Commit graph

5605 commits

Author SHA1 Message Date
Joel Peshkin
4e9bce1243 Add support for stack-protector
Add support for stack protector for UBOOT, SPL, and TPL
as well as new pytest for stackprotector

Signed-off-by: Joel Peshkin <joel.peshkin@broadcom.com>

Adjust UEFI build flags.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-20 07:31:12 -04:00
Alexandru Gagniuc
58b504e5e1 Revert "spl: Drop bd_info in the data section"
This reverts commit 38d6b7ebda.

struct global_data contains a pointer to the bd_info structure. This
pointer was populated spl_set_bd() to a pre-allocated bd_info in the
".data" section. The referenced commit replaced this mechanism to one
that uses malloc(). That new mechanism is only used if SPL_ALLOC_BD=y.
which very few boards do.

The result is that (struct global_data)->bd is NULL in SPL on most
platforms. This breaks falcon mode, since arch_fixup_fdt() tries to
access (struct global_data)->bd and set the "/memory" node in the
devicetree. The result is that the "/memory" node contains garbage
values, causing linux to panic() as it sets up the page table.

Instead of trying to fix the mess, potentially causing other issues,
revert to the code that worked, while this change is reworked.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-04-19 11:34:01 -04:00
Alexandru Gagniuc
033ac4ebba image-fit: Accept OP-TEE images when booting a FIT
OP-TEE images are normally packaged with
	type = "tee;
	os = "tee";

However, fit_image_load() thinks that is somehow invalid. However if
they were declared as type = "kernel", os = "linux", fit_image_load()
would happily accept them and allow the boot to continue. There is no
technical limitation to excluding "tee".

Allowing "tee" images is useful in a boot flow where OP-TEE is
executed before linux.

In fact, I think it's unintuitive for a "load"ing function to also do
parsing and contain a bunch ad-hoc heuristics that only its caller
might know. But I don't make the rules, I just write fixes. In more
polite terms: refactoring the fit_image API is beyond the scope of
this change.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 16:02:43 -04:00
Alexandru Gagniuc
47b6f7f845 image-fit: Accept IH_TYPE_FIRMWARE in fit_image_load() as valid
Consider the following FIT:

	images {
		whipple {};
	};
	configurations {
		conf-1 {
			firmware = "whipple";
		};
	};

Getting the 'firmware' image with fit_image_load() is not possible, as
it doesn't understand 'firmware =' properties. Although one could pass
IH_TYPE_FIRMWARE for 'image_type', this needs to be converted to a
"firmware" string for FDT lookup -- exactly what this change does.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 16:02:43 -04:00
Alexandru Gagniuc
51d3a8b54f spl: LOAD_FIT_FULL: Support 'kernel' and 'firmware' properties
The 'firmware' property of a config node takes precedence over the
'kernel' property. 'standalone' is deprecated. However, give users a
couple of releases where 'standalone' still works, but warns loudly.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-04-14 16:02:43 -04:00
Alexandru Gagniuc
60138aa87c spl: LOAD_FIT_FULL: Relocate FDT for u-boot payloads
U-Boot expects the FDT to be located right after the _end
linker symbol (see fdtdec.c: board_fdt_blob_setup())

The "basic" LOAD_FIT path is aware of this limitation, and relocates
the FDT at the expected location. Guessing the expected location
probably only works reliably on 32-bit arm, and it feels like a hack.
One proposal would be to pass the FDT address to u-boot
(e.g. using 'r2' on arm platforms).

The variable is named "fdt_hack" to remind future contributors that,
"hey! we should fix the underlying problem". However, that is beyond
the scope of this patch.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-04-14 16:02:43 -04:00
Alexandru Gagniuc
2eaae17bc9 spl: LOAD_FIT_FULL: Do not hard-code os to IH_OS_U_BOOT
The information on the OS should be contained in the FIT, as the
self-explanatory "os" property of a node under /images. Hard-coding
this to U_BOOT might send us down the wrong path later in the boot
process.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-04-14 16:02:43 -04:00
Alexandru Gagniuc
18fd663c63 spl: LOAD_FIT_FULL: Fix selection of the "fdt" node
The correct FDT to use is described by the "fdt" property of the
configuration node. When the fit_unamep argument to fit_image_load()
is "fdt", we get the "/images/fdt" node. This is incorrect, as it
ignores the "fdt" property of the config node, and in most cases,
the "/images/fdt" node doesn't exist.

