Commit graph

72562 commits

Author SHA1 Message Date
Sean Anderson
d442f69399 common: fit: Add weak board_fit_config_name_match
Several architectures had a default board_fit_config_name_match already;
this provides a generic weak version. We default to rejecting all configs.
This will use the FIT's default config, instead of the first config. This
may result in boot failures if there are multiple configurations and the
first config is *not* the default.

Signed-off-by: Sean Anderson <sean.anderson@seco.com>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
6795c75109 doc: FIT image: Update FPGA example to make use of "loadables"
The new correct way to load an FPGA image is to declare it in the list
of "loadables". multi-with-fpga.its used the now deprecated "fpga"
property. Since this example most likely intended to use u-boot's
generic FPGA loading code, compatible = "u-boot,fpga-legacy" is also
appropriate here.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
df51ae767e Kconfig: Document the limitations of the simple SPL_LOAD_FIT path
The "simple" SPL_LOAD_FIT path is the most compliant with the format
documented in doc/uImage.FIT/source_file_format.txt. The other two
paths to load a FIT are SPL_LOAD_FIT_FULL and the "bootm" command.

Since the Kconfig menu is the most likely place for a new user to see
these options, it seems like the most logical candidate to document
the limitations. This documents the _known_ issues, and is not
intended to be a complete list of all follies.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
35f4f8e6fc spl: fit: Support loading FPGA images from list of "loadables"
Commit 4afc4f37c7 ("doc: FIT image: Clarify format and simplify
syntax") and delegated FPGA images to be added via the list of
"loadables" in lieu of the "fpga" property. Now actually implement
this in code.

Note that the "compatible" property is ignored for the time being, as
implementing "compatible" loading is beyond the scope of this change.
However, "u-boot,fpga-legacy" is accepted without warning.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
d8a395109e spl: fit: Warn if FIT contains "fpga" property in config node
Commit 4afc4f37c7 ("doc: FIT image: Clarify format and simplify
syntax") requires that FPGA images be referenced through the
"loadables" in the config node. This means that "fpga" properties in
config nodes are deprecated.

Given that there are likely FIT images which use "fpga", let's not
break those right away. Print a warning message that such use is
deprecated, and give users a couple of releases to update their

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
55e7a1a435 spl: fit: Move FPGA loading code to separate functions
The FPGA loading code in spl_simple_fit_read() can easily be separated
from the rest of the logic. It is split into two functions instead of
one because spl_fit_upload_fpga() is used in a subsequent patch.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
e1662d6995 doc: FIT image: Introduce "u-boot, fpga-legacy" property
Commit 4afc4f37c7 ("doc: FIT image: Clarify format and simplify
syntax") introduced a "compatible" property for loadable images.
It did not define its contents. Use "u-boot,fpga-legacy" compatible
string to specify that fpga_load() should be used to load the image.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
f0a6ec3656 spl: fit: Don't overwrite previous loadable if "load" is missing
spl_load_fit_image() will try to load an image at the address given
in the "load" property. Absent such property, it uses

	image_info->load_addr

Correct use of this is demonstrated in spl_fit_append_fdt(), which
resets the 'load_addr' before each spl_load_fit_image() call.

On the other hand loading "loadables" loop in spl_load_simple_fit()
completely ignores this. It re-uses the same structure, but doesn't
reset load_addr. If loadable [i] does not have a "load" property, its
load address defaults to load_addr, which still contains the address
of loadable [i - 1].

A simple solution is to treat NULL as an invalid load address. The
caller can set load_addr = 0 to request an abort if the "load"
property is absent.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
78015263b9 test/py: ecdsa: Use mkimage keyfile instead of keydir argument
Originally, the ECDSA code path used 'keydir' as the key filename.
mkimage has since been updated to include a new 'keyfile' argument.
Use the new argument for passing in the key.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
eb22759e2b lib/ecdsa: Use the 'keydir' argument from mkimage if appropriate
Keys can be derived from keydir, and the "key-name-hint" property of
the FIT. They can also be specified ad-literam via 'keyfile'. Update
the ECDSA signing path to use the appropriate one.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
824ee745fb lib/rsa: Use the 'keyfile' argument from mkimage
Keys can be derived from keydir, and the "key-name-hint" property of
the FIT. They can also be specified ad-literam via 'keyfile'. Update
the RSA signing path to use the appropriate one.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
36bfcb62b3 mkimage: Add a 'keyfile' argument for image signing
It's not always desirable to use 'keydir' and some ad-hoc heuristics
to get the filename of the signing key. More often, just passing the
filename is the simpler, easier, and logical thing to do.

