The expected sequence to close the device
1/ Load key in DDR with any supported load command
2/ Update OTP with key: STM32MP> stm32key read <addr>
At this point the device is able to perform image authentication but
non-authenticated images can still be used and executed.
So it is the last moment to test boot with signed binary and
check that the ROM code accepts them.
3/ Close the device: only signed binary will be accepted !!
STM32MP> stm32key close
Warning: Programming these OTP is an irreversible operation!
This may brick your system if the HASH of key is invalid
This command should be deactivated by default in real product.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Allow to read the OTP value and lock status with the command
$> stm32key read.
This patch also protects the stm32key fuse command.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Add a helper function to access to BSEC misc driver.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Lock the OTP value of key's hash after the command
$> stm32key fuse <address>
This operation forbids a second update of these OTP as they are
ECC protected in BSEC: any update of these OTP with a different value
causes a BSEC disturb error and the closed chip will be bricked.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Simplify parsing the command argument by using
the macro U_BOOT_CMD_WITH_SUBCMDS.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
This command is used to evaluate the secure boot on stm32mp SOC,
it is deactivated by default in real products.
We activate this command only in STMicroelectronics defconfig
used with the evaluation boards.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reduce the content of short help message for stm32prog command and
removed the carriage return to fix the display of 'help' command when
this command is activated.
Fixes: 954bd1a923 ("stm32mp: add the command stm32prog")
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Add the variable used by PXE command for fdtoverlays support
since the commit 69076dff22 ("cmd: pxe: add support for FDT overlays").
Reused the unused "splashimage" address as CONFIG_SPLASH_SOURCE and
CONFIG_VIDEO_LOGO are not activated and U-Boot display the "BACKGROUND"
image found in extlinux.conf to manage splashscreen on stm32mp1 boards.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Fix wrong register use when set/reset ST bit.
ST bit is in register M41T62_REG_SEC not in M41T62_REG_ALARM_HOUR.
I have not actually tested this. But this seemed buggy from inspection.
Fixes: 9bbe210512 ("rtc: m41t62: add oscillator fail bit reset support")
Signed-off-by: Max Yang <max.yang@deltaww.com>
At the moment android_image_get_kcomp() can automatically detect
LZ4 compressed kernels and the compression specified in uImages.
However, especially on ARM64 Linux is often compressed with GZIP.
Attempting to boot an Android image with a GZIP compressed kernel
image currently results in a very strange crash, e.g.
Starting kernel ...
"Synchronous Abort" handler, esr 0x02000000
...
Code: 5555d555 55555d55 555f5555 5d555d55 (00088b1f)
Note the 1f8b, which are the "magic" bytes for GZIP images.
U-Boot already has the image_decomp_type() function that checks for
the magic bytes of bzip2, gzip, lzma and lzo. It's easy to make use
of it here to increase the chance that we do the right thing and the
user does not become confused with strange crashes.
This allows booting Android boot images that contain GZIP-compressed
kernel images.
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
The current fitImage DTO implementation expects each fitImage image
subnode containing DTO to have 'load' property, pointing somewhere
into memory where the DTO will be loaded. The address in the 'load'
property must be different then the base DT load address and there
must be sufficient amount of space between those two addresses.
Selecting and using such hard-coded addresses is fragile, error
prone and difficult to port even across devices with the same SoC
and different DRAM sizes.
The DTO cannot be applied in-place because fdt_overlay_apply_verbose()
modifies the DTO when applying it onto the base DT, so if the DTO was
used in place within the fitImage, call to fdt_overlay_apply_verbose()
would corrupt the fitImage.
Instead of copying the DTO to a specific hard-coded load address,
allocate a buffer, copy the DTO into that buffer, apply the DTO onto
the base DT, and free the buffer.
The upside of this approach is that it is no longer necessary to
select and hard-code specific DTO load address into the DTO. The
slight downside is the new malloc()/free() overhead for each DTO,
but that is negligible (*).
