Merge branch 'master' of git://www.denx.de/git/u-boot-imx

.gitignore

@@ -31,7 +31,7 @@
 # Top-level generic files
 #
 /MLO*
-/SPL
+/SPL*
 /System.map
 /u-boot*
 /boards.cfg

Makefile

@@ -763,7 +763,11 @@ ALL-$(CONFIG_RAMBOOT_PBL) += u-boot.pbl
 endif
 endif
 ALL-$(CONFIG_SPL) += spl/u-boot-spl.bin
+ifeq ($(CONFIG_MX6)$(CONFIG_SECURE_BOOT), yy)
+ALL-$(CONFIG_SPL_FRAMEWORK) += u-boot-ivt.img
+else
 ALL-$(CONFIG_SPL_FRAMEWORK) += u-boot.img
+endif
 ALL-$(CONFIG_TPL) += tpl/u-boot-tpl.bin
 ALL-$(CONFIG_OF_SEPARATE) += u-boot.dtb
 ifeq ($(CONFIG_SPL_FRAMEWORK),y)
@@ -809,9 +813,11 @@ cmd_zobjcopy = $(OBJCOPY) $(OBJCOPYFLAGS) $(OBJCOPYFLAGS_$(@F)) $< $@
 quiet_cmd_efipayload = OBJCOPY $@
 cmd_efipayload = $(OBJCOPY) -I binary -O $(EFIPAYLOAD_BFDTARGET) -B $(EFIPAYLOAD_BFDARCH) $< $@
 
+MKIMAGEOUTPUT ?= /dev/null
+
 quiet_cmd_mkimage = MKIMAGE $@
 cmd_mkimage = $(objtree)/tools/mkimage $(MKIMAGEFLAGS_$(@F)) -d $< $@ \
-	$(if $(KBUILD_VERBOSE:1=), >/dev/null)
+	$(if $(KBUILD_VERBOSE:1=), >$(MKIMAGEOUTPUT))
 
 quiet_cmd_cat = CAT     $@
 cmd_cat = cat $(filter-out $(PHONY), $^) > $@
@@ -938,6 +944,11 @@ else
 MKIMAGEFLAGS_u-boot.img = -A $(ARCH) -T firmware -C none -O u-boot \
 	-a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
 	-n "U-Boot $(UBOOTRELEASE) for $(BOARD) board"
+MKIMAGEFLAGS_u-boot-ivt.img = -A $(ARCH) -T firmware_ivt -C none -O u-boot \
+	-a $(CONFIG_SYS_TEXT_BASE) -e $(CONFIG_SYS_UBOOT_START) \
+	-n "U-Boot $(UBOOTRELEASE) for $(BOARD) board"
+u-boot-ivt.img: MKIMAGEOUTPUT = u-boot-ivt.img.log
+CLEAN_FILES += u-boot-ivt.img.log u-boot-dtb.imx.log SPL.log u-boot.imx.log
 endif
 
 MKIMAGEFLAGS_u-boot-dtb.img = $(MKIMAGEFLAGS_u-boot.img)
@@ -951,7 +962,7 @@ MKIMAGEFLAGS_u-boot-spl.kwb = -n $(srctree)/$(CONFIG_SYS_KWD_CONFIG:"%"=%) \
 MKIMAGEFLAGS_u-boot.pbl = -n $(srctree)/$(CONFIG_SYS_FSL_PBL_RCW:"%"=%) \
 		-R $(srctree)/$(CONFIG_SYS_FSL_PBL_PBI:"%"=%) -T pblimage
 
-u-boot-dtb.img u-boot.img u-boot.kwb u-boot.pbl: \
+u-boot-dtb.img u-boot.img u-boot.kwb u-boot.pbl u-boot-ivt.img: \
 		$(if $(CONFIG_SPL_LOAD_FIT),u-boot-nodtb.bin dts/dt.dtb,u-boot.bin) FORCE
 	$(call if_changed,mkimage)
 

arch/arm/Makefile

@@ -95,7 +95,7 @@ libs-y += arch/arm/cpu/
 libs-y += arch/arm/lib/
 
 ifeq ($(CONFIG_SPL_BUILD),y)
-ifneq (,$(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_MX35)$(filter $(SOC), mx25 mx27 mx5 mx6 mx7 mx31 mx35))
+ifneq (,$(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_MX35)$(filter $(SOC), mx25 mx5 mx6 mx7 mx35))
 libs-y += arch/arm/imx-common/
 endif
 else

arch/arm/imx-common/Makefile

@@ -34,9 +34,11 @@ endif
 ifeq ($(SOC),$(filter $(SOC),vf610))
 obj-y += ddrmc-vf610.o
 endif
+ifneq ($(CONFIG_SPL_BUILD),y)
 obj-$(CONFIG_CMD_BMODE) += cmd_bmode.o
 obj-$(CONFIG_CMD_HDMIDETECT) += cmd_hdmidet.o
 obj-$(CONFIG_CMD_DEKBLOB) += cmd_dek.o
+endif
 
 PLUGIN = board/$(BOARDDIR)/plugin
 
@@ -66,6 +68,7 @@ $(IMX_CONFIG): %.cfgtmp: % FORCE
 
 MKIMAGEFLAGS_u-boot.imx = -n $(filter-out $(PLUGIN).bin $< $(PHONY),$^) -T imximage \
 	-e $(CONFIG_SYS_TEXT_BASE)
+u-boot.imx: MKIMAGEOUTPUT = u-boot.imx.log
 
 u-boot.imx: u-boot.bin $(IMX_CONFIG) $(PLUGIN).bin FORCE
 	$(call if_changed,mkimage)
@@ -73,6 +76,7 @@ u-boot.imx: u-boot.bin $(IMX_CONFIG) $(PLUGIN).bin FORCE
 ifeq ($(CONFIG_OF_SEPARATE),y)
 MKIMAGEFLAGS_u-boot-dtb.imx = -n $(filter-out $(PLUGIN).bin $< $(PHONY),$^) -T imximage \
 	-e $(CONFIG_SYS_TEXT_BASE)
+u-boot-dtb.imx: MKIMAGEOUTPUT = u-boot-dtb.imx.log
 
 u-boot-dtb.imx: u-boot-dtb.bin $(IMX_CONFIG) $(PLUGIN).bin FORCE
 	$(call if_changed,mkimage)
@@ -81,6 +85,8 @@ endif
 MKIMAGEFLAGS_SPL = -n $(filter-out $(PLUGIN).bin $< $(PHONY),$^) -T imximage \
 	-e $(CONFIG_SPL_TEXT_BASE)
 
