Commit graph

74928 commits

Author SHA1 Message Date
Aswath Govindraju
7026b88844 environment: ti: k3_dfu: Increase the size allocated for bootloader images in dfu_alt_info_ram
The size of u-boot.img is above 1MB and that of tispl.bin is close to 1MB,
in case of j721e. Therefore, increase the sizes allocated for tispl.bin and
u-boot.img to 2 MB and 4 MB respectively, in dfu_alt_info_ram environment
variable.

Signed-off-by: Aswath Govindraju <a-govindraju@ti.com>
2021-09-10 20:10:20 -04:00
Aswath Govindraju
fa7a14576d arm: dts: k3-j721e-r5-*.dts: Fix clock-names property in the usb0 instance
In the cdns3 usb driver, the clock name looked for is ref. Therefore, fix
the clock-names property in usb0 instance for proper initialization of
cdns3 usb gadget driver.

Signed-off-by: Aswath Govindraju <a-govindraju@ti.com>
2021-09-10 20:10:20 -04:00
Roger Quadros
72f78c6918 ARM: dts: Fix node status to "okay" on TI boards
As per Device Tree Specification [1], the status parameter of nodes can
be "okay", "disabled", etc. "ok" is not a valid parameter.

U-boot Driver Model does not recognize status="ok" either and treats
the node as disabled.

[1] https://github.com/devicetree-org/devicetree-specification/releases/tag/v0.3

Signed-off-by: Roger Quadros <rogerq@kernel.org>
Reviewed-by: Nishanth Menon <nm@ti.com>
2021-09-10 20:10:20 -04:00
Suman Anna
7d67334dfe tools: k3_fit_atf: Fix DM binary FIT load addresses
The DM binary runs on the MCU R5F Core0 after R5 SPL on J721E and J7200
SoCs. The binary is built alongside the TFA, OPTEE and A72 SPL binaries
and included in the tispl.bin FIT image. The R5 SPL loads the DM binary
at 0xA0000000 address, based on the value used in the FIT image build
script. The DM binary though is an ELF image and not a regular binary
file, and so is processed further to load the actual program segments
using the U-Boot's standard ELF loader library.

The DM binary does leverage a certain portion of DDR for its program
segments, and typically reserves 16 MB of DDR at 0xA0000000 with the
1st MB used for IPC between Linux and the remote processor, and
remaining memory for firmware segments. This can cause an incomplete
loading of the program segments if the DM binary is larger than 1 MB,
due to overlap of the initial loaded binary and the actual program
segments.

Fix this by using the address 0x89000000, which matches the current
"addr_mcur5f0_0load" env variable used by R5 SPL before the DM firmware
inclusion into the tispl.bin.

Fixes: df5363a67f ("tools: k3_fit_atf: add DM binary to the FIT image")
Signed-off-by: Suman Anna <s-anna@ti.com>
2021-09-10 20:10:20 -04:00
Aswath Govindraju
7ca1af635a arm: dts: k3-am642-evm-u-boot: Add u-boot, dm-spl tag in the pinmux node of mmc1
Add u-boot,dm-spl tag in the pinmux device tree node, required for MMCSD1
subsystem.

Fixes: b6059ddc45 ("arm: dts: k3-am642: Add r5 specific dt support")
Signed-off-by: Aswath Govindraju <a-govindraju@ti.com>
2021-09-10 20:10:20 -04:00
Matwey V. Kornilov
4c9289f52f am33xx: Fix USB for am335x boards
USB nodes were mistakenly disabled in

    commit 942853dd96 ("arm: dts: Resync BeagleBone device trees")

This commit is to fix the following issue:

    starting USB...
    No working controllers found
    USB is stopped. Please issue 'usb start' first.
    starting USB...
    No working controllers found

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0782e8572ce43f521ed6ff15e4a7ab9aa5acdc85
Fixes: 942853dd96 ("arm: dts: Resync BeagleBone device trees")
Signed-off-by: Matwey V. Kornilov <matwey.kornilov@gmail.com>
Reviewed-by: Paul Barker <paul.barker@sancloud.com>
2021-09-10 20:10:20 -04:00
Aswath Govindraju
3c01557df8 include: configs: am64x_evm: Add env variables for booting to kernel using USB MSC device
Add env variables for booting to kernel from USB MSC device. The second
partition in the USB MSC device needs to formatted as ext4 file system with
kernel and dtb images, present in the /boot folder.

