Add support for stack protector for UBOOT, SPL, and TPL
as well as new pytest for stackprotector
Signed-off-by: Joel Peshkin <joel.peshkin@broadcom.com>
Adjust UEFI build flags.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We move qfw into its own uclass and split the PIO functions into a
specific driver for that uclass. The PIO driver is selected in the
qemu-x86 board config (this covers x86 and x86_64).
include/qfw.h is cleaned up and documentation added.
Signed-off-by: Asherah Connor <ashe@kivikakk.ee>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
This Trusted Application allows enabling SCP03 as well as provisioning
the keys on TEE controlled secure element (ie, NXP SE050).
All the information flowing on buses (ie I2C) between the processor
and the secure element must be encrypted. Secure elements are
pre-provisioned with a set of keys known to the user so that the
secure channel protocol (encryption) can be enforced on the first
boot. This situation is however unsafe since the keys are publically
available.
For example, in the case of the NXP SE050, these keys would be
available in the OP-TEE source tree [2] and of course in the
documentation corresponding to the part.
To address that, users are required to rotate/provision those keys
(ie, generate new keys and write them in the secure element's
persistent memory).
For information on SCP03, check the Global Platform HomePage and
google for that term [1]
[1] globalplatform.org
[2] https://github.com/OP-TEE/optee_os/
check:
core/drivers/crypto/se050/adaptors/utils/scp_config.c
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Simon Glass <sjg@chromium.org>
obj-$(CONFIG_$(SPL_TPL_)YMODEM_SUPPORT) += xyzModem.o is there,
no need obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The main purpose of this patch is to separate a generic interface for
updating firmware using DFU drivers from "auto-update" via tftp.
This function will also be used in implementing UEFI capsule update
in a later commit.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
My goal is to sync lib/libfdt/ with scripts/dtc/libfdt/, that is,
make lib/libfdt/ contain only wrapper files.
fdt_region.c was written only for U-Boot to implement the verified
boot. So, this belongs to the same group as common/fdt_support.c,
which is a collection of U-Boot own fdt helpers.
Move lib/libfdt/fdt_region.c to common/fdt_region.c . This is
necessary only when CONFIG_(SPL_TPL_)_FIT_SIGNATURE is enabled.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Do not build image_sign_info helper functions in SPL if not needed.
Fixes: b983cc2da0 ("lib: rsa: decouple rsa from FIT image verification")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
Provide a log driver that broadcasts RFC 3164 messages to syslog servers.
rsyslog is one implementation of such a server.
The messages are sent to the local broadcast address 255.255.255.255 on
port 514.
The environment variable log_hostname can be used to provide the HOSTNAME
field for the messages. The optional TIMESTAMP field of RFC 3164 is not
provided.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building
RSA functions from FIT verification and allow for adding a RSA-based
signature verification for other file formats, in particular PE file
for UEFI secure boot.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Android Boot Image v2 adds "DTB" payload (and corresponding field in the
image header). Provide functions for its handling:
- android_image_get_dtb_by_index(): Obtain DTB blob from "DTB" part of
boot image, by blob's index
- android_image_print_dtb_contents(): Iterate over all DTB blobs in
"DTB" part of boot image and print those blobs info
"DTB" payload might be in one of the following formats:
1. concatenated DTB blobs
2. Android DTBO format
The latter requires "android-image-dt.c" functionality, so this commit
selects that file for building for CONFIG_ANDROID_BOOT_IMAGE option.
Right now this new functionality isn't used, but it can be used further.
As it's required to apply some specific dtbo blob(s) from "dtbo"
partition, we can't automate this process inside of "bootm" command. But
we can do next:
- come up with some new command like "abootimg" to extract dtb blob
from boot image (using functions from this patch)
- extract desired dtbo blobs from "dtbo" partition using "adtimg"
command
- merge dtbo blobs into dtb blob using "fdt apply" command
- pass resulting dtb blob into bootm command in order to boot the
Android kernel with Android ramdisk from boot image
Signed-off-by: Sam Protsenko <joe.skb7@gmail.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
This commit add the support of encrypting image with aes
in mkimage. To enable the ciphering, a node cipher with
a reference to a key and IV (Initialization Vector) must
be added to the its file. Then mkimage add the encrypted
image to the FIT and add the key and IV to the u-boot
device tree.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Rename the existing 'dtimg' command to 'adtimg', in order to:
- Suggest the Android origins and scope
- Be consistent with the upcoming 'abootimg' command (naming
suggested by Simon [*])
The change in _not_ backward compatible, but its benefits outweigh its
downsides, given that we don't expect active users of 'dtimg' today.
