The u16_strlcat() is in units of u16 not bytes. So the limit needs to
be ARRAY_SIZE() instead of sizeof().
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
These lines are supposed to be indented one more tab. Otherwise it's
confusing to read.
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
We know that "pa" is non-NULL so it's nicer to just return zero instead
of return !pa. This has no effect on runtime behavior.
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
The "oftree_count" is the number of entries which have been set in
the oftree_list[] array. If all the entries have been initialized then
this off by one would result in reading one element beyond the end
of the array.
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
If btrfs_read_fs_root() fails with -ENOENT, then we go to the next
entry. Fine. But if it fails for a different reason then we need
to clean up and return an error code. In the current code it
doesn't clean up but instead dereferences "root" and crashes.
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Qu Wenruo <wqu@suse.com>
The ec_command_inptr() function returns negative error codes or
the number of bytes that it was able to read. The cros_ec_get_sku_id()
function should return negative error codes. Right now it returns
positive error codes or negative byte counts.
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
The VNBYTES() macro needs to have parentheses to prevent some (harmless)
macro expansion bugs. The VNBYTES() macro is used like this:
VID_TO_PIXEL(x) * VNBYTES(vid_priv->bpix)
The * operation is done before the / operation. It still ends up with
the same results, but it's not ideal.
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
The parentheses are in the wrong place so this passes the number of
bytes to write as "sizeof(index_0) != TPM_SUCCESS" when just
"sizeof(index_0)" was intended. (1 byte vs 4 bytes).
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
This returns the wrong variable. It ends up returning NULL when it was
suppose to return an error pointer.
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Both the Linux kernel and libbsd agree that strlcpy() should always
return strlen(src) and not include the NUL termination. The incorrect
U-Boot implementation makes it impossible to check the return value for
truncation, and breaks code written with the usual implementation in
mind (for example, fdtdec_add_reserved_memory() was subtly broken).
I reviewed all callers of strlcpy() and strlcat() and fixed them
according to my understanding of the intended function.
This reverts commit d3358ecc54 and adds
related fixes.
Fixes: d3358ecc54 ("lib: string: Fix strlcpy return value")
Signed-off-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Sean Anderson <sean.anderson@seco.com>
To quote the author:
Adding support for Arm FF-A v1.0 (Arm Firmware Framework for Armv8-A) [A].
FF-A specifies interfaces that enable a pair of software execution
environments aka partitions to communicate with each other. A partition
could be a VM in the Normal or Secure world, an application in S-EL0, or
a Trusted OS in S-EL1.
FF-A is a discoverable bus and similar to architecture features.
FF-A bus is discovered using ARM_SMCCC_FEATURES mechanism performed by
the PSCI driver.
=> dm tree
Class Index Probed Driver Name
-----------------------------------------------------------
...
firmware 0 [ + ] psci |-- psci
ffa 0 [ ] arm_ffa | `-- arm_ffa
...
Clients are able to probe then use the FF-A bus by calling the DM class
searching APIs (e.g: uclass_first_device).
This implementation of the specification provides support for Aarch64.
The FF-A driver uses the SMC ABIs defined by the FF-A specification to:
- Discover the presence of secure partitions (SPs) of interest
- Access an SP's service through communication protocols
(e.g: EFI MM communication protocol)
The FF-A support provides the following features:
- Being generic by design and can be used by any Arm 64-bit platform
- FF-A support can be compiled and used without EFI
- Support for SMCCCv1.2 x0-x17 registers
- Support for SMC32 calling convention
- Support for 32-bit and 64-bit FF-A direct messaging
- Support for FF-A MM communication (compatible with EFI boot time)
- Enabling FF-A and MM communication in Corstone1000 platform as a use case
- A Uclass driver providing generic FF-A methods.
- An Arm FF-A device driver providing Arm-specific methods and reusing the Uclass methods.
- A sandbox emulator for Arm FF-A, emulates the FF-A side of the Secure World and provides
FF-A ABIs inspection methods.
- An FF-A sandbox device driver for FF-A communication with the emulated Secure World.
The driver leverages the FF-A Uclass to establish FF-A communication.
- Sandbox FF-A test cases.
- A new command called armffa is provided as an example of how to access the
FF-A bus
For more details about the FF-A support please refer to [B] and refer to [C] for
how to use the armffa command.
Please find at [D] an example of the expected boot logs when enabling
FF-A support for a platform. In this example the platform is
Corstone1000. But it can be any Arm 64-bit platform.
