P1/P2 RDB boards have external max6370 watchdog connected to CPLD and this
watchdog is not deactivated on board reset. So if it is active during board
reset, it can trigger another reset when CPU is booting U-Boot. To prevent
possible infinite reset loop caused by external watchdog, turn it off
before reset.
Do it via a new board_reset_prepare() callback which is called from
do_reset() function before any reset sequence.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
CPLD's system reset register is buggy and requires workaround in U-Boot.
So use this kind of board reset only when there is no other reset option.
Introduce a new board_reset_last() callback which is last-stage
board-specific reset and implement CPLD's system reset in this new
board_reset_last() callback instead of board_reset() callback.
Fixes: 20fb58fc5a ("board: freescale: p1_p2_rdb_pc: Implement board_reset()")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
If watchdog timer was already set to non-disabled value then it means that
watchdog timer was already activated, has already expired and caused CPU
reset. If this happened then due to CPLD firmware bug, writing to wd_cfg
register has no effect and therefore it is not possible to reactivate
watchdog timer again. Watchdog starts working again after CPU reset via
non-watchdog method.
Implement this workaround (reset CPU when it was reset by watchdog) to make
watchdog usable again. Watchdog timer logic on these P1/P2 RDB boards is
connected to CPLD, not to SoC itself.
Note that reset does not occur immediately after calling do_reset(), but
after few ms later as real reset is done by CPLD. So it is normal that
function do_reset() returns. Therefore hangs after calling do_reset() to
prevent CPU execution of the rest U-Boot code.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
CPLD's system reset register on P1/P2 RDB boards is not autocleared after
flipping it. If this register is set to one in 100ms after reset starts
then CPLD triggers another CPU reset.
This means that trying to reset board via CPLD system reset register cause
reboot loop. To prevent this reboot loop, the only workaround is to try to
clear CPLD's system reset register as early as possible. U-Boot is already
doing it in its board_early_init_f() function, which seems to be enough as
register is cleared prior CPLD triggers another reset.
But board_early_init_f() is not called from SPL and therefore usage of SPL
can cause reboot loop.
To prevent reboot loop when using SPL, call board_early_init_f() function
in SPL too. For accessing CPLD memory space it is needed to have CPLD entry
in TLB.
With this change it is possible to trigger board reset via CPLD's system
reset register on P2020 RDB board.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
If ethernet connected to SFP, like this:
&enetc_port0 {
phy-connection-type = "sgmii";
sfp = <&sfp0>;
managed = "in-band-status";
status = "okay";
};
Then enetc_config_phy returns -ENODEV and the memory containing the mdio interface is freed.
It's better to unregister and free mdio resources.
Signed-off-by: Siarhei Yasinski <siarhei.yasinski@sintecs.eu>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
In both the Freescale DDR controller and the SPD spec, bank address bits
are stored as the number of bank address bits minus 2. For example, if a
chip had 8 banks (3 total bank address bits), the value of
bank_addr_bits would be 1. This is rather surprising for users
configuring their memory manually, since they can't set bank_addr_bits
to the actual number of bank address bits. Rectify this.
There is at least one example of this kind of mistake already, in
board/freescale/t102xrdb/ddr.c. The documented MT40A512M8HX has two bank
address bits, but bank_addr_bits was set to 2, implying 4 bank address
bits. Such a value is reserved in BA_BITS_CS, but I suspect the
controller simply ignores the top bit, making this kind of mistake
harmless, if misleading.
Fixes: e8a7f1c32b ("powerpc/t1023rdb: Add T1023 RDB board support")
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The interactive mode uses large several tables of options which can be
configured. However, much of the contents of these tables are
repetetive. For example, no struct is larger than half a kilobyte, so
the offset only takes up 9 bits. Similarly, the size is only ever 4 or
8, and printhex is a boolean. Reduce the size of these fields. This
reduces the size of the options tables by around 10 KiB. However, the
largest contributor to the size of the options tables is the use of a
pointer for the strings. A better approach would be to use a separate
array of strings, and store an integer index in the options tables.
