Improvements for the UEFI subsystem include:
* support for read-only TEE-backed variables
* allow to compile PK, KEK, db, dbx fixed values into U-Boot
* bug fixes
Python testing related changes comprise:
* enable 'bootefi hello' for better test coverage
* remove SKIP messages in UEFI Python tests
The fitupd command is dropped.
Build errors for the lsblk command are fixed.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl8QMDgACgkQxIHbvCwF
GsQG1g/+P0a7gYDY9LV1CziXE5A3wCm1jTcjy/RemJ4c038V7flfX7beTcTeI8Gg
8aHDRTnmiPpU974WgiLBT19ok3LAL87PqlwMcui2YOXDhtNB49UXyY4vLqAE8Olq
2NEi9XsdtE5uKhoPLMf1b2vRzKaw6zcWOUP+BUycVCOQOqn2dPtotB/wFtVcVMKn
q58VOCItIvPqNNRwVmcdKYBvp8gEtTebdV2gBlr4drrMTB1nG4BzPcya6hQw6SUL
pMzHUAHRTiMR75taWkyvTY975Z+lX1Cn3JkS5RfdaT++ydNH3xFBpLyn1GTA1SRj
9g3p9QL/dXSZAtjGHg78YkWN6spCD/VHLAdMaUv6La/EoW6FBWrM25KH+yqEFfDe
llqa8jJc9YBRtvRfFaKCKKoFcIivvnU72EmHsHdgB2wZea5mSF39lGb8onXGL8XS
a4TwgQEdAhoGBM6sKG6g+n1wicLPEKlYAUqUEZquhCAyHWg/2TwY+ArcIZd3zPsy
d59zoHOB7z27ypfYBAa8afN9qMpwcxzODok/UK2JKMkbpOdATNxmRBMB3VP6xyD+
W2l9Gmbg9oulScFUfbuZJ9jyQGC09OVVmDuk3DrY8/UnIL6ZN9QzsPKzZidmCsx6
ksGsMXmJL8vDqpZqm33H46WmX+sH75yBl4cxQ5njKr3RwKCe5hw=
=y4Dr
-----END PGP SIGNATURE-----
Merge tag 'efi-2020-10-rc1-4' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-10-rc1 (4)
Improvements for the UEFI subsystem include:
* support for read-only TEE-backed variables
* allow to compile PK, KEK, db, dbx fixed values into U-Boot
* bug fixes
Python testing related changes comprise:
* enable 'bootefi hello' for better test coverage
* remove SKIP messages in UEFI Python tests
The fitupd command is dropped.
Build errors for the lsblk command are fixed.
Commit 4503299 has a side effect on this board, and build is broken.
Adjust mx6memcal_defconfig to build it again.
Signed-off-by: Stefano Babic <sbabic@denx.de>
Currently default output of 'printenv -e' is restricted to variables with
GUID EFI_GLOBAL_VARIABLE. This excludes db and dbx. As the number of
variables is small there is no need for this restriction.
If no GUID is provided, print all matching variables irrespective of GUID.
Always show the numeric value of the GUID.
If the GUID provided to 'setenv -e' is invalid, return CMD_RET_USAGE.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Include a file with the initial values for non-volatile UEFI variables
into the U-Boot binary. If this variable is set, changes to variable PK
will not be allowed.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
To determine if a varible is on the of the authentication variables
PK, KEK, db, dbx we have to check both the name and the GUID.
Provide a function converting the variable-name/guid pair to an enum and
use it consistently.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The file based and the OP-TEE based UEFI variable store are mutually
exclusive. Define them as choice options in Kconfig.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Some distributions provide UEFI binaries like Shim that have been signed
using a Microsoft certificate. Provide the download paths for the public
keys.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Update the UEFI secure state when variable 'PK' is updated in the TEE
variables implementation.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
When using secure boot functions needed both for file and TEE based UEFI
variables have to be moved to the common code module efi_var_common.c.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
A previous commit adds support for displaying variables RO flag.
Let's add it on the TEE backed variable storage as well.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Skip messages should only be written if the setup is not suitable for
testing.
If DHCP is enabled, we should not write a skip message if no static network
configuration is supplied.
Likewise if a static network configuration is supplied, we should not write
a skip message if DHCP is not enabled.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In our Python tests we want to run 'bootefi hello'. Enable it by default
when compiling with CMD_BOOTEFI_SELFTEST.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The `fitupd' command is not used by any board. The `dfu tftp' command
provides the same capabilities.