More details:
[A]: https://developer.arm.com/documentation/den0077/latest/
[B]: doc/arch/arm64.ffa.rst
[C]: doc/usage/cmd/armffa.rst
[D]: example of boot logs when enabling FF-A
turn on EFI MM communication
On Corstone-1000 platform MM communication between u-boot
and the secure world (Optee) is done using the FF-A bus.
Changes made are generated using savedefconfig.
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Jens Wiklander <jens.wiklander@linaro.org>
Add MM communication support using FF-A transport
This feature allows accessing MM partitions services through
EFI MM communication protocol. MM partitions such as StandAlonneMM
or smm-gateway secure partitions which reside in secure world.
An MM shared buffer and a door bell event are used to exchange
the data.
The data is used by EFI services such as GetVariable()/SetVariable()
and copied from the communication buffer to the MM shared buffer.
The secure partition is notified about availability of data in the
MM shared buffer by an FF-A message (door bell).
On such event, MM SP can read the data and updates the MM shared
buffer with the response data.
The response data is copied back to the communication buffer and
consumed by the EFI subsystem.
MM communication protocol supports FF-A 64-bit direct messaging.
We tested the FF-A MM communication on the Corstone-1000 platform.
We ran the UEFI SCT test suite containing EFI setVariable, getVariable and
getNextVariable tests which involve FF-A MM communication and all tests
are passing with the current changes.
We made the SCT test reports (part of the ACS results) public following the
latest Corstone-1000 platform software release. Please find the test
reports at [1].
[1]: https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/master/embedded-a/corstone1000/CORSTONE1000-2023.06/acs_results_fpga.zip
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Tested-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Provide armffa command showcasing the use of the U-Boot FF-A support
armffa is a command showcasing how to invoke FF-A operations.
This provides a guidance to the client developers on how to
call the FF-A bus interfaces. The command also allows to gather secure
partitions information and ping these partitions. The command is also
helpful in testing the communication with secure partitions.
For more details please refer to the command documentation [1].
A Sandbox test is provided for the armffa command.
[1]: doc/usage/cmd/armffa.rst
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Jens Wiklander <jens.wiklander@linaro.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add functional test cases for the FF-A support
These tests rely on the FF-A sandbox emulator and FF-A
sandbox driver which help in inspecting the FF-A communication.
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Jens Wiklander <jens.wiklander@linaro.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Emulate Secure World's FF-A ABIs and allow testing U-Boot FF-A support
Features of the sandbox FF-A support:
- Introduce an FF-A emulator
- Introduce an FF-A device driver for FF-A comms with emulated Secure World
- Provides test methods allowing to read the status of the inspected ABIs
The sandbox FF-A emulator supports only 64-bit direct messaging.
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Jens Wiklander <jens.wiklander@linaro.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add Arm FF-A support implementing Arm Firmware Framework for Armv8-A v1.0
The Firmware Framework for Arm A-profile processors (FF-A v1.0) [1]
describes interfaces (ABIs) that standardize communication
between the Secure World and Normal World leveraging TrustZone
technology.
This driver uses 64-bit registers as per SMCCCv1.2 spec and comes
on top of the SMCCC layer. The driver provides the FF-A ABIs needed for
querying the FF-A framework from the secure world.
The driver uses SMC32 calling convention which means using the first
32-bit data of the Xn registers.
All supported ABIs come with their 32-bit version except FFA_RXTX_MAP
which has 64-bit version supported.
Both 32-bit and 64-bit direct messaging are supported which allows both
32-bit and 64-bit clients to use the FF-A bus.
FF-A is a discoverable bus and similar to architecture features.
FF-A bus is discovered using ARM_SMCCC_FEATURES mechanism performed
by the PSCI driver.
Clients are able to probe then use the FF-A bus by calling the DM class
searching APIs (e.g: uclass_first_device).
The Secure World is considered as one entity to communicate with
using the FF-A bus. FF-A communication is handled by one device and
one instance (the bus). This FF-A driver takes care of all the
interactions between Normal world and Secure World.
The driver exports its operations to be used by upper layers.
Exported operations:
- ffa_partition_info_get
- ffa_sync_send_receive
- ffa_rxtx_unmap
Generic FF-A methods are implemented in the Uclass (arm-ffa-uclass.c).
Arm specific methods are implemented in the Arm driver (arm-ffa.c).
For more details please refer to the driver documentation [2].
