From f47f87f257b790bbc9b071de433324dab2305d7d Mon Sep 17 00:00:00 2001 From: Marek Vasut Date: Wed, 6 Oct 2021 18:29:53 +0200 Subject: [PATCH 1/5] env: mmc: Add missing eMMC bootpart restoration to env erase If the environment is stored in eMMC hardware boot partition, the environment driver first stores the currently selected eMMC boot partition, then does the requested operation, and then restores the original boot partition settings. In case the environment operation fails, the boot partition settings are also restored. The 'env erase' implementation in the MMC environment driver lacks the path which restores the boot partition. This could lead to various failure modes, like the system boots the wrong copy of bootloader etc. Fix this by filling in the missing restoration path. Signed-off-by: Marek Vasut Cc: Fabio Estevam Cc: Jaehoon Chung Cc: Peng Fan Cc: Stefano Babic --- env/mmc.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/env/mmc.c b/env/mmc.c index c4cb1639914..e111d8e5881 100644 --- a/env/mmc.c +++ b/env/mmc.c @@ -263,20 +263,26 @@ static int env_mmc_erase(void) return 1; } - if (mmc_get_env_addr(mmc, copy, &offset)) - return CMD_RET_FAILURE; + if (mmc_get_env_addr(mmc, copy, &offset)) { + ret = CMD_RET_FAILURE; + goto fini; + } ret = erase_env(mmc, CONFIG_ENV_SIZE, offset); #ifdef CONFIG_ENV_OFFSET_REDUND copy = 1; - if (mmc_get_env_addr(mmc, copy, &offset)) - return CMD_RET_FAILURE; + if (mmc_get_env_addr(mmc, copy, &offset)) { + ret = CMD_RET_FAILURE; + goto fini; + } ret |= erase_env(mmc, CONFIG_ENV_SIZE, offset); #endif +fini: + fini_mmc_for_env(mmc); return ret; } #endif /* CONFIG_CMD_SAVEENV && !CONFIG_SPL_BUILD */ From c6855195e4b4dd07d1ae04d9d98ed999f65b7dc3 Mon Sep 17 00:00:00 2001 From: Marek Vasut Date: Sun, 10 Oct 2021 23:52:41 +0200 Subject: [PATCH 2/5] loads: Block writes into LMB reserved areas of U-Boot The loads srec loading may overwrite piece of U-Boot accidentally. Prevent that by using LMB to detect whether upcoming write would overwrite piece of reserved U-Boot code, and if that is the case, abort the srec loading. Signed-off-by: Marek Vasut Cc: Simon Glass Cc: Tom Rini Reviewed-by: Simon Glass --- cmd/load.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/cmd/load.c b/cmd/load.c index 249ebd4ae07..7e4a552d90e 100644 --- a/cmd/load.c +++ b/cmd/load.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -137,6 +138,7 @@ static int do_load_serial(struct cmd_tbl *cmdtp, int flag, int argc, static ulong load_serial(long offset) { + struct lmb lmb; char record[SREC_MAXRECLEN + 1]; /* buffer for one S-Record */ char binbuf[SREC_MAXBINLEN]; /* buffer for binary data */ int binlen; /* no. of data bytes in S-Rec. */ @@ -147,6 +149,9 @@ static ulong load_serial(long offset) ulong start_addr = ~0; ulong end_addr = 0; int line_count = 0; + long ret; + + lmb_init_and_reserve(&lmb, gd->bd, (void *)gd->fdt_blob); while (read_record(record, SREC_MAXRECLEN + 1) >= 0) { type = srec_decode(record, &binlen, &addr, binbuf); @@ -172,7 +177,14 @@ static ulong load_serial(long offset) } else #endif { + ret = lmb_reserve(&lmb, store_addr, binlen); + if (ret) { + printf("\nCannot overwrite reserved area (%08lx..