Documentation:
* mkeficapsule man-page
UEFI changes:
* add support for signing images to mkeficapsule
* add support for user define capsule GUID
* adjust unit tests for capsules
* fix UEFI image signature validation in case of multiple signatures
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmIGtKEACgkQxIHbvCwF
GsSWlg//Vr61dpbpPVuczl18OtojpUzMg8bwqc4tJQRQrOGMGjmPqrGZJCm1pmMH
Q5ZD4QCAdycbRqAqcpdX9FXHmD5R0HvGmhlC9TnXxo4nKaOcphMMC3PFjBQZlhPJ
KPc7jjoIcycz+fRqbd4CGRFXNGJAecK++4uM6v6WCNF3Dq16r0ws1aUTG7YPlaJF
JNo3/4eEQpRsplNXpJsqVPQhbfLuaiCOJc8VUWYNylRdhBC7Dx8yI7m1FHOSBbKb
Pk4tbysEhowcSc2Duc9muxkaVAkSy/mIHj1I8Z2VzpzH8zXcaiHMjROqMGOE+vwx
raDzJI0ZcEV/MEbm/QLCALlCKqN3d1NRmZLAvXPYN4+ioA8lzPAEnqEywXRPY/Yk
KnkDWaF1KEKzDaY52oqkh2LkasY9wzluvb1sm+oW9bh/kn4wKLr0Z1oSl92/vvci
S/ztLqxhqlXpWx0NzOFnNvUUkEl0VN6IM/+Bsg5AoO7mdWe7MC3iSPOU1Ge5wRU9
R9BLaTrr61/+soc2jrJL5PQr3Rqtyo1qLpIusMFT88jeFp0b8AIUL2AUlJsAUXYg
a2NV7qGUsZN/Ur488N1t7DixTkjGdStHKRk06bSTPrOpfA2oembdA2/H/HECoJMP
JzdwMeZM0qcxFGTbC7c3yO3cTVVYPyIDGh1YEBYjCzfL6AuR2uU=
=AAdJ
-----END PGP SIGNATURE-----
Merge tag 'efi-2022-04-rc2-4' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2022-04-rc2-4
Documentation:
* mkeficapsule man-page
UEFI changes:
* add support for signing images to mkeficapsule
* add support for user define capsule GUID
* adjust unit tests for capsules
* fix UEFI image signature validation in case of multiple signatures
The existing options, "--fit" and "--raw," are only used to put a proper
GUID in a capsule header, where GUID identifies a particular FMP (Firmware
Management Protocol) driver which then would handle the firmware binary in
a capsule. In fact, mkeficapsule does the exact same job in creating
a capsule file whatever the firmware binary type is.
To prepare for the future extension, the command syntax will be a bit
modified to allow users to specify arbitrary GUID for their own FMP driver.
OLD:
[--fit <image> | --raw <image>] <capsule file>
NEW:
[--fit | --raw | --guid <guid-string>] <image> <capsule file>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Now we can use mkeficapsule command instead of EDK-II's script
to create a signed capsule file. So update the instruction for
capsule authentication.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Add a man page for mkeficapsule command.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Fix some typo and wrong information about dfu_alt_info.
- Add the parameter format, decimal only or hexadecimal.
- Use same parameter name for the same kind of parameters.
(e.g. dev -> dev_id)
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Addresses the feedback provided on 5902a397d0 ("mkimage: Allow to
specify the signature algorithm on the command line") which raced with
the merge.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
this will add kaslrseed keyword to sysboot lable,
when it set, it will request to genarate random number
from hwrng as kaslr-seed.
with this patch exlinux.conf label looks like
label l0
menu testing
linux /boot/vmlinuz-5.15.16-arm
initrd /boot/initramfs-5.15.16-arm.img
fdtdir /boot/dtbs/5.15.16-arm/
kaslrseed
append root=UUID=92ae1e50-eeeb-4c5b-8939-7e1cd6cfb059 ro
Tested on Khadas VIM with kernel 5.16.0-rc5-arm64, Debian 11.
Signed-off-by: Zhang Ning <zhangn1985@qq.com>
Apple SoCs have an integrated NVMe controller that isn't connected
over a PCIe bus. In preparation for adding support for this NVMe
controller, split out the PCI support into its own file. This file
is selected through a new CONFIG_NVME_PCI Kconfig option, so do
a wholesale replacement of CONFIG_NVME with CONFIG_NVME_PCI.
Signed-off-by: Mark Kettenis <kettenis@openbsd.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested on: Macbook Air M1
Tested-by: Simon Glass <sjg@chromium.org>
We can now use same U-Boot images on both QEMU virt machine and QEMU
spike machine so let's update the QEMU RISC-V documentation.