+SPL: MKIMAGEOUTPUT = SPL.log
+
 SPL: spl/u-boot-spl.bin $(IMX_CONFIG) $(PLUGIN).bin FORCE
 	$(call if_changed,mkimage)
 

arch/arm/imx-common/hab.c

@@ -110,6 +110,10 @@
  * +------------+ + CSF_PAD_SIZE
  */
 
+static bool is_hab_enabled(void);
+
+#if !defined(CONFIG_SPL_BUILD)
+
 #define MAX_RECORD_BYTES     (8*1024) /* 4 kbytes */
 
 struct record {
@@ -257,22 +261,6 @@ uint8_t hab_engines[16] = {
 	-1
 };
 
-bool is_hab_enabled(void)
-{
-	struct imx_sec_config_fuse_t *fuse =
-		(struct imx_sec_config_fuse_t *)&imx_sec_config_fuse;
-	uint32_t reg;
-	int ret;
-
-	ret = fuse_read(fuse->bank, fuse->word, &reg);
-	if (ret) {
-		puts("\nSecure boot fuse read error\n");
-		return ret;
-	}
-
-	return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT;
-}
-
 static inline uint8_t get_idx(uint8_t *list, uint8_t tgt)
 {
 	uint8_t idx = 0;
@@ -359,6 +347,68 @@ int get_hab_status(void)
 	return 0;
 }
 
+int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
+{
+	if ((argc != 1)) {
+		cmd_usage(cmdtp);
+		return 1;
+	}
+
+	get_hab_status();
+
+	return 0;
+}
+
+static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc,
+				char * const argv[])
+{
+	ulong	addr, ivt_offset;
+	int	rcode = 0;
+
+	if (argc < 3)
+		return CMD_RET_USAGE;
+
+	addr = simple_strtoul(argv[1], NULL, 16);
+	ivt_offset = simple_strtoul(argv[2], NULL, 16);
+
+	rcode = authenticate_image(addr, ivt_offset);
+
+	return rcode;
+}
+
+U_BOOT_CMD(
+		hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status,
+		"display HAB status",
+		""
+	  );
+
+U_BOOT_CMD(
+		hab_auth_img, 3, 0, do_authenticate_image,
+		"authenticate image via HAB",
+		"addr ivt_offset\n"
+		"addr - image hex address\n"
+		"ivt_offset - hex offset of IVT in the image"
+	  );
+
+
+#endif /* !defined(CONFIG_SPL_BUILD) */
+
+static bool is_hab_enabled(void)
+{
+	struct imx_sec_config_fuse_t *fuse =
+		(struct imx_sec_config_fuse_t *)&imx_sec_config_fuse;
+	uint32_t reg;
+	int ret;
+
+	ret = fuse_read(fuse->bank, fuse->word, &reg);
+	if (ret) {
+		puts("\nSecure boot fuse read error\n");
+		return ret;
+	}
+
+	return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT;
+}
+
 uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size)
 {
 	uint32_t load_addr = 0;
@@ -400,7 +450,9 @@ uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size)
 				     (void *)(ddr_start + ivt_offset+IVT_SIZE),
 				     4, 0x10, 0);
 
+#if  !defined(CONFIG_SPL_BUILD)
 			get_hab_status();
+#endif
 
 			puts("\nCalling authenticate_image in ROM\n");
 			printf("\tivt_offset = 0x%x\n", ivt_offset);
@@ -449,7 +501,9 @@ uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size)
 
 		hab_caam_clock_enable(0);
 
+#if !defined(CONFIG_SPL_BUILD)
 		get_hab_status();
+#endif
 	} else {
 		puts("hab fuse not enabled\n");
 	}
@@ -459,46 +513,3 @@ uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size)
 
 	return result;
 }
-
-int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
-{
-	if ((argc != 1)) {
-		cmd_usage(cmdtp);
-		return 1;
-	}
-
-	get_hab_status();
-
-	return 0;
-}
-
-static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc,
-				char * const argv[])
-{
-	ulong	addr, ivt_offset;
-	int	rcode = 0;
-
-	if (argc < 3)
-		return CMD_RET_USAGE;
-
-	addr = simple_strtoul(argv[1], NULL, 16);
-	ivt_offset = simple_strtoul(argv[2], NULL, 16);
-
-	rcode = authenticate_image(addr, ivt_offset);
-
-	return rcode;
-}
-
-U_BOOT_CMD(
-		hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status,
-		"display HAB status",
-		""
-	  );
-
-U_BOOT_CMD(
-		hab_auth_img, 3, 0, do_authenticate_image,
-		"authenticate image via HAB",
-		"addr ivt_offset\n"
-		"addr - image hex address\n"
-		"ivt_offset - hex offset of IVT in the image"
-	  );

arch/arm/imx-common/spl.c

@@ -12,6 +12,7 @@
 #include <asm/arch/imx-regs.h>
 #include <asm/spl.h>
 #include <spl.h>
+#include <asm/imx-common/hab.h>
 
 #if defined(CONFIG_MX6)
 /* determine boot device from SRC_SBMR1 (BOOT_CFG[4:1]) or SRC_GPR9 register */
@@ -90,3 +91,27 @@ u32 spl_boot_mode(const u32 boot_device)
 	}
 }
 #endif
+
+#if defined(CONFIG_SECURE_BOOT)
+
+__weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image)
+{
+	typedef void __noreturn (*image_entry_noargs_t)(void);
+
+	image_entry_noargs_t image_entry =
+		(image_entry_noargs_t)(unsigned long)spl_image->entry_point;
+
+	debug("image entry point: 0x%X\n", spl_image->entry_point);
+
+	/* HAB looks for the CSF at the end of the authenticated data therefore,
+	 * we need to subtract the size of the CSF from the actual filesize */
+	if (authenticate_image(spl_image->load_addr,
+			       spl_image->size - CONFIG_CSF_SIZE)) {
+		image_entry();
+	} else {
+		puts("spl: ERROR:  image authentication unsuccessful\n");
+		hang();
+	}
+}
+
+#endif

arch/arm/imx-common/spl_sd.cfg

@@ -4,5 +4,15 @@
  * SPDX-License-Identifier:	GPL-2.0+
  */
 
+#define __ASSEMBLY__
+#include <config.h>
+
 IMAGE_VERSION	2
 BOOT_FROM	sd
+
+/*
+ * Secure boot support
+ */
+#ifdef CONFIG_SECURE_BOOT
+CSF CONFIG_CSF_SIZE
+#endif

arch/arm/include/asm/imx-common/hab.h

@@ -145,4 +145,6 @@ typedef void hapi_clock_init_t(void);
 
