efi_load_image_from_file() should read via either of:
* EFI_SIMPLE_FILE_SYSTEM_PROTOCOL
* EFI_LOAD_FILE_PROTOCOL
* EFI_LOAD_FILE2_PROTOCOL
To make the code readable carve out a function to load the image via the
file system protocol.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Implementing support for loading images via the EFI_LOAD_FILE_PROTOCOL
requires the boot policy as input for efi_load_image_from_path().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The EFI_LOAD_FILE_PROTOCOL_GUID and EFI_LOAD_FILE2_PROTOCOL_GUID are needed
to complement the implementation of the LoadFile() boot service.
Remove a duplicate declaration of a variable for the
EFI_LOAD_FILE2_PROTOCOL_GUID.
Move the remaining declaration to efi_boottime.c.
Add a variable for the EFI_LOAD_FILE_PROTOCOL_GUID.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
For implementing support for the EFI_LOAD_FILE_PROTOCOL in the LoadImage()
service we will have to call the LocateDevicePath() service. To avoid a
forward declaration resequence the functions.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Our implementation of the EFI_HII_CONFIG_ROUTING_PROTOCOL is a mere stub,
where all services return an error code. The protocol is neither needed for
the EFI shell nor for the UEFI SCT. To reduce the code size remove it from
the U-Boot binary.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The EFI_RT_PROPERTIES_TABLE configuration table indicates which runtime
services are available at runtime.
Even if CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y, we neither support
UpdateCapsule() nor QueryCapsuleCapabilities() at runtime. Thus we should
not set the corresponding flags EFI_RT_SUPPORTED_UPDATE_CAPSULE and
EFI_RT_SUPPORTED_QUERY_CAPSULE_CAPABILITIES in RuntimeServicesSupported.
Fixes: 2bc27ca8a0 ("efi_loader: define UpdateCapsule api")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Long file names are stored in multiple directory entries. When deleting a
file we must delete all of them.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
A long name is split over multiple directory entries. When deleting a file
with a long name we need the first directory entry to be able to delete the
whole chain.
Add the necessary fields to the FAT iterator:
* cluster of first directory entry
* address of first directory entry
* remaining entries in cluster
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When deleting a directory entry 0xe5 is written to name[0].
We have a constant for this value and should use it consistently.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Searching for a file is not a write operation. So it should not lead to the
allocation of a new cluster to the directory.
If we reuse deleted entries, we might not even use the new cluster and due
to not flushing it the directory could be corrupted.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When creating new directory entries try to reuse entries marked as deleted.
In fill_dir_slot() do not allocate new clusters as this has already been
done in fat_find_empty_dentries().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Provide a function to find a series of empty directory entries.
The current directory is scanned for deleted entries.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When handling long file names directory entries may be split over multiple
clusters. We must make sure that new clusters are zero filled on disk.
When allocating a new cluster for a directory flush it.
The flushing should be executed before updating the FAT. This way if
flushing fails, we still have a valid directory structure.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When iterating over a child directory we set itr->start_clust.
Do the same when over the root directory.
When looking for deleted directory entries or existing short names we will
have to iterate over directories a second and third time. With this patch
we do not need any special logic for the root directory.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
For reusing deleted directory entries we have to adjust the function called
to step to the next directory entry.
This patch alone is not enough to actually reuse deleted directory entries
as the fill_dir_slot() is still called with first never used directory
entry.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
File names must be unique within their directory. So before assigning a
short name we must check that it is unique.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In set_name() we select the short name. Once this is correctly implemented
this will be a performance intensive operation because we need to check
that the name does not exist yet. So set_name should only be called once.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Currently we pass the short name via the directory iterator.
Pass it explicitly as a parameter.
This removes the requirement to set the short name in the iterator before
writing the long name.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The current function set_name() used to create short names has the
following deficiencies resolved by this patch:
* Long names (e.g. FOO.TXT) are stored even if a short name is enough.
* Short names with spaces are created, e.g. "A ~1.TXT".
* Short names with illegal characters are created, e.g. "FOO++BAR".
* Debug output does not not consider that the short file name has no
concluding '\0'.
The solution for the following bug is split of into a separate patch:
* Short file names must be unique.
This patch only provides the loop over possible short file names.
Fixes: c30a15e590 ("FAT: Add FAT write feature")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Rename function next_cluster() to fat_next_cluster() and export it.
