Commit graph

75720 commits

Author SHA1 Message Date
Wasim Khan
b62c174e86 armv8: fsl : create bootcmd and mcinitcmd as per boot source
NXP platforms expect custom bootcmd and mcinitcmd to be
updated as per boot source with default environment.
Check env variable fsl_bootcmd_mcinitcmd_set to prepare
bootcmd and mcinitcmd

Fixes: cbf77d2018 (armv8: fsl-layerscape: Fix automatic
setting of bootmcd with TF-A)

Signed-off-by: Wasim Khan <wasim.khan@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2021-08-18 15:55:15 +05:30
Kshitiz Varshney
0dfa9da277 board: fsl_validate: Fix resource leak issue
Free dynamically allocated memory before every return statement
in calc_img_key_hash() and calc_esbchdr_esbc_hash() function.
Verified the secure boot changes using ls1046afrwy board.

Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2021-08-18 15:55:15 +05:30
Camelia Groza
6466b95e7c board: freescale: t208xrdb: enable Power-On Reset for rev D boards
Starting with board revision D, the MISCCSR CPLD register needs to be
configured to enable Power-on Reset for software reset commands.

Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2021-08-18 15:55:15 +05:30
Kuldeep Singh
00ac37a9bc lx2160a: Enable CONFIG_SPI_FLASH_MT35XU for lx2160a-rdb/qds
LX2160A-RDB/QDS has micron mt35xu512aba flash which requires flag
CONFIG_SPI_FLASH_MT35XU on to probe flash successfully.

Signed-off-by: Kuldeep Singh <kuldeep.singh@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2021-08-18 15:55:15 +05:30
Michael Walle
8331618cc3 board: sl28: drop unneeded and outdated flash partitions
This board doesn't use the MTD subsystem in u-boot, thus there is no
need to specify the partitions. They are outdated anyway. Just drop
them.

Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2021-08-18 15:55:15 +05:30
Tom Rini
a968e9adac arm: Finish migration of HAS_FSL_XHCI_USB
This symbol was largely migrated, except for one case.  Update it.

Cc: Priyanka Jain <priyanka.jain@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2021-08-18 15:55:15 +05:30
Michael Walle
364174b2d3 spi: nxp_fspi: Ensure width is respected in spi-mem operations
Import linux commit 007773e16a6f ("spi: nxp-fspi: Ensure width is
respected in spi-mem operations") to fix SPI access on boards which
don't have all SPI I/O lines connected to the flash.

Since commit 71025f013c ("mtd: spi-nor-core: Rework hwcaps selection")
u-boot figures out the capabilities by looking at spi_mem_supports_op().
The FlexSPI driver doesn't take the board layout into account. Fix that.

Fixes: 383fded70c ("spi: nxp_fspi: new driver for the FlexSPI controller")
Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Pratyush Yadav <p.yadav@ti.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2021-08-18 15:55:15 +05:30
Heinrich Schuchardt
9a4b3c8e91 efi_loader: use EfiBootServicesData for DP to text
Memory allocated in the implementation of the
EFI_DEVICE_PATH_TO_TEXT_PROTOCOL must be of type EfiBootServicesData.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-08-17 17:24:08 +02:00
Heinrich Schuchardt
426a15893f efi_loader: use EfiBootServicesData for device path
dp_alloc() was using a constant from the wrong enum resulting in creating
device paths in EfiReservedMemory.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-08-17 17:24:08 +02:00
Heinrich Schuchardt
49d225e7bf efi_loader: use correct type for AllocatePages, AllocatePool
Use enum efi_memory_type and enum_allocate_type in the definitions of the
efi_allocate_pages(), efi_allocate_pool().

In the external UEFI API leave the type as int as the UEFI specification
explicitely requires that enums use a 32bit type.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-08-17 17:24:08 +02:00
Heinrich Schuchardt
c91737b7f1 efi_loader rename enum efi_mem_type to efi_memory_type
Use the same name as in the UEFI specification to avoid confusion.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-08-17 17:24:08 +02:00
Heinrich Schuchardt
3ced574530 efi_loader: use an enum for the memory allocation types
For type checking we need an enum.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-08-17 17:24:08 +02:00
Masahisa Kojima
7685d17b72 efi_loader: add comment for efi_tcg2.h
This commit adds the comment of the TCG Specification
efi_tcg2.h file refers, and comment for the structure.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-08-17 17:24:08 +02:00
Heinrich Schuchardt
7075ef463e doc: move doc/board/st/st.rst
'make htmldocs' does not use file doc/board/st/st.rst because the name
matches the directory name. Let's rename it to st-dt.rst.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-08-17 17:24:08 +02:00
Heinrich Schuchardt
49dae65589 doc: rename Freescale to NXP
Freescale Semiconductor, Inc. was merged into NXP Semiconductors in 2015.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-08-17 17:24:08 +02:00
Heinrich Schuchardt
f1991bdf97 doc: move i.MX7D/i.MX8MM A/B booting to board specific
Having "i.MX7D/i.MX8MM SRC_GPR10 PERSIST_SECONDARY_BOOT for bootloader A/B
switching" at the top level of the documentation tree does not make sense.
Move it to board specific information.

