Commit graph

78056 commits

Author SHA1 Message Date
Tom Rini
028aa0946f powerpc: P1010RDB: Move CONFIG_BOOTMODE out of CONFIG namespace
This slight environment modification shouldn't be in the CONFIG
namespace, change it.

Signed-off-by: Tom Rini <trini@konsulko.com>
2022-03-03 16:51:20 -05:00
Tom Rini
fdfb17b1f5 Convert CONFIG_BOOTFILE to Kconfig
This converts the following to Kconfig:
   CONFIG_BOOTFILE

Signed-off-by: Tom Rini <trini@konsulko.com>
2022-03-03 16:51:20 -05:00
Tom Rini
6d21dd313b Convert CONFIG_BOARD_POSTCLK_INIT to Kconfig
This converts the following to Kconfig:
   CONFIG_BOARD_POSTCLK_INIT

Signed-off-by: Tom Rini <trini@konsulko.com>
2022-03-03 16:51:19 -05:00
Tom Rini
da8592d5fa Convert CONFIG_BOARD_ECC_SUPPORT to Kconfig
This converts the following to Kconfig:
   CONFIG_BOARD_ECC_SUPPORT

Signed-off-by: Tom Rini <trini@konsulko.com>
2022-03-03 16:51:19 -05:00
Tom Rini
2c58d2fccf Convert CONFIG_BIOSEMU to Kconfig
This converts the following to Kconfig:
   CONFIG_BIOSEMU

Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
2022-03-03 16:51:19 -05:00
Tom Rini
a7e6c6b1be Convert CONFIG_BOARD_COMMON to Kconfig
This converts the following to Kconfig:
   CONFIG_BOARD_COMMON

Signed-off-by: Tom Rini <trini@konsulko.com>
2022-03-03 16:51:19 -05:00
Tom Rini
43ea564652 arm: exynos: Move BL1/2 SPI flash defines to their user, drop CONFIG
These particular values are not configurable and today we always set
CONFIG_SECURE_BL1_ONLY.  Move these to where they're used in the code,
and drop from the CONFIG namespace.

Cc: Minkyu Kang <mk7.kang@samsung.com>
Cc: Jaehoon Chung <jh80.chung@samsung.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
Reviewed-by: Minkyu Kang <mk7.kang@samsung.com>
2022-03-03 16:51:19 -05:00
Tom Rini
a3041d934f Convert CONFIG_BTB to Kconfig
This converts the following to Kconfig:
   CONFIG_BTB

Signed-off-by: Tom Rini <trini@konsulko.com>
2022-03-03 16:51:19 -05:00
Tom Rini
3db7b2bb4c powerpc: Remove unused MPC8540/60ADS code
Remove some code, primarily CPM2 related, that is now unused since the
removal of MPC8540/60ADS.

Fixes 3913191c8a ("powerpc: mpc8540ads: mpc8560ads: Drop support for MPC8540/60ADS")
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-03-03 16:51:19 -05:00
Tom Rini
09cb77d22e Merge branch '2022-03-02-scmi-updates' into next
- A small set of scmi updates
2022-03-03 14:16:14 -05:00
Etienne Carriere
7c33f78983 clk: scmi: register scmi clocks with CCF
Implements SCMI APIs to retrieve the number exposed SCMI clocks using
SCMI_PROTOCOL_ATTRIBUTES messages and the names of the clocks using
SCMI_CLOCK_ATTRIBUTES messages.

This change updates sandbox SCMI clock test driver to manage these
2 new message IDs.

Cc: Lukasz Majewski <lukma@denx.de>
Cc: Sean Anderson <seanga2@gmail.com>
Cc: Clement Leger <clement.leger@bootlin.com>
Cc: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
2022-03-02 17:42:06 -05:00
Etienne Carriere
10d3e5d20b firmware: scmi: fix sandbox and related tests for clock discovery
Updates sandbox SCMI clock driver and tests since enabling CCF will
mandate clock discovery that is all exposed SCMI clocks shall be
discovered at initialization. For this reason, sandbox SCMI clock
driver must emulate all clocks exposed by SCMI server, not only those
effectively consumed by some other U-Boot devices.

