A mix of signatures and hashes in db doesn't always work as intended.
Currently if the digest algorithm is not explicitly set to sha256 we
stop walking the security database and reject the image.
That's problematic in case we find and try to check a signature before
inspecting the sha256 hash. If the image is unsigned we will reject it
even if the digest matches.
Since we no longer reject the image on unknown algorithms add an explicit
check and reject the image if any other hash algorithm apart from sha256
is detected on dbx.
Suggested-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
On RISC-V a new UEFI protocol has been introduced. Support printing
its GUID using %pUs.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
This adds support for new RISCV_EFI_BOOT_PROTOCOL to
communicate the boot hart ID to bootloader/kernel on RISC-V
UEFI platforms.
The specification of the protocol is hosted at:
https://github.com/riscv-non-isa/riscv-uefi
Signed-off-by: Sunil V L <sunilvl@ventanamicro.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Abstract common routines to make the code easily understandable.
No functional change.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
All the error messages should be printed out to stderr.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
unmatched.rst describes booting from SD card or from SPI. But only for
booting from SPI the boot selection settings are described.
Add the missing information.
Fix a typo 'uSD'.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
This change contains update for doc/README.nokia_rx51 documentation file
with information how to load U-Boot image to device RAM without need to
flash it and also how to flash it into OneNAND via 0xFFFF flasher.
Signed-off-by: Pali Rohár <pali@kernel.org>
Since commit 25c5b65178 ("Nokia RX-51: Do not try calling both ext2load
and ext4load") command ext4load is used for all ext2/3/4 fs variants.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
This probably should have been done a while back since it is a core
system. Very few boards remain to be migrated.
Addd a migration deadline for a year out.
Signed-off-by: Simon Glass <sjg@chromium.org>
Coreboot supports U-Boot as a payload and this recently got a bit of a
facelist. Add a test for this.
For now this uses a binary build of coreboot (v4.15). Future work could
potentially build it from source, but we need to figure out the
toolchain problems first, since coreboot uses its own toolchain. It
turns out that this is tricky, because coreboot fails to build with a
vanilla gcc.
This needs some changes to the hooks scripts as well. An example build
is at https://source.denx.de/u-boot/custodians/u-boot-dm/-/jobs/359687
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
With Ethboot support in SPL, network stack requires more BSS area, so
increase BSS max size to 16K
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
ROM supports cpsw_port2 for Ethernet boot and SPL stages continue to
download images on the same port, therefore there is no need to enable
cpsw_port1. Disable the same.
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Add to support rsa 3072 bits algorithm in tools
for image sign at host side and adds rsa 3072 bits
verification in the image binary.
Add test case in vboot for sha384 with rsa3072 algorithm testing.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
For printing phys_addr_t we should use %pa to avoid warning like:
drivers/bootcount/bootcount_syscon.c:110:17: note: in expansion of macro ‘dev_err’
110 | dev_err(dev, "%s: Unsupported register size: %d\n", __func__,
| ^~~~~~~
seen for sandbox_defconfig with CONFIG_PHYS_64BIT=y.
Cf. commit 1eebd14b79 ("vsprintf: Add modifier for phys_addr_t")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Align the DFU MTD backend for the UBI partitions with the mtd command write
behavior when the option .dontskipff is not used: don't write the empty
pages (full of 0xFF); it is not required for UBI, see [1] for details.
This patch avoids the "free space fixup" procedure in the kernel [2]
and allows to program a UBIFS volume generated by mkfs.ubifs without the
option -F, --space-fixup.
The MTD DFU backend implements this behavior introduced on DFU NAND
backend by the commit 13cb7cc9e8 ("dfu: Add option to skip empty pages
when flashing UBI images to NAND") and also supported by the command nand
by CONFIG_CMD_NAND_TRIMFFS and by commit c9494866df ("cmd_nand: add nand
write.trimffs command").
[1] http://www.linux-mtd.infradead.org/doc/ubi.html#L_flasher_algo
[2] http://www.linux-mtd.infradead.org/faq/ubifs.html#L_free_space_fixup
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Allow to call 'pci' and 'pci regions' commands with bus option '*' which
cause pci to process all buses.
PCIe is point-to-point HW and so on each bus is maximally one physical
device. Therefore for PCIe it is common to have multiple buses.
This change allows to easily print all available PCIe devices in system.
Make '*' as default option when no bus argument is specified.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Currently pci command ignores invalid cmdline arguments and do something.
Add checks that all passed arguments were processed.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
'pci regions' currently prints only region information from bus 0 which
belongs to controller 0. Parser for 'pci regions' cmdline currently ignores
any additional arguments and so U-Boot always uses bus 0.
Regions are stored in controller (not on the bus) and therefore to retrieve
controller from the bus, it is needed to call pci_get_controller() which
returns root bus. Because bus 0 is root bus, current code worked fine for
controller 0.
Extend cmdline parser for 'pci regions' to allows specifying bus number,
extend pci_show_regions() code to accept also non-zero bus number and
print bus ranges for which is regions configuration assigned.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Initially it is set to dev_seq but update to the last bus number is
missing. Fix it.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Currently the names MMC1, MMC2 and MMC2_2 are output in the SPL. To
achieve more userbility here the name of the boot source can be returned.
E.g. for "MMC1" -> "eMMC" or "MMC2" -> "SD card".
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Reviewed-by: Michael Walle <michael@walle.cc>
Tested-by: Michael Walle <michael@walle.cc>
Having U-Boot look up the passed partition name even though an alias
exists is unexpected, leading to warning messages (when the alias name
doesn't exist as a real partition name) or the use of the wrong
partition.
Change part_get_info_by_name_or_alias() to consider real partitions
names only if no alias of the same name exists, allowing to use aliases
to override the configuration for existing partition names.