(*) on iMX8MM/MN and STM32MP1
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Pantelis Antoniou <pantelis.antoniou@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: Add <linux/sizes.h>]
Signed-off-by: Tom Rini <trini@konsulko.com>
There's currently no user of %p[iI]6, so including ip6_addr_string()
in the image is a waste of bytes. It's easy enough to have the
compiler elide it without removing the code completely.
The closest I can find to anybody "handling" ipv6 in U-Boot currently
is in efi_net.c which does
if (ipv6) {
ret = EFI_UNSUPPORTED;
As indicated in the comment, it can easily be put back, but preferably
under a config knob.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
U-Boot doesn't support %pS/%pF or any other kind of kallsyms-like
lookups. Remove the comment.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
This saves some code, both in terms of #LOC and .text size, and it is
also the normal convention that foo(...) is implemented in terms of
vfoo().
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
When the default clocks cannot be set, the clock is silently probed and
the error is ignored. This is incorrect, since having the clocks at the
correct speed may be important for operation of the system.
Fix it by checking the return code.
Signed-off-by: Simon Glass <sjg@chromium.org>
In this case the value seems save to pass to os_free(). Add a comment.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Coverity (CID: 165109)
In tpm_sendrecv_command() the command buffer is passed in. If a mistake is
somehow made in setting this up, the size could be out of range. Add a
sanity check for this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Coverity (CID: 331152)
The width is set up in single_of_to_plat() and can only have three values,
all of which result in a non-zero divisor. Add a comment.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Coverity (CID: 331154)
At present the return value of ofnode_get_property() is not checked, which
causes a coverity warning. While we are here, use logging for the errors.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Coverity (CID: 331157)
Update dm_dump_drivers() to use the return value from uclass_get() to
check the validity of uc. This is equivalent and should be more attractive
to Coverity.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Coverity (CID: 316601)
The devres_alloc() function is intended to avoid the need for freeing
memory, although in practice it may not be enabled, thus leading to a true
leak.
Nevertheless this is intended. Add a comment.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Coverity (CID: 312951)
The devres_alloc() function is intended to avoid the need for freeing
memory, although in practice it may not be enabled, thus leading to a true
leak.
Nevertheless this is intended. Add a comment to explain this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Coverity (CID: 312952)
This value is either 0 for success or -1 for error. Coverity reports that
"ret" is passed to a parameter that cannot be negative, pointing to the
condition 'if (ret < 0)'.
Adjust it to just check for non-zero and avoid showing -1 in the error
message, which is pointless. Perhaps these changes will molify Coverity.
Reported-by: Coverity (CID: 312956)
Signed-off-by: Simon Glass <sjg@chromium.org>
This cannot actually fail, but check the value anyway to keep coverity
happy.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Coverity (CID: 316351)
At present if ifname is exactly IFNAMSIZ characters then it will result
in an unterminated string. Fix this by using strlcpy() instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Coverity (CID: 316358)
Acked-by: Ramon Fried <rfried.dev@gmail.com>
Unfortunately for testing is required qflasher which works only in 32-bit
x86 mode. Apparently 64-bit x86 Azure CI has no problems as it has
preinstalled 32-bit libraries and can execute also 32-bit x86 executables.
This change just show human readable output why nokia_rx51_test.sh test
script fails.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Link: https://lore.kernel.org/r/20210618133108.32497-1-pali@kernel.org
By default bootmenu is loaded only from eMMC. After this change U-Boot
first tries to load bootmenu from uSD card and if it fails then fallback to
eMMC. People want to boot alternative OS from removable uSD without need to
modify eMMC content. So this backward compatible change allows it.
Part of this change is also optimization of trymmc* macros so they can be
used in preboot macro for loading bootmenu.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Link: https://lore.kernel.org/r/20210618132704.32066-2-pali@kernel.org
Enable U-Boot bootz command and update env scripts to try loading also
zImage file and to try booting via bootz command.
Update also lowlevel_init.S code for checking validity of zImage magic to
correctly relocate kernel in zImage format.
This change allows U-Boot to directly boot Linux kernel without need for
converting kernel image into U-Boot uImage format.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Link: https://lore.kernel.org/r/20210618132704.32066-1-pali@kernel.org
Add voltage and thermal management (VTM) node. The efuse values for the
OPPs are stored under the VTM, and is needed for AVS class 0 support.