Signed-off-by: Aswath Govindraju <a-govindraju@ti.com>
2021-09-10 20:10:20 -04:00
Aswath Govindraju
e34ab0e01f environment: ti: mmc.h: Make the finduuid generic for usage across different device types
Make finduuid generic by making it dependent on the boot variable. For
example, this can now be used for finding the uuid of partitions in usb
device too.

Signed-off-by: Aswath Govindraju <a-govindraju@ti.com>
2021-09-10 20:10:20 -04:00
Aswath Govindraju
3d16b33533 board: ti: am64x: Add support for fixing dr_mode while booting from USB
Fix the dr_mode in the U-Boot device tree blob, by reading the mode field
from the USB Boot Configuration fields. The dr_mode will only be fixed when
booting from USB.

Signed-off-by: Aswath Govindraju <a-govindraju@ti.com>
2021-09-10 20:10:20 -04:00
Derald D. Woods
11e2ab3f0b ARM: omap3: evm: Enable booting 'fitImage' with DEFAULT_FIT_TI_ARGS
This commit uses the existing DEFAULT_MMC_TI_ARGS and
DEFAULT_FIT_TI_ARGS defintions to replace the 'mmc*' environment
variables in the configuration. The check for the 'boot_fit' is handled
like the 'am335x_*' boards with 'CONFIG_BOOTCOMMAND'.

Signed-off-by: Derald D. Woods <woods.technical@gmail.com>
2021-09-10 18:00:37 -04:00
Tom Rini
f4b64e9736 arm: am335x: Enable SPL_OF_CONTROL on some configs
Both am335x_boneblack_vboot and am335x_evm_spiboot require
SPL_OF_CONTROL to function but are currently missing this option.  Add
it.

Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-10 18:00:37 -04:00
Tom Rini
de5857d056 Merge https://source.denx.de/u-boot/custodians/u-boot-marvell
- mvebu: dts: Armada8k enable mdio (Sven)
- a37xx: pci: Fix / enhance error handling (Pali)
- mvebu: espressobin/turris_: Enable GPT partition support (Pali)
- mvebu: sata_mv: Probe all ports (Tony)
- a37xx: pci: Don't spam about PIO Response Status (Marek)
2021-09-10 08:24:19 -04:00
Marek Behún
157bc52b0f arm: a37xx: pci: Don't spam about PIO Response Status
Use dev_dbg() instead of dev_err() in pcie_advk_check_pio_status().

For example CRS is not an error status, it just says that the request
should be retried.

Without this, U-Boot spams the terminal with
  pcie_advk pcie@d0070000: Non-posted PIO Response Status: UR, 0xc80 @ 0x100000
  pcie_advk pcie@d0070000: Non-posted PIO Response Status: UR, 0xc80 @ 0x108000
  pcie_advk pcie@d0070000: Non-posted PIO Response Status: UR, 0xc80 @ 0x110000
  pcie_advk pcie@d0070000: Non-posted PIO Response Status: UR, 0xc80 @ 0x120000
  pcie_advk pcie@d0070000: Non-posted PIO Response Status: UR, 0xc80 @ 0x128000
  pcie_advk pcie@d0070000: Non-posted PIO Response Status: UR, 0xc80 @ 0x130000
  ...
when a device is not connected to a PCIe switch (Unsupported Request
from the switch).

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-09-10 09:01:51 +02:00
Tony Dinh
47d8931386 arm: marvell: Dreamplug: fix typo in eth1 name
Ethernet 1 should be ethernet-controller@76000.

Signed-off-by: Tony Dinh <mibodhi@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-09-10 09:01:51 +02:00
Tony Dinh
5df1ee4594 arm: mvebu : sata_mv should probe all ports
While a board could have multiple SATA ports, some of the ports might
not have a disk attached to them. So while probing for disks,
sata_mv_probe() should continue probing all ports, and skip one with
no disk attached.

