Firmwares before U-Boot may be capable of doing tpm measurements
and passing them to U-Boot in the form of eventlog. However there
may be scenarios where the firmwares don't have TPM driver and
are not capable of extending the measurements in the PCRs.
Based on TCG spec, if previous firnware has extended PCR's, PCR0
would not be 0. So, read the PCR0 to determine if the PCR's need
to be extended as eventlog is parsed or not.
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The current tpm2_pcr_read is hardcoded using SHA256. Make the
actual command to TPM configurable to use wider range of algorithms.
The current command line is kept as is i.e limited to SHA-256 only.
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Platforms may have support to measure their initial firmware components
and pass the event log to u-boot. The event log address can be passed
in property tpm_event_log_addr and tpm_event_log_size of the tpm node.
Platforms may choose their own specific mechanism to do so. A weak
function is added to check if even log has been passed to u-boot
from earlier firmware components. If available, the eventlog is parsed
to check for its correctness and further event logs are appended to the
passed log.
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
With TPM emulation enabled in u-boot-test-hooks we should also provide the
tpm2 command used for the test/py/tests/test_tpm2.py test.
One of the Python TPMv2 tests expects sandbox specific values. So disable
it on other platforms.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
* add description how to add RNG device
* for a disk specify format=raw to avoid a warning
* fix a typo
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Sometimes UART stops transmitting characters after UART clock is changed
back to XTAL. In this state UART fifo is always full. Kernel during early
boot wants to print output on UART and is waiting for non-empty UART fifo.
Which leads to CPU hangup without any (debug) output on UART.
Marvell Armada 3700 Functional Specifications says that for programming
fractional divisor registers it is required to disable UART, enable
loopback mode, reset fifos, program registers, disable loopback mode,
release reset of fifos and enable UART.
But these steps do not fix above mentioned issue that UART hangup. Also
gating UART clock does not help. And even resetting UART state machines do
not help.
Experiments showed that UART fifo is unblocked after board is being reset
(during board reset UART HW transmit UART fifo even CPU is not executing
kernel/bootloader anymore).
And another experiments showed that same workaround can be achieved also
by external reset of UART HW (without need to reset board).
So do not implement any of "Marvell recommended" steps from Functional
Specifications as they do not work. And rather prior changing parent clock
back to XTAL, do external reset of UART HW. This operation also resets all
UART registers, so basically it also sets UART clock to default, which is
XTAL. It is unknown why UART hangups and enters such broken state.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Commit aeb0ca64db ("arm: mvebu: turris_omnia: disable MCU watchdog in
SPL when booting over UART") disabled MCU watchdog when booting over
UART to ensure that watchdog does not reboot the board before UART
transfer finishes.
But if UART transfer fails for some reason, or if U-Boot binary crashes,
then board hangs forever as there is no watchdog running which could
reset it.
To fix this issue, enable A385 watchdog with very high timeout before
disabling MCU watchdog to ensure that even slow transfer can finish
successfully before watchdog timer expires and also to ensure that if
board hangs for some reason, watchdog will reset it.
Omnia's MCU watchdog has fixed 120 seconds timer and it cannot be
changed (without updating MCU firmware). A385 watchdog by default uses
25 MHz input clock and so the largest timeout value (2^32-1) can be
just 171 seconds. But A385 watchdog can be switched to use NBCLK (L2) as
input clock (on Turris Omnia it is 800 MHz clock) and in this case final
watchdog clock frequency is calculated as:
freq = NBCLK / 2 / (2 ^ R)
So A385 watchdog on Turris Omnia can be configured to at most 1374
seconds (about 22 minutes). We set it to 10 minutes, which should be
enough even for bigger U-Boot binaries or slower UART transfers.
Both U-Boot and Linux kernel, when initializing A385 watchdog, switch
watchdog timer to 25 MHz input clock, so usage of NBCLK input clock in
U-Boot SPL does not cause any issues.
Fixes: aeb0ca64db ("arm: mvebu: turris_omnia: disable MCU watchdog in SPL when booting over UART")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
The common emulation Makefile has a dependency on a non-existent
qemu_capsule.o when building with support for capsule update enabled
(CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y).
The code which was in qemu_capsule.c has been completely moved to
lib/efi_loader/efi_capsule.c by commit 7a6fb28c8e ("efi_loader: capsule:
add back efi_get_public_key_data()").
Remove the false dependency.
This fixes the following build error:
make[1]: *** No rule to make target 'board/emulation/common/qemu_capsule.o', needed by 'board/emulation/common/built-in.o'. Stop.
