Commit graph

82752 commits

Author SHA1 Message Date
Tom Rini
541e68d0ee docs: Add a basic security document
Based loosely on the Linux kernel
Documentation/admin-guide/security-bugs.rst file, create a basic
security document for U-Boot.  In sum, security issues should be
disclosed in public on the mailing list if at all possible as an initial
position.

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-11-06 10:50:04 +01:00
Heinrich Schuchardt
f67cc2f056 doc: update sbi command example
The output of the sbi command has been changed since the last release of
the man-page. Update the example.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-11-06 10:50:04 +01:00
Tom Rini
898bd53e6a Merge https://source.denx.de/u-boot/custodians/u-boot-usb
- 3 important fixes
2022-11-04 11:19:58 -04:00
Janne Grunau
04448899de usb: storage: continue probe on "Invalid device"
Fixes a crash during probing of sd card readers without medium present.
Seen with the device below but reported for many other devices.

  idVendor           0x0bda Realtek Semiconductor Corp.
  idProduct          0x0326 Card reader
  bcdDevice           11.24
  iManufacturer           1 Realtek
  iProduct                2 USB3.0 Card Reader
  iSerial                 3 201404081410

Link: https://github.com/AsahiLinux/linux/issues/44
Link: https://lists.denx.de/pipermail/u-boot/2022-July/489717.html

Signed-off-by: Janne Grunau <j@jannau.net>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2022-11-04 12:22:45 +01:00
Tom Rini
45fc699cc5 - MIPS: convert CONFIG_SYS_MIPS_TIMER_FREQ to Kconfig
- MIPS: mtmips: fix incorrectly converted default value for CONFIG_SPL_PAD_TO
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEiQkHUH+J02LLC9InKPlOlyTyXBgFAmNjs4AACgkQKPlOlyTy
 XBg92w/9HWXb1g8z/hmAsieD20hMQTnfIo8m9XH6/0UIeqg7jlKkGtSML4WBbovA
 rgv0Ngzrt2nnhLfY1H5ZeWQ0CcEW04IY7ZdkJaFizbp9cq9KRGbxgFCiXFslNl7e
 3TxnjvHfdA5Bn+TiF9kN3NIqDKBPokU5xIcoxKi7oWxbtP9ZcwwuOc2EJTczxT58
 9raMhXiTrFSp0fVY4vg3XfxW47+aJ7LH1VCJ6iZGnhNfVy2LIGtjGFh1a9zY66mP
 IUWwGqlE1hzw3ywWDuCDfyKPz33wZze/FtNh0nnHOxCBzVbCvN6YKwO9pZp9ZjQq
 SkR0iamC5mEhUgI2aQtZ8ChspFaFwAx256nRB9Jc4W33qCJERm+s8o6mQH3QdyDC
 fqU8sYoiZWCOG/UtD0P489NtE9rc31FcmBIAt1EJfE399tXXoRhElP7kYFBWiA12
 1g7zcZvXOJHUfgAKFsuaqAkZ5Yhenj6WRj6Dplx8F+3jUgHZUxh6rwvC+ovYfnkT
 eNvRJWFlcdLyHGRGrCppF6i2HmVZmDRmaPrOZhazE303F/w72iEYnr2Un8fy/6EP
 BaCzQpHs1zct7ocq9I3aUxcAtrKI8VIdXpdpsmy0lhB2K2nsSslaAFGSDQE6FTCd
 IH1w9towmtoLemPxyV9pQ0l4TWUBy7t5gJ7G/TPKY0/KH7tY5Nw=
 =4Sbm
 -----END PGP SIGNATURE-----

Merge tag 'mips-pull-2022-11-03' of https://source.denx.de/u-boot/custodians/u-boot-mips

- MIPS: convert CONFIG_SYS_MIPS_TIMER_FREQ to Kconfig
- MIPS: mtmips: fix incorrectly converted default value for CONFIG_SPL_PAD_TO
2022-11-03 20:23:27 -04:00
Marek Vasut
3406e9d8af usb: Add 1ms delay after first Get Descriptor request
Logitech Unifying Receiver 046d:c52b bcdDevice 12.10 seems
sensitive about the first Get Descriptor request. If there
are any other requests in the same microframe, the device
reports bogus data, first of the descriptor parts is not
sent to the host. Wait over one microframe duration before
issuing subsequent requests to avoid probe failure with
this device, since it can be used to connect USB keyboards.