Fixes: 59e3d1bd49 ("doc: imx: psb: Document usage of SRC_GPR10 PERSIST_SECONDARY_BOOT for A/B switching")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-08-17 17:24:07 +02:00
Tom Rini
78e786decb Merge https://source.denx.de/u-boot/custodians/u-boot-tegra 2021-08-17 09:39:22 -04:00
Zong Li
47d73ba4f4 board: sifive: overwrite board_fdt_blob_setup in u-boot proper
Add board_fdt_blob_setup to return the device tree location which is
passed by prior stage in u-boot proper. The generic board_fdt_blob_setup
always returns _end, it mignt be ok because u-boot SPL would currently
put the dtb there, but it would be broken if we put the dtb to another
place and assigned the location into a1 register for u-boot proper. Use
the location passed by prior stage would make more sence, because we
actually pass the location to u-boot proper and want to use that one,
rather than the dtb which in _end.

We can't use CONFIG_OF_PRIOR_STAGE because it doens't distinguish the
implementation of u-boot SPL and u-boot proper, so u-boot SPL need to
reply on the prior stage to pass device tree location as well, but we
don't pass the DT from boot rom now. In addition, when
CONFIG_OF_PRIOR_STAGE is enabled, the u-boot-spl.bin and u-boot.itb won't
include the device tree.

Signed-off-by: Zong Li <zong.li@sifive.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
2021-08-17 19:28:37 +08:00
Zong Li
87e8481885 board: sifive: compile stuff only related to SPL in SPL build
As (3581811dc2 "riscv: sifive/fu540: Move SPL related functions to spl.c"),
we put the SPL stuff in spl.c, we don't need to compile unleashed.c and
unmatched.c in SPL build.

Signed-off-by: Zong Li <zong.li@sifive.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
2021-08-17 19:28:37 +08:00
Zong Li
662e300bc0 riscv: cpu: fu740: Fix typo of date
Fixed the typo of date of copyright declaration.

Signed-off-by: Zong Li <zong.li@sifive.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2021-08-17 19:28:37 +08:00
Dimitri John Ledkov
8359fd7313 qemu-riscv64_smode: fix extlinux (define preboot)
Commit 37304aaf60 ("Convert CONFIG_USE_PREBOOT and CONFIG_PREBOOT to
Kconfig") removed preboot commands in RISC-V targets and broke
extlinux support as reported by Fu Wei <wefu@redhat.com>.

The patch finishes migration of CONFIG_USE_PREBOOT and CONFIG_REBOOT
to Kconfig.

Fixes: 37304aaf60 ("Convert CONFIG_USE_PREBOOT and CONFIG_PREBOOT to Kconfig")
Reported-By: Fu Wei <wefu@redhat.com>
Signed-off-by: David Abdurachmanov <david.abdurachmanov@sifive.com>
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
2021-08-17 19:28:37 +08:00
Marcel Ziswiler
5e39e20a1a board: apalis-tk1: launch toradex easy installer in usb recovery
The USB recovery mode is used by Toradex to load the Toradex Easy
Installer image which supports further system images installation.
Prepare for loading and launching the Toradex Easy Installer if the
USB Recovery mode is activated.

Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2021-08-16 12:17:07 -07:00
Tom Rini
a0da2dda4e Prepare v2021.10-rc2
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-08-16 14:18:45 -04:00
Tom Rini
4edc79b016 configs: Resync with savedefconfig
Rsync all defconfig files using moveconfig.py

Signed-off-by: Tom Rini <trini@konsulko.com>
2021-08-16 09:35:24 -04:00
Tom Rini
5a221adb2f Merge https://source.denx.de/u-boot/custodians/u-boot-stm
Highlights:
  - Handle TF-A boot with FIP for STM32MP1
  - Fix board_get_usable_ram_top(0) for STM32MP1
  - DT alignement with kernel v5.14 for STM32MP1
  - SPI-NOR DT update for DHSOM
  - Add UCLASS API for ECDSA singnature and implement it for STM32MP1
2021-08-16 09:31:00 -04:00
Alexandru Gagniuc
46a738a4ec test: dm: Add test for ECDSA UCLASS support
This test verifies that ECDSA_UCLASS is implemented, and that
ecdsa_verify() works as expected. The definition of "expected" is
"does not find a device, and returns -ENODEV".

