A specially crafted FIT image leads to memory corruption in the stack
when using the verified boot feature. The function fit_config_check_sig
has a logic error that makes it possible to write past the end of the
stack allocated array node_inc. This could potentially be used to bypass
the signature check when using verified boot.
This change ensures that the number of strings is correct when counted.
Signed-off-by: Konrad Beckmann <konrad.beckmann@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Convert the Watchdog driver for AT91SAM9x processors to support
the driver model and device tree. Changes "CONFIG_AT91SAM9_WATCHDOG"
to new "CONFIG_WDT_AT91" Kconfig option.
Signed-off-by: Prasanthi Chellakumar <prasanthi.chellakumar@microchip.com>
part_init() is currently called in every DM BLK driver, either
in its bind() or probe() method. However we can use the BLK
uclass driver's post_probe() method to do it automatically.
Update all DM BLK drivers to adopt this change.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
It was observed that current output of print_cpuinfo() on QEMU
x86 targets does not have an ending '\n', neither have a leading
'CPU:' any more. However it used to have these before.
It turns out commit c0434407b5 introduced a unified DM version
of print_cpuinfo() that exposed such issue on QEMU x86.
Fixes: c0434407b5 ("board_f: Use static print_cpuinfo if CONFIG_CPU is active")
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When the DM CPU drivers are active, printing information about a CPU
should be delegated to a matching driver.
Hence, add a static print_cpuinfo that implements this delegation when
DM CPU drivers are active.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Changed condition to CONFIG_IS_ENABLED(CPU):
Signed-off-by: Simon Glass <sjg@chromium.org>
common/common_fit.c is including <spl.h>, but not actually using it. The
inclusion will cuase compile error on platforms using CONFIG_OF_SEPARATE
and not SPL.
Signed-off-by: Lars Povlsen <lars.povlsen@microsemi.com>
Reviewed-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Tiny printf does not support %.*s and %lX. Since tiny printf should
be very common in SPL, replace these by %32s (for printing image
name) and %lx.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This reverts commit c0434407b5.
It turns out commit c0434407b5 broke some boards which have DM CPU
driver with CONFIG_DISPLAY_CPUINFO option on. These boards just fail
to boot when print_cpuinfo() is called during boot.
Fixes are already sent to ML and in u-boot-dm/next, however since
we are getting close to the v2018.11 release, it's safer we revert
the original commit.
This commit should be reverted after v2018.11 release.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Acked-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
In upcoming freescale board LX2160AQDS, the MDIO bus is muxed.
i.e. same MDIO bus can be routed to eight different slots depending
on mux register settings.
To support this mdio mux behavior, we add each MDIO bus mux as a
separate MDIO bus.
Now, various phy devices can be attached to each of these slots(mux).
The information about these devices is passed to OS via device tree.
To do the fdt fixups related to MDIO bus, its necessary that MDIO bus
list is accessed.Therefore, add a function to retrieve the list head.
Signed-off-by: Pankaj Bansal <pankaj.bansal@nxp.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
i.MX8/8X bootable image type is container type.
The bootable image, containers a container set which supports two
container. The 1st container is for SECO firmware, the 2nd container
needs to include scfw, m4_0/1 image, ACore images per your requirement.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
This patch partially reverts:
"spl: fit: Add support for loading FPGA bitstream"
(sha1: 26a642238b)
There shouldn't be a need to call private spl_load_fpga_image function
because the whole sequence should be already handled by fpga framework.
If there is missing loading bistream by chunks it should be done via
fpga framework instead of having private hooks.
Also spl_load_fpga_image() weak function is not used anywhere and
opening a way for not reviewed hacks out of mainline U-Boot is not the
right way to go.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Sandbox SPL/TPL support
Various dm-related improvements
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAlu9RL4RHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreYd8gf+NYAGhpiEZZ5vc3DB4Xdn2okgakbbg0QQ
/b0Lr9xQsKgZthK0rvPlH2dXxf+ViAm1iHTy8KBCFi0SHNder48Zui9uTrX0NRq8
pLZGyJPXPYbiyc4pQTEJpTth4iShcphRVio0no4sLpNQqO4aQrialSLa9fnwd9Ra
1l9mF91aaYw6cG+/ejg3UR1LfsDdQ5bjubt0Fw0wGX9UvQOAz5gz5+a17wrz6+Gx
L0gzvyfbuLUhbWB36DXikrL14DAFys2uV9aHJ5zEd53l+F7ZHWsupCO0OtN66cV7
KpPKoYG7vhLqBXKpyrW20T+BPeSyDKmDQE6wbpECmEDOvKzvW67O/w==
=Bfjm
-----END PGP SIGNATURE-----
Merge tag 'dm-9oct18' of git://git.denx.de/u-boot-dm
Test improvements to tidy up output and drop duplicate tests
Sandbox SPL/TPL support
Various dm-related improvements
Add board-specific hook which is executed before the code hands over
control to the OS. This lets the board perform some last-minute clean
ups.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
It is useful to be able to set the default log level from the command line
when running sandbox. Add a new -L command-line flag for this. The log
level is set using the enum log_level_t in log.h. At present a number must
be specified, e.g. -L7 for debug.