Perform the rename in several steps:
1. Rename *.c file and Kconfig symbol. This should allow
'git log --follow' to properly track the history of 'adtimg.c'
2. 's/dtimg/adtimg/g' in the internal namespace of 'adtimg.c'
ELF comparison [**] before and after shows no functional change.
[*] https://patchwork.ozlabs.org/patch/1182212/#2291600
[**] diff -u <(objdump -d cmd/dtimg.o) <(objdump -d cmd/adtimg.o)
Cc: Tom Rini <trini@konsulko.com>
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Reviewed-by: Simon Glass<sjg@chromium.org>
Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org>
This patch determines the A/B-specific bootloader message structure
that is the basis for implementation of recovery and A/B update
functions. A/B metadata is stored in this structure and used to decide
which slot should we use to boot the device. Also some basic functions
for A/B metadata manipulation are implemented (like slot selection).
The patch was extracted from commits [1], [2] with some coding style
fixes.
[1] https://android-review.googlesource.com/c/platform/external/u-boot/+/729878/2
[2] https://android-review.googlesource.com/c/platform/external/u-boot/+/729880/2
Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
This debug mode is used by CubeMX DDR tuning tools
or manualy for tests during board bring-up.
It is simple console used to change DDR parameters and check
initialization.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Since there is the SPL_USB_HOST_SUPPORT for enabling USB support in SPL,
makes more sense to rename the SPL_USB_SUPPORT as SPL_USB_STORAGE.
Everything that is not part of the usb storage support in SPL is now
build under SPL_USB_HOST_SUPPORT.
Signed-off-by: Abel Vesa <abel.vesa@nxp.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
CLI support with the HUSH parser is not currently SPL safe due to it's
use of realloc. That function is not defined for SPLs that use
SYS_MALLOC_SIMPLE. CLI support can be built in to SPL and some functions
do work, but use of some like run_command() will cause build to fail.
When no SPL code calls this function build works as the compiler removes
this unreachable code so the unresolved symbols are ignored.
If DFU support is enabled in SPL then MMU DFU support may get brought in
also, this code does make a call to run_command() causing build to fail
if the HUSH parser is not built-in. To break this odd and unneeded
dependency chain we use CONFIG_IS_ENABLED where appropriate to prevent
calls into HUSH code from SPL. This also removes our need to pull in the
rather unrelated source file when SPL_DFU is defined.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
The symbol CONFIG_SPL_DFU_SUPPORT in SPL build has the same
meaning as CONFIG_DFU in regular U-Boot. Drop the _SUPPORT
to allow for cleaner use in code.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Acked-by: Lukasz Majewski <lukma@denx.de>
Enable DM for USB peripheral in the musb-new driver.
Also make sure that the driver can be used in the SPL.
This implies that:
* the driver must work with and without the OF_CONTROL option. That
in turn, implies that the platform data can be passed in a struct
ti_musb_platdata or be read from the dtb
* usb.o is linked in the SPL if host support is enabled
Another change is that the driver does not fail to bind (and stop the boot
process) if one of the child driver does not bind. Reporting the error is
enough. This kind of error would appear if the port is configured in the
DTS but the driver is not activated in the config.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Common USB code is built whenever USB is enabled (in non-SPL builds).
The USB uclass is built whenever (SPL_)DM_USB is enabled. Both need to
be independent from CMD_USB.
Signed-off-by: Sven Schwermer <sven@svenschwermer.de>
At present there is no standard way in U-Boot to pass information from SPL
to U-Boot proper. But sometimes SPL wants to convey information to U-Boot
that U-Boot cannot easily figure out. For example, if SPL sets up SDRAM
then it might want to pass the size of SDRAM, or the location of each
bank, to U-Boot proper.
Add a new 'bloblist' feature which provides this. A bloblist is set up in
the first phase of U-Boot that runs (i.e. TPL or SPL). The location of
this info may be in SRAM or CAR (x86 cache-as-RAM) or somewhere else.
