(Description from AKASHI Takahiro)
extend rsa_verify() for UEFI secure boot:
The current rsa_verify() requires five parameters for a RSA public key
for efficiency while RSA, in theory, requires only two. In addition,
those parameters are expected to come from FIT image.
So this function won't fit very well when we want to use it for the
purpose of implementing UEFI secure boot, in particular, image
authentication as well as variable authentication, where the essential
two parameters are set to be retrieved from one of X509 certificates in
signature database.
So, in this patch, additional three parameters will be calculated on the
fly when rsa_verify() is called without fdt which should contain
parameters above.
This calculation heavily relies on "big-number (or multi-precision)
library." Therefore some routines from BearSSL under MIT license are
imported in this implementation.
We want to always run RSA library test on sandbox build in Travis CI.
Just adding CONFIG_RSA_VERIFY_WITH_PKEY would be good enough for this
purpose.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
In this patch, a very simple test is added to verify that rsa_verify()
using rsa_verify_with_pkey() work correctly.
To keep the code simple, all the test data, either public key and
verified binary data, are embedded in the source.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
This function, and hence rsa_verify(), will perform RSA verification
with two essential parameters for a RSA public key in contract of
rsa_verify_with_keynode(), which requires additional three parameters
stored in FIT image.
It will be used in implementing UEFI secure boot, i.e. image authentication
and variable authentication.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
In the current implementation of FIT_SIGNATURE, five parameters for
a RSA public key are required while only two of them are essential.
(See rsa-mod-exp.h and uImage.FIT/signature.txt)
This is a result of considering relatively limited computer power
and resources on embedded systems, while such a assumption may not
be quite practical for other use cases.
In this patch, added is a function, rsa_gen_key_prop(), which will
generate additional parameters for other uses, in particular
UEFI secure boot, on the fly.
Note: the current code uses some "big number" routines from BearSSL
for the calculation.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
For FIT verification, all the properties of a public key come from
"control fdt" pointed to by fdt_blob. In UEFI secure boot, on the other
hand, a public key is located and retrieved from dedicated signature
database stored as UEFI variables.
Added two fields may hold values of a public key if fdt_blob is NULL, and
will be used in rsa_verify_with_pkey() to verify a signature in UEFI
sub-system.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY,
rsa_verify() will be extended to be able to perform RSA decryption without
additional RSA key properties from FIT image, i.e. rr and n0inv.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building
RSA functions from FIT verification and allow for adding a RSA-based
signature verification for other file formats, in particular PE file
for UEFI secure boot.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
On Feb. 16, 2020, Tom reported [1] build failure of U-Boot in-tree
tooling after applying https://patchwork.ozlabs.org/cover/1229663/
("[v6,0/7] rsa: extend rsa_verify() for UEFI secure boot").
Later on, Heinrich stressed the urgency of the issue in
https://patchwork.ozlabs.org/patch/1250858/#2379069:
>>>>>>>>>
We should finalize the topic as it stops EFI patches from being merged
>>>>>>>>>
On the surface, the problem is caused by U-Boot commits [2-3], which
employed 'u32' in 'include/image.h', while historically U-Boot tooling
stayed agnostic on the {u,s}{8,16,32} types.
Thanks to Tom, Yamada-san and Heinrich, the following solutions have
been put head-to-head ('+' pros, '-' cons):
A. Use an equivalent fixed-size type, i.e. s/u32/uint32_t/ in both
android function prototypes (image.h) and definitions (c file):
+ quick and low-line-count
- creates a 'soup' of fixed-sized types in the Android C file
- will confuse contributors
- is going against Linux kernel best practices [4]
B. Guard Android functions by '!defined(USE_HOSTCC)' in image.h:
+ quick and low-line-count
+ reflects the reality (no android function is used by tooling)
+ zero impact on other subsystems
- ifdeffery may look annoying (pre-existing problem of image.h)
C. Make {u8,u16,u32} available in U-Boot tooling:
+ quick and low-line-count
+ [Yamada-san][5]:
* forbidding u32 for tools is questionable to me
* Linux kernel and Barebox use {u8,u16,u32} for the tools space
- breaks U-Boot tradition?
- has larger impact than [A] and [B]
- adds type complexity/inconsistency in the tooling space
D. [Yamada-san] Refactor the headers to minimize the code shared
between U-Boot space and tooling space:
+ probably the long-term solution
- high effort
- can be seen/done as an incremental update on top of [B]
Looking at the above, [B] looks like the natural way to go forward.