Signed-off-by: Simon Glass <sjg@chromium.org>
With CONFIG_OPTEE_TA_AVB use the trusted application AVB provided by
OP-TEE to manage rollback indexes and device-lock status.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
The patch:
"spl: Weed out CONFIG_SYS_TEXT_BASE usage"
(sha1: 04ce5427bd)
introduced bug where assigning to u_boot_pos variable wasn't done
which end up in situation where SPL wasn't able to find out
image on the selected address.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Instead of manually specifying CONFIG_SYS_EXTRA_ENV_RELOC
for every board that needs it, it shouldn't hurt to let
initr_reloc_global_data() always relocate gd->env_addr
unless we know this pointer is outside the initial binary.
To achieve this, the relocation is omitted if
CONFIG_ENV_ADDR is defined (and ENV_IS_EMBEDDED is not).
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
- fixes to rkimage for SPL boot via USB
- fixes to make_fit_atf.py, incl. entry-point calculation and python3
compatibility
- OP-TEE support for ARMv7-based SoCs
- fixes to RGMII/GMII selection on the RK3328
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJbt0FOAAoJECaAFcEOcohNZmcH/A1mKO0/R4tHCqFP2j0I+OuP
PClkA1HUZuD5phvPMaxdHQBwsq7sAa8AljK1oPCNkslP7mFxToUUBx7xc0vB89P/
D+XsI4uce89hIyTULR2FdhR22MOk41zaLVeNicpQ1keCNbzCwsHsHTA+B4XN/xNe
tdPpu6wN2D+g88DAv+/ebVYgjmxRvFD4qpL9bbZpOqqA8XCcD31ukCR2E4fsESgn
mzwKaKcX6SeYgTVCT8Q15SLTNI1WRUY1Y1laj1WKl4abY+HsTt4Whm9imM2l3K5W
ODj6vnFlwEC9rgdxmtXGcmBfwtyXubSfuZDrMGFAiOlyIUgpPXWZI7i8LYQbZ7s=
=NdBl
-----END PGP SIGNATURE-----
Merge tag 'rockchip-for-v2018.11-rc2' of git://git.denx.de/u-boot-rockchip
Rockchip-focused changes for v2018.11-rc2:
- fixes to rkimage for SPL boot via USB
- fixes to make_fit_atf.py, incl. entry-point calculation and python3
compatibility
- OP-TEE support for ARMv7-based SoCs
- fixes to RGMII/GMII selection on the RK3328
Signed-off-by: Tom Rini <trini@konsulko.com>
With implemented print_cpuinfo() and model property in .dts
we're ready to print nice info about ARC cores and boards on boot.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
OP-TEE is an open source trusted OS, in armv7, its loading and
running are like this:
loading:
- SPL load both OP-TEE and U-Boot
running:
- SPL run into OP-TEE in secure mode;
- OP-TEE run into U-Boot in non-secure mode;
To make code simple, it would be fine to use IH_OS_TEE for the
os tyle in TPL(just like IH_OS_LINUX is using both in SPL and U-Boot).
Here is the diagram for SPL loading OP-TEE,
IH_OS_TEE:(make u-boot.itb for SPL)
Non-Secure Secure
BootROM
|
v
SPL
|
v
--------- OP-TEE
|
v
U-Boot
|
V
Linux
For other two king of OP-TEE loading/booting, see commit message:
45b55712d4 image: Add IH_OS_TEE for TEE chain-load boot
More detail:
https://github.com/OP-TEE/optee_os
and search for 'boot arguments' for detail entry parameter in:
core/arch/arm/kernel/generic_entry_a32.S
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Cc: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
This is the PR for SPI-NAND changes along with few spi changes.
