rsa_verify() expects a memory region and wants to do the hashing itself,
but there may be cases where the hashing is done via other means,
like hashing a squashfs rootfs.
So add rsa_verify_hash() to allow verifiying a signature against
an existing hash. As this entails the same verification routines
we can just move the relevant code over from rsa_verify() and also
call rsa_verify_hash() from there.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
It is useful to be able to find hex values and strings in a memory range.
Add a command to support this.
cmd: Fix 'md' and add a memory-search command
At present 'md.q' is broken. This series provides a fix for this. It also
implements a new memory-search command called 'ms'. It allows searching
memory for hex and string data.
END
Signed-off-by: Simon Glass <sjg@chromium.org>
This is defined only when __lp64__ is defined. That means that ulong is
64 bits long. Therefore we don't need to use a separate u64 type on those
architectures.
Fix up the code to take advantage of that, removing the preprocessor
conditions.
Also include the header file that defines MEM_SUPPORT_64BIT_DATA. It is
included by env.h in this file, but that might not last forever.
Signed-off-by: Simon Glass <sjg@chromium.org>
This is defined only when __lp64__ is defined. That means that ulong is
64 bits long. Therefore we don't need to use a separate u64 type on those
architectures.
Fix up the code to take advantage of that, removing the preprocessor
conditions.
Also include the missing header file that defines MEM_SUPPORT_64BIT_DATA
Fixes: 0914011310 ("command: Remove the cmd_tbl_t typedef")
Signed-off-by: Simon Glass <sjg@chromium.org>
This is defined only when __lp64__ is defined. That means that ulong is
64 bits long. Therefore we don't need to use a separate u64 type on those
architectures.
Fix up the code to take advantage of that, removing the preprocessor
conditions.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stefan Roese <sr@denx.de>
It is a bit painful to have #ifdefs in the middle of the help for each
command. Add a macro to avoid this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Define this macro always so we don't need the preprocessor to check it.
Convert the users to #if instead of #ifdef.
Note that '#if MEM_SUPPORT_64BIT_DATA' does not give an error if the
macro is not define. It just assumes zero.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Replacing the ret variable with err and handling first the error
condition about the value returned by the spl_nand_fit_read routine,
improves the code readability.
Furthermore, the 'else' int the 'else return ret' instruction was
useless.
cc: Michael Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Dario Binacchi <dariobin@libero.it>
The offset at which the image to be loaded from NAND is located is
retrieved from the itb header. The presence of bad blocks in the area
of the NAND where the itb image is located could invalidate the offset
which must therefore be adjusted taking into account the state of the
sectors concerned.
cc: Michael Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Dario Binacchi <dariobin@libero.it>
Reviewed-by: Michael Trimarchi <michael@amarulasolutions.com>
If uboot does not embed its device tree and the FIT loading function
returns error in case of failure in the FDT append, the redundant itb
image could be loaded.
cc: Michael Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Dario Binacchi <dariobin@libero.it>
Reviewed-by: Michael Trimarchi <michael@amarulasolutions.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Verifying FIT images obviously needs the rsa parts of crypto
support and while main uboot always compiles crypto support,
it's optional for SPL and we should thus select the necessary
option to not end up in compile errors like:
u-boot/lib/rsa/rsa-verify.c:328: undefined reference to `rsa_mod_exp'
So select SPL_CRYPTO_SUPPORT in SPL_FIT_SIGNATURE.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
rsa-checsum needs support for hash functions or else will run into
compile errors like:
u-boot/lib/rsa/rsa-checksum.c:28: undefined reference to `hash_progressive_lookup_algo'
So similar to the main FIT_SIGNATURE entry selects HASH,
select SPL_HASH_SUPPORT for SPL_FIT_SIGNATURE.
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
padding_pss_verify only works with the default pss salt setting of -2
(length to be automatically determined based on the PSS block structure)
not -1 (salt length set to the maximum permissible value), which makes
verifications of signatures with that saltlen fail.
Until this gets implemented at least document this behaviour.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
n, rr and rrtmp are used for internal calculations, but in the end
the results are copied into separately allocated elements of the
actual key_prop, so the n, rr and rrtmp elements are not used anymore
when returning from the function and should of course be freed.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When calculating rrtmp/rr rsa_gen_key_prop() tries to make
(((rlen + 31) >> 5) + 1) steps in the rr uint32_t array and
(((rlen + 7) >> 3) + 1) / 4 steps in uint32_t rrtmp[]
with rlen being num_bits * 2
On a 4096bit key this comes down to to 257 uint32_t elements
in rr and 256 elements in rrtmp but with the current allocation
rr and rrtmp only have 129 uint32_t elements.
