A mix of signatures and hashes in db doesn't always work as intended.
Currently if the digest algorithm is not explicitly set to sha256 we
stop walking the security database and reject the image.
That's problematic in case we find and try to check a signature before
inspecting the sha256 hash. If the image is unsigned we will reject it
even if the digest matches.
Since we no longer reject the image on unknown algorithms add an explicit
check and reject the image if any other hash algorithm apart from sha256
is detected on dbx.
Suggested-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
On RISC-V a new UEFI protocol has been introduced. Support printing
its GUID using %pUs.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
This adds support for new RISCV_EFI_BOOT_PROTOCOL to
communicate the boot hart ID to bootloader/kernel on RISC-V
UEFI platforms.
The specification of the protocol is hosted at:
https://github.com/riscv-non-isa/riscv-uefi
Signed-off-by: Sunil V L <sunilvl@ventanamicro.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Abstract common routines to make the code easily understandable.
No functional change.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
All the error messages should be printed out to stderr.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
unmatched.rst describes booting from SD card or from SPI. But only for
booting from SPI the boot selection settings are described.
Add the missing information.
Fix a typo 'uSD'.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
This change contains update for doc/README.nokia_rx51 documentation file
with information how to load U-Boot image to device RAM without need to
flash it and also how to flash it into OneNAND via 0xFFFF flasher.
Signed-off-by: Pali Rohár <pali@kernel.org>
Since commit 25c5b65178 ("Nokia RX-51: Do not try calling both ext2load
and ext4load") command ext4load is used for all ext2/3/4 fs variants.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Having U-Boot look up the passed partition name even though an alias
exists is unexpected, leading to warning messages (when the alias name
doesn't exist as a real partition name) or the use of the wrong
partition.
Change part_get_info_by_name_or_alias() to consider real partitions
names only if no alias of the same name exists, allowing to use aliases
to override the configuration for existing partition names.
Also change one use of strcpy() to strlcpy().
Signed-off-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Reviewed-by: Sean Anderson <sean.anderson@seco.com>
In DFU v1.1 specification [1] the DFU_UPLOAD (Short Frame)
is handled only in dfuUPLOADIDLE state:
- Figure A.1 Interface state transition diagram
- the state description in chapter A.2
A.2.3 State 2 dfuIDLE
on Receipt of the DFU_UPLOAD request,and bitCanUpload = 1
the Next State is dfuUPLOADIDLE
A.2.10 State 9 dfuUPLOAD-IDLE
When the length of the data transferred by the device in response
to a DFU_UPLOAD request is less than wLength. (Short frame)
the Next State is dfuIDLE
In current code, when an UPLOAD is completely performed after the first
request (for example with wLength=200 and data read = 9), the DFU state
stay at dfuUPLOADIDLE until receiving a DFU_UPLOAD or a DFU_ABORT request
even it is unnecessary as the previous DFU_UPLOAD request already reached
the EOF.
This patch proposes to finish the DFU uploading (don't go to dfuUPLOADIDLE)
and completes the control-read operation (go to DFU_STATE_dfuIDLE) when
the first UPLOAD response has a short frame as an end of file (EOF)
indicator even if it is not explicitly allowed in the DFU specification
but this seems logical.
[1] https://www.usb.org/sites/default/files/DFU_1.1.pdf
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
In case CONFIG_FASTBOOT_FLASH_MMC_DEV == 0, compile-time condition
is not met and fastboot_set_reboot_flag() fails.
Fixes: a362ce214f ("fastboot: Implement generic fastboot_set_reboot_flag")
Signed-off-by: Roman Stratiienko <r.stratiienko@gmail.com>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
Tested-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
binman support for bintools (binary tools)
minor tools improvements in preparation for FDT signing
various minor fixes and improvements
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAmHyEeYRHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreYYlgf8C7tQVklXz9ZHhxVrFaPHWwgmBzEZJSrc
7SWhDX9yBrAYBUk8Q4OMnJz6nXW8Rz5Td9GfBNWcJag1HjJqno4BxkqwGk2tshgj
GIY0D1cGfKJzB4E6/rK/ETwmX4KVUyEf7S2IdJ0oydkn9t7OwDkUX5WtGXo70E7q
ZJGYlX5NQCVBRAF9NYDuyVFljrPzAiyT58VCtXY3q63C7PmRYvag8r56ug+8lkk3
9EbOTcwETqq9SbT1vucyBxwbUmoKhb2BF32jEcIhozowIM3GNsSpkdzQCUnylqfa
LYI/p0oVTKLfFRBRvQjLgdB/OQP8MLkby8A++Db2OW49mBXhn/5JWA==
=PdpE
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-26jan22' of https://source.denx.de/u-boot/custodians/u-boot-dm
acpi refactoring to allow non-x86 use
binman support for bintools (binary tools)
minor tools improvements in preparation for FDT signing
various minor fixes and improvements
Add support for CDC ACM using the new UDC and gadget API. This protocol
can be used for serial over USB data transfer and is widely supported
by various OS (GNU/Linux, MS-Windows, OSX...). The usual purpose of
such link is to access device debug console and can be useful for
products not exposing regular UART to the user.
