Add a way to create and dispatch events without needing to allocate
memory. Also add a way to 'spy' on events, thus allowing 'hooks' to be
created.
Use a linker list for static events, which we can use to replace functions
like arch_cpu_init_f(). Allow an EVENT_DEBUG option which makes it
easier to see what is going on at runtime, but uses more code space.
Dynamic events allow the creation of a spy at runtime. This is not always
necessary, but can be enabled with EVENT_DYNAMIC if needed.
A 'test' event is the only option for now.
Signed-off-by: Simon Glass <sjg@chromium.org>
Commit 98f705c9ce ("powerpc: remove 4xx support") removed (in 2017) the
last code that made use of bedbug debugger support. Since there aren't
any boards left that define either CONFIG_CMD_BEDBUG or a real
bedbug_init(), drop this feature from u-boot.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Rename the file lcd_simplefb.c to fdt_simplefb.c to be aligned
with the configuration name and with the associated include file
./include/fdt_simplefb.h
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
This converts the following to Kconfig:
CONFIG_LCD_DT_SIMPLEFB
This patch also renames this config to CONFIG_FDT_SIMPLEFB as the code in
common/lcd_simplefb.c support CONFIG_LCD and CONFIG_VIDEO.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Matthias Brugger <mbrugger@suse.com>
The last board that used to set CONFIG_LYNXKDI has been removed in
commit 242836a893 ("powerpc: ppc4xx: remove pcs440ep support"),
doc/README.lynxkdi only talks about a MPC8260 board being supported,
and the mpc8260 support has been removed four years ago in commit
2eb48ff7a2 ("powerpc, 8260: remove support for mpc8260") already,
and common/lynxkdi.c only consists of an "#error" statement these
days, so it seems like the LYNX KDI code is dead code nowadays.
Let's remove it now.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Quite a lot of the code in common/relates to booting and images. Before
adding more it seems like a good time to move the code into its own
directory.
Most files with 'boot' or 'image' in them are moved, except:
- autoboot.c which relates to U-Boot automatically running a script
- bootstage.c which relates to U-Boot timing
Drop the removal of boot* files from the output directory, since this
interfers with the symlinks created by tools and there does not appear
to be any such file from my brief testing.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
Tested-by: Artem Lapkin <email2tema@gmail.com>
To avoid a large #ifdef in the image.c file, move the affected code into
a separate file.
Avoid any style fix-ups for easier review. Those are in the next patch.
Signed-off-by: Simon Glass <sjg@chromium.org>
All of these configs exist. Stick to using CONFIG_[ST]PL_HASH, and drop all
references to CONFIG_[ST]PL_HASH_SUPPORT. This means we need for
CHAIN_OF_TRUST to select SPL_HASH now.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Add TPL case, fix CHAIN_OF_TRUST, other tweaks]
Signed-off-by: Tom Rini <trini@konsulko.com>
Add support for stack protector for UBOOT, SPL, and TPL
as well as new pytest for stackprotector
Signed-off-by: Joel Peshkin <joel.peshkin@broadcom.com>
Adjust UEFI build flags.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We move qfw into its own uclass and split the PIO functions into a
specific driver for that uclass. The PIO driver is selected in the
qemu-x86 board config (this covers x86 and x86_64).
include/qfw.h is cleaned up and documentation added.
Signed-off-by: Asherah Connor <ashe@kivikakk.ee>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
This Trusted Application allows enabling SCP03 as well as provisioning
the keys on TEE controlled secure element (ie, NXP SE050).
All the information flowing on buses (ie I2C) between the processor
and the secure element must be encrypted. Secure elements are
pre-provisioned with a set of keys known to the user so that the
secure channel protocol (encryption) can be enforced on the first
boot. This situation is however unsafe since the keys are publically
available.
For example, in the case of the NXP SE050, these keys would be
available in the OP-TEE source tree [2] and of course in the
documentation corresponding to the part.
To address that, users are required to rotate/provision those keys
(ie, generate new keys and write them in the secure element's
persistent memory).
