As discussed previously [1,2], the source command is not safe to use with
verified boot unless there is a key with required = "images" (which has its
own problems). This is because if such a key is absent, signatures are
verified but not required. It is assumed that configuration nodes will
provide the signature. Because the source command does not use
configurations to determine the image to source, effectively no
verification takes place.
To address this, allow specifying configuration nodes. We use the same
syntax as the bootm command (helpfully provided for us by fit_parse_conf).
By default, we first try the default config and then the default image. To
force using a config, # must be present in the command (e.g. `source
$loadaddr#my-conf`). For convenience, the config may be omitted, just like
the address may be (e.g. `source \#`). This also works for images
(`source :` behaves exactly like `source` currently does).
[1] https://lore.kernel.org/u-boot/7d711133-d513-5bcb-52f2-a9dbaa9eeded@prevas.dk/
[2] https://lore.kernel.org/u-boot/042dcb34-f85f-351e-1b0e-513f89005fdd@gmail.com/
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This simplifies a few lines and corrects an error message.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Two callers of image_source_script specify an image name. However, both
use the deprecated @ syntax, indicating that they have not been updated
in a while. If CONFIG_FIT_SIGNATURE is enabled, we will reject such
names outright. Back in commit 152576a598 ("stm32mp: stm32prog: handle
U-Boot script in flashlayout alternate"), we even renamed one of the
nodes. Instead of hard-coding a script image name, just use the default
image.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
This adds a basic test for FIT image handling by the source command.
It's a python test becase we need to run mkimage.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a fallback for this function so it can be used without regard to
whether FIT_SIGNATURE is enabled or not.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Documentation:
* Reorganize existing TI docs and add K3 generation page
* Add texinfodocs and infodocs targets
* Update qemu-ppce500 documentation
* Use "changesets" not "csets" in statistics pages
UEFI
* Fix merging of preseeded non-volatile variables
* Fix a return value in the EFI_HII_DATABASE_PROTOCOL
* Set UEFI specification version to 2.10
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmOtm18ACgkQxIHbvCwF
GsQMJQ//Zfr8kaJQbHRBcA/20LvdMuJj5l1IBW3sQbfr2jRztrkA/Ea23k4T8lHK
f+Ty1CGDPi5LtdIKrDJDxNF1KDFOUIGgBZ4i+ISoLPazCj9Cug/58GCZM/htO25/
sFqojKNUVYOLBZ/D3PZBDU42hWTH0do1MwyUNuwVu0KPe6uwUrMFRBcSddXQw77r
45iotAPe54hL7lzcNfEJSjeSSZ0CfGAsE+8ZN2r7xBTcU2ACOD6DbcCQgeR8FGEv
CwzKU/3wKNLtonxfFmK44FI6knIxl/B3HKzi82gBDOmvlB4bmB8X+CK82WvJ+Q+j
9H/6bqj6ZaEKkJ7k1KbhR/cf6Z4QbRwScb82H2YfhjhiAj6UeoPCTI6lgx7WGkxW
DP8wNej0kE0wxWuoiay5ErRU17hPItpwQIbrCBMpnJrEPTour6yjGpJYcbUeGqW2
5gw++0rsyn1rOlH/+ukK0Gzq6DSUE9LuCnl76qG6Vwyuj1e1JO2G9Sr/rxiX5XDx
5h/LoVmhD2yYSSG7MtKNlj38yfnOu1267PSWvQYyLs9XKSnhecT/N4OKMwTmEe1o
VO8MapuUaw2mzO3NzlDLKXHzMavN2ov+YWWA+9NiFiytjXFvOsPnMVZJXeR86RI/
Npeu+7jIbQOtSFDQyuV0tGXGZSY5F5WHsXFdwJHkFQGSYhWDwXU=
=z7b8
-----END PGP SIGNATURE-----
Merge tag 'efi-2023-01-rc5-2' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2023-01-rc5-2
Documentation:
* Reorganize existing TI docs and add K3 generation page
* Add texinfodocs and infodocs targets
* Update qemu-ppce500 documentation
* Use "changesets" not "csets" in statistics pages
UEFI
* Fix merging of preseeded non-volatile variables
* Fix a return value in the EFI_HII_DATABASE_PROTOCOL
* Set UEFI specification version to 2.10
In 96699f097a ("powerpc: mpc85xx: Use binman to embed dtb inside
U-Boot") we introduce CONFIG_MPC85XX_HAVE_RESET_VECTOR and do so via
Kconfig. However, much later in de47ff5363 ("Convert
CONFIG_SYS_MPC85XX_NO_RESETVEC to Kconfig") I converted the symbol that
is the inverse of this to Kconfig. This should have included a
dependency on the first symbol as they are logically opposite.
