From 41150445902c3be55cb7803cbd64480766c3c44c Mon Sep 17 00:00:00 2001 From: Gabriel Valcazar Date: Mon, 3 Jun 2024 17:00:58 +0200 Subject: [PATCH] imx-boot: apply patches to fix CVE-2023-39902 on i.MX8M platforms The patches have been backported from the lf-6.1.36-2.1.0 release of imx-mkimage. https://onedigi.atlassian.net/browse/DUB-1081 Signed-off-by: Gabriel Valcazar --- ...Generate-hash-of-FIT-FDT-structure-t.patch | 207 ++++++++++++++++++ ...Reserve-new-IVT-CSF-for-FIT-FDT-sign.patch | 179 +++++++++++++++ .../imx-mkimage/imx-boot_1.0.bbappend | 2 + 3 files changed, 388 insertions(+) create mode 100644 meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/files/0003-LFU-573-1-imx8m-Generate-hash-of-FIT-FDT-structure-t.patch create mode 100644 meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/files/0004-LFU-573-2-imx8m-Reserve-new-IVT-CSF-for-FIT-FDT-sign.patch diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/files/0003-LFU-573-1-imx8m-Generate-hash-of-FIT-FDT-structure-t.patch b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/files/0003-LFU-573-1-imx8m-Generate-hash-of-FIT-FDT-structure-t.patch new file mode 100644 index 000000000..685c7e140 --- /dev/null +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/files/0003-LFU-573-1-imx8m-Generate-hash-of-FIT-FDT-structure-t.patch @@ -0,0 +1,207 @@ +From: Ye Li +Date: Mon, 3 Jul 2023 17:31:32 +0800 +Subject: [PATCH] LFU-573-1 imx8m: Generate hash of FIT FDT structure to SPL + image + +Generate the hash of FIT FDT structure by SHA256 and append it +to end of SPL image (after DDR FW). +SPL will get the hash from the position to verify the FIT FDT +structure in loaded FIT image. + +Signed-off-by: Ye Li +(cherry picked from commit 2f2d426f03ebbcf7a9c28cf53680cd5777e70ea1) +--- + iMX8M/mkimage_imx8.c | 109 ++++++++++++++++++++++++++++++++++++++++++- + iMX8M/soc.mak | 14 ++++-- + 2 files changed, 117 insertions(+), 6 deletions(-) + +diff --git a/iMX8M/mkimage_imx8.c b/iMX8M/mkimage_imx8.c +index 54828d1..f8484d0 100644 +--- a/iMX8M/mkimage_imx8.c ++++ b/iMX8M/mkimage_imx8.c +@@ -366,6 +366,31 @@ copy_file (int ifd, const char *datafile, int pad, int offset, int datafile_offs + (void) close (dfd); + } + ++static void append_data(char *filename, uint8_t *data, int size) ++{ ++ int dfd, ret; ++ ++ if ((dfd = open(filename, O_RDWR|O_BINARY)) < 0) { ++ fprintf (stderr, "Can't open %s: %s\n", ++ filename, strerror(errno)); ++ exit (EXIT_FAILURE); ++ } ++ ++ ret = lseek(dfd, 0, SEEK_END); ++ if (ret < 0) { ++ fprintf(stderr, "%s: lseek error %s\n", ++ __func__, strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ if (write(dfd, data, size) != size) { ++ fprintf (stderr, "Write error %s\n", ++ strerror(errno)); ++ exit (EXIT_FAILURE); ++ } ++ (void) close (dfd); ++} ++ ++ + enum imximage_fld_types { + CFG_INVALID = -1, + CFG_COMMAND, +@@ -861,6 +886,77 @@ void generate_sld_with_ivt(char * input_file, uint32_t ep, char *out_file) + close(input_fd); + } + ++#define HASH_MAX_LEN 32 ++static void calc_fitimage_hash(char* filename, uint8_t *hash) ++{ ++ int sld_fd; ++ FILE *fp = NULL; ++ char sha_command[512]; ++ char *digest_type = "sha256sum"; ++ char hash_char[2 * HASH_MAX_LEN + 1]; ++ int digest_length = 64; ++ ++ uimage_header_t image_header; ++ uint32_t fit_size; ++ ++ sld_fd = open(filename, O_RDONLY | O_BINARY); ++ if (sld_fd < 0) { ++ fprintf(stderr, "%s: Can't open: %s\n", ++ filename, strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ ++ if (read(sld_fd, (char *)&image_header, sizeof(uimage_header_t)) != sizeof(uimage_header_t)) { ++ fprintf (stderr, "generate_ivt_for_fit read failed: %s\n", ++ strerror(errno)); ++ exit (EXIT_FAILURE); ++ } ++ ++ if (be32_to_cpu(image_header.ih_magic) != FDT_MAGIC){ ++ fprintf (stderr, "generate_ivt_for_fit error: not a FIT file\n"); ++ exit (EXIT_FAILURE); ++ } ++ ++ fit_size = fdt_totalsize(&image_header); ++ ++ fprintf(stderr, "fit_size: %u\n", fit_size); ++ ++ sprintf(sha_command, "dd if=\'%s\' of=tmp_pad bs=%d count=1;\ ++ %s tmp_pad; rm -f tmp_pad;", ++ filename, fit_size, digest_type); ++ ++ memset(hash, 0, HASH_MAX_LEN); ++ ++ fp = popen(sha_command, "r"); ++ if (fp == NULL) { ++ fprintf(stderr, "Failed to run command hash\n" ); ++ exit(EXIT_FAILURE); ++ } ++ ++ if(fgets(hash_char, digest_length + 1, fp) == NULL) { ++ fprintf(stderr, "Failed to hash file: %s\n", filename); ++ exit(EXIT_FAILURE); ++ } ++ ++ for(int i = 0; i < strlen(hash_char)/2; i++){ ++ sscanf(hash_char + 2*i, "%02hhx", &hash[i]); ++ } ++ ++ pclose(fp); ++ (void) close (sld_fd); ++} ++ ++void dump_fit_hash(uint8_t *hash, int size) ++{ ++ int i; ++ ++ fprintf(stderr, "FIT hash: "); ++ for (i = 0; i < size; i++) { ++ fprintf(stderr, "%x", hash[i]); ++ } ++ fprintf(stderr, "\n"); ++} ++ + /* Return this IVT offset in the final output file */ + int generate_ivt_for_fit(int fd, int fit_offset, uint32_t ep, uint32_t *fit_load_addr) + { +@@ -943,6 +1039,8 @@ int main(int argc, char **argv) + uimage_header_t uimage_hdr; + uint32_t version = ROM_V1; + ++ uint8_t fit_hash[HASH_MAX_LEN]; ++ + static struct option long_options[] = + { + {"loader", required_argument, NULL, 'i'}, +@@ -1146,6 +1244,15 @@ int main(int argc, char **argv) + exit(1); + } + ++ if (sld_img && using_fit) { ++ calc_fitimage_hash(sld_img, fit_hash); ++ ++ /* Append hash to ap_img */ ++ append_data(ap_img, fit_hash, HASH_MAX_LEN); ++ ++ dump_fit_hash(fit_hash, HASH_MAX_LEN); ++ } ++ + if (version == ROM_V2) { + + /* On V2, flexspi IVT offset is 0, image offset is 0x1000 */ +@@ -1638,7 +1745,7 @@ int main(int argc, char **argv) + } + + /* The FLEXSPI configuration parameters will add to flash.bin by script, so need add 0x1000 offset to every offset prints */ +- if ((version == ROM_V2 && rom_image_offset == IVT_OFFSET_FLEXSPI) || ++ if ((version == ROM_V2 && rom_image_offset == IVT_OFFSET_FLEXSPI) || + (version == ROM_V1 && ivt_offset == IVT_OFFSET_FLEXSPI)) { + header_image_off += IVT_OFFSET_FLEXSPI; + dcd_off += IVT_OFFSET_FLEXSPI; +diff --git a/iMX8M/soc.mak b/iMX8M/soc.mak +index 6b3a01f..a30523b 100644 +--- a/iMX8M/soc.mak ++++ b/iMX8M/soc.mak +@@ -101,8 +101,9 @@ u-boot-spl-ddr.bin: u-boot-spl.bin $(lpddr4_imem_1d) $(lpddr4_dmem_1d) $(lpddr4_ + @objcopy -I binary -O binary --pad-to 0x8000 --gap-fill=0x0 $(lpddr4_imem_1d) lpddr4_pmu_train_1d_imem_pad.bin + @objcopy -I binary -O binary --pad-to 0x4000 --gap-fill=0x0 $(lpddr4_dmem_1d) lpddr4_pmu_train_1d_dmem_pad.bin + @objcopy -I binary -O binary --pad-to 0x8000 --gap-fill=0x0 $(lpddr4_imem_2d) lpddr4_pmu_train_2d_imem_pad.bin ++ @objcopy -I binary -O binary --pad-to 0x4000 --gap-fill=0x0 $(lpddr4_dmem_2d) lpddr4_pmu_train_2d_dmem_pad.bin + @cat lpddr4_pmu_train_1d_imem_pad.bin lpddr4_pmu_train_1d_dmem_pad.bin > lpddr4_pmu_train_1d_fw.bin +- @cat lpddr4_pmu_train_2d_imem_pad.bin $(lpddr4_dmem_2d) > lpddr4_pmu_train_2d_fw.bin ++ @cat lpddr4_pmu_train_2d_imem_pad.bin lpddr4_pmu_train_2d_dmem_pad.bin > lpddr4_pmu_train_2d_fw.bin + @dd if=u-boot-spl.bin of=u-boot-spl-pad.bin bs=4 conv=sync + @cat u-boot-spl-pad.bin lpddr4_pmu_train_1d_fw.bin lpddr4_pmu_train_2d_fw.bin > u-boot-spl-ddr.bin + @rm -f u-boot-spl-pad.bin lpddr4_pmu_train_1d_fw.bin lpddr4_pmu_train_2d_fw.bin lpddr4_pmu_train_1d_imem_pad.bin lpddr4_pmu_train_1d_dmem_pad.bin lpddr4_pmu_train_2d_imem_pad.bin +@@ -116,8 +117,9 @@ u-boot-spl-ddr4.bin: u-boot-spl.bin $(ddr4_imem_1d) $(ddr4_dmem_1d) $(ddr4_imem_ + @objcopy -I binary -O binary --pad-to 0x8000 --gap-fill=0x0 $(ddr4_imem_1d) ddr4_imem_1d_pad.bin + @objcopy -I binary -O binary --pad-to 0x4000 --gap-fill=0x0 $(ddr4_dmem_1d) ddr4_dmem_1d_pad.bin + @objcopy -I binary -O binary --pad-to 0x8000 --gap-fill=0x0 $(ddr4_imem_2d) ddr4_imem_2d_pad.bin ++ @objcopy -I binary -O binary --pad-to 0x4000 --gap-fill=0x0 $(ddr4_dmem_2d) ddr4_dmem_2d_pad.bin + @cat ddr4_imem_1d_pad.bin ddr4_dmem_1d_pad.bin > ddr4_1d_fw.bin +- @cat ddr4_imem_2d_pad.bin $(ddr4_dmem_2d) > ddr4_2d_fw.bin ++ @cat