When, for various reasons, a bad FIT image is used where a loadable
image is marked as 0 length, attempt is made for a 0 length allocation and
read of 0 byte read operation.
Instead provide warning in log and skip attempting to do such a load.
Signed-off-by: Nishanth Menon <nm@ti.com>
Reviewed-by: Aswath Govindraju <a-govindraju@ti.com>
Add a new function to activate an existing simple frame buffer node
and add the associated reserved memory, with no-map properties.
This device tree update is only done when the video device is active
and the video buffer is used.
This patch uses '#if CONFIG_IS_ENABLED(DM_VIDEO)' because
gd->video_bottom and gd->video_top are only defined when CONFIG_DM_VIDEO
is activated.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Rename the function named lcd_dt_simplefb* to fdt_simplefb* to be aligned
with the associated file name fdt_simplefb.h/fdt_simplefb.c
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Matthias Brugger <mbrugger@suse.com>
Rename the file lcd_simplefb.c to fdt_simplefb.c to be aligned
with the configuration name and with the associated include file
./include/fdt_simplefb.h
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
This converts the following to Kconfig:
CONFIG_LCD_DT_SIMPLEFB
This patch also renames this config to CONFIG_FDT_SIMPLEFB as the code in
common/lcd_simplefb.c support CONFIG_LCD and CONFIG_VIDEO.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Matthias Brugger <mbrugger@suse.com>
Before relocation there is generally not as much available memory and not
that much console output. At present the console-output buffer is the same
side before and after relocation. Add a separate Kconfig option to remove
this limitation.
Signed-off-by: Simon Glass <sjg@chromium.org>
Even if U-Boot has relocation disabled via GD_FLG_SKIP_RELOC , the
relocated stage of U-Boot still picks GD from new_gd location. The
U-Boot itself is not relocated, but GD might be, so copy the GD to
new GD location even if relocation is disabled.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Peng Fan <peng.fan@oss.nxp.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
The last board that used to set CONFIG_LYNXKDI has been removed in
commit 242836a893 ("powerpc: ppc4xx: remove pcs440ep support"),
doc/README.lynxkdi only talks about a MPC8260 board being supported,
and the mpc8260 support has been removed four years ago in commit
2eb48ff7a2 ("powerpc, 8260: remove support for mpc8260") already,
and common/lynxkdi.c only consists of an "#error" statement these
days, so it seems like the LYNX KDI code is dead code nowadays.
Let's remove it now.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Quite a lot of the code in common/relates to booting and images. Before
adding more it seems like a good time to move the code into its own
directory.
Most files with 'boot' or 'image' in them are moved, except:
- autoboot.c which relates to U-Boot automatically running a script
- bootstage.c which relates to U-Boot timing
Drop the removal of boot* files from the output directory, since this
interfers with the symlinks created by tools and there does not appear
to be any such file from my brief testing.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
Tested-by: Artem Lapkin <email2tema@gmail.com>
This statement has an unmatched parentheses, fix it.
Signed-off-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
When building a system that has both TPL and SPL_OS_BOOT, code which
tests for CONFIG_SPL_OS_BOOT will be built and enabled in TPL, which is
not correct. While there is no CONFIG_TPL_OS_BOOT symbol at this time
(and likely will not ever be) we can use CONFIG_IS_ENABLED(OS_BOOT) in
these common paths to ensure we only compile these parts in the SPL
case.
Signed-off-by: Tom Rini <trini@konsulko.com>
Allow usage of the bootstage facilities in SPL.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
The data blob apparently does not need to be modified through the fit
field of the image_sign_info struct so make it point to const to avoid
the need to cast away constness in functions that assign a pointer to
const data to the field.
fit_image_setup_verify already had to cast away constness as it assigned
a const void * argument to the field. The cast can now be removed.
Signed-off-by: Hannu Lounento <hannu.lounento@vaisala.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The padding pss is only supported on u-boot and tools since
commit 2bbed3ff8c ("image: Use Kconfig to enable FIT_RSASSA_PSS on host")
This commit adds the config SPL_FIT_RSASSA_PSS to support
the padding pss in the SPL.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Make sure to (if applicable) flush the D-cache, invalidate I-cache,
and disable MMU and caches before jumping to OPTEE.
This fixes the SDP->SPL->OPTEE boot flow on iMX6Q and most likely on
some other ARM SoCs.
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Co-developed-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
After DM_VIDEO conversion the 'vidconsole' is the correct name
for the frame buffer console. 'video' will not work, so update
the description of the config option.
Signed-off-by: Anatolij Gustschin <agust@denx.de>
At present U-Boot has a header file called lz4.h for its own use. If the
host has its own lz4 header file installed (e.g. from the 'liblz4-dev'
package) then host builds will use that instead.
Move the U-Boot file into its own directory, as is done with various
other headers with the same problem.
Signed-off-by: Simon Glass <sjg@chromium.org>
This function is far too long. Before trying to remove #ifdefs, split out
the code that deals with selecting the FDT into a separate function.
Signed-off-by: Simon Glass <sjg@chromium.org>
Use boolean variables to deal with the strange #ifdef logic of this
function, so we can remove the #ifdefs.
Signed-off-by: Simon Glass <sjg@chromium.org>
This function is far too long. Before trying to remove #ifdefs, split out
the code that deals with selecting the ramdisk into a separate function.
Leave the code indented as it was for easier review. The next patch cleans
this up along with checkpatch violations.
Signed-off-by: Simon Glass <sjg@chromium.org>
This function is only used in one place and does not need to use the
preprocessor. Move it to the C file and convert it to a normal function.
Drop fit_unsupported() since it is not used.
Signed-off-by: Simon Glass <sjg@chromium.org>
We can use the new host_build() function for this, so drop it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
This is not needed with Kconfig, since we can use IS_ENABLED() easily
enough. Drop it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
This is not needed with Kconfig, since we can use IS_ENABLED() easily
enough. Drop it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
This is not needed with Kconfig, since we can use IS_ENABLED() easily
enough and the board code is now in a separate file. Update the only place
where this is used and drop it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Add a host Kconfig for CRC32. With this we can use CONFIG_IS_ENABLED(CRC32)
directly in the host build, so drop the unnecessary indirection.
Add a few more conditions to SPL_CRC32 to avoid build failures as well as
TPL_CRC32. Also update hash.c to make crc32 optional and to actually take
notice of SPL_CRC32.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Add a host Kconfig for OF_LIBFDT. With this we can use
CONFIG_IS_ENABLED(OF_LIBFDT) directly in the tools build, so drop the
unnecessary indirection.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Make use of the host Kconfig for FIT. With this we can use
CONFIG_IS_ENABLED(FIT) directly in the host build, so drop the unnecessary
indirection.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
We can use the __maybe_unused attribute to avoid some of the #ifdefs in
this file. Update the functions accordingly.
Note: The actual hashing interface is still a mess, with four separate
combinations and lots of #ifdefs. This should really use a driver
approach, e.g. as is done with partition drivers.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
At present when building host tools, we force CONFIG_SHAxxx to be enabled
regardless of the board Kconfig setting. This is done in the image.h
header file.
For SPL we currently just assume the algorithm is desired if U-Boot proper
enables it.
Clean this up by adding new Kconfig options to enable hashing on the host,
relying on CONFIG_IS_ENABLED() to deal with the different builds.
Add new SPL Kconfigs for hardware-accelerated hashing, to maintain the
current settings.
This allows us to drop the image.h code and the I_WANT_MD5 hack.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
In preparation for enabling CONFIG_IS_ENABLED() on the host build, add
some options to enable the various FIT options expected in these tools.
This will ensure that the code builds correctly when CONFIG_TOOLS_xxx
is distinct from CONFIG_xxx.
Drop some #ifdefs which are immediately unnecessary (many more are in
later patches).
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
With the new TOOLS_LIBCRYPTO and some other changes, it seems that we are
heading towards calling this a tools build rather than a host build,
although of course it does happen on the host.
I cannot think of anything built by the host which cannot be described as
a tool, so rename this function.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Add a macro to handle manually relocating a pointer. Update the iamge code
to use this to avoid needing #ifdefs.
This also fixes a bug where the 'done' flag was not set.
Signed-off-by: Simon Glass <sjg@chromium.org>
Rather than adding an #ifdef and open-coding this calculation, add a
helper function to handle it. Use this in the image code.
Signed-off-by: Simon Glass <sjg@chromium.org>
To avoid having #ifdefs in a few functions which are completely different
in the board and host code, create a new image-host.c file.
Signed-off-by: Simon Glass <sjg@chromium.org>
To avoid a large #ifdef in the image.c file, move the affected code into
a separate file.
Avoid any style fix-ups for easier review. Those are in the next patch.
Signed-off-by: Simon Glass <sjg@chromium.org>
Adjust this function so that preprocessor macros are not needed. With
this, the host build uses more of the same header files as the target
build.
Rather than definining CONFIG_SYS_MALLOC_LEN, add a CONSERVE_MEMORY
define, since that is the purpose of the value.
This appears to have no impact on code size from a spot check of a few
boards (snow, firefly-rk3288, boston32r2el, m53menlo).
Signed-off-by: Simon Glass <sjg@chromium.org>
The zstd implementation prints the error in image_decomp() which is
incorrect and does not match other algorithms. Drop this and let the
caller report the error.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present this function is full of preprocessor macros. Adjust it to
check for an unsupported algorithm after the switch(). This will allow
us to drop the macros.
Fix up the return-value path and an extra blank line while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
The existing zstd API requires the same sequence of calls to perform its
task. Create a helper for U-Boot, to avoid code duplication, as is done
with other compression algorithms. Make use of of this from the image
code.
Note that the zstd code lacks a test in test/compression.c and this should
be added by the maintainer.
Signed-off-by: Simon Glass <sjg@chromium.org>
cherry-picked from NXP code:
719d665a87c6: ("MLK-20467 imx8m: Fix issue for booting signed image through uuu")
which fixes secure boot on imx8m based boards. Problem was
that FIT header and so IVT header too, was loaded to
memallocated address. So the ivt header address coded
in IVT itself does not fit with the real position.
Signed-off-by: Heiko Schocher <hs@denx.de>
Tested-by: Tim Harvey <tharvey@gateworks.com>
add hook function spl_load_simple_fit_fix_load()
which is called after fit image header is loaded.
Signed-off-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
bootm_low is used as a base address is used to allocate space for the
FDT blob, initrd, cmdline, etc. when booting Linux. Set the default
value for RISC-V to the start of the first DRAM bank, so platforms can
get their DRAM layout from the device tree, and do not need to define
CONFIG_SYS_SDRAM_BASE.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
The configuration CONFIG_OPTEE is defined 2 times:
1- in lib/optee/Kconfig for support of OPTEE images loaded by bootm command
2- in drivers/tee/optee/Kconfig for support of OP-TEE driver.
It is abnormal to have the same CONFIG define for 2 purpose;
and it is difficult to managed correctly their dependencies.
Moreover CONFIG_SPL_OPTEE is defined in common/spl/Kconfig
to manage OPTEE image load in SPL.
This definition causes an issue with the macro CONFIG_IS_ENABLED(OPTEE)
to test the availability of the OP-TEE driver.
This patch cleans the configuration dependency with:
- CONFIG_OPTEE_IMAGE (renamed) => support of OP-TEE image in U-Boot
- CONFIG_SPL_OPTEE_IMAGE (renamed) => support of OP-TEE image in SPL
- CONFIG_OPTEE (same) => support of OP-TEE driver in U-Boot
- CONFIG_OPTEE_LIB (new) => support of OP-TEE library
After this patch, the macro have the correct behavior:
- CONFIG_IS_ENABLED(OPTEE_IMAGE) => Load of OP-TEE image is supported
- CONFIG_IS_ENABLED(OPTEE) => OP-TEE driver is supported
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
We have individual SOC symbols for each keystone 2 platform. Use the
existing CONFIG_ARCH_KEYSTONE rather than CONFIG_SOC_KEYSTONE to
encompass all of the keystone families.
Signed-off-by: Tom Rini <trini@konsulko.com>
The current API is outdated as it requires a devicetree pointer.
Move these functions to use the ofnode API and update this globally. Add
some tests while we are here.
Correct the call in exynos_dsim_config_parse_dt() which is obviously
wrong.
Signed-off-by: Simon Glass <sjg@chromium.org>
Header file version.h does not use anything from timestamp.h. Including of
timestamp.h has side effect which cause recompiling object file at every
make run because timestamp.h changes at every run.
So remove timestamp.h from version.h and include timestamp.h in files
which needs it.
This change reduce recompilation time of final U-Boot binary when U-Boot
source files were not changed as less source files needs to be recompiled.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
[trini: Add in lib/acpi/acpi_table.c and test/dm/acpi.c, rework a few others]
Signed-off-by: Tom Rini <trini@konsulko.com>
More C files do not use compile time timestamp macros and do not have to be
recompiled every time when SOURCE_DATE_EPOCH changes.
This patch moves version_string[] from version.h to version_string.h and
updates other C files which only needs version_string[] string to include
version_string.h instead of version.h. After applying this patch these
files are not recompiled every time when SOURCE_DATE_EPOCH changes.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
The hash algorithm selection was streamlined in commit 92055e138f
("image: Drop if/elseif hash selection in calculate_hash()"). Said
commit kept the call to cpu_to_uimage() to convert the CRC to big
endian format.
This would have been correct when calling crc32_wd(). However, the
->hash_func_ws member of crc32 points to crc32_wd_buf(), which already
converts the CRC to big endian. On a little endian host, doing both
conversions results in a little-endian CRC. This is incorrect.
To remedy this, simply drop the call to cpu_to_uimage(), thus only
doing the byte-order conversion once.
Fixes: 92055e138f ("image: Drop if/elseif hash selection in
calculate_hash()")
Tested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
We are not guaranteed to have the padding_pkcs_15_verify symbol since
commit 92c960bc1d ("lib: rsa: Remove #ifdefs from rsa.h"), and
commit 61416fe9df ("Kconfig: FIT_SIGNATURE should not select RSA_VERIFY")
The padding_algos only make sense with RSA verification, which can now
be disabled in lieu of ECDSA. In fact this will lead to build failures
because of the missing symbol mentioned earlier.