Use NULL for the 'fit_unamep' argument. With NULL, fit_image_load()
uses the IH_TYPE_FLATDT value to read the config property "fdt",
which points to the correct FDT node(s).

fit_image_load() should probably be split into a function that reads
an image by name, and one that reads an image by config reference. I
don't make those decisions, I just point out the craziness.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Sean Anderson
d442f69399 common: fit: Add weak board_fit_config_name_match
Several architectures had a default board_fit_config_name_match already;
this provides a generic weak version. We default to rejecting all configs.
This will use the FIT's default config, instead of the first config. This
may result in boot failures if there are multiple configurations and the
first config is *not* the default.

Signed-off-by: Sean Anderson <sean.anderson@seco.com>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
df51ae767e Kconfig: Document the limitations of the simple SPL_LOAD_FIT path
The "simple" SPL_LOAD_FIT path is the most compliant with the format
documented in doc/uImage.FIT/source_file_format.txt. The other two
paths to load a FIT are SPL_LOAD_FIT_FULL and the "bootm" command.

Since the Kconfig menu is the most likely place for a new user to see
these options, it seems like the most logical candidate to document
the limitations. This documents the _known_ issues, and is not
intended to be a complete list of all follies.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
35f4f8e6fc spl: fit: Support loading FPGA images from list of "loadables"
Commit 4afc4f37c7 ("doc: FIT image: Clarify format and simplify
syntax") and delegated FPGA images to be added via the list of
"loadables" in lieu of the "fpga" property. Now actually implement
this in code.

Note that the "compatible" property is ignored for the time being, as
implementing "compatible" loading is beyond the scope of this change.
However, "u-boot,fpga-legacy" is accepted without warning.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
d8a395109e spl: fit: Warn if FIT contains "fpga" property in config node
Commit 4afc4f37c7 ("doc: FIT image: Clarify format and simplify
syntax") requires that FPGA images be referenced through the
"loadables" in the config node. This means that "fpga" properties in
config nodes are deprecated.

Given that there are likely FIT images which use "fpga", let's not
break those right away. Print a warning message that such use is
deprecated, and give users a couple of releases to update their

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
55e7a1a435 spl: fit: Move FPGA loading code to separate functions
The FPGA loading code in spl_simple_fit_read() can easily be separated
from the rest of the logic. It is split into two functions instead of
one because spl_fit_upload_fpga() is used in a subsequent patch.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
f0a6ec3656 spl: fit: Don't overwrite previous loadable if "load" is missing
spl_load_fit_image() will try to load an image at the address given
in the "load" property. Absent such property, it uses

	image_info->load_addr

Correct use of this is demonstrated in spl_fit_append_fdt(), which
resets the 'load_addr' before each spl_load_fit_image() call.

On the other hand loading "loadables" loop in spl_load_simple_fit()
completely ignores this. It re-uses the same structure, but doesn't
reset load_addr. If loadable [i] does not have a "load" property, its
load address defaults to load_addr, which still contains the address
of loadable [i - 1].

A simple solution is to treat NULL as an invalid load address. The
caller can set load_addr = 0 to request an abort if the "load"
property is absent.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
ed6c9e0b66 lib: Add support for ECDSA image signing
mkimage supports rsa2048, and rsa4096 signatures. With newer silicon
now supporting hardware-accelerated ECDSA, it makes sense to expand
signing support to elliptic curves.

Implement host-side ECDSA signing and verification with libcrypto.
Device-side implementation of signature verification is beyond the
scope of this patch.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:06:08 -04:00
Alexandru Gagniuc
0bcb28dfb9 lib: Rename rsa-checksum.c to hash-checksum.c
rsa-checksum.c sontains the hash_calculate() implementations. Despite
the "rsa-" file prefix, this function is useful for other algorithms.

To prevent confusion, move this file to lib/, and rename it to
hash-checksum.c, to give it a more "generic" feel.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:06:08 -04:00
Asherah Connor
5b0b43e0e2 x86: qemu: move QFW to its own uclass
We move qfw into its own uclass and split the PIO functions into a
specific driver for that uclass.  The PIO driver is selected in the
qemu-x86 board config (this covers x86 and x86_64).

include/qfw.h is cleaned up and documentation added.