Signed-off-by: Gowtham Tammana <g-tammana@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Link: https://lore.kernel.org/r/20210714205300.17424-4-g-tammana@ti.com
TI J7200 EVM has lp876441 pmic that is similar to tps65941. Add support
for same with existing driver with new compatible.
Signed-off-by: Gowtham Tammana <g-tammana@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Acked-by: Jaehoon Chung <jh80.chung@samsung.com>
Link: https://lore.kernel.org/r/20210714205300.17424-2-g-tammana@ti.com
Swap out the TI-centric "envboot" logic for the generic distro_bootcmd
logic for the bootcmd we run before trying to do something more complex
involving additional firmware, etc.
Cc: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Link: https://lore.kernel.org/r/20210713141139.15183-1-trini@konsulko.com
The usbtty functionality is not currently used on these two platforms,
disable it.
Cc: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Link: https://lore.kernel.org/r/20210708014348.4010-1-trini@konsulko.com
Swap out the TI-centric "envboot" logic for the generic distro_bootcmd
logic for the bootcmd we run before trying to do something more complex
involving additional firmware, etc.
Cc: Lokesh Vutla <lokeshvutla@ti.com> (maintainer:J721E BOARD)
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Link: https://lore.kernel.org/r/20210701142743.26190-1-trini@konsulko.com
Remove the environment support for various legacy boot methods. With
this, we will now default to booting any distribution that follows the
generic distro boot framework and no longer attempt to boot various
legacy (to this SoC) scripts/etc. Note that if we do not find anything
here we will continue to try and Android methods and will start by
trying fastboot.
Cc: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Link: https://lore.kernel.org/r/20210701132612.7559-3-trini@konsulko.com
This include file is only used by ti_omap5_common.h. Further, the move
is towards using the generic distro boot framework and not this set of
macros. Start by moving all of the contents in directly to where they
are used.
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Link: https://lore.kernel.org/r/20210701132612.7559-2-trini@konsulko.com
Remove the environment support for various legacy boot methods. With
this, we will now default to booting any distribution that follows the
generic distro boot framework and no longer attempt to boot various
legacy (to this SoC) scripts/etc.
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Link: https://lore.kernel.org/r/20210701132612.7559-1-trini@konsulko.com
SPL is really tight on space, so decrease a little memory that we
allocate in order to fix boot hang.
Signed-off-by: Adam Ford <aford173@gmail.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Tested-by: Derald D. Woods <woods.technical@gmail.com>
Link: https://lore.kernel.org/r/20210626134258.601331-1-aford173@gmail.com
secureworld_exit() is only used in one file, so make it static
to that file and remove it from sys_proto.h. This
may help with some further optimization in the future.
Signed-off-by: Adam Ford <aford173@gmail.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Link: https://lore.kernel.org/r/20210625192308.277136-3-aford173@gmail.com
try_unlock_memory() is only used in one file, so make it static
in that file,remove it from the sys_proto header file, and relocate
it into the #ifdef section that call it. This will make it only built
under the conditions when it is called, and it may help with some
further optimization in the future.
Signed-off-by: Adam Ford <aford173@gmail.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Link: https://lore.kernel.org/r/20210625192308.277136-2-aford173@gmail.com
The AM3517 uses SYS_MALLOC_F_LEN of size 0x3000, but the rest of
the OMAP3 boards from LogicPD / BeaconEmbedded use 0x4000, but
they don't boot SPL.
Reduce the malloc size to restore booting.
Signed-off-by: Adam Ford <aford173@gmail.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Link: https://lore.kernel.org/r/20210625185717.243211-1-aford173@gmail.com
The `struct udevice *` reference is needed for either of the
K3_LOAD_SYSFW, K3_AM64_DDRSS config guards. Adding the missing
K3_AM64_DDRSS guard.
Signed-off-by: Gowtham Tammana <g-tammana@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Link: https://lore.kernel.org/r/20210624171614.14244-1-g-tammana@ti.com