 /* ----------- end of HAB API updates ------------*/
 
+uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size);
+
 #endif

board/engicam/geam6ul/MAINTAINERS

@@ -4,3 +4,4 @@ S:	Maintained
 F:	board/engicam/geam6ul
 F:	include/configs/imx6ul_geam.h
 F:	configs/imx6ul_geam_mmc_defconfig
+F:	configs/imx6ul_geam_nand_defconfig

board/freescale/mx6qsabreauto/mx6qsabreauto.c

@@ -231,6 +231,33 @@ static void eimnor_cs_setup(void)
 	set_chipselect_size(CS0_128);
 }
 
+static void eim_clk_setup(void)
+{
+	struct mxc_ccm_reg *imx_ccm = (struct mxc_ccm_reg *)CCM_BASE_ADDR;
+	int cscmr1, ccgr6;
+
+
+	/* Turn off EIM clock */
+	ccgr6 = readl(&imx_ccm->CCGR6);
+	ccgr6 &= ~(0x3 << 10);
+	writel(ccgr6, &imx_ccm->CCGR6);
+
+	/*
+	 * Configure clk_eim_slow_sel = 00 --> derive clock from AXI clk root
+	 * and aclk_eim_slow_podf = 01 --> divide by 2
+	 * so that we can have EIM at the maximum clock of 132MHz
+	 */
+	cscmr1 = readl(&imx_ccm->cscmr1);
+	cscmr1 &= ~(MXC_CCM_CSCMR1_ACLK_EMI_SLOW_MASK |
+		    MXC_CCM_CSCMR1_ACLK_EMI_SLOW_PODF_MASK);
+	cscmr1 |= (1 << MXC_CCM_CSCMR1_ACLK_EMI_SLOW_PODF_OFFSET);
+	writel(cscmr1, &imx_ccm->cscmr1);
+
+	/* Turn on EIM clock */
+	ccgr6 |= (0x3 << 10);
+	writel(ccgr6, &imx_ccm->CCGR6);
+}
+
 static void setup_iomux_eimnor(void)
 {
 	imx_iomux_v3_setup_multiple_pads(eimnor_pads, ARRAY_SIZE(eimnor_pads));
@@ -519,6 +546,7 @@ int board_early_init_f(void)
 #ifdef CONFIG_NAND_MXS
 	setup_gpmi_nand();
 #endif
+	eim_clk_setup();
 
 	return 0;
 }

board/udoo/neo/neo.c

@@ -349,9 +349,9 @@ int board_init(void)
 	/* Active high for ncp692 */
 	gpio_direction_output(IMX_GPIO_NR(4, 16) , 1);
 
-	#ifdef CONFIG_SYS_I2C_MXC
+#ifdef CONFIG_SYS_I2C_MXC
 	setup_i2c(0, CONFIG_SYS_I2C_SPEED, 0x7f, &i2c_pad_info1);
-	#endif
+#endif
 
 	return 0;
 }
@@ -389,9 +389,8 @@ int board_early_init_f(void)
 	return 0;
 }
 
-static struct fsl_esdhc_cfg usdhc_cfg[2] = {
+static struct fsl_esdhc_cfg usdhc_cfg[1] = {
 	{USDHC2_BASE_ADDR, 0, 4},
-	{USDHC3_BASE_ADDR, 0, 4},
 };
 
 #define USDHC2_PWR_GPIO IMX_GPIO_NR(6, 1)

board/warp7/warp7.c

@@ -19,6 +19,7 @@
 #include <mmc.h>
 #include <asm/arch/crm_regs.h>
 #include <usb.h>
+#include <netdev.h>
 #include <power/pmic.h>
 #include <power/pfuze3000_pmic.h>
 #include "../freescale/common/pfuze.h"
@@ -138,6 +139,19 @@ int power_init_board(void)
 }
 #endif
 
+int board_eth_init(bd_t *bis)
+{
+	int ret = 0;
+
+#ifdef CONFIG_USB_ETHER
+	ret = usb_eth_initialize(bis);
+	if (ret < 0)
+		printf("Error %d registering USB ether.\n", ret);
+#endif
+
+	return ret;
+}
+
 int board_init(void)
 {
 	/* address of boot parameters */

common/image.c

@@ -166,6 +166,7 @@ static const table_entry_t uimage_type[] = {
 	{	IH_TYPE_ZYNQMPIMAGE, "zynqmpimage", "Xilinx ZynqMP Boot Image" },
 	{	IH_TYPE_FPGA,       "fpga",       "FPGA Image" },
 	{       IH_TYPE_TEE,        "tee",        "Trusted Execution Environment Image",},
+	{	IH_TYPE_FIRMWARE_IVT, "firmware_ivt", "Firmware with HABv4 IVT" },
 	{	-1,		    "",		  "",			},
 };
 
@@ -365,6 +366,11 @@ void image_print_contents(const void *ptr)
 				printf("%s    Offset = 0x%08lx\n", p, data);
 			}
 		}
+	} else if (image_check_type(hdr, IH_TYPE_FIRMWARE_IVT)) {
+		printf("HAB Blocks:   0x%08x   0x0000   0x%08x\n",
+				image_get_load(hdr) - image_get_header_size(),
+				image_get_size(hdr) + image_get_header_size()
+						- 0x1FE0);
 	}
 }
 

configs/imx6dl_icore_mmc_defconfig

@@ -16,7 +16,9 @@ CONFIG_DEFAULT_FDT_FILE="imx6dl-icore.dtb"
 CONFIG_SPL=y
 CONFIG_HUSH_PARSER=y
 CONFIG_SYS_PROMPT="icorem6qdl> "
-CONFIG_CMD_BOOTZ=y
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_FIT_SIGNATURE=y
 # CONFIG_CMD_IMLS is not set
 CONFIG_CMD_MEMTEST=y
 CONFIG_CMD_MMC=y