Signed-off-by: Asherah Connor <ashe@kivikakk.ee>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
2021-04-12 17:44:55 -04:00
Sean Anderson
9539f71675 hush: Fix assignments being misinterpreted as commands
If there were no variable substitutions in a command, then initial
assignments would be misinterpreted as commands, instead of being skipped
over. This is demonstrated by the following example:

	=> foo=bar echo baz
	Unknown command 'foo=bar' - try 'help'

Signed-off-by: Sean Anderson <seanga2@gmail.com>
2021-04-12 17:17:11 -04:00
Joel Stanley
a479f103dc hash: Allow for SHA512 hardware implementations
Similar to support for SHA1 and SHA256, allow the use of hardware hashing
engine by enabling the algorithm and setting  CONFIG_SHA_HW_ACCEL /
CONFIG_SHA_PROG_HW_ACCEL.

Signed-off-by: Joel Stanley <joel@jms.id.au>
2021-04-12 17:17:11 -04:00
Patrick Delaunay
a2535243e0 lib: optee: migration optee_copy_fdt_nodes for OF_LIVE support
The optee_copy_fdt_nodes is only used to copy op-tee nodes
of U-Boot device tree (from gd->fdt_blob when OF_LIVE is not activated)
to external device tree but it is not compatible with OF_LIVE.

This patch migrates all used function fdt_ functions to read node on
old_blob to ofnode functions, compatible with OF_LIVE and remove this
parameter "old_blob".

The generated "device tree" is checked on stm32mp platform with OF_LIVE
activated.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-04-12 14:25:31 -04:00
Patrick Delaunay
83064c2706 board_f: cosmetic: change the debug trace to KB in reserve_video
Update the debug trace for the reserved video memory to KB as indicated
in the message with "%luk"; before the patch the computed size
gd->relocaddr - addr is in bytes.

This patch aligns the debug trace in reserve_video() with others
functions, for example on stm32mp157c-dk2:

  - Reserving 3080192k for video at: dfd00000
  + Reserving 3008k for video at: dfd00000
    Reserving 873k for U-Boot at: dfc25000
    Reserving 32776k for malloc() at: ddc23000
    Reserving 72 Bytes for Board Info at: ddc22fb0
    Reserving 280 Bytes for Global Data at: ddc22e90
    Reserving 119072 Bytes for FDT at: ddc05d70
    Reserving 0x278 Bytes for bootstage at: ddc05af0

Fixes: 5630d2fbc5 ("board: Show memory for frame buffers")
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-10 16:53:56 +02:00
Tom Rini
a1e95e3805 u-boot-imx-20210409
-------------------
 
 - Secure Boot :
 	- HAB for MX8M / MX7ULP
 	- CAAM fixes
 - Fixes for imxrt1020
 - Fixes for USDHC driver
 - Fixes for Toradex (Colibri / Apalis)
 - Switch to DM for several boards
 	- mx23 olinuxo
 	- usbarmory
 	- marsboard / riotboard
 	- Gateworks GW Ventana
 - NXP upstream patches (LPDDR / CAAM / HAB)
 
 CI: https://source.denx.de/u-boot/custodians/u-boot-imx/-/pipelines/7089
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQS2TmnA27QKhpKSZe309WXkmmjvpgUCYHA8Xg8cc2JhYmljQGRl
 bnguZGUACgkQ9PVl5Jpo76aVbQCfb0Z+N836ZSAodyLa0t6FSHgKqfYAnRdrWQAv
 MNlGOmmpfHENtE75eSnd
 =g48D
 -----END PGP SIGNATURE-----

Merge tag 'u-boot-imx-20210409' of https://gitlab.denx.de/u-boot/custodians/u-boot-imx

u-boot-imx-20210409
-------------------

- Secure Boot :
	- HAB for MX8M / MX7ULP
	- CAAM fixes
- Fixes for imxrt1020
- Fixes for USDHC driver
- Fixes for Toradex (Colibri / Apalis)
- Switch to DM for several boards
	- mx23 olinuxo
	- usbarmory
	- marsboard / riotboard
	- Gateworks GW Ventana
- NXP upstream patches (LPDDR / CAAM / HAB)

CI: https://source.denx.de/u-boot/custodians/u-boot-imx/-/pipelines/7089
2021-04-09 10:08:52 -04:00
Tim Harvey
aa0032f672 spl: fit: nand: allow for non-page-aligned elements
Add a weak nand_get_mtd function for nand drivers to provide mtd info
and use this to set pagesize such that reading of non page-aligned
elements can succeed.

The spl_load_simple_fit already handles block block access so all we
need to do is provide the nand writesize as the block length.

