Commit graph

64053 commits

Author SHA1 Message Date
AKASHI Takahiro
7254ebed0f efi_loader, pytest: add UEFI secure boot tests (image)
Provide test cases for
 * image authentication for signed images
   (test_efi_secboot/test_signed.py)
 * image authentication for unsigned images
   (test_efi_secboot/test_unsigned.py)

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:47 +02:00
AKASHI Takahiro
a9d5666d0a efi_loader, pytest: add UEFI secure boot tests (authenticated variables)
Provide a couple of test cases for variable authentication.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:47 +02:00
AKASHI Takahiro
fe6ca4d5d2 efi_loader, pytest: set up secure boot environment
A fixture for UEFI secure boot tests (image authentication and variable
authentication) is defined. A small file system with test data in a single
partition formatted in fat is created.

This test requires efitools v1.5.2 or later. If the system's efitools
is older, you have to build it on your own and define EFITOOLS_PATH.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:47 +02:00
AKASHI Takahiro
525fc06744 cmd: efidebug: add "test bootmgr" sub-command
This sub-command will be used to test image authentication,
in particular, a case where efi_load_image() failed with
EFI_SECURITY_VIOLATION but we still want to try efi_start_image().
We won't run such a case under normal bootmgr because it simply
refuses to call efi_start_image() if anything but EFI_SUCCESS
is returned when loading an image.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:47 +02:00
AKASHI Takahiro
e50e2878b2 cmd: env: add "-at" option to "env set -e" command
With "-at" option, EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
will be passed to SetVariable() to authenticate the variable.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:47 +02:00
AKASHI Takahiro
f757d04598 cmd: env: use appropriate guid for authenticated UEFI variable
A signature database variable is associated with a specific guid.
For convenience, if user doesn't supply any guid info, "env set|print -e"
should complement it.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:47 +02:00
AKASHI Takahiro
d0f07949cc efi_loader: set up secure boot
The following variable is exported as UEFI specification defines:
SignatureSupport: array of GUIDs representing the type of signatures
                      supported by the platform firmware

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
AKASHI Takahiro
4540dabdca efi_loader: image_loader: support image authentication
With this commit, image validation can be enforced, as UEFI specification
section 32.5 describes, if CONFIG_EFI_SECURE_BOOT is enabled.

Currently we support
* authentication based on db and dbx,
  so dbx-validated image will always be rejected.
* following signature types:
    EFI_CERT_SHA256_GUID (SHA256 digest for unsigned images)
    EFI_CERT_X509_GUID (x509 certificate for signed images)
Timestamp-based certificate revocation is not supported here.

Internally, authentication data is stored in one of certificates tables
of PE image (See efi_image_parse()) and will be verified by
efi_image_authenticate() before loading a given image.

It seems that UEFI specification defines the verification process
in a bit ambiguous way. I tried to implement it as closely to as
EDK2 does.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
AKASHI Takahiro
8353516f4a efi_loader: variable: add VendorKeys variable
The following variable is exported as UEFI specification defines:
VendorKeys: whether the system is configured to use only vendor-provided
	    keys or not
The value will have to be modified if a platform has its own way of
initializing signature database, in particular, PK.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
AKASHI Takahiro
434ffb6422 efi_loader: variable: add secure boot state transition
UEFI specification defines several global variables which are related to
the current secure boot state. In this commit, those values will be
maintained according to operations. Currently, AuditMode and DeployedMode
are defined but not implemented.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
AKASHI Takahiro
767f6eeb01 efi_loader: variable: support variable authentication
With this commit, EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
is supported for authenticated variables and the system secure state
will transfer between setup mode and user mode as UEFI specification
section 32.3 describes.

Internally, authentication data is stored as part of authenticated
variable's value. It is nothing but a pkcs7 message (but we need some
wrapper, see efi_variable_parse_signature()) and will be validated by
efi_variable_authenticate(), hence efi_signature_verify_with_db().

Associated time value will be encoded in "{...,time=...}" along with
other UEFI variable's attributes.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
AKASHI Takahiro
be6296d05b efi_loader: add signature database parser
efi_signature_parse_sigdb() is a helper function will be used to parse
signature database variable and instantiate a signature store structure
in later patches.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
AKASHI Takahiro
593e17d673 efi_loader: add signature verification functions
In this commit, implemented are a couple of helper functions which will be
used to materialize variable authentication as well as image authentication
in later patches.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
AKASHI Takahiro
9bf09b5120 efi_loader: add CONFIG_EFI_SECURE_BOOT config option
Under this configuration, UEFI secure boot support will be added
in later patches.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-04-16 08:12:46 +02:00
Heinrich Schuchardt
17e1174085 drivers: crypto: rsa_mod_exp: avoid DM_FLAG_PRE_RELOC
Function rsa_verify_key() is not called before relocation. So there is no
need to load the UCLASS_MOD_EXP drivers before relocation.