To resolve this, move the padding_algos to a linker list, with
declarations moved to rsa_verify.c. This is consistent with commit
6909edb4ce ("image: rsa: Move verification algorithm to a linker list")
One could argue that the added #ifdef USE_HOSTCC is ugly, and should
be hidden within the U_BOOT_PADDING_ALGO() macro. However, this would
be inconsistent with the "cryptos" list. This logic for was not
previously explored:
Without knowledge of the U_BOOT_PADDING_ALGO() macro, its use is
similar to something being declared. However, should #ifndef
USE_HOSTCC be part of the macro, it would not be obvious that it
behaves differently on host code and target code. Having the #ifndef
outside the macro makes this obvious.
Also, the #ifdef is not always necessary. For example ecda-verify
makes use of U_BOOT_CRYPTO_ALGO() without any accompanying #ifdefs.
The fundamental issue is a lack of separation of host and target code
in rsa_verify. Therefore, the declaration of a padding algo with the
external #ifdef is more readable and consistent.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
calculate_hash() would try to select the appropriate hashing function
by a if/elseif contruct. But that is exactly why hash_lookup_algo()
exists, so use it instead.
This does mean that we now have to 'select HASH' to make sure we get
the hash_lookup_algo() symbol. However, the change makes sense because
even basic FITs will have to deal with "hash" nodes.
My only concern is that the 'select SPL_HASH' might cause some
platform to grow above its SPL size allowance
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Make FSL_CAAM be implied only on ARM && SPL]
Signed-off-by: Tom Rini <trini@konsulko.com>
MD5 is being called directly in some places, but it is not available
via hash_lookup_algo("md5"). This is inconsistent with other hasing
routines. To resolve this, add an "md5" entry to hash_algos[].
The #ifdef clause looks funnier than those for other entries. This is
because both MD5 and SPL_MD5 configs exist, whereas the other hashes
do not have "SPL_" entries. The long term plan is to get rid of the
ifdefs, so those should not be expected to survive much longer.
The md5 entry does not have .hash_init/update/finish members. That's
okay because hash_progressive_lookup_algo() will catch that, and
return -EPROTONOSUPPORT, while hash_lookup_algo() will return the
correct pointer.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Use CONFIG_IS_ENABLED not IS_ENABLED for MD5 check]
Signed-off-by: Tom Rini <trini@konsulko.com>
All of these configs exist. Stick to using CONFIG_[ST]PL_HASH, and drop all
references to CONFIG_[ST]PL_HASH_SUPPORT. This means we need for
CHAIN_OF_TRUST to select SPL_HASH now.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Add TPL case, fix CHAIN_OF_TRUST, other tweaks]
Signed-off-by: Tom Rini <trini@konsulko.com>
Originally CONFIG_FIT_SHAxxx enabled specific SHA algos for and only
for hash_calculate() in common/image-fit.c. However, since commit
14f061dcb1 ("image: Drop IMAGE_ENABLE_SHAxxx"),
the correct selector was changed to CONFIG_SHAxxx.
The extra "_FIT_" variants are neither used, nor needed. Remove them.
One defconfig disables FIT_SHA256, which is now changed to 'SHA256'.
CMD_MVEBU_BUBT needs to select select SHA256 to avoid undefined
references to "sha256_*()". bubt.c needs sha256, so this selection is
correct. It is not clear why this problem did not manifest before.
Note that SHA selection in SPL is broken for this exact reason. There
is no corresponding SPL_SHAxxx. Fixing this is is beyond the scope of
this change.
Also note that we make CONFIG_FIT now imply SHA256, to make up for
FIT_SHA256 previously being a default y option.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Add imply SHA256 to FIT]
Signed-off-by: Tom Rini <trini@konsulko.com>
The enable_caches is a generic hook for architecture-implemented, we
leverage this function to enable caches for RISC-V
Signed-off-by: Zong Li <zong.li@sifive.com>
Reviewed-by: Rick Chen <rick@andestech.com>
The code under drivers/net is related to ethernet networking drivers, in
some fashion or another. Drop these from the top-level Makefile and
also move the phy rule into drivers/net/Makefile which is where it
belongs. Make the new rule for drivers/net check for the build-stage
relevant ETH symbol.
Fix up some Kconfig dependencies while we're here to mirror how the
Makefile logic now works.
Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Introduce ETH, Kconfig dependency changes, am43xx fix]
Signed-off-by: Tom Rini <trini@konsulko.com>
Move the power/ rules into drivers/power to avoid clutter in the Makefile
and drivers/Makefile files.
We must select SPL_POWER if SPL_POWER_DOMAIN is used, since the two are
currently independent and boards do not necessarily enable SPL_POWER.
Add a TPL_POWER as well, as that is used by one board.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
Rename this option so that CONFIG_IS_ENABLED can be used with it.
Oddly there is already an SPL_CACHE option. Drop it in favour of this one.
Drop the special SPL Makefile rule which is now superfluous.
Signed-off-by: Simon Glass <sjg@chromium.org>
Rename these options so that CONFIG_IS_ENABLED can be used with them.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
[trini: Fixup some incorrect renames]
Signed-off-by: Tom Rini <trini@konsulko.com>
Currently it is possible to cancel loadx and loady commands by pressing
CTRL+X (CAN character) at least 3 times quickly.
All other U-Boot commands, including loadb and loads can be cancelled by
CTRL+C. So allow it also in xyz-modem code used by loadx and loady
commands. Implement it by handling CTRL+C (ETX character) in the same way
as CTRL+X (CAN character).
Due to how x/y-modem protocol works, it is required to press
CTRL+C or CTRL+X at least 3 times quickly.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
In x-modem protocol EOF is not an error state at the end of file.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Variable xyz.len is set to -1 on error. At the end xyzModem_stream_read()
function calls memcpy() with length from variable xyz.len. If this variable
is set to -1 then value passed to memcpy is casted to unsigned value, which
means to copy whole address space. Which then cause U-Boot crash. E.g. on
arm64 it cause CPU crash: "Synchronous Abort" handler, esr 0x96000006
Fix this issue by checking that value stored in xyz.len is valid prior
trying to use it.
Signed-off-by: Pali Rohár <pali@kernel.org>
Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Calculate hash using DM driver if supported.
For backward compatibility, the call to legacy
hash functions is reserved.
Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
default n/no doesn't need to be specified. It is default option anyway.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
[trini: Rework FSP_USE_UPD portion]
Signed-off-by: Tom Rini <trini@konsulko.com>
First, we convert CONFIG_SYS_I2C_LEGACY to Kconfig. Next, as you cannot
have SYS_I2C_LEGACY and DM_I2C at the same time, introduce
CONFIG_SPL_SYS_I2C_LEGACY so that we can enable the legacy option only
in SPL. Finally, for some PowerPC cases we also need
CONFIG_TPL_SYS_I2C_LEGACY support. Convert all of the existing users to
one or more symbols.
Signed-off-by: Tom Rini <trini@konsulko.com>
xilinx:
- Disable CONFIG_ARCH_FIXUP_FDT_MEMORY
- Print information about cpu via soc drivers and enable DISPLAY_CPUINFO
- Wire infrastructure for DTB_RESELECT and MULTI_DTB_FIT
zynq:
- Wire single QSPI
- Use power-source instead of io-standard properties
- Enable nor on zc770-xm012
zynqmp:
- Change handling around multi_boot()
- Setup offset for u-boot.itb in spi
- Generate run time dfu_alt_info for capsule update
- Use explicit values for enums (zynqmp_firmware.h)
- Enable RTC/SHA1/BUTTON/BUTTON_GPIO command
- Disable WDT driver by default
- Bind usb/scsi via preboot because of EFI
- DT updates/fixes
- Add soc driver
- Fix SPL SPI boot mode
versal:
- Add soc driver
sdhci:
- Update tap delay programming for zynq_sdhci driver
cmd:
- Fix RTC uclass handling in date command
- Update pwm help message
- Update reset help message
watchdog:
- Fix wwdt compilation
rtc:
- Deal with seq alias in rtc uclass
- Add zynqmp RTC driver
fdt:
- Add kernel-doc for fdt_fixup_memory_banks()
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQQbPNTMvXmYlBPRwx7KSWXLKUoMIQUCYSilpgAKCRDKSWXLKUoM
Id2JAJ9jY19JiEpOd3vuRCT5CE/pzX4yDACeP8DiXDzSi5tLHwDWUCBobUTze2s=
=5lnj
-----END PGP SIGNATURE-----
Merge tag 'xilinx-for-v2021.10-rc3' of https://gitlab.denx.de/u-boot/custodians/u-boot-microblaze
Xilinx changes for v2021.10-rc3
xilinx:
- Disable CONFIG_ARCH_FIXUP_FDT_MEMORY
- Print information about cpu via soc drivers and enable DISPLAY_CPUINFO
- Wire infrastructure for DTB_RESELECT and MULTI_DTB_FIT
zynq:
- Wire single QSPI
- Use power-source instead of io-standard properties
- Enable nor on zc770-xm012
zynqmp:
- Change handling around multi_boot()
- Setup offset for u-boot.itb in spi
- Generate run time dfu_alt_info for capsule update
- Use explicit values for enums (zynqmp_firmware.h)
- Enable RTC/SHA1/BUTTON/BUTTON_GPIO command
- Disable WDT driver by default
- Bind usb/scsi via preboot because of EFI
- DT updates/fixes
- Add soc driver
- Fix SPL SPI boot mode
versal:
- Add soc driver
sdhci:
- Update tap delay programming for zynq_sdhci driver
cmd:
- Fix RTC uclass handling in date command
- Update pwm help message
- Update reset help message
watchdog:
- Fix wwdt compilation
rtc:
- Deal with seq alias in rtc uclass
- Add zynqmp RTC driver
fdt:
- Add kernel-doc for fdt_fixup_memory_banks()
Add kernel-doc description for fdt_fixup_memory_banks() because it is
implemented in one specific way and this information should be available
for others to decide if their SoC conforms to it.
If you don't want U-Boot to update your memory DT layout please disable
CONFIG_ARCH_FIXUP_FDT_MEMORY.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
FIT signatures can now be implemented with ECDSA. The assumption that
all FIT images are signed with RSA is no longer valid. Thus, instead
of 'select'ing RSA, only 'imply' it. This doesn't change the defaults,
but allows one to explicitly disable RSA support.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
The "-E" option to mkimage generates a FIT with external data using the
data-size and data-offset properties which must both be ignored when
verifying a signature.
Add "data-offset" to the list of excluded properties for signature
verification; since the line is now too long, re-format the list to
one-per-line and make it static since the data is constant.
Signed-off-by: John Keeping <john@metanate.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
It is a pain to have to specify the value 10 in each call. Add a new
dectoul() function and update the code to use it.
Signed-off-by: Simon Glass <sjg@chromium.org>
It is a pain to have to specify the value 16 in each call. Add a new
hextoul() function and update the code to use it.
Add a proper comment to simple_strtoul() while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
This function seems to assume that the chr[] variable contains zeros at
the start, which is not always true. Use strlcpy() to be safe.
Signed-off-by: Simon Glass <sjg@chromium.org>
The autoboot tests are a recent addition to U-Boot, providing much-needed
coverage in this area.
A side effect of the keyed autoboot test is that this feature is enabled
in sandbox always. This changes the autoboot prompt and confuses the
pytests. Some tests become slower, for example the vboot tests take about
27s now instead of 3s.
We don't actually need this feature enabled to be able to run the tests.
Add a switch to allow sandbox to turn it on and off as needed. Use this
in the one test that needs it.
Add a command-line flag in case this is desired in normal use.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: 25c8b9f298 ("test: add first autoboot unit tests")
Reviewed-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Now that proper load and execution addresses are set in v1 kwbimage we
can use it for loading and booting U-Boot proper.
Use the new spl_parse_board_header() function to implement parsing the
kwbimage v1 header. Use information from this header to locate offset and
size of the U-Boot proper binary, instead of using the legacy U-Boot
header which is prepended to the U-Boot proper binary stored at fixed
offset. This has the advantage that we do not need to relay on legacy
U-Boot header anymore and therefore U-Boot proper binary can be stored at
any offset, as is the case when loading & booting U-Boot proper by
BootROM. The CONFIG_SYS_U_BOOT_OFFS option is therefore not used by SPL
code anymore.
Also allow to compile U-Boot SPL without CONFIG_SPL_SPI_FLASH_SUPPORT,
CONFIG_SPL_MMC_SUPPORT or CONFIG_SPL_SATA_SUPPORT set. In this case
BootROM is used for loading and executing U-Boot proper. This reduces the
size of U-Boot's SPL image. By default these config options are enabled
and so BootROM loading is not used. In some cases BootROM reads from SPI
NOR at lower speed than U-Boot SPL. So people can decide whether they
want to have smaller SPL binary at the cost of slower boot.
Therefore dependency on CONFIG_SPL_DM_SPI, CONFIG_SPL_SPI_FLASH_SUPPORT,
CONFIG_SPL_SPI_LOAD, CONFIG_SPL_SPI_SUPPORT, CONFIG_SPL_DM_GPIO,
CONFIG_SPL_DM_MMC, CONFIG_SPL_GPIO_SUPPORT, CONFIG_SPL_LIBDISK_SUPPORT,
CONFIG_SPL_MMC_SUPPORT, CONFIG_SPL_SATA_SUPPORT and
CONFIG_SPL_LIBDISK_SUPPORT is changed from strict to related "imply"
(which can be selectivelly turned off and causes booting via BootROM).
Options CONFIG_SYS_SPI_U_BOOT_OFFS,
CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR and
CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_DATA_PART_OFFSET have to to be set to
zero as they define the location where kwbimage header starts. It is the
location where BootROM expects start of the kwbimage from which it reads,
parses and executes SPL part. The same applies to option
CONFIG_SPL_SATA_RAW_U_BOOT_SECTOR, which has to be set to one.
