If the device is a GP and we detect a signing certificate then remove it.
It would fail to authenticate otherwise as the device is GP and has no
secure authentication services in SYSFW.
This shouldn't happen often as trying to boot signed images on GP devices
doesn't make much sense, but if we run into a signed image we should at
least try to ignore the certificate and boot the image anyway. This could
help with users of GP devices who only have HS images available.
If this does happen, print a nice big warning.
Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
We can skip the image authentication check at runtime if the device is GP.
This reduces the delta between GP and HS U-Boot builds. End goal is
to re-unify the two build types into one build that can run on all
device types.
Signed-off-by: Andrew Davis <afd@ti.com>
On HS-FS devices signing boot images is optional. To ease use
we check if we are HS-FS and if no certificate is attached
to the image we skip the authentication step with a warning
that this will fail when the device is set to security enforcing.
Signed-off-by: Andrew Davis <afd@ti.com>
K3 SoCs are available in a number of device types such as
GP, HS-FS, EMU, etc. Like OMAP SoCs we can detect this at runtime
and should print this out as part of the SoC information line.
We add this as part of the common.c file as it will be used
to also modify our security state early in the device boot.
Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Since commit 2a73606668 ("serial: Rename SERIAL_SUPPORT to SERIAL")
SPL_SERIAL_SUPPORT is named SPL_SERIAL. So let's update the comment to
point to the correct Kconfig option in the comment of VPL_SERIAL.
Fixes: 747093dd40 ("vpl: Add Kconfig options for VPL")
Cc: Quentin Schulz <foss+uboot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Since commit 103c5f1806 ("mmc: Rename MMC_SUPPORT to MMC"),
SPL_MMC_SUPPORT is named SPL_MMC, so let's fix the ifdef.
Fixes: fbc6b14143 ("imx: imx8mp_rsb3720a1: convert to DM_SERIAL")
Cc: Quentin Schulz <foss+uboot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
SPL_GPIO_SUPPORT is named SPL_GPIO since commit 83061dbd1c ("Rename
GPIO_SUPPORT to GPIO"), SPL_MMC_SUPPORT is named SPL_MMC since commit
103c5f1806 ("mmc: Rename MMC_SUPPORT to MMC"), SPL_SERIAL_SUPPORT is
named SPL_SERIAL since commit 2a73606668 ("serial: Rename
SERIAL_SUPPORT to SERIAL") so let's select the correct Kconfig options.
Fixes: 8b71576f38 ("mx7ulp_com: add support for SPL")
Cc: Quentin Schulz <foss+uboot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Since commit 83061dbd1c ("Rename GPIO_SUPPORT to GPIO"),
SPL_GPIO_SUPPORT has been renamed to SPL_GPIO, meaning that SPL_GPIO_HOG
can never be enabled.
Let's fix this by using the proper name for the Kconfig option.
Fixes: 1d99e673c7 ("gpio: Enable hogging support in SPL")
Cc: Quentin Schulz <foss+uboot@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
If 'extension apply all' is executed and no extension is found, the return
value of do_extension_apply() is undefined. Return CMD_RET_FAILURE in this
case.
Fixes: 2f84e9cf06 ("cmd: add support for a new "extension" command")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Kory Maincent <kory.maincent@bootlin.com>
When attempting to load images from multiple MMC devices in sequence,
spl_mmc_load() chooses the wrong device from the second attempt onwards.
The reason is that MMC initialization is only done on its first call and
spl_mmc_load() will then continue using this same device for all future
calls.
Fix this by checking the devnum of the "cached" device struct against
the one which is requested. If they match, use the cached one but if
they do not match, initialize the new device.
This fixes specifying multiple MMC devices in the SPL's boot order to
fall back when U-Boot Proper is corrupted or missing on the first
attempted MMC device.
Fixes: e1eb6ada4e ("spl: Make image loader infrastructure more universal")
Signed-off-by: Harald Seiler <hws@denx.de>
Some setups do not use Xen hypervisor console for logging, e.g. they
use emulated PL011 hardware or shared peripherals (real UART). In such
cases Xen HVC will be disabled on a build time and will cause issues in
current driver implementation.