[trini: Re-sync changes for ls1012afrwy_qspi*_defconfig]
Signed-off-by: Tom Rini <trini@konsulko.com>
If we fail to find the MMC boot device, report the number of the one
we were looking for in the error to aid diagnosis.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
A lot of goodness in this release. We're *very* close to running the
UEFI Shell and SCT natively. The only missing piece are HII protocols.
- FAT write support (needed for SCT)
- improved FAT directory support (needed for SCT)
- RTC support with QEMU -M virt
- Sandbox support (run UEFI binaries in Linux - yay)
- Proper UTF-16 support
- EFI_UNICODE_COLLATION_PROTOCOL support (for UEFI Shell)
- EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL support (for UEFI Shell)
- Fix window size determination
- Fix Tegra by explicitly unmapping RAM
- Clean up handle entanglement
- Lots of generic code cleanup
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABAgAGBQJbq6+cAAoJECszeR4D/txgV1cP+wZPVsY/kRDwCZ8PODOIyLW/
YWWX0CHOUNIXcvWyrQQVflRKE7IbsoPNU+PxOze/toBZvNGZofCqd/P0sT0kk8UU
/aQ55+Hn8/N4etysKxhk2uszBuEXZsOdprNV3H7tO9vKsMHpImAdLvIyviYK0eCF
WnNsmDVFv/W4M5IWDJrS7KqwTuLPYE5Xli9BW/O2qi8NOvpfyb4EEqdL7OHyHAxe
8zpzyaRXJkPcgPkJ6z3WZ+BmAuXSl5DsLWqfsnZJQzkXatRhT8PneRk787e+xK3A
OEFarj5t/94T1KivxquM9iYi0NzwGWrrCfRzbQh5klV4Z/bRYHbGQ92j6iZyfnpj
0zvWrJCalDaUz310BKZDyzKYQnoDj5/iYaMJHtaG6zmkXCzM41kniGKxuy/3IpTB
ozeFtH2AOwlAFZRIzQiazkyU0bizis2Y/K4xzOQczvVajdLW0DsLXL/hyqaFaGO2
3oVK350FXMHKa1UhpsG05aoQvyYq8N4YVEfOSdBKah8qhhMG8zZ2IaX5oheZJjr4
yPV8iaSj8trX3mI9clsnX9YT7qJdcS188JYSii+8SVpVH4VpgwvUSHfDqznn7JNz
COue6rFo9sg55Le9OsoxUgaQ5GO4oz+5iGmfyBmOtQ3n83JxmP4CJK84Ykw2i9fi
sxJR6aNtktsLhfYhlDO/
=ZuJG
-----END PGP SIGNATURE-----
Merge tag 'signed-efi-next' of git://github.com/agraf/u-boot
Patch queue for efi - 2018-09-26
A lot of goodness in this release. We're *very* close to running the
UEFI Shell and SCT natively. The only missing piece are HII protocols.
- FAT write support (needed for SCT)
- improved FAT directory support (needed for SCT)
- RTC support with QEMU -M virt
- Sandbox support (run UEFI binaries in Linux - yay)
- Proper UTF-16 support
- EFI_UNICODE_COLLATION_PROTOCOL support (for UEFI Shell)
- EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL support (for UEFI Shell)
- Fix window size determination
- Fix Tegra by explicitly unmapping RAM
- Clean up handle entanglement
- Lots of generic code cleanup
[trini: Fixup merge conflict in include/configs/qemu-arm.h]
Signed-off-by: Tom Rini <trini@konsulko.com>
When running sandbox with the new pointer sanitization we just recently
introduced, we're running into a case with FIT images where we end up
interpreting pointers as addresses.
What happened is that most callers of set_working_fdt_addr() simply
convert pointers into addresses without taking into account that they
might be 2 separate address spaces. Fix the callers up to map their
pointers into addresses.
This makes sandbox tests pass for me again.
Signed-off-by: Alexander Graf <agraf@suse.de>
There is no reason to limit gzip usage only for OS_BOOT and kernel image
type.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Tested-by: York Sun <york.sun@nxp.com>
The SPL loaders assume that the CONFIG_SYS_TEXT_BASE memory location
is available and can be corrupted by loading ie. uImage or fitImage
headers there. Sometimes it could be beneficial to load the headers
elsewhere, ie. if CONFIG_SYS_TEXT_BASE is not yet writable while we
still want to parse the image headers in some local onchip memory to
ie. extract firmware from that image.