configs/imx6dl_icore_nand_defconfig

@@ -15,15 +15,23 @@ CONFIG_SPL=y
 CONFIG_SPL_DMA_SUPPORT=y
 CONFIG_HUSH_PARSER=y
 CONFIG_SYS_PROMPT="icorem6qdl> "
-CONFIG_CMD_BOOTZ=y
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_FIT_SIGNATURE=y
 # CONFIG_CMD_IMLS is not set
 CONFIG_CMD_MEMTEST=y
+CONFIG_CMD_MMC=y
 CONFIG_CMD_NAND=y
+CONFIG_CMD_UBI=y
 CONFIG_CMD_I2C=y
 CONFIG_CMD_GPIO=y
 CONFIG_CMD_MII=y
 CONFIG_CMD_PING=y
 CONFIG_CMD_CACHE=y
+CONFIG_CMD_EXT4=y
+CONFIG_CMD_EXT4_WRITE=y
+CONFIG_CMD_FAT=y
+CONFIG_CMD_FS_GENERIC=y
 # CONFIG_BLK is not set
 CONFIG_SYS_I2C_MXC=y
 # CONFIG_DM_MMC_OPS is not set

configs/imx6dl_icore_rqs_mmc_defconfig

@@ -14,8 +14,10 @@ CONFIG_BOOTDELAY=3
 CONFIG_DEFAULT_FDT_FILE="imx6dl-icore-rqs.dtb"
 CONFIG_SPL=y
 CONFIG_HUSH_PARSER=y
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_FIT_SIGNATURE=y
 CONFIG_SYS_PROMPT="icorem6qdl-rqs> "
-CONFIG_CMD_BOOTZ=y
 # CONFIG_CMD_IMLS is not set
 CONFIG_CMD_MEMTEST=y
 CONFIG_CMD_MMC=y

configs/imx6q_icore_mmc_defconfig

@@ -15,8 +15,10 @@ CONFIG_BOOTDELAY=3
 CONFIG_DEFAULT_FDT_FILE="imx6q-icore.dtb"
 CONFIG_SPL=y
 CONFIG_HUSH_PARSER=y
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_FIT_SIGNATURE=y
 CONFIG_SYS_PROMPT="icorem6qdl> "
-CONFIG_CMD_BOOTZ=y
 # CONFIG_CMD_IMLS is not set
 CONFIG_CMD_MEMTEST=y
 CONFIG_CMD_MMC=y

configs/imx6q_icore_nand_defconfig

@@ -14,16 +14,24 @@ CONFIG_DEFAULT_FDT_FILE="imx6q-icore.dtb"
 CONFIG_SPL=y
 CONFIG_SPL_DMA_SUPPORT=y
 CONFIG_HUSH_PARSER=y
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_FIT_SIGNATURE=y
 CONFIG_SYS_PROMPT="icorem6qdl> "
-CONFIG_CMD_BOOTZ=y
 # CONFIG_CMD_IMLS is not set
 CONFIG_CMD_MEMTEST=y
+CONFIG_CMD_MMC=y
 CONFIG_CMD_NAND=y
+CONFIG_CMD_UBI=y
 CONFIG_CMD_I2C=y
 CONFIG_CMD_GPIO=y
 CONFIG_CMD_MII=y
 CONFIG_CMD_PING=y
 CONFIG_CMD_CACHE=y
+CONFIG_CMD_EXT4=y
+CONFIG_CMD_EXT4_WRITE=y
+CONFIG_CMD_FAT=y
+CONFIG_CMD_FS_GENERIC=y
 # CONFIG_BLK is not set
 CONFIG_SYS_I2C_MXC=y
 # CONFIG_DM_MMC_OPS is not set

configs/imx6q_icore_rqs_mmc_defconfig

@@ -14,8 +14,10 @@ CONFIG_BOOTDELAY=3
 CONFIG_DEFAULT_FDT_FILE="imx6q-icore-rqs.dtb"
 CONFIG_SPL=y
 CONFIG_HUSH_PARSER=y
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_FIT_SIGNATURE=y
 CONFIG_SYS_PROMPT="icorem6qdl-rqs> "
-CONFIG_CMD_BOOTZ=y
 # CONFIG_CMD_IMLS is not set
 CONFIG_CMD_MEMTEST=y
 CONFIG_CMD_MMC=y

configs/imx6ul_geam_mmc_defconfig

@@ -14,8 +14,10 @@ CONFIG_BOOTDELAY=3
 CONFIG_DEFAULT_FDT_FILE="imx6ul-geam-kit.dtb"
 CONFIG_SPL=y
 CONFIG_HUSH_PARSER=y
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_FIT_SIGNATURE=y
 CONFIG_SYS_PROMPT="geam6ul> "
-CONFIG_CMD_BOOTZ=y
 # CONFIG_CMD_IMLS is not set
 CONFIG_CMD_MEMTEST=y
 CONFIG_CMD_MMC=y

configs/imx6ul_geam_nand_defconfig

@@ -13,20 +13,30 @@ CONFIG_DEFAULT_FDT_FILE="imx6ul-geam-kit.dtb"
 CONFIG_SPL=y
 CONFIG_SPL_DMA_SUPPORT=y
 CONFIG_HUSH_PARSER=y
+CONFIG_FIT=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_FIT_SIGNATURE=y
 CONFIG_SYS_PROMPT="geam6ul> "
-CONFIG_CMD_BOOTZ=y
 # CONFIG_CMD_IMLS is not set
 CONFIG_CMD_MEMTEST=y
+CONFIG_CMD_MMC=y
 CONFIG_CMD_NAND=y
+CONFIG_CMD_UBI=y
 CONFIG_CMD_GPIO=y
 CONFIG_CMD_MII=y
 CONFIG_CMD_PING=y
 CONFIG_CMD_CACHE=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_EXT4=y
+CONFIG_CMD_EXT4_WRITE=y
+CONFIG_CMD_FAT=y
+CONFIG_CMD_FS_GENERIC=y
 # CONFIG_BLK is not set
 # CONFIG_DM_MMC_OPS is not set
 CONFIG_NAND_MXS=y
 CONFIG_FEC_MXC=y
 CONFIG_PINCTRL=y
 CONFIG_PINCTRL_IMX6=y
+CONFIG_SYS_I2C_MXC=y
 CONFIG_MXC_UART=y
 CONFIG_IMX_THERMAL=y

configs/warp7_defconfig

@@ -35,3 +35,8 @@ CONFIG_G_DNL_MANUFACTURER="FSL"
 CONFIG_G_DNL_VENDOR_NUM=0x0525
 CONFIG_G_DNL_PRODUCT_NUM=0xa4a5
 CONFIG_OF_LIBFDT=y
+
+CONFIG_CMD_NET=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_CMD_DHCP=y
+