[1] https://patchwork.ozlabs.org/patch/1238245/#2363052
[2] commit 7f2531502c ("image: android: Add routine to get dtbo params")
[3] commit c3bfad825a ("image: android: Add functions for handling dtb field")
[4] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6176fa4728fb6d
("checkpatch: add --strict warning for c99 fixed size typedefs : int<size>_t")
[5] https://patchwork.ozlabs.org/patch/1238245/#2363340
Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Sam Protsenko <joe.skb7@gmail.com>
Cc: Lokesh Vutla <lokeshvutla@ti.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reported-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Tested-by: Heinrich Schuchardt <xpyron.glpk@gmx.de>
Add a separate function for printing sysfw version so that it can be
called independently of k3_sysfw_loader.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Additions have been made to the non-HS defconfig without the same
being made to the HS defconfig, sync them.
Signed-off-by: Andrew F. Davis <afd@ti.com>
The binman-option BINMAN_FDT is introduced by this commit:
commit 3c10dc95bd ("binman: Add a library to access binman entries")
BINMAN_FDT being selected when BINMAN=y that resulting in mt7623
and mt7622 are unable to boot. The root cause of this issue is commit:
commit cbd2fba1ec ("arm: MediaTek: add basic support for MT7629 boards")
select BINMAN=y in all mediatek SoCs, and others mediatek SoCs not
expect to use BINMAN_FDT.
This patch remove BINMAN=y option when ARCH_MEDIATEK=y and
move this to the specify SoCs part config.
Signed-off-by: Sam Shih <sam.shih@mediatek.com>
Tested-by: Frank Wunderlich <frank-w@public-files.de>
Currently when booting the kernel on i.MX8 U-Boot hangs in an
endless loop when switching off dma, connectivity or lsio power
domains during device removal. It hapens first when removing
gpio0 (gpio@5d080000) device, here its power domain device
'lsio_gpio0' is obtained for switching off power. Since the
obtained 'lsio_gpio0' device is removed afterwards, its power
domain is also switched off and here the parent power domain
device 'lsio_power_domain' is optained for switching off the
power. Thereafter, when the obtained 'lsio_power_domain' is
removed, device_remove() removes its first child 'lsio_gpio0'.
During this child removal the 'lsio_power_domain' device is
obtained again for switching and when removing it later,
the same child removal is repeated, so we are stuck in an
endless loop. Below is a snippet from dm tree on i.MX8QXP
for better illustration of the DM devices relationship:
Class Index Probed Driver Name
-----------------------------------------------------------
root 0 [ + ] root_driver root_driver
...
simple_bus 0 [ + ] generic_simple_bus |-- imx8qx-pm
power_doma 0 [ + ] imx8_power_domain | |-- lsio_power_domain
power_doma 1 [ + ] imx8_power_domain | | |-- lsio_gpio0
power_doma 2 [ + ] imx8_power_domain | | |-- lsio_gpio1
Do not remove a power domain device if it is a parent of the
currently controlled device.
Fixes: 52edfed65d ("dm: core: device: switch off power domain after device removal")
Signed-off-by: Anatolij Gustschin <agust@denx.de>
Reported-by: Oliver Graute <oliver.graute@gmail.com>
Reported-by: Fabio Estevam <festevam@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Tested-by: Fabio Estevam <festevam@gmail.com>
-----BEGIN PGP SIGNATURE-----
iQFQBAABCgA6FiEEqxhEmNJ6d7ZdeFLIHrMeAg6sL8gFAl5nWr8cHGV1Z2VuLmhy
aXN0ZXZAbWljcm9jaGlwLmNvbQAKCRAesx4CDqwvyGaOCACkavhqX4EP1FeRDX7m
Uujnacekt0y0uC54aGqBZ2u8Y+iwFza7rd4RcWOAx1pHq1QggAF+h5So8cOfSjpD
6Uad4ql0EOYuH5xcFYCzmEmOMj25DrIZ0F+nPnxhdK0novBrUO8QD2v4r8TgrcWs
dFxe7RCvop4I54Bq14LzZsCozlYEqHaf5E3fSas2LVeDIBrkzGh6pYhWM62FFRuy
71kIC+y9pfRPXaeiOSDp1ZqPkzQA8xw5AWAx4TCmTZ1DjLLBAoRbe0Iv9fseHct0
BFGD4+G1g0GfrNrjAG2OPAePDXq+6fmoAZFbkDGeoFwGnZXhxEnVnN4w5t+Hl0H4
82tF
=eO+8
-----END PGP SIGNATURE-----
Merge tag 'u-boot-atmel-fixes-2020.04-a' of https://gitlab.denx.de/u-boot/custodians/u-boot-atmel
First set of u-boot-atmel fixes for 2020.04 cycle:
- Includes two small configuration fixes that will solve the SPL booting
on sama5d3_xplained board.
