If a PIO request is executed while link-down, the whole controller gets
stuck in a non-functional state, and even after link comes up again, PIO
requests won't work anymore, and a reset of the whole PCIe controller is
needed. Therefore we need to prevent sending PIO requests while the link
is down.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
This change updates all Armada 37xx DTS files to version which is used by
Linux kernel v5.18.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Official DT bindings for Espressobin have disabled eMMC node.
As U-Boot requires to have this node enabled by default, do it in
armada-3720-espressobin-u-boot.dtsi DTS file.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
U-Boot specific changes should be in armada-3720-espressobin-u-boot.dtsi DTS file.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
In Linux kernel version of armada-37xx.dtsi file sdhci1 pointer refers to
sdhci@d0000 node and sdhci0 pointer to sdhci@d8000 node.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Armada 3720 DTS files in upstream kernel use ethernet nodes named
'ethernet@30000' and 'ethernet@40000'. U-Boot have them named 'neta@30000'
and 'neta@40000'. To have Turris Mox U-Boot board code independent of
ethernet node names, find ethernet node via alias.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Official DT bindings have only one reg property: watchdog address space.
Convert armada-37xx-wdt.c driver to offical DT bindings and access sel_reg
register via MVEBU_REGISTER() macro, as its value (required by U-Boot
driver) is not in DT yet. In later stage can be driver cleaned to not use
it.
This change would allow U-Boot to use A3720 watchdog DTS structure from
Linux kernel.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Official DT bindings use compatible string marvell,armada-3700-ehci.
Update drivers and DTS files.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
In commit d368e10705 ("phy: marvell: a3700: Convert to official DT
bindings in COMPHY driver") was done update to official DT bindings but
compatible string of official DT bindings was not updated.
Fix it now.
Fixes: d368e10705 ("phy: marvell: a3700: Convert to official DT bindings in COMPHY driver")
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Compatible string microchip,mcp7940x is used by Turris Mox DTS file in
Linux kernel and U-Boot ds1307.c driver works fine with it.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
End of DATA register section is indicated by zero value in both raddr and
rdata.
So do not stop dumping registers with non-zero address and zero value.
And also print end of DATA registers section.
Fixes: 1a8e6b63e2 ("tools: kwbimage: Dump kwbimage config file on '-p -1' option")
Signed-off-by: Pali Rohár <pali@kernel.org>
Reported-by: Tony Dinh <mibodhi@gmail.com>
Tested-by: Tony Dinh <mibodhi@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Writing to the PCI_PRIMARY_BUS register of the root port should not change
bus number on which is root port present.
This PCI_PRIMARY_BUS register is used only for correct configuration of
legacy PCI stuff, like forwarding of PCI special cycles between buses.
Aardvark HW does not support PCI special cycles, so it does not have HW
register for PCI_PRIMARY_BUS and therefore it does not matter what is
stored in this register.
So fix this issue and do not use PCI_PRIMARY_BUS register in pci-aardvark.c
driver for moving root bus of the root port.
After this change there is no reason for storing bus number (zero) into
first_busno variable, so remove this variable.
Signed-off-by: Pali Rohár <pali@kernel.org>
Fixes: cb056005dc ("arm: a37xx: pci: Add support for accessing PCI Bridge on root bus")
Reviewed-by: Stefan Roese <sr@denx.de>
There is only one base address, so use dev_read_addr() instead of dev_read_addr_index().
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Remove "PCI_" prefix from all macros which are aardvark specific to not
conflict with macros defined in global include file pci.h. Instead add
"ADVK_" prefix for them so it is visible that they are aardvark specific.
After "ADVK_" prefix append keyword which describes register group, so it
would be clear to which register each macro value belongs.
Rename some macros for consistency with other macros.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
PCI config space of the aardvark PCIe Root Port is available only in
internal aardvark memory space starting at offset 0x0. PCI Express
registers (PCI_EXP_*) start at offset 0xc0. And Advanced Error Reporting
registers (PCI_ERR_*) start at offset 0x100.
Replace custom aardvark register macros by standard PCI macros from
include/pci.h file with fixed offset.
Some DEVCTL and AER macros are not defined in include/pci.h file, so define
them in the same way as in linux uapi header file pci_regs.h.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
The changes introduced with commit 6337d53fdf ("arm: dts: sync am33xx
with Linux 5.9-rc7") prevent the PDU001 from operating correctly.
This patch fixes the configuration of the pin multiplexer and uart3.
Signed-off-by: Felix Brack <fb@ltec.ch>
After replacing of include/config/auto.conf sourcing with
extraction of CONFIG_LOCALVERSION, resulting version string
contains quotes around localversion part which are always
present in auto.conf (even if localversion is empty).
This patch fixes this script to remove quotes.
Signed-off-by: Nikita Maslov <wkernelteam@gmail.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The pstore command tries to create a reserved-memory node but fails if
it is already present with:
Add 'reserved-memory' node failed: FDT_ERR_EXISTS
This patch creates the node only if it does not exist and adapts the reg
values sizes depending on already present #address-cells and #size-cells
values.