Further cleanup of the drivers which use nand_spl_loaders.c such as
am335x_spl_bch.c, atmel_nand.c, and nand_spl_simple.c could be done
using info from mtd_info instead of statically defined details.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2021-04-08 20:29:53 +02:00
Tim Harvey
39cb85043c spl: fit: nand: skip bad block handling if NAND chip not fully defined
commit 9f6a14c47f ("spl: fit: nand: fix fit loading in case of bad blocks")
added support for adjusting the image offset to account for bad blocks.
However this requires nand_spl_adjust_offset() which requires fully defined
specifics of the NAND chip being used may not be avialable.

Allow skipping this support for drivers or configs which don't specify
the NAND chip details statically with defines.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2021-04-08 20:29:53 +02:00
Bin Meng
ae2d9506a3 riscv: sifive: Rename fu540 board to unleashed
In preparation to add SiFive Unmatched board support, let's rename
the existing fu540 board to unleashed.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
2021-04-08 15:37:29 +08:00
Tom Rini
2e216be8cf Merge https://source.denx.de/u-boot/custodians/u-boot-usb
- XHCI fixes
2021-04-06 14:11:21 -04:00
Aaron Williams
c1125bad6c usb: hub: Fix usb_get_port_status() for big-endian platforms
Add missing endianness conversions to usb_get_port_status(). This
(amongst others) is necessary to enable the use of USB 3 hubs on
big-endian platforms like MIPS Octeon.

Signed-off-by: Aaron Williams <awilliams@marvell.com>
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Chandrakala Chavva <cchavva@marvell.com>
Cc: Bin Meng <bmeng.cn@gmail.com>
Cc: Marek Vasut <marex@denx.de>
2021-04-06 16:38:57 +02:00
Simon Glass
48f45455bf Convert CONFIG_MISC_INIT_F to Kconfig
This converts the following to Kconfig:
   CONFIG_MISC_INIT_F

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-04-06 16:33:19 +12:00
Tom Rini
1057b1be75 Prepare v2021.04-rc5
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmBiRbMACgkQFHw5/5Y0
 tyz0KAv/T8glQGL6L2CYeLuwbs9tndQoaH2YNb3teNUJrqehBleJAQ6ubHP30d87
 rHrokJ4Zu3TC15sACrK4GOMvsAVkeCuU/jIqFJA4ieDZr8g7yfUMOZMsDiIFdd36
 Rdmi71Jtek/csyS5BfcUUYoXVbUCGQ8yAx7z0VrK0sqsqZYYJNwPmqgkR8U2ulNb
 FiLxwamFwH7+bsvcvHajO1dOyko0zR7GTisf/fOgmlHuF3BldqG4SDcNd528uEWb
 r3fXs2Ut6IaC/beCnmKUPVG3ZjdPtb+T230rRRhUOfjTwqR7SzXp5bTyzdgyw3gU
 rOgfi/mAGQPPG2E2fzPz0JCI1irbnkSE2fVJ4epaVUCoHIEsQQdy034aD3qLcHFY
 65ihEpRvCM7s9jfKX8XeIG4rKFB4i60TX5orzdMvx7wV3rxmPE9qQmF9lkD+fEA+
 TPuFtkjGmluSe+xWBVK7+6xuF6rcLEbNXuFWRi3qMSMgH8rtGfeJRonusOGPolwC
 jQ1T7szW
 =UJ/O
 -----END PGP SIGNATURE-----

Merge tag 'v2021.04-rc5' into next

Prepare v2021.04-rc5
2021-03-29 18:00:21 -04:00
Simon Glass
96dedb0da2 sysinfo: Allow showing model info from sysinfo
Some boards may want to show the SKU ID or other information obtained at
runtime. Allow this to come from sysinfo. The board can then provide a
sysinfo driver to provide it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2021-03-27 16:26:48 +13:00
Simon Glass
a8d696275a bootm: Skip command-line substitution if !CONFIG_CMDLINE
When there is no command line, we cannot enable this feature. Add a check
to avoid a build error.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-27 15:04:31 +13:00
Simon Glass
529d5f96cf cpu: Rename SPL_CPU_SUPPORT to SPL_CPU
The _SUPPORT suffix is from an earlier time and interferes with use of
the CONFIG_IS_ENABLED() macro. Rename the option to drop the suffix.

Tidy up the TODO that prompted this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-27 15:04:31 +13:00
Simon Glass
eb26d88d55 bootstage: Warning if space is exhausted
At present bootstage silently ignores new records if it runs out of
space. It is sometimes obvious by looking at the report, but the IDs are
not contiguous, so it is easy to miss.

