Commit graph

81590 commits

Author SHA1 Message Date
Marek Vasut
0c2c1c9415 doc: imx: habv4: Add Secure Boot guide for i.MX8M SPL targets
Add HABv4 documentation extension for SPL targets covering the
following topics:

- How to sign an securely boot an flash.bin container image.
- How to extend the root of trust for additional boot images.
- Add SPL and fitImage CSF examples.
- Add signature generation script example.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Breno Lima <breno.lima@nxp.com>
Cc: Fabio Estevam <festevam@denx.de>
Cc: Heiko Schocher <hs@denx.de>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Cc: Ye Li <ye.li@nxp.com>
2022-09-18 20:42:56 +02:00
Jesse Taube
f7aad713c5 ARM: imxrt1170_defconfig: Add i.MXRT1170 defconfig
Add a base defconfig for the i.MXRT1170

Signed-off-by: Jesse Taube <Mr.Bossman075@gmail.com>
2022-09-18 20:42:56 +02:00
Jesse Taube
7d9c6f1781 RAM: Add changes for i.MXRT11xx series
The i.MXRT11 series has different offsets for IOCR_MUX, it also can
address 64MiB of SDRAM so add a macro for that.

Signed-off-by: Jesse Taube <Mr.Bossman075@gmail.com>
2022-09-18 20:42:56 +02:00
Jesse Taube
79f7632e80 clk: imx: Add initial support for i.MXRT1170 clock driver
Add clock driver support for i.MXRT1170.

Signed-off-by: Jesse Taube <Mr.Bossman075@gmail.com>
2022-09-18 20:42:56 +02:00
Jesse Taube
2242ac5d80 clk: imx: Add i.MXRT11xx pllv3 variant
The i.MXRT11 series has two new pll types but are variants of existing.
This patch adds the ability to read one of the pll types' frequency
as it can't be changed unlike the generic pll it also has the
division factors swapped.

Signed-off-by: Jesse Taube <Mr.Bossman075@gmail.com>
2022-09-18 20:42:56 +02:00
Jesse Taube
3d579c11e0 dt-bindings: imx: Add clock binding for i.MXRT1170
Add the clock binding doc for i.MXRT1170.

Signed-off-by: Jesse Taube <Mr.Bossman075@gmail.com>
2022-09-18 20:42:56 +02:00
Jesse Taube
505efde27a ARM: dts: imx: add i.MXRT1170-EVK support
The NXP i.MXRT1170 Evaluation Kit (EVK) provides a platform for rapid
evaluation of the i.MXRT, which features NXP's implementation of the Arm
Cortex-M7 and Cortex-M4 core.

The EVK provides 64 MB SDRAM, Micro SD card socket,
USB 2.0 OTG.

This patch aims to support the preliminary booting up features
as follows:
GPIO
LPUART
SD/MMC
SDRAM

Signed-off-by: Jesse Taube <Mr.Bossman075@gmail.com>
2022-09-18 20:42:56 +02:00
Jesse Taube
a5b7a87673 ARM: dts: imxrt11170-pinfunc: Add pinctrl binding header
Add binding header for i.MXRT1170 pinctrl device tree.

Signed-off-by: Jesse Taube <Mr.Bossman075@gmail.com>
2022-09-18 20:42:56 +02:00
Jesse Taube
67e2df581c imx: imxrt1170-evk: Add support for the NXP i.MXRT1170-EVK
This commit adds board support for i.MXRT1170-EVK from NXP. This board
is an evaluation kit provided by NXP for i.MXRT117x processor family.

Signed-off-by: Jesse Taube <Mr.Bossman075@gmail.com>
2022-09-18 20:42:56 +02:00
Tom Rini
1977d72a69 Merge https://source.denx.de/u-boot/custodians/u-boot-marvell
- mvebu: turris_omnia: Fix setting switch CONFIG pins on new board
  design (Marek)
- orion-timer: Use timer_conv_64() to fix timer wrap around (Stefan)
2022-09-18 08:27:23 -04:00
Stefan Roese
5996a8a835 timer: orion-timer: Use timer_conv_64() to fix timer wrap around
While testing on some Kirkwood platforms it was noticed that the timer
did not function correctly all the time. The driver did not correctly
handle 32bit timer value wrap arounds. Using the timer_conv_64()
conversion function fixes this issue.