When creating a new directory entries we should reuse deleted entries.
This requires re-scanning the directory.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The FAT specification [1] requires that for a '..' directory entry pointing
to the root directory the fields DIR_FstClusHi and DIR_FstClusLo are 0.
[1] Microsoft FAT Specification, Microsoft Corporation, August 30 2005
Fixes: 31a18d570d ("fs: fat: support mkdir")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
- Update ARM STI and ARM STM STM32MP Arch maintainers emails
- Enable internal pull-ups for SDMMC1 on DHCOM SoM
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEE56Yx6b9SnloYCWtD4rK92eCqk3UFAl/Q5aAACgkQ4rK92eCq
k3XuqAgAifJcb3NxKmWa4eFDbZpWZ1R8h6FPp6vlmvyC4C3otRHEe5WrYCsAeqy1
Gs311dtdluc4y5Ltmf54OcN7ICfLsSiOvye85f5myhPj1v4d1F1Z70X0FDo/o9hE
7TEZfWBQtNjXI4F23+vaDT4jCvUZV1LR6Lab/zLLw1/uLUxxS799kcFiWgHLuEoH
8Cv0JbgzLuuVk5lyLJ+DFZOcntwWu5+Qm+l5eS46armbKphMFh5KPJ9PG81eJE3N
zsCpavEs4nuQl7wGF8HPfDWxz5Xef6ip3A4Owh92t3WQWKxp1bSUKqDeKZTkhIyS
LSJKe9CQ9+zCS3m3Utoi1pVt1EbFrQ==
=cgbE
-----END PGP SIGNATURE-----
Merge tag 'u-boot-stm32-20201209' of https://gitlab.denx.de/u-boot/custodians/u-boot-stm
- Manage CONFIG_ENV_EXT4_DEVICE_AND_PART in stm32mp1 board
- Update ARM STI and ARM STM STM32MP Arch maintainers emails
- Enable internal pull-ups for SDMMC1 on DHCOM SoM
Add USB OTG ID pin mux and switch the USB OTG port
from peripheral to OTG mode.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Patrice Chotard <patrice.chotard@st.com>
Cc: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
The DH DRC02 board has an on-board microSD slot,
add DT properties to enable the slot.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Patrice Chotard <patrice.chotard@st.com>
Cc: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
The STM32MP1 DHCOM SoM can be built with either bus voltage level shifter
or without one on the SDMMC1 interface. Because the SDMMC1 interface is
limited to 50 MHz and hence SD high-speed anyway, disable the SD feedback
clock to permit operation of the same U-Boot image on both SoM with and
without voltage level shifter.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Patrice Chotard <patrice.chotard@st.com>
Cc: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
The default state of SD bus and clock line is logical HI. SD card IO is
open-drain and pulls the bus lines LO. Always enable the SD bus pull ups
to guarantee this behavior on DHCOM SoM. Note that on SoMs with SD bus
voltage level shifter, the pull ups are built into the level shifter,
however that has no negative impact.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Patrice Chotard <patrice.chotard@st.com>
Cc: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Update Patrick and my email address with the one dedicated to
upstream activities.
Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@st.com>
Update Patrick and my email address with the one dedicated to
upstream activities.
Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@st.com>
Check whether user has explicitly defined device and partition where
environment file will be located before using 'auto' i.e. bootable
partition
Voids the need to set such partition as bootable to work with the
'dev:auto' tuple
Signed-off-by: Manuel Reis <mluis.reis@gmail.com>
Cc: Patrick Delaunay <patrick.delaunay@st.com>
Cc: Patrice Chotard <patrice.chotard@st.com>
Tested-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Fit images were loaded to a buffer provided by spl_get_load_buffer().
This may work when the FIT image is small and fits between the start
of DRAM and SYS_TEXT_BASE.
One problem with this approach is that the location of the buffer may
be manipulated by changing the 'size' field of the FIT. A maliciously
crafted FIT image could place the buffer over executable code and be
able to take control of SPL. This is unacceptable for secure boot of
signed FIT images.
Another problem is with larger FIT images, usually containing one or
more linux kernels. In such cases the buffer be be large enough so as
to start before DRAM (Figure I). Trying to load an image in this case
has undefined behavior.
For example, on stm32mp1, the MMC controller hits a RX overrun error,
and aborts loading.