doc/README.imx6

@@ -138,3 +138,52 @@ c
 The last "c" command tells kermit (from ckermit package in most distros)
 to switch from command line mode to communication mode, and when the
 script is finished, the U-Boot prompt is shown in the same shell.
+
+3. Using Secure Boot on i.MX6 machines with SPL support
+-------------------------------------------------------
+
+This version of U-Boot is able to build a signable version of the SPL
+as well as a signable version of the U-Boot image. The signature can
+be verified through High Assurance Boot (HAB).
+
+CONFIG_SECURE_BOOT is needed to build those two binaries.
+After building, you need to create a command sequence file and use
+Freescales Code Signing Tool to sign both binaries. After creation,
+the mkimage tool outputs the required information about the HAB Blocks
+parameter for the CSF. During the build, the information is preserved
+in log files named as the binaries. (SPL.log and u-boot-ivt.log).
+
+More information about the CSF and HAB can be found in the AN4581.
+https://cache.freescale.com/files/32bit/doc/app_note/AN4581.pdf
+
+We don't want to explain how to create a PKI tree or SRK table as
+this is well explained in the Application Note.
+
+Example Output of the SPL (imximage) creation:
+ Image Type:   Freescale IMX Boot Image
+ Image Ver:    2 (i.MX53/6/7 compatible)
+ Mode:         DCD
+ Data Size:    61440 Bytes = 60.00 kB = 0.06 MB
+ Load Address: 00907420
+ Entry Point:  00908000
+ HAB Blocks:   00907400 00000000 0000cc00
+
+Example Output of the u-boot-ivt.img (firmware_ivt) creation:
+ Image Name:   U-Boot 2016.11-rc1-31589-g2a4411
+ Created:      Sat Nov  5 21:53:28 2016
+ Image Type:   ARM U-Boot Firmware with HABv4 IVT (uncompressed)
+ Data Size:    352192 Bytes = 343.94 kB = 0.34 MB
+ Load Address: 17800000
+ Entry Point:  00000000
+ HAB Blocks:   0x177fffc0   0x0000   0x00054020
+
+The CST (Code Signing Tool) can be downloaded from NXP.
+# Compile CSF and create signature
+./cst --o csf-u-boot.bin < command_sequence_uboot.csf
+./cst --o csf-SPL.bin < command_sequence_spl.csf
+# Append compiled CSF to Binary
+cat SPL csf-SPL.bin > SPL-signed
+cat u-boot-ivt.img csf-u-boot.bin > u-boot-signed.img
+
+These two signed binaries can be used on an i.MX6 in closed
+configuration when the according SRK Table Hash has been flashed.

drivers/thermal/Kconfig

@@ -10,7 +10,7 @@ if DM_THERMAL
 
 config IMX_THERMAL
 	bool "Temperature sensor driver for Freescale i.MX SoCs"
-	depends on MX6
+	depends on MX6 || MX7
 	help
 	  Support for Temperature Monitor (TEMPMON) found on Freescale i.MX SoCs.
           It supports one critical trip point and one passive trip point.  The

include/configs/imx6qdl_icore.h

@@ -38,7 +38,8 @@
 #define CONFIG_EXTRA_ENV_SETTINGS \
 	"script=boot.scr\0" \
 	"splashpos=m,m\0" \
-	"image=zImage\0" \
+	"image=uImage\0" \
+	"fit_image=fit.itb\0" \
 	"console=ttymxc3\0" \
 	"fdt_high=0xffffffff\0" \
 	"fdt_file=" CONFIG_DEFAULT_FDT_FILE "\0" \
@@ -47,42 +48,67 @@
 	"mmcdev=0\0" \
 	"mmcpart=1\0" \
 	"mmcroot=/dev/mmcblk0p2 rootwait rw\0" \
+	"nandroot=ubi0:rootfs rootfstype=ubifs\0" \
 	"mmcautodetect=yes\0" \
 	"mmcargs=setenv bootargs console=${console},${baudrate} " \
 		"root=${mmcroot}\0" \
+	"ubiargs=setenv bootargs console=${console},${baudrate} " \
+		"ubi.mtd=5 root=${nandroot} ${mtdparts}\0" \
 	"loadbootscript=" \
 		"fatload mmc ${mmcdev}:${mmcpart} ${loadaddr} ${script};\0" \
 	"bootscript=echo Running bootscript from mmc ...; " \
 		"source\0" \
 	"loadimage=fatload mmc ${mmcdev}:${mmcpart} ${loadaddr} ${image}\0" \
 	"loadfdt=fatload mmc ${mmcdev}:${mmcpart} ${fdt_addr} ${fdt_file}\0" \
+	"loadfit=fatload mmc ${mmcdev}:${mmcpart} ${loadaddr} ${fit_image}\0" \
+	"fitboot=echo Booting FIT image from mmc ...; " \
+		"run mmcargs; " \
+		"bootm ${loadaddr}\0" \
 	"mmcboot=echo Booting from mmc ...; " \
 		"run mmcargs; " \
 		"if test ${boot_fdt} = yes || test ${boot_fdt} = try; then " \
 			"if run loadfdt; then " \
-				"bootz ${loadaddr} - ${fdt_addr}; " \
+				"bootm ${loadaddr} - ${fdt_addr}; " \
 			"else " \
 				"if test ${boot_fdt} = try; then " \
-					"bootz; " \
+					"bootm; " \
 				"else " \
 					"echo WARN: Cannot load the DT; " \
 				"fi; " \
 			"fi; " \
 		"else " \
-			"bootz; " \
-		"fi\0"
-
-#define CONFIG_BOOTCOMMAND \
-	   "mmc dev ${mmcdev};" \
-	   "mmc dev ${mmcdev}; if mmc rescan; then " \
-		   "if run loadbootscript; then " \
-			   "run bootscript; " \
-		   "else " \
-			"if run loadimage; then " \
-				"run mmcboot; " \
+			"bootm; " \
+		"fi\0" \
+	"nandboot=echo Booting from nand ...; " \
+		"if mtdparts; then " \
+			"echo Starting nand boot ...; " \
+		"else " \
+			"mtdparts default; " \
+		"fi; " \
+		"run ubiargs; " \
+		"nand read ${loadaddr} kernel 0x800000; " \
+		"nand read ${fdt_addr} dtb 0x100000; " \
+		"bootm ${loadaddr} - ${fdt_addr}\0"
+
+#ifdef CONFIG_NAND_MXS
+# define CONFIG_BOOTCOMMAND		"run nandboot"
+#else
+# define CONFIG_BOOTCOMMAND \
+	"mmc dev ${mmcdev};" \
+	"if mmc rescan; then " \
+		"if run loadbootscript; then " \
+			"run bootscript; " \
+		"else " \
+			"if run loadfit; then " \
+				"run fitboot; " \
+			"else " \
+				"if run loadimage; then " \
+					"run mmcboot; " \
+				"fi; " \
 			"fi; " \
-		   "fi; " \
-	   "fi"
+		"fi; " \
+	"fi"
+#endif
 