The lack of a hardware-independent ECDSA implementation prevents us
from having one in the sandbox, for now.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-08-16 10:49:35 +02:00
Alexandru Gagniuc
61416fe9df Kconfig: FIT_SIGNATURE should not select RSA_VERIFY
FIT signatures can now be implemented with ECDSA. The assumption that
all FIT images are signed with RSA is no longer valid. Thus, instead
of 'select'ing RSA, only 'imply' it. This doesn't change the defaults,
but allows one to explicitly disable RSA support.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-08-16 10:49:35 +02:00
Alexandru Gagniuc
ee870859ce arm: stm32mp1: Implement ECDSA signature verification
The STM32MP ROM provides several service. One of them is the ability
to verify ecdsa256 signatures. Hook the ROM API into the ECDSA uclass.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-08-16 10:49:35 +02:00
Alexandru Gagniuc
928a8be794 lib: ecdsa: Implement UCLASS_ECDSA verification on target
Implement the crypto_algo .verify() function for ecdsa256. Because
it backends on UCLASS_ECDSA, this change is focused on parsing the
keys from devicetree and passing this information to the specific
UCLASS driver.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-08-16 10:49:35 +02:00
Alexandru Gagniuc
1d54af1392 dm: crypto: Define UCLASS API for ECDSA signature verification
Define a UCLASS API for verifying ECDSA signatures. Unlike
UCLASS_MOD_EXP, which focuses strictly on modular exponentiation,
the ECDSA class focuses on verification. This is done so that it
better aligns with mach-specific implementations, such as stm32mp.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-08-16 10:49:35 +02:00
Marek Vasut
59f6eb477e ARM: dts: stm32: Reduce DHCOR SPI NOR frequency to 50 MHz
The SPI NOR is a bit further away from the SoC on DHCOR than on DHCOM,
which causes additional signal delay. At 108 MHz, this delay triggers
a sporadic issue where the first bit of RX data is not received by the
QSPI controller.

There are two options of addressing this problem, either by using the
DLYB block to compensate the extra delay, or by reducing the QSPI bus
clock frequency. The former requires calibration and that is overly
complex for SPL, so opt for the second option. This incurs 20ms delay
during boot, when SPL loads U-Boot to DRAM.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Patrice Chotard <patrice.chotard@foss.st.com>
Cc: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-08-16 10:49:35 +02:00
Marek Vasut
df68620743 ARM: stm32: Set environment sector size to 4k on DHSOM
The DHSOM SPI NOR is using 4k erase blocks, make use of it
and define the default environment sector size to 4k.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Patrice Chotard <patrice.chotard@foss.st.com>
Cc: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-08-16 10:49:35 +02:00
Patrick Delaunay
2d4180b1eb arm: dts: stm32mp15: alignment with v5.14
Device tree alignment with Linux kernel v5.14-rc3
- ARM: dts: stm32: move stmmac axi config in ethernet node on stm32mp15
- ARM: dts: stm32: Configure qspi's mdma transfer to block for stm32mp151
- ARM: dts: stm32: add a new DCMI pins group on stm32mp15
- ARM: dts: stm32: fix ltdc pinctrl on microdev2.0-of7

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-08-16 10:49:35 +02:00
Patrick Delaunay
92b611e8b0 stm32mp: correctly handle board_get_usable_ram_top(0)
The function board_get_usable_ram_top can be called after relocation
with total_size = 0 to get the uppermost pointer that is valid to access
in U-Boot.

When total_size = 0, the reserved memory should be not take in account
with lmb library and 'gd->ram_base + gd->ram_size' can be used.

It is the case today in lib/efi_loader/efi_memory.c:efi_add_known_memory()
and this patch avoids that the reserved memory for OP-TEE is not part of
the EFI available memory regions.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-08-16 10:49:35 +02:00
Patrick Delaunay
f64d32a27a stm32mp1: stm32prog: remove stm32prog_get_tee_partitions with FIP
The MTD tee partitions used to save the OP-TEE binary are needed when
TF-A doesn't use the FIP container to load binaries.

