This patch adds support for verifying a signed boot.scr. With this in place
it's possible for run-time Linux to update boot.scr to set different
variables such as switching between different boot partitions, pointing to
different kernels etc and for u-boot to verify these changes via the HAB
prior to executing the commands contained in boot.scr.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
This patch introduces the environment variable ivt_offset. When we define a
load address for Linux or DTB or any file the IVT associated with that file
is prepended. We extract the actual load addresses from u-boot.cfg and feed
these values into the code-signing process - hence we want u-boot to have
the real load addresses exported in uboot.cfg.
ivt_offset represents the addition or subtraction from the load address
that must happen to find an IVT header.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Doing secure boot on the WaRP7 using a common image format and the same
variable to represent the base address for each call means we can reduce
down the command to a single environment command.
This patch adds warp7_auth_or_fail as a wrapper around
"hab_auth_img_or_fail ${hab_ivt_addr} ${filesize} 0".
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
We need to know the name of a signed boot-script, its better to have a
separate variable for this then to simply append some fixed string to an
existing image name.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Assigning the UUID discovery path to a tweakable environment variable means
that later steps in the boot process - particularly a boot script can
change the target root partition of a particular Linux boot.
Retargeting the rootfs is an important feature when doing ping/pong
upgrades allowing a boot script to select ping or pong as necessary without
reprogramming the bootloader.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
In order to sign images with the IMX code-signing-tool (CST) we need to
know the load address of a given image. The best way to derive this load
address is to make it into a define - so that u-boot.cfg contains the
address - which we can then parse when generating the IMX CST headers.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: Ryan Harkin <ryan.harkin@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
In order to sign images with the IMX code-signing-tool (CST) we need to
know the load address of a given image. The best way to derive this load
address is to make it into a define - so that u-boot.cfg contains the
address - which we can then parse when generating the IMX CST headers.
This patch makes the OPTEE_LOAD_ADDR available via u-boot.cfg for further
parsing by external tools.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: Ryan Harkin <ryan.harkin@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
This patch adds an environment variable called "hab_enabled" which gets set
to a boolean status indicating whether HAB is enabled or not.
Subsequent patches can use this environment variable to determine if its
necessary to run a given binary through the hab_auth_img console command.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
use the generic filesystem command 'load' rather
than 'fatload' to avoid per-fs specific commands.
Signed-off-by: Pierre-Jean TEXIER <texier.pj2@gmail.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Acked-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
u-boot has a standard "serial#" environment variable that is suitable
for storing the iSerial number we will supply via the USB device
descriptor. serial# is automatically picked up by the disk subsystem in
u-boot - thus providing a handy unique identifier in /dev/disk/by-id as
detailed below.
Storing the hardware serial identifier in serial# means we can change the
serial# if we want before USB enumeration - thus making iSerial automatic
via OTP but overridable if necessary.
This patch reads the defined OTP fuse and sets environment variable
"serial#" to the value read.
With this patch in place the USB mass storage device will appear in
/dev/disk/by-id with a unique name based on the OTP value. For example
/dev/disk/by-id/usb-Linux_UMS_disk_0_WaRP7-0xf42400d3000001d4-0:0
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Rui Miguel Silva <rui.silva@linaro.org>
Cc: Ryan Harkin <ryan.harkin@linaro.org>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
We need to select an interface for the usb_ether gadget, and they haven't
been converted to Kconfig yet. Add a choice to make sure we have an option
selected, and convert all the users.
Reviewed-by: Łukasz Majewski <lukma@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
The USB Ethernet gadget option has not yet been moved to Kconfig, let's
deal with that.
Reviewed-by: Łukasz Majewski <lukma@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
While the USB Ethernet device address is already defined in Kconfig, the
host address isn't. Convert it.
Reviewed-by: Łukasz Majewski <lukma@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
This converts the following to Kconfig:
CONFIG_ENV_IS_IN_MMC
CONFIG_ENV_IS_IN_NAND
CONFIG_ENV_IS_IN_UBI
CONFIG_ENV_IS_NOWHERE
In fact this already exists for sunxi as a 'choice' config. However not
all the choices are available in Kconfig yet so we cannot use that. It
would lead to more than one option being set.
In addition, one purpose of this series is to allow the environment to be
stored in more than one place. So the existing choice is converted to a
normal config allowing each option to be set independently.
There are not many opportunities for Kconfig updates to reduce the size of
this patch. This was tested with
./tools/moveconfig.py -i CONFIG_ENV_IS_IN_MMC
And then manual updates. This is because for CHAIN_OF_TRUST boards they
can only have ENV_IS_NOWHERE set, so we enforce that via Kconfig logic
now.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
With d53ecad92f some unused interrupt related code was removed.
However all of these options are currently unused. Rather than migrate
some of these options to Kconfig we just remove the code in question.
The only related code changes here are that in some cases we use
CONFIG_STACKSIZE in non-IRQ related context. In these cases we rename
and move the value local to the code in question.
Fixes: d53ecad92f ("Merge branch 'master' of git://git.denx.de/u-boot-sunxi")
Signed-off-by: Tom Rini <trini@konsulko.com>
We repeated partial moves for CONFIG_SYS_NO_FLASH, but this is
not completed. Finish this work by the tool.
During this move, let's rename it to CONFIG_MTD_NOR_FLASH.
