Releases: Nuvoton-Israel/igps-npcm8xx
IGPS_04.02.04
IGPS 4.2.4 - Oct 15 2024
============
-
LMS:
- Add key_index_LMS & key_mask_lms to all XMLS (although they are not to be changed via XML)
- Added LMS keys to arbel_fuse_map XML
- OTP + SKMT keys: allow signing with any key (not fixed to key 2).
-
0.7.5 L0 0.6.4 L1
https://github.com/Nuvoton-Israel/npcm8xx-tip-fw/releases/tag/TIP_FW_0.7.5_L0_0.6.4_L1- Bug fix WDC=1 in recovery , also after reset.
- Bug fix: after 3 WD1 resets (not 2) in under 10 minutes go to recovery.
- Bug fix: L0 measurements and attestation hash recalc.
signed-off-by: Tali Perry [email protected]
IGPS 04.02.03
IGPS 04.02.03 - Oct 6th 2024
-
0.7.4 L0 0.6.3 L1
- BMC_DIRECT: add command BMC_DIRECT_COMMAND_FL_READ_PARMAS. If flash not connected return error.
- WD1 init before uboot: currently disabled till uboot upgrade.
- WD1 init before bootblock run.
- When BMC reset - reload same FW (and not active image).
- Skip FIU1 CS1 in flash init. Not supported as a valid boot address in TIP_ROM.
- Disable LMS support.
- Restore flash protection.
- Clear alias key from PCI mailbox and shared attestation area.
- Dismiss verify fail in non-secure device.
- Temp: disable WD1 till uboot is ready.
- Bug fix: set CS1 drive strength to support 50MHz (merge issue).
-
bootblock 0.5.2
https://github.com/Nuvoton-Israel/npcm8xx-bootblock/releases/tag/A35_BootBlock_0.5.2- Bug fix: Errata fix: 1.7 eSPI FATAL_ERROR: Set ESPI_ESPI_ENG to 0x40 (remove RMW to set bit 6).
- Update CP init code (disabled by default, under SEARCH_CP_ON_FLASH_0 flag).
- In case of traps and unexpected IRQs and FIQ: clear GIC registers.
- In case of TRAP: notify TIP (TIP mode), or FSW (NO_TIP mode).
- Update GIC driver and GIC table.
-
Uboot:
https://github.com/Nuvoton-Israel/u-boot/releases/tag/v2023.10-npcm8xx-20240812- Clear all gpio events
- Change env and uImage flash address
- Add stopwdt command in default environment
-
LMS: changed (only for A2) that all images will be signed (if wanted) with skmt_lms_key2.
-
OTP_Programmer_Monitor : 1.1.3 that can print the LMS keys full info (fix is needed for LMS users only).
-
L0 version increment to 1.
signed-off-by: Tali Perry [email protected]
IGPS_04.01.05
IGPS 04.01.05 - Aug 1st 2024
============
-
TIP_FW 0.7.3 L0 0.6.2 L1:
https://github.com/Nuvoton-Israel/npcm8xx-tip-fw/releases/tag/TIP_FW_0.7.3_L0_0.6.2_L1- BMC_DIRECT: return status and notification.
- Add triple WD1 reset handling (going to recovery if 3 times under 10 minutes).
- WD1 init before uboot: currently disabled till uboot upgrade.
- WD1 init before bootblock run.
- When BMC reset - reload the same FW (and not active image).
- Temp: disable flash protection.
- Temp: disable WD1 till uboot is ready.
-
bootblock 0.5.1
https://github.com/Nuvoton-Israel/npcm8xx-bootblock/releases/tag/A35_BootBlock_0.5.1- Improve boot speed. 1.8 sec 1GB no ECC, 2 sec with ECC.
- NOTIP only: Reset slow peripherals on every reset (including UART, I2C etc.).
- NOTIP only: don't reset PCIMBX, CP1 and BMCBUS.
- Disable WDT in case of debug sweeps.
- Remove some prints and normalize line endings in log.
-
Bootblock XML: update all bootblock XMLs with MAIN_DEBUG_SWEEP = 0x07
signed-off-by: Tali Perry [email protected]
IGPS_04.01.04
IGPS 04.01.04 - Jul 22th 2024
-
TIP_FW 0.7.2 L0 0.6.1 L1:
https://github.com/Nuvoton-Israel/npcm8xx-tip-fw/releases/tag/TIP_FW_0.7.2_L0_0.6.1_L1
* Bug fix flash protection: wrong settings for dual and quad read (should be on the white list). -
uboot v2023.10-npcm8xx-20240719
https://github.com/Nuvoton-Israel/u-boot/releases/tag/v2023.10-npcm8xx-20240719- Remove System Counter register access
- Add sgpio driver
- Support SHA 512 hw acceleration
- Fix dm_i2c_read/write error
-
bootblock 0.5.0
https://github.com/Nuvoton-Israel/npcm8xx-bootblock/releases/tag/A35_BootBlock_0.5.0- Fix TRIM2 debug sweep.