%08lx)\n", + store_addr, store_addr + binlen); + return ret; + } memcpy((char *)(store_addr), binbuf, binlen); + lmb_free(&lmb, store_addr, binlen); } if ((store_addr) < start_addr) start_addr = store_addr; From d11d1becbd6ab67c4cc0c19bda2886b28c1fdc02 Mon Sep 17 00:00:00 2001 From: Marek Vasut Date: Sun, 17 Oct 2021 19:23:36 +0200 Subject: [PATCH 3/5] env: mmc: Add support for redundant env in both eMMC boot partitions Currently the MMC environment driver supports storing redundant environment only in one eMMC partition at different offsets. This is sub-optimal, since if this one boot partition is erased, both copies of environment are lost. Since the eMMC has two boot partitions, add support for storing one copy of environment in each of the two boot partitions. To enable this functionality, select CONFIG_SYS_REDUNDAND_ENVIRONMENT to indicate redundant environment should be used. Set CONFIG_SYS_MMC_ENV_PART to 1 to indicate environment should be stored in eMMC boot partition. Set CONFIG_ENV_OFFSET equal to CONFIG_ENV_OFFSET_REDUND, and both to the offset from start of eMMC boot partition where the environment should be located. Signed-off-by: Marek Vasut Cc: Fabio Estevam Cc: Jaehoon Chung Cc: Peng Fan Cc: Stefano Babic --- env/Kconfig | 5 +++++ env/mmc.c | 47 ++++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 47 insertions(+), 5 deletions(-) diff --git a/env/Kconfig b/env/Kconfig index f75f2b13536..06d72bad1dc 100644 --- a/env/Kconfig +++ b/env/Kconfig @@ -200,6 +200,11 @@ config ENV_IS_IN_MMC This value may also be positive or negative; this is handled in the same way as CONFIG_ENV_OFFSET. + In case CONFIG_SYS_MMC_ENV_PART is 1 (i.e. environment in eMMC boot + partition) then setting CONFIG_ENV_OFFSET_REDUND to the same value + as CONFIG_ENV_OFFSET makes use of the second eMMC boot partition for + the redundant environment copy. + This value is also in units of bytes, but must also be aligned to an MMC sector boundary. diff --git a/env/mmc.c b/env/mmc.c index e111d8e5881..465b104559b 100644 --- a/env/mmc.c +++ b/env/mmc.c @@ -26,6 +26,18 @@ DECLARE_GLOBAL_DATA_PTR; +/* + * In case the environment is redundant, stored in eMMC hardware boot + * partition and the environment and redundant environment offsets are + * identical, store the environment and redundant environment in both + * eMMC boot partitions, one copy in each. + * */ +#if (defined(CONFIG_SYS_REDUNDAND_ENVIRONMENT) && \ + (CONFIG_SYS_MMC_ENV_PART == 1) && \ + (CONFIG_ENV_OFFSET == CONFIG_ENV_OFFSET_REDUND)) +#define ENV_MMC_HWPART_REDUND +#endif + #if CONFIG_IS_ENABLED(OF_CONTROL) static inline int mmc_offset_try_partition(const char *str, int copy, s64 *val) { @@ -126,13 +138,11 @@ __weak uint mmc_get_env_part(struct mmc *mmc) static unsigned char env_mmc_orig_hwpart; -static int mmc_set_env_part(struct mmc *mmc) +static int mmc_set_env_part(struct mmc *mmc, uint part) { - uint