Aad a message so that action can be taken.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-27 15:04:31 +13:00
Simon Glass
05e3a0d648 spl: Split out bootstage ID into a function
We have two separate places that need to figure out the bootstage ID to
use. Put this code in a function so that the logic is in one place.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-27 15:04:31 +13:00
Simon Glass
e2734d647e sandbox: image: Allow sandbox to load any image
Sandbox is special in that it is used for testing and it does not match
any particular target architecture. Allow it to load an image from any
architecture, so that 'bootm' can be used as needed.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-27 15:04:31 +13:00
Simon Glass
95a5825f31 dm: core: Add an option to support SPL in read-only memory
Some systems (e.g. x86 APL) run SPL from read-only memory. The device
instances created by dtoc are therefore not writeable. To make things work
we would need to copy the devices to read/write memory.

To avoid this, add an option to use a separate runtime struct for devices,
just as is done for drivers. This can be used to hold information that
changes at runtime, avoiding the need for a copy.

Also add a Kconfig option for read-only SPL, which selects this feature.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-26 17:03:09 +13:00
schspa
0453411998 avb: Fix error when partition not found
part_get_info_by_name will return -1 on error, and >0 on success.

Signed-off-by: schspa <schspa@gmail.com>
Cc: Igor Opaniuk <igor.opaniuk@gmail.com>
Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com>
2021-03-17 12:50:19 -04:00
Simon Glass
29cbc4babf image: Avoid -ENODATA in host tools
Unfortunately -ENODATA is not available in OpenBSD. Use -EBADMSG
instead, to indicate a missing timestamp.

Fixes: c5819701a3 image: Adjust the workings of fit_check_format()
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
2021-03-17 12:50:19 -04:00
Tom Rini
22fc991daf Prepare v2021.04-rc4
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmBPhiUACgkQFHw5/5Y0
 tywChgv/RYpdSKrD5s4kCJnImfOwDznESj/CqAQK3Au5zviq7qXRrgxyTKv2e1wM
 W51vUBd0cE1YTACXqbr92wSSyqoTthLqd57KQgVele5uC2dvkqVTSvjPOUwtyIbQ
 BTPkoQnHPn30AILRdPjpEdBGfZhJDDtJFdQopn6h4GjEjPKVH8Wx1Dd+V6SD5f20
 WiksUjgdjMr1AmORY+LdwwJO8FZrGGPYgs8CDtiqxmCSwh3d7kUFFTT+G23BZdo7
 M+81+1uIUaW2Bolds7ZTPrrjr8bPwkWoTqNYhUB4bNPLp72gwnjM1rtU1X3hyiJM
 MdxSBimLHUOYPihfeSYCHSUrJaQFAAEFkuzWfZN1fgoswKEZQIVVVTzT/TomTyqf
 1DIXD+0HpXGKgVLW/Nkpl4D+UFjR865XI4kiuDxddjKI7bGbvDlbZ/k3PNelD7op
 umUswHnC3OTSw/g+A9VH/zf1rMFNLfu++vD7XJtdoWlcsl6x6/6Fh75tuC6K/X0K
 caPmehD3
 =ENym
 -----END PGP SIGNATURE-----

Merge tag 'v2021.04-rc4' into next

Prepare v2021.04-rc4
2021-03-15 12:15:38 -04:00
Jorge Ramirez-Ortiz
166363f2ed common: SCP03 control (enable and provision of keys)
This Trusted Application allows enabling SCP03 as well as provisioning
the keys on TEE controlled secure element (ie, NXP SE050).

All the information flowing on buses (ie I2C) between the processor
and the secure element must be encrypted. Secure elements are
pre-provisioned with a set of keys known to the user so that the
secure channel protocol (encryption) can be enforced on the first
boot. This situation is however unsafe since the keys are publically
available.

For example, in the case of the NXP SE050, these keys would be
available in the OP-TEE source tree [2] and of course in the
documentation corresponding to the part.

To address that, users are required to rotate/provision those keys
(ie, generate new keys and write them in the secure element's
persistent memory).

For information on SCP03, check the Global Platform HomePage and
google for that term [1]
[1] globalplatform.org
[2] https://github.com/OP-TEE/optee_os/
    check:
    core/drivers/crypto/se050/adaptors/utils/scp_config.c

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-03-13 13:14:52 -05:00
Simon Glass
9ad7a6c25c log: Handle line continuation
When multiple log() calls are used which don't end in newline, the
log prefix is prepended multiple times in the same line. This makes the
output look strange.