Fixes: e9e73d78a8 ("timer: add orion-timer support")
Suggested-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier-oss@weidmueller.com>
Signed-off-by: Stefan Roese <sr@denx.de>
Tested-by: Tony Dinh <mibodhi@gmail.com>
2022-09-18 12:41:57 +02:00
Marek Behún
711b5fd232 arm: mvebu: turris_omnia: Fix setting switch CONFIG pins on new board design
It seems that waiting only 10 ms after releasing LAN switch from reset
is not enough for the strapping pins to latch the requested values.
P6_MODE[0] is latched to 0 instead of 1.

Increasing the delay to 50 ms fixes this issue.

Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-09-18 12:41:57 +02:00
Tom Rini
4f2c559b9a - Fixes on STM32 I2C drivers
- Activate SCMI regulator for STM32MP15 defconfig, fix the usb start command
   for scmi device tree
 -----BEGIN PGP SIGNATURE-----
 
 iQEyBAABCgAdFiEE56Yx6b9SnloYCWtD4rK92eCqk3UFAmMjPigACgkQ4rK92eCq
 k3XvhAf4nV4kTsQ9pORh+vBdWPU0A3xUGmLQny9Sqt8zPa8pFqYRqbJ7PQgPk4mu
 reKeTTgNDfQgAk74py/gIa65iAIEKmcDcGT0Csoy6HiHuJcBUYz526GkX3b1hYmq
 zOS7Kz+itHmNwB3Lb97h2OgiS+qM2rfzTiucpG8XRnthfYb2dJ9ZkTkJ7Dr/w3CG
 8ayNitrNR6fycnUOhVG60eLvvbA8C6ztAoen9jU70zxl0waV0qaKXj+mpW1WM8bH
 7szLRF8F7UEbFSZkO7umSvwbOQosm2MX0mwyVqXohbIM//WiSMKPuqtxU+xNQ3Iy
 MjqXrnY5YAgo1yocurKGTs2NhzoV
 =fYNP
 -----END PGP SIGNATURE-----

Merge tag 'u-boot-stm32-20220915' of https://source.denx.de/u-boot/custodians/u-boot-stm

- Fixes on STM32 I2C drivers
- Activate SCMI regulator for STM32MP15 defconfig, fix the usb start command
  for scmi device tree
2022-09-15 12:17:49 -04:00
Jorge Ramirez-Ortiz
a22692dd81 i2c: stm32: fix usage of rise/fall device tree properties
These two device tree properties were not being applied.

Fixes: 1fd9eb68d6 ("i2c: stm32f7: move driver data of each instance in a privdata")
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Alain Volmat <alain.volmat@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reviewed-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Tested-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2022-09-15 14:59:29 +02:00
Alain Volmat
3bf699f7a8 i2c: stm32: do not set the STOP condition on error
Current function stm32_i2c_message_xfer is sending a STOP
whatever the result of the transaction is.  This can cause issues
such as making the bus busy since the controller itself is already
sending automatically a STOP when a NACK is generated.

Thanks to Jorge Ramirez-Ortiz for diagnosing and proposing a first
fix for this. [1]

[1] https://lore.kernel.org/u-boot/20220815145211.31342-2-jorge@foundries.io/

Reported-by: Jorge Ramirez-Ortiz, Foundries <jorge@foundries.io>
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: Alain Volmat <alain.volmat@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reviewed-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Tested-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2022-09-15 14:59:22 +02:00
Alain Volmat
bcc7509265 i2c: stm32: remove unused stop parameter in start & reload handling
Functions stm32_i2c_message_start and stm32_i2c_handle_reload
both get a stop boolean indicating if the transfer should end with
a STOP or not.  However no specific handling is needed in those
functions hence remove the parameter.

Signed-off-by: Alain Volmat <alain.volmat@foss.st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2022-09-15 14:58:57 +02:00
Alain Volmat
923d80288a i2c: stm32: fix comment and remove unused AUTOEND bit
Comment within stm32_i2c_message_start is misleading, indicating
that AUTOEND bit is setted while it is actually cleared.
Moreover, the bit is actually never setted so there is no need
to clear it hence get rid of this bit clear and the bit macro
as well.

