According to Android image format [1], kernel image resides at 1 page
offset from the boot image address. Grab the magic number from there
and allow U-Boot to handle LZ4-compressed KNL binaries instead of
hardcoding compression type to IH_COMP_NONE. Other compression types,
if needed, can be added later.
Tested on H3ULCB-KF using the image detailed in [2].
[1] Excerpt from include/android_image.h
+-----------------+
| boot header | 1 page
+-----------------+
| kernel | n pages
+-----------------+
| ramdisk | m pages
+-----------------+
| second stage | o pages
+-----------------+
[2] => iminfo 4c000000
## Checking Image at 4c000000 ...
Android image found
kernel size: 85b9d1
kernel address: 48080000
ramdisk size: 54ddbc
ramdisk addrress: 4a180000
second size: 0
second address: 48000800
tags address: 48000100
page size: 800
os_version: 1200012a (ver: 0.9.0, level: 2018.10)
name:
cmdline: buildvariant=userdebug
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
The cache flush of the kernel load area needs to be aligned outward to
the DMA cache alignment. The operations are simpler if we think of this
as aligning the start down, ALIGN_DOWN(load, ARCH_DMA_MINALIGN), and
aligning the end up, ALIGN(load_end, ARCH_DMA_MINALIGN), and then find
the length of the flushed region by subtracting the former from the
latter.
Cc: Tom Rini <trini@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Refactor the switch from supervisor to hypervisor to a new function called
at the beginning of do_bootefi().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
This fixes the automatic lmb initialization and reservation for boards
with more than one DRAM bank.
This fixes the CVE-2018-18439 and -18440 fixes that only allowed to load
files into the firs DRAM bank from fs and via tftp.
Found-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Booting an image currently sets the environment variable "fdtaddr"
by calling into 'cmd/fdt.c'. As a result, linking U-Boot fails if
CMD_FDT is not enabled.
Fix this by adding 'if (CONFIG_IS_ENABLED(CMD_FDT))' to the two
places where 'set_working_fdt_addr()' is called.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
When running sandbox with the new pointer sanitization we just recently
introduced, we're running into a case with FIT images where we end up
interpreting pointers as addresses.
What happened is that most callers of set_working_fdt_addr() simply
convert pointers into addresses without taking into account that they
might be 2 separate address spaces. Fix the callers up to map their
pointers into addresses.
This makes sandbox tests pass for me again.
Signed-off-by: Alexander Graf <agraf@suse.de>
The ARM64 has 2 MiB alignment requirement for the kernel. When using
fitImage, this requirement may by violated, the kernel will thus be
executed from unaligned address and fail to boot. Do what booti does
and run booti_setup() for kernel_noload images on arm64 to obtain a
suitable aligned address to which the image shall be relocated.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Bin Chen <bin.chen@linaro.org>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Tom Rini <trini@konsulko.com>
This undocumented function relies on arch-specific code to declare a nop
weak version. Add the weak function in common code instead to avoid having
to duplicate the same function in each arch.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
In do_bootm_states when doing BOOTM_STATE_LOADOS we use load_end
uninitialized and Coverity notes this now. This however leads down
another interesting path. We pass this pointer to bootm_load_os and
that in turn uses this uninitialized value immediately to calculate the
flush length, and is wrong. We do not know what load_end will be until
after bootm_decomp_image is called, so we must only set flush_len after
that. All of this also makes it clear that the only reason we pass a
pointer for load_end to bootm_load_os is so that we can call lmb_reserve
on success. Rather than initialize load_end to 0 in do_bootm_states we
can just call lmb_reserve ourself.
Reported-by: Coverity (CID: 175572)
Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.
In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.
This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.
Signed-off-by: Tom Rini <trini@konsulko.com>
commit b4d956f6bc ("bootm: Align cache flush end address correctly")
aligns the end address of the cache flush operation to a cache-line size to
ensure lower-layers in the code accept the range provided and flush.
A similar action should be taken for the begin address of a cache flush
operation. The load address may not be aligned to a cache-line boundary, so
ensure the passed address is aligned.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reported-by: Breno Matheus Lima <brenomatheus@gmail.com>
Suggested-by: Tom Rini <trini@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This drops the limit that fpga is only loaded from FIT images for Xilinx.