ddr4_imem_2d_pad.bin ddr4_dmem_2d_pad.bin > ddr4_2d_fw.bin + @dd if=u-boot-spl.bin of=u-boot-spl-pad.bin bs=4 conv=sync + @cat u-boot-spl-pad.bin ddr4_1d_fw.bin ddr4_2d_fw.bin > u-boot-spl-ddr4.bin + @rm -f u-boot-spl-pad.bin ddr4_1d_fw.bin ddr4_2d_fw.bin ddr4_imem_1d_pad.bin ddr4_dmem_1d_pad.bin ddr4_imem_2d_pad.bin +@@ -127,10 +129,12 @@ ddr3_dmem_1d = ddr3_dmem_1d$(DDR_FW_VERSION).bin + + u-boot-spl-ddr3l.bin: u-boot-spl.bin $(ddr3_imem_1d) $(ddr3_dmem_1d) + @objcopy -I binary -O binary --pad-to 0x8000 --gap-fill=0x0 $(ddr3_imem_1d) ddr3_imem_1d.bin_pad.bin +- @cat ddr3_imem_1d.bin_pad.bin $(ddr3_dmem_1d) > ddr3_pmu_train_fw.bin ++ @objcopy -I binary -O binary --pad-to 0x4000 --gap-fill=0x0 $(ddr3_dmem_1d) ddr3_dmem_1d.bin_pad.bin ++ @cat ddr3_imem_1d.bin_pad.bin ddr3_dmem_1d.bin_pad.bin > ddr3_pmu_train_fw.bin ++ @dd if=/dev/zero of=ddr3_fw_zero_pad.bin bs=1 count=49152 conv=sync + @dd if=u-boot-spl.bin of=u-boot-spl-pad.bin bs=4 conv=sync +- @cat u-boot-spl-pad.bin ddr3_pmu_train_fw.bin > u-boot-spl-ddr3l.bin +- @rm -f u-boot-spl-pad.bin ddr3_pmu_train_fw.bin ddr3_imem_1d.bin_pad.bin ++ @cat u-boot-spl-pad.bin ddr3_pmu_train_fw.bin ddr3_fw_zero_pad.bin > u-boot-spl-ddr3l.bin ++ @rm -f u-boot-spl-pad.bin ddr3_pmu_train_fw.bin ddr3_imem_1d.bin_pad.bin ddr3_fw_zero_pad.bin + + u-boot-atf.bin: u-boot.bin bl31.bin + @cp bl31.bin u-boot-atf.bin diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/files/0004-LFU-573-2-imx8m-Reserve-new-IVT-CSF-for-FIT-FDT-sign.patch b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/files/0004-LFU-573-2-imx8m-Reserve-new-IVT-CSF-for-FIT-FDT-sign.patch new file mode 100644 index 000000000..54a2d385e --- /dev/null +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/files/0004-LFU-573-2-imx8m-Reserve-new-IVT-CSF-for-FIT-FDT-sign.patch @@ -0,0 +1,179 @@ +From: Ye Li +Date: Thu, 27 Jul 2023 09:52:33 +0800 +Subject: [PATCH] LFU-573-2 imx8m: Reserve new IVT+CSF for FIT FDT signature + +Without using FIT FDT hash, we also allow user to sign FIT FDT structure, +so that FIT image can upgrade individually. The option needs +CONFIG_IMX_SPL_FIT_FDT_SIGNATURE enabled in SPL. + +imx-mkimage will insert the new IVT for FIT FDT signature by default +and reserve the CSF (0x2000) for the FIT FDT signature. + +Signed-off-by: Ye Li +(cherry picked from commit 5a0faefc223e51e088433663b6e7d6fbce89bf59) +--- + iMX8M/mkimage_imx8.c | 30 +++++++++++++++++++++++++++++- + iMX8M/print_fit_hab.sh | 4 ++-- + iMX8M/soc.mak | 17 +++++++++-------- + 3 files changed, 40 insertions(+), 11 deletions(-) + +diff --git a/iMX8M/mkimage_imx8.c b/iMX8M/mkimage_imx8.c +index f8484d0..c2a6c29 100644 +--- a/iMX8M/mkimage_imx8.c ++++ b/iMX8M/mkimage_imx8.c +@@ -999,7 +999,7 @@ int generate_ivt_for_fit(int fd, int fit_offset, uint32_t ep, uint32_t *fit_load + } + + /* ep is the u-boot entry. SPL loads the FIT before the u-boot address. 