However, this would require a large re-architecting of this file.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The frequency of the system counter is static which is given by the
COUNTER_FREQUENCY option. Remove COUNTER_FREQUENCY_REAL.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Depending on the boot source, set different CLI prompts. This will help
the user to figure out in which mode the bootloader was started. There
are two special modes: failsafe and SDHC boot.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
During startup the SPL will print where the u-boot proper is read from.
Instead of using the default names, provide more user friendly names.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The board is able to boot from the following source:
- user-updateble SPI flash
- write-protected part of the same SPI flash
- eMMC
- SD card
Implement the needed function hooks to support all of these boot
sources.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
By default the OCRAM is marked as secure. While the SPL runs in EL3 and
thus can access it, DMA devices cannot. Mark the whole OCRAM as
non-secure.
This will fix MMC and SD card boot on LS1028A when using SPL instead of
TF-A.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Add an option to tell the TPM to commit non-volatile data immediately it
is changed, rather than waiting until later. This is needed in some
situations, since if the device reboots it may not write the data.
Add definitions for the rest of the Cr50 commands while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Add a vendor-specific TPM2 command for this and implement it for Cr50.
Note: This is not part of the TPM spec, but is a Cr50 extension.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
It is useful to read information about the current TPM state, where
supported, e.g. for debugging purposes when verified boot fails.
Add support for this to the TPM interface as well as Cr50. Add a simple
sandbox test.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
At present the emulator assumes that the TPM is inited in the same phase
where it is used. But in fact SPL may init the TPM, so we don't want to
complain when U-Boot proper later uses it. Remove this check.
It might be best to save this information into the device state for the
TPM, so that we can make sure the TPM was inited at some point. For now,
this seems good enough.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The message format is incorrect. Fix it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The offset here is incorrect. Fix it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This feature is used for measured boot, so we can add a log entry to the
TCPA with some information about where the digest comes from. It is not
currently supported in the TPM drivers, but add it to the API so that
code which expects it can signal its request.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
UEFI specification 2.9A requires to display the EUI-64 "in hexadecimal
format with byte 7 first (i.e., on the left) and byte 0 last".
This is in contrast to what the NVMe specification wants.
But it is what EDK II has been implementing.
Here is an example with the patch applied:
qemu-system-aarch64 -machine virt -cpu cortex-a72 -nographic \
-bios denx/u-boot.bin \
-device nvme,id=nvme1,serial=9ff81223 \
-device nvme-ns,bus=nvme1,drive=nvme1n0,eui64=0x123456789ABCDEF0 \
-drive file=arm64.img,if=none,format=raw,id=nvme1n0
=> nvme scan
=> efidebug devices
Device Path
====================
/VenHw(…)/NVMe(0x1,f0-de-bc-9a-78-56-34-12)
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Display the EBBRv2.0 conformance in the ECPT table.
The EBBRv2.0 conformance profile is set in the ECPT if
CONFIG_EFI_EBBR_2_0_CONFORMANCE=y.
Signed-off-by: Jose Marinho <jose.marinho@arm.com>
Add dependencies for CONFIG_EFI_EBBR_2_0_CONFORMANCE.
Enable the setting by default.
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The ECPT table will be included in the UEFI specification 2.9+.
The ECPT table was introduced in UEFI following the code-first path. The
acceptance ticket can be viewed at:
https://bugzilla.tianocore.org/show_bug.cgi?id=3591
The Conformance Profiles table is a UEFI configuration table that contains
GUID of the UEFI profiles that the UEFI implementation conforms with.
The ECPT table is created when CONFIG_EFI_ECPT=y.
The config is set by default.