Signed-off-by: Marek Vasut <marex@denx.de>
Tested-by: Janne Grunau <j@jannau.net>
2022-11-03 23:36:48 +01:00
Samuel Holland
f4917b4933 usb: ohci: Use a flexible array member for portstatus
The struct is only used to overlay the MMIO region, so the behavior is
the same. This obsoletes the Kconfig option for the number of ports.

Signed-off-by: Samuel Holland <samuel@sholland.org>
2022-11-03 23:24:09 +01:00
Tom Rini
36bc9b6113 Merge branch '2022-11-02-assorted-updates'
- Improve arm semihosting, NPCM8xx pinctrl driver, SP804 uclass timer
  driver (and enable on relevant platforms), pvblock cleanup, eeprom cmd
  bugfix, add RTI watchdog nodes to k3-am64-main, evb-ast2500 config
  updates.
2022-11-03 08:29:10 -04:00
Tom Rini
c07babda65 Merge branch 'master' of https://source.denx.de/u-boot/custodians/u-boot-riscv 2022-11-03 08:27:44 -04:00
Padmarao Begari
7321bad25f riscv: Update Microchip MPFS Icicle Kit support
This patch updates Microchip MPFS Icicle Kit support. For now,
add Microchip QSPI driver and a small 4MB reservation is
made at the end of 32-bit DDR to provide some memory for
the HSS to use.

Signed-off-by: Padmarao Begari <padmarao.begari@microchip.com>
Reviewed-by: Conor Dooley <conor.dooley@microchip.com>
Reviewed-by: Rick Chen <rick@andestech.com>
2022-11-03 13:27:56 +08:00
Padmarao Begari
eac3bbe5d8 spi: Add Microchip PolarFire SoC QSPI driver
Add QSPI driver code for the Microchip PolarFire SoC.
This driver supports the QSPI standard, dual and quad
mode interfaces.

Co-developed-by: Naga Sureshkumar Relli <nagasuresh.relli@microchip.com>
Signed-off-by: Naga Sureshkumar Relli <nagasuresh.relli@microchip.com>
Signed-off-by: Padmarao Begari <padmarao.begari@microchip.com>
Reviewed-by: Conor Dooley <conor.dooley@microchip.com>
2022-11-03 13:27:56 +08:00
Padmarao Begari
0b8e6f8411 riscv: dts: Add QSPI NAND device node
Add QSPI NAND device node to the Microchip PolarFire SoC
Icicle kit device tree.

The Winbond NAND flash memory can be connected to the
Icicle Kit by using the Mikroe Flash 5 click board and
the Pi 3 Click shield.

Signed-off-by: Padmarao Begari <padmarao.begari@microchip.com>
Reviewed-by: Conor Dooley <conor.dooley@microchip.com>
Reviewed-by: Rick Chen <rick@andestech.com>
2022-11-03 13:27:56 +08:00
Padmarao Begari
ab1644bdc4 riscv: dts: Update memory configuration
In the v2022.10 Icicle reference design, the seg registers have been
changed, resulting in a required change to the memory map.
A small 4MB reservation is made at the end of 32-bit DDR to provide some
memory for the HSS to use, so that it can cache its payload between
reboots of a specific context.

Co-developed-by: Conor Dooley <conor.dooley@microchip.com>
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Signed-off-by: Padmarao Begari <padmarao.begari@microchip.com>
Reviewed-by: Conor Dooley <conor.dooley@microchip.com>
Reviewed-by: Rick Chen <rick@andestech.com>
2022-11-03 13:27:56 +08:00
Yu Chien Peter Lin
a5dfa3b8a0 riscv: Rename Andes PLIC to PLICSW
As PLICSW is used to trigger the software interrupt, we should rename
Andes PLIC configuration and file name to reflect the usage. This patch
also updates PLMT and PLICSW compatible strings to be consistent with
OpenSBI fdt driver.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Rick Chen <rick@andestech.com>
2022-11-03 13:27:56 +08:00
Stefan Roese
8450b97bf4 mips: mtmips: spl/Kconfig: Set CONFIG_SPL_PAD_TO to 0x0 for ARCH_MTMIPS
It was noticed that while converting CONFIG_SPL_PAD_TO to Kconfig its
value for the MIPS MT762x/8x targets got not ported correctly. Its
default is not 0x10000 instead of 0x0. This patch fixes this issue.