Fixes: commit 47a25e81d3 ("Revert "efi_capsule: Move signature from DTB to .rodata"")
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Simon Glass <sjg@chromium.org>
Add an entry in maintainers for fastboot. It is starting off orphaned, but
hopefully someone can pick it up.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Lukasz has not been very responsive in reviewing clock patches. Add
myself as a maintainer.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Acked-by: Lukasz Majewski <lukma@denx.de>
Various driver model enhancements
Fix up some missing unit tests with pytest
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAmGkFroRHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIrea7QQgAjSlchhsXmUoBjl8rmpBJryTzeipdp/bw
FOc5xOu4y9PJCXrO5EMk0qAngUpmzZWdMV67iYnDT8b4CJeuFili9tbuvkVNGeXs
xpx0VVAb443XdY4QLFHl0w/WrUp6yPTTaT8GI3jpUoHXiWelu8rn8azTjZFZhgtz
O/7ZfKJy2bWKICAoi9KP17IRnK9IqORgIh1ADJPkmaBCBeOE0TqVpUlSdVwSkJHR
MtthfqQ57O6r+zZjw9wG/V6TRYjvQRcXDrOMk7myYaK4Hc8s9WHjdgDDmxvNX29J
Ziix00Lv8EA3sT+bwE88XQYh6NYWcsAJbi676juO4FF871+qJsiTOg==
=dyds
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-28nov21' of https://source.denx.de/u-boot/custodians/u-boot-dm into next
SPI flash documentation and tidy-ups
Various driver model enhancements
Fix up some missing unit tests with pytest
At present an Exception is raised if a command fails. This is a very broad
class and makes it difficult for callers to catch the error without also
catching other things, like programming bugs.
Change it to ValueError to make this easier.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present the collection function used by pytest is quite strict on the
naming of the functions it detects. In particular it requires the name of
the test to be repeated in the function name.
This is not enforced anywhere else, but instead the tests are silently
omitted from the pytest run. This affects a few dozen tests.
The rule does not seem to have any particular purpose. Relax it, so that
all tests that use the UNIT_TEST() macro will run, regardless of the name
of the test function.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present the hexdump tests are disabled in sandbox_flattree. This is
good, because they do not pass. Enable the required Kconfig so that they
will, when enabled.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a function that returns the number of devices in a uclass. This can be
helpful in sizing an array that needs to hold a list of them.
Signed-off-by: Simon Glass <sjg@chromium.org>
In some cases it is useful to search just by a partial name, such as
when looking for a sibling device that has a common name substring. Add
helper functions to handle these requirements.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present we support reading a string list a string at a time. Apart
from being inefficient, this makes it impossible to separate reading of
the devicetree into the of_to_plat() method where it belongs, since any
code which needs access to the string must read it from the devicetree.
Add a function which returns the string property as an array of pointers
to the strings, which is easily used by clients.
Signed-off-by: Simon Glass <sjg@chromium.org>
The details for of_property_read_string_helper() and
ofnode_read_string_index() are a little inaccurate. Fix up the comments to
avoid confusion.
Signed-off-by: Simon Glass <sjg@chromium.org>
This method is currently called after the platform data has been freed.
But the pre_unbind() method may wish to access this, e.g. to free some
data structures stored there.
Split the unbinding of devices into two pieces, as is done with removal.
This corrects the problem.
Also tidy a code-style issue in device_remove() while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
These functions currently lack tests so add some. The error handling
differs betwee livetree and flattree at present, so only check the error
codes with livetree.
Signed-off-by: Simon Glass <sjg@chromium.org>
Before relocation there is generally not as much available memory and not
that much console output. At present the console-output buffer is the same
side before and after relocation. Add a separate Kconfig option to remove
this limitation.
Signed-off-by: Simon Glass <sjg@chromium.org>
When ext is NULL we cannot dereference it. Update the code flow to avoid
this, so that layout_mbr_partitions() can be used with partition tables
that do not include an extended partition.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present this command considers the partitions to be identical if the
start and size are smaller than expected. It should check that they are
the same. Fix this and tidy up the code style a little.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
At present the MMC uclass assumes that the only child it can have is a
block device. Update this so we can add a bootmethod too.
Signed-off-by: Simon Glass <sjg@chromium.org>
Provide a way for sandbox MMC to present data from a backing file. This
allows a filesystem to be created on the host and easily served via an
emulated mmc device.
Signed-off-by: Simon Glass <sjg@chromium.org>
When running a program on the host, allow input to be passed in as stdin.
This is needed for running sfdisk, for example.
Signed-off-by: Simon Glass <sjg@chromium.org>
Otherwise the updated image will end up in the temporary folder that is
purged after completion.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This command is fairly complicated so documentation is useful.
Unfortunately I an not sure how the MTD side of things works and cannot
find information about that.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Pratyush Yadav <p.yadav@ti.com>
Reviewed-by: Jagan Teki <jagan@amarulasolutions.com>
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Update this code to use IS_ENABLED() instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Pratyush Yadav <p.yadav@ti.com>
Reviewed-by: Jagan Teki <jagan@amarulasolutions.com>
This is not updated at runtime so should be marked const. Update the code
accordingly.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jagan Teki <jagan@amarulasolutions.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This text should never change during execution, so it makes sense to
use a const char * so that it can be declared as const in the code.
Update struct cmd_tbl with a const char * pointer for 'help'.