Update all config files to set correct values of these options and set
CONFIG_SYS_U_BOOT_OFFS to the correct value - the offset where U-Boot
proper starts.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Platform specific BootROM may use its own image type for loading SPL or
U-Boot proper. In some cases it makes sense to not use BootROM supplied
code for booting U-Boot proper but rather to use U-Boot SPL for this,
e.g. when U-Boot SPL can load U-Boot proper faster than BootROM. In this
case it is required for platform board code to parse and load U-Boot in
BootROM specific image type.
This change adds support for parsing platform / board / BootROM specific
image types via weak function spl_parse_board_header() which is called
before marking boot image as a raw.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Some image types (e.g. kwbimage v1) store the offset to SPL binary and
offset to U-Boot proper binary in their headers. To avoid reading SPL
binary when loading U-Boot proper, add support for specifying offset in
struct spl_image_info, which defines the offset from the beginning of
the header and the beginning of the executable data.
Initial support is added only for SPI, MMC and SATA code. We can extend
it later if needed.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Rename these options so that CONFIG_IS_ENABLED can be used with them.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heiko Schocher <hs@denx.de>
It is quite confusing that CONFIG_SYS_I2C selects the legacy I2C and
CONFIG_DM_I2C selects the current I2C. The deadline to migrate I2C is less
than a year away.
Also we want to have a CONFIG_I2C for U-Boot proper just like we have
CONFIG_SPL_I2C for SPL, so we can simplify the Makefile rules.
Rename this symbol so it is clear it is going away.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heiko Schocher <hs@denx.de>
Rename this option so that CONFIG_IS_ENABLED can be used with it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
OP-TEE requires some particular setup, which is not needed for linux
or other payloads. Add a hook for platform-specific code to perform
any OP-TEE related configuration and initialization.
A weak function is used because it is symmetrical to other
spl_board_prepare_for_*() implementations. A solution to avoid the use
of weak functions would trivially apply to all these implementations.
However, re-designing this is beyond the scope of this patch.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
In general, Falcon mode means we're booting a linux kernel directly.
With FIT images, however, an OP-TEE secure kernel can be booted before
linux. Thus, if the next stage is an IH_OS_TEE, this isn't necessarily
a problem.
Of course, a general solution would involve mmc_load_image_raw_os()
only loading the binary, and leaving the decision of suitability to
someone else. However, a rework of the boot flow is beyond the scope
of this patch. Accept IH_OS_TEE as a valid OS value.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
This adds tests for the crypt-based and plain SHA256-based password hashing
algorithms in the autoboot flow.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
In case crypt-based hashing is enabled this will be the default mechanism
that is used. If a user wants to have support for both, the environment
variable `bootstopusesha256` can be set to `true` to allow plain SHA256
based hashing of the password.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
The key-sequence based unlock mechanisms are sensitive to junk symbols
that could have been sent to stdin and are still waiting to be retrieved.
Enabling this option will read all symbols off stdin before displaying the
autoboot prompt (and starting to read the password from stdin).
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
In case a user has to enter a complicated password it is sometimes
desireable to give the user more time than the default timeout.
Enabling this feature will disable the timeout entirely in case the user
presses the <Enter> key before entering any other character.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
While doing code-review internally this got nitpicked by 2 reviewers, so
I decided to include this here.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heiko Schocher <hs@denx.de>
Hook into the autoboot flow as an alternative to the existing
mechanisms.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heiko Schocher <hs@denx.de>
When we build U-Boot with POSITION_INDEPENDENT we must have
SYS_TEXT_BASE be set to zero. Make this the default in that case.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
Switch to fit_image_get_data_and_size() for consistency with all other
data loaded from FIT.
Signed-off-by: John Keeping <john@metanate.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
It's possible that LOAD_FIT_FULL will have different values for TPL and
SPL, in which case just checking CONFIG_SPL_LOAD_FIT_FULL causes this to
be compiled in to the TPL even though functions and struct members it
depends on are not.
Use CONFIG_IS_ENABLED() to ensure the correct TPL/SPL variant is
checked.
Signed-off-by: John Keeping <john@metanate.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
At present when function names are logged, the output is a little hard to
read since every function is a different length. Add a way to pad the
names so that the log messages line up vertically. This doesn't work if
the function name is very long, but it makes a big difference in most
cases.
Use 20 characters as a default since this covers the vast majority of
functions.
Signed-off-by: Simon Glass <sjg@chromium.org>
If SPL fails to boot, try to provide an error code to indicate what is
wrong. For example, if a uclass is missing, this can return -EPFNOSUPPORT
(-96) which provides useful information.
Add a helper for accessing the image-loader name so we can drop the use
of #ifdefs in this code.
Put this feature behind a CONFIG_SHOW_ERRORS option to avoid increasing
the code size.
Signed-off-by: Simon Glass <sjg@chromium.org>
If signature verification is not in use we don't need to worry about
the risk of using @ in node names. Update fit_image_verify() to allow
it if the function is not enabled.
Signed-off-by: Simon Glass <sjg@chromium.org>
It is possible to add a blob that ends at the end of the bloblist, but at
present this is not supported. Fix it and add a regression test for this
case.
Signed-off-by: Simon Glass <sjg@chromium.org>
Sometimes a blob needs to expand, e.g. because it needs to hold more log
data. Add support for this. Note that the bloblist must have sufficient
spare space for this to work.
Signed-off-by: Simon Glass <sjg@chromium.org>
Function pointers from crypto_algos array are relocated, when
NEEDS_MANUAL_RELOC is set. This relocation doesn't happen if the algo
is placed in a linker list. Implement this relocation.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Crytographic algorithms (currently RSA), are stored in linker lists.
The crypto_algos array is unused, so remove it, and any logic
associated with it.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Move the RSA verification crytpo_algo structure out of the
crypto_algos array, and into a linker list.
Although it appears we are adding an #ifdef to rsa-verify.c, the gains
outweigh this small inconvenience. This is because rsa_verify() is
defined differently based on #ifdefs. This change allows us to have
a single definition of rsa_verify().
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The purpose of this change is to enable crypto algorithms to be placed
in linker lists, rather than be declared as a static array. The goal
is to remove the crypto_algos array in a subsequent patch.
Create a new linker list named "cryptos", and search it when
image_get_crypto_algo() is invoked.
NOTE that adding support for manual relocation of crypto_algos within
linker lists is beyond the scope of this patch.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Remove any ifdefs in image-sig.c that were previously used to
differentiate from the host code. Note that all code dedicated to
relocating ->sign() and ->add_verify_data)_ can be safely removed,
as signing is not supported target-side.
NOTE that although it appears we are removing ecdsa256 support, this
is intentional. ecdsa_verify() is a no-op on the target, and is
currently only used by host code.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This is not needed with Kconfig, since we can use IS_ENABLED() easily
enough. Drop it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
We already have a host Kconfig for these SHA options. Use
CONFIG_IS_ENABLED(SHAxxx) directly in the code shared with the host build,
so we can drop the unnecessary indirections.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
We already have a host Kconfig for SHA1. Use CONFIG_IS_ENABLED(SHA1)
directly in the code shared with the host build, so we can drop the
unnecessary indirection.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Drop the _SUPPORT suffix so we can use CONFIG_IS_ENABLED() with this
option.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Drop the _SUPPORT suffix so we can use CONFIG_IS_ENABLED() with this
option.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Drop the ENABLE and SUPPORT parts of this, which are redundant.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
These option are named inconsistently with other SPL options, thus making
them incompatible with the CONFIG_IS_ENABLED() macro. Rename them.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
The ENABLE part of this name is redundant, since all boolean Kconfig
options serve to enable something. The SUPPORT part is also redundant
since Kconfigs can be assumed to enable support for something. Together
they just serve to make these options overly long and inconsistent
with other options.
Rename FIT_ENABLE_SHAxxx_SUPPORT to FIT_SHAxxx
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
At the moment android_image_get_kcomp() can automatically detect
LZ4 compressed kernels and the compression specified in uImages.
However, especially on ARM64 Linux is often compressed with GZIP.
Attempting to boot an Android image with a GZIP compressed kernel
image currently results in a very strange crash, e.g.
Starting kernel ...
"Synchronous Abort" handler, esr 0x02000000
...
Code: 5555d555 55555d55 555f5555 5d555d55 (00088b1f)
Note the 1f8b, which are the "magic" bytes for GZIP images.
U-Boot already has the image_decomp_type() function that checks for
the magic bytes of bzip2, gzip, lzma and lzo. It's easy to make use
of it here to increase the chance that we do the right thing and the
user does not become confused with strange crashes.
This allows booting Android boot images that contain GZIP-compressed
kernel images.
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
The current fitImage DTO implementation expects each fitImage image
subnode containing DTO to have 'load' property, pointing somewhere
into memory where the DTO will be loaded. The address in the 'load'
property must be different then the base DT load address and there
must be sufficient amount of space between those two addresses.
Selecting and using such hard-coded addresses is fragile, error
prone and difficult to port even across devices with the same SoC
and different DRAM sizes.
The DTO cannot be applied in-place because fdt_overlay_apply_verbose()
modifies the DTO when applying it onto the base DT, so if the DTO was
used in place within the fitImage, call to fdt_overlay_apply_verbose()
would corrupt the fitImage.
Instead of copying the DTO to a specific hard-coded load address,
allocate a buffer, copy the DTO into that buffer, apply the DTO onto
the base DT, and free the buffer.
The upside of this approach is that it is no longer necessary to
select and hard-code specific DTO load address into the DTO. The
slight downside is the new malloc()/free() overhead for each DTO,
but that is negligible (*).
(*) on iMX8MM/MN and STM32MP1
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Pantelis Antoniou <pantelis.antoniou@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: Add <linux/sizes.h>]
Signed-off-by: Tom Rini <trini@konsulko.com>
The sysinfo_get_str() implementation checks whether the sysinfo was even
detected. In U-Boot proper, sysinfo_detect() is not called anywhere but
on one specific board. Call sysinfo_detect() before sysinfo_get_str() to
make sure the sysinfo is detected and sysinfo_get_str() returns valid
value instead of -EPERM.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Replace uclass_first_device_err(UCLASS_SYSINFO, &dev) with sysinfo_get(&dev).
The board_info code may use sysinfo to print board information, so use the
sysinfo functions consistently. The sysinfo_get() is internally implemented
as return uclass_first_device_err(UCLASS_SYSINFO, &dev) anyway, so there is
no functional change.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Factor out eMMC boot partition selection code into
default_spl_mmc_emmc_boot_partition() function and implement
weak spl_mmc_emmc_boot_partition(), so that architecture or
board code can override the eMMC boot partition selection.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Faiz Abbas <faiz_abbas@ti.com>
Cc: Harald Seiler <hws@denx.de>
Cc: Lokesh Vutla <lokeshvutla@ti.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Ye Li <ye.li@nxp.com>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
When we do not have bootstage enabled, rather than include an empty
dummy function, we just don't reference it. This saves us space in some
tight builds. This also shows a few cases where show_boot_progress was
incorrectly guarded before.
Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
GCC provides a symbol _init in crti.o on x86_64 and aarch64 but not on
RISC-V. The following lines leads to a build error for sandbox_defconfig on
RISC-V due to the missing symbol:
common/board_f.c:269:
#elif defined(CONFIG_SANDBOX) || defined(CONFIG_EFI_APP)
gd->mon_len = (ulong)&_end - (ulong)_init;
The sandbox code is not copied into the memory allocated using mmap().
Hence we can safely use gd->mon_len = 0 to avoid the reference to _init.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Rick Chen <rick@andestech.com>
clk:
- Add driver for Xilinx Clocking Wizard IP
fdt:
- Also record architecture in /fit-images
net:
- Fix plat/priv data handling in axi emac
- Add support for 10G/25G speeds
pca953x:
- Add missing dependency on i2c
serial:
- Fix dependencies for DEBUG uart for pl010/pl011
- Add setconfig option for cadence serial driver
watchdog:
- Add cadence wdt expire now function
zynq:
- Update DT bindings to reflect the latest state and descriptions
zynqmp:
- Update DT bindings to reflect the latest state and descriptions
- SPL: Add support for ECC DRAM initialization
- Fix R5 core 1 handling logic
- Enable firmware driver for mini configurations
- Enable secure boot, regulators, wdt
- Add support xck devices and 67dr
- Add psu init for sm/smk-k26 SOMs
- Add handling for MMC seq number via mmc_get_env_dev()
- Handle reserved memory locations
- Add support for u-boot.itb generation for secure OS
- Handle BL32 handoffs for secure OS
- Add support for 64bit addresses for u-boot.its generation
- Change eeprom handling via nvmem aliases
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQQbPNTMvXmYlBPRwx7KSWXLKUoMIQUCYN105QAKCRDKSWXLKUoM
IZiFAJ9CIiEpHiBbnAhA0VOMGoaXHGULywCdED/5dNgVtc1C7y4avzETbEyWzD4=
=CdMa
-----END PGP SIGNATURE-----
Merge tag 'xilinx-for-v2021.10' of https://source.denx.de/u-boot/custodians/u-boot-microblaze into next
Xilinx changes for v2021.10
clk:
- Add driver for Xilinx Clocking Wizard IP
fdt:
- Also record architecture in /fit-images
net:
- Fix plat/priv data handling in axi emac
- Add support for 10G/25G speeds
pca953x:
- Add missing dependency on i2c
serial:
- Fix dependencies for DEBUG uart for pl010/pl011
- Add setconfig option for cadence serial driver
watchdog:
- Add cadence wdt expire now function
zynq:
- Update DT bindings to reflect the latest state and descriptions
zynqmp:
- Update DT bindings to reflect the latest state and descriptions
- SPL: Add support for ECC DRAM initialization
- Fix R5 core 1 handling logic
- Enable firmware driver for mini configurations
- Enable secure boot, regulators, wdt
- Add support xck devices and 67dr
- Add psu init for sm/smk-k26 SOMs
- Add handling for MMC seq number via mmc_get_env_dev()
- Handle reserved memory locations
- Add support for u-boot.itb generation for secure OS
- Handle BL32 handoffs for secure OS
- Add support for 64bit addresses for u-boot.its generation
- Change eeprom handling via nvmem aliases
The original code is in the public domain. Licenses/README states that the
general license for U-Boot is GPL 2.0+. So we can mark the malloc code as
GPL 2.0+ too.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
On ARM64 secure OS can run as 64bit or 32bit that's why it is necessary to
record information about architecture that other code can read it and
properly pass it to TF-A and start in 64bit or 32bit mode.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Replace typo CONFIG_USE_AUTOBOOT_MENUKEY with
CONFIG_AUTOBOOT_USE_MENUKEY as when they were introduced initially there
was some mismatch in which name was used where.