_________________
| FIT Image |
| |
/===================\ /=====================\
|| DRAM || | DRAM |
|| || | |
||_________________|| SYS_TEXT_BASE | ___________________ |
| | || FIT Image ||
| | || ||
| _________________ | SYS_SPL_MALLOC_START || _________________ ||
|| malloc() data || ||| malloc() data |||
||_________________|| |||_________________|||
| | ||___________________||
| | | |
Figure I Figure II
One possibility that was analyzed was to remove the negative offset,
such that the buffer starts at SYS_TEXT_BASE. This is not a proper
solution because on a number of platforms, the malloc buffer() is
placed at a fixed address, usually after SYS_TEXT_BASE. A large
enough FIT image could cause the malloc()'d data to be overwritten
(Figure II) when loading.
/======================\
| DRAM |
| |
| | CONFIG_SYS_TEXT_BASE
| |
| |
| ____________________ | CONFIG_SYS_SPL_MALLOC_START
|| malloc() data ||
|| ||
|| __________________ ||
||| FIT Image |||
||| |||
||| |||
Figure III
The solution proposed here is to replace the ad-hoc heuristics of
spl_get_load_buffer() with malloc(). This provides two advantages:
* Bounds checking of the buffer region
* Guarantees the buffer does not conflict with other memory
The first problem is solved by constraining the buffer such that it
will not overlap currently executing code. This eliminates the chance
of a malicious FIT being able to replace the executing SPL code prior
to signature checking.
The second problem is solved in conjunction with increasing
CONFIG_SYS_SPL_MALLOC_SIZE. Since the SPL malloc() region is
carefully crafted on a per-platform basis, the chances of memory
conflicts are virtually eliminated.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
- Series to improve "bootm" by allowing variable evaluation within the
cmdline we would be passing. This will help with Chrome OS but can be
useful elsewhere.
- Improve ATF (TF-A) support within SPL.
- Espressobin: Simplify DT handling of board variants (Pali)
- Add Luka Perkov to maintainers of Puzzle-M801 (Luka)
- Armada 38x: Enable board specific USB2 high-speed impedance
threshold configuration (Joshua)
Use the full name of firmware self extracting file to make it run.
Also, don't use sudo when not needed.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Remove the parsing of atmel,main-osc-bypass DT property as the SAM9X60
have no support for crystal oscillator bypass. Setting this bit might
affect the device functionality.
Fixes: a64862284f ("clk: at91: sam9x60: add support compatible with CCF")
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Try to initialize emmc in board_late_init() and if it fails then we know
that emmc device is not connected.
This allows to use in U-Boot just one DTS file for all Espressobin variants
and also to correctly set fdtfile env variable for Linux kernel.
Signed-off-by: Pali Rohár <pali@kernel.org>
Tested-by: Gérald Kerma <gerald@gk2.net>
Reviewed-by: Andre Heider <a.heider@gmail.com>
To simplify setup, configuration and compilation of u-boot, define emmc
node for all Espressobin boards. Espressobin boards without populated emmc
works correctly, just detection and initialization of emmc obviously fails.
Code for emmc is extracted from commit f1a43c84a9 ("arm64: dts: a3720:
add support for espressobin with populated emmc").
Signed-off-by: Pali Rohár <pali@kernel.org>
Tested-by: Gérald Kerma <gerald@gk2.net>
Hardware testing of a board using the Armada 385 has shown that an
impedance threshold setting of 0x7 performs better in an eye-diagram
test than with Marvell's recommended value 0x6.
As other boards may still perform better with Marvell's reccomended value,
a configuration option is added with a default value of 0x6.
Signed-off-by: Joshua Scott <joshua.scott@alliedtelesis.co.nz>
Reviewed-by: Stefan Roese <sr@denx.de>
Add Luka Perkov to Puzzle-M801 BOARD MAINTAINERS.
Signed-off-by: Luka Kovacic <luka.kovacic@sartura.hr>
Cc: Luka Perkov <luka.perkov@sartura.hr>
Reviewed-by: Stefan Roese <sr@denx.de>
Add implementation of board_mem_get_layout for overriding the memory
layout.
Signed-off-by: Igor Opaniuk <igor.opaniuk@toradex.com>
Acked-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
Introduce weak function board_mem_get_layout() which allows overriding
the memory layout from board code in runtime, useful for handling
different SKU versions.
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@toradex.com>
Reviewed-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