The dependency being missing lead to some platforms being broken at
runtime due to discarding the require reset vector.
Fixes: de47ff5363 ("Convert CONFIG_SYS_MPC85XX_NO_RESETVEC to Kconfig")
Reported-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Tested-by: Pali Rohár <pali@kernel.org>
When converting CONFIG_SDCARD and CONFIG_SPIFLASH to Kconfig, one set of
uses wasn't converted correctly. Allow for the case where platforms
don't rely on "PBL" to boot but instead use other mechanisms. See the
link below for more details.
Link: https://lore.kernel.org/all/20220802091338.f4g45ldhc7qbg6hm@pali/
Fixes: d433c74eec ("Convert CONFIG_SDCARD et al to Kconfig")
Tested-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
The wget command uses TCP, but fails to select PROT_TCP in Kconfig.
Instead it selects the non-existing symbol TCP. Fix the typo.
Signed-off-by: Michael Walle <michael@walle.cc>
The compiler complains about the missing declaration of print_size():
net/wget.c:415:3: warning: implicit declaration of function ‘print_size’ [-Wimplicit-function-declaration]
Fix it.
Signed-off-by: Michael Walle <michael@walle.cc>
The rockchip job is getting close to the hard time limit in Azure for
the free tier. Split this in to 32bit and 64bit board jobs.
Signed-off-by: Tom Rini <trini@konsulko.com>
When the efi subsystem starts we restore variables that are both in a
file or stored into the .efi_runtime section of U-Boot. However once
a variable gets created or changed the preseeded entries will end up in
the file. As a consequence on the next boot we will end up adding
identical variable entries twice.
Fix this by checking if the to be inserted variable already exists.
Also swap the restoration order and start with the file instead of the
builtin variables, so a user can replace the preseeded ones if needed.
Tested-by: Leo Yan <leo.yan@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
It is volatile variables that we do not allow to be restored from file.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
For the 64bit EFI binaries that we create set the
IMAGE_FILE_LARGE_ADDRESS_AWARE characteristic in the PE-COFF header
to indicate that they can handle addresses above 2 GiB.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
When the HII protocol function get_package_list_handle() is called with an
invalid package list handle, it returns EFI_NOT_FOUND but this is not in
its list of possible status codes as per the EFI specification.
Return EFI_INVALID_PARAMETER instead to fix conformance.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
To make things more human readable, say "changesets from" rather than
"csets from" in all our historical pages here. Moving forward this has
been changed in our gitdm with b034e399e31a ("gitdm: fix typo csets").
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Sphinx supports generating Texinfo sources and Info documentation,
which can be navigated easily and is convenient to search (via the
indexed nodes or anchors, for example). This is basically the same as
1f050e904dd6f2955eecbd22031d912ccb2e7683, which was recently applied
to the Linux kernel.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
qemu can emulate also e500v1 core but cannot emulate CPUs from Freescale
PowerPC QorIQ T and P series.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Texas Instrument's entire K3 generation of SoCs use much of the same
frameworks and boot flow, especially at the uboot level. Though there
are small differences introduced as each new K3 based SoC is developed
and as the K3 generation matures that will also need to be documented.
