Extend support for signing in auto-generated (-f auto) FIT. Previously,
it was possible to get signed 'images' subnodes in the FIT using
options -g and -o together with -f auto. This patch allows signing
'configurations' subnodes instead of 'images' ones (which are hashed),
using option -f auto-conf instead of -f auto. Adding also -K <dtb> and
-r options, will add public key to <dtb> file with required = "conf"
property.
Summary:
-f auto => FIT with crc32 images
-f auto -g ... -o ... => FIT with signed images
-f auto-conf -g ... -o ... => FIT with sha1 images and signed confs
Example: FIT with kernel, two device tree files, and signed
configurations; public key (needed to verify signatures) is
added to u-boot.dtb with required = "conf" property.
mkimage -f auto-conf -A arm -O linux -T kernel -C none -a 43e00000 \
-e 0 -d vmlinuz -b /path/to/first.dtb -b /path/to/second.dtb \
-k /folder/with/key-files -g keyname -o sha256,rsa4096 \
-K u-boot.dtb -r kernel.itb
Example: Add public key with required = "conf" property to u-boot.dtb
without needing to sign anything. This will also create a useless FIT
named unused.itb.
mkimage -f auto-conf -d /dev/null -k /folder/with/key-files \
-g keyname -o sha256,rsa4096 -K u-boot.dtb -r unused.itb
Signed-off-by: Massimo Pegorer <massimo.pegorer@vimar.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
We need extensions to be set up before we start trying to boot any of the
bootdevs. Add a new priority before all the others for tht sort of thing.
Also add a 'none' option, so that the first one is not 0.
While we are here, comment enum bootdev_prio_t fully and expand the test
for the 'bootdev hunt' command.
Signed-off-by: Simon Glass <sjg@chromium.org>
At this point, the remaining places where we have a symbol that is
defined as CONFIG_... are in fairly odd locations. While as much dead
code has been removed as possible, some of these locations are simply
less obvious at first. In other cases, this code is used, but was
defined in such a way as to have been missed by earlier checks. Perform
a rename of all such remaining symbols to be CFG_... rather than
CONFIG_...
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Remove some CONFIG symbols and related comments, etc, that are unused
within the code itself at this point.
Signed-off-by: Tom Rini <trini@konsulko.com>
Provide a man-page for the bdinfo command
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Provide a man-page for the blkcache command.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Provide a man-page for the source command.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
patman fix for checkpatch
binman optional entries, improved support for ELF symbols
trace improvements
minor fdt refactoring
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAmPIpV4RHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreZuqwgA0UpYQEX6/MegzHSCIx3AMT4rCF1Ytitr
LS4Cbvj1Q09Rt9jriW7wAV5AobVPwGf2L5SVcnWv2I9+MmypDIXEe8HIrt2fRFu9
bzn/2GOzXczuXqPFa/CWOUwjvCzTb8Sl9NtRszrP5NvOzuN15x00ZUYaXFO7fgsB
zZMzOKxemwjdtLaox+x+VIJ95HMDEkYrWTAqTPg74CNVSjRbbLNqNq0zqkHB8SnH
ubgphtIKYItTeIXcfIa9V4LeQp0ZitkzSfAibX+nIPCMPg9jbG9MrQQ+VvSZDjnM
y8wa8gFj47Ek+gGNFXMHIpO6tBd83uHRgtf2x+zhcovLELYnZ6fDGw==
=1K6m
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-18jan23' of https://source.denx.de/u-boot/custodians/u-boot-dm
convert rockchip to use binman
patman fix for checkpatch
binman optional entries, improved support for ELF symbols
trace improvements
minor fdt refactoring
This implements the following command:
part type mmc 0:1
-> print partition type UUID
part type mmc 0:1 uuid
-> set environment variable to partition type UUID
"part type" can be useful when writing a bootcmd which searches for a
specific partition type to enable automatic discovery of partitions and
their intended usage or mount point.