Actually, we have more instances of "#ifndef CONFIG_SYS_NO_FLASH"
than those of "#ifdef CONFIG_SYS_NO_FLASH". Flipping the logic will
make the code more readable. Besides, negative meaning symbols do
not fit in obj-$(CONFIG_...) style Makefiles.
This commit was created as follows:
[1] Edit "default n" to "default y" in the config entry in
common/Kconfig.
[2] Run "tools/moveconfig.py -y -r HEAD SYS_NO_FLASH"
[3] Rename the instances in defconfigs by the following:
find . -path './configs/*_defconfig' | xargs sed -i \
-e '/CONFIG_SYS_NO_FLASH=y/d' \
-e 's/# CONFIG_SYS_NO_FLASH is not set/CONFIG_MTD_NOR_FLASH=y/'
[4] Change the conditionals by the following:
find . -name '*.[ch]' | xargs sed -i \
-e 's/ifndef CONFIG_SYS_NO_FLASH/ifdef CONFIG_MTD_NOR_FLASH/' \
-e 's/ifdef CONFIG_SYS_NO_FLASH/ifndef CONFIG_MTD_NOR_FLASH/' \
-e 's/!defined(CONFIG_SYS_NO_FLASH)/defined(CONFIG_MTD_NOR_FLASH)/' \
-e 's/defined(CONFIG_SYS_NO_FLASH)/!defined(CONFIG_MTD_NOR_FLASH)/'
[5] Modify the following manually
- Rename the rest of instances
- Remove the description from README
- Create the new Kconfig entry in drivers/mtd/Kconfig
- Remove the old Kconfig entry from common/Kconfig
- Remove the garbage comments from include/configs/*.h
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
We convert CONFIG_PARTITION_UUIDS to Kconfig first. But in order to cleanly
update all of the config files we must also update CMD_PART and CMD_GPT to also
be in Kconfig in order to avoid complex logic elsewhere to update all of the
config files.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay73@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Enable USB gadget ethernet by default to have networking capabilities.
Tested using DHCP and TFTP to transfer kernel, DT, ramdisk.
Cc: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Kevin Hilman <khilman@baylibre.com>
Create a Kconfig entry for DISPLAY_BOARDINFO and make it be the default
in certain architectures. Migrate all config files.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Introduce a hidden USB_FUNCTION_DFU Kconfig option and select it for
CMD_DFU (as we must have the DFU command enabled to do anything DFU).
Make all of the entries in drivers/dfu/Kconfig depend on CMD_DFU and add
options for all of the back end choices that DFU can make use of.
Cc: Lukasz Majewski <l.majewski@samsung.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Acked-by: Lukasz Majewski <l.majewski@samsung.com>
In some cases we were missing CONFIG_USB=y so enable that when needed.
Reviewed-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
warp7 can run different kernel versions, such as NXP 4.1 or mainline.
Currently the rootfs location is passed via mmcblk number and the
problem with this approach is that the mmcblk number for the eMMC
changes depending on the kernel version.
In order to avoid such issue, use UUID method to specify the rootfs
location.
Succesfully tested booting a NXP 4.1 and also a mainline kernel.
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Use imx7s-warp.dts as fdt_file because this is the name that upstream
kernel will deploy.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Acked-by: Fabio Estevam <fabio.estevam@nxp.com>
Currently it's recommended to move some configuration options to the
defconfig file.
Move some USB related options to the defconfig file.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
CONFIG_DISPLAY_BOARDINFO should not be placed in mx7_common
because some boards might need a different config such as
CONFIG_DISPLAY_BOARDINFO_LATE. Move it to the board file
instead.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Currently DFU is not working.
Adjust CONFIG_SYS_MALLOC_LEN and dfu_alt_info so that we are
able to flash u-boot.imx into the eMMC via dfu using the
following method:
=> dfu 0 mmc 0
In the host PC:
dfu-util -D u-boot.imx -a boot
This is the same approach done in the mx6sl warp board.
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
The latest version of warp7 board provides the connection of the
WDOG1_B pin to the PMIC.
Program the watchdog to enable the WDOG1_B output which causes
a POR reset.
Based on the imx7dsabresd code.
Signed-off-by: Marco Franchi <marco.franchi@nxp.com>
Acked-by: Fabio Estevam <fabio.estevam@nxp.com>
move CONFIG_BOOTDELAY into a Kconfig option. Used for this
purpose the moveconfig.py tool in tools.
Signed-off-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Acked-by: Igor Grinberg <grinberg@compulab.co.il>
A number of moveconfig.py runs have left a instances of multiple empty
lines in a row. Correct this to a single empty line.
Signed-off-by: Tom Rini <trini@konsulko.com>
This syncs up the current cmd/Kconfig and include/configs/ files with the
only exception being CMD_NAND. Due to how we have used this historically
we need to take further care here when converting.
Signed-off-by: Tom Rini <trini@konsulko.com>
Having CONFIG_SYS_MALLOC_LEN in mx7_common.h is not a good idea,
because the malloc() pool size is board dependent.
For example: if a certain board has support for splashscreen or DFU,
it may be necessary to adjust CONFIG_SYS_MALLOC_LEN to a larger value.
So define CONFIG_SYS_MALLOC_LEN in each board config file.
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Since commit 5d69269dee ("mx7dsabresd: Define serial port locally")
we need to specify the UART base address in each board config
file, so do this to avoid a build error.
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>