This fixes the following warning:
===================== WARNING ======================
This board does not use CONFIG_DM_ETH (Driver Model
for Ethernet drivers). Please update the board to use
CONFIG_DM_ETH before the v2020.07 release. Failure to
update by the deadline may result in board removal.
See doc/driver-model/migration.rst for more info.
====================================================
Signed-off-by: Pedro Jardim <jardim.c.pedro@gmail.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
This fixes the following warning:
===================== WARNING ======================
This board does not use CONFIG_DM_ETH (Driver Model
for Ethernet drivers). Please update the board to use
CONFIG_DM_ETH before the v2020.07 release. Failure to
update by the deadline may result in board removal.
See doc/driver-model/migration.rst for more info.
====================================================
Signed-off-by: Pedro Jardim <jardim.c.pedro@gmail.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Booting a mainline kernel in secure mode on i.MX7D causes only
one CPU to be brought up.
Change it to booting in non secure mode by default, which
allows the two CPUs to be brought up.
It does have a side effect of not probing the CAAM driver.
If CAAM driver is needed then a secure world OS such as OPTEE needs
to be used.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Set CONFIG_SYS_BOOTMAPSZ to the amount of memory available which is needed
to relocate the kernel, device tree and initrd.
Remove 'fdt_high' and 'initrd_high' environment variables from default
environment which prevents relocation of FDT and initrd.
Signed-off-by: Oliver Graute <oliver.graute@kococonnector.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Ye Li <ye.li@nxp.com>
Cc: uboot-imx <uboot-imx@nxp.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Instead of resetting the ethernet phy through functions in imx8mq_evk.c, let the
driver reset the phy via dts description adding a reset duration of 10 ms
following atheros 8031's datasheet recommendation.
Signed-off-by: Alifer Moraes <alifer.wsdm@gmail.com>
Convert imx6sabresd ethernet to driver model to fix the following warning:
===================== WARNING ======================
This board does not use CONFIG_DM_ETH (Driver Model
for Ethernet drivers). Please update the board to use
CONFIG_DM_ETH before the v2020.07 release. Failure to
update by the deadline may result in board removal.
See doc/driver-model/migration.rst for more info.
====================================================
Signed-off-by: Alifer Moraes <alifer.wsdm@gmail.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Uboot size is incorrect.
Uboot SPL use CONFIG_SYS_MONITOR_LEN to read uboot from NAND : 0x80000
With sama5d3_xplained_nandflash_defconfig : u-boot.bin size is ~800Ko 0xC0000
So I increased size to 1MB : 0x100000
Signed-off-by: Fabien Lehoussel <fabien.lehoussel@medianesysteme.com>
The PHY models of the Marvell 88E151x series are not reliably
distinguishable by their uid / PHY identifiers.
The 88E1510, 88E1512, 88E1514 and 88E1518 all have the same OUI and
model number and bits 3:0 in the PHY Identifier 2 (Page 0, Reg 3) are
described as HW revision number, but both 88E1510 and 88E1518 PHYs were
observed with the same HW rev number (1).
Before commit 83cfbeb0df ("net: phy: Fix mask so that we can identify
Marvell 88E1518"), the 88E151x were detected because the HW revision
bits were masked from the uid. After that change, 88E1510/12/18 were all
detected as 88E1518 and the 88E1510 specific code was no longer run.
I modified the mask to again ignore all four HW revision bits, removed
the 88E1510 specific code (board-specific LED/INTn setup), which was not
called since late 2016 anyway and renamed the config function and
phy_driver struct to the better fitting 88e151x.
The uid and mask bits 3:0 are now again the same as in the Linux kernel.
Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
This patch adds ability to switch beetween two PHY SGMII modes.
Some hardware, for example, FPGA IP designs may use 6-wire mode
which enables differential SGMII clock to MAC.
Patch description, dt flags have been done in mainline Linux by
commit a2111c460c0c ("net: phy: dp83867: Add documentation for SGMII mode type")
and by commit 507ddd5c0d47 ("net: phy: dp83867: Add SGMII mode type switching")
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
U-Boot is having DT which doesn't cover all options currently supported by
driver. DT binding is aligned with Linux kernel version available here.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/devicetree/bindings/net/ti,dp83867.txt
Based on my talk with Grygorii Strashko better will be to remove it.
Also Linux kernel bindings are being converted to yaml that's another
reason to do it only at one place.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Grygorii Strashko <grygorii.strashko@ti.com>
The helper is used to reset PHYs on connect and it determines the clause
to use (C22/C45) based on interface type. This fixes 'PHY reset timed out'
warnings in console for USXGMII/XFI PHYs.
