This commit adds the menu-driven interface to show the
signature list content.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This commit adds the menu-driven UEFI Secure Boot Key
enrollment interface. User can enroll PK, KEK, db
and dbx by selecting file.
Only the signed EFI Signature List(s) with an authenticated
header, typically '.auth' file, is accepted.
To clear the PK, KEK, db and dbx, user needs to enroll the null key
signed by PK or KEK.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
EFI_SIMPLE_FILE_SYSTEM_PROTOCOL is not always provided
by U-Boot. Use protocol interface functions instead of
U-Boot internal functions.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Following commits are adding support for UEFI variable management
via the eficonfig menu. Those functions needs to use
eficonfig_create_device_path() to construct the full device path
from device path of the volume and file path, so move it
out of their static declarations.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
All the eficonfig menus other than "Change Boot Order"
use 'eficonfig_entry' structure for each menu entry.
This commit refactors change boot order implementation
to use 'eficonfig_entry' structure same as other menus
to have consistent menu handling.
This commit also simplifies the data->active handling when
KEY_SPACE is pressed, and sizeof() parameter.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Following commits are adding support for UEFI variable management
via the eficonfig menu. Those functions needs to use
append_entry() and append_quit_entry() to construct the
menu, so move them out of their static declarations.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
eficonfig_select_file_handler() is commonly used to select the
file. eficonfig_display_select_file_option() adds an additional
menu to clear the selected file.
eficonfig_display_select_file_option() is not always necessary
for the file selection process, so it must be outside of
eficonfig_select_file_handler().
This commit also renames the following functions to avoid confusion.
eficonfig_select_file_handler() -> eficonfig_process_select_file()
eficonfig_select_file() -> eficonfig_show_file_selection()
eficonfig_display_select_file_option() -> eficonfig_process_show_file_option()
Finally, test_eficonfig.py need to be updated to get aligned with
the above modification.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The word tuples might be misleading.
Suggested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Use unsigned char for the parameter of efi_st_strcmp_16_8. This allows
comparing characters 0x80 - 0xff.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
If the array index 'i' < 128, the 'codepage' array is accessed using
[-128...-1] in efi_unicode_collation.c:262. This can lead to a buffer
overflow.
Negative index in efi_unicode_collation.c:262.
The index of the 'codepage' array should be c - 0x80 instead of i - 0x80.
Fixes: 0bc4b0da7b ("efi_loader: EFI_UNICODE_COLLATION_PROTOCOL")
Signed-off-by: Mikhail Ilin <ilin.mikhail.ol@gmail.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Since commit c2fd0ca1a8
("watchdog: Integrate watchdog triggering into the cyclic framework")
GD_FLG_WDT_READY has become write-only. This patch now removes this
flag completely.
The vacant spot in gd_flags is filled with the newly introduced
GD_FLG_CYCLIC_RUNNING flag.
Suggested-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Stefan Roese <sr@denx.de>
Checking for DM_RESET is not enough since not all watchdog
implementations use a reset lane. Such is the case for Rockchip
implementation for example. Since reset_assert_bulk will only succeed if
the resets property exists in the watchdog DT node, it needs to be
called only if a reset property is present.
This adds a condition on the resets property presence in the watchdog DT
node before assuming a reset lane needs to be fetched with
reset_assert_bulk, by calling ofnode_read_prop.
Cc: Quentin Schulz <foss+uboot@0leil.net>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
The code for these two options depends on having the FIT loadables
recorded in the FDT. Thus, these options require the full version of
the SPL_LOAD_FIT code.
Signed-off-by: Samuel Holland <samuel@sholland.org>
DFU implementation does not bound the length field in USB
DFU download setup packets, and it does not verify that
the transfer direction. Fixing the length and transfer
direction.
CVE-2022-2347
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@amd.com>
Reviewed-by: Marek Vasut <marex@denx.de>
This reverts commit d2e64d29c4.
This commit broke support for pound sign (£) and euro sign (€) keys on
Nokia N900 keypad.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Instead of overwriting $loadaddr variable, use custom temporary
$fileloadaddr variable. So scripts can access default/original address
stored in $loadaddr at build time.