Signed-off-by: Anup Patel <apatel@ventanamicro.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
This adds initial support for the Toradex Verdin iMX8M Plus Quad 4GB WB
IT V1.0B module. They are strapped to boot from eFuses which are factory
fused to properly boot from their on-module eMMC. U-Boot supports
booting from the on-module eMMC only, SDP support is disabled for now
due to missing i.MX 8M Plus USB support.
Functionality wise the following is known to be working:
- eMMC, 8-bit and 4-bit MMC/SD card slots
- Ethernet both on-module eQoS and FEC (requires PHY on carrier board)
- GPIOs
- I2C
Boot sequence is:
SPL ---> ATF (TF-A) ---> U-boot proper
ATF, U-boot proper and u-boot.dtb images are packed into a FIT image,
loaded by SPL.
Boot:
U-Boot SPL 2022.04-rc1-00164-g21a0312611-dirty (Feb 07 2022 - 11:34:04 +0100)
Quad die, dual rank failed, attempting dual die, single rank configuration.
Normal Boot
WDT: Started watchdog@30280000 with servicing (60s timeout)
Trying to boot from BOOTROM
Find img info 0x&48025a00, size 872
Need continue download 1024
Download 779264, Total size 780424
NOTICE: BL31: v2.2(release):rel_imx_5.4.70_2.3.2_rc1-5-g835a8f67b
NOTICE: BL31: Built : 16:52:37, Aug 26 2021
U-Boot 2022.04-rc1-00164-g21a0312611-dirty (Feb 07 2022 - 11:34:04 +0100)
CPU: Freescale i.MX8MP[8] rev1.1 at 1200 MHz
Reset cause: POR
DRAM: 8 GiB
Core: 78 devices, 18 uclasses, devicetree: separate
WDT: Started watchdog@30280000 with servicing (60s timeout)
MMC: FSL_SDHC: 1, FSL_SDHC: 2
Loading Environment from MMC... OK
In: serial
Out: serial
Err: serial
Model: Toradex Verdin iMX8M Plus Quad 4GB Wi-Fi / BT IT V1.0B, Serial# 06817281
Carrier: Toradex Verdin Development Board V1.1A, Serial# 10807609
Setting variant to wifi
Net: Hard-coding pdata->enetaddr
eth1: ethernet@30be0000, eth0: ethernet@30bf0000 [PRIME]
Hit any key to stop autoboot: 0
Verdin iMX8MP #
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
As suggested in commit 028abfd9b1 ("imx8mm-evk: Generate a single
bootable flash.bin again") for imx8mm_evk, it is possible to produce
single bootable image via binman. This restores the original behavior in
distros, where only one boot container is used to create target image.
Perform similar adaptions in order to provide single bootable image for
imx8mn-ddr4-evk derivate.
Update documentation to drop additional step of copying u-boot.itb
Fixes: 353dfe4b43 ("imx8mn-ddr4-evk: switch to use binman")
Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
imx8mm-u-boot.dtsi passes the ATF load address via the
'entry' and 'load' properties.
Remove the step that performs the ATF_LOAD_ADDR export, which is
now unneeded.
Signed-off-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Patrick Wildt <patrick@blueri.se>
imx8mm-u-boot.dtsi passes the ATF load address via the
'entry' and 'load' properties.
Remove the step that performs the ATF_LOAD_ADDR export, which is
now unneeded.
Signed-off-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Patrick Wildt <patrick@blueri.se>
imx8mm-u-boot.dtsi passes the ATF load address via the
'entry' and 'load' properties.
Remove the step that performs the ATF_LOAD_ADDR export, which is
now unneeded.
Signed-off-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Patrick Wildt <patrick@blueri.se>
This resyncs us with the version found in v5.16 of the Linux kernel with
the following exceptions:
- Keep our u-boot specific tests / code area.
- Change the location of checkpatch.rst
- Drop the "use strscpy" test as we don't have that, but do have strlcpy
and want that used now.
- Keep debug/printf in the list for $logFunctions
This also syncs the spdxcheck.py tool and all the associated
documentation.