Signed-off-by: Detlev Casanova <detlev.casanova@collabora.com>
Documentation:
* mkeficapsule man-page
UEFI changes:
* add support for signing images to mkeficapsule
* add support for user define capsule GUID
* adjust unit tests for capsules
* fix UEFI image signature validation in case of multiple signatures
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmIGtKEACgkQxIHbvCwF
GsSWlg//Vr61dpbpPVuczl18OtojpUzMg8bwqc4tJQRQrOGMGjmPqrGZJCm1pmMH
Q5ZD4QCAdycbRqAqcpdX9FXHmD5R0HvGmhlC9TnXxo4nKaOcphMMC3PFjBQZlhPJ
KPc7jjoIcycz+fRqbd4CGRFXNGJAecK++4uM6v6WCNF3Dq16r0ws1aUTG7YPlaJF
JNo3/4eEQpRsplNXpJsqVPQhbfLuaiCOJc8VUWYNylRdhBC7Dx8yI7m1FHOSBbKb
Pk4tbysEhowcSc2Duc9muxkaVAkSy/mIHj1I8Z2VzpzH8zXcaiHMjROqMGOE+vwx
raDzJI0ZcEV/MEbm/QLCALlCKqN3d1NRmZLAvXPYN4+ioA8lzPAEnqEywXRPY/Yk
KnkDWaF1KEKzDaY52oqkh2LkasY9wzluvb1sm+oW9bh/kn4wKLr0Z1oSl92/vvci
S/ztLqxhqlXpWx0NzOFnNvUUkEl0VN6IM/+Bsg5AoO7mdWe7MC3iSPOU1Ge5wRU9
R9BLaTrr61/+soc2jrJL5PQr3Rqtyo1qLpIusMFT88jeFp0b8AIUL2AUlJsAUXYg
a2NV7qGUsZN/Ur488N1t7DixTkjGdStHKRk06bSTPrOpfA2oembdA2/H/HECoJMP
JzdwMeZM0qcxFGTbC7c3yO3cTVVYPyIDGh1YEBYjCzfL6AuR2uU=
=AAdJ
-----END PGP SIGNATURE-----
Merge tag 'efi-2022-04-rc2-4' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2022-04-rc2-4
Documentation:
* mkeficapsule man-page
UEFI changes:
* add support for signing images to mkeficapsule
* add support for user define capsule GUID
* adjust unit tests for capsules
* fix UEFI image signature validation in case of multiple signatures
The previous patch is changing U-Boot's behavior wrt certificate based
binary authentication. Specifically an image who's digest of a
certificate is found in dbx is now rejected. Fix the test accordingly
and add another one testing signatures in reverse order
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The EFI spec allows for images to carry multiple signatures. Currently
we don't adhere to the verification process for such images.
The spec says:
"Multiple signatures are allowed to exist in the binary's certificate
table (as per PE/COFF Section "Attribute Certificate Table"). Only one
hash or signature is required to be present in db in order to pass
validation, so long as neither the SHA-256 hash of the binary nor any
present signature is reflected in dbx."
With our current implementation signing the image with two certificates
and inserting both of them in db and one of them dbx doesn't always reject
the image. The rejection depends on the order that the image was signed
and the order the certificates are read (and checked) in db.
While at it move the sha256 hash verification outside the signature
checking loop, since it only needs to run once per image and get simplify
the logic for authenticating an unsigned imahe using sha256 hashes.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Before the capsule authentication is supported, this test script works
correctly, but with the feature enabled, most tests will fail due to
unsigned capsules.
So check the results depending on CAPSULE_AUTHENTICATE or not.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
This test scenario tests a new feature of mkeficapsule, "--guid" option,
which allows us to specify FMP driver's guid explicitly at the command
line.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Since the syntax of mkeficapsule was changed in the previous commit,
we need to modify command line arguments in a pytest script.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
The existing options, "--fit" and "--raw," are only used to put a proper
GUID in a capsule header, where GUID identifies a particular FMP (Firmware
Management Protocol) driver which then would handle the firmware binary in
a capsule. In fact, mkeficapsule does the exact same job in creating
a capsule file whatever the firmware binary type is.
To prepare for the future extension, the command syntax will be a bit
modified to allow users to specify arbitrary GUID for their own FMP driver.
OLD:
[--fit <image> | --raw <image>] <capsule file>
NEW:
[--fit | --raw | --guid <guid-string>] <image> <capsule file>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a couple of test cases against capsule image authentication
for capsule-on-disk, where only a signed capsule file with the verified
signature will be applied to the system.
Due to the difficulty of embedding a public key (esl file) in U-Boot
binary during pytest setup time, all the keys/certificates are pre-created.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Now we can use mkeficapsule command instead of EDK-II's script
to create a signed capsule file. So update the instruction for
capsule authentication.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Add a man page for mkeficapsule command.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
With this enhancement, mkeficapsule will be able to sign a capsule
file when it is created. A signature added will be used later
in the verification at FMP's SetImage() call.