This patch puts under CONFIG_STM32MP15x_STM32IMAGE flag the associated
code in U-Boot binary and prepare the code cleanup when
CONFIG_STM32MP15x_STM32IMAGE support will be removed after TF-A migration
to FIP support.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-08-16 09:36:31 +02:00
Patrick Delaunay
5b4c80284d doc: st: stm32mp1: Add FIP support for trusted boot
TF-A for STM32MP15 now supports the FIP: it is a packaging format which
includes the secure monitor, u-boot-nodtb.bin and u-boot.dtb

This FIP file is loaded by FSBL = TF-A BL2.

This patch updates the board documentation to use this FIP file and no
more u-boot.stm32 (with STM32 image header) which is no more generated.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-08-16 09:36:31 +02:00
Patrick Delaunay
b73e8bf453 arm: stm32mp: add defconfig for trusted boot with FIP
Add TF-A FIP support for trusted boot on STM32MP15x,
when STM32MP15x_STM32IMAGE is not activated.

With FIP support the SSBL partition is named "fip" and its size is 4MB,
so the ENV partition name in device tree  (for SD card or eMMC)
or offset in defconfig (CONFIG_ENV_OFFSET / CONFIG_ENV_OFFSET_REDUND)
need to be modified.

With FIP the TEE MTD partitions are removed because the OP-TEE binray are
included in the FIP containers.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-08-16 09:36:31 +02:00
Patrick Delaunay
f91783edf2 arm: stm32mp: handle the OP-TEE nodes in DT with FIP support
With FIP support in TF-A (when CONFIG_STM32MP15x_STM32IMAGE
is not activated), the DT nodes needed by OP-TEE are added by OP-TEE
firmware in U-Boot device tree, present in FIP.

These nodes are only required in trusted boot, when TF-A load the file
u-boot.stm32, including the U-Boot device tree with STM32IMAGE header,
in this case OP-TEE can't update the U-Boot device tree.

Moreover in trusted boot mode with FIP, as the OP-TEE nodes are present
in U-Boot device tree only when needed the function
stm32_fdt_disable_optee can be removed.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-08-16 09:34:27 +02:00
Patrick Delaunay
6de57b41dd arm: stm32mp: add config for STM32IMAGE support
By default for trusted boot with TF-A, U-Boot (u-boot-nodtb)
is located in FIP container with its device tree and with
the secure monitor (provided by TF-A or OP-TEE).
The FIP file is loaded by TF-A BL2 and each components is
extracted at the final location.

This patch add CONFIG_STM32MP15x_STM32IMAGE to request the
STM32 image generation for SOC STM32MP15x
when FIP container is not used (u-boot.stm32 is loaded by TF-A
as done previously to keep the backward compatibility).

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-08-16 09:34:27 +02:00
Patrick Delaunay
28e5acef72 clk: stm32mp1: add support of BSEC clock
Add the support of the BSEC clock used by the STM32MP misc driver
since the commit 622c956cad ("stm32mp: bsec: manage clock when present
in device tree") even if this clock is not yet defined in kernel device
tree stm32mp151.dtsi.

This patch avoids issue for basic boot when this secure clock are not
provided by secure world with SCMI.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
2021-08-16 09:33:43 +02:00
Tom Rini
fdc4fda330 Pull request for efi-2021-10-rc2-2
Documentation:
 
 * Require Sphinx >= 2.4.4 for 'make htmldocs'
 * Move devicetree documentation to restructured text and update it
 * Document stm32mp1 devicetree bindings
 
 UEFI
 
 * Extend measurement to UEFI variables and ExitBootServices()
 * Support Uri() node in devicetree to text protocol
 * Add Linux magic token to RISC-V EFI test binaries
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmEYlbcACgkQxIHbvCwF
 GsRP6g/8C1HWK4ZKJspHBt3ib09XwiJHTTVym//Crqo1+J32scS32Uktx6PvOODD
 axmE60cSblDKL3+1uVRMRF2rEGta3pjYyPe/ie7VhqvFU5c7BxHbBSAe0fKTXWtR
 7DVFKn4f0Yv1k3MD/WV/3L9LXEJeOC+UHANNUYfQsuC42kPhq3wZTrHJdJeqr2R3
 VBaxk/xpMXsHkMZF+xmhPd6BtaYC6CMw57HHRYlKCOZbIYaV/ncdR1/am2/Yx+cF
 w9hPVStZynp0E6oykbNiClIrpg7XknkS6Pf70UC9ZbX2mc3vOoXf/ZfC0Wgx/aBf
 ifIszIKXlhHY/1bzwR6hLP8TjOGKZzF/rjgF95N8KJWVccyYWYbyO30WTvFmD4/D
 LXd0hH2olXGE8ZumvWtyHuHTel6kO4FVn1Wk+symofH8Wsj29o0ZjvhJoCgQRu4+
 Ngm3JMVcO7DCkPc+tCCahZL1N06qdsUg2d7j/uM/M92A/X3lkUMRP2HsySHuE7Gg
 3Oc3hcazauxiz0gygAWFGbGqs9wrPnkPcRsrn8cQkjyK9a4JVsJfjUwKO3ZvTjVr
 ID24pQhEeim0elDOaOCxceCoes3zIgVAW058r3/jN+MaCSzIIWEG9plPIdvAejGi
 SjNYK+aWnoWrAVG6rsXO+EhWj49qekvB4XKSb3JV1Z9KP9WAN7E=
 =GyC+
 -----END PGP SIGNATURE-----