S
Signed-off-by: Simon Glass <sjg@chromium.org>
Documentation:
* update Nokia RX-51 documentation and move it to rst
* describe boot switch settings for HiFive Unmatched board
UEFI:
* fix the checking of images hashes and signatures
* provide the RISCV_EFI_BOOT_PROTOCOL
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmH1CY8ACgkQxIHbvCwF
GsTTXA/+L53FjKHiOQLf9+FrNO7AZ7OcL51brl97eRuQ/jVaF4ClPnDrwPv+uj8m
rXJHZr6WLRc7A1bIwTYhoetrir07A4pZSHAiKTQuJS2uVFgX25Lp4y5vPt1jgIwF
BsRyVxF50crNQjDuSDUQF6RHCa5QhvgZ9mZ/WQQ0MjRRysnw6sISvNc9HbZLdbau
FheOHERJknE1HELeAg/5KKRn1lt3ew6/QdEqPCvKuhsNW4y31zYyHXt1bvpK8cq0
6m2fRX87nnaIExAb3WLiID91jyPMmrg3ZUndFJfjcAwjelYa50xxHr/vEgw9S1Pb
xMMZSKTmEFoVdX7umW9uw/p0tWygGOUw8/d9bsZPv7qh1akwoKog2BVl/zRbW+5n
x4zCNXOllh0p2u8rRQRu8BqVNXZpw+Intk5frVPeazwbnvBrZFd7jN3JyHMtbUkv
xXJBgHQgbn3z3+zQf9XEa7VjQ+l92x5n0IRWlRxYYEUkMW6o8XZyhzY5Xn1Q7K2z
kLBx/U7o633D2BPtlt66HmIJa/fH02nD7TmmQy3j0ICQdB2GbHOs2uRF5rATV7v0
LukLrTr7kSebOhyINvabsLl126URsx2YjUs7lhPy6ILWm+QGUs8tqyKdTe0gQ7AZ
vneyV2v3CDmMBF3MhE178/kdoJnwk8q7c7JiCQpLNXA33CJCnxw=
=+edp
-----END PGP SIGNATURE-----
Merge tag 'efi-2022-04-rc1-3' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2022-04-rc1-3
Documentation:
* update Nokia RX-51 documentation and move it to rst
* describe boot switch settings for HiFive Unmatched board
UEFI:
* fix the checking of images hashes and signatures
* provide the RISCV_EFI_BOOT_PROTOCOL
unmatched.rst describes booting from SD card or from SPI. But only for
booting from SPI the boot selection settings are described.
Add the missing information.
Fix a typo 'uSD'.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
This change contains update for doc/README.nokia_rx51 documentation file
with information how to load U-Boot image to device RAM without need to
flash it and also how to flash it into OneNAND via 0xFFFF flasher.
Signed-off-by: Pali Rohár <pali@kernel.org>
Since commit 25c5b65178 ("Nokia RX-51: Do not try calling both ext2load
and ext4load") command ext4load is used for all ext2/3/4 fs variants.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
This probably should have been done a while back since it is a core
system. Very few boards remain to be migrated.
Addd a migration deadline for a year out.
Signed-off-by: Simon Glass <sjg@chromium.org>
The build system already automatically looks for and includes an
in-tree *-u-boot.dtsi when building the control .dtb. However, there
are some things that are awkward to maintain in such an in-tree file,
most notably the metadata associated to public keys used for verified
boot.
The only "official" API to get that metadata into the .dtb is via
mkimage, as a side effect of building an actual signed image. But
there are multiple problems with that. First of all, the final U-Boot
(be it U-Boot proper or an SPL) image is built based on a binary
image, the .dtb, and possibly some other binary artifacts. So
modifying the .dtb after the build requires the meta-buildsystem
(Yocto, buildroot, whatnot) to know about and repeat some of the steps
that are already known to and handled by U-Boot's build system,
resulting in needless duplication of code. It's also somewhat annoying
and inconsistent to have a .dtb file in the build folder which is not
generated by the command listed in the corresponding .cmd file (that
of course applies to any generated file).
So the contents of the /signature node really needs to be baked into
the .dtb file when it is first created, which means providing the
relevant data in the form of a .dtsi file. One could in theory put
that data into the *-u-boot.dtsi file, but it's more convenient to be
able to provide it externally: For example, when developing for a
customer, it's common to use a set of dummy keys for development,
while the consultants do not (and should not) have access to the
actual keys used in production. For such a setup, it's easier if the
keys used are chosen via the meta-buildsystem and the path(s) patched
in during the configure step. And of course, nothing prevents anybody
from having DEVICE_TREE_INCLUDES point at files maintained in git, or
for that matter from including the public key metadata in the
*-u-boot.dtsi directly and ignore this feature.
There are other uses for this, e.g. in combination with ENV_IMPORT_FDT
it can be used for providing the contents of the /config/environment
node, so I don't want to tie this exclusively to use for verified
boot.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Fix doc formatting error (make htmldocs)
Signed-off-by: Simon Glass <sjg@chromium.org>
It is useful to be able to find out which boards define a particular
option, or combination of options. This is not as easy as grepping the
defconfig files since many options are implied by others.
Add a -f option to the moveconfig tool to permit this. Update the
documentation to cover this, including a better title for the doc page.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present the Python code in U-Boot is somewhat inconsistent, with some
files passing pylint quite cleanly and others not.
Add a way to track progress on this clean-up, by checking that no module
has got any worse as a result of changes.
This can be used with 'make pylint'.
Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Re-generate pylint.base]
This permits to prepare FIT image description that do not hard-code the
final choice of the signature algorithm, possibly requiring the user to
patch the sources.