Tests with:

- Seagate Goflex Net (Marvell Kirkwood 88F6281) out-of-tree u-boot.
- Zyxel NSA325 (Marvell Kirkwood 88F6282 out-of-tree u-boot.

Observation:

If a board has 2 or more SATA ports, and there is only one disk
attached to one of the ports, sata_mv_probe() does not return
a successful probe status. And if only one disk is attached to the
2nd port (i.e. port 1), it is not probed at all.

Patch Description:

Let sata_mv_probe() continues probing all ports, even if there
is error in probing a given port, and then return a successful
status if there is at least one port was probed successfully.

Signed-off-by: Tony Dinh <mibodhi@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-09-10 09:01:51 +02:00
Pali Rohár
a4a06a180d arm: mvebu: a38x: Fix 5200000 baudrate
Fix baudrate value 5150000 which was added in commit ead4864fa6 ("arm:
mvebu: a38x: Define supported UART baudrates").

Exact value for divisor 3 with 250 MHz TCLK is 5208333 baudrate. In above
commit I incorrectly rounded it to 5150000 value due to testing with
USB-UART hw which incorrectly reported exact value and divisor configured
on other other end of UART link.

Fix this value to 520000 baudrate which is more close to the exact hardware
value and also has less fraction parts.

Signed-off-by: Pali Rohár <pali@kernel.org>
Fixes: ead4864fa6 ("arm: mvebu: a38x: Define supported UART baudrates")
Reviewed-by: Stefan Roese <sr@denx.de>
2021-09-10 09:01:51 +02:00
Pali Rohár
5a8bd463a6 arm: mvebu: espressobin: Enable GPT partition support
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-09-10 09:01:51 +02:00
Pali Rohár
f4ce28ab74 arm: mvebu: turris_{omnia, mox}: GPT partition support
This allows U-Boot to access filesystems on GPT partitioned disks.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-09-10 09:01:51 +02:00
Pali Rohár
d9ac6e28af arm: a37xx: pci: Implement re-issuing config requests on CRS response
According to PCIe base specification, if CRS Software Visibility is not
enabled, the Root Complex must re-issue the Configuration Request as a new
Request.

Normally this part of Root Complex is implemented in hardware but aardvark
is somehow special and does not implement it in hardware and expect that
handling of config requests are fully implemented in software.

This re-issuing functionality is required also because U-Boot does not
support CRS Software Visibility feature and therefore expects that Root
Complex re-issues requests as is specified in PCIe base specification.

Retry / re-issue config request up to the PIO_MAX_RETRIES, to prevent
infinite loop. After retry count exceed PIO_MAX_RETRIES, returns failure.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-09-10 09:01:51 +02:00
Pali Rohár
758262bc26 arm: a37xx: pci: Disable returning CRS response
There was mistake in commit 4cd61c43fd ("arm: a37xx: pci: Fix handling
PIO config error responses"). U-Boot does not support handling of CRS
return value for PCI_VENDOR_ID config read request and also does not set
CRSSVE bit.

Therefore disable returning CRS response for now.

Signed-off-by: Pali Rohár <pali@kernel.org>
Fixes: 4cd61c43fd ("arm: a37xx: pci: Fix handling PIO config error responses")
Reviewed-by: Stefan Roese <sr@denx.de>
2021-09-10 09:01:51 +02:00
Sven Auhagen
88426bd6b0 arm: mvebu: dts: Armada8k enable mdio
Since mvpp2 is using the new mdio driver and the cp110 has been
synced with the linux upstream, the mdio has to enabled in the
device tree file.
This is missing for some device tree files and therefore the
network cards do not come online.

Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-09-10 09:01:51 +02:00
Tony Dinh
8439219ca5 arm: kirkwood: Sheevaplug: Update board maintainer
Change maintainer to me. Prafulla is no longer active in U-Boot community.