On 2048bit keys this works by chance as the defined max_rsa_size=4096
allocates a suitable number of elements, but with an actual 4096bit key
this results in other memory parts getting overwritten.
So as suggested by Heinrich Schuchardt just use the actual bit-size
of the key as base for the size calculation, in turn making the code
compatible to any future keysizes.
Suggested-by: Heinrich Schuchardt <xypron.debian@gmx.de>
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
rrtmp needs 2 + (((*prop)->num_bits * 2) >> 5) array elements.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The exponent field of struct key_prop gets allocated an uint64_t,
and the contents are positioned from the back, so an exponent of
"0x01 0x00 0x01" becomes 0x0 0x0 0x0 0x0 0x0 0x1 0x0 0x1"
Right now rsa_gen_key_prop() allocates a uint64_t but sets exp_len
to the size returned from the parser, while on the other hand the
when getting the key from the devicetree exp_len always gets set to
sizeof(uint64_t).
So bring that in line with the established code.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Right now in multiple places there are only checks for the full
CONFIG_RSA_VERIFY_WITH_PKEY option, not split into main,spl,tpl variants.
This breaks when the rsa functions get enabled for SPL, for example to
verify u-boot proper from spl.
So fix this by using the existing helpers to distinguis between
build-steps.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
While the SPL may want to do signature checking this won't be
the case for TPL in all cases, as TPL is mostly used when the
amount of initial memory is not enough for a full SPL.
So on a system where SPL uses DM but TPL does not we currently
end up with a TPL compile error of:
lib/rsa/rsa-verify.c:48:25: error: dereferencing pointer to incomplete type ‘struct checksum_algo’
To prevent that change the $(SPL_) to $(SPL_TPL_) to distinguish
between both. If someone really needs FIT signature checking in
TPL as well, a new TPL_RSA_VERIFY config symbol needs to be added.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Even in boot scripts it may be needed to "panic" when all options
are exhausted and the device specification specifies hanging
instead of resetting the board.
So add a new panic command that just wraps around the core panic
call in U-Boot and can take an optional message.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add linefeeds before and after the announce string. This makes the
output easier to read, especially if some text follows the announce
message without a specific additional CR.
Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
tpm_tis_spi.c directly includes tpm_tis.h and tpm-v2.h which both
define the same enums (see e.g. TPM_ACCESS_VALID). Add an #ifndef to
prevent redeclaration errors.
Signed-off-by: Johannes Holland <johannes.holland@infineon.com>
This solves a compatibility issue with Linux device trees
that contain TPMv2.x hardware. So it's easier to import DTS
from upstream kernel when migrating board init from C code
to DTS.
The issue is that fallback binding is different between Linux
and u-Boot.
Linux: "tcg,tpm_tis-spi"
U-Boot: "tis,tpm2-spi"
As there are currently no in-tree users of the U-Boot binding,
it makes sense to use Linux fallback binding.
Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
commit 2bd261dd17 ("gpio: search for gpio label if gpio is not found through bank name")
disabled DM_GPIO_LOOKUP_LABEL which is needed
in sandbox defconfigs, as we have tests for this
functionality.
Signed-off-by: Heiko Schocher <hs@denx.de>
The PHY needs a reset in order to be functionnal for U-Boot, add the old
PHY reset bindings for dwmac until we support the new bindings in the PHY node.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Tested-by: Anand Moon <linux.amoon@gmail.com>
Odroid C4 is an Amlogic SM1 device, the board config and board documentation
are adapted from the Odroid-N2 support from the same vendor.
Signed-off-by: Christian Hewitt <christianshewitt@gmail.com>
[narmstrong: fix odroid-c4.rst typos and structure]
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Tested-by: Anand Moon <linux.amoon@gmail.com>
This imports the changes and the new Odroid-C4 board from the Linux
commit b3a9e3b9622a ("Linux 5.8-rc1").
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Tested-by: Anand Moon <linux.amoon@gmail.com>
Add a proper Odroid-N2 board support to handle the Ethernet MAC
address stored in the in-SoC eFuses.
Signed-off-by: Pascal Vizeli <pvizeli@syshack.ch>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Tested-by: Anand Moon <linux.amoon@gmail.com>
The ARM Juno boards (-r1 and -r2) feature a Silicon Image 3132 PCIe
SATA controller soldered on the board, providing two SATA ports.