Fixes: ca8a329a1b ("Convert CONFIG_SPL_PAD_TO et al to Kconfig")
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Ruben Winters <Ruben.Winters@gooiland-elektro.nl>
Cc: Weijie Gao <weijie.gao@mediatek.com>
Cc: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Cc: Tom Rini <trini@konsulko.com>
2022-11-02 21:54:26 +01:00
Daniel Schwierzeck
a29491ade0 MIPS: convert CONFIG_SYS_MIPS_TIMER_FREQ to Kconfig
This converts the following to Kconfig:
    CONFIG_SYS_MIPS_TIMER_REQ

Signed-off-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-11-02 21:42:32 +01:00
Daniel Schwierzeck
ea24b0eacf MIPS: mscc: remove unused CPU_CLOCK_RATE
CPU_CLOCK_RATE is just used once for CONFIG_SYS_MIPS_TIMER_FREQ
which is migrated to Kconfig in the next patch.

Signed-off-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-11-02 21:42:32 +01:00
Daniel Schwierzeck
e9dcd5b402 MIPS: remove CONFIG_SYS_MHZ
Resolve all uses of CONFIG_SYS_MHZ with the currently defined value.
Remove code which depends on CONFIG_SYS_MHZ but where no board configs
actually use that code.

Signed-off-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-11-02 21:42:32 +01:00
Daniel Schwierzeck
ac14db1ca9 MIPS: remove deprecated TARGET_VCT option
This board has been removed a long time ago.

Signed-off-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
2022-11-02 21:42:32 +01:00
Nylon Chen
3708739ef2 led: led_pwm: typo 'iverted' on code comment
change iverted to inverted.

Signed-off-by: Nylon Chen <nylon.chen@sifive.com>
2022-11-02 13:58:17 -04:00
Cédric Le Goater
0954bc2f89 configs: evb-ast2500: Set environment in SPI flash
We now have a SPI flash driver. Let's use it.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
2022-11-02 13:58:17 -04:00
Cédric Le Goater
18a5db3a81 configs: evb-ast2500: Add support for FIT format
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
2022-11-02 13:58:17 -04:00
Cédric Le Goater
2cede90c4b configs: evb-ast2500: Adjust boot command
Loading a kernel image is enough.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
2022-11-02 13:58:17 -04:00
Cédric Le Goater
60ecf059cc configs: evb-ast2500: Remove MMC support from default settings
This saves ~50K in the resulting u-boot.bin file which is important to
fit in the U-Boot partition defined in the flash layout of upstream Linux.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-11-02 13:58:17 -04:00
Christian Gmeiner
dcbc95c23c arm: dts: ti: k3-am64-main: Add RTI watchdog nodes
Add the needed bus mappings for the two main RTI memory ranges and
the required device tree nodes in the main domain.

Same as kernel commit 6dd8457dc20693e2ba9054c171499b22664fd4e7

Signed-off-by: Christian Gmeiner <christian.gmeiner@gmail.com>
2022-11-02 13:58:17 -04:00
Bin Meng
ea253ad7b5 treewide: Remove the unnecessary space before semicolon
%s/return ;/return;

Signed-off-by: Bin Meng <bmeng@tinylab.org>
2022-11-02 13:58:17 -04:00
Baruch Siach
aa59c1bec7 cmd: eeprom: don't truncate target address at 32-bit
On 64-bit platforms where int is 32-bit wide, the eeprom command
parse_numeric_param() routine truncates the memory address parameter to
the lower 32-bit. Make parse_numeric_param() return long to allow
read/write of addresses beyond the lower 4GB.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
2022-11-02 13:58:17 -04:00
Michal Suchanek
0b999d2082 xen: pvblock: Use uclass_probe_all
Also eliminate useless code and variables.

Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-11-02 13:58:17 -04:00
Andre Przywara
44b7abf8dc highbank: switch to use the Arm SP804 DM_TIMER driver
So far the Calxeda machines were using the CONFIG_SYS_TIMER_* macros to
simply hardcode the address of the counter register of the SP804 timer.
This method is deprecated and scheduled for removal.

Use the newly introduced SP804 DM_TIMER driver to provide timer
functionality on Highbank and Midway machines. The base address and base
frequency are taken from the devicetree.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2022-11-02 13:58:17 -04:00
Andre Przywara
4849e2edf4 highbank: scan into hb_sregs DT subnodes
The DT used for Calxeda Highbank and Midway systems exposes a "system
registers" block, modeled as a DT subnode.
This includes several clocks, including the two fixed clocks for the
main oscillator and timer.

So far U-Boot was ignorant of this special construct (a "clocks" node
within the "hb-sregs" node), as it didn't need the PLL clocks in there.
But that also meant we lost the fixed clocks, which form the base for
the UART baudrate generator and also the SP804 timer.

To allow the generic PL011 and SP804 driver to read the clock rate,
add a simple bus driver, which triggers the DT node discovery inside this
special node. As we only care about the fixed clocks (we don't have
drivers for the PLLs anyway), just ignore the address translation (for
now).

The binding is described in bindings/arm/calxeda/hb-sregs.yaml, the DT
snippet in question looks like:

=======================
	sregs@fff3c000 {
		compatible = "calxeda,hb-sregs";
		reg = <0xfff3c000 0x1000>;

		clocks {
			#address-cells = <1>;
			#size-cells = <0>;

			osc: oscillator {
				#clock-cells = <0>;
				compatible = "fixed-clock";
				clock-frequency = <33333000>;
			};
			....
		};
	};
=======================

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2022-11-02 13:58:17 -04:00
Andre Przywara
731d108dd0 timer: add SP804 UCLASS timer driver
The "Arm Ltd. Dual-Timer Module (SP804)" is a simple 32-bit count-down
timer IP with interrupt functionality, and is used in some SoCs from
various vendors.

Add a simple DM compliant timer driver, to allow users of the SP804 to
switch to DM_TIMER.

This relies on the input clock to be accessible via the DM clock
framework, which should be fine as we probably look at fixed-clock's
here anyway.
We re-program the control register in the probe() function, but keep
the divider in place, in case this has been set to something on purpose
before.

The TRM for the timer IP can be found here:
https://developer.arm.com/documentation/ddi0271/latest

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2022-11-02 13:58:17 -04:00
Jim Liu
1c1036499f pinctrl: nuvoton: Add NPCM8xx pinctrl driver
Add Nuvoton BMC NPCM845 Pinmux and Pinconf support.

Signed-off-by: Jim Liu <JJLIU0@nuvoton.com>
Signed-off-by: Stanley Chu <yschu@nuvoton.com>
2022-11-02 13:31:40 -04:00
Andre Przywara
2e32930087 arm: smh: Allow semihosting trap calls to be inlined
Currently our semihosting trap function is somewhat fragile: we rely
on the current compiler behaviour to assign the second inline assembly
argument to the next free register (r1/x1), which happens to be the
"addr" argument to the smh_trap() function (per the calling convention).
I guess this is also the reason for the noinline attribute.

Make it explicit what we want: the "addr" argument needs to go into r1,
so we add another register variable. This allows to drop the "noinline"
attribute, so now the compiler beautifully inlines just the trap
instruction directly into the calling function.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2022-11-02 13:31:40 -04:00
Andre Przywara
d660a82934 arm: smh: Make semihosting trap calls more robust
Commit f4b540e25c5c("arm: smh: Fix uninitialized parameters with newer
GCCs") added a memory clobber to the semihosting inline assembly trap
calls, to avoid too eager GCC optimisation: when passing a pointer, newer
compilers couldn't be bothered to actually fill in the structure that it
pointed to, as this data would seemingly never be used (at least from the
compiler's point of view).
But instead of the memory clobber we need to tell the compiler that we are
passing an *array* instead of some generic pointer, this forces the
compiler to actually populate the data structure.
This involves some rather hideous cast, which is best hidden in a macro.