Signed-off-by: Alain Volmat <alain.volmat@foss.st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2022-09-15 14:58:52 +02:00
Jorge Ramirez-Ortiz
9ef530f196 i2c: stm32f7: fix clearing the control register
Bits should be set to 0, not 1.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2022-09-15 14:58:49 +02:00
Patrick Delaunay
da6fe6b063 configs: stm32mp15: activate DM_REGULATOR_SCMI
Activate the support of SCMI regulator to support the scmi_reg11,
scmi_reg18 and scmi_usb33 regulators present in the scmi device tree of
STMicroelectronics boards with stm32mp15-scmi.dtsi

Fixes: 6cccc8d396 ("ARM: dts: stm32: add SCMI version of STM32 boards (DK1/DK2/ED1/EV1)")
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2022-09-15 14:58:42 +02:00
Tom Rini
d6a03711fd Merge https://source.denx.de/u-boot/custodians/u-boot-marvell
- mvebu: Armada 32bit: Cache setup fixes (Pali)
- cmd: mvebu/bubt: Misc enhancements (Pali)
- kirkwood: Add CONFIG_SUPPORT_PASSING_ATAGS (Tony)
- board: turris: Misc improvements (Pali)
- tools: kwboot: Change KWBOOT_MSG_RSP_TIMEO_AXP to 10ms (Stefan)
- tools: termios_linux.h: Fix compilation on non-glibc systems (Pali)
2022-09-13 08:19:42 -04:00
Pali Rohár
5818198e6a arm: mvebu: Fix moving internal registers
Commit 5bb2c550b1 ("arm: mvebu: Move internal registers in
arch_very_early_init() function") moved code from file cpu.c to lowlevel.c,
which moves Marvell internal registers from address INTREG_BASE_ADDR_REG to
SOC_REGS_PHY_BASE.

But the steps describing how to do it correctly were documented only in
older U-Boot versions and commit cefd764222 ("arm: mvebu: Fix internal
register config on A38x") probably unintentionally removed important
details about MMU from code comments around.

Commit 5bb2c550b1 ("arm: mvebu: Move internal registers in
arch_very_early_init() function") implemented code movement according to
(now incomplete) comments which resulted in semi-broken code.

The result is that I-cache is currently disabled for all Armada 38x boards
and maybe there are some other (unreported / undetected) issues.

Reimplement it correctly. First flush all caches, then disable MMU and L2
cache and then move Marvell internal registers. There is no need to
explicitly disable I-cache.

After this change lzmadec command with lzma image of 0x7000000 bytes is
doing decompression just 5 seconds. Before this change it was 30 seconds.

To make lowlevel.S code more readable, extend asm/pl310.h header file to be
compatible with assembler and use macros from this file.

Fixes: 5bb2c550b1 ("arm: mvebu: Move internal registers in arch_very_early_init() function")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-09-13 09:04:22 +02:00
Pali Rohár
4f2333ba88 arm: mvebu: Enable L2 cache also on Armada 38x
For some unknown reason when L2 cache is disabled on Armada 385 then loadb,
loadx and loady commands do not work with higher baudrates than 115200
(they just abort transfer) and lzmadec command with lzma image of size
0x7000000 (maybe even smaller, we tested this one) is doing decompression
for more than 2 minutes. After enabling L2 cache decompression takes only
30s and loadb, loadx and loady are stable and working fine.

git bisect identified problematic commit 3308933d2f ("arm: mvebu: Avoid
reading MVEBU_REG_PCIE_DEVID register too many times"). Before this commit
above issues were not present.

But investigation showed that above issue was possible to reproduce also by
reverting that commit and forcing compiler to do inline optimization of
mvebu_soc_family() function. Which seems that the root of this issue is in
caches and position of instruction of segments. So currently it is unknown
what is or was broken, but code movement, code inlining or other compiler
optimization triggered it.

Commit 3e5ce7ceeb ("arm: mvebu: Enable L2 cache on Armada XP") mentioned
that enabling L2 cache on Armada XP improved performance and that Armada
38x has L2 disabled (which is default state) and if needed it has to be
enabled in separate patch. As enabling L2 cache also improve performance
on Armada 38x, enable it.

Note that Aurora cache in no outer mode is available only on Armada XP,
hence it is not touched for Armada 38x code.

Fixes: 3308933d2f ("arm: mvebu: Avoid reading MVEBU_REG_PCIE_DEVID register too many times")
Reported-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-09-13 09:04:22 +02:00
Pali Rohár
a7199f4493 arm: mvebu: lowlevel.S: Use CR_M from asm/system.h
Replace magic constant 1 when disabling MMU by macro CR_M from include
header file asm/system.h.

Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-09-13 09:04:22 +02:00
Pali Rohár
2a0d9ae414 arm: mvebu: Guard non-AXP code by checking for AXP
Commit c86d53fd88 ("arm: mvebu: Don't disable cache at startup on Armada
XP at all") introduced branch for non-AXP code which was guarded by A38X
condition. Fix this issue by checking for AXP platform, not by A38X.

Fixes: c86d53fd88 ("arm: mvebu: Don't disable cache at startup on Armada XP at all")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-09-13 09:04:22 +02:00
Pali Rohár
117ef65502 arm: mvebu: Fix function enable_caches
Commit 3308933d2f ("arm: mvebu: Avoid reading MVEBU_REG_PCIE_DEVID
register too many times") broke support for caches on all Armada SoCs.

Before that commit there was code:

    if (mvebu_soc_family() != MVEBU_SOC_A375) {
        dcache_enable();
    }

And after that commit there is code:

    if (IS_ENABLED(CONFIG_ARMADA_375)) {
        dcache_enable();
    }

Comment above this code says that d-cache should be disabled on Armada 375.
But new code inverted logic and broke Armada 375 and slowed down all other
Armada SoCs (including A38x).

Fix this issue by changing logic to:

    if (!IS_ENABLED(CONFIG_ARMADA_375)) {
        dcache_enable();
    }

Which matches behavior prior that commit.

Fixes: 3308933d2f ("arm: mvebu: Avoid reading MVEBU_REG_PCIE_DEVID register too many times")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-09-13 09:04:22 +02:00
Pali Rohár
b120519d76 arm: mvebu: Mark constant data with const keyword
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-09-13 06:38:08 +02:00
Pali Rohár
cadda05a76 arm: mvebu: turris_omnia: Allow to use second serial port
Turris Omnia has two serial ports. Both are already specified in device
tree file. But U-Boot by default does not allow to use more than one serial
port unless CONFIG_SERIAL_PROBE_ALL is not enabled.

After enabling CONFIG_SERIAL_PROBE_ALL, U-Boot see also second serial port
(but is inactive by default):

    => coninfo
    List of available devices:
    serial@12000 00000007 IO stdin stdout stderr
    serial@12100 00000007 IO

To allow simultaneously to use more input / output devices it is needed to
enable CONFIG_CONSOLE_MUX option.

With CONFIG_CONSOLE_MUX it is possible to call:

    => setenv stdout 'serial@12000,serial@12100'

And U-Boot output is then visible on both serial ports.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-09-13 06:38:08 +02:00
Pali Rohár
634aa8e586 tools: termios_linux.h: Fix compilation on non-glibc systems
TCGETS2 is defined in header file asm/ioctls.h provided by linux kernel.
On glib systems it is automatically included by some other glibc include
header file and therefore TCGETS2 is present in termios_linux.h when
linux kernel provides it.

On non-glibc systems (e.g. musl) asm/ioctls.h is not automatically included
which results in the strange error that BOTHER is supported, TCGETS2 not
defined and struct termios does not provide c_ispeed member.

    tools/kwboot.c: In function 'kwboot_tty_change_baudrate':
    tools/kwboot.c:662:6: error: 'struct termios' has no member named 'c_ospeed'
      662 |   tio.c_ospeed = tio.c_ispeed = baudrate;
          |      ^

Fix this issue by explicitly including asm/ioctls.h file which provides
TCGETS2 macro (if supported on selected architecture) to not depending on
glibc auto-include behavior and because termios_linux.h requires it.

With this change it is possible compile kwboot with musl libc.

Reported-by: Michal Vasilek <michal.vasilek@nic.cz>
Signed-off-by: Pali Rohár <pali@kernel.org>
2022-09-13 06:38:08 +02:00
Pali Rohár
64c422b14f arm: mvebu: turris_mox: Add support for distroboot $fdt_addr
$fdt_addr is mandatory for systems which provides DTB in HW (e.g. ROM) and
wishes to pass that DTB to Linux.

Turris Mox contains DTB binary in SPI NOR memory at "dtb" partition which
starts at offset 0x7f0000 and is 0x10000 bytes long.

Armada 3700 CPU does not allow mapping SPI NOR memory into physical address
space like on other architectures and therefore set $fdt_addr variable to
memory range in RAM and loads this DTB binary from SPI NOR in misc_init_r()
function.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-09-13 06:38:08 +02:00
Pali Rohár
109dde0497 arm: mvebu: turris_{omnia, mox}: Reset bootdelay env for rescue
When rescue mode was activated reset also bootdelay env variable to its
default value. This will ensure that reset button works and starts rescue
mode also in the case when user changed bootdelay env variable to -1 (which
has meaning to not start autoboot).

