As things stand currently, there is only one PowerPC platform that
enables the options for CHAIN_OF_TRUST. From the board header files,
remove a number of never-set options. Remove board specific values from
arch/powerpc/include/asm/fsl_secure_boot.h as well. Rework
include/config_fsl_chain_trust.h to not abuse the CONFIG namespace for
constructing CHAIN_BOOT_CMD. Migrate all of the configurable addresses
to Kconfig.
If any platforms are re-introduced with secure boot support, everything
required should still be here, but now in Kconfig, or requires migration
of an option to Kconfig.
Cc: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
The way that secure boot is implemented today on NXP ARM platforms does
not reuse the elements found in include/config_fsl_chain_trust.h to
construct CONFIG_SECBOOT but instead board header files have their
environment setup as needed and then fsl_setenv_chain_of_trust() will
set secureboot in the environment. Remove a large number of unused
defines here.
Cc: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Move setting of SPL_UBOOT_KEY_HASH to a non-NULL value to Kconfig. As
part of this, change fsl_secboot_validate(...) to check that it is
passed a non-empty string, rather than non-NULL.
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Priyanka Jain <priyanka.jain@nxp.com>
Cc: Kshitiz Varshney <kshitiz.varshney@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Make all of the CHAIN_OF_TRUST options be under a single menu and add a
comment for the rest, so the resulting config file reads more clearly.
Remove duplicate CHAIN_OF_TRUST options from
board/congatec/common/Kconfig. Remove duplicate NXP_ESBC config
questions and move to arch/Kconfig.nxp.
Signed-off-by: Tom Rini <trini@konsulko.com>
This converts the following to Kconfig:
CONFIG_KEY_REVOCATION
CONFIG_SYS_FSL_SFP_BE
CONFIG_SYS_FSL_SFP_LE
CONFIG_SYS_FSL_SFP_VER_3_0
CONFIG_SYS_FSL_SFP_VER_3_2
CONFIG_SYS_FSL_SFP_VER_3_4
CONFIG_SYS_FSL_SRK_LE
This partly means making sure to enable SYS_FSL_ERRATUM_A007186 only for
when CHAIN_OF_TRUST is enabled.
Signed-off-by: Tom Rini <trini@konsulko.com>
This converts the following to Kconfig:
CONFIG_SYS_FSL_SEC_MON
CONFIG_SYS_FSL_SEC_MON_BE
CONFIG_SYS_FSL_SEC_MON_LE
Signed-off-by: Tom Rini <trini@konsulko.com>
Now that board/freescale/common/Kconfig is safe to be included once,
globally, rename this to arch/Kconfig.nxp to better reflect that it
contains options that are valid on multiple architectures and SoC
families, and not specific to NXP reference platforms either.
Cc: Stefano Babic <sbabic@denx.de>
Cc: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
The way that we use this file currently means that we have to guard it
in every platform Kconfig. But it is also required in all NXP
platforms, including non-reference platforms. Make all options in it
have appropriate dependencies so that we can include it a single time
under arch/Kconfig
Signed-off-by: Tom Rini <trini@konsulko.com>
This converts the following to Kconfig:
CONFIG_HETROGENOUS_CLUSTERS
CONFIG_SYS_MAPLE
CONFIG_SYS_CPRI
CONFIG_PPC_CLUSTER_START
CONFIG_DSP_CLUSTER_START
CONFIG_SYS_CPRI_CLK
CONFIG_SYS_ULB_CLK
CONFIG_SYS_ETVPE_CLK
Signed-off-by: Tom Rini <trini@konsulko.com>
This converts the following to Kconfig:
CONFIG_SAMSUNG_ONENAND
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
We rename the S5P specific "CONFIG_PWM" to CONFIG_PWM_S5P and move it to
Kconfig. Given the usage of CONFIG_PWM_NX, we have that select this new
symbol.