This commit fixes build issues in Xen event channel driver, caused
by absense of console event channel, that is not available when console
config is disabled. Now console related code will be removed when
Xen HVC is turned off.
Signed-off-by: Dmytro Firsov <dmytro_firsov@epam.com>
Reviewed-by: Anastasiia Lukianenko <vicooodin@gmail.com>
Reviewed-by: Anastasiia Lukianenko <vicooodin@gmail.com<mailto:vicooodin@gmail.com>>
Signed-off-by: Dmytro Firsov <dmytro_firsov@epam.com<mailto:dmytro_firsov@epam.com>>
The source code contains an error:
- argv[2] contains <channel> arg, variable for env_set is in argv[3]
- number of args is 4
Revert 54d24d7260
cmd: simplify do_adc_single()
Fixes 9de612ae4d
cmd: adc: Add support for storing ADC result in env variable
Reviewed-by: Simon Glass <sjg@chromium.org>
To work correctly, this driver depends on SYSCON to get the base address
from the parent dts node.
Signed-off-by: Billy Tsai <billy_tsai@aspeedtech.com>
Reviewed-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
The 'rng' command dumps a number of random bytes on the console. Add a
set of tests for the 'rng' command. The test function performs basic
sanity testing of the command.
Since a unit test is being added for the command, enable it by default
in the sandbox platforms.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Use a statically allocated buffer on stack instead of using malloc for
reading the random bytes. Using a local array is faster than
allocating heap memory on every initiation of the command.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The 'rng' u-boot command is used for printing a select number of
random bytes on the console. Currently, the RNG device from which the
random bytes are read is fixed. However, a platform can have multiple
RNG devices, one example being qemu, which has a virtio RNG device and
the RNG pseudo device through the TPM chip.
Extend the 'rng' command so that the user can provide the RNG device
number from which the random bytes are to be read. This will be the
device index under the RNG uclass.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The TPM device comes with the random number generator(RNG)
functionality which is built into the TPM device. Add logic to add the
RNG child device in the TPM uclass post probe callback.
The RNG device can then be used to pass a set of random bytes to the
linux kernel, need for address space randomisation through the
EFI_RNG_PROTOCOL interface.
No compatible string is provided because this is not available in
the binding defined by Linux. If multiple rand devices are in the
system, then some method of selecting them (other than device tree)
will need to be used, or a binding will need to be added.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The TPM device has a builtin random number generator(RNG)
functionality. Expose the RNG functions of the TPM device to the
driver model so that they can be used by the EFI_RNG_PROTOCOL if the
protocol is installed.
Also change the function arguments and return type of the random
number functions to comply with the driver model api.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Due to U-Boot's lazy binding the RNG presented by the TCG is not available
until the EFI_TCG2 protocol has been initialized. Since the TPM has a
built-in RNG device we can use for the OS randomization, move the RNG
protocol installation after the TCG.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
These functions should really be available outside the TPM code, so that
other callers can find out which version the TPM is. Rename them to have
a tpm_ prefix() and add them to the header file.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
After a discussion with Tom Rini, we've agreed that I am going to take
over custodianship of the MPC85XX platform, since it seems other people
do not have necessary interest or time and getting things done over
there takes too long.
Since I am only working on one MPC85XX board, Turris 1.x, and do not
have time to do thorough reviews of patches for this entire platform
(other than those concerning Turris 1.x board), for other boards I will
only run patches through CI and checkpatch, and then send them via PR
upwards to Tom.