A default stdio device named 'usbacm' is created, and can be used
to redirect console to USB link over CDC ACM:
> setenv stdin usbacm; setenv stdout usbacm
Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
It is currenly only used from usbtty driver but make it properly
selectable via Kconfig symbol, for future usage.
Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
This commit converts i.MX28's EHCI USB host driver to driver model
(DM_USB). It is a straightforward conversion (to reuse as much code
as possible), based on ehci-mx5.c code.
Signed-off-by: Lukasz Majewski <lukma@denx.de>
Those functions will be re-used when the ehci MXS driver (for imx28)
will be converted to also support CONFIG_DM_USB.
No functional changes introduced - only cosmetic changes (u32 type)
and alignment to pass checkpatch.
Signed-off-by: Lukasz Majewski <lukma@denx.de>
This function is going to be reused with the CONFIG_DM_USB enabled in
the imx28 mxs USB ehci driver.
No functional changes introduced.
Signed-off-by: Lukasz Majewski <lukma@denx.de>
At present mkimage displays the node information but it is not clear what
signing action was taken. Add a message that shows it. For now it only
supports showing a single signing action, since that is the common case.
Sample:
Signature written to 'sha1-basic/test.fit',
node '/configurations/conf-1/signature'
Public key written to 'sha1-basic/sandbox-u-boot.dtb',
node '/signature/key-dev'
Signed-off-by: Simon Glass <sjg@chromium.org>
Update the two functions that call add_verify_data() so that the caller
can see the node that was written to.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present we rely on the key blob being in the global_data fdt_blob
pointer. This is true in U-Boot but not with tools. For clarity, pass the
parameter around.
Signed-off-by: Simon Glass <sjg@chromium.org>
Put the parent node first in the parameters as this is more natural. Also
add a comment to explain what is going on.
Signed-off-by: Simon Glass <sjg@chromium.org>
We should be consistent in using the term 'signature' to describe a value
added to sign something and 'key' to describe the key that can be used to
verify the signature.
Tidy up the code to stick to this.
Add some comments to fit_config_verify_key() and its callers while we are
here.
Signed-off-by: Simon Glass <sjg@chromium.org>
The copyfile() implementation has strange behaviour if the destination
file already exists. Update it to ensure that any existing data in the
destination file is dropped.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add some more debugging to make it easier to see what is being tried and
what fails. Fix a few comment styles while here.
Signed-off-by: Simon Glass <sjg@chromium.org>
The definition of struct udphdr in include netinet/udp.h in the
musl library differs from the definition in the glibc library.
To use the same definition with musl the symbol _GNU_SOURCE has
to be defined.
Reported-by: Milan P. Stanić <mps@arvanta.net>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tested-by: Milan P. Stanić <mps@arvanta.net>
When building sandbox_defconfig with CONFIG_DM_VIDEO=n a link time error
occurs:
in function `sandbox_serial_pending':
drivers/serial/sandbox.c:101: undefined reference to `video_sync_all'
video_sync_all() is only defined if we have CONFIG_DM_VIDEO=y.
Calling this function in a serial driver looks quite hackish
but at least let's add the missing build constraint.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Each bintool has some documentation which can be useful for the user.
Add a new command that collects this and writes it into a .rst file.
Signed-off-by: Simon Glass <sjg@chromium.org>
Drop the unused gzip code, update comments and add a test for an
invalid algorithm. The temporary file is not needed now, so drop that
also.
Signed-off-by: Simon Glass <sjg@chromium.org>
Bintools can be missing, in which case binman continues operation but
reports an invalid image. Plumb in support for this and add tests for
entry types which use bintools.
Signed-off-by: Simon Glass <sjg@chromium.org>
Update the code to use this bintool, instead of running lzma_alone
directly. This simplifies the code and provides more consistency.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a Bintool for this, which is used to compress and decompress data.
It supports the features needed by binman as well as installing via the
lzma-alone package.
Signed-off-by: Simon Glass <sjg@chromium.org>
Update the code to use this bintool, instead of running lz4 directly. This
simplifies the code and provides more consistency.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a Bintool for this, which is used to compress and decompress data.
It supports the features needed by binman as well as installing via the
lz4 package.
Signed-off-by: Simon Glass <sjg@chromium.org>
The compression functions are not actually used by patman, so we don't
need then in the tools module. Also we want to change them to use
bintools, which patman will not support.
Move these into a new comp_util module, within binman.
Signed-off-by: Simon Glass <sjg@chromium.org>
Update the fit and mkimage entry types to use this bintool, instead of
running mkimage directly. This simplifies the code and provides more
consistency as well as supporting missing bintools.
Signed-off-by: Simon Glass <sjg@chromium.org>
Update the ifwi entry type to use this bintool, instead of running
ifwitool directly. This simplifies the code and provides more
consistency as well as supporting missing bintools.
Signed-off-by: Simon Glass <sjg@chromium.org>