Since mkimage doesn't use long options, we're slowly running out of
letters. I've chosen '-G' because it was available.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
fb6532ec6c doc: signature.txt: Document the keydir and keyfile arguments
After lots of debating, this documents how we'd like mkimage to treat
'keydir' and 'keyfile' arguments. The rest is in the docs.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
f91de329ab test/py: ecdsa: Add test for mkimage ECDSA signing
Add a test to make sure that the ECDSA signatures generated by
mkimage can be verified successfully. pyCryptodomex was chosen as the
crypto library because it integrates much better with python code.
Using openssl would have been unnecessarily painful.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
a4515f0ff7 test/py: Add pycryptodomex to list of required pakages
We wish to use pycryptodomex to verify code paths involving ECDSA
signatures. Add it to requirements.txt so that they get picked up
automatically .gitlab and .azure tasks

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:22:59 -04:00
Alexandru Gagniuc
9eef0fe7e5 doc: signature.txt: Document devicetree format for ECDSA keys
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:06:08 -04:00
Alexandru Gagniuc
ed6c9e0b66 lib: Add support for ECDSA image signing
mkimage supports rsa2048, and rsa4096 signatures. With newer silicon
now supporting hardware-accelerated ECDSA, it makes sense to expand
signing support to elliptic curves.

Implement host-side ECDSA signing and verification with libcrypto.
Device-side implementation of signature verification is beyond the
scope of this patch.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:06:08 -04:00
Alexandru Gagniuc
4c17e5f691 lib/rsa: Make fdt_add_bignum() available outside of RSA code
fdt_add_bignum() is useful for algorithms other than just RSA. To
allow its use for ECDSA, move it to a common file under lib/.

The new file is suffixed with '-libcrypto' because it has a direct
dependency on openssl. This is due to the use of the "BIGNUM *" type.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:06:08 -04:00
Alexandru Gagniuc
0bcb28dfb9 lib: Rename rsa-checksum.c to hash-checksum.c
rsa-checksum.c sontains the hash_calculate() implementations. Despite
the "rsa-" file prefix, this function is useful for other algorithms.

To prevent confusion, move this file to lib/, and rename it to
hash-checksum.c, to give it a more "generic" feel.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:06:08 -04:00
Tom Rini
3505fa5727 Merge https://source.denx.de/u-boot/custodians/u-boot-sh
-  arm: mach-rmobile: Add CPU info support for RZ/G2
2021-04-13 20:13:26 -04:00
Biju Das
3e5f3dbe3a arm: mach-rmobile: Add CPU info support for RZ/G2
Add CPU info support for RZ/G2 SoC's.

Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
2021-04-13 23:36:25 +02:00
Tom Rini
a94ab561e2 Merge branch '2021-04-13-assorted-improvements'
- A large assortment of bug fixes, code cleanups and a few feature
  enhancements.
2021-04-13 09:50:45 -04:00
Marek Vasut
8c4e3b79bd cmd: exit: Fix return value
In case exit is called in a script without parameter, the command
returns -2 ; in case exit is called with a numerical parameter,
the command returns -2 and lower. This leads to the following problem:
=> setenv foo 'echo bar ; exit 1' ; run foo ; echo $?
bar
0
=> setenv foo 'echo bar ; exit 0' ; run foo ; echo $?
bar
0
=> setenv foo 'echo bar ; exit -2' ; run foo ; echo $?
bar
0
That is, no matter what the 'exit' command argument is, the return
value is always 0 and so it is not possible to use script return
value in subsequent tests.

Fix this and simplify the exit command such that if exit is called with
no argument, the command returns 0, just like 'true' in cmd/test.c. In
case the command is called with any argument that is positive integer,
the argument is set as return value.
=> setenv foo 'echo bar ; exit 1' ; run foo ; echo $?
bar
1
=> setenv foo 'echo bar ; exit 0' ; run foo ; echo $?
bar
0
=> setenv foo 'echo bar ; exit -2' ; run foo ; echo $?
bar
0

Note that this does change ABI established in 2004 , although it is
unclear whether that ABI was originally OK or not.

Fixes: c26e454dfc
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Pantelis Antoniou <pantelis.antoniou@konsulko.com>
Cc: Tom Rini <trini@konsulko.com>
2021-04-12 17:45:40 -04:00
Patrick Delaunay
7062d4e815 scmi: translate the resource only when livetree is not activated
Call the translation function on the ofnode_read_resource result only
when the livetree is not activated.

Today of_address_to_resource() calls ofnode_read_resource() for livetree
support and fdt_get_resource() when livetree is not supported.

The fdt_get_resource() doesn't do the address translation
so when it is required when livetree is activated but this address
translation is already done by ofnode_read_resource().