Add the possibility to override the location where the headers get
loaded by introducing new function, spl_get_load_buffer() which takes
two arguments -- offset from the CONFIG_SYS_TEXT_BASE and size of the
data that are to be loaded there -- and returns a valid buffer address
or hangs the system. The default behavior is the same as before, add
the offset to CONFIG_SYS_TEXT_BASE and return that address. User can
override the weak spl_get_load_buffer() function though.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
NAND flavors, like serial and parallel, have a lot in common and would
benefit to share code. Let's move raw (parallel) NAND specific code in a
raw/ subdirectory, to ease the addition of a core file in nand/ and the
introduction of a spi/ subdirectory specific to SPI NANDs.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
When the DM CPU drivers are active, printing information about a CPU
should be delegated to a matching driver.
Hence, add a static print_cpuinfo that implements this delegation when
DM CPU drivers are active.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Changed condition to CONFIG_IS_ENABLED(CPU):
Signed-off-by: Simon Glass <sjg@chromium.org>
To print the reset status during boot, add a method print_resetinfo to
board_f, which is called in init_sequence_f[], that gets the reset
information from the sysreset driver (assuming there is only one seems
reasonable), and prints it.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
In int-ll64.h, we always use the following typedefs:
typedef unsigned int u32;
typedef unsigned long uintptr_t;
typedef unsigned long long u64;
This does not need to match to the compiler's <inttypes.h>.
Do not include it.
The use of PRI* makes the code super-ugly. You can simply use
"l" for printing uintptr_t, "ll" for u64, and no modifier for u32.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Unify the fgetc function when MUX is activated or not:
- always call tstc() : it is the normal behavior expected
by serial uclass (call tstc then getc) and that avoids
issue when SERIAL_RX_BUFFER is activated
- reload WATCHDOG in the char waiting loop
This patch allow to have the same behavior when CONSOLE_MUX is activated
or not and avoid regression when this feature is deactivated.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
malloc_simple() can return 0 if out of memory. Don't call memset
from calloc() in this case but rely on the caller checking
the return value.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reviewed-by: Marek Vasut <marex@denx.de>
Compiling U-Boot with ubsan/asan libraries and running it in sandbox
may lead to below backtrace:
=> avb init 0
=> avb verify
## Android Verified Boot 2.0 version 1.1.0
read_is_device_unlocked not supported yet
common/avb_verify.c:407:31: runtime error: division by zero
AddressSanitizer:DEADLYSIGNAL
Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org>
=================================================================
==9388==ERROR: AddressSanitizer: FPE on unknown address 0x0000004b467f \
(pc 0x0000004b467f bp 0x000000000000 sp 0x7ffd899fe150 T0)
#0 0x4b467e in mmc_byte_io common/avb_verify.c:407
#1 0x4b4c47 in mmc_byte_io common/avb_verify.c:532
#2 0x4b4c47 in read_from_partition common/avb_verify.c:533
#3 0x69dc0d in load_and_verify_vbmeta lib/libavb/avb_slot_verify.c:560
#4 0x6a1ee6 in avb_slot_verify lib/libavb/avb_slot_verify.c:1139
#5 0x45dabd in do_avb_verify_part cmd/avb.c:245
#6 0x4af77c in cmd_call common/command.c:499
#7 0x4af77c in cmd_process common/command.c:538
#8 0x46bafc in run_pipe_real common/cli_hush.c:1677
#9 0x46bafc in run_list_real common/cli_hush.c:1875
#10 0x46c780 in run_list common/cli_hush.c:2024
#11 0x46c780 in parse_stream_outer common/cli_hush.c:3216
#12 0x46d34b in parse_file_outer common/cli_hush.c:3299
#13 0x4ad609 in cli_loop common/cli.c:217
#14 0x4625ae in main_loop common/main.c:65
#15 0x46f2d1 in run_main_loop common/board_r.c:648
#16 0x640253 in initcall_run_list lib/initcall.c:30
#17 0x46f9d0 in board_init_r common/board_r.c:879
#18 0x40539b in main arch/sandbox/cpu/start.c:321
#19 0x7fa94925f82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#20 0x408908 in _start (/srv/R/u-boot-master/u-boot+0x408908)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE common/avb_verify.c:407 in mmc_byte_io
==9388==ABORTING
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Cppcheck (v1.85) reports w/o this patch:
[common/avb_verify.c:738] -> [common/avb_verify.c:741]: (warning) \
Either the condition 'ops' is redundant or there is possible null \
pointer dereference: ops.
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org>