Information placed in this region is preserved (with a checksum) through
TPL and SPL and ends up in U-Boot. At this point it is copied into SDRAM
so it can be used after relocation.
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Andreas Dannenberg <dannenberg@ti.com>
It is sometimes useful to log information in SPL and TPL. Add support for
this.
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
At present these features are supported in SPL but not TPL. Update the
Kconfig and Makefile to allow this.
Also add a few Makefile comments to make earier to track what is going on.
Signed-off-by: Simon Glass <sjg@chromium.org>
dtimg command allows user to work with Android DTB/DTBO image format.
Such as, getting the address of desired DTB/DTBO file, printing the dump
of the image in U-Boot shell, etc.
This command is needed to provide Android boot with new Android DT image
format further.
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
1. Since libavb library alone is highly portable, introduce dedicated
Kconfig symbol for AVB bootloader-dependent operations, so it's possible
to build libavb separately. AVB bootloader-dependent operations include:
* Helpers to process strings in order to build OS bootargs.
* Helpers to access MMC, similar to drivers/fastboot/fb_mmc.c.
* Helpers to alloc/init/free avb ops.
2. Add CONFIG_FASTBOOT dependency, as fastboot buffer is
re-used in partition verification operations.
Reported-by: Eugeniu Rosca <rosca.eugeniu@gmail.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Reviewed-by: Eugeniu Rosca <rosca.eugeniu@gmail.com>
Tested-by: Eugeniu Rosca <rosca.eugeniu@gmail.com>
Implement AVB ops on top of existing mmc subsystem API. Currently there
is a full implementation of such operations, defined by [1]
AVB2.0 specification:
.read_from_partition() - reads N bytes from a partition identified by
a name.
.write_to_partition() - Writes N bytes to a partition identified by a name.
.validate_vbmeta_public_key() - checks if the given public ‘vbmeta’
partition is trusted.
.get_unique_guid_for_partition() - Gets the GUID for a partition identified
by a string name.
As [1] specification recommends to use tamper-evident storage for storing
rollback indexes and device state (LOCKED/UNLOCKED),
currently are only stubs instead of full implementation for these ops:
.read_rollback_index() - Gets the rollback index for a given index location
.write_rollback_index() - Sets the rollback index to a given location
.read_is_device_unlocked() - Gets where the device is unlocked
[1] https://android.googlesource.com/platform/external/avb/+/master/README.md
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Introduce CONFIG_IMAGE_SPARSE and CONFIG_CMD_MMC_SWRITE so the "mmc
swrite" command is separated from the fastboot code.
Move image-sparse from common to lib so it's clear it's library code.
Rename CONFIG_FASTBOOT_FLASH_FILLBUF_SIZE to CONFIG_IMAGE_SPARSE_FILLBUF_SIZE
and migrate it to Kconfig.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Acked-by: Jassi Brar <jaswinder.singh@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Separate CMD_FASTBOOT from FASTBOOT and move code and configuration to
drivers/fastboot.
Switch dependencies on FASTBOOT to USB_FUNCTION_FASTBOOT as anyone who wants
FASTBOOT before this series wants USB_FUNCTION_FASTBOOT. Split
USB_FUNCTION_FASTBOOT from FASTBOOT so they retain their existing
behaviour.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.
In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.
This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.
Signed-off-by: Tom Rini <trini@konsulko.com>
Do the following to make the symbol names less confusing.
sed -i "s/\([TU][^_]\+\)_FUNCTION_DFU/DFU_OVER_\1/g" \
`git grep _FUNCTION_DFU | cut -d ":" -f 1 | sort -u`
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Lukasz Majewski <lukma@denx.de>
Clean up the screaming mess of configuration options that DFU is.
It was impossible to configure DFU such that TFTP is enabled and
USB is not, this patch fixes that and assures that DFU TFTP and
DFU USB can be enabled separatelly and that the correct pieces
of code are compiled in.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Lukasz Majewski <lukma@denx.de>
It is useful to display log messages on the console. Add a simple driver
to handle this.