This is done by moving the 'partial' check from 'common/image.c' to
'drivers/fpga/xilinx.c' (the only driver supporting partial images yet)
and supplies a weak default implementation in 'drivers/fpga/fpga.c'.
Signed-off-by: Simon Goldschmidt <sgoldschmidt@de.pepperl-fuchs.com>
Tested-by: Michal Simek <michal.simek@xilinx.com> (On zcu102)
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Removal of the legacy DataFlash code turned genimg_get_image() into a
no-op. Drop all calls to it and the function itself.
Signed-off-by: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
We are now using an env_ prefix for environment functions. Rename these
other functions as well, for consistency:
getenv_vlan()
getenv_bootm_size()
getenv_bootm_low()
getenv_bootm_mapsize()
env_get_default()
Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
We are now using an env_ prefix for environment functions. Rename these
for consistency. Also add function comments in common.h.
Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
We are now using an env_ prefix for environment functions. Rename these
two functions for consistency. Also add function comments in common.h.
Quite a few places use getenv() in a condition context, provoking a
warning from checkpatch. These are fixed up in this patch also.
Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
We are now using an env_ prefix for environment functions. Rename these
commonly used functions, for consistency. Also add function comments in
common.h.
Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
We are now using an env_ prefix for environment functions. Rename setenv()
for consistency. Also add function comments in common.h.
Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
This bug appears in b6396403 which makes u-boot unable to pass
arguments via bootm to a standalone application without this patch.
Steps to reproduce.
Compile a u-boot. Use mkimage to package the standalone hello_world.bin
file.
e.g. For the MIPS Boston platform
mkimage -n "hello" -A mips -O u-boot -C none -T standalone \
-a 0xffffffff80200000 -d hello_world.bin \
-ep 0xffffffff80200000 hello_out
Then tftp hello_out and run it using
boston # dhcp 192.168.154.45:hello_out
...
boston # bootm $loadaddr 123 321
Without the patch the following output is observed.
boston # bootm $loadaddr 123 321
Image Name: hello
Image Type: MIPS U-Boot Standalone Program (uncompressed)
Data Size: 1240 Bytes = 1.2 KiB
Load Address: 80200000
Entry Point: 80200000
Verifying Checksum ... OK
Loading Standalone Program ... OK
Example expects ABI version 8
Actual U-Boot ABI version 8
Hello World
argc = 0
argv[0] = "0xffffffff88000000"
With the patch, you see the following.
boston # bootm $loadaddr 123 321
Image Name: hello
Image Type: MIPS U-Boot Standalone Program (uncompressed)
Data Size: 1240 Bytes = 1.2 KiB
Load Address: 80200000
Entry Point: 80200000
Verifying Checksum ... OK
Loading Standalone Program ... OK
Example expects ABI version 8
Actual U-Boot ABI version 8
Hello World
argc = 3
argv[0] = "0xffffffff88000000"
argv[1] = "123"
argv[2] = "321"
argv[3] = "<NULL>"
Without the patch, the go command at the entry point seems to work.
boston # go 0xffffffff80200000 123 321
Example expects ABI version 8
Actual U-Boot ABI version 8
Hello World
argc = 3
argv[0] = "0xffffffff80200000"
argv[1] = "123"
argv[2] = "321"
argv[3] = "<NULL>"
Hit any key to exit ...
Signed-off-by: Zubair Lutfullah Kakakhel <Zubair.Kakakhel@imgtec.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The bootz and booti commands rely on common functionality that is found
in common/bootm.c and common/bootm_os.c. They do not however rely on
the rest of cmd/bootm.c to be implemented so split them into their own
files. Have various Makefiles include the required infrastructure for
CONFIG_CMD_BOOT[IZ] as well as CONFIG_CMD_BOOTM. Move the declaration
of 'images' over to common/bootm.c.
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
The function fixup_silent_linux() is called in status BOOTM_STATE_LOADOS
to silence Linux if variable 'silent' is set.
Currently only the 'bootm' command state machine contains
BOOTM_STATE_LOADOS, but others like 'booti' or 'bootz' commands do not.
This means silent Linux does not work with these commands.
This patch moves the fixup_silent_linux() call out of the
BOOTM_STATE_LOADOS state and into BOOTM_STATE_OS_PREP, to silence Linux
independently of the used command (booti, bootm or bootz).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Flushing part of the cache should be done on cache boundaries. Trying to
flush part of a cache line is not supported and the request may be ignored
or print warnings.
