK in a blob. In devices listed above the blob generation function takes into consideration the Job Ring TrustZone ownership configuration (JROWN_NS) and can be only decapsulated by the same configuration. The ROM code expects DEK blobs encapsulated by the Secure World environments which commonly have JROWN_NS = 0. As U-Boot is running in Secure World we must have JROWN_NS = 0 so the blobs generated by dek_blob tool can be decapsulated by the ROM code. Job-rings assignment is now handled in OP-TEE OS, this commit can be safely reverted. https://github.com/OP-TEE/optee_os/pull/2986 This reverts commit 22191ac353445ad8fafc5a78aefcd94e78963041. Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <festevam@gmail.com> Acked-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
2018-05-07SPDX: Convert all of our single license tags to Linux Kernel styleTom Rini
When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com>
2018-03-05libfdt: move headers to <linux/libfdt.h> and <linux/libfdt_env.h>Masahiro Yamada
Thomas reported U-Boot failed to build host tools if libfdt-devel package is installed because tools include libfdt headers from /usr/include/ instead of using internal ones. This commit moves the header code: include/libfdt.h -> include/linux/libfdt.h include/libfdt_env.h -> include/linux/libfdt_env.h and replaces include directives: #include <libfdt.h> -> #include <linux/libfdt.h> #include <libfdt_env.h> -> #include <linux/libfdt_env.h> Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2018-02-09crypto/fsl: instantiate all rng state handlesLukas Auer
Extend the instantiate_rng() function and the corresponding CAAM job descriptor to instantiate all RNG state handles. This moves the RNG instantiation code in line with the CAAM kernel driver. Previously, only the first state handle was instantiated. The second one was instantiated by the CAAM kernel driver. This works if the kernel runs in secure mode, but fails in non-secure mode since the kernel driver uses DEC0 directly instead of over the job ring interface. Instantiating all RNG state handles in u-boot removes the need for using DEC0 in the kernel driver, making it possible to use the CAAM in non-secure mode. Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de> Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Reviewed-by: York Sun <york.sun@nxp.com>
2018-02-04drivers/crypto/fsl: assign job-rings to non-TrustZoneBryan O'Donoghue
After enabling TrustZone various parts of the CAAM silicon become inaccessible to non TrustZone contexts. The job-ring registers are designed to allow non TrustZone contexts like Linux to still submit jobs to CAAM even after TrustZone has been enabled. The default job-ring permissions after the BootROM look like this for job-ring zero. ms=0x00008001 ls=0x00008001 The MS field is JRaMIDR_MS (job ring MID most significant). Referring to "Security Reference Manual for i.MX 7Dual and 7Solo Applications Processors, Rev. 0, 03/2017" section 8.10.4 we see that JROWN_NS controls whether or not a job-ring is accessible from non TrustZone. Bit 15 (TrustZone) is the logical inverse of bit 3 hence the above value of 0x8001 shows that JROWN_NS=0 and TrustZone=1. Clearly then as soon as TrustZone becomes active the job-ring registers are no longer accessible from Linux, which is not what we want. This patch explicitly sets all job-ring registers to JROWN_NS=1 (non TrustZone) by default and to the Non-Secure MID 001. Both settings are required to successfully assign a job-ring to non-secure mode. If a piece of TrustZone firmware requires ownership of job-ring registers it can unset the JROWN_NS bit itself. This patch in conjunction with a modification of the Linux kernel to skip HWRNG initialisation makes CAAM usable to Linux with TrustZone enabled. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Alex Porosanu <alexandru.porosanu@nxp.com> Cc: Ruchika Gupta <ruchika.gupta@nxp.com> Cc: Aneesh Bansal <aneesh.bansal@nxp.com> Link: https://github.com/OP-TEE/optee_os/issues/1408 Link: https://tinyurl.com/yam5gv9a Tested-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