Fixes: 8fc31e23aa ("autoboot: Rename CONFIG_MENUKEY to CONFIG_AUTOBOOT_MENUKEY")
Signed-off-by: Da Xue <da@libre.computer>
board_fit_image_post_process() passes only start and size of the image,
but type of the image is not passed. So pass fit and node_offset, to
derive information about image to be processed.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>
If the console output buffer is exhausted, characters are silently dropped
from the end. Detect this condition and report an error when reading back
the characters.
Signed-off-by: Simon Glass <sjg@chromium.org>
Save the 'no-map' information present in 'reserved-memory' node to allow
correct handling when the MMU is configured in board to avoid
speculative access.
This binding is defined in
doc/device-tree-bindings/reserved-memory/reserved-memory.txt
Additional properties:
...
no-map (optional) - empty property
- Indicates the operating system must not create a virtual mapping
of the region as part of its standard mapping of system memory,
nor permit speculative access to it under any circumstances other
than under the control of the device driver using the region.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Add defconfig and board support for HiFive Unmatched.
Signed-off-by: Green Wan <green.wan@sifive.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Rick Chen <rick@andestech.com>
When we think of Kconfig, we usually think of features that we like
to enable or not. Ideally, we wouldn't use Kconfig to fix a build
issue, although sometimes it might make sense. With Kconfig it's hard
to guarantee that the fix is universal. We can only say that it works
for the set of tested configurations. In the majority of cases, it's
preferable to let the linker figure things out for us.
The reverted commit attempted to fix a build issue by adding an
invisible Kconfig option. This is wrong in several ways:
It invents a new Kconfig variable when CONFIG_HASH already
exists for the same purpose.
Second, hash-checksum.c makes use of the hash_progressive_lookup_algo()
symbol, which is only provided with CONFIG_HASH, but this dependency
was not expressed in the reverted patch.
It feels like Kconfig is turning into a listing of all available
source files, and a buffet to 'select' which ones to compile. The
purpose of this revert is to enable the next change to make use of
CONFIG_HASH instead of adding to Kconfig.
This reverts commit 87316da05f.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Acked-by: Masahisa Kojima <masahisa.kojima@linaro.org>
A lot of entries were using spaces instead of tab for alignment that's why
it is good to fix it to use the same style everywhere.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Now that we have switched to binman to generate u-boot.itb for all
RISC-V boards, USE_SPL_FIT_GENERATOR is no longer needed and can
be dropped.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
It should be FDT, not FTD.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Rick Chen <rick@andestech.com>
Build error occurs when CONFIG_EFI_SECURE_BOOT or
CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled,
because hash-checksum.c is not compiled.
Since hash_calculate() implemented in hash-checksum.c can be
commonly used aside from FIT image signature verification,
this commit itroduces HASH_CALCULATE option to decide
if hash-checksum.c shall be compiled.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Commit a479f103dc ("hash: Allow for SHA512 hardware implementations")
defined function definitions for hardware accelerated SHA384 and SHA512.
If CONFIG_SHA_HW_ACCEL=y, these functions are used.
We already have boards using CONFIG_SHA_HW_ACCEL=y but none implements the
new functions hw_sha384() and hw_sha512().
For implementing the EFI TCG2 protocol we need SHA384 and SHA512. The
missing hardware acceleration functions lead to build errors on boards like
peach-pi_defconfig.
Introduce a new Kconfig symbol CONFIG_SHA512_HW_ACCEL to control if the
functions hw_sha384() and hw_sha512() shall be used to implement the SHA384
and SHA512 algorithms.
Fixes: a479f103dc ("hash: Allow for SHA512 hardware implementations")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Move the fdt_valid function to fdt_support.
This changes allow to be able to test the validity of a devicetree in
other c files.
Update code syntax.
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Maxime Ripard <maxime@cerno.tech>
By declaring board-specific board_fdt_chosen_bootargs() the kernel
command line arguments can be adjusted before injecting to flat dt
chosen node.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
It can be useful to use the same U-Boot binary for multiple purposes,
say the normal one, one for developers that allow breaking into the
U-Boot shell, and one for use during bootstrapping which runs a
special-purpose bootcmd. Or one can have several board variants that
can share almost all boot logic, but just needs a few tweaks in the
variables used by the boot script.
To that end, allow the control dtb to contain a /config/enviroment
node (or whatever one puts in fdt_env_path variable), whose
property/value pairs are used to update the run-time environment after
it has been loaded from its persistent location.
The indirection via fdt_env_path is for maximum flexibility - for
example, should the user wish (or board logic dictate) that the values
in the DTB should no longer be applied, one simply needs to delete the
fdt_env_path variable; that can even be done automatically by
including a
fdt_env_path = "";
property in the DTB node.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
This has the uclass enforce calling detect() before other methods. This
allows drivers to cache information in detect() and perform (cheaper)
retrieval in the other accessors. This also modifies the only instance
where this sequencing was not followed.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Use of strcat() against an uninitialized buffer would lead
to buffer overflow. This patch fixes it.
Fixes: 694cd5618c ("IOMUX: Introduce iomux_replace_device()")
Signed-off-by: Yuichiro Goto <goto@k-tech.co.jp>
Cc: Peter Robinson <pbrobinson@gmail.com>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Tested-by: Peter Robinson <pbrobinson@gmail.com>
One of my monitors have only 4k@60 timing in base EDID block which is
out of range for devices with HDMI 1.4. It turns out that it has
additional detailed timings in CTA-861 Extension Block and two of them
are appropriate for HDMI 1.4.
Add additional search for valid detailed timing in extension block.
Signed-off-by: Jernej Skrabec <jernej.skrabec@siol.net>
Acked-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Code which searches for valid detailed timing entry will be used in more
places. Extract it.
No functional change is made. However, descriptors are casted to
edid_detailed_timing instead of edid_monitor_descriptor. Descriptor can
be of either type, but since we're interested only in DTD, it is more
fitting to cast to edid_detailed_timing.
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Jernej Skrabec <jernej.skrabec@siol.net>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
When searching for detailed timing in EDID, check for digital display
earlier. There is no point parsing other parameters if this flag is not
present.
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Jernej Skrabec <jernej.skrabec@siol.net>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Add support for stack protector for UBOOT, SPL, and TPL
as well as new pytest for stackprotector
Signed-off-by: Joel Peshkin <joel.peshkin@broadcom.com>
Adjust UEFI build flags.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This reverts commit 38d6b7ebda.
struct global_data contains a pointer to the bd_info structure. This
pointer was populated spl_set_bd() to a pre-allocated bd_info in the
".data" section. The referenced commit replaced this mechanism to one
that uses malloc(). That new mechanism is only used if SPL_ALLOC_BD=y.
which very few boards do.
The result is that (struct global_data)->bd is NULL in SPL on most
platforms. This breaks falcon mode, since arch_fixup_fdt() tries to
access (struct global_data)->bd and set the "/memory" node in the
devicetree. The result is that the "/memory" node contains garbage
values, causing linux to panic() as it sets up the page table.
Instead of trying to fix the mess, potentially causing other issues,
revert to the code that worked, while this change is reworked.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
OP-TEE images are normally packaged with
type = "tee;
os = "tee";
However, fit_image_load() thinks that is somehow invalid. However if
they were declared as type = "kernel", os = "linux", fit_image_load()
would happily accept them and allow the boot to continue. There is no
technical limitation to excluding "tee".
Allowing "tee" images is useful in a boot flow where OP-TEE is
executed before linux.
In fact, I think it's unintuitive for a "load"ing function to also do
parsing and contain a bunch ad-hoc heuristics that only its caller
might know. But I don't make the rules, I just write fixes. In more
polite terms: refactoring the fit_image API is beyond the scope of
this change.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Consider the following FIT:
images {
whipple {};
};
configurations {
conf-1 {
firmware = "whipple";
};
};
Getting the 'firmware' image with fit_image_load() is not possible, as
it doesn't understand 'firmware =' properties. Although one could pass
IH_TYPE_FIRMWARE for 'image_type', this needs to be converted to a
"firmware" string for FDT lookup -- exactly what this change does.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The 'firmware' property of a config node takes precedence over the
'kernel' property. 'standalone' is deprecated. However, give users a
couple of releases where 'standalone' still works, but warns loudly.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
U-Boot expects the FDT to be located right after the _end
linker symbol (see fdtdec.c: board_fdt_blob_setup())
The "basic" LOAD_FIT path is aware of this limitation, and relocates
the FDT at the expected location. Guessing the expected location
probably only works reliably on 32-bit arm, and it feels like a hack.
One proposal would be to pass the FDT address to u-boot
(e.g. using 'r2' on arm platforms).
The variable is named "fdt_hack" to remind future contributors that,
"hey! we should fix the underlying problem". However, that is beyond
the scope of this patch.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
The information on the OS should be contained in the FIT, as the
self-explanatory "os" property of a node under /images. Hard-coding
this to U_BOOT might send us down the wrong path later in the boot
process.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
The correct FDT to use is described by the "fdt" property of the
configuration node. When the fit_unamep argument to fit_image_load()
is "fdt", we get the "/images/fdt" node. This is incorrect, as it
ignores the "fdt" property of the config node, and in most cases,
the "/images/fdt" node doesn't exist.
Use NULL for the 'fit_unamep' argument. With NULL, fit_image_load()
uses the IH_TYPE_FLATDT value to read the config property "fdt",
which points to the correct FDT node(s).
fit_image_load() should probably be split into a function that reads
an image by name, and one that reads an image by config reference. I
don't make those decisions, I just point out the craziness.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Several architectures had a default board_fit_config_name_match already;
this provides a generic weak version. We default to rejecting all configs.
This will use the FIT's default config, instead of the first config. This
may result in boot failures if there are multiple configurations and the
first config is *not* the default.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
The "simple" SPL_LOAD_FIT path is the most compliant with the format
documented in doc/uImage.FIT/source_file_format.txt. The other two
paths to load a FIT are SPL_LOAD_FIT_FULL and the "bootm" command.
Since the Kconfig menu is the most likely place for a new user to see
these options, it seems like the most logical candidate to document
the limitations. This documents the _known_ issues, and is not
intended to be a complete list of all follies.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Commit 4afc4f37c7 ("doc: FIT image: Clarify format and simplify
syntax") and delegated FPGA images to be added via the list of
"loadables" in lieu of the "fpga" property. Now actually implement
this in code.
Note that the "compatible" property is ignored for the time being, as
implementing "compatible" loading is beyond the scope of this change.
However, "u-boot,fpga-legacy" is accepted without warning.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Commit 4afc4f37c7 ("doc: FIT image: Clarify format and simplify
syntax") requires that FPGA images be referenced through the
"loadables" in the config node. This means that "fpga" properties in
config nodes are deprecated.
Given that there are likely FIT images which use "fpga", let's not
break those right away. Print a warning message that such use is
deprecated, and give users a couple of releases to update their
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
The FPGA loading code in spl_simple_fit_read() can easily be separated
from the rest of the logic. It is split into two functions instead of
one because spl_fit_upload_fpga() is used in a subsequent patch.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
spl_load_fit_image() will try to load an image at the address given
in the "load" property. Absent such property, it uses
image_info->load_addr
Correct use of this is demonstrated in spl_fit_append_fdt(), which
resets the 'load_addr' before each spl_load_fit_image() call.
On the other hand loading "loadables" loop in spl_load_simple_fit()
completely ignores this. It re-uses the same structure, but doesn't
reset load_addr. If loadable [i] does not have a "load" property, its
load address defaults to load_addr, which still contains the address
of loadable [i - 1].
A simple solution is to treat NULL as an invalid load address. The
caller can set load_addr = 0 to request an abort if the "load"
property is absent.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
mkimage supports rsa2048, and rsa4096 signatures. With newer silicon
now supporting hardware-accelerated ECDSA, it makes sense to expand
signing support to elliptic curves.
Implement host-side ECDSA signing and verification with libcrypto.
Device-side implementation of signature verification is beyond the
scope of this patch.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
rsa-checksum.c sontains the hash_calculate() implementations. Despite
the "rsa-" file prefix, this function is useful for other algorithms.
To prevent confusion, move this file to lib/, and rename it to
hash-checksum.c, to give it a more "generic" feel.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
We move qfw into its own uclass and split the PIO functions into a
specific driver for that uclass. The PIO driver is selected in the
qemu-x86 board config (this covers x86 and x86_64).
include/qfw.h is cleaned up and documentation added.
Signed-off-by: Asherah Connor <ashe@kivikakk.ee>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
If there were no variable substitutions in a command, then initial
assignments would be misinterpreted as commands, instead of being skipped
over. This is demonstrated by the following example:
=> foo=bar echo baz
Unknown command 'foo=bar' - try 'help'
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Similar to support for SHA1 and SHA256, allow the use of hardware hashing
engine by enabling the algorithm and setting CONFIG_SHA_HW_ACCEL /
CONFIG_SHA_PROG_HW_ACCEL.