Signed-off-by: Marek Behún <kabel@kernel.org>
Acked-by: Tom Rini <trini@konsulko.com>
Documentation:
* Detail how configuration signatures are calculated
* Further expand on Image locations and provide example
* Describe system configuration
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmLkE0AACgkQxIHbvCwF
GsSmqQ/+N6b9ABQaWBbLIR0PLAVN6K8gY8HU/CNs+lM2AYcp75890J4/KsB3oueG
7/thHuv72R9aGVn9JvQKVjz6UfG47g6IyOeV3oRQJfY1vHw1aUd/WXXZFeCnAPVl
hlxYy+r6pe9rgssoktzp7Ruh8Lgce1tEJNmK978aMp3gnPxl553WwNyi/8mDezDO
ogt8AqxK3TiLTVpq3Lq1dnInaSWTVObCfdazD2JqY9pydvPOAoRDZsJRbr0RQBU+
25vvRWKB84y7saHi0g+wjLHk+8rDxhIGh7wHwWszEqb5fhY2cbwyPS8pdVYbr+p0
yMjFCyhO9bJ5FGQgPtVGHdKtcsI0hQt18kYCutXQ/ujATUjFrHXvlE1yx9RneDmv
sDMnWGGA2N9PLg/jaa8TNjZ5eSji0jq5PEPeD4Yvj2cmmZacA6sCkbURE0Ngv36R
m9nfXRj6y+DQJ1Wg2fDzp+PtQmHcXyJnNsNuMD9U0g0EHtc7FhHJJDRW06YukCxD
x8hGXxnePJq4A/7Zu+wHY3rT6XhQ51SWtiTHY04lRbDnV+hxtrKLAvDepAky78Gl
EuTqg3vVllAxEUJLX5kWFZlEhyjOCfqUirSoUVoc6nsLcHY81xxZFGroXm/EQFxz
ecMRYwAUXKhZTrUy5AtnB0NQ4rxnf2PWXo+98Ok79ZLwMSf6Aj4=
=EHQo
-----END PGP SIGNATURE-----
Merge tag 'doc-2022-10-rc2' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for doc-2022-10-rc2
Documentation:
* Detail how configuration signatures are calculated
* Further expand on Image locations and provide example
* Describe system configuration
Start by describing in general the best practices for how to implement
configuration of some aspect of U-Boot. This generally means finding
the right choices for when something should be static or dynamically
configured and enabled. Then further document when to use CONFIG or CFG
namespaces for static configuration.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Describe exactly which bytes are hashed and in what order
when signing a configuration.
Signed-off-by: Martin Bonner <martingreybeard@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Start by elaborating on what some of our constraints tend to be with
image location values, and document where these external constraints
can come from. Provide a new subsection, an example based on the TI
ARMv7 OMAP2PLUS families of chips, that gives sample values and explains
why we use these particular values. This is based on what is in
include/configs/ti_armv7_common.h as of fb3ad9bd92 ("TI: Add, use a
DEFAULT_LINUX_BOOT_ENV environment string") as this contains just the
values referenced in this document now and not some of the further
additions that are less generic.
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
There is a bug in Turris Omnia's schematics, whereupon the MPP[26] pin,
which is routed to CN11 pin header, is documented as SPI CS1, but
MPP[26] pin does not support this function. Instead it controls chip
select 2 if in "spi0" mode.
Fix the name of the pin node in pinctrl node and fix the comment in SPI
node.
Signed-off-by: Marek Behún <kabel@kernel.org>
* Add SPDX-License-Identifier
* Add SFP and LED nodes
* Fix PHY nad NOR nodes
* Remove duplicates from u-boot.dtsi file
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Linux kernel uses compatible string "marvell,armada370-nand-controller" for
nand controllers on Armada 370/XP/38x. U-Boot currently uses mix of
"marvell,armada370-nand" and "marvell,mvebu-pxa3xx-nand".
So unify it and use just Linux kernel compatible string.
Signed-off-by: Pali Rohár <pali@kernel.org>
Acked-by: Michael Trimarchi <michael@amarulasolutions.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Now when CONFIG_SYS_TEXT_BASE has sane value, use it for calculation of
other SPL offset values: CONFIG_SPL_MAX_SIZE, CONFIG_SYS_MMC_U_BOOT_* and
CONFIG_SYS_SPI_FLASH_U_BOOT_* macros.
No functional change.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
On some boards upper 4 bits of i2c boot input data (register 0) are
inverted. Information which bits are inverted is stored in register 2.