Fixes: 240720e905 ("firmware: scmi: mailbox/smt agent device")
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-04-12 17:45:40 -04:00
Simon Glass
34f8fc7c85 gpio: Drop dm_gpio_set_dir()
This function is not used. Drop it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-04-12 17:45:40 -04:00
Simon Glass
a12aa7995f gpio: i2c-gpio: Drop use of dm_gpio_set_dir()
This is the only driver that uses this function. Update it to use the
alternative which is dm_gpio_clrset_flags().

Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Harm Berntsen <harm.berntsen@nedap.com>
2021-04-12 17:45:40 -04:00
Asherah Connor
0219279381 qemu: arm: select QFW, MMIO on qemu-arm
Select CMD_QFW and QFW_MMIO in the qemu-arm board (covers arm and
arm64).

Signed-off-by: Asherah Connor <ashe@kivikakk.ee>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2021-04-12 17:45:40 -04:00
Asherah Connor
5830b57bf9 qemu: add MMIO driver for QFW
Add MMIO driver for QFW.

Note that there is no consumer as of this patch.

Signed-off-by: Asherah Connor <ashe@kivikakk.ee>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2021-04-12 17:45:40 -04:00
Asherah Connor
69512551aa test: qemu: add qfw sandbox driver, dm tests, qemu tests
A sandbox driver and test are added for the qfw uclass, and a test in
QEMU added for qfw functionality to confirm it doesn't break in real
world use.

Signed-off-by: Asherah Connor <ashe@kivikakk.ee>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2021-04-12 17:45:39 -04:00
Asherah Connor
5b0b43e0e2 x86: qemu: move QFW to its own uclass
We move qfw into its own uclass and split the PIO functions into a
specific driver for that uclass.  The PIO driver is selected in the
qemu-x86 board config (this covers x86 and x86_64).

include/qfw.h is cleaned up and documentation added.

Signed-off-by: Asherah Connor <ashe@kivikakk.ee>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
2021-04-12 17:44:55 -04:00
Patrick Delaunay
2a3f161c8b scmi: correctly configure MMU for SCMI buffer
Align the MMU area for SCMI shared buffer on section size;
use the ALIGN macro in mmu_set_region_dcache_behaviour call.

Since commit d877f8fd0f ("arm: provide a function for boards init
code to modify MMU virtual-physical map") the parameter of
mmu_set_region_dcache_behaviour need to be MMU_SECTION_SIZE
aligned.

Fixes: 240720e905 ("firmware: scmi: mailbox/smt agent device")
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
2021-04-12 17:44:55 -04:00
Trevor Woerner
dc514d7ea2 moveconfig.py: add to the "do not process" list
Skip the processing of *.aml and *.dat files while iterating through the
source in order to process header files.

Signed-off-by: Trevor Woerner <twoerner@gmail.com>
2021-04-12 17:44:55 -04:00
Sean Anderson
d9c3050710 checkpatch: Add warnings for using strn(cat|cpy)
strn(cat|cpy) has a bad habit of not nul-terminating the destination,
resulting in constructions like

	strncpy(foo, bar, sizeof(foo) - 1);
	foo[sizeof(foo) - 1] = '\0';

However, it is very easy to forget about this behavior and accidentally
leave a string unterminated. This has shown up in some recent coverity
scans [1, 2] (including code recently touched by yours truly).

Fortunately, the guys at OpenBSD came up with strl(cat|cpy), which always
nul-terminate strings. These functions are already in U-Boot, so we should
encourage new code to use them instead of strn(cat|cpy).

[1] https://lists.denx.de/pipermail/u-boot/2021-March/442888.html
[2] https://lists.denx.de/pipermail/u-boot/2021-January/438073.html

Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-12 17:44:55 -04:00
Sean Anderson
69a7529831 fastboot: Fix possible buffer overrun
This fixes several uses of strn(cpy|cat) which did not terminate their
destinations properly.

Fixes de1728ce4c ("fastboot: Allow u-boot-style partitions")

Reported-by: Coverity Scan
Signed-off-by: Sean Anderson <seanga2@gmail.com>
2021-04-12 17:44:55 -04:00
Sean Anderson
c4ac52f55d test: Add test for strlcat
This test is adapted from glibc, which is very concerned about alignment.
It also tests strlcpy by dependency.

Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-12 17:44:55 -04:00
Sean Anderson
9af869c414 lib: string: Implement strlcat
This introduces strlcat, which provides a safer interface than strncat. It
never copies more than its size bytes, including the terminating nul. In
addition, it never reads past dest[size - 1], even if dest is not
nul-terminated.

This also removes the stub for dwc3 now that we have a proper
implementation.

Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-12 17:44:55 -04:00
Sean Anderson
d3358ecc54 lib: string: Fix strlcpy return value
strlcpy should always return the number of bytes copied. We were
accidentally missing the nul-terminator. We also always used to return a
non-zero value, even if we did not actually copy anything.

Fixes: 23cd138503 ("Integrate USB gadget layer and USB CDC driver layer")

Signed-off-by: Sean Anderson <seanga2@gmail.com>
2021-04-12 17:44:55 -04:00
Ilias Apalodimas
92e8489611 tee: optee: Change printing during optee_probe
Right now the error messages when optee has a version mismatch or shared
memory is not configured are done with a debug().
That's not very convenient since you have to enable debugging to figure
out what's going on, although this is an actual error.

So let's switch the debug() -> dev_err() and report those explicitly.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-04-12 17:44:55 -04:00
Asherah Connor
ac3821430e terminal: only serial_reinit_all if available
serial_reinit_all() is only available if CONFIG_SERIAL is defined (i.e.
!CONFIG_DM_SERIAL).

Signed-off-by: Asherah Connor <ashe@kivikakk.ee>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-12 17:44:55 -04:00
Asherah Connor
5c935eb6f7 terminal: correct stdio_dev invocations
stdio_dev methods have taken a pointer to themselves since 709ea543
(nearly 7 years ago).

Signed-off-by: Asherah Connor <ashe@kivikakk.ee>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-12 17:44:55 -04:00
Heiko Schocher
05a0776ed5 rtc: add support for rv3028 rtc
Add support for rtc3028 rtc from microcrystal.
based on linux dirver:
commit a38fd8748464: ("Linux 5.12-rc2")

Signed-off-by: Heiko Schocher <hs@denx.de>

Reviewed-by: Stefan Roese <sr@denx.de>
2021-04-12 17:44:55 -04:00
Etienne Carriere
3dfd739370 test: scmi: add local variables for scmi agent reference
Add local variables agent0/agent1 to refer to SCMI sandbox context
agent and ease readability of the test.

For consistency, rename regul_dev to regul0_dev and remove sandbox_voltd
in dm_test_scmi_voltage_domains().

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-12 17:17:11 -04:00
Etienne Carriere
c3bba708da firmware: scmi: fix inline comments and minor coding style issues
Fix inline comments and empty line in scmi driver and test files.

Remove test on IS_ENABLED(CONFIG_*_SCMI) in test/dm/scmi.c since these
configuration are expected enabled when CONFIG_FIRMWARE_SCMI is enabled
in sandbox configuration.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
2021-04-12 17:17:11 -04:00
Etienne Carriere
0124218b8b firmware: scmi: sandbox test for voltage regulator
Implement sandbox regulator devices for SCMI voltage domains
and test them in DM scmi tests.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
2021-04-12 17:17:11 -04:00
Etienne Carriere
1f213ee4db firmware: scmi: voltage regulator
Implement voltage regulators interfaced by the SCMI voltage domain
protocol. The DT bindings are defined in the Linux kernel since
SCMI voltage domain and regulators patches [1] and [2] integration
in v5.11-rc7.

Link: [1] 0f80fcec08
Link: [2] 2add5cacff
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
2021-04-12 17:17:11 -04:00
Stefan Herbrechtsmeier
d46933839f disk: gpt: verify alternate LBA points to last usable LBA
The gpt command require the GPT backup header at the standard location
at the end of the device. Check the alternate LBA value before reading
the GPT backup header from the last usable LBA of the device.

Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-12 17:17:11 -04:00
Sean Anderson
b935d19066 cmd: xtrace: Convert to bool
This variable is a boolean, not a string.

Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-12 17:17:11 -04:00
Phil Sutter
a62de442e4 pci: Mark 64bit Memory BARs as such
Just a bit more info to the reader.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-04-12 17:17:11 -04:00
Sean Anderson
9539f71675 hush: Fix assignments being misinterpreted as commands
If there were no variable substitutions in a command, then initial
assignments would be misinterpreted as commands, instead of being skipped
over. This is demonstrated by the following example:

	=> foo=bar echo baz
	Unknown command 'foo=bar' - try 'help'

Signed-off-by: Sean Anderson <seanga2@gmail.com>
2021-04-12 17:17:11 -04:00
Farhan Ali
c146de4872 mtd: Update fail_addr when erase fails due to bad blocks
For all other erase failures, the fail_addr is updated with the
failing address. Only in the case of erase failure due to bad block
detection, the fail_addr is not updated. This change simply updates
the fail_addr for this specific scenario so that it is consistent with
the rest of the code.

Signed-off-by: Farhan Ali <farhan.ali@broadcom.com>
2021-04-12 17:17:11 -04:00