part = mmc_get_env_part(mmc); int dev = mmc_get_env_dev(); int ret = 0; - env_mmc_orig_hwpart = mmc_get_blk_desc(mmc)->hwpart; ret = blk_select_hwpart_devnum(IF_TYPE_MMC, dev, part); if (ret) puts("MMC partition switch failed\n"); @@ -140,7 +150,7 @@ static int mmc_set_env_part(struct mmc *mmc) return ret; } #else -static inline int mmc_set_env_part(struct mmc *mmc) {return 0; }; +static inline int mmc_set_env_part(struct mmc *mmc, uint part) {return 0; }; #endif static const char *init_mmc_for_env(struct mmc *mmc) @@ -157,7 +167,8 @@ static const char *init_mmc_for_env(struct mmc *mmc) if (mmc_init(mmc)) return "MMC init failed"; #endif - if (mmc_set_env_part(mmc)) + env_mmc_orig_hwpart = mmc_get_blk_desc(mmc)->hwpart; + if (mmc_set_env_part(mmc, mmc_get_env_part(mmc))) return "MMC partition switch failed"; return NULL; @@ -209,6 +220,13 @@ static int env_mmc_save(void) #ifdef CONFIG_ENV_OFFSET_REDUND if (gd->env_valid == ENV_VALID) copy = 1; + +#ifdef ENV_MMC_HWPART_REDUND + ret = mmc_set_env_part(mmc, copy + 1); + if (ret) + goto fini; +#endif + #endif if (mmc_get_env_addr(mmc, copy, &offset)) { @@ -273,6 +291,12 @@ static int env_mmc_erase(void) #ifdef CONFIG_ENV_OFFSET_REDUND copy = 1; +#ifdef ENV_MMC_HWPART_REDUND + ret = mmc_set_env_part(mmc, copy + 1); + if (ret) + goto fini; +#endif + if (mmc_get_env_addr(mmc, copy, &offset)) { ret = CMD_RET_FAILURE; goto fini; @@ -331,7 +355,20 @@ static int env_mmc_load(void) goto fini; } +#ifdef ENV_MMC_HWPART_REDUND + ret = mmc_set_env_part(mmc, 1); + if (ret) + goto fini; +#endif + read1_fail = read_env(mmc, CONFIG_ENV_SIZE, offset1, tmp_env1); + +#ifdef ENV_MMC_HWPART_REDUND + ret = mmc_set_env_part(mmc, 2); + if (ret) + goto fini; +#endif + read2_fail = read_env(mmc, CONFIG_ENV_SIZE, offset2, tmp_env2); ret = env_import_redund((char *)tmp_env1, read1_fail, (char *)tmp_env2, From 949eb228f3f807feb338d29e9c94d97c22fa98b6 Mon Sep 17 00:00:00 2001 From: Ricardo Salveti Date: Wed, 20 Oct 2021 15:12:06 +0300 Subject: [PATCH 4/5] arm: spl: prepare for jumping to OPTEE Make sure to (if applicable) flush the D-cache, invalidate I-cache, and disable MMU and caches before jumping to OPTEE. This fixes the SDP->SPL->OPTEE boot flow on iMX6Q and most likely on some other ARM SoCs. Signed-off-by: Ricardo Salveti Co-developed-by: Oleksandr Suvorov Signed-off-by: Oleksandr Suvorov --- arch/arm/lib/spl.c | 11 +++++++++++ common/spl/spl.c | 11 +++++++++-- include/spl.h | 11 ++++++++++- 3 files changed, 30 insertions(+), 3 deletions(-) diff --git a/arch/arm/lib/spl.c b/arch/arm/lib/spl.c index 8e2bdf35365..4f9b84ba344 100644 --- a/arch/arm/lib/spl.c +++ b/arch/arm/lib/spl.c @@ -77,3 +77,14 @@ void __noreturn jump_to_image_linux(struct spl_image_info *spl_image) } #endif /* CONFIG_ARM64 */ #endif + +#if CONFIG_IS_ENABLED(OPTEE_IMAGE) +void __noreturn jump_to_image_optee(struct spl_image_info *spl_image) +{ + /* flush and turn off caches before jumping to OPTEE */ + cleanup_before_linux(); + + spl_optee_entry(NULL, NULL, spl_image->fdt_addr, + (void *)spl_image->entry_point); +} +#endif diff --git a/common/spl/spl.c b/common/spl/spl.c index a9304d41486..0c08da06e8f 100644 --- a/common/spl/spl.c +++ b/common/spl/spl.c @@ -174,6 +174,14 @@ __weak void spl_board_prepare_for_optee(void *fdt) { } +#if CONFIG_IS_ENABLED(OPTEE_IMAGE) +__weak void __noreturn jump_to_image_optee(struct spl_image_info *spl_image) +{ + spl_optee_entry(NULL, NULL, spl_image->fdt_addr, + (void *)spl_image->entry_point); +} +#endif + __weak void spl_board_prepare_for_boot(void) { /* Nothing to do! */ @@ -780,8 +788,7 @@ void board_init_r(gd_t *dummy1, ulong dummy2) case IH_OS_TEE: debug("Jumping to U-Boot via OP-TEE\n"); spl_board_prepare_for_optee(spl_image.fdt_addr); - spl_optee_entry(NULL, NULL, spl_image.fdt_addr, - (void *)spl_image.entry_point); + jump_to_image_optee(&spl_image); break; #endif #if CONFIG_IS_ENABLED(OPENSBI) diff --git a/include/spl.h b/include/spl.h index 7ddb2abe0fb..0af0ee30034 100644 --- a/include/spl.h +++ b/include/spl.h @@ -468,6 +468,15 @@ int spl_board_boot_device(u32 boot_device); */ void __noreturn jump_to_image_linux(struct spl_image_info *spl_image); +/** + * jump_to_image_linux() - Jump to OP-TEE OS from SPL + * + * This jumps into OP-TEE OS using the information in @spl_image. + * + * @spl_image: Image description to set up + */ +void __noreturn jump_to_image_optee(struct spl_image_info *spl_image); + /** * spl_start_uboot() - Check if SPL should start the kernel or U-Boot * @@ -759,7 +768,7 @@ struct bl_params *bl2_plat_get_bl31_params_v2_default(uintptr_t bl32_entry, * @arg2: device tree address, (ARMv7 standard bootarg #2) * @arg3: non-secure entry address (ARMv7 bootarg #0) */ -void spl_optee_entry(void *arg0, void *arg1, void *arg2, void *arg3); +void __noreturn spl_optee_entry(void *arg0, void *arg1, void *arg2, void *arg3); /** * spl_invoke_opensbi - boot using a RISC-V OpenSBI image From ca341e98c8273e2ee74c489d6274740824c7b239 Mon Sep 17 00:00:00 2001 From: Marek Vasut Date: Tue, 14 Sep 2021 05:26:51 +0200 Subject: [PATCH 5/5] dfu: dfu_sf: Read the SPI flash in 16 MiB chunks Not all SPI flashes and controllers can do continuous transfer longer than 16 MiB, so perform the DFU read in 16 MiB chunks. Signed-off-by: Marek Vasut Cc: Lukasz Majewski Reviewed-by: Lukasz Majewski --- drivers/dfu/dfu_sf.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/drivers/dfu/dfu_sf.c b/drivers/dfu/dfu_sf.c index 7e64ab772f0..b72493ced86 100644 --- a/drivers/dfu/dfu_sf.c +++ b/drivers/dfu/dfu_sf.c @@ -24,8 +24,18 @@ static int dfu_get_medium_size_sf(struct dfu_entity *dfu, u64 *size) static int dfu_read_medium_sf(struct dfu_entity *dfu, u64 offset, void *buf, long *len) { - return spi_flash_read(dfu->data.sf.dev, dfu->data.sf.start + offset, - *len, buf); + long seglen = *len; + int ret; + + if (seglen > (16 << 20)) + seglen = (16 << 20); + + ret = spi_flash_read(dfu->data.sf.dev, dfu->data.sf.start + offset, + seglen, buf); + if (!ret) + *len = seglen; + + return ret; } static u64 find_sector(struct dfu_entity *dfu, u64 start, u64 offset)