[1]: https://developer.arm.com/documentation/den0077/latest/
[2]: doc/arch/arm64.ffa.rst
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Tom Rini <trini@konsulko.com>
Cc: Jens Wiklander <jens.wiklander@linaro.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
provide a test case
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
convert UUID string to little endian binary data
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Jens Wiklander <jens.wiklander@linaro.org>
add support for x0-x17 registers used by the SMC calls
In SMCCC v1.2 [1] arguments are passed in registers x1-x17.
Results are returned in x0-x17.
This work is inspired from the following kernel commit:
arm64: smccc: Add support for SMCCCv1.2 extended input/output registers
[1]: https://documentation-service.arm.com/static/5f8edaeff86e16515cdbe4c6?token=
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
In [1] Sam points out an assertion does not hold true for 32-bit
platforms, which only impacts Large File Support (LFS) API usage
in erofs-utils according to Xiang [2]. We don't think these APIs
are used in u-boot and this restriction could be safely removed.
[1] https://lists.denx.de/pipermail/u-boot/2023-July/524679.html
[2] https://lists.denx.de/pipermail/u-boot/2023-July/524727.html
Fixes: 3a21e92fc2 ("fs/erofs: Introduce new features including ztailpacking, fragments and dedupe")
Signed-off-by: Yifan Zhao <zhaoyifan@sjtu.edu.cn>
Tested-by: Sam Edwards <CFSworks@gmail.com>
CONFIG_$(SPL_TPL_)SYS_MALLOC_F_LEN is defined as hex. If set to zero
manually, .config contains '0x0' and not '0' as value.
The default value for CONFIG_SPL_SYS_MALLOC_F_LEN should not be set to 0
but to 0x0 if CONFIG_SPL_FRAMEWORK=n to match a manually set value.
Fixes: c0126bd862 ("spl: Support bootstage, log, hash and early malloc in TPL")
Fixes: b616947052 ("SPL: Do not enable SPL_SYS_MALLOC_SIMPLE without SPL_FRAMEWORK by default")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
All SPL hash algorithm options are collected in lib/Kconfig. Move
SPL_CRC32 there as well.
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Reviewed-by: Simon Glass <sjg@chromium.org>
There is another SPL_MD5 option defined in lib/Kconfig.
Renaming SPL_MD5_SUPPORT introduced duplicate option with
different description. As for now FIT and hash algorithm options
are not related to each others, removing a duplicate option seems OK.
Fixes: 4b00fd1a84 ("Kconfig: Rename SPL_MD5_SUPPORT to SPL_MD5")
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
In the common bloblist code we call crc32 to get a checksum for the
data. Ensure we will have the CRC32 code via select.
Signed-off-by: Tom Rini <trini@konsulko.com>
With this change the DT and binding files are under the at91 tree
maintainer, and get_maintainer.pl correctly reports the entry.
Signed-off-by: Eugen Hristev <eugen.hristev@collabora.com>
The retimer reset/power on logic was changed in a recent commit,
however, it neglected to check if the commands sent to the
board microcontroller (to control power to the retimer chip)
actually completed.
Add return checks for these operations so any failures will
be reported to the user.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
Fixes: 7a041fea2 ("board: traverse: ten64: ensure retimer reset
is done on new board revisions")
Update MAINTAINERS file. Add missing MAINTAINERS file for Spider,
Whitehawk and V3HSK boards. Update mail addresses. Add file globs
to match on DT and driver files related to these boards.
The GRPEACH and R2DPLUS are special in that they are not R-Car
and have their own set of specialized drivers.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
As Pali Rohár has asked to not be copied on changes to files he is not
a specific maintainer of, add his address to .get_maintainer.ignore.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Michael Trimarchi <michael@amarulasolutions.com>
To reduce overall job time, move a number of smaller jobs together.
These should still be safely under 1 hour total time, but reducing the
overall number of jobs should help with the queue slightly.
Signed-off-by: Tom Rini <trini@konsulko.com>
The job for rockchip vendor platforms has again gotten close to or
exceeded one hour. Rework things such that we move the 32bit platforms
back to the general 32bit ARM job (as there's time there) and make these
build only the 64bit platforms.