This avoid a failure to boot for pine64-lts_defconfig with CONFIG_RSA=y.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-16 08:12:32 +02:00
Heinrich Schuchardt
540faca8a1 efi_loader: function descriptions efi_watchdog.c
Correct function descriptions in efi_watchdog.c.
Add the descriptions to the generated HTML documentation.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-16 08:10:02 +02:00
Heinrich Schuchardt
55976b7fae efi_loader: add missing doc comments in efi_disk.c
Add missing descriptions for functions in efi_disk.c.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-16 08:10:01 +02:00
Heinrich Schuchardt
76956556fc efi_loader: function descriptions efi_unicode_collation.c
Correct function descriptions in efi_unicode_collation.c
Add the Unicode collation protocol to the generated HTML documentation.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-16 08:10:01 +02:00
Peter Robinson
bdf329e4a3 efi_loader: enable RNG if DM_RNG is enabled
Enable EFI_RNG_PROTOCOL by default if DM_RNG is set.

Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Acked-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Remove superfluous 'if DM_RNG'
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-16 08:10:01 +02:00
Tom Rini
9cb3ce2558 Merge branch 'master' of git://git.denx.de/u-boot-marvell
- Common: honour hw_margin_ms property (Rasmus)
- sp805_wdt: get platform clock from dt (Rayagonda)
2020-04-15 08:30:16 -04:00
Rayagonda Kokatanur
19a159f94a watchdog: sp805_wdt: get platform clock from dt file
Get the watchdog platform clock from the DTS file
using clk subsystem and use the same for calculating
ticks in msec.

Signed-off-by: Rayagonda Kokatanur <rayagonda.kokatanur@broadcom.com>
Signed-off-by: Bharat Kumar Reddy Gooty <bharat.gooty@broadcom.com>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-15 08:54:07 +02:00
Rasmus Villemoes
40d7f3c8d1 watchdog: honour hw_margin_ms DT property
Some watchdog devices, e.g. external gpio-triggered ones, must be
reset more often than once per second, which means that the current
rate-limiting logic in watchdog_reset() fails to keep the board alive.

gpio-wdt.txt in the linux source tree defines a "hw_margin_ms"
property used to specifiy the maximum time allowed between resetting
the device. Allow any watchdog device to specify such a property, and
then use a reset period of one quarter of that. We keep the current
default of resetting once every 1000ms.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-15 08:54:00 +02:00
Rasmus Villemoes
b4d9452c44 watchdog: move initr_watchdog() to wdt-uclass.c
This function is a bit large for an inline function, and for U-Boot
proper, it is called via a function pointer anyway (in board_r.c), so
cannot be inlined.

It will shortly set a global variable to be used by the
watchdog_reset() function in wdt-uclass.c, so this also allows making
that variable local to wdt-uclass.c.

The WATCHDOG_TIMEOUT_SECS define is not used elsewhere.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-15 08:53:55 +02:00
Rasmus Villemoes
21a0bf7f46 watchdog: remove stale ifndef CONFIG_WATCHDOG_TIMEOUT_MSECS from wdt.h
Since WATCHDOG_TIMEOUT_MSECS was converted to Kconfig (commit
ca51ef7c0c), CONFIG_WATCHDOG_TIMEOUT_MSECS has been guaranteed to be
defined. So remove the dead fallback ifdeffery.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-15 08:53:49 +02:00
Tom Rini
142a07f2a4 Merge branch 'master' of git://git.denx.de/u-boot-marvell
- Misc enhancements to Clearfog, including board variant detection
  (Joel)
- Misc enhancements to Turris Mox, including generalization of the
  ARMADA37xx DDR size detection (Marek)
2020-04-14 08:47:07 -04:00
Marek Behún
c64ac3b318 arm: mvebu: turris_mox: fix PCIe ranges in device tree
Use the new a3700_fdt_fix_pcie_regions function in turris_mox.c so that
MOX boards with 4 GB RAM are fully supported.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-14 13:16:42 +02:00
Marek Behún
cb2ddb291e arm64: mvebu: a37xx: add device-tree fixer for PCIe regions
In case when ARM Trusted Firmware changes the default address of PCIe
regions (which can be done for devices with 4 GB RAM to maximize the
amount of RAM the device can use) we add code that looks at how ATF
changed the PCIe windows in the CPU Address Decoder and changes given
device-tree blob accordingly.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-14 13:16:42 +02:00
Marek Behún
4e9eb04c8d arm: mvebu: turris_mox: support devices with RAM > 1 GB
In order to support MOX boards with 2 GB or 4 GB RAM, we use the new
Armada-3700 generic code for memory information structures. This is done
by removing dram_init and dram_init_banksize from turris_mox.c, in order
for the generic, weak definitions to be used.