Therefore the sandbox SCMI test driver exposes 3 clocks (IDs 0, 1 and 2)
and sandbox SCMI clock consumer driver gets 2 of them.

Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
2022-03-02 17:42:06 -05:00
Etienne Carriere
6983710a31 scmi: change parameter dev in devm_scmi_process_msg
Changes devm_scmi_process_msg() first argument from target parent device
to current SCMI device and lookup the SCMI agent device among SCMI device
parents for find the SCMI agent operator needed for communication with
the firmware.

This change is needed in order to support CCF in clk_scmi driver unless
what CCF will fail to find the right udevice related to exposed SCMI
clocks.

This patch allows to simplify the caller sequence, using SCMI device
reference as parameter instead of knowing SCMI uclass topology. This
change also adds some protection in case devm_scmi_process_msg() API
function is called for an invalid device type.

Cc: Lukasz Majewski <lukma@denx.de>
Cc: Sean Anderson <seanga2@gmail.com>
Cc: Jaehoon Chung <jh80.chung@samsung.com>
Cc: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
2022-03-02 17:42:06 -05:00
Etienne Carriere
41d62e2f27 sandbox: scmi: test against a single scmi agent
As per DT bindings since Linux kernel v5.14, the device tree can define
only 1 SCMI agent node that is named scmi [1]. As a consequence, change
implementation of the SCMI driver test through sandbox architecture to
reflect that.

This change updates sandbox test DT and sandbox SCMI driver accordingly
since all these are impacted.

Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
2022-03-02 17:42:06 -05:00
Etienne Carriere
4dea25a00d doc: binding: scmi: link to latest Linux kernel binding
Changes SCMI bindings documentation to relate to Linux kernel
source tree that recently changed the bindings description to YAML
format.

Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
2022-03-02 17:42:06 -05:00
Tom Rini
2dfdba4a5a Merge branch '2022-03-02-armv8-fixes-and-cleanups' into next
To quote the author:
I was looking into the arm64 boot code lately and stumbled upon some
issues. Also Nishanth brought back memories of a lengthy debug session,
which was caused due to U-Boot keeping SErrors masked. As the resulting
patches are all somewhat related, I gathered this series here to address
those problems.

Patches 1 to 3 address exception handling issues, with the SError
enablement being the most prominent fix here.
Patch 4 cleans up asm/io.h. This was on the list before[1], but was
somehow lost when it was intercepted by a shorter version of itself.
Patches 5 and 6 clean up some unnecessarily complicated AArch64 assembly
code.
2022-03-02 13:59:33 -05:00
Andre Przywara
5ff4857d35 armv8: Fix and simplify branch_if_master/branch_if_slave
The branch_if_master macro jumps to a label if the CPU is the "master"
core, which we define as having all affinity levels set to 0. To check
for this condition, we need to mask off some bits from the MPIDR
register, then compare the remaining register value against zero.

The implementation of this was slighly broken (it preserved the upper
RES0 bits), overly complicated and hard to understand, especially since
it lacked comments. The same was true for the very similar
branch_if_slave macro.

Use a much shorter assembly sequence for those checks, use the same
masking for both macros (just negate the final branch), and put some
comments on them, to make it clear what the code does.
This allows to drop the second temporary register for branch_if_master,
so we adjust all call sites as well.

Also use the opportunity to remove a misleading comment: the macro
works fine on SoCs with multiple clusters. Judging by the commit
message, the original problem with the Juno SoC stems from the fact that
the master CPU *can* be configured to be from cluster 1, so the
assumption that the master CPU has all affinity values set to 0 does not
hold there. But this is already mentioned above in a comment, so remove
the extra comment.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2022-03-02 13:59:29 -05:00
Andre Przywara
f660fe0bd3 armv8: Simplify switch_el macro
The switch_el macro is a neat contraption to handle cases where we need
different code depending on the current exception level, but its
implementation was longer than needed.

