Under the current implementation, all the signatures, if any, in
a signed image must be verified before loading it.
Meanwhile, UEFI specification v2.8b section 32.5.3.3 says,
Multiple signatures are allowed to exist in the binary’s certificate
table (as per PE/COFF Section “Attribute Certificate Table”). Only
one hash or signature is required to be present in db in order to pass
validation, so long as neither the SHA-256 hash of the binary nor any
present signature is reflected in dbx.
This patch makes the semantics of signature verification compliant with
the specification mentioned above.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In this commit, efi_signature_verify(with_sigdb) will be re-implemented
using pcks7_verify_one() in order to support certificates chain, where
the signer's certificate will be signed by an intermediate CA (certificate
authority) and the latter's certificate will also be signed by another CA
and so on.
What we need to do here is to search for certificates in a signature,
build up a chain of certificates and verify one by one. pkcs7_verify_one()
handles most of these steps except the last one.
pkcs7_verify_one() returns, if succeeded, the last certificate to verify,
which can be either a self-signed one or one that should be signed by one
of certificates in "db". Re-worked efi_signature_verify() will take care
of this step.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
- Added support for J7200 evm
- DM_ETH and DM_USB migrations for omap3
- USB DFU and mass storage support for AM65x evm
- RTI watchdog support for K3 devices
- Fix an issue with L3 cache on K3 devices
j7200-evm has minor differences with j721e-evm based on the IPs
available in the SoC. Introduce separate build targets for j7200-evm
to incorporate the differences.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Suman Anna <s-anna@ti.com>
Create a new API spl_usb_load() that takes the filename as a parameter
instead of taking the default U-boot PAYLOAD_NAME
Signed-off-by: Faiz Abbas <faiz_abbas@ti.com>
Bugs in the UEFI sub-system are fixed:
* use the optional data of the BootXXXX variables as load options
* simplify function public_key_verify_signature()
* amend a copyright notice
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl8yF3EACgkQxIHbvCwF
GsQk/g/8DiMTlXzOuTN1NQuogXUNdrnZ/6KAhBVGBc7EZRUAjfgJ/k2MunPEytYd
OHFuuZqhJV7VDgdRDIYfsDhPvamQgZGtjplcYXZ8FWtGhoPX1BgdOe+be6nUg3NU
5XXPaG3AbYHoO1AY33he2nkaA454Van/8prC60AzLD3E9phq1cnvdeBKo/e02EOd
XpbtI64K1F/jrQIYTeuRr08tFSqRTM69WVVvbwUjds2qJZ1q/7f6T2NqFfuAQJah
ZzkrHD6z9xIVBvrnk3wAwuBuB6c2lposkL1K2jrYsoVBzK5LX2JPLYqdGWz60eNk
RBQb2WP9DjFSOKZZq6t8zNi0UWwR4JdcLZuP1X9ItHtUoZMA8TRirxcMPeXBjIl/
WwAPAPlqzUeD8CFoE33/+gIICMUe0uj6BzORAVliJ7QsEE4f81WRrN7NmOAvKoYM
NJ2DKBcLW0fuE5IS9cp1J8WmjW3GvHP3XIBBSH4by4H0zcmCCLUkRqMV+IhAa2Bm
neugwYrIgHSLwfVjyGSFA0vWjXjIfP+1T3Qy61pDVgqAJG2YYqJ03s6GQ2Y7E20r
TFvwlxiKM/JuzZUjqQF+lNwHvL878IVzcPl/YKP7nCuIEO99jdduw/uMXeXvhqtt
nv4pR2WH2ZWIkCm8tGJX7LbzSjSNSnaV4eYnv4Ni++4V4FifaFY=
=gMCK
-----END PGP SIGNATURE-----
Merge tag 'efi-2020-10-rc3' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-10-rc3
Bugs in the UEFI sub-system are fixed:
* use the optional data of the BootXXXX variables as load options
* simplify function public_key_verify_signature()
* amend a copyright notice
Up to now we used the value of the bootargs environment variable as load
options in the boot manager. This is not correct. The data has to be taken
from the Boot#### variable.
Let the boot manager copy the optional data of the EFI_LOAD_OPTION as load
options to the loaded image protocol.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The bootefi bootmgr command has to set the load options for a loaded image
from the value of BootXXXX variable. If the boot manager is not used, the
value is set from the environment variable bootargs (or efi_selftest).