Adjust the bootm code to align the end address to prevent this problem.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heiko Schocher <hs@denx.de>
Tested-on: smartweb, corvus, taurus, axm
Tested-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>
Reviewed-by: Andreas Bießmann <andreas@biessmann.org>
Add function boot_get_fpga() which find and load bitstream to
programmable logic if fpga entry is present.
Function is supported on Xilinx devices for full and partial bitstreams
in BIN and BIT format.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Remove additional blankline in image.h
Add an option to enable libfdt in SPL. This can be useful when decoding
FIT files in SPL.
We need to make sure this option is not enabled in SPL by this change.
Also this option needs to be enabled in host builds. Si add a new
IMAGE_USE_LIBFDT #define which can be used in files that are built on the
host but must also build for U-Boot and SPL.
Signed-off-by: Simon Glass <sjg@chromium.org>
There are already two FIT options in Kconfig but the CONFIG options are
still in the header files. We need to do a proper move to fix this.
Move these options to Kconfig and tidy up board configuration:
CONFIG_FIT
CONFIG_OF_BOARD_SETUP
CONFIG_OF_SYSTEM_SETUP
CONFIG_FIT_SIGNATURE
CONFIG_FIT_BEST_MATCH
CONFIG_FIT_VERBOSE
CONFIG_OF_STDOUT_VIA_ALIAS
CONFIG_RSA
Unfortunately the first one is a little complicated. We need to make sure
this option is not enabled in SPL by this change. Also this option is
enabled automatically in the host builds by defining CONFIG_FIT in the
image.h file. To solve this, add a new IMAGE_USE_FIT #define which can
be used in files that are built on the host but must also build for U-Boot
and SPL.
Note: Masahiro's moveconfig.py script is amazing.
Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Add microblaze change, various configs/ re-applies]
Signed-off-by: Tom Rini <trini@konsulko.com>
A recent change broke the 'bootm' command on sandbox. The root cause is
using a pointer as an address. Conversion from pointer to address needs to
use map_to_sysmem() so that sandbox can do the right thing. The problem was
pre-existing but uncovered by a recent commit.
Fix this. Also move fit_get_end() to the C file to avoid needing to include
mapmem.h (and thus asm/io.h) everywhere.
Fixes: 1fec3c5d (common/image.c: Make boot_get_ramdisk() perform a check for Android images)
Signed-off-by: Simon Glass <sjg@chromium.org>
Variable _load_end_ points to end address of uncompressed buffer
(*not* uncomress_buffer_end / sizeof(ulong)), so multipling uncompressed
size with sizeof(ulong) is grossly incorrect in flush_cache().
It might lead to access of address beyond valid memory range and hang the CPU.
Tested on MIPS architecture by using compressed(gzip, lzma)
and uncompressed uImage.
Signed-off-by: Purna Chandra Mandal <purna.mandal@microchip.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
This patch adds support for LZ4-compressed FIT image contents. This
algorithm has a slightly worse compression ration than LZO while being
nearly twice as fast to decompress. When loading images from a fast
storage medium this usually results in a boot time win.
Sandbox-tested only since I don't have a U-Boot development system set
up right now. The code was imported unchanged from coreboot where it's
proven to work, though. I'm mostly interested in getting this recognized
by mkImage for use in a downstream project.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
CONFIG_NETCONSOLE causes common/bootm.c to call eth_unregister()
for network device shutdown. However, with CONFIG_DM_ETH this
function is no longer defined.
This is a workaround to avoid the call in that case, and solely
rely on eth_halt(). In case this is insufficient, a proper way
to unregister / remove network devices needs to be implemented.
Signed-off-by: Bernhard Nortmann <bernhard.nortmann@web.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
bootm_find_ramdisk_fdt() renamed to bootm_find_images() for readability.
The function bootm_find_ramdisk_fdt() appears to be a simple wrapper for
bootm_find_ramdisk(), bootm_find_fdt(), and now bootm_find_loadables().
I didn't see any other callers entering a bootm_find<thing>, so removing
the wrapper, and condensing these together hopefully makes the code a
little simpler.