Signed-off-by: Joel Stanley <joel@jms.id.au>
The optee_copy_fdt_nodes is only used to copy op-tee nodes
of U-Boot device tree (from gd->fdt_blob when OF_LIVE is not activated)
to external device tree but it is not compatible with OF_LIVE.
This patch migrates all used function fdt_ functions to read node on
old_blob to ofnode functions, compatible with OF_LIVE and remove this
parameter "old_blob".
The generated "device tree" is checked on stm32mp platform with OF_LIVE
activated.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Update the debug trace for the reserved video memory to KB as indicated
in the message with "%luk"; before the patch the computed size
gd->relocaddr - addr is in bytes.
This patch aligns the debug trace in reserve_video() with others
functions, for example on stm32mp157c-dk2:
- Reserving 3080192k for video at: dfd00000
+ Reserving 3008k for video at: dfd00000
Reserving 873k for U-Boot at: dfc25000
Reserving 32776k for malloc() at: ddc23000
Reserving 72 Bytes for Board Info at: ddc22fb0
Reserving 280 Bytes for Global Data at: ddc22e90
Reserving 119072 Bytes for FDT at: ddc05d70
Reserving 0x278 Bytes for bootstage at: ddc05af0
Fixes: 5630d2fbc5 ("board: Show memory for frame buffers")
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a weak nand_get_mtd function for nand drivers to provide mtd info
and use this to set pagesize such that reading of non page-aligned
elements can succeed.
The spl_load_simple_fit already handles block block access so all we
need to do is provide the nand writesize as the block length.
Further cleanup of the drivers which use nand_spl_loaders.c such as
am335x_spl_bch.c, atmel_nand.c, and nand_spl_simple.c could be done
using info from mtd_info instead of statically defined details.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
commit 9f6a14c47f ("spl: fit: nand: fix fit loading in case of bad blocks")
added support for adjusting the image offset to account for bad blocks.
However this requires nand_spl_adjust_offset() which requires fully defined
specifics of the NAND chip being used may not be avialable.
Allow skipping this support for drivers or configs which don't specify
the NAND chip details statically with defines.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
In preparation to add SiFive Unmatched board support, let's rename
the existing fu540 board to unleashed.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Add missing endianness conversions to usb_get_port_status(). This
(amongst others) is necessary to enable the use of USB 3 hubs on
big-endian platforms like MIPS Octeon.
Signed-off-by: Aaron Williams <awilliams@marvell.com>
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Chandrakala Chavva <cchavva@marvell.com>
Cc: Bin Meng <bmeng.cn@gmail.com>
Cc: Marek Vasut <marex@denx.de>
Some boards may want to show the SKU ID or other information obtained at
runtime. Allow this to come from sysinfo. The board can then provide a
sysinfo driver to provide it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
The _SUPPORT suffix is from an earlier time and interferes with use of
the CONFIG_IS_ENABLED() macro. Rename the option to drop the suffix.
Tidy up the TODO that prompted this.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present bootstage silently ignores new records if it runs out of
space. It is sometimes obvious by looking at the report, but the IDs are
not contiguous, so it is easy to miss.
Aad a message so that action can be taken.
Signed-off-by: Simon Glass <sjg@chromium.org>
We have two separate places that need to figure out the bootstage ID to
use. Put this code in a function so that the logic is in one place.
Signed-off-by: Simon Glass <sjg@chromium.org>
Sandbox is special in that it is used for testing and it does not match
any particular target architecture. Allow it to load an image from any
architecture, so that 'bootm' can be used as needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some systems (e.g. x86 APL) run SPL from read-only memory. The device
instances created by dtoc are therefore not writeable. To make things work
we would need to copy the devices to read/write memory.
To avoid this, add an option to use a separate runtime struct for devices,
just as is done for drivers. This can be used to hold information that
changes at runtime, avoiding the need for a copy.
Also add a Kconfig option for read-only SPL, which selects this feature.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
part_get_info_by_name will return -1 on error, and >0 on success.
Signed-off-by: schspa <schspa@gmail.com>
Cc: Igor Opaniuk <igor.opaniuk@gmail.com>
Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Unfortunately -ENODATA is not available in OpenBSD. Use -EBADMSG
instead, to indicate a missing timestamp.
Fixes: c5819701a3 image: Adjust the workings of fit_check_format()
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
This Trusted Application allows enabling SCP03 as well as provisioning
the keys on TEE controlled secure element (ie, NXP SE050).
All the information flowing on buses (ie I2C) between the processor
and the secure element must be encrypted. Secure elements are
pre-provisioned with a set of keys known to the user so that the
secure channel protocol (encryption) can be enforced on the first
boot. This situation is however unsafe since the keys are publically
available.
For example, in the case of the NXP SE050, these keys would be
available in the OP-TEE source tree [2] and of course in the
documentation corresponding to the part.
To address that, users are required to rotate/provision those keys
(ie, generate new keys and write them in the secure element's
persistent memory).
For information on SCP03, check the Global Platform HomePage and
google for that term [1]
[1] globalplatform.org
[2] https://github.com/OP-TEE/optee_os/
check:
core/drivers/crypto/se050/adaptors/utils/scp_config.c
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Simon Glass <sjg@chromium.org>
When multiple log() calls are used which don't end in newline, the
log prefix is prepended multiple times in the same line. This makes the
output look strange.
Fix this by detecting when the previous log record did not end in newline.
In that case, setting a flag.
Drop the unused BUFFSIZE in the test while we are here.
As an example implementation, update log_console to check the flag and
produce the expected output.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present only a single flag (force_debug) is used in log records. Before
adding more, convert this into a bitfield, so more can be added without
using more space.
To avoid expanding the log_record struct itself (which some drivers may
wish to store in memory) reduce the line-number field to 16 bits. This
provides for up to 64K lines which should be enough for anyone.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present this casts addresses to pointers so cannot work with sandbox.
Update the code to use map_sysmem() instead.
As part of this change, the existing load_ptr is renamed to src_ptr since
it is not a pointer to load_addr. It is confusing to use a similar name
for something that is not actually related. For the alignment code,
ALIGN() is used instead of open-coded alignment. Add a comment to the line
that casts away a const.
Use a (new) load_ptr variable to access memory at address load_addr.
Signed-off-by: Simon Glass <sjg@chromium.org>
Vendor Authorized Boot is a security feature for authenticating
the images such as U-Boot, ARM trusted Firmware, Linux kernel,
device tree blob and etc loaded from FIT. After those images are
loaded from FIT, the VAB certificate and signature block appended
at the end of each image are sent to Secure Device Manager (SDM)
for authentication. U-Boot will validate the SHA384 of the image
against the SHA384 hash stored in the VAB certificate before
sending the image to SDM for authentication.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Reviewed-by: Ley Foon Tan <ley.foon.tan@intel.com>
At present initr_addr_map() is put at a late stage in the
init_sequence_r[] calls. This won't work because lot of
device driver initialization (e.g.: serial port) happens
before it but is lack of the address translation support.
This moves the call to a bit earlier, right after the DM
initialization.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
At present fdt_read_prop() can only handle 1 or 2 cells. It is
called by fdt_read_range() which may be used to read PCI address
from <ranges> for a PCI bus node where the number of PCI address
cell is 3. The <ranges> property is an array of:
{ <child address> <parent address> <size in child address space> }
When trying to read <child address> from a PCI bus node using
fdt_read_prop(), as the codes below:
/* Read <child address> */
if (child_addr) {
r = fdt_read_prop(ranges, ranges_len, cell, child_addr,
acells);
if (r)
return r;
}
it will fail, because the PCI child address is made up of 3 cells
but fdt_read_prop() cannot handle it. We advance the cell offset
by 1 so that the <child address> can be correctly read.
This adds the special handling of such case.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
At present these three Kconfigs exist even when bootstage is not enabled.
This is not necessary since bootstage.c is only built if BOOTSTAGE is
enabled.
Make them conditional. Also fix up the overflow message to mention TPL.
Signed-off-by: Simon Glass <sjg@chromium.org>
This is printed twice but we only need one message, since there is very
little processing in between them. Drop the second one, since all branches
of the switch() already have output. Update the U-Boot message to include
the phase being jumped to.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some compression algorithms currently can be enabled for SPL and
U-Boot proper separately. Therefore take into account USE_HOSTCC
is well as CONFIG_IS_ENABLED() in these cases to prevent compiling these
functions in case of a host tool build.
Signed-off-by: Frieder Schrempf <frieder.schrempf@kontron.de>
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
The OUT endpoint can just be ignored as it is not used, just as the
corresponding Set_Report request for IN-only interfaces. E.g. the
Linux gadget hid keyboard also provides an interrupt endpoint.
Also cleanup confusing debug messages like "found set protocol", which
is printed when a keyboard device is found, while the Set_Protocol request
is issued quite some time later.
Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Having the ability to support firmware FIT signatures on the SPL sounds
not so useful if the SPL is not supporting to load a (U-boot) firmware
as a FIT image.
Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Selecting SPL_FIT_SIGNATURE (without selecting U-boot proper
verified boot first) breaks the build due to
CONFIG_FIT_SIGNATURE_MAX_SIZE being undefined, in addition to Kconfig
warnings on RSA and IMAGE_SIGN_INFO unmet dependencies.
Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Sometimes it is useful to boot OS with already fixed-up
device tree. Check for env variable 'skip_board_fixup'
before calling ft_board_setup().
Current behaviour is unchanged, additionally user can
set skip_board_fixup to 1 to skip the fixup.
Signed-off-by: Wasim Khan <wasim.khan@nxp.com>
OF_STDOUT_PATH was meant to hold the devicetree path to the serial
console, to be put into the linux,stdout-path property of the chosen node.
The only user of that was sunxi, and it was actually wrong for years
there: the paths hardcoded in sunxi_common.h were not matching the DTs,
evident by the leading 0's in nodenames, which have been removed years
ago.
On top of that, "linux,stdout-path" is now deprecated for a while (Linux
commit 2a9d832cc9aae from November 2014), and also all modern DTs
(including those included in U-Boot) carry a "stdout-path" property
already.
So remove the stanza from sunxi_common.h, and, since this was the last
user, also remove the associated bits from the rest of U-Boot.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Fix -Wint-to-pointer-cast warning
common/splash_source.c: In function 'splash_load_raw':
common/splash_source.c💯12: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
100 | bmp_hdr = (struct bmp_header *)bmp_load_addr;
| ^
common/splash_source.c: In function 'splash_sf_read_raw':
common/splash_source.c:39:47: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
39 | return spi_flash_read(sf, offset, read_size, (void *)bmp_load_addr);
| ^
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add the following functions to get a specific device's DMA ranges:
- dev_get_dma_range()
- ofnode_get_dma_range()
- of_get_dma_range()
- fdt_get_dma_range()
They are specially useful in oder to be able validate a physical address
space range into a bus's and to convert addresses from and to address
spaces.
Signed-off-by: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Peter Robinson <pbrobinson@gmail.com>
Signed-off-by: Matthias Brugger <mbrugger@suse.com>
When a FIT config specifies a devicetree, we should load it, no
questions asked. In the case of the "simple" FIT loading path, a
difficulty arises in selecting the load address of the FDT.
The default FDT location is right after the "kernel" or "firmware"
image. However, if that is an OP-TEE image, then the FDT may end up in
secure DRAM, and not be accessible to normal world kernels.
Although the best solution is to be more careful about the FDT
address, a viable workaround is to only append the FDT after a u-boot
or Linux image. This is identical to the previous logic, except that
FDT loading is extended to IH_OS_LINUX images.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Use the IS_ENABLED() macro to control code flow, instead of the
caveman approach of sprinkling #ifdefs. Code size is not affected, as
the linker garbage-collects unused functions. However, readability is
improved significantly.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The configuration node a sub node under "/configurations", which
describes the components to load from "/images". We only need to
locate this node once.
However, for each component, spl_fit_get_image_name() would parse the
FIT image, looking for the correct node. Such work duplication is not
necessary. Instead, once the node is found, cache it, and re-use it.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When a desired configuration is not found, conf_node will have a
negative value. Thus the for loop will start at the root "/" node of
the image, print the "/description" property, and stop.
It appears the intent of the loop was to print the names of the
subnodes under "/configurations". We would need the offset to the
"/configurations" node, which is abstracted by fit_find_config_node().
This change agrees that abstracting the node offset is the correct
design, and we shouldn't be parsing the configurations manually. Thus
the loop in spl_fit_get_image_name() is useless. Remove it.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Several loose arguments describe the FIT image. They are thus related,
and it makes sense to pass them together, in a structure. Examples
include the FIT blob pointer, offset to FDT nodes, and the offset to
external data.
Use a spl_fit_info structure to group these parameters.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The logical steps in spl_load_simple_fit() are difficult to follow.
I think the long comments, ifdefs, and ungodly number of variables
seriously affect the readability. In particular, it violates section 6
of the coding style, paragraphs (3), and (4).
The purpose of this patch is to improve the situation by
- Factoring out initialization and parsing to separate functions
- Reduce the number of variables by using a context structure
This change introduces no functional changes.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The size is derived from the FIT image itself. Any alignment
requirements are machine-specific and known by the board code. Thus
the total length can be derived from the FIT image and knowledge of
the platform. The 'length' argument is redundant. Remove it.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
CC: Matt Porter <mporter@konsulko.com>
In case of IOMUX enabled it assumes that console devices in the list
are available to get them stopped properly via ->stop() callback.
However, the USB keyboard driver violates this assumption and tries
to play tricks so the device get destroyed while being listed as
an active console.
Swap the order of device deregistration and IOMUX update along with
converting to use iomux_replace_device() jelper to avoid the use-after-free.
Fixes: 3cbcb28928 ("usb: Fix usb_kbd_deregister when console-muxing is used")
Fixes: 8a83487030 ("dm: usb: Add a remove() method for USB keyboards")
Reported-by: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Some console devices may appear or disappear at run time. In order to
support such a hotplug mechanism introduce a new iomux_replace_device()
helper to update the list of devices without altering environment.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
It is not only less lines of code, but also better readability
when new macro is being in use. Introduce for_each_console_dev()
helper macro and convert current users to it.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Logical continuation of the change that brought console_devices_set() is
to unify console_setfile() with it and replace in the callers.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
console_devices_set() missed the console device counter to be set correctly.