Signed-off-by: Enric Balletbo i Serra <eballetbo@redhat.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: Fix when CONFIG_PARTITION_TYPE_GUID is disabled and have the
command check for "types" before "type"]
Signed-off-by: Tom Rini <trini@konsulko.com>
Change the string 'a optionnal' to 'an optional'.
Signed-off-by: Enric Balletbo i Serra <eballetbo@redhat.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The function arch_cpu_init_dm was renamed to fsp_setup_pinctrl in these
cases, so rename debug / docs to match.
Cc: Simon Glass <sjg@chromium.org>
Fixes: 7fe32b3442 ("event: Convert arch_cpu_init_dm() to use events")
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
To quote the author:
So far standard boot lacks a boot menu, although it is possible to create
a rudimentary one using the existing 'bootmenu' command.
Even then, this text-based menu offer only basic functionality and does
not take full advantage of the displays which are common on many devices.
This series provides a 'bootflow menu' command which allows the user to
select from the available bootflows. An attempt is made to show the name
of the available operating systems, by reading more information into the
bootflow. A logo can be read also, where supported, so that this can be
presented to the user when an option is highlighted.
Full use is made of TrueType fonts, if enabled. For cases where only a
serial console is available, it falls back to a simple text-based menu.
All of this is implementing using a new 'expo' construct, a collection of
scenes (like menu screens) which can be navigated by the user to view
information and select options. This is fairly general and should be able
to cope with a wider array of use cases, with less hacking of the menu
code, such as is currently needed for CMD_BOOTEFI_BOOTMGR.
Of course it would be possible to enhance the existing menu rather than
creating a new setup. Instead it seems better to make the existing menu
use expo, if code space permits. It avoids the event-loop problem and
should be more extensible, given its loosely coupled components and use of
IDs instead of pointers. Further motivation is provided in the
documentation.
For now the CLI keypress-decoding code is split out to be used by the new
menu. The key codes defined by menu.h are reused also.
This is of course just a starting point. Some ideas for future work are
included in the documentation.
Neural Compute Module 2(Neu2) IO board is an industrial form factor
IO board from Edgeble AI.
General features:
- microSD slot
- MIPI DSI connector
- 2x USB Host
- 1x USB OTG
- Ethernet
- mini PCIe
- Onboard PoE
- RS485, RS232, CAN
- Micro Phone array
- Speaker
- RTC battery slot
- 40-pin expansion
Neu2 needs to mount on top of this IO board in order to create complete
Edgeble Neural Compute Module 2(Neu2) IO platform.
Add support for it.
Signed-off-by: Jagan Teki <jagan@edgeble.ai>
Add calibration support for stm32-adc
Linux kernel v6.1 DT synchronization for stm32mp151.dtsi
stm32mp157a-dk1-scmi-u-boot.dtsi update
Add support of OP-TEE and STM32MP13x in bsec driver
ECDSA various fixes for stm32mp
-----BEGIN PGP SIGNATURE-----
iQJQBAABCgA6FiEEXyrViUccKBz9c35Jysd4L3sz/6YFAmPBXKccHHBhdHJpY2Uu
Y2hvdGFyZEBmb3NzLnN0LmNvbQAKCRDKx3gvezP/pqAsD/9DhQqYRxCNdFmvchPq
svu9qB/9lig27IjjLdnUQpIp2xbMH7ki90JrV9Bk6uet6+46mtNlddLhUjJmlEG3
QQGJzEohYQO7T2RZ1PoHbgQMow/wkZn0Li0zDYW2FHlBdZP1Yd4c+rjiVyYg0oHZ
z5B/QkXIIo5czVRixwU7RzERfHWbzRAVSJ9nqnchOZCt25gkTwfzoeOtdjg3/H48