2018-01-23crypto/fsl: Fix HW accelerated hash commandsBreno Lima
The hash command function were not flushing the dcache before passing data to CAAM/DMA and not invalidating the dcache when getting data back. Due the data cache incoherency, HW accelerated hash commands used to fail with CAAM errors like "Invalid KEY Command". Check if pbuf and pout buffers are properly aligned to the cache line size and flush/invalidate the memory regions to address this issue. This solution is based in a previous work from Clemens Gruber in commit 598e9dccc75d ("crypto/fsl: fix BLOB encapsulation and decapsulation") Reported-by: Anatolij Gustschin <agust@denx.de> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2018-01-08crypto/fsl: fix BLOB encapsulation and decapsulationClemens Gruber
The blob_encap and blob_decap functions were not flushing the dcache before passing data to CAAM/DMA and not invalidating the dcache when getting data back. Therefore, blob encapsulation and decapsulation failed with errors like the following due to data cache incoherency: "40000006: DECO: desc idx 0: Invalid KEY command" To ensure coherency, we require the key_mod, src and dst buffers to be aligned to the cache line size and flush/invalidate the memory regions. The same requirements apply to the job descriptor. Tested on an i.MX6Q board. Reviewed-by: Sumit Garg <sumit.garg@nxp.com> Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
2017-09-04crypto/fsl: fix obj-yy in MakefileClemens Gruber
When enabling CONFIG_CMD_BLOB and/or CONFIG_CMD_DEKBLOB, the build fails with a linker error: ... LD u-boot arch/arm/mach-imx/built-in.o: In function `blob_encap_dek': /home/clemens/dev/u-boot/arch/arm/mach-imx/cmd_dek.c:46: undefined reference to `blob_dek' This is due to an error in the Makefile, resulting in obj-yy/obj-yn/.. and fsl_blob.o is therefore not linked. Fix it by splitting it up into two obj-y lines. Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2017-05-22Convert CONFIG_CMD_HASH to KconfigSimon Glass
This converts the following to Kconfig: CONFIG_CMD_HASH Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com> [trini: Rework slightly, enable on some boards again] Signed-off-by: Tom Rini <trini@konsulko.com>
2017-05-22lib: move hash CONFIG options to KconfigTom Rini
Commit 94e3c8c4fd7b ("crypto/fsl - Add progressive hashing support using hardware acceleration.") created entries for CONFIG_SHA1, CONFIG_SHA256, CONFIG_SHA_HW_ACCEL, and CONFIG_SHA_PROG_HW_ACCEL. However, no defconfig has migrated to it. Complete the move by first adding additional logic to various Kconfig files to select this when required and then use the moveconfig tool. In many cases we can select these because they are required to implement other drivers. We also correct how we include the various hashing algorithms in SPL. This commit was generated as follows (after Kconfig additions): [1] tools/moveconfig.py -y SHA1 SHA256 SHA_HW_ACCEL [2] tools/moveconfig.py -y SHA_PROG_HW_ACCEL Note: We cannot move SHA_HW_ACCEL and SHA_PROG_HW_ACCEL simultaneously because there is dependency between them. Cc: Poonam Aggrwal <poonam.aggrwal@freescale.com> Cc: Naveen Burmi <NaveenBurmi@freescale.com> Cc: Po Liu <po.liu@freescale.com> Cc: Shengzhou Liu <Shengzhou.Liu@freescale.com> Cc: Priyanka Jain <Priyanka.Jain@freescale.com> Cc: Shaohui Xie <Shaohui.Xie@freescale.com> Cc: Chunhe Lan <Chunhe.Lan@freescale.com> Cc: Chander Kashyap <k.chander@samsung.com> Cc: Steve Rae <steve.rae@raedomain.com> Cc: Dirk Eibach <eibach@gdsys.de> Cc: Feng Li <feng.li_2@nxp.com> Cc: Alison Wang <alison.wang@freescale.com> Cc: Sumit Garg <sumit.garg@nxp.com> Cc: Mingkai Hu <Mingkai.Hu@freescale.com> Cc: York Sun <york.sun@nxp.com> Cc: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com> Cc: Jaehoon Chung <jh80.chung@samsung.com> Cc: Akshay Saraswat <akshay.s@samsung.com> Cc: Heiko Schocher <hs@denx.de> Cc: Jagan Teki <jagan@amarulasolutions.com> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