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-09-13 06:38:08 +02:00
Pali Rohár
7bb9ea47e1 board: turris: Initialize serial# env
Store serial number from atsha cryptochip into the serial# env variable.
U-Boot automatically puts content of this variable into the root device
tree property serial-number when booting Linux kernel. Refactor turris
atsha code and from turris_atsha_otp_get_serial_number() function returns
directly string suitable for printing or storing into device tree. Because
during different boot stages is env storage read-only, it is not possible
to always store serial number into env storage. So introduce a new function
turris_atsha_otp_init_serial_number() which is called at later stage and
which ensures that serial number is correctly stored into env.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-09-13 06:38:08 +02:00
Pali Rohár
8ac3615e8d arm: mvebu: Espressobin: When emmc is not present disable it also in OF_LIVE
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-09-13 06:38:08 +02:00
Pali Rohár
f7b0bbca2b cmd: mvebu/bubt: Check for A38x/A37xx OTP secure bits and secure boot
For obvious reasons BootROMS rejects unsigned images when secure boot is
enabled in OTP secure bits. So check for OPT secure bits and do not allow
flashing unsigned images when secure boot is enabled. Access to OTP via
U-Boot fuse API is currently implemented only for A38x and A37xx SoCs.

Additionally Armada 3700 BootROM rejects signed trusted image when secure
boot is not enabled in OTP. So add also check for this case. On the other
hand Armada 38x BootROM acceps images with secure boot header when secure
boot is not enabled in OTP.

OTP secure bits may have burned also boot device source. Check it also and
reject flashing images to target storage which does not match OTP.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-09-13 06:38:08 +02:00
Pali Rohár
5a06534933 cmd: mvebu/bubt: Check for A38x image data checksum
Currently for A38x image is checked only header checksum.
So check also for image data checksum to prevent flashing broken image.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-09-13 06:38:08 +02:00
Stefan Roese
ca076d9689 tools: kwboot: Change KWBOOT_MSG_RSP_TIMEO_AXP to 10ms
Testing on the theadorable Armada XP platform has shown, thaz using the
current value of 1000ms as response timeout does not result in reliable
booting via kwboot. Using 10ms seems to be much better. So let's change
this value to this 10ms instead.

Signed-off-by: Stefan Roese <sr@denx.de>
Acked-by: Pali Rohár <pali@kernel.org>
2022-09-13 06:38:08 +02:00
Tony Dinh
a8a0c55f9d arm: kirkwood: Add CONFIG_SUPPORT_PASSING_ATAGS
Add CONFIG_SUPPORT_PASSING_ATAGS and friends to support legacy
image method of booting. Debian and OpenWrt installer use uImage
with appended DTB for these Kirkwood boards.

Signed-off-by: Tony Dinh <mibodhi@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-09-13 06:38:08 +02:00
Tom Rini
0ba282e0ee Binman VPL support (patch was lost)
Add board_rng_seed() as a temporary solution
 -----BEGIN PGP SIGNATURE-----
 
 iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAmMfNjoRHHNqZ0BjaHJv
 bWl1bS5vcmcACgkQfxc6PpAIreaPVAf/SjZXU864AaleX1mCYtOSdhpAictwaJwY
 k1MJ/NxuRzvkF+yUMqnJMXVCUno3M9g3zYP4caworu2xL/YEXKCCswyowpNGBMZP
 uR84CgroKxLMjx2OPyWIpaAYEJz6O61Nj3AXuUx7y9XwOCiDImOi1et97LfgPA/z
 sxBp7Q0QpPMFWiJ6oijH9PdnzoN2A2ddSSYzDiRUtCOsc5XOq6rx27PH10yDyFyV
 oBhE/siuERnIt/MvPqs0aNIiKJ6lyjcqkMnDU94LD36EAT6Z3ll5tzJR1f7+DC3p
 VFppSypxCJdIw07qliCcCFQhFAe5BcmWQ+FuDydWu3OjOVc/WX0V2w==
 =r1u5
 -----END PGP SIGNATURE-----

Merge tag 'dm-pull-12sep22' of https://source.denx.de/u-boot/custodians/u-boot-dm

Binman VPL support (patch was lost)
Add board_rng_seed() as a temporary solution
2022-09-12 09:47:16 -04:00
Simon Glass
6ad2452bc6 binman: Add VPL support
Add support for U-Boot's Verifying Program Loader phase.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-09-12 06:41:14 -06:00
Rasmus Villemoes
6dca1d9ad3 fdt_support: add optional board_rng_seed() hook
A recurring theme on LKML is the boot process deadlocking due to some
process blocking waiting for random numbers, while the kernel's
Cryptographic Random Number Generator (crng) is not initalized yet,
but that very blocking means no activity happens that would generate
the entropy necessary to finalize seeding the crng.