So invert read input data back according to register 2 prior processing
them. This fixes printing "rom_loc: value" line during booting.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
U-Boot for initial L2 SRAM uses L2 memory-mapping mode and not L2 with
locked lines. P2020 reference manual about L2 memory-mapping mode says:
Accesses to memory-mapped SRAM are cacheable only in the corresponding
e500 L1 caches.
So there is no need to set Caching-Inhibit I-bit for second part of initial
L2 SRAM mapping in TLB entry. Remove it. First part of initial L2 SRAM
mapping already does not have I-bit set.
For more details see also:
https://lore.kernel.org/u-boot/20220508150844.qqxg452rs4wtf5bs@pali/
Signed-off-by: Pali Rohár <pali@kernel.org>
QorIQ U-Boot binary for SD card booting compiled during build process
(either u-boot.bin or u-boot-with-spl.bin) cannot be directly loaded by
QorIQ pre-PBL BootROM. Compiled U-Boot binary first needs to be processed
by Freescale boot_format tool as described in doc/README.mpc85xx-sd-spi-boot
BootROM requires that image on SD card must contain special boot sector.
Implement support for generating this special boot sector directly in
U-Boot start code. Boot sector needs to be at the beginning of the image,
so when compiling only proper U-Boot without SPL then it needs to be in
proper U-Boot. When compiling SPL with proper U-Boot then it needs to be
only in SPL.
Support can be enabled by a new config option FSL_PREPBL_ESDHC_BOOT_SECTOR.
Via other two additional options FSL_PREPBL_ESDHC_BOOT_SECTOR_START and
FSL_PREPBL_ESDHC_BOOT_SECTOR_DATA it is possible to tune how final U-Boot
image could be stored on the SD card.
Signed-off-by: Pali Rohár <pali@kernel.org>
Negative return value from cmd main function cause U-Boot to print criplic
error message: exit not allowed from main input shell.
Set return value on error to 1.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Armada 3700 BootROM supports also images with sha512 checksums and
mox-imager tool [1] generates such bootable images. Without sha512 support
U-Boot bubt command just prints error message:
Error: Unsupported hash_algorithm_id = 64
Error: Image header verification failed
This patch adds support for sha512 checksum validation for Armada 3700
images. With it bubt prints:
Image checksum...OK!
[1] - https://gitlab.nic.cz/turris/mox-boot-builder.git
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
net_loop() returns signed int type and negative value represents error.
tftp_read_file() returns unsigned size_t type and zero value represents
error. Casting signed negative value to unsigned size_t type cause losing
information about error and bubt thinks that no error happened, and
continue erasing SPI-NOR which cause malfunction device.
Fix this issue by correctly propagating failure during tftp transport.
With this change when there is no eth link, bubt does not erase SPI-NOR
anymore.
=> bubt
Burning U-Boot image "flash-image.bin" from "tftp" to "spi"
ethernet@30000 Waiting for PHY auto negotiation to complete......... TIMEOUT !
ethernet@30000: No link.
Error: Failed to read file flash-image.bin from tftp
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Current image type verification code is specific to 32-bit Armada SoCs but
used only for Armada 38x. Implement image type verification for Armada 3700
and enable Armada 38x image verification for all 32-bit Armada SoCs.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
This driver registers GPIO controller and allows U-Boot to control GPIO
pins on MCU which is connected to Turris Omnia via i2c.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Current pin control driver applies SDHCI PHY MUX selection
when board DT calls for eMMC function on MPP wires.
However, for CP side eMMC, only the "armada-8k-cpm-pinctrl"
compatibility string is taken into account, which causes
CP-SDHCI on Armada-7K boards to fail.
This patch adds "armada-7k-pinctrl" compatibility string
handling for the CP-SDHCI PHY configuration case.
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Reviewed-by: Igal Liberman <igall@marvell.com>
Reviewed-by: Stefan Roese <sr@denx.de>
These functions are required for 'pinmux status -a' command to print
current configuration of each MPP pin.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
To automatically enable GPIO functionality of some MPP pin, it is required
to implement .gpio_request_enable and .gpio_disable_free callbacks in
pinctrl driver and set .request and .rfree callbacks in GPIO driver to
pinctrl_gpio_request / pinctrl_gpio_free functions.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>