Signed-off-by: Tony Dinh <mibodhi@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-09-10 09:01:51 +02:00
Lokesh Vutla
f91c3aa07e MAINTAINERS: Update ARM TI entry
Move TI maintainership to Tom.
Updated with the following commands:
find ./ -name MAINTAINERS | xargs sed -i s/"Lokesh Vutla <lokeshvutla@ti.com>"/"Tom Rini <trini@konsulko.com>"/g

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Nishanth Menon <nm@ti.com>
Acked-by: Tom Rini <trini@konsulko.com>
2021-09-09 11:28:54 -04:00
Tom Rini
465bff8b10 Kconfig: Drop duplicate 'select SHA512' instances
When dropping SHA512_ALGO in general, we didn't catch some cases where
an option was selecting  both SHA512 and SHA512_ALGO and caused them to
select SHA512 twice.  Kconfig doesn't complain, but this is still wrong
and should be corrected.

Fixes: e60e449931 ("lib: Drop SHA512_ALGO in lieu of SHA512")
Reported-by: Andreas Schwab <schwab@suse.de>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-09 11:11:33 -04:00
Tom Rini
4412fd8ba2 Merge branch '2021-09-08-fix-FIT-hash-algos-in-SPL'
- Merge some fixes to how we enable hash algorithms for FIT images in
  SPL.  This fixes a few cases where we should have had some options
  enabled, but did not.  This also removes otherwise unused options in a
  few other cases.
2021-09-08 21:23:55 -04:00
Alexandru Gagniuc
0b905e2581 image: Drop IMAGE_ENABLE_{MD5, CRC32} #defines
These are no longer used, so drop them.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-09-08 16:12:10 -04:00
Alexandru Gagniuc
92055e138f image: Drop if/elseif hash selection in calculate_hash()
calculate_hash() would try to select the appropriate hashing function
by a if/elseif contruct. But that is exactly why hash_lookup_algo()
exists, so use it instead.

This does mean that we now have to 'select HASH' to make sure we get
the hash_lookup_algo() symbol. However, the change makes sense because
even basic FITs will have to deal with "hash" nodes.

My only concern is that the 'select SPL_HASH' might cause some
platform to grow above its SPL size allowance

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Make FSL_CAAM be implied only on ARM && SPL]
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-08 16:12:09 -04:00
Alexandru Gagniuc
fe54aeaa4a common: Move MD5 hash to hash_algo[] array.
MD5 is being called directly in some places, but it is not available
via hash_lookup_algo("md5"). This is inconsistent with other hasing
routines. To resolve this, add an "md5" entry to hash_algos[].

The #ifdef clause looks funnier than those for other entries. This is
because both MD5 and SPL_MD5 configs exist, whereas the other hashes
do not have "SPL_" entries. The long term plan is to get rid of the
ifdefs, so those should not be expected to survive much longer.

The md5 entry does not have .hash_init/update/finish members. That's
okay because hash_progressive_lookup_algo() will catch that, and
return -EPROTONOSUPPORT, while hash_lookup_algo() will return the
correct pointer.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Use CONFIG_IS_ENABLED not IS_ENABLED for MD5 check]
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-08 16:11:46 -04:00
Alexandru Gagniuc
0721209699 common/spl: Drop [ST]PL_HASH_SUPPORT in favor of [ST]PL_HASH
All of these configs exist. Stick to using CONFIG_[ST]PL_HASH, and drop all
references to CONFIG_[ST]PL_HASH_SUPPORT.  This means we need for
CHAIN_OF_TRUST to select SPL_HASH now.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Add TPL case, fix CHAIN_OF_TRUST, other tweaks]
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-08 16:11:46 -04:00
Alexandru Gagniuc
e60e449931 lib: Drop SHA512_ALGO in lieu of SHA512
SHA512_ALGO was used as a "either SHA512 or SHA384", although the
implementations of these two algorithms share a majority of code.

From a Kconfig interface perspective, it makes sense to present two
distinct options. This requires #ifdefing out the SHA512
implementation from sha512.c. The latter doesn't make any sense.

It's reasonable to say in Kconfig that SHA384 depends on SHA512, and
seems to be the more polite way to handle the selection.

Thus, automatically select SHA512 when SHA384 is enabled.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-09-08 16:11:46 -04:00
Alexandru Gagniuc
eb5171ddec common: Remove unused CONFIG_FIT_SHAxxx selectors
Originally CONFIG_FIT_SHAxxx enabled specific SHA algos for and only
for hash_calculate() in common/image-fit.c. However, since commit
14f061dcb1 ("image: Drop IMAGE_ENABLE_SHAxxx"),
the correct selector was changed to CONFIG_SHAxxx.