Signed-off-by: Jose Marinho <jose.marinho@arm.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The selftest checking the handling of exceptions in UEFI binaries is using
assembly to provide an undefined instruction. On the sandbox the correct
form of the instruction depends on the host architecture.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
In the extended text input protocol support input of control letters
0x1c - 0x1f.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
We cannot expect the buffers passed to the input protocols to be zero
filled. If only modifier keys are pressed, we have to return EFI_NOT_READY
but we still have to fill the key structure.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
We need to support multiple digits in the parts of the UEFI verision
number. E.g.
EFI_SPECIFICATION_VERSION = (123 << 16) | 456
must be printed as
123.45.6
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The host will report such error message if the fastboot device work in
full-speed mode: "Duplicate descriptor for config 1 interface 0
altsetting 0, skipping"
Fastboot device ack both full and high speed interface descriptors when
work in full-speed mode, that's will cause this issue.
Fix it.
Signed-off-by: qianfan Zhao <qianfanguijin@163.com>
Reviewed-by: John Keeping <john@metanate.com>
The compatible values used for device nodes representing Renesas Reduced
Pin Count Interfaces were based on preliminary versions of the Device
Tree Bindings.
Correct them in both DTSi files and drivers, to match the final DT
Bindings.
Note that there are no DT bindings for RPC-IF on RZ/A1 yet, hence the
most logical SoC-specific value is used, without specifying a
family-specific value.
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
As the Renesas Reduced Pin Count Interface may be locked by TF-A, it is
disabled by default[1]. When unlocked, TF-A passes a DT fragment to
enable it, which is applied to the U-Boot DT[2].
Unlike the memory layout, the RPC-IF enablement is not propagated to
subsequent software. Hence e.g. Linux cannot know if the RPC-IF is
locked or not, and will lock-up when trying to access the RPC-IF when
locked.
Fix this by checking if the RPC-IF is enabled in the TF-A DT fragment, and
setting the status of the RPC-IF device node in the target DT, if
present, to "okay". Do this only when a "flash" subnode is found, to
avoid errors in subsequent software when the RPC-IF is not intended to
be used.
Note that this requires the status of the RPC-IF node to be set to
"disabled" in the target DT, just like in the U-Boot DT.
[1] commit 3d5f45c95c ("ARM: dts: rmobile: Disable RPC HF by
default")
[2] commit 361377dbdb ("ARM: rmobile: Merge prior-stage firmware
DT fragment into U-Boot DT on Gen3")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
According to the Generic Names Recommendation in the Devicetree
Specification Release v0.3, and the DT Bindings for the Renesas Reduced
Pin Count Interface, the node name for a Renesas RPC-IF device should be
"spi". Especially on R-Car Gen3 and RZ/G2, the node name matters, as
the node is enabled by passing a DT fragment from TF-A to U-Boot, and
from U-Boot to subsequent software.
Fix this by renaming the device nodes from "rpc" to "spi".
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Add bindings needed for accessing the FWU metadata regions.
These include the compatible string which point to the access
method, the actual device which stores the FWU metadata and
the offsets for both metadata regions.
The current patch adds basic bindings needed for accessing the
metadata structure on non-GPT mtd regions.
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org>
The old "Patches" wiki page is not available anymore. Now that the
content has been integrated with the submitting_patches document,
reference that instead.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
- Use gender-neutral language to refer to the user, consistently.
- Reference the checkpatch document.
- Move the section on commit message tags to the process document and
reference this in sending_patches.rst.
- Reword the custodian workflow process section to refer to this new
section, integrate some of the wording from there in this new section.
- Update the comment about GPLv2 applying to August 2022, to be clear
this still is correct.
- Reword the section about MAKEALL to talk about local build testing and
link to the CI document.
- Reference the system_configuration document for the note about
modifying existing code.
- Reword the patchwork flow section.
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Tom Rini <trini@konsulko.com>
Import as-is much of the old "Patches" wiki page to the current
sending_patches.rst file. This means we need to move patman to being
included in the higher level ToC and add a reference for "Custodians" in
the process document. A very minimal amount of content changing and
rewording is done here as part of the import, in order to make the
conversion easier.