 /* Miscellaneous configurable options */
 #define CONFIG_SYS_MEMTEST_START	0x80000000
@@ -104,6 +130,14 @@
 #define CONFIG_SYS_INIT_SP_ADDR		(CONFIG_SYS_INIT_RAM_ADDR + \
 					CONFIG_SYS_INIT_SP_OFFSET)
 
+/* FIT */
+#ifdef CONFIG_FIT
+# define CONFIG_HASH_VERIFY
+# define CONFIG_SHA1
+# define CONFIG_SHA256
+# define CONFIG_IMAGE_FORMAT_LEGACY
+#endif
+
 /* UART */
 #ifdef CONFIG_MXC_UART
 # define CONFIG_MXC_UART_BASE		UART4_BASE
@@ -129,9 +163,14 @@
 # define CONFIG_MTD_DEVICE
 # define CONFIG_CMD_MTDPARTS
 # define CONFIG_MTD_PARTITIONS
-# define MTDIDS_DEFAULT			"nand0=nand"
-# define MTDPARTS_DEFAULT		"mtdparts=nand:2m(spl),2m(uboot)," \
-					"1m(env),4m(kernel),1m(dtb),-(rootfs)"
+# define MTDIDS_DEFAULT			"nand0=gpmi-nand"
+# define MTDPARTS_DEFAULT		"mtdparts=gpmi-nand:2m(spl),2m(uboot)," \
+					"1m(env),8m(kernel),1m(dtb),-(rootfs)"
+
+/* UBI */
+# define CONFIG_CMD_UBIFS
+# define CONFIG_RBTREE
+# define CONFIG_LZO
 
 # define CONFIG_APBH_DMA
 # define CONFIG_APBH_DMA_BURST

include/configs/imx6qdl_icore_rqs.h

@@ -33,7 +33,8 @@
 /* Default environment */
 #define CONFIG_EXTRA_ENV_SETTINGS \
 	"script=boot.scr\0" \
-	"image=zImage\0" \
+	"image=uImage\0" \
+	"fit_image=fit.itb\0" \
 	"console=ttymxc3\0" \
 	"fdt_high=0xffffffff\0" \
 	"fdt_file=" CONFIG_DEFAULT_FDT_FILE "\0" \
@@ -51,33 +52,41 @@
 		"source\0" \
 	"loadimage=fatload mmc ${mmcdev}:${mmcpart} ${loadaddr} ${image}\0" \
 	"loadfdt=fatload mmc ${mmcdev}:${mmcpart} ${fdt_addr} ${fdt_file}\0" \
+	"loadfit=fatload mmc ${mmcdev}:${mmcpart} ${loadaddr} ${fit_image}\0" \
+	"fitboot=echo Booting FIT image from mmc ...; " \
+		"run mmcargs; " \
+		"bootm ${loadaddr}\0" \
 	"mmcboot=echo Booting from mmc ...; " \
 		"run mmcargs; " \
 		"if test ${boot_fdt} = yes || test ${boot_fdt} = try; then " \
 			"if run loadfdt; then " \
-				"bootz ${loadaddr} - ${fdt_addr}; " \
+				"bootm ${loadaddr} - ${fdt_addr}; " \
 			"else " \
 				"if test ${boot_fdt} = try; then " \
-					"bootz; " \
+					"bootm; " \
 				"else " \
 					"echo WARN: Cannot load the DT; " \
 				"fi; " \
 			"fi; " \
 		"else " \
-			"bootz; " \
+			"bootm; " \
 		"fi\0"
 
 #define CONFIG_BOOTCOMMAND \
-	   "mmc dev ${mmcdev};" \
-	   "mmc dev ${mmcdev}; if mmc rescan; then " \
-		   "if run loadbootscript; then " \
-			   "run bootscript; " \
-		   "else " \
-			"if run loadimage; then " \
-				"run mmcboot; " \
+	"mmc dev ${mmcdev};" \
+	"if mmc rescan; then " \
+		"if run loadbootscript; then " \
+			"run bootscript; " \
+		"else " \
+			"if run loadfit; then " \
+				"run fitboot; " \
+			"else " \
+				"if run loadimage; then " \
+					"run mmcboot; " \
+				"fi; " \
 			"fi; " \
-		   "fi; " \
-	   "fi"
+		"fi; " \
+	"fi"
 
 /* Miscellaneous configurable options */
 #define CONFIG_SYS_MEMTEST_START	0x80000000
@@ -99,6 +108,14 @@
 #define CONFIG_SYS_INIT_SP_ADDR		(CONFIG_SYS_INIT_RAM_ADDR + \
 					CONFIG_SYS_INIT_SP_OFFSET)
 
+/* FIT */
+#ifdef CONFIG_FIT
+# define CONFIG_HASH_VERIFY
+# define CONFIG_SHA1
+# define CONFIG_SHA256
+# define CONFIG_IMAGE_FORMAT_LEGACY
+#endif
+
 /* UART */
 #ifdef CONFIG_MXC_UART
 # define CONFIG_MXC_UART_BASE		UART4_BASE