So let's drop the `fitupd' command.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
As explained in the CONFIG_DM_MDIO text inside drivers/net/Kconfig:
"Useful in particular for systems that support
DM_ETH and have a stand-alone MDIO hardware block shared by multiple
Ethernet interfaces."
i.MX6 has a single FEC instance, so there is no need to select
CONFIG_DM_MDIO.
Remove it from the i.MX6 defconfig files.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
OF graph endpoint connections must be bidirectional and dtc warn if they
are not. i.MX7 based DTs have an error and generate
warnings:
arch/arm/dts/imx7d-sdb.dtb: Warning (graph_endpoint):
/replicator/ports/port@0/endpoint: graph connection to node
'/soc/tpiu@30087000/port/endpoint' is not bidirectional
arch/arm/dts/imx7d-sdb.dtb: Warning (graph_endpoint):
/soc/tpiu@30087000/port/endpoint: graph connection to node
'/replicator/ports/port@1/endpoint' is not bidirectional
Signed-off-by: Ilko Iliev <iliev@ronetix.at>
This commit enables imx28 based XEA board's u-boot.sb (SPL) to download
u-boot proper (u-boot.img) via Ymodem protocol.
This is extremely useful in the recovery scenario where u-boot.sb is
downloaded via uuu utility to SDRAM [*], and then one can upload u-boot
proper via serial console to fully debrick the device.
Note - debricking procedure of imx28 devices:
- NXP's original USB based tools (like mxsldr or uuu) expect single
u-boot.sb which is a relic of the old U-Boot (~2013) without SPL and
U-Boot proper distinction.
[*] On Host:
------------
cat << EOF > imx28_xea.lst
uuu_version 1.3.0
SDPS: boot -f /srv/tftp/xea/u-boot.sb
SDPU: done
EOF
Please start picocom:
sudo picocom -b 115200 -s "sz -vv" /dev/ttyUSB1
sudo ./uuu/uuu -V imx28_xea.lst
On the U-boot console one shall see:
Trying to boot from UART
CCC
Then please press CTRL+A, S
and type u-boot.img
Signed-off-by: Lukasz Majewski <lukma@denx.de>
Acked-by: Peng Fan <peng.fan@nxp.com>
as patch
gpio: search for gpio label if gpio is not found through bank name
is now in mainline, but functionality is disabled, we
need to enable
CONFIG_DM_GPIO_LOOKUP_LABEL
for the aristainetos boards.
Signed-off-by: Heiko Schocher <hs@denx.de>
After "4b969deac0 watchdog: imx: Add DM support", the imx watchdog
can be started by wdt command. But the imx watchdog driver only
support start with the default timeout.
This commit adds the support for setting the timeout which pass from
the wdt command into the imx watchdog. If the timeout out of the
valid range(0.5~128s), start the watchdog with a timeout within the
valid range and the timeout is the one which closest to the passed
timeout.
Signed-off-by: Yuezhang.Mo <yuezhang.mo@sony.com>
Reviewed-by: Andy.Wu <Andy.Wu@sony.com>
Reviewed-by: stefano Babic <sbabic@denx.de>
Quoting Ye Li from NXP:
"We have confirmed with PMIC team, 0x35 is used only on early chips
and not used any more. 0x25 is the final address."
Fix it by merging power_pca9450a_init and power_pca9450b_init into one
function power_pca9450_init.
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Even if the HAB fuse is not set we want to be able to use the Cryptographic
Accelerator and Assurance Module (CAAM) for generating random numbers. So
SYS_FSL_HAS_SEC should be selected even if IMX_HAB is not set.
arch_misc_init() has to be called to initialize the CAAM.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The current URL for the pico imx6ul board is not valid anymore. Change
to a different URL that works.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Current mxc_gpio DM driver allocates the platdata in bind function to
handle both OF_CONTROL enabled case and disabled case. This implementation
puts the devfdt_get_addr in bind, which introduces much overhead especially
in board_f phase.
Change the driver to a common way for handling the cases by using
ofdata_to_platdata and using DM framework to allocate platdata.
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Add SCFW API sc_misc_get_boot_container to get current boot container
set index.
The index value returns 1 for primary container set, 2 for secondary
container set.
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
i.MX platforms provide large AHB mapped space for QSPI, each
controller has 256MB. However, current driver only maps small
size (AHB buffer size) of AHB space, this implementation
causes i.MX failed to boot M4 with QSPI XIP image.
Add config CONFIG_FSL_QSPI_AHB_FULL_MAP (default enabled for i.MX)
to address above problem.