Enable the driver and the sata command in the defconfig, to be able to
load images from SATA disks.
Tested by loading kernels and Grub/EFI from an SSD and successfully
booting a Linux system (with and without using UEFI).
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
The ARM Juno boards in their -r1 and -r2 variants sport a PCIe
controller, which we configure already in board specific code to be ECAM
compliant. Hence we can just enable the generic ECAM driver to let
U-Boot use PCIe devices.
Add the respective options to the Juno defconfig to enable the PCI
framework and the generic ECAM driver, and initialise the driver upon
loading U-Boot.
Make some functions in the Juno PCIe init code static on the way.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Even though the sata_sil driver was converted over to the driver model,
it still assumed that the PCI controller is using the legacy interface.
Allow the "devno" member to be a struct udevice pointer and use
DM_PCI_COMPAT to covert the rest of the interface.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
The smc911X driver is now DM enabled, so we can switch the Juno board
over to use DM_ETH for the on-board Fast Ethernet device.
Works out of the box by using the DT.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
When compiled as a DM_ETH driver, the scm911x driver was reading the MAC
address from the optional EEPROM storage, but failed to copy this to the
platdata struct. Since it was also missing a definition of the
read_rom_hwaddr() function, the generic Ethernet code was dismissing
this MAC address, falling back to a random address or denying to start
at all.
Add an implementation of .read_rom_hwaddr, and refactor the function
reading the ROM address to be called by all interested parties.
This fixes MAC address issues when using the driver in DM_ETH "mode".
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-By: Ramon Fried <rfried.dev@gmail.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Similar to patch 821fec0ceb ("net: remove scary warning about EEPROM
provided MAC address") this removes the somewhat awkward "warning" on
boards using DM_ETH:
In many parts of the computing world having a unique MAC address
sitting in some on-NIC storage is considered the normal case.
If there is a properly provided MAC address (either from ROM or from DT),
remove the warning to not scare the user unnecessarily.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-By: Ramon Fried <rfried.dev@gmail.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
The arch timer on 64-bit Arm Ltd. platforms is driven by a 24 MHz
crystal oscillator, so the frequency is not 25165824 MHz, as the current
code suggests.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Compiling with clang on ARMv8 shows errors like:
./arch/arm/include/asm/system.h:162:32: note: use constraint modifier "w"
asm volatile("msr sctlr_el1, %0" : : "r" (val) : "cc");
^~
%w0
These errors are due to using an incorrect size for the variables used
for writing to and reading from special registers which have 64 bits on
ARMv8.
Mask off reserved bits when reading the exception level.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
On ARM systems gd is stored in register r9 or x18. When compiling with
clang gd is defined as a macro calling function gd_ptr(). So we can not
make assignments to gd.
Use function set_gd() for setting the register on ARM.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Truncate file names if the buffer size is exceeded to avoid a buffer
overflow.
Use Sphinx style function description.
Add a TODO comment.
Reported-by: CID 303779
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
make the sleep time and the margin configurable.
Signed-off-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stephen Warren <swarren@nvidia.com>
dm_gpio_lookup_name() searches for a gpio through
the bank name. But we have also gpio labels, and it
makes sense to search for a gpio also in the labels
we have defined, if no gpio is found through the
bank name definition.
This is useful for example if you have a wp pin on
different gpios on different board versions.
If dm_gpio_lookup_name() searches also for the gpio labels,
you can give the gpio an unique label name and search
for this label, and do not need to differ between
board revisions.
Signed-off-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: Don't enable by default]
Signed-off-by: Tom Rini <trini@konsulko.com>
This patch adds MAC and PHY related configs (needed for proper
ethernet operations) for Action Semi S700 SoC.
Signed-off-by: Amit Singh Tomar <amittomer25@gmail.com>
This patch selects CONFIG_DM_ETH (ethernet driver is base on DM model)
for Action semi owl SoC.
Signed-off-by: Amit Singh Tomar <amittomer25@gmail.com>
This patch adds node for ethernet controller found on Action Semi OWL
S700 SoC.
Since, there is no upstream Linux binding exist for S700 ethernet
controller, Changes are put in u-boot specific dtsi file.
Signed-off-by: Amit Singh Tomar <amittomer25@gmail.com>
This patchs adds glue logic to enable designware mac present on
Action Semi based S700 SoC, Configures SoC specific bits.
Undocumented bit that programs the PHY interface select register
comes from vendor source.
It has been tested on Cubieboard7-lite based on S700 SoC.
Signed-off-by: Amit Singh Tomar <amittomer25@gmail.com>