The extra "_FIT_" variants are neither used, nor needed. Remove them.
One defconfig disables FIT_SHA256, which is now changed to 'SHA256'.

CMD_MVEBU_BUBT needs to select select SHA256 to avoid undefined
references to "sha256_*()". bubt.c needs sha256, so this selection is
correct. It is not clear why this problem did not manifest before.

Note that SHA selection in SPL is broken for this exact reason. There
is no corresponding SPL_SHAxxx. Fixing this is is beyond the scope of
this change.

Also note that we make CONFIG_FIT now imply SHA256, to make up for
FIT_SHA256 previously being a default y option.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Add imply SHA256 to FIT]
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-08 16:10:34 -04:00
Tom Rini
1c02fd4686 Merge https://source.denx.de/u-boot/custodians/u-boot-riscv 2021-09-07 07:58:56 -04:00
Zong Li
30fa33dc80 riscv: lib: modify the indent
We usually use a space in function declaration, rather than a tab.

Signed-off-by: Zong Li <zong.li@sifive.com>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Rick Chen <rick@andestech.com>
2021-09-07 10:34:29 +08:00
Zong Li
835210a125 board: sifive: use ccache driver instead of helper function
Invokes the common cache_init function to initialize ccache.

Signed-off-by: Zong Li <zong.li@sifive.com>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Rick Chen <rick@andestech.com>
2021-09-07 10:34:29 +08:00
Zong Li
213ed175b0 riscv: lib: implement enable_caches for sifive cache
The enable_caches is a generic hook for architecture-implemented, we
define this function to enable composable cache of sifive platforms.

In sifive_cache, it invokes the generic cache_enable interface of cache
uclass to execute the relative implementation in SiFive ccache driver.

Signed-off-by: Zong Li <zong.li@sifive.com>
Reviewed-by: Rick Chen <rick@andestech.com>
2021-09-07 10:34:29 +08:00
Zong Li
4d4222d074 common: board_r: support enable_caches for RISC-V
The enable_caches is a generic hook for architecture-implemented, we
leverage this function to enable caches for RISC-V

Signed-off-by: Zong Li <zong.li@sifive.com>
Reviewed-by: Rick Chen <rick@andestech.com>
2021-09-07 10:34:29 +08:00
Zong Li
43a2183928 cache: add sifive composable cache driver
This driver is currently responsible for enabling all ccache ways.
Composable cache could be configure as RAM or cache, we will use it as
RAM at the beginning to put the u-boot SPL there. In u-boot proper
phrase, we will use the composable cache as cache, and try to enable the
cache ways.

Signed-off-by: Zong Li <zong.li@sifive.com>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Rick Chen <rick@andestech.com>
2021-09-07 10:34:29 +08:00
Thomas Skibo
9d84795fc5 riscv: Add missing sentinel in ocores_i2c.c
The ocores_i2c.c driver is missing a sentinel at the end of
the compatible strings list.  This causes the "dm compat" command
to spew garbage.

Signed-off-by: Thomas Skibo <thomas-git@skibo.net>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
2021-09-07 10:34:29 +08:00
Heinrich Schuchardt
f6431e8fb3 riscv: show code leading to exception
To make analyzing exceptions easier output the code that leads to it.
We already do the same on the ARM platform.

Here is an example:

    => exception ebreak
    Unhandled exception: Breakpoint
    EPC: 000000008ff5d50e RA: 000000008ff5d62c TVAL: 0000000000000000
    EPC: 000000008020b50e RA: 000000008020b62c reloc adjusted

    Code: 2785 0693 07a0 dce3 fef6 47a5 d563 00e7 (9002)

To disassemble the code we can use the decodecode script:

    $ echo 'Code: 2785 0693 07a0 dce3 fef6 47a5 d563 00e7 (9002)' | \
      CROSS_COMPILE=riscv64-linux-gnu- scripts/decodecode

    Code: 2785 0693 07a0 dce3 fef6 47a5 d563 00e7 (9002)
    All code
    ========
       0:   2785                    addiw   a5,a5,1
       2:   07a00693                li      a3,122
       6:   fef6dce3                bge     a3,a5,0xfffffffffffffffe
       a:   47a5                    li      a5,9
       c:   00e7d563                bge     a5,a4,0x16
      10:*  9002                    ebreak         <-- trapping instruction
            ...