AmdMs4/z3Vcc4MkMAb3rQbPGCjrlzPEVSEPiGQrSNoVl7u6sRz24gJ0uoJV9NRY+
8IsAHXMZ4agYUnBSilupTZDOwg9RzX1NammY7a9Fw5Ew0qI7YoolhsEoChBeBXGM
IfH8MB5Jiw1aZpUL6bHX83OpVgpDl/yIZyfWniXQq7tDgwNq6NEtigyDnFr8Z4bS
QuLmSCDprRM3OuhZTb6ZQBg4A4mRGU4ASOaVyb0kQ+x6zEVeklxi1EAYIVggKWem
DimaSa2zqjWieYQy5JmhraH7Qnb4/OfgtXl9Yj3s1P1bI7kuuCSzJOeBl8Gv13pK
kJQG73ar4CEg3hxTXtrrQ6Vl9ti0K2GGaeq2IZP7MJDSIKitgZIIc+b0jku0pfr8
ep6Ecql1xVExYPqn4Y9pVT6YuuRy2M+ag3dbtBWv79h0oSZUuDFy8RZssHXYA/RB
zzGwJT0N9U2Zm0VxTCz2wBioLQ==
=SNID
-----END PGP SIGNATURE-----
Merge tag 'u-boot-stm32-20230113' of https://source.denx.de/u-boot/custodians/u-boot-stm
Add driver to manage onboard hub supplies
Add calibration support for stm32-adc
Linux kernel v6.1 DT synchronization for stm32mp151.dtsi
stm32mp157a-dk1-scmi-u-boot.dtsi update
Add support of OP-TEE and STM32MP13x in bsec driver
ECDSA various fixes for stm32mp
The gpio_hog_probe_all() functionality can be perfectly well replaced by
DM_FLAG_PROBE_AFTER_BIND DM flag, which would trigger .probe() callback
of each GPIO hog driver instance after .bind() and thus configure the
hogged GPIO accordingly.
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Samuel Holland <samuel@sholland.org>
When OP-TEE is used, the SMC for BSEC management are not available and
the STM32MP BSEC pseudo TA must be used (it is mandatory for STM32MP13
and it is a new feature for STM32MP15x).
The BSEC driver try to open a session to this PTA BSEC at probe
and use it for OTP read or write access to fuse or to shadow.
This patch also adapts the commands stm32key and stboard to handle
the BSEC_LOCK_PERM lock value instead of 1.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Make sure the 'exit' command as well as 'exit $val' command exits
from environment scripts immediately and propagates return value
out of those scripts fully. That means the following behavior is
expected:
"
=> setenv foo 'echo bar ; exit 1' ; run foo ; echo $?
bar
1
=> setenv foo 'echo bar ; exit 0' ; run foo ; echo $?
bar
0
=> setenv foo 'echo bar ; exit -2' ; run foo ; echo $?
bar
0
"
As well as the followin behavior:
"
=> setenv foo 'echo bar ; exit 3 ; echo fail'; run foo; echo $?
bar
3
=> setenv foo 'echo bar ; exit 1 ; echo fail'; run foo; echo $?
bar
1
=> setenv foo 'echo bar ; exit 0 ; echo fail'; run foo; echo $?
bar
0
=> setenv foo 'echo bar ; exit -1 ; echo fail'; run foo; echo $?
bar
0
=> setenv foo 'echo bar ; exit -2 ; echo fail'; run foo; echo $?
bar
0
=> setenv foo 'echo bar ; exit ; echo fail'; run foo; echo $?
bar
0
"
Fixes: 8c4e3b79bd ("cmd: exit: Fix return value")
Reviewed-by: Hector Palacios <hector.palacios@digi.com>
Signed-off-by: Marek Vasut <marex@denx.de>
This adds the UUU UCmd functionality as an OEM command. While the
fastboot tool allows sending arbitrary commands as long as they are
prefixed with "oem". This allows running generic U-Boot commands over
fastboot without UUU, which is especially useful when not using USB.
This is really the route we should have gone in the first place when
adding these commands.
While we're here, clean up the UUU Kconfig a bit.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Heiko Schocher <hs@denx.de>
Adds DT binding documentation for the TI Error Location Module.
This is picked up from the Linux Kernel.
Signed-off-by: Roger Quadros <rogerq@kernel.org>
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Link: https://lore.kernel.org/all/20221220102203.52398-8-rogerq@kernel.org
Add DT binding documentation for the TI GPMC NAND controller.