Simplify it by doing just one comparison, then using the different
condition codes to branch to the desired target. PState.CurrentEL just
holds two bits, and since we don't care about EL0, we can use >, =, < to
select EL3, EL2 and EL1, respectively.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2022-03-02 13:59:29 -05:00
Andre Przywara
7ab2e47d27 arm: Clean up asm/io.h
asm/io.h is the header file containing the central MMIO accessor macros.
Judging by the header and the comments, it was apparently once copied
from the Linux kernel, but has deviated since then *heavily*. There is
absolutely no point in staying close to the original Linux code anymore,
so just remove the old cruft, by:
- removing pointless Linux history
- removing commented code
- removing outdated comments
- removing unused definitions (for mem_isa)

This massively improves the readability of the file.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2022-03-02 13:59:29 -05:00
Andre Przywara
7ed340a828 armv8: Force SP_ELx stack pointer usage
In ARMv8 we have the choice between two stack pointers to use: SP_EL0 or
SP_ELx, which is banked per exception level. This choice is stored in
the SP field of PState, and can be read and set via the SPSel special
register. When the CPU takes an exception, it automatically switches to
the SP_ELx stack pointer.

Trusted Firmware enters U-Boot typically with SPSel set to 1, so we use
SP_ELx all along as our sole stack pointer, both for normal operation and
for exceptions.

But if we now for some reason enter U-Boot with SPSel cleared, we will
setup and use SP_EL0, which is fine, but leaves SP_ELx uninitialised.
When we now take an exception, we try to save the GPRs to some undefined
location, which will usually end badly.

To make sure we always have SP_ELx pointing to some memory, set SPSel
to 1 in the early boot code, to ensure safe operation at all times.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2022-03-02 13:59:29 -05:00
Andre Przywara
6c7691edd5 armv8: Always unmask SErrors
The ARMv8 architecture describes the "SError interrupt" as the fourth
kind of exception, next to synchronous exceptions, IRQs, and FIQs.
Those SErrors signal exceptional conditions from which the system might
not easily recover, and are normally generated by the interconnect as a
response to some bus error. A typical situation is access to a
non-existing memory address or device, but it might be deliberately
triggered by a device as well.
The SError interrupt replaces the Armv7 asynchronous abort.

Trusted Firmware enters U-Boot (BL33) typically with SErrors masked,
and we never enable them. However any SError condition still triggers
the SError interrupt, and this condition stays pending, it just won't be
handled. If now later on the Linux kernel unmasks the "A" bit in PState,
it will immediately take the exception, leading to a kernel crash.
This leaves many people scratching their head about the reason for
this, and leads to long debug sessions, possibly looking at the wrong
places (the kernel, but not U-Boot).

To avoid the situation, just unmask SErrors early in the ARMv8 boot
process, so that the U-Boot exception handlers reports them in a timely
manner. As SErrors are typically asynchronous, the register dump does
not need to point at the actual culprit, but it should happen very
shortly after the condition.

For those exceptions to be taken, we also need to route them to EL2,
if U-Boot is running in this exception level.

This removes the respective code snippet from the Freescale lowlevel
routine, as this is now handled in generic ARMv8 code.

Reported-by: Nishanth Menon <nm@ti.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2022-03-02 13:59:29 -05:00
Andre Przywara
e7588d81cd cmd: exception: arm64: fix undefined, add faults
The arm64 version of the exception command was just defining the
undefined exception, but actually copied the AArch32 instruction.

Replace that with an encoding that is guaranteed to be and stay
undefined. Also add instructions to trigger unaligned access faults and
a breakpoint.
This brings ARM64 on par with ARM(32) for the exception command.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2022-03-02 13:59:29 -05:00
Tom Rini
f861ffa660 Merge branch '2022-03-02-enable-pylint-in-CI' into next
To quote the author:
This series adds a new errors-only pylint check and adds it to the CI
systems.

It also fixes the current errors in the U-Boot Python code, disabling
errors where it seems necessary.