Fixes: 45375adc97 ("console: add function console_devices_set")
Cc: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
It's possible that NULLDEV can be disabled while it makes leftovers,
move entire device under #if.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Nobody is using stdio_deregister(), remove for good.
Note, even its parameters are not consistent with stdio_register().
So, if anyone want to introduce this again, better with some consistency.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Using unit addresses in a FIT is a security risk. Add a check for this
and disallow it.
CVE-2021-27138
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
Some strange modifications of the FIT can introduce security risks. Add an
option to check it thoroughly, using libfdt's fdt_check_full() function.
Enable this by default if signature verification is enabled.
CVE-2021-27097
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
At present this function does not accept a size for the FIT. This means
that it must be read from the FIT itself, introducing potential security
risk. Update the function to include a size parameter, which can be
invalid, in which case fit_check_format() calculates it.
For now no callers pass the size, but this can be updated later.
Also adjust the return value to an error code so that all the different
types of problems can be distinguished by the user.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
When searching for a node called 'fred', any unit address appended to the
name is ignored by libfdt, meaning that 'fred' can match 'fred@1'. This
means that we cannot be sure that the node originally intended is the one
that is used.
Disallow use of nodes with unit addresses.
Update the forge test also, since it uses @ addresses.
CVE-2021-27138
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
At present fdt_find_regions() assumes that the FIT is a valid devicetree.
If the FIT has two root nodes this is currently not detected in this
function, nor does libfdt's fdt_check_full() notice. Also it is possible
for the root node to have a name even though it should not.
Add checks for these and return -FDT_ERR_BADSTRUCTURE if a problem is
detected.
CVE-2021-27097
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
Move this out of the common header and include it only where needed. In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly. Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Config allows to disable printing contents of fitImage to optimize boottime.
Signed-off-by: Ravik Hasija <rahasij@linux.microsoft.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
It is useful to know the TEXT_BASE value for the image being loaded in
TPL/SPL. Add a new spl_get_image_text_base() function to handle this.
Make use of this in the x86 SPL handler, instead of having the logic
there.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reinitialize DFU USB gadget after flashing the 'SCRIPT' entity to ensure
that the potential changes to the 'dfu_alt_info' environment variable are
applied.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
[lukma - I've moved the bool retry to avoid build (CI) errors]
AVB Verified Boot uses functions related to MMC.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Igor Opaniuk <igor.opaniuk@foundries.io>
If both stop key and delay key are empty, the length of these
keys is 0. The subtraction operation will cause the u_int type
variable to overflow, will cause illegal memory access in key
input loop.
This commit fixes this bug by using int type instead of u_init.
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add tag names for recently added types.
Fixes: d2cb7a22da (x86: Allow putting some tables in the bloblist)
Signed-off-by: Simon Glass <sjg@chromium.org>
Typically in TPL/SPL the bloblist is quite small. But U-Boot proper may
want to add a lot more to it, such as ACPI tables.
Add a way to expand the bloblist by relocating it in U-Boot proper, along
with the other relocation activities.
Signed-off-by: Simon Glass <sjg@chromium.org>
It is useful to be able to figure out which phase we are loading next and
which phase we came from. Add some functions to handle this as well as
returning the name of a phase. This allows messages like "Booting to x"
where x is the next phase.
At present, TPL says 'Jumping to U-Boot' at the end, when in fact it is
jumping to SPL. This is confusing, so use the new functions to correct
this.
Tests for this will come with an upcoming minor SPL test refactor.
Signed-off-by: Simon Glass <sjg@chromium.org>
In fit_config_verify_sig(), when no 'signature*' subnode exists in
the configuration node, the fdt_for_each_subnode() loop is a no-op.
Therefore, no error flags are set, and 'err_,sg' is not populated
with an error string. This is incorrect behavior.
Populate err_msg to indicate that no 'signature' is found, before
entering the loop. The first call to fit_image_verify_sig() will
override clear err_msg, or set it to a more specific message.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This commit add an option TPL_BOOTCOUNT_LIMIT to
use bootcount on TPL.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
H616 supports and needs bigger SPL than 32 KiB, mostly due to big DRAM
driver and need for PMIC configuration, which pulls several drivers which
are not needed otherwise.
spl_mmc_get_uboot_raw_sector() will now compare pre-configured size with
that, reported in SPL header. If size in header is bigger, it will use
that value instead.
In the process of function rework, also add missing function argument.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Jernej Skrabec <jernej.skrabec@siol.net>
Reviewed-by: Samuel Holland <samuel@sholland.org>
It turns out that there are at least 2 other SoCs which have basically
the same memory map, similar clocks and other features as H6. It's very
likely that we'll see more such SoCs in the future. In order to ease
porting to new SoCs and lower ifdef clutter, introduce common symbol for
them.
Signed-off-by: Jernej Skrabec <jernej.skrabec@siol.net>
Reviewed-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
When CONFIG_FIT_CIPHER=y and CONFIG_FIT_SIGNATURE=n is there is no
implementation of image_get_host_blob for mkimage/dumpimage:
/usr/bin/ld: tools/common/image-cipher.o: in function `fit_image_decrypt_data':
image-cipher.c:(.text+0x9a): undefined reference to `image_get_host_blob'
Move the implementation to a common file so it can be shaed between
image-cipher.c and image-fit-sig.c.
Signed-off-by: Joel Stanley <joel@jms.id.au>
obj-$(CONFIG_$(SPL_TPL_)YMODEM_SUPPORT) += xyzModem.o is there,
no need obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Remove the #if 0 present since the first version of console.c
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
With our optimization settings the linker eliminates unused functions.
But for debugging it is better to compile with -Og or -O0. With -O0
compiling the sandbox fails due to the missing function fixup_cmdtable()
called by dm_reloc() and others.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
When the hash check fails on a loadable image, the SPL/TPL simply
jump to the next one. This commit changes this behaviour, when the
hash check fails on a loadable image, the function spl_load_simple_fit
stops and report an error.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
There should be no need to insert non-printable characters
and this prevents line editing getting confused.
Signed-off-by: Steve Bennett <steveb@workware.net.au>
Adds an optional SALT value to AUTOBOOT_STOP_STR_SHA256. If a string
followed by a ":" is prepended to the sha256, the portion to the left
of the colon will be used as a salt and the password will be appended
to the salt before the sha256 is computed and compared.
Signed-off-by: Joel Peshkin <joel.peshkin@broadcom.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Bin Meng <bmeng.cn@gmail.com>
Cc: Patrick Delaunay <patrick.delaunay@st.com>
Cc: Heiko Schocher <hs@denx.de>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Joel Peshkin <joel.peshkin@broadcom.com>
To: u-boot@lists.denx.de
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heiko Schocher <hs@denx.de>
When at some point environment shrinks we need to stop dropped devices.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Obviously the following has unnecessary indentation level in 'else' branch.
if (foo) {
...
return;
} else {
...
}
Drop indentation level by removing redundant 'else'.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Refactor iomux_doenv() a bit in order to increase readability.
There is no change in code generation on x86.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
It's realloc() 101 to avoid `foo = realloc(foo, ...);` call
due to getting a memory leak.
Actually it's not clear why realloc() has been used here.
If we shrink the array, the memcpy() overwrites it anyway
with the contents of a new array. If it becomes bigger,
same story.
Drop useless realloc() for good and thus preserve console list
in case of failed allocation.
Fixes: 16a28ef219 ("IOMUX: Add console multiplexing support.")
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Rename search_device() to console_search_dev() since it's in console.h.
Suggested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
There is no need to call ->start() for already started device. All the same,
there is no need to call ->stop() for devices still in use.
For now enforce this only for IOMUX case.
Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
In the future we would like to stop unused consoles and
also add a reference counting to avoid imbalanced calls
to ->start() and ->stop() in some cases.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add the helper function console_has_tstc() and replace the test
#if CONFIG_IS_ENABLED(CONSOLE_MUX) to a simple 'if' test to
respect the U-Boot coding rule.
No functional change.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add helper functions to access to gd->console_out and gd->console_in
with membuff API and replace the #ifdef CONFIG_CONSOLE_RECORD test
by if (IS_ENABLED(CONFIG_CONSOLE_RECORD)) to respect the U-Boot
coding rule.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a new function to access to console_devices only defined if
CONFIG_IS_ENABLED(CONSOLE_MUX).
This path allows to remove #if CONFIG_IS_ENABLED(CONSOLE_MUX)
in console_getc function.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Remove #ifdef or #ifndef for CONFIG when it is possible to simplify
the console.c code and respect the U-Boot coding rules.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
CONFIG_HANDOFF is used in u-boot proper to locate handoff info from SPL
during pre-relocation init (in setup_spl_handoff). Add explicit dependency
on CONFIG_SPL, to fix the following build error when CONFIG_HANDOFF &&
!CONFIG_SPL:
common/board_f.c: In function ‘setup_spl_handoff’:
common/board_f.c:283:4: error: ‘gd_t {aka struct global_data}’
has no member named ‘spl_handoff’
gd->spl_handoff = bloblist_find(BLOBLISTT_SPL_HANDOFF,
^~
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
In order to remove the arch-specific ifdefs around initr_trap, introduce
arch_initr_trap weak initcall. Implementations for ppc/m68k/mips have
been moved to arch/<arch>/lib/traps.c
Default implementation is a nop stub.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Add a return value to bb_miiphy_init and use it directly in the
post-relocation init sequence, rather than using a wrapper stub.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a return value to api_init and use it directly in the
post-relocation init sequence, rather than using a wrapper stub.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a return value to jumptable_init and use it directly in the
post-relocation init sequence, rather than using a wrapper stub.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a return value to xen_init and use it directly in the
post-relocation init sequence, rather than using a wrapper stub.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a return value to noncached_init and use it directly in the
post-relocation init sequence, rather than using a wrapper stub.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a return value to pci_init and use it directly in the post-relocation
init sequence, rather than using a wrapper stub.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a return value to pci_ep_init and use it directly in the
post-relocation init sequence, rather than using a wrapper stub.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a return value to post_output_backlog and use it directly in the
post-relocation init sequence, rather than using a wrapper stub.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a return value to cpu_secondary_init_r and use it directly in the
post-relocation init sequence, rather than using a wrapper stub.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Drop initr_console_record wrapper and call console_record_init directly.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Use IS_ENABLED(CONFIG_OF_EMBED) in instead of #ifdefs in reserve_fdt,
reloc_fdt functions.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
setup_bdinfo is used to populate various bdinfo fields, so move
setup_machine code there, as all it does is setting
gd->bd->bi_arch_number.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Use IS_ENABLED(CONFIG_TIMER_EARLY) instead of #ifdef in initf_dm. Also,
move timer code to the main ifdef, so that ret is defined.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Drop initf_console_record wrapper and call console_record_init directly.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Currently, the following #ifdef construct is used to check whether to run
console_record_init() during pre-relocation init:
defined(CONFIG_CONSOLE_RECORD) && CONFIG_VAL(SYS_MALLOC_F_LEN)
Introduce CONFIG_CONSOLE_RECORD_INIT_F Kconfig option to get rid of the
complex ifdef check. Also, use IS_ENABLED() instead of #ifdef.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reduce the log overhead when the traces are filtered,
by moving the vsnprintf call from _log() to log_dispatch().
This patch avoids the printf treatment when LOG features is
activated, but trace is filtered, for example when
MAX_LOG_LEVEL=8 and LOG_DEFAULT_LEVEL=6.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Allow to record the console output before before U-Boot
has a console ready.
This patch allows to test the console output in sandbox test
based on console record.
It is possible because GD_FLG_RECORD and GD_FLG_SERIAL_READY
are 2 independent flags.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reorder test on gd value and remove the duplicated test (!gd)
in putc and puts function.
This patch is a preliminary step for rework of this function.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Use the console puts functions to output the traces before
the log initialization (when CONFIG_LOG is not activated).
This patch allows to display the first U-Boot traces
(with macro debug) when CONFIG_DEBUG_UART is activated
and not only drop them.
For example for traces in board_f.c requested by the macro debug,
when LOG_DEBUG is defined and CONFIG_LOG is activated.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Update _log function to drop any traces when log is yet initialized:
vsnprintf is no more executed in this case.
This patch allows to reduce the cost for the dropped early debug trace.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
fit_check_format() must check that the buffer contains a flattened device
tree before calling any device tree library functions.
Failure to do may cause segmentation faults.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
- DM support for OMAP PWM backlight
- USB host mode support for AM654
- Minor SPI fixes
- Add support k2g ice board with 1GHz silicon
- Fix GTC programming for K3 devices
The __of_translate_address routine translates an address from the
device tree into a CPU physical address. A note in the description of
the routine explains that the crossing of any level with
since inherited from IBM. This does not happen for Texas Instruments, or
at least for the beaglebone device tree. Without this patch, in fact,
the translation into physical addresses of the registers contained in the
am33xx-clocks.dtsi nodes would not be possible. They all have a parent
with #size-cells = <0>.
The CONFIG_OF_TRANSLATE_ZERO_SIZE_CELLS symbol makes translation
possible even in the case of crossing levels with #size-cells = <0>.
The patch acts conservatively on address translation, except for
removing a check within the of_translate_one function in the
drivers/core/of_addr.c file:
+
ranges = of_get_property(parent, rprop, &rlen);
- if (ranges == NULL && !of_empty_ranges_quirk(parent)) {
- debug("no ranges; cannot translate\n");
- return 1;
- }
if (ranges == NULL || rlen == 0) {
offset = of_read_number(addr, na);
memset(addr, 0, pna * 4);
debug("empty ranges; 1:1 translation\n");
There are two reasons:
1 The function of_empty_ranges_quirk always returns false, invalidating
the following if statement in case of null ranges. Therefore one of
the two checks is useless.