Signed-off-by: Pali Rohár <pali@kernel.org>
Add example command how to compile U-Boot and add new documentation section
describing how to enable early debug UART and verbose log output for N900.
Signed-off-by: Pali Rohár <pali@kernel.org>
Apply commit 534f0fbd65 ("arm64: Fix relocation of env_addr if
POSITION_INDEPENDENT=y") also for 32-bit ARM.
This change fixes crashing of U-Boot on ARMv7 (Omap3 / Cortex-A8) Nokia N900
phone (real HW). Note that qemu emulator of this board with same u-boot.bin
binary has not triggered this crash.
Crash happened after U-Boot printed following debug lines to serial console:
initcall: 0001ea8c (relocated to 8fe0aa8c)
Loading Environment from <NULL>... Using default environment
Destroy Hash Table: 8fe25a98 table = 00000000
Create Hash Table: N=387
Signed-off-by: Pali Rohár <pali@kernel.org>
Due to usage of PREBOOT in Kconfig, macro CONFIG_PREBOOT is always defined
when CONFIG_USE_PREBOOT is enabled. In case CONFIG_PREBOOT is not
explicitly enabled it is set to empty C string and therefore
'#ifdef CONFIG_PREBOOT' guard does not work. Fix this issue by introducing
a new Kconfig symbol PREBOOT_DEFINED which cause to define new C macro
CONFIG_PREBOOT_DEFINED only when CONFIG_PREBOOT is really defined.
Change usage of '#ifdef CONFIG_PREBOOT' by '#ifdef CONFIG_USE_PREBOOT' for
code which checks if preboot code would be called and by
'#ifdef CONFIG_PREBOOT_DEFINED' for defining preboot code.
Signed-off-by: Pali Rohár <pali@kernel.org>
- Fix and improve microchip's clock driver to allow sync'ing DTS with linux
- Improve the help message in "SBI_V02" Kconfig
- Improve DTS property "isa-string" parsing rule
Heinrich reports that on RISC-V unaligned access is emulated by OpenSBI
which is very slow. Performance wise it's better if we skip the calls
to u16_strdup() -- which in turn calls u16_strsize() and just allocate/copy the
memory directly. The access to dp.length may still be unaligned, but that's
way less than what u16_strsize() would do
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Use malloc() instead of calloc().
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Closing the files uses the EFI protocol and specifically it's .close
callback. This needs to be wrapped on an EFI_CALL()
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
UEFI specification requires pointers that are passed to protocol member
functions to be aligned. There's a u16_strdup in that function which
doesn't make sense otherwise Add a comment so no one removes it
accidentally
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The 'ret' variable must be initialized before use
in eficonfig_delete_invalid_boot_option().
Fixes: c416f1c0bc ("bootmenu: add removable media entries")
Addresses-Coverity: 376207 ("Uninitialized variables")
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Provide a description of the function's logic.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Goto for an immediately succeeding label is superfluous.
Fixes: 87d791423a ("eficonfig: menu-driven addition of UEFI boot option")
Addresses-Coverity: 376202 ("Identical code for different branches")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
If the va_list we got handed over contains no protocols we must return
EFI_SUCCESS. However in that case the current code just returns
an unintialized value.
Fix that by setting the return value in the variable definition
Addresses-Coverity: CID 376195: ("Uninitialized variables (UNINIT)")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Sphinx 5.0 and later fails to build when language is set to None:
Warning, treated as error:
Invalid configuration value found: 'language = None'. Update your configuration to a valid langauge code. Falling back to 'en' (English)
Let's set the language to English since it is the language used for the
documentation.
Cc: Quentin Schulz <foss+uboot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Provide a man-page for the bootd command.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The documentation of struct host_ops should be Sphinx compliant.
Fixes: 9bd1aa8af2 ("dm: sandbox: Create a new HOST uclass")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Correct GD_FLG_CYCLIC_RUNNING documentation to match Sphinx style.