We cannot make usage const because of the bmode command, used on mx53ppd
for example.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jagan Teki <jagan@amarulasolutions.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
GNU has a very useful third argument to match() but this is not supported
in the POSIX awk.
Update the code to cope, so that the script is POSIX-compliant.
Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Mark Kettenis <mark.kettenis@xs4all.nl>
Test:
* fix pylint warnings
UEFI:
* disable interrupts before removing devices in ExitBootServices()
* implement poweroff in efi_system_reset() on sandbox
* allow booting via EFI even if some block device fails
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmGhUDgACgkQxIHbvCwF
GsTQRQ//TM2VwpjMWYBB6K91hVEHVJ4wYpNb5/ZqP0+NwYJbNo/3zF4qwFeSTN6O
tbarpoiM6GNlSIC4Eo/+17JdUJd7NkfsGnhaV+SxG5Q+etaU0OabC8hbyPqw+nmg
fbaL43xGygSj5t2RWqyBQYsnsYimgwkAz7pbCBnvrpIsGKImVqp36ft5KWo1ICTE
JD8yRb9IMpPKfY5aK0q3c8X/Qbf6oPI1u6xGVcwyc+vQb4RjRMX46sGMJswcLnF0
jGcxIB66/MeKeKN8bTtUoRZ9F4itF3k+FA0rnnwzQl+xre2Tu0fTnaEYHzKayu5J
ilaPIcqXPvjfcN00V34kKzXWeMWm8saQA8Ecqowlrw2qQbahYrxX96n0RXzuNyy/
LxpQtEyrGu/lQfPg9YOABKCRhZZPT3C8EE+0lUqGg1+5Ap0QPTXiNKJ7vx76cCny
E7zYBQRmbhvmlrfFVACYS7zbUaxTbSMGmDKhhBU4tGFAzkb+bGkErRzjUbvt3TaR
eQZoOAU6+kuEl9haSlKxo8IwnljfjpIqbgLgBdJ+BLQH/W67rFh631CNfM8x10qG
7qbzLHLjIXwL2z86tfgmUvMGoLisOPDr53QbhLFv02ywFn4UgjGxcyoRFqlxIi0g
9+A9nvbpQ4ZnI3HRHjYJ+uFbt9A8am3HwK7CBMR7EN666at7hz8=
=X5Tv
-----END PGP SIGNATURE-----
Merge tag 'efi-2022-01-rc3-2' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2022-01-rc3-2
Test:
* fix pylint warnings
UEFI:
* disable interrupts before removing devices in ExitBootServices()
* implement poweroff in efi_system_reset() on sandbox
* allow booting via EFI even if some block device fails
* there is no os.path.unlink() method
* don't inherit from object
* add module docstring
* move imports to the top
* avoid unused variable
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
* don't inherit from object
* imports should be on the top level
* avoid unused variable names
* avoid unnecessary else after raise
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
UEFI code is always little-endian. Remove a superfluous test.
Remove a superfluous type conversion.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
If we call efi_clear_os_indications() before initializing the memory store
for UEFI variables a NULL pointer dereference occurs.
The error was observed on the sandbox with:
usb start
host bind 0 sandbox.img
load host 0:1 $kernel_addr_r helloworld.efi
bootefi $kernel_addr_r
Here efi_resister_disk() failed due to an error in the BTRFS implementation.
Move the logic to clear EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED
to the rest of the capsule code.
If CONFIG_EFI_IGNORE_OSINDICATIONS=y, we should still clear the flag.
If OsIndications does not exist, we should not create it as it is owned by
the operating system.
Fixes: 149108a3eb ("efi_loader: clear OsIndications")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_system_reset() should exit if called with EFI_RESET_SHUTDOWN.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Our algorithm for creating USB device paths may lead to duplicate device
paths which result in efi_disk_register() failing. Instead we should just
skip devices that cannot be registered as EFI block devices.
Fix a memory leak in efi_disk_add_dev() caused by the duplicate device
path.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
If we look at the path that bootm/booti take when preparing to boot the
OS, we see that as part of (or prior to calling do_bootm_states,
explicitly) the process, bootm_disable_interrupts() is called prior to
announce_and_cleanup() which is where udc_disconnect() /
board_quiesce_devices() / dm_remove_devices_flags() are called from. In
the EFI path, these are called afterwards. In efi_exit_boot_services()
however we have been calling bootm_disable_interrupts() after the above
functions, as part of ensuring that we disable interrupts as required
by the spec. However, bootm_disable_interrupts() is also where we go
and call usb_stop(). While this has been fine before, on the TI J721E
platform this leads us to an exception. This exception seems likely to
be the case that we're trying to stop devices that we have already
disabled clocks for. The most direct way to handle this particular
problem is to make EFI behave like the do_bootm_states() process and
ensure we call bootm_disable_interrupts() prior to ending up in
usb_stop().
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Simon Glass <sjg@chromium.org>
Suggested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>