A small patch to buildman allows it to build sandbox without any changes
to the default config file
2022-03-02 10:38:00 -05:00
Simon Glass
642e51addf Azure/GitLab CI: Add the pylint checker
Add a check that new Python code does not regress the pylint score for
any module.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-03-02 10:28:12 -05:00
Simon Glass
fc8af3803f buildman: Update default config to build for sandbox
At present the default .buildman file written by buildman does not specify
a default toolchain. Add an 'other' line so this works correctly and
sandbox builds run as expected.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-03-02 10:28:12 -05:00
Simon Glass
f44a52af4d Makefile: Add a way to check for pylint errors
Add a new 'pylint_err' target which only reports errors, not warnings.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-03-02 10:28:12 -05:00
Simon Glass
9e0077796f test: Correct pylint errors
Fix pylint errors in all test.

This requires adding a get_spawn() method to the ConsoleBase base, so that
its subclass is happy.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-03-02 10:28:12 -05:00
Simon Glass
68a0b7156a moveconfig: Correct pylint errors
Fix two pylint errors in this file.

Note ACTION_SPL_NOT_EXIST is not defined so the dead code can be removed.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-03-02 10:28:12 -05:00
Simon Glass
8d2ef3e993 binman: Correct pylint errors
Fix pylint errors that can be fixed and mask those that seem to be
incorrect.

A complication with binman is that it tries to avoid importing libfdt
(or anything that imports it) unless needed, so that things like help
still work if it is missing.

Note that two tests are duplicated in binman and two others have
duplicate names, so both of these issues are fixed also.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-03-02 10:28:12 -05:00
Simon Glass
8a455fc08f dtoc: Correct pylint errors
Fix pylint errors in this directory.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-03-02 10:28:12 -05:00
Simon Glass
ac05335d85 buildman: Correct pylint errors
Fix pylint errors that can be fixed and mask those that seem to be
incorrect.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-03-02 10:28:12 -05:00
Simon Glass
32cc6ae273 patman: Correct pylint errors
Fix pylint errors that can be fixed and mask those that seem to be
incorrect.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-03-02 10:28:12 -05:00
Tom Rini
f9a719e295 Prepare v2022.04-rc3
Signed-off-by: Tom Rini <trini@konsulko.com>
2022-02-28 18:02:33 -05:00
Tom Rini
8df7e97047 Merge branch '2022-02-28-bugfixes'
- Assorted bugfixes
2022-02-28 15:45:52 -05:00
Linus Walleij
c2aed9cfb9 board: stemmy: Detect board variants and patch DTB
This patch scans the cmdline from the Samsung SBL (second stage
bootloader) and stores the parameters board_id=N and lcdtype=N
in order to augment the DTB for different board and LCD types.

We then add a custom ft_board_setup() callback that will inspect
the DTB and patch it using the stored LCD type. At this point
we know which product we are dealing with, so using the passed
board_id we can also print the board variant for diagnostics.

We patch the Codina, Skomer and Kyle DTBs to use the right
LCD type as passed in lcdtype from the SBL.

This also creates an infrastructure for handling any other
Samsung U8500 board variants that may need a slightly augmented
DTB.

Cc: Markuss Broks <markuss.broks@gmail.com>
Cc: Stephan Gerhold <stephan@gerhold.net>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2022-02-28 10:33:45 -05:00
Janne Grunau
6fb4f7387e arm: apple: Switch to fully dynamic mem layout
Support for Apple M1 Pro and Max will allow using a single binary for
all M1 SoCs. The M1 Pro/Max have a different memory layout. The RAM
start address is 0x100_0000_0000 instead of 0x8_0000_0000.
Replace the hardcoded memory layout with dynamic initialized
environment variables in board_late_init().

Tested on Mac Mini (2020) and Macbook Pro 14-inch (2021).

Signed-off-by: Janne Grunau <j@jannau.net>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
2022-02-28 10:33:45 -05:00
Felix Brack
551f426011 arm: pdu001: Setup pinmux for console UART as early as possible
To make sure we get a working console as soon as possible in the SPL the
UART pins require to be configured earlier. This is especially
true for the pins of UART3, since the PDU001 board uses this UART for
the console by default.

Signed-off-by: Felix Brack <fb@ltec.ch>
2022-02-28 10:33:11 -05:00
Felix Brack
286f94803e arm: pdu001: Fix early debugging UART
The changes from commit 0dba45864b ("arm: Init the debug UART")
prevent the early debug UART from being initialized correctly.
To fix this we not just configure the pin multiplexer but add setting up
early clocks.