When the config is set:
1. Full AHB space is divided to each CS.
2. A dedicated LUT entry is used for AHB read only.
3. The MODE instruction in LUT is replaced to standard ADDR instruction
4. The address in spi_mem_op is used to SFAR and AHB read
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Ashish Kumar <Ashish.Kumar@nxp.com>
Reviewed-by: Kuldeep Singh <kuldeep.singh@nxp.com>
Add compatible string and driver data for i.MX7ULP.
Meanwhile, the address set to SFA1AD/SFA2AD/SFB1AD/SFB2AD should
align with 1KB, because the lowest 10 bits are reserved by the
registers definition.
For i.MX7ULP which has only 128Bytes AHB buffer, must align it
when setting the registers and selecting cs.
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Ashish Kumar <Ashish.Kumar@nxp.com>
Reviewed-by: Kuldeep Singh <kuldeep.singh@nxp.com>
While the general policy of not taking changes to the project via pull
requests directly on GitHub has not changed, it can be useful to submit
a PR there in order to trigger a CI run on Azure. These are run
automatically and the results are populated back to GitHub. Add a note
to the template to reflect this.
Signed-off-by: Tom Rini <trini@konsulko.com>
Convert pcm058 support to use device trees and the driver model.
Add rudimentary boot scripts to the environment, expand README.
Signed-off-by: Niel Fourie <lusus@denx.de>
Cc: Stefano Babic <sbabic@denx.de>
Add Phytec Mira device tree files, for use with pcm058.
>From Linux 5.6, commit 7111951b8d49 upstream
Signed-off-by: Niel Fourie <lusus@denx.de>
Cc: Stefano Babic <sbabic@denx.de>
As per the SD physical layer specification version 7.10, erase
command (CMD38) and stop transmission command (CMD12) will generate
R1b response.
R1b = R1 + busy signal
A non-zero value after the R1 response indicates card is ready for
next command.
Signed-off-by: Pragnesh Patel <pragnesh.patel@sifive.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Tested-by: Bin Meng <bin.meng@windriver.com>
Erase block start address (CMD32) and erase block end address (CMD33)
command will generate R1 response for mmc SPI mode.
R1 response is 1 byte long for mmc SPI, so assign 1 byte as a response
for this commands.
Signed-off-by: Pragnesh Patel <pragnesh.patel@sifive.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Tested-by: Bin Meng <bin.meng@windriver.com>
Send status command (CMD13) will send R1 response under SD mode
but R2 response under SPI mode.
R2 response is 2 bytes long, so read 2 bytes for mmc SPI mode
Signed-off-by: Pragnesh Patel <pragnesh.patel@sifive.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Tested-by: Bin Meng <bin.meng@windriver.com>
The content of ssr is useful only for erase operations.
This saves erase time.
Signed-off-by: Pragnesh Patel <pragnesh.patel@sifive.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Tested-by: Bin Meng <bin.meng@windriver.com>
R1 response is 1 byte long for mmc SPI commands as per the updated
physical layer specification version 7.10.
So correct the resp and resp_size for existing commands
Signed-off-by: Pragnesh Patel <pragnesh.patel@sifive.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Tested-by: Bin Meng <bin.meng@windriver.com>
When variable i will become 0, while(i--) loop breaks but variable i will
again decrement to -1 because of i-- and that's why below condition
"if (!i && (r != resp_match_value)" will never execute, So doing "i--"
inside of while() loop solves this problem.
Signed-off-by: Pragnesh Patel <pragnesh.patel@sifive.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Tested-by: Bin Meng <bin.meng@windriver.com>
Current codes assume the OPTEE address is at the end of first DRAM bank.
Adjust the process to allow OPTEE in the middle of first bank.
When OPTEE memory is removed from first bank, it may split the first bank
to two banks, adjust the MMU table for the split case,
Since the default CONFIG_NR_DRAM_BANKS is 4, it is enough, just enlarge
i.MX8MP evk to default to avoid issue.
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
Tested-by: Silvano di Ninno <silvano.dininno@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
We use non-dm code to configure the clk settings in order to simplify
dm clk driver in future, so remove the duplicated code from clk driver
Signed-off-by: Peng Fan <peng.fan@nxp.com>
To fused part, we need to disable nodes of dtb to let kernel boot.
To mfgtool, USB issue when using super-speed for mfgtool, temporally
work around the problem to use high-speed only.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
To use one defconfig for all boot device, we have to runtime set
env offset and return env medium according to the boot device.
This patch overrides the env_get_offset and env_get_location to
implement the feature.
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>