2017-04-18Merge git://git.denx.de/u-boot-fsl-qoriqTom Rini
2017-04-18drivers/crypto/fsl: remove redundant logical contraintxypron.glpk@gmx.de
'A || (!A && B)' is equivalent to 'A || B'. Let's reduce the complexity of the statement in start_jr0(). The problem was indicated by cppcheck. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: York Sun <york.sun@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2017-04-17armv8: ls2080a: Drop macro CONFIG_LS2080AYork Sun
Use CONFIG_ARCH_LS2080A instead. Signed-off-by: York Sun <york.sun@nxp.com>
2017-04-17arm: ls1046ardb: Add SD secure boot targetRuchika Gupta
- Add SD secure boot target for ls1046ardb. - Change the u-boot size defined by a macro for copying the main U-Boot by SPL to also include the u-boot Secure Boot header size as header is appended to u-boot image. So header will also be copied from SD to DDR. - CONFIG_MAX_SPL_SIZE is limited to 90KB. SPL is copied to OCRAM (128K) where 32K are reserved for use by boot ROM and 6K for the header. - Reduce the size of CAAM driver for SPL Blobification functions and descriptors, that are not required at the time of SPL are disabled. Further error code conversion to strings is disabled for SPL build. Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-01-04crypto: Move CONFIG_SYS_FSL_SEC_LE and _BE to KconfigYork Sun
Use Kconfig option to set little- or big-endian access to secure boot and trust architecture. Signed-off-by: York Sun <york.sun@nxp.com>
2017-01-04crypto: Move SYS_FSL_SEC_COMPAT into driver KconfigYork Sun
Instead of define CONFIG_SYS_FSL_SEC_COMPAT in header files for PowerPC and ARM SoCs, move it to Kconfig under the driver. Signed-off-by: York Sun <york.sun@nxp.com>
2016-11-23powerpc: C29X: Move CONFIG_PPC_C29X to Kconfig optionYork Sun
Replace CONFIG_PPC_C29X with ARCH_C29X in Kconfig and clean up existing macros. Signed-off-by: York Sun <york.sun@nxp.com>
2016-10-06Various, accumulated typos collected from around the tree.Robert P. J. Day
Fix various misspellings of: * deprecated * partition * preceding,preceded * preparation * its versus it's * export * existing * scenario * redundant * remaining * value * architecture Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Reviewed-by: Jagan Teki <jteki@openedev.com> Reviewed-by: Stefan Roese <sr@denx.de>
2016-09-23treewide: replace #include <asm-generic/errno.h> with <linux/errno.h>Masahiro Yamada
Now, include/linux/errno.h is a wrapper of <asm-generic/errno.h>. Replace all include directives for <asm-generic/errno.h> with <linux/errno.h>. <asm-generic/...> is supposed to be included from <asm/...> when arch-headers fall back into generic implementation. Generally, they should not be directly included from .c files. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> [trini: Add drivers/usb/host/xhci-rockchip.c] Signed-off-by: Tom Rini <trini@konsulko.com>
2016-09-23treewide: replace #include <asm/errno.h> with <linux/errno.h>Masahiro Yamada
Now, arch/${ARCH}/include/asm/errno.h and include/linux/errno.h have the same content. (both just wrap <asm-generic/errno.h>) Replace all include directives for <asm/errno.h> with <linux/errno.h>. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> [trini: Fixup include/clk.] Signed-off-by: Tom Rini <trini@konsulko.com>