Merge tag 'efi-2021-10-rc2-2' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2021-10-rc2-2

Documentation:

* Require Sphinx >= 2.4.4 for 'make htmldocs'
* Move devicetree documentation to restructured text and update it
* Document stm32mp1 devicetree bindings

UEFI

* Extend measurement to UEFI variables and ExitBootServices()
* Support Uri() node in devicetree to text protocol
* Add Linux magic token to RISC-V EFI test binaries
2021-08-15 13:42:42 -04:00
Masahisa Kojima
61ee780352 efi_loader: refactor efi_append_scrtm_version()
Refactor efi_append_scrtm_version() to use common
function for adding eventlog and extending PCR.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-08-14 20:54:41 +02:00
Masahisa Kojima
fdff03e5b3 efi_loader: add ExitBootServices() measurement
TCG PC Client PFP spec requires to measure
"Exit Boot Services Invocation" if ExitBootServices() is invoked.
Depending upon the return code from the ExitBootServices() call,
"Exit Boot Services Returned with Success" or "Exit Boot Services
Returned with Failure" is also measured.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>

Swap two ifs in efi_exit_boot_services().
efi_tcg2_notify_exit_boot_services must have EFIAPI signature.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-08-14 20:54:41 +02:00
Masahisa Kojima
8fc4e0b427 efi_loader: add boot variable measurement
TCG PC Client PFP spec requires to measure "Boot####"
and "BootOrder" variables, EV_SEPARATOR event prior
to the Ready to Boot invocation.
Since u-boot does not implement Ready to Boot event,
these measurements are performed when efi_start_image() is called.

TCG spec also requires to measure "Calling EFI Application from
Boot Option" for each boot attempt, and "Returning from EFI
Application from Boot Option" if a boot device returns control
back to the Boot Manager.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-08-14 20:54:41 +02:00
Masahisa Kojima
cfbcf054a3 efi_loader: add secure boot variable measurement
TCG PC Client PFP spec requires to measure the secure
boot policy before validating the UEFI image.
This commit adds the secure boot variable measurement
of "SecureBoot", "PK", "KEK", "db", "dbx", "dbt", and "dbr".

Note that this implementation assumes that secure boot
variables are pre-configured and not be set/updated in runtime.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-08-14 20:54:41 +02:00
Heinrich Schuchardt
17a50bd689 efi_loader: add Linux magic to RISC-V crt0
Add the Linux magic to the EFI file header to allow running our test
programs with GRUB's linux command.

MajorImageVersion = 1 indicates a kernel that can consume the
EFI_LOAD_FILE2_PROTOCOL. This allows to dump the GRUB provided intird with
our initrddump.efi tool.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-08-14 20:54:41 +02:00
Heinrich Schuchardt
148ce20520 efi_loader: Uri() device path node
iPXE used Uri() device path nodes. So we should support them in the
device path to text protocol.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-08-14 20:54:41 +02:00
Patrick Delaunay
551a959a8c doc: stm32mp1: add page for device tree bindings
With device tree binding migration to yaml it is difficult to synchronize
the binding from Linux kernel to U-Boot.

Instead of maintaining the same dt bindings, this patch adds in the U-Boot
documentation the path to the device tree bindings in Linux kernel for
STMicroelectronics devices, when they are used without modification.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com>

Add links for referenced text files.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-08-14 20:54:41 +02:00
Simon Glass
6a055c0f91 doc: Add a note about why devicetree is used
This question comes up every now and then with people coming from Linux.
Add some notes about it so we can point to it in the mailing list.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-08-14 20:54:41 +02:00
Simon Glass
5edf62c300 doc: Update devicedocs including how to add tweaks
This file is about 10 years old and the updates have not covered
everything that has changed, particularly in the last few years. Update
the information and add mention of the u-boot.dtsi files.

Signed-off-by: Simon Glass <sjg@chromium.org>

Fix typos.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-08-14 20:54:41 +02:00