Add a subcommand preload to bootm that execute the preload
stage on the image. Right now, it checks the signature
of the image with the pre-load header. If the check
succeed, the u-boot env variable 'loadaddr_verified'
is set to the address of the image (without the header).
It allows to run such commands:
tftp script.img && bootm preload $loadaddr && source $loadaddr_verified
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Enable the support of stage pre-load in bootm.
For the moment, this stage allow to verify the
signature of the full image with a header.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Adds the support of the pre-load header with the image signature
to binman.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Set the variable pre-load-key-path with the shell variable
PRE_LOAD_KEY_PATH that contain the keys path (used for signature).
This variable pre-load-key-path is provided to binman.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
This commit enhances mkimage to update the node
/image/pre-load/sig with the public key.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Add the support of image pre load in spl or tpl
when loading an image from ram.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Add a stage pre-load to the command bootm.
Right now, this stage may be used to read a
header and check the signature of the full
image.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Add a stage pre-load that could
check or modify an image.
For the moment, only a header with a signature is
supported. This header has the following format:
- magic : 4 bytes
- version : 4 bytes
- header size : 4 bytes
- image size : 4 bytes
- offset image signature : 4 bytes
- flags : 4 bytes
- reserved0 : 4 bytes
- reserved1 : 4 bytes
- sha256 of the image signature : 32 bytes
- signature of the first 64 bytes : n bytes
- image signature : n bytes
- padding : up to header size
The stage uses a node /image/pre-load/sig to
get some informations:
- algo-name (mandatory) : name of the algo used to sign
- padding-name : name of padding used to sign
- signature-size : size of the signature (in the header)
- mandatory : set to yes if this sig is mandatory
- public-key (madatory) : value of the public key
Before running the image, the stage pre-load checks
the signature provided in the header.
This is an initial support, later we could add the
support of:
- ciphering
- uncompressing
- ...
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
This commit adds the option SPL_RSA_VERIFY_WITH_PKEY.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
This commit adds the options:
- SPL_ASYMMETRIC_KEY_TYPE
- SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
- SPL_RSA_PUBLIC_KEY_PARSER
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
This commit adds the options:
- SPL_ASN1_DECODER
- SPL_OID_REGISTRY
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Enhance the help for the config OID_REGISTRY.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Enhance the help for configs ASN1_COMPILER
and ASN1_decoder.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
To be able to use the tool binman on sandbox,
the config SANDBOX should imply BINMAN.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
This is mostly cleanups/consolidations. clk_free is made to return void, and the
CCF wrappers present in almost every CCF clock are consolidated. I would
particularly like to have the latter upstream, since there are at least two
series adding support for new CCF drivers (imx8mq and imxrt1170) which can
benefit from these commits.
I had to fix up the last commit since I missed an include for at91.
CI: https://source.denx.de/u-boot/custodians/u-boot-clk/-/pipelines/11521
-----BEGIN PGP SIGNATURE-----
iQGTBAABCgB9FiEEkGEdW86NSNID6GAoPuiP7LShEG4FAmJErVFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDkw
NjExRDVCQ0U4RDQ4RDIwM0U4NjAyODNFRTg4RkVDQjRBMTEwNkUACgkQPuiP7LSh
EG6J7Af+K3FTOmxuocqNBaT6IPEIYkgTnxdih8b6taYhhrTkq2YPRjKhK64Seldf
gID8/+3Ya46/xprp9dRl1NcCFl5ou7htAF0FwLSGms8pxCJkARMY0VxxCBfnJt18
zFjjTNxxPVBVrCEAiRc3ncL69XF49Xp276ERcAGA8DqOXie9wTViasQ3emQS5k4Q
+AiRSuJs1dOZYv9K4yc70DpZdPzwKdCt7ykzCoVvHp+W7TeJ5zpzcCrVbTduVwVd
0IOpF0iF0EGJcFCE+S0YS6lPrw7fEpwgmeZsYIW7U8X9Avo83X+ZXlr0K6dzyJTa
Bo2jfJgohAAclz9/bbMEqP2zgcnxIw==
=qrkR
-----END PGP SIGNATURE-----
Merge tag 'clk-2022.04-next' of https://source.denx.de/u-boot/custodians/u-boot-clk into next
Clock patches for u-boot/next
This is mostly cleanups/consolidations. clk_free is made to return void, and the
CCF wrappers present in almost every CCF clock are consolidated. I would
particularly like to have the latter upstream, since there are at least two
series adding support for new CCF drivers (imx8mq and imxrt1170) which can
benefit from these commits.
I had to fix up the last commit since I missed an include for at91.
CI: https://source.denx.de/u-boot/custodians/u-boot-clk/-/pipelines/11521
This converts most CCF drivers to use generic ops. imx6q is the only
outlier, where we retain the existing functionality by moving the check to
request().