When -o <algo> is specified, this information is used in favor of the
'algo' property in the signature node. Furthermore, that property is set
accordingly when writing the image.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Documentation:
* describe printf() format codes
UEFI
* enable more algorithms for UEFI image verification, e.g. SHA256-RSA2048
General
* simplify printing short texts for GUIDs
* provide a unit test for printing GUIDs
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmHoLnQACgkQxIHbvCwF
GsQ25Q/9G5REcgmo9Hjv+2ri3VJJueIGRL1QeXDl84TxUYgYAtHj7zo/YaeacHKB
RVBsQafU6vIuAq5YRJFKCSWCxjPJVUH9QO5QQz6RE14KoBh6OYUQP2wSf/+p6/sb
47wfVtyAUEpCEz60eDj5EWrSPpH78BNW7MmKoTZWSgE1APaBTAHw/Uo6tnb52Qsv
vQ73Q9R4s0hpsylVtmwIZ0udDcaJg3SQf/4glhnHxaUW/oMoRd0DU7Dnbbg2oxfd
Y03J0zarqAdIjzNvADnUz6Ei2+H1TrzRe9tzhuXRuseZdANrUnzDIe6bdz+RCmkl
sdBCmBDPoChosiAcaX9FkajaAi5XYpZ5Sitdpp9A8ZdVc0Lzr1XLbfLksJRM7WwM
jSP/JDAGYzJqL86C4hrx46aERUuXgywf/vSM7UoG5OxbtMa/AqbHuXMOnd4jXGYD
48fLlyMWlZ7+Kd4v3x9QlwSmM0LLsokn93JEWrJhJqFPzdHYUQifU2vlZmrJHWyS
BjzCJxu+rCmXBO6wlcAvsF9V/kx5IO3CKIGn24UUt/wjSBu4VDO5oSzVseJxPBIQ
vBV9qZfwKCk9U/F1VN43xvIKvcO+oK+pEE9FB5trffYGmHfSEmBwOq3LuHlyMpeJ
L+TrJUsZstFtx0ZBmVB3YuERusb2z+x1osnifGJvUHCLqjCgvl0=
=GoR6
-----END PGP SIGNATURE-----
Merge tag 'efi-2022-04-rc1-2' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2022-04-rc1-2
Documentation:
* describe printf() format codes
UEFI
* enable more algorithms for UEFI image verification, e.g. SHA256-RSA2048
General
* simplify printing short texts for GUIDs
* provide a unit test for printing GUIDs
Commit 98f705c9ce ("powerpc: remove 4xx support") removed (in 2017) the
last code that made use of bedbug debugger support. Since there aren't
any boards left that define either CONFIG_CMD_BEDBUG or a real
bedbug_init(), drop this feature from u-boot.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This will allow consumers to choose a pxe label at runtime instead of
having to prompt the user. One good use-case for this, is choosing
whether or not to apply a dtbo depending on the hardware configuration.
e.g: for TI's AM335x EVM, it would be convenient to apply a particular
dtbo only when the J9 jumper is on PRUSS mode. To achieve this, the
pxe menu should have 2 labels, one with the dtbo and the other without,
then the "pxe_label_override" env variable should point to the label with
the dtbo at runtime only when the jumper is on PRUSS mode.
This change can be used for different use-cases and bring more
flexibilty to consumers who use sysboot/pxe_utils.
if "pxe_label_override" is set but does not exist in the pxe menu,
the code should fallback to the default label if given, and no failure
is returned but rather a warning message.
Signed-off-by: Amjad Ouled-Ameur <aouledameur@baylibre.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
Correct Sphinx style comments in include/dm/fdtaddr.h
and add the devfdt API to the HTML documentation;
these functions are NOT compatible with live tree.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Correct Sphinx style comments in include/dm/ofnode.h
and add the device tree node API to the HTML documentation;
the ofnode functions are compatible with Live tree or with flat
device tree.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Correct Sphinx style comments in include/dm/read.h
and add the device read from device tree API to the HTML
documentation.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Correct Sphinx style comments in include/dm/devres.h
and add the driver model device resource API, devres_*(),
to the HTML documentation.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Correct Sphinx style comments in include/dm/device.h
and add the driver model device API to the HTML documentation.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Correct Sphinx style comments in include/dm/platdata.h
and add the associated API to the HTML documentation.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Correct Sphinx style comments in include/dm/lists.h
and add the list API to the HTML documentation.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Correct Sphinx style comments in include/dm/devres.h
and add the associated driver model API to the HTML documentation.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Correct Sphinx style comments in include/dm/uclass.h
and add the driver model UCLASS API to the HTML documentation.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The Juno Arm development board is an open, vendor-neutral, Armv8-A
development platform.
Add documentation that briefly outlines the hardware, and describes
building and installation of U-Boot.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