signed-off-by: Tali Perry [email protected]
IGPS 04.01.03
IGPS 04.01.03 - May 29th 2024
============
-
TIP_FW 0.7.1 L0 0.6.0 L1:
https://github.com/Nuvoton-Israel/npcm8xx-tip-fw/releases/tag/TIP_FW_0.7.1_L0_0.6.0_L1
* Add flash protection on recovery image. Recovery region is now read-only. -
Enable hardening tables:
- .\py_scripts\ImageGeneration\inputs\registers\registers_bootblock.csv
- .\py_scripts\ImageGeneration\inputs\registers\registers_bl31.csv
-
Uboot:
https://github.com/Nuvoton-Israel/u-boot/releases/tag/v2023.10-npcm8xx-20240411- Fix IPv6 PXE boot
-
yocto build :
- Updated script for SA pre-signed combo0 support, just like TIP FW pre-signed combo0.
- Add comment support for settings.
- config_replacer: make comment handler more general
Move comment handler from xml parser to load settings function.
Signed-off-by: Brian Ma [email protected]
signed-off-by: Tali Perry [email protected]
IGPS_04.01.01
IGPS 04.01.01 - May 26th 2024
- bootblock 0.4.8
https://github.com/Nuvoton-Israel/npcm8xx-bootblock/releases/tag/A35_BootBlock_0.4.8- set cntfrq_el0 should be after calling serial_printf_init.
IGPS_04.01.00
IGPS 04.01.00 - May 20th 2024
- skmt_map.xml: remove RSA key and add add ECC DER Key instead. This key should be manifest root key.
- TIP_FW 0.6.9 L0 0.5.8 L1:
https://github.com/Nuvoton-Israel/npcm8xx-tip-fw/releases/tag/TIP_FW_0.6.9_L0_0.5.8_L1- Disable CFM.
- Bug fix: if bootblock is at offset 2MB recovery image is not fully created. Fix the size of image measurement with the additional gap.
- Manifest root key is the last key in SKMT. Format is ECC DER.
- Hardening: limit up to 100 lines. check return status of hardening.
- In case of assert write to debug log.
- Bug fix: in BMC reset, if the reloading fails BMC will go to recovery flow.
- Remove MCR 180 from hardening register table.
- Apply patch one_igps in order to support yocto build with pre-signed image:
minimada/openbmc@c683d95?diff=unified&w=0
IGPS 04.00.08
IGPS 04.00.08 - Mar 20th 2024
-
bl31
https://github.com/Nuvoton-Israel/arm-trusted-firmware/releases/tag/v2.9.1- remove change clock frequency
-
TIP_FW: 0.6.8 L0 0.5.7 L1
- Optimize flash read. Include QUAD support code but currently disabled by default.
- Move TIP FW build version into a separate header file to avoid conflict with internal build versions.
- Add missing header file include in the uart_if.h to avoid order dependency.
- Support flash encryption (after code review).
- Update TIP EID back to 0x0B.
- Change version, delay for flush task and PRE_PRODUCTION.
- Put all manifests at the end of flash.
- Check stack overflow.
- Support hardening.
- Support BMC direct access.
- Support bootblock at offset 512KB or 2MB.
- Bug fix: touch WD during recovery delay.
- Bug fix: ENC header field must be 0x03 to start encryption.
- Support CFM.
- WD0RCRB.BMCBUS should be zero.
- Bug fix in handling SW and WD reset (avoid TIP reset).
-
Scripts: fix ReplaceComponent.bat.
-
Update comments in bootblock XMLs.
-
bootblock 0.4.6
https://github.com/Nuvoton-Israel/npcm8xx-bootblock/releases/tag/A35_BootBlock_0.4.6- MC: Increase ECE priority to match VCD priority. Set ECE priority to 2.
- Fix errata: Errata fix: "1.7 eSPI FATAL_ERROR response"
-
Add settings file and script for XML override parameters from OpenBMC build
IGPS_04.00.07
IGPS 04.00.07 - Mar 4th 2024
- Bootblock 0.4.3
https://github.com/Nuvoton-Israel/npcm8xx-bootblock/releases/tag/A35_BootBlock_0.4.3- Bug fix: set cntfrq_el0 according to CPU frequancy. Previously it was hard-coded to 250000000.
- Uboot
https://github.com/Nuvoton-Israel/u-boot/releases/tag/v2023.10-npcm8xx-20240301- Use ARM timer as system tick
- Hardening: update CSV parsing, update chip xml and update the tables - but leave them disabled for now.
Users may comment out the tables and test. - Relocate combo 1 offset to key_settings_edit_me.py. Default is 512KB.
- Fix all linux path.
- exit(1) in case of failure in GenerateAll.py
IGPS_04.00.06
IGPS 04.00.06 - Feb 5th 2024
-
Bootblock 0.4.1
- Set PCI and GFX core clock to PLL1.
-
Add bootblock XML for MS (with GPIO enabled).
-
Remove Z1 from signing flows. Add MS signing.
signed-off-by:[email protected]