Signed-off-by: Alex Marginean <alexandru.marginean@nxp.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Commit 27c3f70f3b ("net: phy: Increase link up delay in
genphy_update_link()") increased the per-iteration waiting time from
1ms to 50ms, without adjusting the timeout counter. This lead to the
timeout increasing from the typical 4 seconds to over three minutes.
Adjust the timeout counter evaluation by that factor of 50 to bring the
timeout back to the intended value.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Fixes: net: phy: Increase link up delay in genphy_update_link() ("27c3f70f3b50")
Reviewed-by: Stefan Roese <sr@denx.de>
Tested-by: Matthias Brugger <mbrugger@suse.com>
Tested-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
doc/README.drivers.eth seems like a good source for understanding
U-Boot's network subsystem, but is only talking about legacy network
drivers. This is particularly sad as proper documentation would help in
porting drivers over to the driver model.
Rewrite the document to describe network drivers in the new driver model
world. Most driver callbacks/methods are almost identical in their
semantic, but recv() differs in some important details.
Also keep some parts of the original text at the end, to help
understanding old drivers. Add some hints on how to port drivers over.
This also uses the opportunity to reformat the document in reST, on the
way moving it into doc/driver-model and adding it into the structure
there.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
The driver now unconditionally prints some information that's not
universally useful. Replace printf with debug.
Signed-off-by: Alex Marginean <alexandru.marginean@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Use either USXGMII or XFI in aquantia_set_proto and drop XGMII as a valid
protocol configuration. The PHY doesn't support it, it's just used as an
alias for one of the other two protocols.
Signed-off-by: Florin Chiculita <florinlaurentiu.chiculita@nxp.com>
Signed-off-by: Alex Marginean <alexandru.marginean@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Add NC-SI to the usual phy handling. This makes two notable changes:
- Somewhat similar to a fixed phy, phy_connect() will create an NC-SI
phy if CONFIG_PHY_NCSI is defined.
- An early return is added to phy_read() and phy_write() to handle a
case like the NC-SI phy which does not define a bus.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
This introduces support for the NC-SI protocol, modelled as a phy driver
for other ethernet drivers to consume.
NC-SI (Network Controller Sideband Interface) is a protocol to manage a
sideband connection to a proper network interface, for example a BMC
(Baseboard Management Controller) sharing the NIC of the host system.
Probing and configuration occurs by communicating with the "remote" NIC
via NC-SI control frames (Ethernet header 0x88f8).
This implementation is roughly based on the upstream Linux
implementation[0], with a reduced feature set and an emphasis on getting
a link up as fast as possible rather than probing the full possible
topology of the bus.
The current phy model relies on the network being "up", sending NC-SI
command frames via net_send_packet() and receiving them from the
net_loop() loop (added in a following patch).
The ncsi-pkt.h header[1] is copied from the Linux kernel for consistent
field definitions.
[0]: https://github.com/torvalds/linux/tree/master/net/ncsi
[1]: https://github.com/torvalds/linux/blob/master/net/ncsi/ncsi-pkt.h
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
We keep both of these jobs in sync as much as possible even when the
primary motivation is to keep Travis from exceeding the build time limit
there. With that in mind:
- Use "rk" not "rockchip" to get all Rockchip SoC platforms in one job,
rather than just all Rockchip vendor platforms.
- The NXP LX216* SoCs have their own job, exclude them from the AArch64
generic job.
- SoCFPGA SoCs have their own job, exclude them from the AArch64 generic
job.
Signed-off-by: Tom Rini <trini@konsulko.com>
The FEC in the i.MX8MM doesn't support this feature. So don't pretend one
can use it.
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@toradex.com>
Acked-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
Let pinctrl configuration for eMMC node (usdhc1) also be
accessible in SPL.
Signed-off-by: Igor Opaniuk <igor.opaniuk@toradex.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
Some device may enable CONFIG_CLK but not still support this clock in
CC, so better use debug() in place of dev_warn() otherwise a lot of
boards will throw useless dev_warn()s.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The current implementation in arch/arm/mach-imx/cpu.c uses non-DM
code to retrieve the core clock frequency. As the root clock is not
listed we currently get:
CPU: Freescale i.MX8MMQ rev1.0 at 0 MHz
Fix this by adding the missing entry, which results in:
CPU: Freescale i.MX8MMQ rev1.0 at 1200 MHz
Signed-off-by: Frieder Schrempf <frieder.schrempf@kontron.de>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
fdt_high value of 0xffffffff disables fdt relocation on boot. We don't
need that for Cubox-i/Hummingboard. Rely on generic code to find the
optimal fdt location at boot time.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Before DM_VIDEO conversion this board used 24bpp
display configuration, so use it again.
Signed-off-by: Anatolij Gustschin <agust@denx.de>
Reviewed-by: Fabio Estevam <festevam@gmail.com>