0x2000 is for CSF_SIZE */ +- load_addr = (ep - (fit_size + CSF_SIZE) - 512 - ++ load_addr = (ep - (fit_size + 2 * CSF_SIZE) - 512 - + align_len) & ~align_len; + + flash_header_v2_t ivt_header = { { 0xd1, 0x2000, 0x40 }, +@@ -1013,6 +1013,24 @@ int generate_ivt_for_fit(int fd, int fit_offset, uint32_t ep, uint32_t *fit_load + exit(EXIT_FAILURE); + } + ++ ret = lseek(fd, fit_offset + fit_size + CSF_SIZE, SEEK_SET); ++ if (ret < 0) { ++ fprintf(stderr, "%s: lseek error %s\n", ++ __func__, strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ ++ flash_header_v2_t fdt_ivt_header = { { 0xd1, 0x2000, 0x40 }, ++ load_addr, 0, 0, 0, ++ (load_addr + fit_size + CSF_SIZE ), ++ (load_addr + fit_size + CSF_SIZE + 0x20), ++ 0 }; ++ ++ if (write(fd, &fdt_ivt_header, sizeof(flash_header_v2_t)) != sizeof(flash_header_v2_t)) { ++ fprintf(stderr, "FIT FDT IVT writing error on fit image\n"); ++ exit(EXIT_FAILURE); ++ } ++ + *fit_load_addr = load_addr; + + return fit_offset + fit_size; +@@ -1229,6 +1247,11 @@ int main(int argc, char **argv) + fprintf(stderr, " fit hab block: \t0x%x 0x%x 0x%x\n", + sld_load_addr, sld_src_off, sld_csf_off - sld_src_off); + ++ fprintf(stderr, " fit-fdt_csf_off \t0x%x\n", ++ sld_csf_off + CSF_SIZE); ++ fprintf(stderr, " fit-fdt hab block: \t0x%x 0x%x 0x%x\n", ++ sld_load_addr, sld_src_off, sld_csf_off + CSF_SIZE - sld_src_off); ++ + exit(0); + } + +@@ -1769,6 +1792,11 @@ int main(int argc, char **argv) + fprintf(stderr, " sld hab block: \t0x%x 0x%x 0x%x\n", + sld_load_addr, sld_header_off, sld_csf_off - sld_header_off); + ++ fprintf(stderr, " fit-fdt csf_off \t0x%x\n", ++ sld_csf_off + CSF_SIZE); ++ fprintf(stderr, " fit-fdt hab block: \t0x%x 0x%x 0x%x\n", ++ sld_load_addr, sld_header_off, sld_csf_off + CSF_SIZE - sld_header_off); ++ + return 0; + } + +diff --git a/iMX8M/print_fit_hab.sh b/iMX8M/print_fit_hab.sh +index 6f1a22d..d1e344a 100755 +--- a/iMX8M/print_fit_hab.sh ++++ b/iMX8M/print_fit_hab.sh +@@ -24,10 +24,10 @@ fi + + if [ "$BOOT_DEV" = "flexspi" ] || [ ${fit_off} == 0 ]; then + # We dd flash.bin to 0 offset for flexspi +- let uboot_sign_off=$((fit_off + 0x3000)) ++ let uboot_sign_off=$((fit_off + $FIT_DATA_POS)) + else + # We dd flash.bin to 33KB "0x8400" offset, so need minus 0x8400 +- let uboot_sign_off=$((fit_off - 0x8000 - ivt_off + 0x3000)) ++ let uboot_sign_off=$((fit_off - 0x8000 - ivt_off + $FIT_DATA_POS)) + fi + + let uboot_size=$(stat --printf="%s" $BL33) +diff --git a/iMX8M/soc.mak b/iMX8M/soc.mak +index a30523b..d4946dc 100644 +--- a/iMX8M/soc.mak ++++ b/iMX8M/soc.mak +@@ -84,6 +84,7 @@ VERSION = v1 + CAPSULE_GUID = 296119cf-dd70-43de-8ac8-a7051f312577 + endif + ++FIT_EXTERNAL_POSITION = 0x5000 + + FW_DIR = imx-boot/imx-boot-tools/$(PLAT) + +@@ -158,7 +159,7 @@ u-boot.itb: $(dtb) + ./$(PAD_IMAGE) bl31.bin + ./$(PAD_IMAGE) u-boot-nodtb.bin $(dtb) + BL32=$(TEE) DEK_BLOB_LOAD_ADDR=$(DEK_BLOB_LOAD_ADDR) TEE_LOAD_ADDR=$(TEE_LOAD_ADDR) ATF_LOAD_ADDR=$(ATF_LOAD_ADDR) ../$(SOC_DIR)/mkimage_fit_atf.sh $(dtb) > u-boot.its +- mkimage -E -p 0x3000 -f u-boot.its u-boot.itb ++ mkimage -E -p $(FIT_EXTERNAL_POSITION) -f u-boot.its u-boot.itb + @rm -f u-boot.its + + dtb_ddr3l = valddr3l.dtb +@@ -170,7 +171,7 @@ u-boot-ddr3l.itb: $(dtb_ddr3l) + ./$(PAD_IMAGE) bl31.bin + ./$(PAD_IMAGE) u-boot-nodtb.bin $(dtb_ddr3l) + DEK_BLOB_LOAD_ADDR=$(DEK_BLOB_LOAD_ADDR) TEE_LOAD_ADDR=$(TEE_LOAD_ADDR) ATF_LOAD_ADDR=$(ATF_LOAD_ADDR) ../$(SOC_DIR)/mkimage_fit_atf.sh $(dtb_ddr3l) > u-boot-ddr3l.its +- mkimage -E -p 0x3000 -f u-boot-ddr3l.its u-boot-ddr3l.itb ++ mkimage -E -p $(FIT_EXTERNAL_POSITION) -f u-boot-ddr3l.its u-boot-ddr3l.itb + @rm -f u-boot.its $(dtb_ddr3l) + + dtb_ddr3l_evk = evkddr3l.dtb +@@ -182,7 +183,7 @@ u-boot-ddr3l-evk.itb: $(dtb_ddr3l_evk) + ./$(PAD_IMAGE) bl31.bin + ./$(PAD_IMAGE) u-boot-nodtb.bin $(dtb_ddr3l_evk) + DEK_BLOB_LOAD_ADDR=$(DEK_BLOB_LOAD_ADDR) TEE_LOAD_ADDR=$(TEE_LOAD_ADDR) ATF_LOAD_ADDR=$(ATF_LOAD_ADDR) ../$(SOC_DIR)/mkimage_fit_atf.sh $(dtb_ddr3l_evk) > u-boot-ddr3l-evk.its +- mkimage -E -p 0x3000 -f u-boot-ddr3l-evk.its u-boot-ddr3l-evk.itb ++ mkimage -E -p $(FIT_EXTERNAL_POSITION) -f u-boot-ddr3l-evk.its u-boot-ddr3l-evk.itb + @rm -f u-boot.its $(dtb_ddr3l_evk) + + dtb_ddr4 = valddr4.dtb +@@ -194,7 +195,7 @@ u-boot-ddr4.itb: $(dtb_ddr4) + ./$(PAD_IMAGE) bl31.bin + ./$(PAD_IMAGE) u-boot-nodtb.bin $(dtb_ddr4) + DEK_BLOB_LOAD_ADDR=$(DEK_BLOB_LOAD_ADDR) TEE_LOAD_ADDR=$(TEE_LOAD_ADDR) ATF_LOAD_ADDR=$(ATF_LOAD_ADDR) ../$(SOC_DIR)/mkimage_fit_atf.sh $(dtb_ddr4) > u-boot-ddr4.its +- mkimage -E -p 0x3000 -f u-boot-ddr4.its u-boot-ddr4.itb ++ mkimage -E -p $(FIT_EXTERNAL_POSITION) -f u-boot-ddr4.its u-boot-ddr4.itb + @rm -f u-boot.its $(dtb_ddr4) + + dtb_ddr4_evk = evkddr4.dtb +@@ -206,7 +207,7 @@ u-boot-ddr4-evk.itb: $(dtb_ddr4_evk) + ./$(PAD_IMAGE) bl31.bin + ./$(PAD_IMAGE) u-boot-nodtb.bin $(dtb_ddr4_evk) + DEK_BLOB_LOAD_ADDR=$(DEK_BLOB_LOAD_ADDR) TEE_LOAD_ADDR=$(TEE_LOAD_ADDR) ATF_LOAD_ADDR=$(ATF_LOAD_ADDR) ../$(SOC_DIR)/mkimage_fit_atf.sh $(dtb_ddr4_evk) > u-boot-ddr4-evk.its +- mkimage -E -p 0x3000 -f u-boot-ddr4-evk.its