But regardless of that, we actually need the memory clobber, but for two
different reasons: explain them in comments.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2022-11-02 13:31:40 -04:00
Andre Przywara
30b315b48d arm: smh: specify Thumb trap instruction
The ARM semihosting interface uses different trap instructions for
different architectures and instruction sets. So far we were using
AArch64 and ARMv7-M, and had an untested v7-A entry. The latter does
not work when building for Thumb, as can be verified by using
qemu_arm_defconfig, then enabling SEMIHOSTING and SYS_THUMB_BUILD:
==========
{standard input}:35: Error: invalid swi expression
{standard input}:35: Error: value of 1193046 too large for field of 2 bytes at 0
==========

Fix this by providing the recommended instruction[1] for Thumb, and
using the ARM instruction only when not building for Thumb. This also
removes some comment, as QEMU for ARM allows to now test this case.
Also use the opportunity to clean up the inline assembly, and just define
the actual trap instruction inside #ifdef's, to improve readability.

[1] https://developer.arm.com/documentation/dui0471/g/Semihosting/The-semihosting-interface?lang=en

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2022-11-02 13:31:40 -04:00
Tom Rini
cca41ed3d6 Merge branch 'master' of https://source.denx.de/u-boot/custodians/u-boot-watchdog
- cyclic: get rid of (the need for) cyclic_init() (Rasmus)
2022-11-02 09:10:30 -04:00
Tom Rini
ec5b8804de Merge branch 'master' of https://source.denx.de/u-boot/custodians/u-boot-spi.git
- NPCM PSPI controller (Jim)
2022-11-02 09:09:57 -04:00
Rasmus Villemoes
50128aeb0f cyclic: get rid of cyclic_init()
Currently, we must call cyclic_init() at some point before
cyclic_register() becomes possible. That turns out to be somewhat
awkward, especially with SPL, and has resulted in a watchdog callback
not being registered, thus causing the board to prematurely reset.

We already rely on gd->cyclic reliably being set to NULL by the asm
code that clears all of gd. Now that the cyclic list is a hlist, and
thus an empty list is represented by a NULL head pointer, and struct
cyclic_drv has no other members, we can just as well drop a level of
indirection and put the hlist_head directly in struct
global_data. This doesn't increase the size of struct global_data,
gets rid of an early malloc(), and generates slightly smaller code.

But primarily, this avoids having to call cyclic_init() early; the cyclic
infrastructure is simply ready to register callbacks as soon as we
enter C code.

We can still end up with schedule() being called from asm very early,
so we still need to check that gd itself has been properly initialized
[*], but once it has, gd->cyclic_list is perfectly fine to access, and
will just be an empty list.

As for cyclic_uninit(), it was never really the opposite of
cyclic_init() since it didn't free the struct cyclic_drv nor set
gd->cyclic to NULL. Rename it to cyclic_unregister_all() and use that
in test/, and also insert a call at the end of the board_init_f
sequence so that gd->cyclic_list is a fresh empty list before we enter
board_init_r().

A small piece of ugliness is that I had to add a cast in
cyclic_get_list() to silence a "discards 'volatile' qualifier"
warning, but that is completely equivalent to the existing handling of
the uclass_root_s list_head member.

[*] I'm not really sure where we guarantee that the register used for
gd contains 0 until it gets explicitly initialized, but that must be
the case, otherwise testing gd for being NULL would not make much sense.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Stefan Roese <sr@denx.de>
Tested-by: Stefan Roese <sr@denx.de>
Tested-by: Tim Harvey <tharvey@gateworks.com> # imx8mm-venice-*
2022-11-02 08:42:03 +01:00
Rasmus Villemoes
2896839483 cyclic: switch to using hlist instead of list
A hlist is headed by just a single pointer, so can only be traversed
forwards, and insertions can only happen at the head (or before/after
an existing list member). But each list node still consists of two
pointers, so arbitrary elements can still be removed in O(1).

This is precisely what we need for the cyclic_list - we never need to
traverse it backwards, and the order the callbacks appear in the list
should really not matter.

One advantage, and the main reason for doing this switch, is that an
empty list is represented by a NULL head pointer, so unlike a
list_head, it does not need separate C code to initialize - a
memset(,0,) of the containing structure is sufficient.