Note that this driver outputs to the console, which may be serial or
video. It does not specifically select serial output.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
CONFIG_FIT_EMBED might be confused with CONFIG_OF_EMBED, rename it
MULTI_DTB_FIT as it is able to get a DTB from a FIT image containing
multiple DTBs. Also move the option to the Kconfig dedicated to the DTS
options and create a README for this feature.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
For timing our bootstages on the RK3368, which has a minimal TPL
(and where we consequently don't want to time the bootstages) and a
full-featured SPL (where we can bootstage recording), we need to
adjust the Makefile.
Use the $(SPL_TPL_) macro in the Makefile for bootstage.o
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
About a quarter of the files in common/ relate to the environment. It
seems better to put these into their own subdirectory and remove the
prefix.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
To allow for a finer-grained control of features for TPL and SPL
builds all modules/boot-methods/etc. need to be consistently selected
based on the $(SPL_TPL_) macros.
This allows splitting the associated config-options in Kconfig: we
don't split the Kconfig options here and now, as this should happen on
an as-needed basis, whenever someone needs a feature/boot-method/etc.
in their TPL.
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Some platforms have very limited SRAM to run SPL code, so there may
not be the same amount space for a malloc pool before relocation in
the SPL stage as the normal U-Boot stage.
Make SPL and (the full) U-Boot stage use independent SYS_MALLOC_F_LEN,
so the size of pre-relocation malloc pool can be configured memory
space independently.
Signed-off-by: Andy Yan <andy.yan@rock-chips.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Acked-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
[fixed up commit-message:]
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
At present we have the SCSI drivers in the drivers/block and common/
directories. It is better to split them out into their own place. Use
drivers/scsi which is what Linux does.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
At present we have the SATA and PATA drivers mixed up in the drivers/block
directory. It is better to split them out into their own place. Use
drivers/ata which is what Linux does.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
At present CONFIG_CMD_SATA enables the 'sata' command which also brings
in SATA support. Some boards may wish to enable SATA without the command.
Add a separate CONFIG to permit this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Some platforms may append a FIT image to the U-boot image. This function
aids in parsing the FIT image and selecting the correct DTB at runtime.
Signed-off-by: Franklin S Cooper Jr <fcooper@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Some of the functions within spl_fit will be used for non spl purposes.
Instead of duplicating functions simply break the functions to be reused
into its own file.
Signed-off-by: Franklin S Cooper Jr <fcooper@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: Only add the new define to image.h, otherwise we see breakage
due to massive include leakage into host tools in some cases]
Signed-off-by: Tom Rini <trini@konsulko.com>
At present bootstage only supports U-Boot proper. But SPL can also consume
boot time so it is useful to have the record start there.
Add bootstage support to SPL. Also support stashing the timing information
when SPL finishes so that it can be picked up and reported by U-Boot
proper. This provides a full boot time record, excluding only the time
taken by the boot ROM.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present IDE support is controlled by CONFIG_CMD_IDE. Add a separate
CONFIG_IDE option so that IDE support can be enabled without requiring
the 'ide' command.
Update existing users and move the ide driver into drivers/block since
it should not be in common/.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present CONFIG_CMD_HASH enables the 'hash' command which also brings
in the hashing API. Some boards may wish to enable the API without the
command. Add a separate CONFIG to permit this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
With gcc-6 and later we may get a warning such as:
.../common/cli_readline.c:20:21: warning: ‘tab_seq’ defined but not used [-Wunused-const-variable=]
static const char tab_seq[] = " "; /* used to expand TABs */
^~~~~~~
.../common/cli_readline.c:19:19: warning: ‘erase_seq’ defined but not used [-Wunused-const-variable=]
static const char erase_seq[] = "\b \b"; /* erase sequence */
^~~~~~~~~
Because in SPL we're normally not doing interactive commands anyhow, so
lets just not compile this at all in SPL. This also means that we need
to correct the logic (and comment) about what the drivers/ddr/fsl/ and
CONFIG_FSL_DDR_INTERACTIVE requires and this will be included in SPL
there.
Signed-off-by: Tom Rini <trini@konsulko.com>
Adding support for fdt fixup to update the
memory node in device tree for falcon boot.
This is needed for single stage or falcon
bootmode, to pass memory configuration to
kernel through DT memory node.
Signed-off-by: Ravi Babu <ravibabu@ti.com>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
The whole of common/flash.c is guarded by #if defined() ... #endif.
Move the conditional to common/Makefile.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>