Cc: Jaehoon Chung <jh80.chung@samsung.com>
Cc: Minkyu Kang <mk7.kang@samsung.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
- Drop the emulator CONFIG test from include/configs/ls1088ardb.h
- Migrate CONFIG_SYS_FSL_DDR_EMU to a select'able option in
drivers/ddr/fsl/Kconfig
Signed-off-by: Tom Rini <trini@konsulko.com>
As this driver can dynamically determine the values set in
CONFIG_DW_WDT_BASE when using WDT, so make this depend on WDT rather
than migrate CONFIG_DW_WDT_BASE to Kconfig.
Cc: Chee Tien Fong <tien.fong.chee@intel.com>
Cc: Chin-Liang See <chin.liang.see@intel.com>
Cc: Dinh Nguyen <dinh.nguyen@intel.com>
Cc: Holger Brunck <holger.brunck@hitachienergy.com>
Cc: Ley Foon Tan <ley.foon.tan@intel.com>
Cc: Marek Vasut <marex@denx.de>
Cc: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Cc: Stefan Roese <sr@denx.de>
Cc: hee Hong Ang <chee.hong.ang@intel.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Stefan Roese <sr@denx.de>
This value is always used at the default, rename it for now. This
likely should come from the device tree if non-default, moving forward.
Signed-off-by: Tom Rini <trini@konsulko.com>
In this test case, a image binary, helloworld.efi.signed, is willfully
modified to print a corrupted message while the signature itself is
unchanged.
This binary must be rejected under secure boot mode.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
At the last step of PE image authentication, an image's hash value must be
compared with a message digest stored as the content (of SpcPeImageData type)
of pkcs7's contentInfo.
Fixes: commit 4540dabdca ("efi_loader: image_loader: support image authentication")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
This function is used to calculate a message digest as part of
authentication process in a later patch.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
In MS authenticode, pkcs7 should have data in its contentInfo field.
This data is tagged with SpcIndirectData type and, for a signed PE image,
provides a image's message digest as SpcPeImageData.
This parser is used in image authentication to parse the field and
retrieve a message digest.
Imported from linux v5.19-rc, crypto/asymmetric_keys/mscode*.
Checkpatch.pl generates tones of warnings, but those are not fixed
for the sake of maintainability (importing from another source).
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Commit 81755b8c20 ("usb: host: ehci-generic: Make resets and clocks
optional") improved the error check to cover the reset property being
optional. However this was using the wrong error variable for the
check, so would now never fail.
Use the correct error variable for checking the result of
reset_get_bulk(), to actually report genuine errors.
Fixes: 81755b8c20 ("usb: host: ehci-generic: Make resets and clocks optional")
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
After more patches code for jumping to _start_cont symbol in flash memory
involved to code with useless mathematical operations. Currently it does:
r3 := CONFIG_SYS_MONITOR_BASE + ABS(_start_cont) - CONFIG_SYS_MONITOR_BASE
jump to r3
Which is equivalent of just:
r3 := ABS(_start_cont)
jump to r3
The purpose of that code is just to jump to _start_code symbol,
independently of program counter. So branch must be done to absolute
address. Trying to write:
ba _start_cont
just cause linker error:
LD u-boot
powerpc-linux-gnuspe-ld.bfd: arch/powerpc/cpu/mpc85xx/start.o: in function `switch_as':
(.bootpg+0x4b8): relocation truncated to fit: R_PPC_ADDR24 against symbol `_start_cont' defined in .text section in arch/powerpc/cpu/mpc85xx/start.o
make: *** [Makefile:1801: u-boot] Error 1
Probably by the fact that absolute address cannot be expressed by 24-bits.
So write the code via mtlr+blr pattern as it was before and load general
purpose register with absolute address of the symbol:
lis r3,_start_cont@h
ori r3,r3,_start_cont@l
mtlr r3
blr
Seems that gcc and gnu ld linker support symbol@h and symbol@l syntax like
number@h and number@l without any problem. And disassembling of compiler
u-boot binary proved that lis+ori instructions are called with numbers
which represent halves of absolute address of _start_cont symbol.