Also for boards with 4 GB RAM it is needed to increase
CONFIG_NR_DRAM_BANKS to 2 in turris_mox_defconfig.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-14 13:16:42 +02:00
Marek Behún
a129f64fb0 arm64: mvebu: a37xx: improve code determining memory info structures
Currently on Armada-37xx the mem_map structure is statically defined to
map first 2 GB of memory as RAM region, and system registers and PCIe
region device region.

This is insufficient for when there is more RAM or when for example the
PCIe windows is mapped to another address by the CPU Address Decoder.
In the case when the board has 4 GB RAM, on some boards the ARM Trusted
Firmware can move the PCIe window to another address, in order to
maximize possible usable RAM.

Also the dram_init and dram_init_banksize looks for information in
device-tree, and therefore different device trees are needed for boards
with different RAM sizes.

Therefore we add code that looks at how the ARM Trusted Firmware has
configured the CPU Address Decoder windows, and then we update the
mem_map structure and compute gd->ram_size and gd->bd->bi_dram bank
base addresses and sizes accordingly.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-14 13:16:42 +02:00
Marek Behún
f075b425a7 arm64: mvebu: armada-8k: move dram init code
Move Armada-8k specific DRAM init code into armada-8k specific
directory.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-14 13:16:42 +02:00
Marek Behún
c8a185a823 arm: mvebu: turris_mox: sort headers alphabetically
Sort #includes alphabetically, the only exception is common.h, which is
included first in most parts of U-Boot.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-14 13:16:42 +02:00
Marek Behún
9657841010 arm: mvebu: turris_mox: don't use hardcoded addresses
Use macro MVEBU_REGISTER to access register addresses instead of
hardcoded addresses.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-14 13:16:42 +02:00
Marek Behún
9e4cdbabac arm: mvebu: dts: turris_mox: fix USB3 regulator
Commit e8e9715df2 requires the USB3 regulator node to have the
enable-active-high property for the regulator to work properly. The
GPIO_ACTIVE_HIGH constant is not enough anymore.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Fixes: e8e9715df2 ("regulator: fixed: Modify enable-active-high...")
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-14 13:16:42 +02:00
Marek Behún
2b3f2dd1ce arm: mvebu: turris_mox: Setup Linux's device tree before boot
Patch Linux's device tree according to which Mox modules are connected.
Linux's device tree has all possible Mox module nodes preprogrammed, but
in disabled state.

If MOX B, MOX F or MOX G module is present, this code enables the PCI
node.

For the network modules (MOX C, MOX D and MOX E) are present, the code
enables corresponding ethernet and swtich nodes and DSA connections.
For the SFP cage the SFP GPIO controller node and SFP node are also
enabled.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-14 13:16:42 +02:00
Marek Behún
eddd6f90c9 arm: mvebu: dts: turris_mox: update sdhci properties
With recent changes to the mmc subsystem (chip detect code etc) update
the sdhci node of the Turris Mox device tree.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-14 13:16:42 +02:00
Marek Behún
b80ca8176d arm: mvebu: turris_mox: Fix early SPI communication
The SPI clock signal changes value when the SPI configuration register
is configured. This can sometimes lead to the device misinterpreting
the enablement of the SPI controller as actual clock tick.
This can be solved by first setting the SPI CS1 pin from GPIO to SPI mode,
and only after that writing the SPI configuration register.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-14 13:16:42 +02:00
Joel Johnson
27f48f7dc4 arm: mvebu: clearfog: Use Pro DT by default
Switch to explicitly using the Pro variant DT, which has been
available since Linux 4.11.

Signed-off-by: Joel Johnson <mrjoel@lixil.net>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-14 13:16:42 +02:00
Joel Johnson
c5936cc4f8 arm: mvebu: clearfog: move ENV params to Kconfig
Migrate the values for ENV_SIZE and ENV_OFFSET into board specific
Kconfig defaults so they're more accessible for configuration.

Signed-off-by: Joel Johnson <mrjoel@lixil.net>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-14 13:16:42 +02:00
Joel Johnson
b16d7c3216 arm: mvebu: clearfog: add SPI offsets
Add reasonable default SPI offsets and ENV size when configured to
boot from SPI flash.

Signed-off-by: Joel Johnson <mrjoel@lixil.net>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-14 13:16:42 +02:00
Joel Johnson
8eccd0dda0 arm: mvebu: clearfog: Unify DT selection paths
Unify the location of DT selection into board_late_init instead of
split between detection and static configuration paths.