Signed-off-by: Karl Apsite <Karl.Apsite@dornerworks.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Added a trimmed down instance of boot_get_<thing>() to satisfy the
minimum requierments of the added feature. The function follows the
normal patterns set by other boot_get<thing>'s, which should make it a
bit easier to combine them all together into one boot_get_image()
function in a later refactor.
Documentation for the new function can be found in source:
include/image.h
Signed-off-by: Karl Apsite <Karl.Apsite@dornerworks.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
In the case where the arch defines a custom map_sysmem(), make sure that
including just mapmem.h is sufficient to have these functions as they
are when the arch does not override it.
Also split the non-arch specific functions out of common.h
Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Commit 90bac29a76 claims to fix this bug
that was introduced in commit a92fd6577e
but doesn't actually make the change that the commit message describes.
Actually fix the bug this time.
Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
Acked-by: Simon Glass <sjg@chromium.org>
Adjust the code so that the error reporting can all be done at the end,
and is the same for each decompression method. Try to detect when
decompression fails due to lack of space. Keep the behaviour of
resetting on failure even though there should be no memory corruption
now.
Signed-off-by: Simon Glass <sjg@chromium.org>
Refactor to allow this function to be used to announce the image being
loaded regardless of compression type and even when there is no
decompression.
Signed-off-by: Simon Glass <sjg@chromium.org>
Export this function for testing. Also add a parameter so that values other
than CONFIG_SYS_BOOTM_LEN can be used for the maximum uncompressed size.
Signed-off-by: Simon Glass <sjg@chromium.org>
This code is repeated in several places, and does not detect a common
fault where the image is too large. Move it into its own function and
provide a more helpful messages in this case, for compression schemes
which support this.
Signed-off-by: Simon Glass <sjg@chromium.org>
This is a bit odd in that we are permitted to boot images for either, even
though they are separate architectures.
Signed-off-by: Simon Glass <sjg@chromium.org>
This patch makes the following changes:
- Set kernel entry point correctly
- Append bootargs from image to global bootargs instead
of replacing them
- Return end address instead of size from android_image_get_end()
- Give correct parameter to genimg_get_format() in boot_get_ramdisk()
- Move ramdisk message printing from android_image_get_kernel() to
android_image_get_ramdisk()
Signed-off-by: Ahmad Draidi <ar2000jp@gmail.com>
Cc: Tom Rini <trini@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a new setup@ section to the FIT which can be used to provide a setup
binary for booting Linux on x86. This makes it possible to boot x86 from
a FIT.
Signed-off-by: Simon Glass <sjg@chromium.org>
Commit b3dd64f5d5 "bootm: use genimg_get_kernel_addr()" introduced
a bug for booting FIT image. It's because calling fit_parse_config()
twice will give us wrong value in img_addr.
Add a new function genimg_get_kernel_addr_fit() whichl will always
return fit_uname_config and fit_uname_kernel for CONFIG_FIT.
genimg_get_kernel_addr() will ignore those to parameters.
Reported-by: York Sun <yorksun@freescale.com>
Signed-off-by: Bryan Wu <pengw@nvidia.com>
Use the new API which is originally taken out from boot_get_kernel
of bootm.c
Signed-off-by: Bryan Wu <pengw@nvidia.com>
Tested-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Stephen Warren <swarren@nvidia.com>
[trini: Fix warnings with CONFIG_FIT]
Signed-off-by: Tom Rini <trini@ti.com>
At present this tool only checks the configuration signing. Have it also
look at each of the images in the configuration and confirm that they
verify.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Heiko Schocher <hs@denx.de> (v1)
This makes it possible to decompress an image without it being a kernel
and without intending to boot it (as it needed for host tools, for example).
Signed-off-by: Simon Glass <sjg@chromium.org>
This can be obtained by looking up the image type, so is redundant. It is
better to centralise this lookup to avoid errors.
Signed-off-by: Simon Glass <sjg@chromium.org>
This file has code in three different categories:
- Command processing
- OS-specific boot code
- Locating images and setting up to boot
Only the first category really belongs in a file called cmd_bootm.c.
Leave the command processing code where it is. Split out the OS-specific
boot code into bootm_os.c. Split out the other code into bootm.c
Header files and extern declarations are tidied but otherwise no code
changes are made, to make it easier to review.
Signed-off-by: Simon Glass <sjg@chromium.org>