Fixes: d7de5ef629 ("cyclic: use a flag in gd->flags for recursion protection")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Describe that CONFIG_SBI_V02=y does not mean SBI specification v0.2
but v0.2 or later.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Rick Chen <rick@andestech.com>
We should check the string until it hits underscore, in case it
searches multi-letter extensions. For example, "rv64imac_xandes"
will be treated as D extension support since there is a "d" in
"andes", resulting illegal instruction caused by initializing FCSR.
Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Rick Chen <rick@andestech.com>
Reviewed-by: Padmarao Begari <padmarao.begari@microchip.com>
Reviewed-by: Samuel Holland <samuel@sholland.org>
The initial devicetree for PolarFire SoC incorrectly created a fixed
frequency clock in the devicetree to represent the msspll, but the
msspll is not a fixed frequency clock. The actual reference clock on a
board is either 125 or 100 MHz, 125 MHz in the case of the icicle kit.
Swap the incorrect representation of the msspll out for the actual
reference clock.
Fixes: dd4ee416a6 ("riscv: dts: Add device tree for Microchip Icicle Kit")
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Reviewed-by: Padmarao Begari <padmarao.begari@microchip.com>
Sync the critical clocks in the U-Boot driver with those marked as
critical in Linux. The Linux driver has an explanation of why each clock
is considered to be critical, so import that too.
Fixes: 2f27c9219e ("clk: Add Microchip PolarFire SoC clock driver")
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Reviewed-by: Padmarao Begari <padmarao.begari@microchip.com>
Not all "periph" clocks are children of the AHB clock, some have the AXI
clock as their parent & the mtimer clock is derived from the external
reference clock directly. Stop assuming the AHB clock to be the parent
of all "periph" clocks and define their correct parents instead.
Fixes: 2f27c9219e ("clk: Add Microchip PolarFire SoC clock driver")
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Reviewed-by: Padmarao Begari <padmarao.begari@microchip.com>
Tested-by: Padmarao Begari <padmarao.begari@microchip.com>
The original devicetrees for PolarFire SoC messed up & defined the
msspll's output as a fixed-frequency, 600 MHz clock & used that as the
input for the clock controller node. The msspll is not a fixed
frequency clock and later devicetrees handled this properly. Check the
devicetree & if it is one of the fixed ones, register the msspll.
Otherwise, skip registering it & pass the reference clock directly to
the cfg clock registration function so that existing devicetrees are
not broken by this change.
As the MSS PLL is not a "cfg" or a "periph" clock, add a new driver for
it, based on the one in Linux.
Fixes: 2f27c9219e ("clk: Add Microchip PolarFire SoC clock driver")
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Reviewed-by: Padmarao Begari <padmarao.begari@microchip.com>
Tested-by: Padmarao Begari <padmarao.begari@microchip.com>
Currently the clock driver for PolarFire SoC takes a very naive approach
to the relationship between clocks. It reads the dt to get an input
clock, assumes that that is fixed frequency, reads the "clock-frequency"
property & uses that to set up both the "cfg" and "periph" clocks.
Simplifying for the sake of incremental fixes, the "correct" parentage for
the clocks currently supported in U-Boot is that the "cfg" clocks should
be children of the fixed frequency clock in the dt. The AHB clock is one
of these "cfg" clocks and is the parent of the "periph" clocks.
Instead of passing the clock rate of the fixed-frequency clock to the
"cfg" and "periph" registration functions and the name of the parents,
pass their actual parents & use clk_get_rate() to determine their parents
rates.
The "periph" clocks are purely gate clocks and should not be reading the
AHB clocks registers to determine their rates, as they can simply report
the output of clk_get_rate() on their parent.
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Reviewed-by: Padmarao Begari <padmarao.begari@microchip.com>
When this binding header was initally upstreamed, the PLL clocking the
microprocessor subsystem (MSS) and the RTC reference clocks were
omitted. Add them now, matching the IDs used in Linux.
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Reviewed-by: Padmarao Begari <padmarao.begari@microchip.com>