For information on SCP03, check the Global Platform HomePage and
google for that term [1]
[1] globalplatform.org
[2] https://github.com/OP-TEE/optee_os/
check:
core/drivers/crypto/se050/adaptors/utils/scp_config.c
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Simon Glass <sjg@chromium.org>
obj-$(CONFIG_$(SPL_TPL_)YMODEM_SUPPORT) += xyzModem.o is there,
no need obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The main purpose of this patch is to separate a generic interface for
updating firmware using DFU drivers from "auto-update" via tftp.
This function will also be used in implementing UEFI capsule update
in a later commit.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
My goal is to sync lib/libfdt/ with scripts/dtc/libfdt/, that is,
make lib/libfdt/ contain only wrapper files.
fdt_region.c was written only for U-Boot to implement the verified
boot. So, this belongs to the same group as common/fdt_support.c,
which is a collection of U-Boot own fdt helpers.
Move lib/libfdt/fdt_region.c to common/fdt_region.c . This is
necessary only when CONFIG_(SPL_TPL_)_FIT_SIGNATURE is enabled.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Do not build image_sign_info helper functions in SPL if not needed.
Fixes: b983cc2da0 ("lib: rsa: decouple rsa from FIT image verification")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
Provide a log driver that broadcasts RFC 3164 messages to syslog servers.
rsyslog is one implementation of such a server.
The messages are sent to the local broadcast address 255.255.255.255 on
port 514.
The environment variable log_hostname can be used to provide the HOSTNAME
field for the messages. The optional TIMESTAMP field of RFC 3164 is not
provided.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building
RSA functions from FIT verification and allow for adding a RSA-based
signature verification for other file formats, in particular PE file
for UEFI secure boot.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Android Boot Image v2 adds "DTB" payload (and corresponding field in the
image header). Provide functions for its handling:
- android_image_get_dtb_by_index(): Obtain DTB blob from "DTB" part of
boot image, by blob's index
- android_image_print_dtb_contents(): Iterate over all DTB blobs in
"DTB" part of boot image and print those blobs info
"DTB" payload might be in one of the following formats:
1. concatenated DTB blobs
2. Android DTBO format
The latter requires "android-image-dt.c" functionality, so this commit
selects that file for building for CONFIG_ANDROID_BOOT_IMAGE option.
Right now this new functionality isn't used, but it can be used further.
As it's required to apply some specific dtbo blob(s) from "dtbo"
partition, we can't automate this process inside of "bootm" command. But
we can do next:
- come up with some new command like "abootimg" to extract dtb blob
from boot image (using functions from this patch)
- extract desired dtbo blobs from "dtbo" partition using "adtimg"
command
- merge dtbo blobs into dtb blob using "fdt apply" command
- pass resulting dtb blob into bootm command in order to boot the
Android kernel with Android ramdisk from boot image
Signed-off-by: Sam Protsenko <joe.skb7@gmail.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
This commit add the support of encrypting image with aes
in mkimage. To enable the ciphering, a node cipher with
a reference to a key and IV (Initialization Vector) must
be added to the its file. Then mkimage add the encrypted
image to the FIT and add the key and IV to the u-boot
device tree.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Rename the existing 'dtimg' command to 'adtimg', in order to:
- Suggest the Android origins and scope
- Be consistent with the upcoming 'abootimg' command (naming
suggested by Simon [*])
The change in _not_ backward compatible, but its benefits outweigh its
downsides, given that we don't expect active users of 'dtimg' today.
Perform the rename in several steps:
1. Rename *.c file and Kconfig symbol. This should allow
'git log --follow' to properly track the history of 'adtimg.c'
2. 's/dtimg/adtimg/g' in the internal namespace of 'adtimg.c'
ELF comparison [**] before and after shows no functional change.
[*] https://patchwork.ozlabs.org/patch/1182212/#2291600
[**] diff -u <(objdump -d cmd/dtimg.o) <(objdump -d cmd/adtimg.o)
Cc: Tom Rini <trini@konsulko.com>
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Reviewed-by: Simon Glass<sjg@chromium.org>
Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org>
This patch determines the A/B-specific bootloader message structure
that is the basis for implementation of recovery and A/B update
functions. A/B metadata is stored in this structure and used to decide
which slot should we use to boot the device. Also some basic functions
for A/B metadata manipulation are implemented (like slot selection).