Signed-off-by: Pali Rohár <pali@kernel.org>
From whole P1/P2 family of RDB boards is TDM-PMC card (PCI Mezzanine Card,
Freescale PQ-MDS-T1) available only on P1021RDB and P1025RDB boards.
So address mapping for TDM-PMC card on LBC should not be enabled on any
other P1/P2 RDB board as there is no device at that TDM-PMC address.
Support for P1021RDB and P1025RDB boards was already removed from mainline
U-Boot in commits 6d1dd76afe ("board/freescale: Remove P1021RDB board
support") and d521cece5a ("board/freescale: Remove P1025RDB board
support").
So do not enable TDM-PMC address mapping on remaining P1/P2 RDB boards and
remove all macros related to TDM-PMC address mappings.
Signed-off-by: Pali Rohár <pali@kernel.org>
DT node pic@40000 is defined explicitly in p2020-post.dtsi file and also
transitionally via include file pq3-mpic.dtsi. Remove duplicate definition
from p2020-post.dtsi.
No change in final DTB file.
Signed-off-by: Pali Rohár <pali@kernel.org>
ecc.mode is set to 0 (aliased to NAND_ECC_NONE) either when function
nand_scan_ident() has not selected ecc.mode or when it selected it to none
ecc mode.
Distinguish between these two states by checking of node property
"nand-ecc-mode" which function nand_scan_ident() uses for filling ecc.mode.
This change fixes usage of none ecc mode if it is specified in DTS file.
Fixes: c9ea9019c5 ("mtd: rawnand: fsl_elbc: Use ECC configuration from device tree")
Signed-off-by: Pali Rohár <pali@kernel.org>
The requsted partition disk sector incorrectly has the parition start
sector added in twice for UCLASS_PARTITION devices. The efi_disk_rw_blocks()
routine adds the diskobj->offset to the requested lba. When the device
is a UCLASS_PARTITION, the dev_read() or dev_write() routine is called
which adds part-gpt_part_info.start. This causes I/O to the wrong sector.
Takahiro Akashi suggested removing the offset field from the efi_disk_obj
structure since disk-uclass.c handles the partition start biasing. Device
types other than UCLASS_PARTITION set the diskobj->offset field to zero
which makes the field unnecessary. This change removes the offset field
from the structure and removes all references from the code which is
isolated to the lib/efi_loader/efi_disk.c module.
This change also adds a test for the EFI ReadBlocks() API in the EFI
selftest code. There is already a test for reading a FAT file. The new
test uses ReadBlocks() to read the same "disk" block and compare it to
the data read from the file system API.
Signed-Off-by: Paul Barbieri <plb365@gmail.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Without the patch for qemu-x86_defconfig:
* sizeof(lbaint_t) = 4 in dev_read()
* sizeof(lbaint_t) = 8 in blkcache_read()
CONFIG_SYS_64BIT_LBA is defined in common.h via
include/configs/x86-common.h:22.
We have to include common.h before including blk.h.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The documentation above the DEFINE_ALIGN_BUFFER says it's for use
outside functions, but we're inside one.
Instead use ALLOC_CACHE_ALIGN_BUFFER, the stack based macro, which also
includes the cache alignment.
Fixes: b583348ca8 ("image: fit: Align hash output buffers")
Signed-off-by: Joel Stanley <joel@jms.id.au>
Tested-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Reviewed-by: Sean Anderson <sean.anderson@seco.com>
Both of us are working on NAND subsystem on several architectures and
we have boards and projects to improve the subsystem in uboot. The idea
is to guarantee quick feedback on patches sent on mailing list and most
of the time the possibilities to test them.
Cc: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
Acked-by: Tom Rini <trini@konsulko.com>
Since I'm leaving the company with end of June, the maintainership will
be transferred to Wolfgang Wallner.
Signed-off-by: Hannes Schmelzer <hannes.schmelzer@br-automation.com>
Signed-off-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>