This is not a problem on boards that have a good hwrng (when the
kernel is configured to trust it), whether in the CPU or in a TPM or
elsewhere. However, that's far from all boards out there. Moreover,
there are consumers in the kernel that try to obtain random numbers
very early, before the kernel has had any chance to initialize any
hwrng or other peripherals.

Allow a board to provide a board_rng_seed() function, which is
responsible for providing a value to be put into the rng-seed property
under the /chosen node.

The board code is responsible for how to actually obtain those
bytes.

- One possibility is for the board to load a seed "file" from
  somewhere (it need not be a file in a filesystem of course), and
  then ensure that that the same seed file does not get used on
  subsequent boots.

  * One way to do that is to delete the file, or otherwise mark it as
    invalid, then rely on userspace to create a new one, and living
    with the possibility of not finding a seed file during some boots.

  * Another is to use the scheme used by systemd-boot and create a new
    seed file immediately, but in a way that the seed passed to the
    kernel and the new (i.e. next) seed cannot be deduced from each
    other, see the explanation at
    https://lore.kernel.org/lkml/20190929090512.GB13049@gardel-login/
    and the current code at
    https://github.com/systemd/systemd/blob/main/src/boot/efi/random-seed.c

- The board may have an hwrng from which some bytes can be read; while
  the kernel can also do that, doing it in U-Boot and providing a seed
  ensures that even very early users in the kernel get good random
  numbers.

- If the board has a sensor of some sort (temperature, humidity, GPS,
  RTC, whatever), mixing in a reading of that doesn't hurt.

- etc. etc.

These can of course be combined.

The rng-seed property is mixed into the pool used by the linux
kernel's CRNG very early during boot. Whether it then actually
contributes towards the kernel considering the CRNG initialized
depends on whether the kernel has been configured with
CONFIG_RANDOM_TRUST_BOOTLOADER (nowadays overridable via the
random.trust_bootloader command line option). But that's for the BSP
developer to ultimately decide.

So, if the board needs to have all that logic, why not also just have
it do the actual population of /chosen/rng-seed in ft_board_setup(),
which is not that many extra lines of code?

I considered that, but decided handling this logically belongs in
fdt_chosen(). Also, apart from saving the board code from the few
lines of boilerplate, doing it in ft_board_setup() is too late for at
least some use cases. For example, I want to allow the board logic to
decide

  ok, let's pass back this buffer and use that as seed, but also let's
  set random.trust_bootloader=n so no entropy is credited.

This requires the rng-seed handling to happen before bootargs
handling. For example, during the very first boot, the board might not
have a proper seed file, but the board could still return (a hash of)
some CPU serial# or whatnot, so that at least no two boards ever get
the same seed - the kernel always mixes in the value passed in
rng-seed, but if it is not "trusted", the kernel would still go
through the same motions as it would if no rng-seed was passed before
considering its CRNG initialized. I.e., by returning that
unique-to-this-board value and setting random.trust_bootloader=n, the
board would be no worse off than if board_rng_seed() returned nothing
at all.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
2022-09-12 06:41:14 -06:00
Tom Rini
a5fc388ed9 Pull request for efi-2022-10-rc5
Documentation:
 
 * man-page for tftpput
 
 UEFI:
 
 * fix driver binding protocol for block IO devices
 * don't delete invalid handles
 * add a unit test for the EFI Conformance Profile Table
 
 Other:
 