The patch was extracted from commits [1], [2] with some coding style
fixes.
[1] https://android-review.googlesource.com/c/platform/external/u-boot/+/729878/2
[2] https://android-review.googlesource.com/c/platform/external/u-boot/+/729880/2
Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
This debug mode is used by CubeMX DDR tuning tools
or manualy for tests during board bring-up.
It is simple console used to change DDR parameters and check
initialization.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Since there is the SPL_USB_HOST_SUPPORT for enabling USB support in SPL,
makes more sense to rename the SPL_USB_SUPPORT as SPL_USB_STORAGE.
Everything that is not part of the usb storage support in SPL is now
build under SPL_USB_HOST_SUPPORT.
Signed-off-by: Abel Vesa <abel.vesa@nxp.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
CLI support with the HUSH parser is not currently SPL safe due to it's
use of realloc. That function is not defined for SPLs that use
SYS_MALLOC_SIMPLE. CLI support can be built in to SPL and some functions
do work, but use of some like run_command() will cause build to fail.
When no SPL code calls this function build works as the compiler removes
this unreachable code so the unresolved symbols are ignored.
If DFU support is enabled in SPL then MMU DFU support may get brought in
also, this code does make a call to run_command() causing build to fail
if the HUSH parser is not built-in. To break this odd and unneeded
dependency chain we use CONFIG_IS_ENABLED where appropriate to prevent
calls into HUSH code from SPL. This also removes our need to pull in the
rather unrelated source file when SPL_DFU is defined.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
The symbol CONFIG_SPL_DFU_SUPPORT in SPL build has the same
meaning as CONFIG_DFU in regular U-Boot. Drop the _SUPPORT
to allow for cleaner use in code.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Acked-by: Lukasz Majewski <lukma@denx.de>
Enable DM for USB peripheral in the musb-new driver.
Also make sure that the driver can be used in the SPL.
This implies that:
* the driver must work with and without the OF_CONTROL option. That
in turn, implies that the platform data can be passed in a struct
ti_musb_platdata or be read from the dtb
* usb.o is linked in the SPL if host support is enabled
Another change is that the driver does not fail to bind (and stop the boot
process) if one of the child driver does not bind. Reporting the error is
enough. This kind of error would appear if the port is configured in the
DTS but the driver is not activated in the config.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Common USB code is built whenever USB is enabled (in non-SPL builds).
The USB uclass is built whenever (SPL_)DM_USB is enabled. Both need to
be independent from CMD_USB.
Signed-off-by: Sven Schwermer <sven@svenschwermer.de>
At present there is no standard way in U-Boot to pass information from SPL
to U-Boot proper. But sometimes SPL wants to convey information to U-Boot
that U-Boot cannot easily figure out. For example, if SPL sets up SDRAM
then it might want to pass the size of SDRAM, or the location of each
bank, to U-Boot proper.
Add a new 'bloblist' feature which provides this. A bloblist is set up in
the first phase of U-Boot that runs (i.e. TPL or SPL). The location of
this info may be in SRAM or CAR (x86 cache-as-RAM) or somewhere else.
Information placed in this region is preserved (with a checksum) through
TPL and SPL and ends up in U-Boot. At this point it is copied into SDRAM
so it can be used after relocation.
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Andreas Dannenberg <dannenberg@ti.com>
It is sometimes useful to log information in SPL and TPL. Add support for
this.
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
At present these features are supported in SPL but not TPL. Update the
Kconfig and Makefile to allow this.
Also add a few Makefile comments to make earier to track what is going on.
Signed-off-by: Simon Glass <sjg@chromium.org>
dtimg command allows user to work with Android DTB/DTBO image format.
Such as, getting the address of desired DTB/DTBO file, printing the dump
of the image in U-Boot shell, etc.
This command is needed to provide Android boot with new Android DT image
format further.
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
1. Since libavb library alone is highly portable, introduce dedicated
Kconfig symbol for AVB bootloader-dependent operations, so it's possible
to build libavb separately. AVB bootloader-dependent operations include:
* Helpers to process strings in order to build OS bootargs.