2 The implementation of the of_translate_one function found in the
common/fdt_support.c file has removed this check while keeping the one
about the 1:1 translation.
The patch adds a test and modifies a check for the correctness of an
address in the case of enabling translation also for zero size cells.
The added test checks translations of addresses generated by nodes of
a device tree similar to those you can find in the files am33xx.dtsi
and am33xx-clocks.dtsi for which the patch was created.
The patch was also tested on a beaglebone black board. The addresses
generated for the registers of the loaded drivers are those specified
by the AM335x reference manual.
Signed-off-by: Dario Binacchi <dariobin@libero.it>
Tested-by: Dario Binacchi <dariobin@libero.it>
Reviewed-by: Simon Glass <sjg@chromium.org>
So far we used the separate mksunxiboot tool for generating a bootable
image for Allwinner SPLs, probably just for historical reasons.
Use the mkimage framework to generate a so called eGON image the
Allwinner BROM expects.
The new image type is called "sunxi_egon", to differentiate it
from the (still to be implemented) secure boot TOC0 image.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Jernej Skrabec <jernej.skrabec@siol.net>
Reviewed-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
arm64:
- DT updates
microblaze:
- Add support for NOR device support
spi:
- Fix unaligned data write issue
nand:
- Minor code change
xilinx:
- Fru fix in limit calculation
- Fill git repo link for all Xilinx boards
video:
- Add support for seps525 spi display
tools:
- Minor Vitis file support
cmd/common
- Minor code indentation fixes
serial:
- Uartlite debug uart initialization fix
-----BEGIN PGP SIGNATURE-----
iFsEABECAB0WIQQbPNTMvXmYlBPRwx7KSWXLKUoMIQUCX/ROlgAKCRDKSWXLKUoM
IRC5AIkBzg4Sz8fQgdCiOK89k7tdFKMAnA9SYhgm4TSCzffZCJwnm78QoGAC
=4FnY
-----END PGP SIGNATURE-----
Merge tag 'xilinx-for-v2021.04' of https://gitlab.denx.de/u-boot/custodians/u-boot-microblaze into next
Xilinx changes for v2021.04
arm64:
- DT updates
microblaze:
- Add support for NOR device support
spi:
- Fix unaligned data write issue
nand:
- Minor code change
xilinx:
- Fru fix in limit calculation
- Fill git repo link for all Xilinx boards
video:
- Add support for seps525 spi display
tools:
- Minor Vitis file support
cmd/common
- Minor code indentation fixes
serial:
- Uartlite debug uart initialization fix
This uses up space in the SPL binary but it always starts as zero. Also
some boards cannot support data in TPL (e.g. Intel Apollo Lake).
Use malloc() to allocate this structure instead, by moving the init a
little later, after malloc() is inited. Make this function optional since
it pulls in malloc().
This reduces the TPL binary size on coral by about 64 bytes
Signed-off-by: Simon Glass <sjg@chromium.org>
Support reusing board_fit_config_name_match() to automatically
select a sensible default configuration for booting fitImages
using 'bootm'.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Replace most #ifdef checks for USE_HOSTCC and CONFIG_*
with normal if instructions.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Check for negative return value of fdt_noffset from calling
boot_get_fdt_fit().
Signed-off-by: Hongwei Zhang <hongweiz@ami.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
We use 'priv' for private data but often use 'platdata' for platform data.
We can't really use 'pdata' since that is ambiguous (it could mean private
or platform data).
Rename some of the latter variables to end with 'plat' for consistency.
Signed-off-by: Simon Glass <sjg@chromium.org>
This construct is quite long-winded. In earlier days it made some sense
since auto-allocation was a strange concept. But with driver model now
used pretty universally, we can shorten this to 'auto'. This reduces
verbosity and makes it easier to read.
Coincidentally it also ensures that every declaration is on one line,
thus making dtoc's job easier.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fit images were loaded to a buffer provided by spl_get_load_buffer().
This may work when the FIT image is small and fits between the start
of DRAM and SYS_TEXT_BASE.
One problem with this approach is that the location of the buffer may
be manipulated by changing the 'size' field of the FIT. A maliciously
crafted FIT image could place the buffer over executable code and be
able to take control of SPL. This is unacceptable for secure boot of
signed FIT images.
Another problem is with larger FIT images, usually containing one or
more linux kernels. In such cases the buffer be be large enough so as
to start before DRAM (Figure I). Trying to load an image in this case
has undefined behavior.
For example, on stm32mp1, the MMC controller hits a RX overrun error,
and aborts loading.
_________________
| FIT Image |
| |
/===================\ /=====================\
|| DRAM || | DRAM |
|| || | |
||_________________|| SYS_TEXT_BASE | ___________________ |
| | || FIT Image ||
| | || ||
| _________________ | SYS_SPL_MALLOC_START || _________________ ||
|| malloc() data || ||| malloc() data |||
||_________________|| |||_________________|||
| | ||___________________||
| | | |
Figure I Figure II
One possibility that was analyzed was to remove the negative offset,
such that the buffer starts at SYS_TEXT_BASE. This is not a proper
solution because on a number of platforms, the malloc buffer() is
placed at a fixed address, usually after SYS_TEXT_BASE. A large
enough FIT image could cause the malloc()'d data to be overwritten
(Figure II) when loading.
/======================\
| DRAM |
| |
| | CONFIG_SYS_TEXT_BASE
| |
| |
| ____________________ | CONFIG_SYS_SPL_MALLOC_START
|| malloc() data ||
|| ||
|| __________________ ||
||| FIT Image |||
||| |||
||| |||
Figure III
The solution proposed here is to replace the ad-hoc heuristics of
spl_get_load_buffer() with malloc(). This provides two advantages:
* Bounds checking of the buffer region
* Guarantees the buffer does not conflict with other memory
The first problem is solved by constraining the buffer such that it
will not overlap currently executing code. This eliminates the chance
of a malicious FIT being able to replace the executing SPL code prior
to signature checking.
The second problem is solved in conjunction with increasing
CONFIG_SYS_SPL_MALLOC_SIZE. Since the SPL malloc() region is
carefully crafted on a per-platform basis, the chances of memory
conflicts are virtually eliminated.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
In some cases it is necessary to pass parameters to Linux so that it will
boot correctly. For example, the rootdev parameter is often used to
specify the root device. However the root device may change depending on
whence U-Boot loads the kernel. At present it is necessary to build up
the command line by adding device strings to it one by one.
It is often more convenient to provide a template for bootargs, with
U-Boot doing the substitution from other environment variables.
Add a way to substitute strings in the bootargs variable. This allows
things like "rootdev=${rootdev}" to be used in bootargs, with the
${rootdev} substitution providing the UUID of the root device.
For example, to substitute the GUID of the kernel partition:
setenv bootargs "console=/dev/ttyS0 rootdev=${uuid}/PARTNROFF=1
kern_guid=${uuid}"
part uuid mmc 2:2 uuid
bootm
This is particularly useful when the command line from another place. For
example, Chrome OS stores the command line next to the kernel itself. It
depends on the kernel version being used as well as the hardware features,
so it is extremely difficult to devise a U-Boot script that works on all
boards and kernel versions. With this feature, the command line can be
read from disk and used directly, with a few substitutions set up.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present cli_simple_process_macros() requires that the caller provide
an output buffer that is exactly CONFIG_SYS_CBSIZE bytes in length. This
makes sense since it is designed to be used from the command line. But we
also want to use it for bootargs substitution.
Update the function to allow the caller to specify the buffer size. Also
return an error if the buffer is exhausted. The caller can ignore that if
preferred.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present we only support updating the 'bootargs' environment
variable. Add another function to update a buffer instead. This will
allow zimage to use this feature.
Also add a lot more tests to cover various cases.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present only one transformation is supported: making the Linux console
silent. To prepare for adding more, convert the boolean parameter into a
flag value.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present bootm_process_cmdline_env() reads the 'bootargs' variable and
then writes it back afterwards. This is painful for tests, which would
rather use a simple buffer.
It is also useful for zimage to use a buffer, since it does not actually
put the Linux command line in the bootargs variable.
Refactor the existing code into two pieces. One handles reading and
writing the environment variable, as well as allocating a buffer for use
by the rest of the code, which now operates on a buffer.
Signed-off-by: Simon Glass <sjg@chromium.org>
Use the size (including terminator) for in this function, rather than
the length. This is arguably easier to follow, with the coming
refactor.
Signed-off-by: Simon Glass <sjg@chromium.org>
This function will soon do more than just handle the 'silent linux'
feature. As a first step, update it to take a boolean parameter,
indicating whether or not the processing is required.
Signed-off-by: Simon Glass <sjg@chromium.org>
We want to add more processing to this function. Before doing so, rename
it to bootm_process_cmdline_env(), which is more generic.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present this function fails silently on error. Update it to produce
an error code. Report this error to the user and abort the boot, since it
likely will prevent a successful start.
No tests are added at this stage, since additional refactoring is taking
place in subsequent patches.
Signed-off-by: Simon Glass <sjg@chromium.org>
This function currently has no tests. Export it so that we can implement
a simple test on sandbox. Use IS_ENABLED() to remove the unused code,
instead #ifdef.
Signed-off-by: Simon Glass <sjg@chromium.org>
bl2_to_bl31_params_mem is just an implementation detail of the SPL ATF
support and is not needed anywhere else. Move it from the header to the
actual module.
Signed-off-by: Michael Walle <michael@walle.cc>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Move the actual implementation of the bl2_plat_get_bl31_params() to its
own function. The weak function will just call the default
implementation. This has the advantage that board code can still call
the original implementation if it just want to modify minor things.
Signed-off-by: Michael Walle <michael@walle.cc>
There is no need to have the storage available globally. This is also a
preparation for LOAD_IMAGE_V2 support. That will introduce a similar
generator function which also has its own storage.
Signed-off-by: Michael Walle <michael@walle.cc>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Capsule data can be loaded into the system either via UpdateCapsule
runtime service or files on a file system (of boot device).
The latter case is called "capsules on disk", and actual updates will
take place at the next boot time.
In this commit, we will support capsule on disk mechanism.
Please note that U-Boot itself has no notion of "boot device" and
all the capsule files to be executed will be detected only if they
are located in a specific directory, \EFI\UpdateCapsule, on a device
that is identified as a boot device by "BootXXXX" variables.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Since update_flash() is used only in update_tftp(), it should be
guarded with appropriate config options.
After the commit 3149e524fc, common/update.c will be built under
either CONFIG_UDATE_TFTP, CONFIG_DFU_TFTP or CONFIG_UPDATE_FIT.
Since CONFIG_UPDATE_FIT, hence fit_update(), doesn't rely on
update_flash(), the compiler may cause an "unused" warning if
CONFIG_UPDATE_FIT=y and CONFIG_UPDATE_TFTP=n and CONFIG_DFU_TFTP=n.
This is, for example, the case for sandbox defconfig where
EFI_CAPSULE_FIRMWARE_FIT is enabled for test purpose.
Fixes: 3149e524fc ("common: update: add a generic interface for FIT
image")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Since update_flash() is used only in update_tftp(), it should be
guarded with appropriate config options.
After the commit 3149e524fc, common/update.c will be built under
either CONFIG_UDATE_TFTP, CONFIG_DFU_TFTP or CONFIG_UPDATE_FIT.
Since CONFIG_UPDATE_FIT, hence fit_update(), doesn't rely on
update_flash(), the compiler may cause an "unused" warning if
CONFIG_UPDATE_FIT=y and CONFIG_UPDATE_TFTP=n and CONFIG_DFU_TFTP=n.
This is, for example, the case for sandbox defconfig where
EFI_CAPSULE_FIRMWARE_FIT is enabled for test purpose.
Fixes: 3149e524fc ("common: update: add a generic interface for FIT
image")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
This commit add the support of signature check for config node
in spl/tpl when the function spl_load_simple_fit is used.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Move CONFIG_SYS_PROMPT_HUSH_PS2 in Kconfig, depending
on CONFIG_HUSH_PARSER, and remove the default value defined
in cli_hush.c under __U_BOOT__.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
At present these values are open-coded in a few places. Add constants so
the meaning is clear.
Also add a comment to cmd_get_data_size()
Signed-off-by: Simon Glass <sjg@chromium.org>
This uclass is intended to provide a way to obtain information about a
U-Boot board. But the concept of a U-Boot 'board' is the whole system,
not just one circuit board, meaning that 'board' is something of a
misnomer for this uclass.
In addition, the name 'board' is a bit overused in U-Boot and we want to
use the same uclass to provide SMBIOS information.
The obvious name is 'system' but that is so vague as to be meaningless.
Use 'sysinfo' instead, since this uclass is aimed at providing information
on the system.
Rename everything accordingly.
Note: Due to the patch delta caused by the symbol renames, this patch
shows some renamed files as being deleted in one place and created in
another.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Add logging for each part of the boot process, using a new
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Igor Opaniuk <igor.opaniuk@toradex.com>
At present CONFIG_CHROMEOS is used to determine whether verified boot is
in use. The code to implement that is not in U-Boot mainline.
However, it is useful to be able to boot a Chromebook in developer mode
in U-Boot mainline without needing the verified boot code.