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add gpio status output fields description and one output example.
Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tweak the formatting.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Only probed block devices are available in the UEFI sub-system. Multiple
block devices may be involved in the boot process. So we have to make sure
that all block devices are probed. Another reason is that we store UEFI
variables on the ESP which may be on any block device.
On the sandbox before the patch:
=> efidebug devices
No EFI system partition
Device Device Path
================ ====================
000000001b027c70 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)
000055d078bc1ae0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/Uart(0,0,D,D)
000000001b22e0b0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/MAC(020011223344,1)
After the patch:
=> efidebug devices
No EFI system partition
Device Device Path
================ ====================
000000001b027c70 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)
000055bdac8ddae0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/Uart(0,0,D,D)
000000001b230920 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(2)/SD(0)
000000001b233ac0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(1)/SD(1)
000000001b233b80 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(1)/SD(1)/HD(1,GPT,d0a914ee-a71c-fc1e-73f0-7e302b0e6c20,0x30,0x1)
000000001b234110 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(1)/SD(1)/HD(2,GPT,9330a0ea-8aff-f67a-294c-fa05d60896c3,0x31,0x1)
000000001b22f0e0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/SD(0)/SD(2)
000000001b238df0 /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/MAC(020011223344,1)
Fixes: a9bf024b29 ("efi_loader: disk: a helper function to create efi_disk objects from udevice")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Newer versions of GCC won't initialize parts of structures which don't
appear to be used. This results in uninitialized semihosting parameters
passed via R1. Fix this by marking the inline assembly as clobbering
memory.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
LibreSSL 3.5.0 and later (also shipped as part of OpenBSD 7.1 and
and later) have an opaque RSA object and do provide the
RSA_get0_* functions that OpenSSL provides.
Fixes: 2ecc354b8e ("tools: mkimage: fix build with LibreSSL")
Signed-off-by: Mark Kettenis <kettenis@openbsd.org>
Reviewed-by: Jonathan Gray <jsg@jsg.id.au>
FTD blob can be put immediately after the OS image.
So use strict inequality for start address check.
Fixes: fbde7589ce ("common: bootm: add checks to verify if ramdisk / fdtimage overlaps OS image")
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
fit_image_get_comp() should not set value -1 in case it can't read
the compression node. Instead, leave the value untouched in that case
as it can be absent and a default value previously defined by the
caller of fit_image_get_comp() should be used.
As a result the warning message
WARNING: 'compression' nodes for ramdisks are deprecated, please fix your .its file!
no longer shows if the compression node is actually absent.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Change variable name 'imape_comp' to the supposedly intended name
'image_comp'.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
This reinstates fix from commit 8f8c04bf1e ("i2c: fix stack buffer
overflow vulnerability in i2c md command") without the changes unrelated
to the actual fix. Avoid the underflow by setting only nbytes and
linebytes as unsigned integers.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Heiko Schocher <hs@denx.de>
Cc: Nicolas Iooss <nicolas.iooss+uboot@ledger.fr>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tim Harvey <tharvey@gateworks.com>
Acked-by: Tim Harvey <tharvey@gateworks.com>
This reverts commit 8f8c04bf1e.
The commit is largely wrong and breaks most of i2c command functionality.
The problem described in the aforementioned commit commit message is valid,
however the commit itself does many more changes unrelated to fixing that
one problem it describes. Those extra changes, namely the handling of i2c
device address length as unsigned instead of signed integer, breaks the
expectation that address length may be negative value. The negative value
is used by DM to indicate that address length of device does not change.
The actual bug documented in commit 8f8c04bf1e
can be fixed by extra sanitization in separate patch.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Heiko Schocher <hs@denx.de>
Cc: Nicolas Iooss <nicolas.iooss+uboot@ledger.fr>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