* Helpers to access MMC, similar to drivers/fastboot/fb_mmc.c.
* Helpers to alloc/init/free avb ops.
2. Add CONFIG_FASTBOOT dependency, as fastboot buffer is
re-used in partition verification operations.
Reported-by: Eugeniu Rosca <rosca.eugeniu@gmail.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Reviewed-by: Eugeniu Rosca <rosca.eugeniu@gmail.com>
Tested-by: Eugeniu Rosca <rosca.eugeniu@gmail.com>
Implement AVB ops on top of existing mmc subsystem API. Currently there
is a full implementation of such operations, defined by [1]
AVB2.0 specification:
.read_from_partition() - reads N bytes from a partition identified by
a name.
.write_to_partition() - Writes N bytes to a partition identified by a name.
.validate_vbmeta_public_key() - checks if the given public ‘vbmeta’
partition is trusted.
.get_unique_guid_for_partition() - Gets the GUID for a partition identified
by a string name.
As [1] specification recommends to use tamper-evident storage for storing
rollback indexes and device state (LOCKED/UNLOCKED),
currently are only stubs instead of full implementation for these ops:
.read_rollback_index() - Gets the rollback index for a given index location
.write_rollback_index() - Sets the rollback index to a given location
.read_is_device_unlocked() - Gets where the device is unlocked
[1] https://android.googlesource.com/platform/external/avb/+/master/README.md
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Introduce CONFIG_IMAGE_SPARSE and CONFIG_CMD_MMC_SWRITE so the "mmc
swrite" command is separated from the fastboot code.
Move image-sparse from common to lib so it's clear it's library code.
Rename CONFIG_FASTBOOT_FLASH_FILLBUF_SIZE to CONFIG_IMAGE_SPARSE_FILLBUF_SIZE
and migrate it to Kconfig.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Acked-by: Jassi Brar <jaswinder.singh@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Separate CMD_FASTBOOT from FASTBOOT and move code and configuration to
drivers/fastboot.
Switch dependencies on FASTBOOT to USB_FUNCTION_FASTBOOT as anyone who wants
FASTBOOT before this series wants USB_FUNCTION_FASTBOOT. Split
USB_FUNCTION_FASTBOOT from FASTBOOT so they retain their existing
behaviour.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.
In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.
This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.
Signed-off-by: Tom Rini <trini@konsulko.com>
Do the following to make the symbol names less confusing.
sed -i "s/\([TU][^_]\+\)_FUNCTION_DFU/DFU_OVER_\1/g" \
`git grep _FUNCTION_DFU | cut -d ":" -f 1 | sort -u`
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Lukasz Majewski <lukma@denx.de>
Clean up the screaming mess of configuration options that DFU is.
It was impossible to configure DFU such that TFTP is enabled and
USB is not, this patch fixes that and assures that DFU TFTP and
DFU USB can be enabled separatelly and that the correct pieces
of code are compiled in.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Lukasz Majewski <lukma@denx.de>
It is useful to display log messages on the console. Add a simple driver
to handle this.
Note that this driver outputs to the console, which may be serial or
video. It does not specifically select serial output.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
CONFIG_FIT_EMBED might be confused with CONFIG_OF_EMBED, rename it
MULTI_DTB_FIT as it is able to get a DTB from a FIT image containing
multiple DTBs. Also move the option to the Kconfig dedicated to the DTS
options and create a README for this feature.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
For timing our bootstages on the RK3368, which has a minimal TPL
(and where we consequently don't want to time the bootstages) and a
full-featured SPL (where we can bootstage recording), we need to
adjust the Makefile.
Use the $(SPL_TPL_) macro in the Makefile for bootstage.o
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
About a quarter of the files in common/ relate to the environment. It
seems better to put these into their own subdirectory and remove the
prefix.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
To allow for a finer-grained control of features for TPL and SPL
builds all modules/boot-methods/etc. need to be consistently selected
based on the $(SPL_TPL_) macros.
This allows splitting the associated config-options in Kconfig: we
don't split the Kconfig options here and now, as this should happen on
an as-needed basis, whenever someone needs a feature/boot-method/etc.
in their TPL.
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>