Factor out a common function efi_set_load_options().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This converts the following to Kconfig:
CONFIG_SYS_MMC_ENV_DEV
CONFIG_SYS_MMC_ENV_PART
Note that with this conversion we now have consistent behavior with
respect to ensuring that we have always selected the correct MMC
device and hardware partition.
Signed-off-by: Tom Rini <trini@konsulko.com>
Add zlib (v1.2.11) uncompr() function to U-Boot. SquashFS depends on
this function to decompress data from a raw disk image. The actual
support for zlib into SquashFS sources will be added in a follow-up
commit.
Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
Add support for SquashFS filesystem. Right now, it does not support
compression but support for zlib will be added in a follow-up commit.
Signed-off-by: Joao Marcos Costa <joaomarcos.costa@bootlin.com>
Add various fixes and improvements to this command that were missed in
the original version. Unfortunately I forgot to send v2.
- Fix Kconfig name
- Use a separate variable for the remaining search length
- Correct a minor bug
- Move into a separate test suite
- Add -q flag to the 'quiet' test to test operation when console is enabled
- Enable the feature for sandbox
Signed-off-by: Simon Glass <sjg@chromium.org>
The test flags used by driver model are currently not available to other
tests. Rather than creating two sets of flags, make these flags generic
by changing the DM_ prefix to UT_ and moving them to the test.h header.
This will allow adding other test flags without confusion.
Signed-off-by: Simon Glass <sjg@chromium.org>
On boards without console recording these function are currently missing.
It is more convenient for them to be present but to return dummy values.
That way if we know that a test needs recording, we can check if it is
available, and skip the test if not, while avoiding #ifdefs.
Update the header file according and adjust console_record_reset_enable()
to return an error if recording is not available.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some lines of the output are not worth testing, or not worth testing in
their entirety. For example, when checking a hex dump we know that the
hex-dump routine can display ASCII so we only need to check the hex bytes,
not the ASCII dump. Add a new test macros which can check only part of
a console line.
Sometimes it is useful to skip a line altogether, so add a macro for that
also.
Signed-off-by: Simon Glass <sjg@chromium.org>
serial_initialize is called only during the common init sequence, after
relocation (in common/board_r.c). Because it has a void return value, it
has to wrapped in initr_serial. In order to be able to get rid of this
indirection, make serial_initialize return int.
Remove extern from prototype in order to silence the following checkpatch
warning:
check: extern prototypes should be avoided in .h files
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Certain architectures (ppc, mips, sh, m68k) use setup board_part1 and
setup_board_part2 calls during pre-relocation init to populate gd->bd
boardinfo fields. This makes the generic init sequence cluttered with
arch-specific ifdefs.
In order to clean these arch-specific sequences from generic init,
introduce arch_setup_bdinfo weak initcall so that everyone can define their
own bdinfo setup routines.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Introduce setup_bdinfo initcall as a generic routine to populate bdinfo
fields.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Remove ad-hoc CONFIG_SYS_SRAM_START and use CONFIG_SYS_SRAM_BASE instead.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
This converts ad-hoc CONFIG_SYS_SRAM_SIZE to Kconfig.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
This converts ad-hoc CONFIG_SYS_SRAM_BASE to Kconfig.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Add 4 new phy types which are present in Linux kernel.
DP and SGMII types are used on Xilinx ZynqMP devices.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
This commit moves CONFIG_PREBOOT="usb start" to common/KConfig
for all boards also declaring USB_KEYBOARD.
Besides simplifying defconfig files, this also enables support for
board-specific CONFIG_PREBOOT for sunxi boards:
commit 37304aaf60 ("Convert CONFIG_USE_PREBOOT and CONFIG_PREBOOT to
Kconfig") intended to support CONFIG_PREBOOT, but
include/configs/sunxi-common.h hardcodes preboot as part of internally
defined CONSOLE_STDIN_SETTINGS, silently ignoring any board-specific
CONFIG_PREBOOT.
Signed-off-by: Jonas Smedegaard <dr@jones.dk>
Reviewed-by: Neil Armstrong <narmstrong@baylibre.com>
Series-Cc: Jagan Teki <jagan@amarulasolutions.com>
Series-Cc: Lukasz Majewski <lukma@denx.de>
Series-Cc: Andre Przywara <andre.przywara@arm.com>
Dump lmb status from the bdinfo command. This is useful for seeing the
reserved memory regions from the u-boot cmdline.