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Link: https://lore.kernel.org/r/20220320203446.740178-2-seanga2@gmail.com
[ fixed missing include for at91 ]
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Most CCF drivers follow a common pattern where their clock ops defer the
actual operation to the backing CCF clock. Add some generic implementations
of these functions to reduce duplication of code.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Link: https://lore.kernel.org/r/20220320203446.740178-1-seanga2@gmail.com
These functions are exactly the same as their "nodev" varients, except they
accept a device and not an ofnode. Rewrite them to just call the other
function.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Link: https://lore.kernel.org/r/20220227190113.1617498-1-seanga2@gmail.com
Most callers of this function do not check the return value, and it is
unclear what action they should take if it fails. If a function is freeing
multiple clocks, it should not stop just because the first one failed.
Since the callbacks can no longer fail, just convert the return type to
void.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Link: https://lore.kernel.org/r/20220115222504.617013-8-seanga2@gmail.com
When freeing a clock there is not much we can do if there is an error, and
most callers do not actually check the return value. Even e.g. checking to
make sure that clk->id is valid should have been done in request() in the
first place (unless someone is messing with the driver behind our back).
Just return void and don't bother returning an error.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Link: https://lore.kernel.org/r/20220115222504.617013-2-seanga2@gmail.com
- drop CONFIG_LCD_BMP_RLE8
-----BEGIN PGP SIGNATURE-----
iGwEABECACwWIQSC4hxrSoIUVfFO0kRM6ATMmsalXAUCYkIbkA4cYWd1c3RAZGVu
eC5kZQAKCRBM6ATMmsalXLsUAJ4h+IKiLpKRnHwxUM5pK6r//iQZrQCdHGnGyfgc
dRrcf5JxtsCpf3eVpps=
=wGzm
-----END PGP SIGNATURE-----
Merge tag 'next-20220328' of https://source.denx.de/u-boot/custodians/u-boot-video into next
- drop old CFB code
- drop CONFIG_LCD_BMP_RLE8
This is not defined by any board. Even sandbox doesn't actually use
it since it has migrated to DM_VIDEO.
Drop this option. Remove the dead code also, for completeness, even
though the whole lcd.c file will be dropped soon.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Anatolij Gustschin <agust@denx.de>
This converts the following to Kconfig:
CONFIG_VIDEO_BCM2835
This is the final ad-hoc CONFIG_VIDEO_... to convert.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Matthias Brugger <mbrugger@suse.com>
This does not use driver model and is more than two years past the
migration date. Drop it.
It can be added back later if needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
This does not use driver model and is more than two years past the
migration date. Drop it.
It can be added back later if needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
Drop the Kconfigs which are not used and all references to them. In
particular, this drops CONFIG_VIDEO to avoid confusion and allow us to
eventually rename CONFIG_DM_VIDEO to CONFIG_VIDEO.
Also drop the prototype for video_get_info_str() which is no-longer used.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Jason Liu <jason.hui.liu@nxp.com>
Unfortunately this driver uses the old video structure to store things.
This is not supported with driver model.
Drop the old code and comment out the other pieces, so the maintainer can
take a look.
Signed-off-by: Simon Glass <sjg@chromium.org>
The non-driver model video support was removed two years ago. Drop this
driver, which is only used by nokia_rx51.
Signed-off-by: Simon Glass <sjg@chromium.org>
Previous u-boot code changed the default bch setting behavior and caused
backward compatible issue. This fix choose the legacy bch geometry back
again as the default option. If the minimum ecc strength that NAND chips
required need to be chosen, it can be enabled by either adding DT flag
"fsl,use-minimum-ecc" or CONFIG_NAND_MXS_USE_MINIMUM_ECC in configs. The
unused flag "fsl,legacy-bch-geometry" get removed.
Fixes: 51cdf83eea (mtd: gpmi: provide the option to use legacy bch geometry)
Fixes: 616f03daba (mtd: gpmi: change the BCH layout setting for large oob NAND)
Tested-by: Tim Harvey <tharvey@gateworks.com>
Tested-by: Sean Nyekjaer <sean@geanix.com>
Signed-off-by: Han Xu <han.xu@nxp.com>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
The code was mistakenly initializing the input buffer twice.
Tested to be working on BeagleBone by adjusting CONFIG_SYS_BOOTM_LEN to
64MiB (probably works with less) and preparing uImage with:
cat arch/arm/boot/Image \
| zstd --ultra -22 --zstd=windowLog=22 \
> linux.bin.zst
mkimage -A arm -T kernel uImage -C zstd -d linux.bin.zst \
-a 0x80008000 -e 0x80008000
Without the windowLog restriction, bootm fails with a zstd decompression
error 7 (window too large), which I haven't troubleshooted.
There should be a bit more documentation on the feature...
Reviewed-by: Simon Glass <sjg@chromium.org>
Fixes: 458b30af66 image: Update image_decomp() to avoid ifdefs
make sandbox_defconfig
make mrproper
make tests
fails with
../drivers/video/u_boot_logo.S: Assembler messages:
../drivers/video/u_boot_logo.S:5: Error: file not found: drivers/video/u_boot_logo.bmp
We have to delete the generated file.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The current approach for setting the environment variables that
describe the memory layout runs the risk of overlapping with
reserved memory regions. Use the lmb code to derive the addresses
for these variables instead.
Signed-off-by: Mark Kettenis <kettenis@openbsd.org>
Reviewed-by: Simon Glass <sjg@chromium.org>