Rather than copying the same documentation, with the small differences
applicable to that specific SoC to a new page, introduce a new K3
page that can describe the general boot flow and design decisions for
the entire K3 generation of chips, leaving the specifics for that
particular SoC to a unique sub-page below this one.
Signed-off-by: Bryan Brattlof <bb@ti.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Texas Instruments produces quite a lot of SoCs based upon a common
architecture 'generation'. (eg: OMAP, K3) TI's existing documentation
layout makes noticing this generation jump rather difficult.
To make navigation easier, split the existing documentation into
individual SoC families so we may begin grouping them according to their
generational (eg: OMAP, K3) families.
Signed-off-by: Bryan Brattlof <bb@ti.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
- Bring in the final series to complete the main portion of migrating
CONFIG symbols to either Kconfig or CFG namespace (or removing /
renaming entirely). With this, we have stricter CI tests as well now.
We ask for CONFIG_SPL_LOAD_FIT_ADDRESS in Kconfig, so we cannot define
it in C as a fall-back. However, this option previously was buried under
"if ... endif" Kconfig logic. Rework a number of config options to now
have more robust dependency lines so that we can ask this address when
needed. With that done, we can remove the fallback in spl_ram.c.
Signed-off-by: Tom Rini <trini@konsulko.com>
This value is never changed by boards, so just rename it to
SPI_IDLE_VAL to fit with the rest of the code.
Signed-off-by: Tom Rini <trini@konsulko.com>
We rename the symbol CONFIG_SEND_ENABLE to just SEND_ENABLE, and remove
the second whitespace following the define.
Signed-off-by: Tom Rini <trini@konsulko.com>
At this point all listed adhoc CONFIG symbols have been migrated to
Kconfig or removed from the tree or renamed to CFG (or similar). We also
now have CI tests that will error on any new introductions, and
checkpatch.pl also looks. We can now remove these hooks and related
scripts.
Signed-off-by: Tom Rini <trini@konsulko.com>
Now that all symbols have been migrated to Kconfig, or are part of the
CFG namespace we do not need a complex check for unmigrated CONFIG
symbols. Any instance of #define (or #undef) or a CONFIG value is wrong,
so cause CI to fail.
This test is not as strict as possible yet as we have more symbols that
were not previously caught to deal with.
Signed-off-by: Tom Rini <trini@konsulko.com>
Now that all CONFIG symbols are in Kconfig, checkpatch.pl should check
for and error on any case of define/undef CONFIG_*.
Signed-off-by: Tom Rini <trini@konsulko.com>
At this point in the conversion there should be no need to have logic to
disable some symbol during the SPL build as all symbols should have an
SPL counterpart.
The main real changes done here are that we now must make proper use of
CONFIG_IS_ENABLED(DM_SERIAL) rather than many of the odd tricks we
developed prior to CONFIG_IS_ENABLED() being available.
Signed-off-by: Tom Rini <trini@konsulko.com>
A number of CONFIG symbols have crept in that are never referenced in
code, so drop them here. Further, we have two symbols being enabled
in headers while already enabled correctly in Kconfig, so these lines
can also be removed.
Signed-off-by: Tom Rini <trini@konsulko.com>
Rename the CONFIG_POWER_BD71837_I2C_* symbols to not have the CONFIG
prefix and be local to the file they are used in.
Signed-off-by: Tom Rini <trini@konsulko.com>
Perform simple renames of:
CONFIG_WATCHDOG_PRESC to CFG_WATCHDOG_PRESC
CONFIG_WATCHDOG_RC to CFG_WATCHDOG_RC
Signed-off-by: Tom Rini <trini@konsulko.com>
Perform simple renames of:
CONFIG_VSC7385_IMAGE to CFG_VSC7385_IMAGE
CONFIG_VSC7385_IMAGE_SIZE to CFG_VSC7385_IMAGE_SIZE
Signed-off-by: Tom Rini <trini@konsulko.com>