Signed-off-by: Tom Rini <trini@konsulko.com>
buildman minor fixes
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAmTOp5wRHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreYApAf+P45nQXX2L0lFpu5vJQ+Xy1VHDh+OE5sU
yVWm2A0zc7L0TyLn4fX5PGF+1C7gZjYGQ6I9OVroS58fXR5o6WjCelCMhE1wxL5i
AgHKmrUUw6XUalF317RquRWDPLAD6KZ1T8XUgjF2PnBwd2RwMH4zW/Ls73UFBf+4
gIi0zlqLsX8zSeFAyitRWobM4gJT4PUAxz7jexBEk9y3EjOufcLqpdl2Y4JAxTtl
82AYy9nJbPyFrT9lIGP9nfPenVPGKL6wdzc5C/sGLeRlutNKgrJTnjWRkJV+ThPx
mIZVSzwi2cbYnMpq1nEGnj+cH6R73xxybj17MVzevyAQNXAZcZfQ+Q==
=Nbd9
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-5aug23' of https://source.denx.de/u-boot/custodians/u-boot-dm
binman support for Xilinx signing
buildman minor fixes
Some boards use a MAINTAINERS entry to specify common files without
referencing any defconfigs. This is allowed and should not result in a
warning.
Drop the warning in this case.
Signed-off-by: Simon Glass <sjg@chromium.org>
Recent refactoring changed buildman to continue operation after fetching
a toolchain. Fix this.
Fixes: b868064652 ("bulidman: Move toolchain handling to a function")
Signed-off-by: Simon Glass <sjg@chromium.org>
DM_POST_INIT was changed to DM_POST_INIT_F.
To debug correct message, change type_name from dm_post_init to
dm_post_init_f.
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
s/an/a/ :
Signed-off-by: Simon Glass <sjg@chromium.org>
Add test for the 'xilinx-bootgen' etype
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Allow missing bootgen tool; comment testXilinxBootgenMissing() comment:
Signed-off-by: Simon Glass <sjg@chromium.org>
This adds a new etype 'xilinx-bootgen'. By using this etype it is
possible to created an signed SPL (FSBL in Xilinx terms) for
ZynqMP boards.
The etype uses Xilinx Bootgen tools in order to transform the SPL into
a bootable image and sign the image with a given primary and secondary
public key. For more information to signing the FSBL please refer to the
Xilinx Bootgen documentation.
Here is an example of the etype in use:
spl {
filename = "boot.signed.bin";
xilinx-bootgen {
pmufw-filename = "pmu-firmware.elf";
psk-key-name-hint = "psk0";
ssk-key-name-hint = "ssk0";
auth-params = "ppk_select=0", "spk_id=0x00000000";
u-boot-spl-nodtb {
};
u-boot-spl-dtb {
};
};
};
For this to work the hash of the primary public key has to be fused
into the ZynqMP device and authentication (RSA_EN) has to be set.
For testing purposes: if ppk hash check should be skipped one can add
the property 'fsbl_config = "bh_auth_enable";' to the etype. However,
this should only be used for testing(!).
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add the Xilinx Bootgen as bintool. Xilinx Bootgen is used to create
bootable SPL (FSBL in Xilinx terms) images for Zynq/ZynqMP devices. The
btool creates a signed version of the SPL. Additionally to signing the
key source for the decryption engine can be passend to the boot image.
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
The nature of the network stack means that if we are going to use the
gadget mode USB network driver there's no easy path to implicitly
bind/unbind the driver. Enable the "bind" command by default here so
that we can bind/unbind this as needed.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
Move the ethernet gadget driver registration and removal from ethernet
bind and unbind callbacks into driver DM probe and remove callbacks.
This way, when the driver is bound, which is triggered deliberately
using 'bind' command, the USB ethernet gadget driver is instantiated
and bound to the matching UDC. In reverse, when the driver is unbound,
which is again triggered deliberately using 'unbind' command, the USB
ethernet gadget driver instance is removed.
Effectively, this now behaves like running either 'ums' or 'dfu' or
any other commands utilizing USB gadget functionality.
This also drops use of usb_gadget_release() and moves the use of
usb_gadget_initialize() into usb_ether_init() used only by legacy
platforms that do not use 'bind' command properly yet. Those have
no place in drivers.
Signed-off-by: Marek Vasut <marex@denx.de>
Tested-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Move the driver probe function above the driver structure, so it
can be placed alongside other related functions, like upcoming
remove function. No functional change.
Signed-off-by: Marek Vasut <marex@denx.de>
Tested-by: Tom Rini <trini@konsulko.com>
Tested-by: Miquel Raynal <miquel.raynal@bootlin.com>
Tested-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Tom Rini <trini@konsulko.com>