This is mostly mechanical:

- The iterators are updated with an h prefix, and the type of the
  temporary variable changed to struct hlist_node*.

- Adding/removing is now just hlist_add_head (and not tail) and
  hlist_del().

- struct members and function return values updated.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Stefan Roese <sr@denx.de>
Tested-by: Stefan Roese <sr@denx.de>
Tested-by: Tim Harvey <tharvey@gateworks.com> # imx8mm-venice-*
2022-11-02 08:41:55 +01:00
Rasmus Villemoes
2399b628f4 list.h: synchronize hlist_for_each_entry* iterators with linux
All the way back in 2013, the linux kernel updated the four
hlist_for_each_entry* iterators to require one less auxiliary
variable:

  commit b67bfe0d42cac56c512dd5da4b1b347a23f4b70a
  Author: Sasha Levin <sasha.levin@oracle.com>
  Date:   Wed Feb 27 17:06:00 2013 -0800

      hlist: drop the node parameter from iterators

Currently, there is only one "user" of any of these, namely in
fs/ubifs/super.c, but that actually uses the "new-style" form, and
is (obviously, or it wouldn't have built) inside #ifndef __UBOOT__.

Before adding actual users of these, import the version as of linux
v6.1-rc1, including the hlist_entry_safe() helper used by the new
versions.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Stefan Roese <sr@denx.de>
Tested-by: Stefan Roese <sr@denx.de>
Tested-by: Tim Harvey <tharvey@gateworks.com> # imx8mm-venice-*
2022-11-02 08:41:49 +01:00
Rasmus Villemoes
6b84b1db2d cyclic: drop redundant cyclic_ready flag
We're already relying on gd->cyclic being NULL before cyclic_init() is
called - i.e., we're relying on all of gd being zeroed before entering
any C code. And when we do populate gd->cyclic, its ->cyclic_ready
member is automatically set to true. So we can actually just rely on
testing gd->cyclic itself.

The only wrinkle is that cyclic_uninit() actually did set
->cyclic_ready to false. However, since it doesn't free gd->cyclic,
the cyclic infrastructure is actually still ready (i.e., the list_head
is properly initialized as an empty list).

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Stefan Roese <sr@denx.de>
Tested-by: Stefan Roese <sr@denx.de>
Tested-by: Tim Harvey <tharvey@gateworks.com> # imx8mm-venice-*
2022-11-02 08:41:42 +01:00
Rasmus Villemoes
d7de5ef629 cyclic: use a flag in gd->flags for recursion protection
As a preparation for future patches, use a flag in gd->flags rather
than a separate member in (the singleton) struct cyclic_drv to keep
track of whether we're already inside cyclic_run().

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Stefan Roese <sr@denx.de>
Tested-by: Stefan Roese <sr@denx.de>
Tested-by: Tim Harvey <tharvey@gateworks.com> # imx8mm-venice-*
2022-11-02 08:41:20 +01:00
Tom Rini
c8d9ff634f Merge branch '2022-10-31-FWU-add-FWU-multi-bank-update-feature-support'
To quote the author:
The patchset adds support for the FWU Multi Bank Update[1]
feature. Certain aspects of the Dependable Boot[2] specification have
also been implemented.

The FWU multi bank update feature is used for supporting multiple
sets(also called banks) of firmware image(s), allowing the platform to
boot from a different bank, in case it fails to boot from the active
bank. This functionality is supported by keeping the relevant
information in a structure called metadata, which provides information
on the images. Among other parameters, the metadata structure contains
information on the currect active bank that is being used to boot
image(s).

Functionality is being added to work with the UEFI capsule driver in
u-boot. The metadata is read to gather information on the update bank,
which is the bank to which the firmware images would be flashed to. On
a successful completion of the update of all components, the active
bank field in the metadata is updated, to reflect the bank from which
the platform will boot on the subsequent boots.

Currently, the feature is being enabled on the STM32MP157C-DK2 and
Synquacer boards. The DK2 board boots a FIP image from a uSD card
partitioned with the GPT partioning scheme, while the Synquacer board
boots a FIP image from a MTD partitioned SPI NOR flash device.