Signed-off-by: Felix Brack <fb@ltec.ch>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-02-28 10:33:11 -05:00
Pali Rohár
11f29d4436 tools: mkimage/dumpimage: Allow to use -l with -T
Currently -l option for mkimage and dumpimage ignores option -T and always
tries to autodetect image type.

With this change it is possible to tell mkimage and dumpimage to parse
image file as specific type (and not random autodetected type). This allows
to use mkimage -l or dumpimage -l as tool for validating image.

params.type for -l option is now by default initialized to zero
(IH_TYPE_INVALID) instead of IH_TYPE_KERNEL. imagetool_get_type() for
IH_TYPE_INVALID returns NULL, which is assigned to tparams. mkimage and
dumpimage code is extended to handle tparams with NULL for -l option. And
imagetool_verify_print_header() is extended to do validation via tparams if
is not NULL.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-02-28 10:33:11 -05:00
Tom Rini
a900c7f816 Pull request for efi-2022-04-rc3
Documentation:
 
 * add man-page for fatload
 * add SMBIOS table page
 
 UEFI:
 
 * partial fix for UEFI secure boot with intermediate certs
 * disable watchdog when returning to command line
 * reset system after capsule update
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmIZ0JQACgkQxIHbvCwF
 GsS3fA/9GAvda+4uvrWKw7H4bI49m0mDEMyUWd9k8f4Tzk20130/dPONtXFrdgqM
 uStlcK0NapUPq7i4iNvur3mbwkTrbgF3ynmXvUak+Yj27jngQlXtFJtmdPCQqmBA
 OvhUL35AEsIef2ZTCTBZOOVhMO9EcG9TzAU/o4sLo5VOUmi4DcLPD8uLa+B8qd+N
 LYb1gUfbG9Y/ban/kw22b2ug1EUpx2PFpag4PB4ITK8KGoTu8LNco7PqEQU/muCc
 FUa2wHHFgNnO4aW5JoyAI8+Rmxw/ZSII0QU4AFTf3p+T5LGsHojHj/XMTUPk2oeS
 W36MMDeqNgfyH7PmkGDm03HPthPHLridAd9/5hyKynpzRhA/kmp2e3g5UUzfCG8H
 XMp4JM3Ki06beQPh+h3dj4b8UQeyyqhetuvZfZhW76apJqBC3/asbkooH9p4cSV9
 rr2wi4OdFb0f/nVrrVfnEZnqIQOgC4iuTo3FC5ruoElRgWCoLsf9zvvzFr+OS+d1
 qeD2nWNmY4MTC3PEtd7JV6c56KqkabmsD2bhOGLcxDjs/pwaKUm7p5wZx/AtNjN1
 haFa+3pSYl7oxCu1sWLWPdiuiRRpA+VEYj8JstR/KDcdCMHouFW7jdbarpHVQdZo
 kQ7FCchuTjL28scrZDXNMz6ODoKaLLVAmf3Nqq0upT3paVLI6uI=
 =XSzP
 -----END PGP SIGNATURE-----

Merge tag 'efi-2022-04-rc3' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2022-04-rc3

Documentation:

* add man-page for fatload
* add SMBIOS table page

UEFI:

* partial fix for UEFI secure boot with intermediate certs
* disable watchdog when returning to command line
* reset system after capsule update
2022-02-26 10:21:39 -05:00
Tom Rini
7228ef9482 Merge https://source.denx.de/u-boot/custodians/u-boot-sh
- rzg2_beacon updates
2022-02-26 10:21:13 -05:00
Masahisa Kojima
3fa9ed9ae3 efi_loader: update the timing of enabling and disabling EFI watchdog
UEFI specification requires that 5 minutes watchdog timer is
armed before the firmware's boot manager invokes an EFI boot option.
This watchdog timer is updated as follows, according to the
UEFI specification.

 1) The EFI Image may reset or disable the watchdog timer as needed.
 2) If control is returned to the firmware's boot manager,
    the watchdog timer must be disabled.
 3) On successful completion of EFI_BOOT_SERVICES.ExitBootServices()
    the watchdog timer is disabled.