include/configs/imx6ul_geam.h

@@ -37,7 +37,8 @@
 /* Default environment */
 #define CONFIG_EXTRA_ENV_SETTINGS \
 	"script=boot.scr\0" \
-	"image=zImage\0" \
+	"image=uImage\0" \
+	"fit_image=fit.itb\0" \
 	"console=ttymxc0\0" \
 	"fdt_high=0xffffffff\0" \
 	"fdt_file=" CONFIG_DEFAULT_FDT_FILE "\0" \
@@ -46,42 +47,66 @@
 	"mmcdev=0\0" \
 	"mmcpart=1\0" \
 	"mmcroot=/dev/mmcblk0p2 rootwait rw\0" \
+	"nandroot=ubi0:rootfs rootfstype=ubifs\0" \
 	"mmcautodetect=yes\0" \
 	"mmcargs=setenv bootargs console=${console},${baudrate} " \
 		"root=${mmcroot}\0" \
+	"ubiargs=setenv bootargs console=${console},${baudrate} " \
+		"ubi.mtd=5 root=${nandroot} ${mtdparts}\0" \
 	"loadbootscript=" \
 		"fatload mmc ${mmcdev}:${mmcpart} ${loadaddr} ${script};\0" \
 	"bootscript=echo Running bootscript from mmc ...; " \
 		"source\0" \
 	"loadimage=fatload mmc ${mmcdev}:${mmcpart} ${loadaddr} ${image}\0" \
 	"loadfdt=fatload mmc ${mmcdev}:${mmcpart} ${fdt_addr} ${fdt_file}\0" \
+	"loadfit=fatload mmc ${mmcdev}:${mmcpart} ${loadaddr} ${fit_image}\0" \
+	"fitboot=echo Booting FIT image from mmc ...; " \
+		"run mmcargs; " \
+		"bootm ${loadaddr}\0" \
 	"mmcboot=echo Booting from mmc ...; " \
 		"run mmcargs; " \
 		"if test ${boot_fdt} = yes || test ${boot_fdt} = try; then " \
 			"if run loadfdt; then " \
-				"bootz ${loadaddr} - ${fdt_addr}; " \
+				"bootm ${loadaddr} - ${fdt_addr}; " \
 			"else " \
 				"if test ${boot_fdt} = try; then " \
-					"bootz; " \
+					"bootm; " \
 				"else " \
 					"echo WARN: Cannot load the DT; " \
 				"fi; " \
 			"fi; " \
 		"else " \
-			"bootz; " \
-		"fi\0"
-
-#define CONFIG_BOOTCOMMAND \
-	   "mmc dev ${mmcdev};" \
-	   "mmc dev ${mmcdev}; if mmc rescan; then " \
-		   "if run loadbootscript; then " \
-			   "run bootscript; " \
-		   "else " \
-			"if run loadimage; then " \
-				"run mmcboot; " \
+			"bootm; " \
+		"fi\0" \
+	"nandboot=echo Booting from nand ...; " \
+		"if mtdparts; then " \
+			"echo Starting nand boot ...; " \
+		"else " \
+			"mtdparts default; " \
+		"fi; " \
+		"run ubiargs; " \
+		"nand read ${loadaddr} kernel 0x800000; " \
+		"nand read ${fdt_addr} dtb 0x100000; " \
+		"bootm ${loadaddr} - ${fdt_addr}\0"
+
+#ifdef CONFIG_NAND_MXS
+# define CONFIG_BOOTCOMMAND		"run nandboot"
+#else
+# define CONFIG_BOOTCOMMAND \
+	"if mmc rescan; then " \
+		"if run loadbootscript; then " \
+			"run bootscript; " \
+		"else " \
+			"if run loadfit; then " \
+				"run fitboot; " \
+			"else " \
+				"if run loadimage; then " \
+					"run mmcboot; " \
+				"fi; " \
 			"fi; " \
-		   "fi; " \
-	   "fi"
+		"fi; " \
+	"fi"
+#endif
 
 /* Miscellaneous configurable options */
 #define CONFIG_SYS_MEMTEST_START	0x80000000
@@ -103,6 +128,14 @@
 #define CONFIG_SYS_INIT_SP_ADDR		(CONFIG_SYS_INIT_RAM_ADDR + \
 					CONFIG_SYS_INIT_SP_OFFSET)
 
+/* FIT */
+#ifdef CONFIG_FIT
+# define CONFIG_HASH_VERIFY
+# define CONFIG_SHA1
+# define CONFIG_SHA256
+# define CONFIG_IMAGE_FORMAT_LEGACY
+#endif
+
 /* UART */
 #ifdef CONFIG_MXC_UART
 # define CONFIG_MXC_UART_BASE		UART1_BASE
@@ -128,9 +161,14 @@
 # define CONFIG_MTD_DEVICE
 # define CONFIG_CMD_MTDPARTS
 # define CONFIG_MTD_PARTITIONS
-# define MTDIDS_DEFAULT			"nand0=nand"
-# define MTDPARTS_DEFAULT		"mtdparts=nand:2m(spl),2m(uboot)," \
-					"1m(env),4m(kernel),1m(dtb),-(rootfs)"
+# define MTDIDS_DEFAULT			"nand0=gpmi-nand"
+# define MTDPARTS_DEFAULT		"mtdparts=gpmi-nand:2m(spl),2m(uboot)," \
+					"1m(env),8m(kernel),1m(dtb),-(rootfs)"
+
+/* UBI */
+# define CONFIG_CMD_UBIFS
+# define CONFIG_RBTREE
+# define CONFIG_LZO
 
 # define CONFIG_APBH_DMA
 # define CONFIG_APBH_DMA_BURST

include/configs/mx6_common.h

@@ -98,6 +98,9 @@
 #define CONFIG_FSL_CAAM
 #define CONFIG_CMD_DEKBLOB
 #define CONFIG_SYS_FSL_SEC_LE
+#ifdef CONFIG_SPL_BUILD
+#define CONFIG_SPL_DRIVERS_MISC_SUPPORT
+#endif
 #endif
 
 #endif

include/configs/udoo_neo.h

@@ -34,21 +34,21 @@
 #define CONFIG_EXTRA_ENV_SETTINGS \
 	"fdt_high=0xffffffff\0" \
 	"initrd_high=0xffffffff\0" \
-	"fdt_file=undefined\0" \
+	"fdtfile=undefined\0" \
 	"fdt_addr=0x83000000\0" \
 	"ip_dyn=yes\0" \
 	"mmcdev=0\0" \
 	"mmcrootfstype=ext4\0" \
 	"findfdt="\
 		"if test $board_name = BASIC; then " \
-			"setenv fdt_file imx6sx-udoo-neo-basic.dtb; fi; " \
+			"setenv fdtfile imx6sx-udoo-neo-basic.dtb; fi; " \
 		"if test $board_name = BASICKS; then " \
-			"setenv fdt_file imx6sx-udoo-neo-basic.dtb; fi; " \
+			"setenv fdtfile imx6sx-udoo-neo-basic.dtb; fi; " \
 		"if test $board_name = FULL; then " \
-			"setenv fdt_file imx6sx-udoo-neo-full.dtb; fi; " \
+			"setenv fdtfile imx6sx-udoo-neo-full.dtb; fi; " \
 		"if test $board_name = EXTENDED; then " \
-			"setenv fdt_file imx6sx-udoo-neo-extended.dtb; fi; " \
-		"if test $fdt_file = UNDEFINED; then " \
+			"setenv fdtfile imx6sx-udoo-neo-extended.dtb; fi; " \
+		"if test $fdtfile = UNDEFINED; then " \
 			"echo WARNING: Could not determine dtb to use; fi; \0" \
 	"kernel_addr_r=" __stringify(CONFIG_LOADADDR) "\0" \
 	"pxefile_addr_r=" __stringify(CONFIG_LOADADDR) "\0" \

include/configs/warp7.h

@@ -38,6 +38,7 @@
 	"script=boot.scr\0" \
 	"image=zImage\0" \
 	"console=ttymxc0\0" \
+	"ethact=usb_ether\0" \
 	"fdt_high=0xffffffff\0" \
 	"initrd_high=0xffffffff\0" \
 	"fdt_file=imx7s-warp.dtb\0" \
@@ -145,4 +146,10 @@
 #define CONFIG_SYS_DFU_DATA_BUF_SIZE	SZ_16M
 #define DFU_DEFAULT_POLL_TIMEOUT	300
 