This feature also requires changes in a previous stage of
bootloader, which parses the metadata and selects the bank to boot the
image(s) from. Support has being added in tf-a(BL2 stage) for the
STM32MP157C-DK2 board to boot the active bank images. These changes
have been merged to the upstream tf-a repository.

The patch for adding a python test for the feature has been developed,
and was sent in the version 5 of the patches[3]. However, the test
script depends on adding support for the feature on MTD SPI NOR
devices, and that is being done as part of the Synquacer
patches. Hence these set of patches do not have the test script for
the feature. That will be added through the patches for adding support
for the feauture on Synquacer platform.

[1] - https://developer.arm.com/documentation/den0118/a
[2] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf
[3] - https://lists.denx.de/pipermail/u-boot/2022-June/485992.html
2022-11-01 09:32:21 -04:00
Sughosh Ganu
75f11c3bfd FWU: doc: Add documentation for the FWU feature
Add documentation for the FWU Multi Bank Update feature. The document
describes the steps needed for setting up the platform for the
feature, as well as steps for enabling the feature on the platform.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-10-31 14:47:33 -04:00
Sughosh Ganu
f65ee99b9d mkeficapsule: Add support for setting OEM flags in capsule header
Add support for setting OEM flags in the capsule header. As per the
UEFI specification, bits 0-15 of the flags member of the capsule
header can be defined per capsule GUID.

The oemflags will be used for the FWU Multi Bank update feature, as
specified by the Dependable Boot specification[1]. Bit
15 of the flags member will be used to determine if the
acceptance/rejection of the updated images is to be done by the
firmware or an external component like the OS.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
2022-10-31 14:47:33 -04:00
Sughosh Ganu
6da9271af1 mkeficapsule: Add support for generating empty capsules
The Dependable Boot specification[1] describes the structure of the
firmware accept and revert capsules. These are empty capsules which
are used for signalling the acceptance or rejection of the updated
firmware by the OS. Add support for generating these empty capsules.

[1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
2022-10-31 14:47:33 -04:00
Sughosh Ganu
873cf8ac70 test: dm: Add test cases for FWU Metadata uclass
Add test cases for accessing the FWU Metadata on the sandbox
platform. The sandbox platform also uses the metadata access driver
for GPT partitioned block devices.

The FWU feature will be tested on the sandbox64 variant with a raw
capsule. Remove the FIT capsule testing from sandbox64 defconfig --
the FIT capsule test will be run on the sandbox_flattree variant.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-10-31 14:47:33 -04:00
Sughosh Ganu
e68c03be46 FWU: cmd: Add a command to read FWU metadata
Add a command to read the metadata as specified in the FWU
specification and print the fields of the metadata.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
2022-10-31 14:47:33 -04:00
Sughosh Ganu
8679405241 FWU: Add support for the FWU Multi Bank Update feature
The FWU Multi Bank Update feature supports updating firmware images
to one of multiple sets(also called banks) of images. The firmware
images are clubbed together in banks, with the system booting images
from the active bank. Information on the images such as which bank
they belong to is stored as part of the metadata structure, which is
stored on the same storage media as the firmware images on a dedicated
partition.

At the time of update, the metadata is read to identify the bank to
which the images need to be flashed(update bank). On a successful
update, the metadata is modified to set the updated bank as active
bank to subsequently boot from.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-10-31 14:47:32 -04:00
Sughosh Ganu
7e9814cc6c FWU: Add boot time checks as highlighted by the FWU specification
The FWU Multi Bank Update specification requires the Update Agent to
carry out certain checks at the time of platform boot. The Update
Agent is the component which is responsible for updating the firmware
components and maintaining and keeping the metadata in sync.

The spec requires that the Update Agent perform the following checks
at the time of boot
* Sanity check of both the metadata copies maintained by the platform.
* Get the boot index passed to U-Boot by the prior stage bootloader
  and use this value for metadata bookkeeping.
* Check if the system is booting in Trial State. If the system boots
  in the Trial State for more than a specified number of boot counts,
  change the Active Bank to be booting the platform from.

Call these checks through the main loop event at the time of platform
boot.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-10-31 14:47:32 -04:00