 * correct short text for tftpboot
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmMbeUEACgkQxIHbvCwF
 GsSGsw//WJAuuzP5ufWGxJk2pR9v9LatIsV+w2W1fBTsTb/dbMZ4Sika2Z1izeer
 vmakldnOTLoTXZxng/Ke9J7PEefS8NSUgHbXYLq6a5ckrsji58kGHhDvUjrU2eOf
 D4SBh8eGW/wgmnzHgmsVU0vcXbtWUomWlV4v8SGjYWq5KOTOdFGYmMddqv8cnUVa
 wXHktLaDi9TzzFdfeYPbAlKboQTdRkw0CbzY8z6jlxm2Yd/i7Iw9v7MWwFN5rv1N
 Zlx9Kl0SV1Jz//yzUajyiXXVYK+kVcpjDcvOPhx4GL96mcvW4yyGlOKjpUkTR3H3
 l7112u4lwNSUIJIeDMCazqKgdGMsl+RLuJymAIRCdaBs3c0FsuX4WHNAr0H1KT9X
 oVnzeBKZKjFTT76Q39F80O0JrdDMxqMm1fGiy1ySlRCJNd+dlYZKoopt8PpWkk1E
 IBHsE1m1OXe+n2PNrh6YR9egv9RmfdwBEl0wBftNb9DQ+gNAvR7wVRpmDRCqYuBR
 l/k6GsznHK4hh1Wh+BhrrUeQ3YbboK3RvGA9toYp6BEk/5F2dDuy5pVM7OETjGEY
 DaKjqPjMv41SCIzpcEkzPJEvQ0tEFuk+GEC168IXQmcV/gttvuLNLFfnlLE1amQr
 g09ePeaXKzjiWYSi5wEz1GQs7W9WBnJ5+2zOL41ih125xra6/NE=
 =1zZW
 -----END PGP SIGNATURE-----

Merge tag 'efi-2022-10-rc5' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2022-10-rc5

Documentation:

* man-page for tftpput

UEFI:

* fix driver binding protocol for block IO devices
* don't delete invalid handles
* add a unit test for the EFI Conformance Profile Table

Other:

* correct short text for tftpboot
2022-09-09 15:07:05 -04:00
Heinrich Schuchardt
8cf8ad3533 efi_driver: don't bind internal block devices
UEFI block devices can either mirror U-Boot's internal devices or be
provided by an EFI application like iPXE.

When ConnectController() is invoked for the EFI_BLOCK_IO_PROTOCOL
interface for such an application provided device we create a virtual
U-Boot block device of type "efi_blk".

Currently we do not call ConnectController() when handles for U-Boot's
internal block devices are created. If an EFI application calls
ConnectController() for a handle relating to an internal block device,
we erroneously create an extra "efi_blk" block device.

E.g. the UEFI shell has a command 'connect -r' which calls
ConnectController() for all handles with device path protocol.

In the Supported() method of our EFI_DRIVER_BINDING_PROTOCOL return
EFI_UNSUPPORTED when dealing with an U-Boot internal device.

Reported-by: Etienne Carriere <etienne.carriere@linaro.org>
Fixes: commit 05ef48a248 ("efi_driver: EFI block driver")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-09-09 16:07:54 +02:00
Etienne Carriere
7932548939 lib: efi_loader: don't delete invalid handles
Change efi_delete_handle() to not free EFI handles twice.

This change tries to resolved an issue seen since U-Boot v2022.07
in which ExitBootService() attempts to release some EFI handles twice.

The issue was seen booting a EFI shell that invokes 'connect -r' and
then boots a Linux kernel. Execution of connect command makes EFI
subsystem to bind a block device for each root block devices EFI handles.
However these EFI device handles are already bound to a driver and we
can have 2 registered devices relating to the same EFI handler. On
ExitBootService(), the loop removing the devices makes these EFI handles
to be released twice which corrupts memory.

This patch prevents the memory release operation caused by the issue but
but does not resolve the underlying problem.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

Add log message.
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-09-09 16:07:54 +02:00
Heinrich Schuchardt
1e30e377a6 efi_selftest: unit test for EFI Conformance Profile Table
Add a new unit test to test the integrity of the
EFI Conformance Profile Table.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-09-09 16:07:54 +02:00
Heinrich Schuchardt
b33f246c0b efi_selftest: export efi_st_get_config_table()
We can use efi_st_get_config_table() in multiple unit tests.
Export the function.

Export system-table and boot-services.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-09-09 16:07:54 +02:00
Heinrich Schuchardt
afb70d1ef4 doc: man-page for tftpput
Provide a man-page for the tftpput command.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-09-09 16:07:54 +02:00
Heinrich Schuchardt
651031ef7c cmd: correct short text for tftpboot
The command's name is a misnomer.
The command loads a file but does not run (boot) it.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-09-09 16:07:54 +02:00
Heinrich Schuchardt
5f46c6eba5 cmd: fix tftpput command
Calling tftpput with less than 2 arguments must lead to a failure.