To do that, we need specify additional command parameters:
-monotonic-cout <count> : monotonic count
-private-key <private key file> : private key file
-certificate <certificate file> : certificate file
Only when all of those parameters are given, a signature will be added
to a capsule file.
Users are expected to maintain and increment the monotonic count at
every time of the update for each firmware image.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Add CONFIG_TOOLS_MKEFICAPSULE. Then we want to always build mkeficapsule
if tools-only_defconfig is used.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
We need to install libgnutls-devel package to build the host tool,
mkeficapsule, and as of now, there seems to be a depencency conflict
in the current msys2 installer;
:: installing libp11-kit (0.24.1-1) breaks dependency \
'libp11-kit=0.23.22' required by p11-kit
To resolve this conflict, however, the initial "pacman -Syyuu" in
'tools_only_windows' job is not enough. Another "pacman -Su" will
enforce all the out-of-date packages being upgraded.
(Probably the first "-Syyuu" can be changed to "-Syu".)
See the installation steps in
https://www.msys2.org/
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
A partial list:
- fw_env updates, a new testcase for mkimage -o ..., nop-phy reset-gpios
support, DFU updates, kaslr-seed support in extlinux.conf, modern
"partitions" support in mtd device tree
The output size for snprint() should not only be respected for whole fields
but also with fields. Add more tests.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Some usb-nop-xceiv devices use a gpio take them out
of reset. Add a reset function to put them into that
state. This is similar to how Linux handles the
usb-nop-xceiv driver.
Signed-off-by: Adam Ford <aford173@gmail.com>
Environment variables can be stored in two formats:
1. Single entry with header containing CRC32
2. Two entries with extra flags field in each entry header
For that reason fw_env_open() has two main code paths and there are
pointers for CRC32/flags/data.
Previous implementation was a bit hard to follow:
1. It was checking for used format twice (in reversed order each time)
2. It was setting "environment" global struct fields to some temporary
values that required extra comments explaining it
This change simplifies that code:
1. It introduces two clear code paths
2. It sets "environment" global struct fields values only once it really
knows them
To be fair there are *two* crc32() calls now and an extra pointer
variable but that should be cheap enough and worth it.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
It's usually easier to understand code & follow it if all arguments are
passed explicitly. Many coding styles also discourage using global
variables.
Behaviour of flash_io() was a bit unintuitive as it was writing to a
buffer referenced in a global struct. That required developers to
remember how it works and sometimes required hacking "environment"
global struct variable to read data into a proper buffer.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Since dfu is not only used for USB, and some platform only
supports DFU_OVER_TFTP or EFI capsule update, dfu_alt_info
is defined on such platforms too.
For such platform, 'dfu list' command is useful to check
how the current dfu_alt_info setting is parsed.
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Fix some typo and wrong information about dfu_alt_info.
- Add the parameter format, decimal only or hexadecimal.
- Use same parameter name for the same kind of parameters.
(e.g. dev -> dev_id)
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
When parsing the dfu_alt_info, check the number of arguments
and argument string strictly. If there is any garbage data
(which is not able to be parsed correctly) in dfu_alt_info,
that means something wrong and user may make a typo or mis-
understanding about the syntax. Since the dfu_alt_info is
used for updating the firmware, this mistake may lead to
brick the hardware.
Thus it should be checked strictly for making sure there
is no mistake.
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
If dfu_alt_info has repeated spaces or tab (for indentation or
readability), the dfu fails to parse it. For example, if
dfu_alt_info="mtd nor1=image raw 100000 200000" (double spaces
after "raw"), the image entity start address is '0' and the size
'0x100000'. This is because the repeated space is not skipped.
Use space and tab as a separater and apply skip_spaces() to
skip redundant spaces and tabs.
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Use strlcpy() instead of strcpy() to prevent copying the
entity name over the name buffer size.
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Addresses the feedback provided on 5902a397d0 ("mkimage: Allow to
specify the signature algorithm on the command line") which raced with
the merge.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
echo -n does not give the intended effect when invoked in macOS through
/bin/sh, which is the shell make uses by default, see
"https://stackoverflow.com/questions/11675070/makefile-echo-n-not-working"
for a detailed explanation. In this case, it resulted in "-n" being
written to env.txt and env.in even though they should be empty, which
caused compilation to fail with "Your board uses a text-file
environment, so must not define CONFIG_EXTRA_ENV_SETTINGS".
This patch prevents the error by replacing echo -n's with touch, as they
are used to create empty files in these cases.
strlen() returns size_t. So we should use %zu to print it.
This avoids incorrect output on 32bit systems.
Fixes: 2fc62f2991 ("stackprot: Make our test a bit more complex")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Stress the '-o algo_name' argument of mkimage by expanding the vboot
test.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: Update scripts/pylint.base]
Replace %zx by %lx and cast size_t to ulong.
U-Boot currently prints garbage debug output:
size=x, ptr=18, limit=18: 4002a000
With this change it prints correct debug data:
size=18, ptr=18, limit=2000: 4002a000
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