Signed-off-by: Tero Kristo <t-kristo@ti.com>
-----------
- fixes for Toradex board
- fix warnings from previous PR
- HAB: reset instead of panic after failure
- new board: MYiR Tech MYS-6ULX
- mx6cuboxi: use OF_PLATDATA
- further changes for DM
Travis: https://travis-ci.org/github/sbabic/u-boot-imx/builds/714513163
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQS2TmnA27QKhpKSZe309WXkmmjvpgUCXykjtQ8cc2JhYmljQGRl
bnguZGUACgkQ9PVl5Jpo76a1WQCcD+objdS+90mDdT0yTpW3jHS4YiwAn2V2rTTo
4hKj5yxRg3cvb/pBAmbQ
=TyRs
-----END PGP SIGNATURE-----
Merge tag 'u-boot-imx-20200804' of https://gitlab.denx.de/u-boot/custodians/u-boot-imx
For 2020.10
-----------
- fixes for Toradex board
- fix warnings from previous PR
- HAB: reset instead of panic after failure
- new board: MYiR Tech MYS-6ULX
- mx6cuboxi: use OF_PLATDATA
- further changes for DM
Travis: https://travis-ci.org/github/sbabic/u-boot-imx/builds/714513163
Header files generally should not include header files just for a struct,
since forward declarations work just as well and reduce overhead.
Add a warning for dm.h being included, since this has crept into U-Boot.
Signed-off-by: Simon Glass <sjg@chromium.org>
This header file should not be included in other header files. Remove it
and use a forward declaration instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
This header file should not be included in other header files. Remove it
and use a forward declaration and un-inlining of dev_get_clk_ptr()
instead.
Fix up the kendryte header files to avoid build errors.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
Two files relies on efi_driver.h to include common.h and dm.h which is
incorrect. The former should always be included in a non-host C file and
the latter should be included if driver model is used.
Signed-off-by: Simon Glass <sjg@chromium.org>
This header file should not be included in other header files. Remove it
and use a forward declaration instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
This header file should not be included in other header files. Remove it
and use a forward declaration instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
This header file should not be included in other header files. Remove it
and use a forward declaration instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
This header file should not be included in other header files. Remove it
and use other headers and C inclusions instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
This header file should not be included in other header files. Remove it
and use a forward declaration instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
These header file should not be included in other header files. Remove
them and add to each individual file. Add test/test.h to test/ui.h since
that is a reasonable place.
Signed-off-by: Simon Glass <sjg@chromium.org>
This header file should not be included in other header files. Remove it
and add it to the cmd file instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
This header file should not be included in other header files. Remove it
and use a forward declaration instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
This header file should not be included in other header files. Remove it
and use a forward declaration instead.
Also remove the other headers that are not needed, since the inline code
was removed in a recent commit:
b4d9452c4 ("watchdog: move initr_watchdog() to wdt-uclass.c")
Signed-off-by: Simon Glass <sjg@chromium.org>
Add bit indexes for reset signals within the PRCI module
on FU540-C000 SoC.
The DDR and ethernet sub-system's have reset signals
indicated by these reset indexes.
Signed-off-by: Sagar Shrikant Kadam <sagar.kadam@sifive.com>
Reviewed-by: Pragnesh Patel <pragnesh.patel@sifive.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
This patch adds a simple clock driver for the Marvell Octeon MIPS SoC
family. Its for IO clock rate passing via DT in some of the Octeon
driver, like I2C. So that we don't need to use the non-mainline API
octeon_get_io_clock().
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Lukasz Majewski <lukma@denx.de>
MYS-6ULX is single board computer (SBC) comes with eMMC or NAND based
on imx6ULL SoC from NXP and provision for expansion board. This
commit adds support only for SBC with NAND.
CPU: Freescale i.MX6ULL rev1.1 528 MHz (running at 396 MHz)
CPU: Commercial temperature grade (0C to 95C) at 45C
Reset cause: WDOG
Model: MYiR i.MX6ULL MYS-6ULX Single Board Computer with NAND
Board: MYiR MYS-6ULX 6ULL Single Board Computer
DRAM: 256 MiB
NAND: 256 MiB
MMC: FSL_SDHC: 0
In: serial@2020000
Out: serial@2020000
Err: serial@2020000
Net: FEC0
Working:
- Eth0
- MMC/SD
- NAND
- UART 1
- USB host
Signed-off-by: Parthiban Nallathambi <parthiban@linumiz.com>
Switch r2dplus to DM and DT probing for serial and clock.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>