u-boot-ddr4-evk.itb ++ mkimage -E -p $(FIT_EXTERNAL_POSITION) -f u-boot-ddr4-evk.its u-boot-ddr4-evk.itb + @rm -f u-boot.its $(dtb_ddr4_evk) + + ifeq ($(HDMI),yes) +@@ -326,20 +327,20 @@ print_fit_hab: u-boot-nodtb.bin bl31.bin $(dtb) + ./$(PAD_IMAGE) $(TEE) 2>&1 | tee $(MKIMAGE_LOG) + ./$(PAD_IMAGE) bl31.bin + ./$(PAD_IMAGE) u-boot-nodtb.bin $(dtb) +- { echo $@; TEE_LOAD_ADDR=$(TEE_LOAD_ADDR) ATF_LOAD_ADDR=$(ATF_LOAD_ADDR) VERSION=$(VERSION) ../$(SOC_DIR)/print_fit_hab.sh $(PRINT_FIT_HAB_OFFSET) $(dtb) 2>&1; } | tee -a $(MKIMAGE_LOG) ++ { echo $@; FIT_DATA_POS=$(FIT_EXTERNAL_POSITION) TEE_LOAD_ADDR=$(TEE_LOAD_ADDR) ATF_LOAD_ADDR=$(ATF_LOAD_ADDR) VERSION=$(VERSION) ../$(SOC_DIR)/print_fit_hab.sh $(PRINT_FIT_HAB_OFFSET) $(dtb) 2>&1; } | tee -a $(MKIMAGE_LOG) + + print_fit_hab_ddr4: u-boot-nodtb.bin bl31.bin $(dtb_ddr4_evk) + ./$(PAD_IMAGE) $(TEE) + ./$(PAD_IMAGE) bl31.bin + ./$(PAD_IMAGE) u-boot-nodtb.bin $(dtb_ddr4_evk) +- TEE_LOAD_ADDR=$(TEE_LOAD_ADDR) ATF_LOAD_ADDR=$(ATF_LOAD_ADDR) VERSION=$(VERSION) ../$(SOC_DIR)/print_fit_hab.sh $(PRINT_FIT_HAB_OFFSET) $(dtb_ddr4_evk) ++ FIT_DATA_POS=$(FIT_EXTERNAL_POSITION) TEE_LOAD_ADDR=$(TEE_LOAD_ADDR) ATF_LOAD_ADDR=$(ATF_LOAD_ADDR) VERSION=$(VERSION) ../$(SOC_DIR)/print_fit_hab.sh $(PRINT_FIT_HAB_OFFSET) $(dtb_ddr4_evk) + @rm -f $(dtb_ddr4_evk) + + print_fit_hab_flexspi: u-boot-nodtb.bin bl31.bin $(dtb) + ./$(PAD_IMAGE) $(TEE) + ./$(PAD_IMAGE) bl31.bin + ./$(PAD_IMAGE) u-boot-nodtb.bin $(dtb) +- TEE_LOAD_ADDR=$(TEE_LOAD_ADDR) ATF_LOAD_ADDR=$(ATF_LOAD_ADDR) VERSION=$(VERSION) BOOT_DEV="flexspi" ../$(SOC_DIR)/print_fit_hab.sh $(PRINT_FIT_HAB_OFFSET) $(dtb) ++ FIT_DATA_POS=$(FIT_EXTERNAL_POSITION) TEE_LOAD_ADDR=$(TEE_LOAD_ADDR) ATF_LOAD_ADDR=$(ATF_LOAD_ADDR) VERSION=$(VERSION) BOOT_DEV="flexspi" ../$(SOC_DIR)/print_fit_hab.sh $(PRINT_FIT_HAB_OFFSET) $(dtb) + @rm -f $(dtb) + + nightly : diff --git a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/imx-boot_1.0.bbappend b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/imx-boot_1.0.bbappend index dc26c104f..39c64d6b5 100644 --- a/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/imx-boot_1.0.bbappend +++ b/meta-digi-arm/dynamic-layers/freescale-layer/recipes-bsp/imx-mkimage/imx-boot_1.0.bbappend @@ -5,6 +5,8 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/files:" SRC_URI:append:ccimx8m = " \ file://0001-imx8m-soc.mak-preserve-dtbs-after-build.patch \ file://0002-imx8m-soc.mak-capture-commands-output-into-a-log-fil.patch \ + file://0003-LFU-573-1-imx8m-Generate-hash-of-FIT-FDT-structure-t.patch \ + file://0004-LFU-573-2-imx8m-Reserve-new-IVT-CSF-for-FIT-FDT-sign.patch \ " SRC_URI:append:ccimx93 = " \