+#define CONFIG_USB_ETHER
+#define CONFIG_USB_ETH_CDC
+#define CONFIG_USB_ETH_RNDIS
+#define CONFIG_USBNET_HOST_ADDR		"de:ad:be:af:00:00"
+#define CONFIG_USBNET_DEV_ADDR		"de:ad:be:af:00:01"
+
 #endif

include/image.h

@@ -280,6 +280,7 @@ enum {
 	IH_TYPE_FPGA,			/* FPGA Image */
 	IH_TYPE_VYBRIDIMAGE,	/* VYBRID .vyb Image */
 	IH_TYPE_TEE,            /* Trusted Execution Environment OS Image */
+	IH_TYPE_FIRMWARE_IVT,		/* Firmware Image with HABv4 IVT */
 
 	IH_TYPE_COUNT,			/* Number of image types */
 };

scripts/Makefile.lib

@@ -487,6 +487,7 @@ cmd_xzmisc = (cat $(filter-out FORCE,$^) | \
 #
 # mkimage
 # ---------------------------------------------------------------------------
+MKIMAGEOUTPUT ?= /dev/null
 quiet_cmd_mkimage = MKIMAGE $@
 cmd_mkimage = $(objtree)/tools/mkimage $(MKIMAGEFLAGS_$(@F)) -d $< $@ \
-	$(if $(KBUILD_VERBOSE:1=), >/dev/null)
+	$(if $(KBUILD_VERBOSE:1=), >$(MKIMAGEOUTPUT))

scripts/Makefile.spl

@@ -119,9 +119,11 @@ LDPPFLAGS += \
 	$(shell $(LD) --version | \
 	  sed -ne 's/GNU ld version \([0-9][0-9]*\)\.\([0-9][0-9]*\).*/-DLD_MAJOR=\1 -DLD_MINOR=\2/p')
 
+MKIMAGEOUTPUT ?= /dev/null
+
 quiet_cmd_mkimage = MKIMAGE $@
 cmd_mkimage = $(objtree)/tools/mkimage $(MKIMAGEFLAGS_$(@F)) -d $< $@ \
-	$(if $(KBUILD_VERBOSE:1=), >/dev/null)
+	$(if $(KBUILD_VERBOSE:1=), >$(MKIMAGEOUTPUT))
 
 MKIMAGEFLAGS_MLO = -T omapimage -a $(CONFIG_SPL_TEXT_BASE)
 

tools/default_image.c

@@ -25,7 +25,7 @@ static image_header_t header;
 static int image_check_image_types(uint8_t type)
 {
 	if (((type > IH_TYPE_INVALID) && (type < IH_TYPE_FLATDT)) ||
-	    (type == IH_TYPE_KERNEL_NOLOAD))
+	    (type == IH_TYPE_KERNEL_NOLOAD) || (type == IH_TYPE_FIRMWARE_IVT))
 		return EXIT_SUCCESS;
 	else
 		return EXIT_FAILURE;
@@ -89,6 +89,7 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd,
 {
 	uint32_t checksum;
 	time_t time;
+	uint32_t imagesize;
 
 	image_header_t * hdr = (image_header_t *)ptr;
 
@@ -98,11 +99,16 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd,
 			sbuf->st_size - sizeof(image_header_t));
 
 	time = imagetool_get_source_date(params, sbuf->st_mtime);
+	if (params->type == IH_TYPE_FIRMWARE_IVT)
+		/* Add size of CSF minus IVT */
+		imagesize = sbuf->st_size - sizeof(image_header_t) + 0x1FE0;
+	else
+		imagesize = sbuf->st_size - sizeof(image_header_t);
 
 	/* Build new header */
 	image_set_magic(hdr, IH_MAGIC);
 	image_set_time(hdr, time);
-	image_set_size(hdr, sbuf->st_size - sizeof(image_header_t));
+	image_set_size(hdr, imagesize);
 	image_set_load(hdr, params->addr);
 	image_set_ep(hdr, params->ep);
 	image_set_dcrc(hdr, checksum);

tools/mkimage.c

@@ -9,6 +9,7 @@
  */
 
 #include "mkimage.h"
+#include "imximage.h"
 #include <image.h>
 #include <version.h>
 
@@ -508,6 +509,37 @@ int main(int argc, char **argv)
 		} else {
 			copy_file(ifd, params.datafile, pad_len);
 		}
+		if (params.type == IH_TYPE_FIRMWARE_IVT) {
+			/* Add alignment and IVT */
+			uint32_t aligned_filesize = (params.file_size + 0x1000
+					- 1) & ~(0x1000 - 1);
+			flash_header_v2_t ivt_header = { { 0xd1, 0x2000, 0x40 },
+					params.addr, 0, 0, 0, params.addr
+							+ aligned_filesize
+							- tparams->header_size,
+					params.addr + aligned_filesize
+							- tparams->header_size
+							+ 0x20, 0 };
+			int i = params.file_size;
+			for (; i < aligned_filesize; i++) {
+				if (write(ifd, &i, 1) != 1) {
+					fprintf(stderr,
+							"%s: Write error on %s: %s\n",
+							params.cmdname,
+							params.imagefile,
+							strerror(errno));
+					exit(EXIT_FAILURE);
+				}
+			}
+			if (write(ifd, &ivt_header, sizeof(flash_header_v2_t))
+					!= sizeof(flash_header_v2_t)) {
+				fprintf(stderr, "%s: Write error on %s: %s\n",
+						params.cmdname,
+						params.imagefile,
+						strerror(errno));
+				exit(EXIT_FAILURE);
+			}
+		}
 	}
 
 	/* We're a bit of paranoid */