1) is up to the EFI image, and 3) is already implemented in U-Boot.
This patch implements 2), the watchdog is disabled when control is
returned to U-Boot.

In addition, current implementation arms the EFI watchdog at only
the first "bootefi" invocation. The EFI watchdog must be armed
in every EFI boot option invocation.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-26 07:37:01 +01:00
Masami Hiramatsu
3e6f810006 efi_loader: test/py: Reset system after capsule update on disk
Add a cold reset soon after processing capsule update on disk.
This is required in UEFI specification 2.9 Section 8.5.5
"Delivery of Capsules via file on Mass Storage device" as;

    In all cases that a capsule is identified for processing the system is
    restarted after capsule processing is completed.

This also reports the result of each capsule update so that the user can
notice that the capsule update has been succeeded or not from console log.

Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-26 07:37:01 +01:00
Masami Hiramatsu
e7233c9c93 test/py: Handle expected reboot while booting sandbox
Add expected_reset optional argument to ConsoleBase::ensure_spawned(),
ConsoleBase::restart_uboot() and ConsoleSandbox::restart_uboot_with_flags()
so that it can handle a reset while the 1st boot process after main
boot logo before prompt correctly.

Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-26 07:37:01 +01:00
Masami Hiramatsu
06396e2e66 test/py: Handle expected reset by command
Add wait_for_reboot optional argument to ConsoleBase::run_command()
so that it can handle an expected reset by command execution.

This is useful if a command will reset the sandbox while testing
such commands, e.g. run_command("reset", wait_for_reboot = True)

Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-26 07:37:01 +01:00
Masami Hiramatsu
a6aafce494 efi_loader: use efi_update_capsule_firmware() for capsule on disk
Since the efi_update_capsule() represents the UpdateCapsule() runtime
service, it has to handle the capsule flags and update ESRT. However
the capsule-on-disk doesn't need to care about such things.

Thus, the capsule-on-disk should use the efi_capsule_update_firmware()
directly instead of calling efi_update_capsule().

This means the roles of the efi_update_capsule() and capsule-on-disk
are different. We have to keep the efi_update_capsule() for providing
runtime service API at boot time.

Suggested-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-02-26 07:37:00 +01:00
Ilias Apalodimas
bdcc0a9594 efi_loader: fix uefi secure boot with intermediate certs
The general rule of accepting or rejecting an image is
 1. Is the sha256 of the image in dbx
 2. Is the image signed with a certificate that's found in db and
    not in dbx
 3. The image carries a cert which is signed by a cert in db (and
    not in dbx) and the image can be verified against the former
 4. Is the sha256 of the image in db

For example SHIM is signed by "CN=Microsoft Windows UEFI Driver Publisher",
which is issued by "CN=Microsoft Corporation UEFI CA 2011", which in it's
turn is issued by "CN=Microsoft Corporation Third Party Marketplace Root".
The latter is a self-signed CA certificate and with our current implementation
allows shim to execute if we insert it in db.

However it's the CA cert in the middle of the chain which usually ends up
in the system's db.  pkcs7_verify_one() might or might not return the root
certificate for a given chain.  But when verifying executables in UEFI,  the
trust anchor can be in the middle of the chain, as long as that certificate
is present in db.  Currently we only allow this check on self-signed
certificates,  so let's remove that check and allow all certs to try a
match an entry in db.

Open questions:
- Does this break any aspect of variable authentication since
  efi_signature_verify() is used on those as well?

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-02-26 07:37:00 +01:00
AKASHI Takahiro
625d933edd tools: mkeficapsule: remove duplicated code
That code is mistakenly duplicated due to copy-and-paste error.
Just remove it.

Fixes: CID 348360
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-26 07:37:00 +01:00
Heinrich Schuchardt
57b98efa16 doc: describe fatload command
Man-page for fatload command.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-26 07:37:00 +01:00
Heinrich Schuchardt
5e04435970 doc: describe generation of SMBIOS table
SMBIOS is not x86 specific. So we should have an architecture independent
page describing it.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-02-26 07:37:00 +01:00