To allow this, use CONFIG_CHROMEOS_VBOOT to indicate that verified boot
should be used, and CONFIG_CHROMEOS to indicate that the board supports
Chrome OS. That allows us to define CONFIG_CHROMEOS on coral.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
The series contains the following enhancements
* preparatory patches for UEFI capsule updates
* initialization of the emulated RTC using an environment variable
and a bug fix
* If DisconnectController() is called for a child controller that is the
only child of the driver, the driver must be disconnected.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl+e1WUACgkQxIHbvCwF
GsRHhQ//X/hQiow1/3YwskyZkC89QPLE+TDeGcRHdy7W2rjfJlOBJtsI1tzvsTWw
8etgIuoh1MKebJZZQk/ZxKdWOaN3RWP7wL/9c6PHpkkML+WzyLWShf5UgLMWeo3w
a7t0LW4kfxbzmhg/f4x0Gi3qUh0SiS6T8Q5X/SlJOX091IvCmCOTkGUT6dBogm78
WnISQvgP3uApOt2s66hVVtFaH4zbXDYwDnQhhUoonRF1AfuE3jTyr39IoNsCdPOx
vEbTqNKQQnt4yIIaPJlV+KX//jtCCnyLBPrZA1tI2QPyBjADmNcau2OjlBZyJpr0
1awgSueXgBtMCAp6bHMl9p3eSKYv2f0BvPGljgKrs9dfIZk+XN0w62VuSYwRi7TU
ZEppINMisM1hC9+7jKNGn0nE9y3UldBSNThWxk8ykpWL+Btv5KeArHK4+916nadQ
a7t+6Ow7hiVI1Y/3TWaLvCi7xfqsU87QH6dx0nozgBUotuujIqa5lAeSGR9Rc6N2
PSblEGf8AA8+oGAdBhNvDncHiRLWkUoBqFsaaAk4EiaHQk60InZ9CpQdeMqHErcx
uLL9JcOCZeStcWF+vWmyU2L49O88HRHvboM7zA+gqLIUilwgKxmlOocoq+0jtA4l
Bg72F3cI7+g+aTidskEOGo2v2cj0dh32ub5CqRHLdt3PUzP6qhs=
=mCEL
-----END PGP SIGNATURE-----
Merge tag 'efi-2020-01-rc2-2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2021-01-rc2 (2)
The series contains the following enhancements
* preparatory patches for UEFI capsule updates
* initialization of the emulated RTC using an environment variable
and a bug fix
* If DisconnectController() is called for a child controller that is the
only child of the driver, the driver must be disconnected.
This is the complement of the existing behavior to match only messages with
a log level less than a threshold. This is primarily useful in conjunction
with LOGFF_DENY.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Without this flag, log filters can only explicitly accept messages.
Allowing denial makes it easier to filter certain subsystems. Unlike
allow-ing filters, deny-ing filters are added to the beginning of the
filter list. This should do the Right Thing most of the time, but it's
less-universal than allowing filters to be inserted anywhere. If this
becomes a problem, then perhaps log_filter_add* should take a filter number
to insert before/after.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This function exposes a way to specify flags when creating a filter.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
These functions are required by "cmd: log: Add commands to manipulate
filters" and "test: Add a test for log filter-*".
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Both these arrays and their members are const. Fixes checkpatch complaint.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Errors returned should be negative.
Fixes: 45fac9fc18 ("log: Correct missing free() on error in log_add_filter()")
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If this option, CONFIG_EFI_SETUP_EARLY, is enabled, the initialisation
of UEFI subsystem will be done as part of U-Boot initialisation.
Please note that this option won't be enabled explicitly by users,
instead, should be enabled implicitly by other configuration options.
Specifically, this feature will be utilised in implementing capsule-on-disk
feature.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The main purpose of this patch is to separate a generic interface for
updating firmware using DFU drivers from "auto-update" via tftp.
This function will also be used in implementing UEFI capsule update
in a later commit.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
The range of an addressable pointer can go beyond 'integer'.
So change the argument type to a void pointer.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
This function is essentially independent from tftp, and will also be
utilised in implementing UEFI capsule update in a later commit.
So just give it a more generic name.
In addition, a new configuration option, CONFIG_DFU_WRITE_ALT, was
introduced so that the file will be compiled with different options,
particularly one added in a later commit.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
At present this option results in a number of #ifdefs due to the presence
or absence of the global_data of_root member.
Add a few macros to global_data.h to work around this. Update the code
accordingly.
Signed-off-by: Simon Glass <sjg@chromium.org>
common:
- Add support for 64bit loadables from SPL
xilinx:
- Update documentation and record ownership
- Enable eeprom board detection based legacy and fru formats
- Add support for FRU format
microblaze:
- Optimize low level ASM code
- Enable SPI/I2C
- Enable distro boot
zynq:
- Add support for Zturn V5
zynqmp:
- Improve silicon detection code
- Enable several kconfig options
- Align DT with the latest state
- Enabling security commands
- Enable and support FPGA loading from SPL
- Optimize xilinx_pm_request() calling
versal:
- Some DTs/Kconfig/defconfig alignments
- Add binding header for clock and power
zynq-sdhci:
- Add support for tap delay programming
zynq-spi/zynq-qspi:
- Use clock framework for getting clocks
xilinx-spi:
- Fix some code issues (unused variables)
serial:
- Check return value from clock functions in pl01x
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQQbPNTMvXmYlBPRwx7KSWXLKUoMIQUCX5rH/QAKCRDKSWXLKUoM
IRPAAJ9SvHR3w1qTc5W+Q5CWBUH5wJbNYQCaA4PpqZCdvyu1+nF5luL6JHhbDgw=
=hOd7
-----END PGP SIGNATURE-----
Merge tag 'xilinx-for-v2021.01-v2' of https://gitlab.denx.de/u-boot/custodians/u-boot-microblaze
Xilinx changes for v2021.01-v2
common:
- Add support for 64bit loadables from SPL
xilinx:
- Update documentation and record ownership
- Enable eeprom board detection based legacy and fru formats
- Add support for FRU format
microblaze:
- Optimize low level ASM code
- Enable SPI/I2C
- Enable distro boot
zynq:
- Add support for Zturn V5
zynqmp:
- Improve silicon detection code
- Enable several kconfig options
- Align DT with the latest state
- Enabling security commands
- Enable and support FPGA loading from SPL
- Optimize xilinx_pm_request() calling
versal:
- Some DTs/Kconfig/defconfig alignments
- Add binding header for clock and power
zynq-sdhci:
- Add support for tap delay programming
zynq-spi/zynq-qspi:
- Use clock framework for getting clocks
xilinx-spi:
- Fix some code issues (unused variables)
serial:
- Check return value from clock functions in pl01x
This will probe the multiplexer devices that have a "u-boot,mux-autoprobe"
property. As a consequence they will be put in their idle state.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Pratyush Yadav <p.yadav@ti.com>
The log command has led to NULL dereferences if an unknown category name
name was used due to missing entries in the list of category names.
Add compile time checks for the array sizes of log_cat_name and
log_lvl_name to avoid future mishaps.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Some drivers use macro pr_cont() for continuing a message sent via printk.
Hence if we want to convert printk messaging to using the logging system,
we must support continuation of log messages too.
As pr_cont() does not provide a message level we need a means of
remembering the last log level.
With the patch a pseudo log level LOGL_CONT as well as a pseudo log
category LOGC_CONT are introduced. Using these results in the application
of the same log level and category as in the previous log message.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Replace the static variable processing_msg by a field in the global data.
Make the field bool at it can only be true or false.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
The commit 9f45aeb937 ("spl: fit: implement fdt_record_loadable") which
introduced fdt_record_loadable() state there spl_fit.c is not 64bit safe.
Based on my tests on Xilinx ZynqMP zcu102 platform there shouldn't be a
problem to record these addresses in 64bit format.
The patch adds support for systems which need to load images above 4GB.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
SPL is creating fit-images DT node when loadables are recorded in selected
configuration. Entries which are created are using entry-point and
load-addr property names. But there shouldn't be a need to use non standard
properties because entry/load are standard FIT properties. But using
standard FIT properties enables option to use generic FIT functions to
descrease SPL size. Here is result for ZynqMP virt configuration:
xilinx_zynqmp_virt: spl/u-boot-spl:all -82 spl/u-boot-spl:rodata -22 spl/u-boot-spl:text -60
The patch causes change in run time fit image record.
Before:
fit-images {
uboot {
os = "u-boot";
type = "firmware";
size = <0xfd520>;
entry-point = <0x8000000>;
load-addr = <0x8000000>;
};
};
After:
fit-images {
uboot {
os = "u-boot";
type = "firmware";
size = <0xfd520>;
entry = <0x8000000>;
load = <0x8000000>;
};
};
Replacing calling fdt_getprop_u32() by fit_image_get_entry/load() also
enables support for reading entry/load properties recorded in 64bit format.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
It doesn't need to consider start byte address.
If ramdisk size is 0x800000 and start address is 0x2700000, then it's
used until 0x02efffff, not 0x02f00000. But it's detected to overlapt RD
image, when kernel start address is 0x02f00000.
Because it's doing wrong calculation about rd_len.
This patch fixed wrong calculation address position when check
condition.
In addition, it needs to check one more condition about overlapping
entire area.
Fixes: commit fbde7589ce ("common: bootm: add checks to verify if ramdisk / fdtimage overlaps OS image")
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Remove the default value "usb start" for CONFIG_USB_STORAGE as the USB
storage boot initialization is correctly managed by distro boot command
('usb_boot' defined in include/config_distro_bootcmd.h already include
the command 'usb start').
Fixes: 324d77998e ("Define default CONFIG_PREBOOT with right config option")
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The sandbox is built with the SDL2 library with invokes the X11 library
which in turn calls getc(). But getc() in glibc is defined as
int getc(FILE *)
This does not match our definition.
int getc(void)
The sandbox crashes when called with parameter -l.
Rename our library symbol getc() to getchar().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This code is intended do prevent one from setting a shell variable abc
by doing
abc=123
if an environment variable named abc already exists. However, the
check is broken, since the env_get is done before the split on =, so
we look up whether an environment variable "abc=123" exists, which is
obviously never the case.
One could move the code to below the split on =, but instead, just
remove it, saving a little .text: The check has never worked as
intended (it goes all the way back to the initial git commit), and it
would anyway not guard against one first setting the shell variable,
then doing 'env set abc xyz'.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
add back again special case: -2
autoboot with no delay and no check for abort
as described in Kconfig option, see common/Kconfig
help text for option BOOTDELAY.
Signed-off-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Fix some comments about functions.
Move genimg_get_comp_name() above genimg_get_short_name() because
genimg_get_comp_name() is related to get_table_entry_name().
Signed-off-by: Naoki Hayama <naoki.hayama@lineo.co.jp>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a generic function which can check whether a category has an
entry ID.
Signed-off-by: Naoki Hayama <naoki.hayama@lineo.co.jp>
Reviewed-by: Simon Glass <sjg@chromium.org>
CONFIG_{SPL,TPL}_SIZE_LIMIT are defined as hex (SPL_SIZE_LIMIT was
converted in b51882d0 ("spl: Convert CONFIG_SPL_SIZE_LIMIT to hex"), but
there are still places that reference integer values. Change those to hex
as well. Also, update the Makefile to check for 0x0 instead of 0.
This also fixes the following build error when CONFIG_SPL_SIZE_LIMIT
is set by menuconfig to 0x0:
...
spl/u-boot-spl.bin exceeds file size limit:
limit: 0 bytes
actual: 0x80f0 bytes
excess: 0x80f0 bytes
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
It is much easier to read the bloblist addresses if it starts on a 4KB
boundary. Update it to align it accordingly.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some boards, specifically 64-bit Allwinner boards (sun50i), are
extremely limited on SPL size. One strategy that was used to make space
was to remove the FIT "os" property parsing code, because it uses a
rather large lookup table.
However, this forces the legacy FIT parsing code path, which requires
the "firmware" entry in the FIT to reference the U-Boot binary, even if
U-Boot is not the next binary in the boot sequence (for example, on
sun50i boards, ATF is run first).
This prevents the same FIT image from being used with a SPL with
CONFIG_SPL_FIT_IMAGE_TINY=n and CONFIG_SPL_ATF=y, because the boot
method selection code looks at `spl_image.os`, which is only set from
the "firmware" entry's "os" property.
To be able to use CONFIG_SPL_ATF=y, the "firmware" entry in the FIT
must be ATF, and U-Boot must be a loadable. For this to work, we need to
parse the "os" property just enough to tell U-Boot from other images, so
we can find it in the loadables list to append the FDT, and so we don't
try to append the FDT to ATF (which could clobber adjacent firmware).
So add the minimal code necessary to distinguish U-Boot/non-U-Boot
loadables with CONFIG_SPL_FIT_IMAGE_TINY=y. This adds about 300 bytes,
much less than the 7400 bytes added by CONFIG_SPL_FIT_IMAGE_TINY=n.
Acked-by: Patrick Wildt <patrick@blueri.se>
Signed-off-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Jagan Teki <jagan@amarulasolutions.com>
This reverts commit eb39d8ba5f.
The commit breaks booting of fitImage by SPL, the system simply hangs.
This is because on arm32, the fitImage and all of its content can be
aligned to 4 bytes and U-Boot expects just that.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Reuben Dowle <reuben.dowle@4rf.com>
Cc: Tom Rini <trini@konsulko.com>
Signed-off-by: Marek Vasut <marex@denx.de>
To simplify configuration and keep synchronized the PStore/Ramoops between
U-Boot and the Linux kernel, this commit dynamically adds the Ramoops
parameters defined in the U-Boot session to the Device Tree.
Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Wolfgang Denk <wd@denx.de>
Cc: Heiko Schocher <hs@denx.de>
This commit add the support in u-boot to read the IV
in the FIT image instead of u-boot device tree.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Currently FIT image must be signed by all required conf keys. This means
Verified Boot fails if there is a signature verification failure
using any required key in U-Boot DTB.
This patch introduces a new policy in DTB that can be set to any required
conf key. This means if verified boot passes with one of the required
keys, U-Boot will continue the OS hand off.
There were prior attempts to address this:
https://lists.denx.de/pipermail/u-boot/2019-April/366047.html
The above patch was failing "make tests".
https://lists.denx.de/pipermail/u-boot/2020-January/396629.html
Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Since the previous patch, net_init now exposes some errors, so check for
them.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This driver interferes with other sandbox tests since it causes log output
to be interspersed with "No ethernet found." messages. Disable this driver
by default.
Enable it for the syslog tests so that they still pass.
Signed-off-by: Simon Glass <sjg@chromium.org>