This is picked up from the Linux Kernel.
Signed-off-by: Roger Quadros <rogerq@kernel.org>
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Link: https://lore.kernel.org/all/20221220102203.52398-4-rogerq@kernel.org
As discussed previously [1,2], the source command is not safe to use with
verified boot unless there is a key with required = "images" (which has its
own problems). This is because if such a key is absent, signatures are
verified but not required. It is assumed that configuration nodes will
provide the signature. Because the source command does not use
configurations to determine the image to source, effectively no
verification takes place.
To address this, allow specifying configuration nodes. We use the same
syntax as the bootm command (helpfully provided for us by fit_parse_conf).
By default, we first try the default config and then the default image. To
force using a config, # must be present in the command (e.g. `source
$loadaddr#my-conf`). For convenience, the config may be omitted, just like
the address may be (e.g. `source \#`). This also works for images
(`source :` behaves exactly like `source` currently does).
[1] https://lore.kernel.org/u-boot/7d711133-d513-5bcb-52f2-a9dbaa9eeded@prevas.dk/
[2] https://lore.kernel.org/u-boot/042dcb34-f85f-351e-1b0e-513f89005fdd@gmail.com/
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
To make things more human readable, say "changesets from" rather than
"csets from" in all our historical pages here. Moving forward this has
been changed in our gitdm with b034e399e31a ("gitdm: fix typo csets").
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Sphinx supports generating Texinfo sources and Info documentation,
which can be navigated easily and is convenient to search (via the
indexed nodes or anchors, for example). This is basically the same as
1f050e904dd6f2955eecbd22031d912ccb2e7683, which was recently applied
to the Linux kernel.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
qemu can emulate also e500v1 core but cannot emulate CPUs from Freescale
PowerPC QorIQ T and P series.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Texas Instrument's entire K3 generation of SoCs use much of the same
frameworks and boot flow, especially at the uboot level. Though there
are small differences introduced as each new K3 based SoC is developed
and as the K3 generation matures that will also need to be documented.
Rather than copying the same documentation, with the small differences
applicable to that specific SoC to a new page, introduce a new K3
page that can describe the general boot flow and design decisions for
the entire K3 generation of chips, leaving the specifics for that
particular SoC to a unique sub-page below this one.
Signed-off-by: Bryan Brattlof <bb@ti.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Texas Instruments produces quite a lot of SoCs based upon a common
architecture 'generation'. (eg: OMAP, K3) TI's existing documentation
layout makes noticing this generation jump rather difficult.
To make navigation easier, split the existing documentation into
individual SoC families so we may begin grouping them according to their
generational (eg: OMAP, K3) families.
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
This converts the following to Kconfig:
CONFIG_MONITOR_IS_IN_RAM
As part of this, reword some of the documentation slightly to reflect
that this is in Kconfig and not a define now.
Signed-off-by: Tom Rini <trini@konsulko.com>
This converts the following to Kconfig:
CONFIG_FLASH_SPANSION_S29WS_N
CONFIG_FLASH_VERIFY
CONFIG_FSL_FM_10GEC_REGULAR_NOTATION
CONFIG_FSL_ISBC_KEY_EXT
CONFIG_FSL_TRUST_ARCH_v1
CONFIG_FSL_SDHC_V2_3
CONFIG_MAX_DSP_CPUS
CONFIG_MIU_2BIT_INTERLEAVED
CONFIG_SERIAL_BOOT
CONFIG_SPI_BOOTING
CONFIG_X86EMU_RAW_IO
Signed-off-by: Tom Rini <trini@konsulko.com>
This option is only used on one platform currently. However, with PHYLIB
enabled, which this platform also does, this option is not checked and
the functional use case is handled. Remove this code.
Signed-off-by: Tom Rini <trini@konsulko.com>
The 'Configuration' heading should be on level 2, not on level 1.
Fixes: eaa268589e ("doc: man-page for the printenv command")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