Signed-off-by: Joel Johnson <mrjoel@lixil.net>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-14 13:16:42 +02:00
Joel Johnson
009d4cfcf2 arm: mvebu: clearfog: Add SATA mode flags
The mPCIe slots on ClearFog Pro and ClearFog Base may be alternately
configured for SATA usage.

Signed-off-by: Joel Johnson <mrjoel@lixil.net>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-14 13:16:42 +02:00
Joel Johnson
8a86308a87 arm: mvebu: clearfog: Add option for 2.5 Gbps SFP
While newer Linux kernels provide autoconfiguration of SFP, provide
an option for setting in U-Boot Kconfig for use prior to booting.

Signed-off-by: Joel Johnson <mrjoel@lixil.net>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-14 13:16:42 +02:00
Joel Johnson
9f205d658d arm: mvebu: clearfog: initial ClearFog Base variant
Add a unique entry for ClearFog Base variant, reflected in the board
name and adjusted SerDes topology.

Signed-off-by: Joel Johnson <mrjoel@lixil.net>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-14 13:16:42 +02:00
Joel Johnson
ee26e8539f arm: mvebu: clearfog: use Pro name by default
Make the board version printed indicate the Pro variant default.
Also adjust static name casing to match what is expected for
EEPROM product name to share string constants.

Signed-off-by: Joel Johnson <mrjoel@lixil.net>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-14 13:16:42 +02:00
Joel Johnson
a8d0aa31bd arm: mvebu: solidrun: remove hardcoded DTS MAC address
Using a consistent hardcoded MAC address from the DTS file causes
issues when using multiple devices on the same network segment.
Instead rely on environment configuration or random generation.

Signed-off-by: Joel Johnson <mrjoel@lixil.net>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-14 13:16:42 +02:00
Joel Johnson
4f7991ee1c arm: mvebu: fix SerDes table alignment
Tested on Solidrun ClearFog Base. Table alignment was:
 | Lane #  | Speed |  Type       |
 --------------------------------
 |   0    |  3   |  SATA0       |
 |   1    |  0   |  SGMII1      |
 |   2    |  3   |  SATA1       |
 |   3    |  5   |  USB3 HOST1  |
 |   4    |  5   |  USB3 HOST0  |
 |   5    |  4   |  SGMII2      |
 --------------------------------

After the change, it's correctly aligned as:
 | Lane # | Speed |  Type       |
 --------------------------------
 |   0    |   3   | SATA0       |
 |   1    |   0   | SGMII1      |
 |   2    |   5   | PCIe1       |
 |   3    |   5   | USB3 HOST1  |
 |   4    |   5   | PCIe2       |
 |   5    |   0   | SGMII2      |
 --------------------------------

Signed-off-by: Joel Johnson <mrjoel@lixil.net>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-14 13:16:42 +02:00
Joel Johnson
cecf38a755 arm: mvebu: clearfog: support multiple SATA boot
Enable distro bootcmd support for additional SATA ports if enabled.

Signed-off-by: Joel Johnson <mrjoel@lixil.net>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-14 13:16:42 +02:00
Joel Johnson
bd02fd29f9 arm: mvebu: clearfog: add SCSI to distro bootcmd
Include attempting to boot from SCSI (SATA) devices within generated
board distro bootcmd environment. The reasoning for boot ordering is
that MMC and USB are external and removable, while when a case is in
use, replacing M.2 or mSATA drives requires disassembly. Therefore,
to boot SCSI, [bootable] external media must be removed. If SCSI were
placed before MMC or USB, then removing a bootable SCSI drive to
enable MMC or USB booting would be more difficult.

Signed-off-by: Joel Johnson <mrjoel@lixil.net>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-14 13:16:42 +02:00
Chris Packham
ad91fdfff0 arm: mvebu: update RTC values for PCIe memory wrappers
Update the RTC (Read Timing Control) values for PCIe memory wrappers
following an ERRATA (ERRATA# TDB). This means the PCIe accesses will
used slower memory Read Timing, to allow more efficient energy
consumption, in order to lower the minimum VDD of the memory.  Will lead
to more robust memory when voltage drop occurs (VDDSEG)

The code is based on changes from Marvell's U-Boot, specifically:

20cd270407
eb608a7c8d
c4af19ae2b

Signed-off-by: Chris Packham <chris.packham@alliedtelesis.co.nz>
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-14 13:16:42 +02:00
Josua Mayer
201a500dec arm: mvebu: clearfog: add scsi target to distro-boot
Support for sata devices via the scsi command is available and already
enabled by default for the Clearfog Base and Pro. This change adds scsi
to the list of boot targets used by distro-boot.

Signed-off-by: Josua Mayer <josua@solid-run.com>
Cc: Stefan Roese <sr@denx.de>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-14 13:16:42 +02:00