If tftpput is called with two arguments, these are the address and
the size of the file to be transferred.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-09-09 16:07:54 +02:00
Tom Rini
e9de8c8c64 - simplify the STM32MP15x package parsing code
- remove test on CONFIG_DM_REGULATOR in stm32mp1 board
   and enable CONFIG_DM_REGULATOR for stm32f769-disco
 - handle ck_usbo_48m clock provided by USBPHYC to fix the command 'usb start'
   after alignment with Linux kernel v5.19 DT (clocks = <&usbphyc>)
 - Fix SYS_HZ_CLOCK value for stih410-b2260 board
 - Switch STMM32MP15x DHSOM to FMC2 EBI driver
 - Remove hwlocks from pinctrl in STM32MP15x to avoid issue with kernel
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEE56Yx6b9SnloYCWtD4rK92eCqk3UFAmMZoW4ACgkQ4rK92eCq
 k3W2MAgAsmy2aSlMYo/AGlJ/KCrZuk6OirNHtdOdacvbcdUUbpkNpBSjdkrRm2If
 VUnY1utIIJe6gFgnBUxXJ3RF5FZuhkdawc6V25HtDp6H3WamzJknKs5Vc4TlKp59
 hZCOto7/+G/cd2XLdCKFUBl+new1pdDPsEm56+57DeZ7QGAQRX35PUQ5+HBjQJ/N
 n/wJgS6wkEdIQLLwmCVxbHUkC+pRotTza5F2A0qZJgYPMcMpVFYKtzIa4GbWB5YS
 MKGHbM8f3C8RLPQaHHTRycoA2Yor1I52B4Oi7605c5zHQr9pjrgtWsernDzkIhsB
 ThYHSYQBUBTY4HBfzFwzCkVGqqLWNg==
 =PMFY
 -----END PGP SIGNATURE-----

Merge tag 'u-boot-stm32-20220907' of https://source.denx.de/u-boot/custodians/u-boot-stm

- simplify the STM32MP15x package parsing code
- remove test on CONFIG_DM_REGULATOR in stm32mp1 board
  and enable CONFIG_DM_REGULATOR for stm32f769-disco
- handle ck_usbo_48m clock provided by USBPHYC to fix the command 'usb start'
  after alignment with Linux kernel v5.19 DT (clocks = <&usbphyc>)
- Fix SYS_HZ_CLOCK value for stih410-b2260 board
- Switch STMM32MP15x DHSOM to FMC2 EBI driver
- Remove hwlocks from pinctrl in STM32MP15x to avoid issue with kernel
2022-09-08 08:33:41 -04:00
Tom Rini
e3fce5e560 Merge tag 'fsl-qoriq-2022-9-7' of https://source.denx.de/u-boot/custodians/u-boot-fsl-qoriq
- Pali's patch not in my patchwork, got missed.
- Sean's patch pending for sometime, I just fix conflict when apply
  Sean's patch, so pick up.
2022-09-07 08:39:12 -04:00
Tom Rini
fc2f4085d3 binman fixes for bintool support
-----BEGIN PGP SIGNATURE-----
 
 iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAmMYjgoRHHNqZ0BjaHJv
 bWl1bS5vcmcACgkQfxc6PpAIrea87Af9H605i3fkhZEmQUoGLgYVHnL6HTnWqVOk
 1H7ysnSGkErwZKx+jQXG6dbW0Rkx4yPDYUMRkXQOdJPpgHZXlcp7FtOin3jT00Z/
 M0+Se4NF4pUBqBdaNWtsSAicS+2snfbcHErI60XU2bu/E86Es+rqFstUZfd/Hcw9
 HxFOf9pT8dbokg1K3hYh1tBco0NC4+iHfWheDWV9qLOQxG5LdzCWlBKkt9pegljH
 NHKrjMYvpU68e80I8rPIppJxyHipZgXorr9JKFLqS6cNgolbPF+cy9K10zEObno5
 DCY7IuBv2BmY5ghwW2oN90gXkT0jqatSBbYBlu8oG0ioyRY2MDv6Yw==
 =i2Ik
 -----END PGP SIGNATURE-----

Merge tag 'dm-pull-7sep22' of https://source.denx.de/u-boot/custodians/u-boot-dm

binman fixes for bintool support
2022-09-07 08:38:44 -04:00