    Code starting with the faulting instruction
    ===========================================
       0:   9002                    ebreak
            ...

As it is not always clear if the first 16 bits are at the start or in the
middle of a 32bit instruction it may become necessary to strip the first
u16 from the output before calling decodecode to get the correct
disassembled code.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
2021-09-07 10:34:29 +08:00
Heinrich Schuchardt
5b2d359d9a configs: qemu-riscvXX_spl_defconfig enable CMD_SBI
Both for 64bit and 32bit at least on one board we should compile the sbi
command. Enabling it on QEMU will allow to write a test for it.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2021-09-07 10:34:29 +08:00
Heinrich Schuchardt
7383432fa1 riscv: enable booting HiFive Unmatched from SATA
On the HiFive Unmatched a PCI to SATA adapter may be used to install a SATA
drive. Enable booting from it.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
2021-09-07 10:34:28 +08:00
Tom Rini
ad320c237b - fix EFI boot with OP-TEE for STM32MP15 boards
-----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEE56Yx6b9SnloYCWtD4rK92eCqk3UFAmE157MACgkQ4rK92eCq
 k3WB9wgAv3ReN8rs9wyVSc7SOwXvaJM34a0wX1l8Q4dcT4CnmxuS7u3gT+Uhl5nM
 ACe1eclLEy4VH16XSH99s2HS02pOWXX8s7/d75OlklNdH9Qsj0JxwkDN9cbNFJnL
 bSRTAu37T6aYWW+MojzBQFIrcjDIvj29dc+U71Wv/E5BQ0ck471Sfd6SbhDGBbZf
 AiPAhfkl6mHDhazHzxLxWHpciDSsXkX4h48hhR4efqEH0wk3lJQJp1Wh11JOyJcZ
 5MQqgD13KPMWdR8VCqR4z6TfSy08xabZernFHGN4TeQaF1Y4Dp7OO2DTCLpuJ27R
 gWelkbNHnQEFD4+qV4KiNvVkL8zhlw==
 =KFtm
 -----END PGP SIGNATURE-----

Merge tag 'u-boot-stm32-20210906' of https://source.denx.de/u-boot/custodians/u-boot-stm

- fix EFI boot with OP-TEE for STM32MP15 boards
2021-09-06 10:31:56 -04:00
Patrice Chotard
c8510e397f stm32mp: Fix board_get_usable_ram_top()
When booting in EFI, lib/efi_loader/efi_memory.c calls
board_get_usable_ram_top(0) which returns by default
gd->ram_base + gd->ram_size which is the top of DDR.

In case of OPTEE boot, the top of DDR is currently reserved by OPTEE,
board_get_usable_ram_top(0) must return an address outside OPTEE
reserved memory.

gd->ram_top matches this constraint as it has already been initialized
by substracting all DT reserved-memory (included OPTEE memory area).

Fixes: 92b611e8b0 ("stm32mp: correctly handle board_get_usable_ram_top(0)")

Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-09-06 10:00:11 +02:00
Tom Rini
5e893897c6 Pull request for efi-2021-10-rc4
Documentation:
 
     Remove invalid reference to configuration variable in UEFI doc
 
 UEFI:
 