Fix this by detecting when the previous log record did not end in newline.
In that case, setting a flag.

Drop the unused BUFFSIZE in the test while we are here.

As an example implementation, update log_console to check the flag and
produce the expected output.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-12 17:41:35 -05:00
Simon Glass
79d5983b61 log: Set up a flag byte for log records
At present only a single flag (force_debug) is used in log records. Before
adding more, convert this into a bitfield, so more can be added without
using more space.

To avoid expanding the log_record struct itself (which some drivers may
wish to store in memory) reduce the line-number field to 16 bits. This
provides for up to 64K lines which should be enough for anyone.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-12 17:41:35 -05:00
Simon Glass
891d9e84a7 spl: Convert spl_fit to work with sandbox
At present this casts addresses to pointers so cannot work with sandbox.
Update the code to use map_sysmem() instead.

As part of this change, the existing load_ptr is renamed to src_ptr since
it is not a pointer to load_addr. It is confusing to use a similar name
for something that is not actually related. For the alignment code,
ALIGN() is used instead of open-coded alignment. Add a comment to the line
that casts away a const.

Use a (new) load_ptr variable to access memory at address load_addr.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-12 09:57:31 -05:00
Siew Chin Lim
1bc20897c1 arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)
Vendor Authorized Boot is a security feature for authenticating
the images such as U-Boot, ARM trusted Firmware, Linux kernel,
device tree blob and etc loaded from FIT. After those images are
loaded from FIT, the VAB certificate and signature block appended
at the end of each image are sent to Secure Device Manager (SDM)
for authentication. U-Boot will validate the SHA384 of the image
against the SHA384 hash stored in the VAB certificate before
sending the image to SDM for authentication.

Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Reviewed-by: Ley Foon Tan <ley.foon.tan@intel.com>
2021-03-08 10:59:10 +08:00
Bin Meng
a43b598cc1 common: Move initr_addr_map() to a bit earlier
At present initr_addr_map() is put at a late stage in the
init_sequence_r[] calls. This won't work because lot of
device driver initialization (e.g.: serial port) happens
before it but is lack of the address translation support.

This moves the call to a bit earlier, right after the DM
initialization.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2021-03-05 10:25:43 +05:30
Bin Meng
a932aa3c69 common: fdt_support: Support special case of PCI address in fdt_read_prop()
At present fdt_read_prop() can only handle 1 or 2 cells. It is
called by fdt_read_range() which may be used to read PCI address
from <ranges> for a PCI bus node where the number of PCI address
cell is 3. The <ranges> property is an array of:

  { <child address> <parent address> <size in child address space> }

When trying to read <child address> from a PCI bus node using
fdt_read_prop(), as the codes below:

    /* Read <child address> */
    if (child_addr) {
        r = fdt_read_prop(ranges, ranges_len, cell, child_addr,
                          acells);
        if (r)
            return r;
    }

it will fail, because the PCI child address is made up of 3 cells
but fdt_read_prop() cannot handle it. We advance the cell offset
by 1 so that the <child address> can be correctly read.

This adds the special handling of such case.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2021-03-05 10:25:42 +05:30
Simon Glass
939b04e9cf bootstage: Fix dependency for BOOTSTAGE_RECORD_COUNT
At present these three Kconfigs exist even when bootstage is not enabled.
This is not necessary since bootstage.c is only built if BOOTSTAGE is
enabled.

Make them conditional. Also fix up the overflow message to mention TPL.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-03 19:17:25 -07:00
Simon Glass
185756ec0f bootm: Fix duplicate debugging in bootm_process_cmdline()
These two returns use the same string so are not distinguishable with
LOG_ERROR_RETURN. Fix it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-02 15:53:37 -05:00
Simon Glass
1a9e75bd5d spl: Drop duplicate 'Jumping to U-Boot' message
This is printed twice but we only need one message, since there is very
little processing in between them. Drop the second one, since all branches
of the switch() already have output. Update the U-Boot message to include
the phase being jumped to.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-02 15:53:37 -05:00
Frieder Schrempf
3bbe1a7faf Respect that some compression algos can be enabled separately for SPL
Some compression algorithms currently can be enabled for SPL and
U-Boot proper separately. Therefore take into account USE_HOSTCC
is well as CONFIG_IS_ENABLED() in these cases to prevent compiling these
functions in case of a host tool build.

Signed-off-by: Frieder Schrempf <frieder.schrempf@kontron.de>
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2021-03-01 10:21:36 +01:00