Also change one use of strcpy() to strlcpy().
Signed-off-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Reviewed-by: Sean Anderson <sean.anderson@seco.com>
In DFU v1.1 specification [1] the DFU_UPLOAD (Short Frame)
is handled only in dfuUPLOADIDLE state:
- Figure A.1 Interface state transition diagram
- the state description in chapter A.2
A.2.3 State 2 dfuIDLE
on Receipt of the DFU_UPLOAD request,and bitCanUpload = 1
the Next State is dfuUPLOADIDLE
A.2.10 State 9 dfuUPLOAD-IDLE
When the length of the data transferred by the device in response
to a DFU_UPLOAD request is less than wLength. (Short frame)
the Next State is dfuIDLE
In current code, when an UPLOAD is completely performed after the first
request (for example with wLength=200 and data read = 9), the DFU state
stay at dfuUPLOADIDLE until receiving a DFU_UPLOAD or a DFU_ABORT request
even it is unnecessary as the previous DFU_UPLOAD request already reached
the EOF.
This patch proposes to finish the DFU uploading (don't go to dfuUPLOADIDLE)
and completes the control-read operation (go to DFU_STATE_dfuIDLE) when
the first UPLOAD response has a short frame as an end of file (EOF)
indicator even if it is not explicitly allowed in the DFU specification
but this seems logical.
[1] https://www.usb.org/sites/default/files/DFU_1.1.pdf
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
In case CONFIG_FASTBOOT_FLASH_MMC_DEV == 0, compile-time condition
is not met and fastboot_set_reboot_flag() fails.
Fixes: a362ce214f ("fastboot: Implement generic fastboot_set_reboot_flag")
Signed-off-by: Roman Stratiienko <r.stratiienko@gmail.com>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
Tested-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
binman support for bintools (binary tools)
minor tools improvements in preparation for FDT signing
various minor fixes and improvements
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAmHyEeYRHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreYYlgf8C7tQVklXz9ZHhxVrFaPHWwgmBzEZJSrc
7SWhDX9yBrAYBUk8Q4OMnJz6nXW8Rz5Td9GfBNWcJag1HjJqno4BxkqwGk2tshgj
GIY0D1cGfKJzB4E6/rK/ETwmX4KVUyEf7S2IdJ0oydkn9t7OwDkUX5WtGXo70E7q
ZJGYlX5NQCVBRAF9NYDuyVFljrPzAiyT58VCtXY3q63C7PmRYvag8r56ug+8lkk3
9EbOTcwETqq9SbT1vucyBxwbUmoKhb2BF32jEcIhozowIM3GNsSpkdzQCUnylqfa
LYI/p0oVTKLfFRBRvQjLgdB/OQP8MLkby8A++Db2OW49mBXhn/5JWA==
=PdpE
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-26jan22' of https://source.denx.de/u-boot/custodians/u-boot-dm
acpi refactoring to allow non-x86 use
binman support for bintools (binary tools)
minor tools improvements in preparation for FDT signing
various minor fixes and improvements
Add support for CDC ACM using the new UDC and gadget API. This protocol
can be used for serial over USB data transfer and is widely supported
by various OS (GNU/Linux, MS-Windows, OSX...). The usual purpose of
such link is to access device debug console and can be useful for
products not exposing regular UART to the user.
A default stdio device named 'usbacm' is created, and can be used
to redirect console to USB link over CDC ACM:
> setenv stdin usbacm; setenv stdout usbacm
Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
It is currenly only used from usbtty driver but make it properly
selectable via Kconfig symbol, for future usage.
Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
This commit converts i.MX28's EHCI USB host driver to driver model
(DM_USB). It is a straightforward conversion (to reuse as much code
as possible), based on ehci-mx5.c code.
Signed-off-by: Lukasz Majewski <lukma@denx.de>
Those functions will be re-used when the ehci MXS driver (for imx28)
will be converted to also support CONFIG_DM_USB.
No functional changes introduced - only cosmetic changes (u32 type)
and alignment to pass checkpatch.
Signed-off-by: Lukasz Majewski <lukma@denx.de>
This function is going to be reused with the CONFIG_DM_USB enabled in
the imx28 mxs USB ehci driver.
No functional changes introduced.
Signed-off-by: Lukasz Majewski <lukma@denx.de>
At present mkimage displays the node information but it is not clear what
signing action was taken. Add a message that shows it. For now it only
supports showing a single signing action, since that is the common case.
Sample:
Signature written to 'sha1-basic/test.fit',
node '/configurations/conf-1/signature'
Public key written to 'sha1-basic/sandbox-u-boot.dtb',
node '/signature/key-dev'
Signed-off-by: Simon Glass <sjg@chromium.org>
Update the two functions that call add_verify_data() so that the caller
can see the node that was written to.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present we rely on the key blob being in the global_data fdt_blob
pointer. This is true in U-Boot but not with tools. For clarity, pass the
parameter around.
Signed-off-by: Simon Glass <sjg@chromium.org>
Put the parent node first in the parameters as this is more natural. Also
add a comment to explain what is going on.
Signed-off-by: Simon Glass <sjg@chromium.org>
We should be consistent in using the term 'signature' to describe a value
added to sign something and 'key' to describe the key that can be used to
verify the signature.
Tidy up the code to stick to this.
Add some comments to fit_config_verify_key() and its callers while we are
here.
Signed-off-by: Simon Glass <sjg@chromium.org>
The copyfile() implementation has strange behaviour if the destination
file already exists. Update it to ensure that any existing data in the
destination file is dropped.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add some more debugging to make it easier to see what is being tried and
what fails. Fix a few comment styles while here.
Signed-off-by: Simon Glass <sjg@chromium.org>