     Parameter checks for the EFI_TCG2_PROTOCOL
     Improve support of preseeding UEFI variables.
     Correct the calculation of the size of loaded images.
     Allow for UEFI images with zero VirtualSize
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmEzRO0ACgkQxIHbvCwF
 GsSXeQ//QkOl49qqDIgySVeq28Q1Ijs0vpqHdNi65Ob12rB2k1Sc8s9bLizmDn8r
 D1uicHCpEKzW+8j2xoDEGjNon8RryFqVrhTuKSvPt6WHDZedpCuCijvEYfj5CWU2
 /M16yLdYCrIlk9lMZrPsCRkrFC70PD7VIfZP51CfIY4WDx749VehVEgzUEEf863f
 etEmXTNL4p+lkMPzfV945OiiszRKx1VGAzM+koNhdi1SJZq+esR+dzZD55d81luT
 4kR3FW4DLjdzKch5tuNli9cvFW0n0Ky+2zfrIBsbYtCXinrvdxrU0RzjaU9PUmHs
 NnWDie0bbsLJJx7fkUIQ0Twk5lZPYxTkGLRi37z67gLl0cRLidgZ0wRLYLjIzBQJ
 4zfgnY2BKoFfCrt1pkKXeGh6Fl8NDSpw3zXvvtxINDfRV7iFY52kTuBNguyZPz/+
 Fz9S31f1o+KW6oD5ltLGIJRX5H+MRWSvzpWR+tYtG/cQf9C6u+SKtOdJNOZZRTZ+
 fPfdszapZiyMgCGcdHdUSYaeG091/0Q7wkrIEMK/w7nkzqlEi6HaM2n7ybNL3SMc
 bSkGno4qecTW+zkLIoRrahV9KpKqXkzkiAwSPkkg6flF4ZnNrvbBXa9T7wbygw1u
 Csb95GXcYf3o4zskSl20MNoY8H0nEDf7FVPauDRwd6Xuqp43sS0=
 =vUWc
 -----END PGP SIGNATURE-----

Merge tag 'efi-2021-10-rc4' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2021-10-rc4

Documentation:

    Remove invalid reference to configuration variable in UEFI doc

UEFI:

    Parameter checks for the EFI_TCG2_PROTOCOL
    Improve support of preseeding UEFI variables.
    Correct the calculation of the size of loaded images.
    Allow for UEFI images with zero VirtualSize
2021-09-04 15:59:00 -04:00
Masahisa Kojima
538c0f2d37 efi_loader: fix efi_tcg2_hash_log_extend_event() parameter check
TCG EFI Protocol Specification defines that PCRIndex parameter
passed from caller must be 0 to 23.
TPM2_MAX_PCRS is currently used to check the range of PCRIndex,
but TPM2_MAX_PCRS is tpm2 device dependent and may have larger value.
This commit newly adds EFI_TCG2_MAX_PCR_INDEX macro, it is used to
check the range of PCRIndex parameter.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-09-04 12:03:57 +02:00
Masahisa Kojima
db3ed2cf9c efi_loader: fix boot_service_capability_min calculation
TCG EFI Protocol Specification requires to the input
ProtocolCapability.Size < size of the EFI_TCG2_BOOT_SERVICE_CAPABILITY
up to and including the vendor ID field.
Current implementation does different calculation, let's fix it.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-09-04 12:03:57 +02:00
Masahisa Kojima
580d7242b1 efi_loader: add missing parameter check for EFI_TCG2_PROTOCOL api
TCG EFI Protocol Specification defines the required parameter
checking and return value for each API.
This commit adds the missing parameter check and
fixes the wrong return value to comply the specification.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-09-04 12:03:57 +02:00
Heinrich Schuchardt
7219856dae efi_loader: correct determination of secure boot state
When U-Boot is started we have to use the existing variables to determine
in which secure boot state we are.

* If a platform key PK is present and DeployedMode=1, we are in deployed
  mode.
* If no platform key PK is present and AuditMode=1, we are in audit mode.
* Otherwise if a platform key is present, we are in user mode.
* Otherwise if no platform key is present, we are in setup mode.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-09-04 12:03:57 +02:00
Heinrich Schuchardt
b191aa429e efi_loader: efi_auth_var_type for AuditMode, DeployedMode
Writing variables AuditMode and DeployedMode serves to switch between
Secure Boot modes. Provide a separate value for these in efi_auth_var_type.

With this patch the variables will not be read from from file even if they
are marked as non-volatile by mistake.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-09-04 12:03:57 +02:00
Heinrich Schuchardt
9ef82e2947 efi_loader: don't load signature database from file
The UEFI specification requires that the signature database may only be
stored in tamper-resistant storage. So these variable may not be read
from an unsigned file.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-09-04 12:03:57 +02:00