We want to support scanning a single label, like 'mmc' or 'usb0'. Add
this feature by plumbing the label through to the iterator, setting a
flag to indicate that only siblings of the initial device should be used.
This means that scanning a bootdev by its name is not supported anymore.
That feature doesn't seem very useful in practice, so it is no great loss.
Add a test for bootdev_find_by_any() while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present we set up the bootdev order at the start, then scan the
bootdevs one by one.
However this approach cannot be used with hunters, since the bootdevs may
not exist until the hunter is used. Nor can we just run all the hunters at
the start, since that violate's U-Boot's 'lazy init' requirement. It also
increases boot time.
So we need to adjust the algorithm to scan by labels instead. As a first
step, drop the dev_order[] array in favour of a list of labels. Update the
name of bootdev_setup_iter_order() to better reflect what it does.
Update some related comments and log messages. Also disable a few tests
until a later commit where we can use them.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a function which moves to the next priority to be processed.
This works by storing the current priority in the bootflow iterator. The
logic to set this up is included in a subsequent commit.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a function which moves to the next label in a list of labels. This
allows processing the boot_targets environment variable.
This works using a new label list in the bootflow iterator. The logic to
set this up is included in a subsequent commit.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a function to hunt for a bootdev label and find the bootdev produced
by the hunter (or already present).
Add a few extra flags so that we can distinguish between "mmc1", "mmc" and
"1" which all need to be handled differently.
Signed-off-by: Simon Glass <sjg@chromium.org>
We need extensions to be set up before we start trying to boot any of the
bootdevs. Add a new priority before all the others for tht sort of thing.
Also add a 'none' option, so that the first one is not 0.
While we are here, comment enum bootdev_prio_t fully and expand the test
for the 'bootdev hunt' command.
Signed-off-by: Simon Glass <sjg@chromium.org>
These are associated with the ethernet boot device but do not match its
uclass name, so handle them as special cases.
Provide a way to pass flags through with the bootdev so that we know
how to process it. The flags are checked by the bootmeths, to ensure that
only the selected bootmeth is used.
While these both use the network device, they work quite differently. It
is common to run only one of these, or to run PXE before DHCP. Provide
bootflow flags to control which methods are used. Check these in the two
bootmeths so that only the chosen one is used.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present this bootmeth only supports a block device and the sandbox
host filesystem. Add support for obtaining the script from a network
device. Also implement the set_bootflow() method so that it is easy
for other bootdevs (such as enabling SPI flash to support scripts).
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a bootdev for SPI flash so that these devices can be used with
standard boot. It only supports loading a script.
Add a special case for the label, since we want to use "spi", not
"spi_flash".
Enable the new bootdev on sandbox.
Signed-off-by: Simon Glass <sjg@chromium.org>
Normally the bootmeth driver reads the bootflow from the bootdev, since
it knows the correct way to do it.
However it is easier for some bootdevs to handle this themselves. For
example, reading from SPI flash is quite different from other devices.
Add a way for the bootdev to pass a bootflow to the bootmeth, so that
this can be supported.
Signed-off-by: Simon Glass <sjg@chromium.org>
This is complicated enough to merit its own function, particularly as we
are about to add to it. Create a new label_to_uclass() function to decode
a label.
Also update the code to ignore an empty label or one consisting of just a
number.
Signed-off-by: Simon Glass <sjg@chromium.org>
This environment variable is supposed to be set so that the script knows
which partition holds the script. Set it before invoking the script.
Signed-off-by: Simon Glass <sjg@chromium.org>
With EFI booting the device tree is required but is not actually specified
in any way. The normal method is to use a fdtfile environment variable to
get the filename, then look for that file on the media.
Implement this in the bootmeth.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some bootmeths provide a way to load a device tree as well as the base
OS image. Add a way to store this in the bootflow. Update the
'bootflow info' command to show this information.
Note that the device tree is not allocated, but instead is stored at
an address provided by an environment variable. This may need to be
adjusted at some point, but for now it works well and fits in with the
existing distro-boot scripts.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present this bootmeth only supports reading from a filesystem. Add
support for reading from a network also, using DHCP with autoload.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present all partitions are scanned, whether marked bootable or not.
Use only bootable partitions, defaulting to partition 1 if none is
found.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a way to run a bootdev hunter to find bootdevs of a certain type. Add
this to the 'bootdev hunt' command. Test for this are added in a later
patch, since a useful test needs some hunters to work with.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some bootdevs must be enumerated before they appear. For example, USB
bootdevs are not visible until USB is enumerated.
With standard boot this needs to happen automatically, since we only
want to enumerate a bus if it is needed.
Add a way to define bootdev 'hunters' which can be used to hunt for
bootdevs of a given type. Track which ones have been used and add a
command to list them.
Include a clang work-around which seems to be needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
The code in these functions turns out to often be the same. Add a default
get_bootflow() function and allow the drivers to select it by setting
the method to NULL.
This saves a little code space.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present MMC uses the bootdev_setup_for_dev() function to set up the
bootdev. This is because MMC only has one block-device child, so does not
need to worry about naming of the bootdev.
However this inconsistency with other bootdevs that use block devices is a
bit annoying. The only real reason for it is to have a name like
'mmc0.bootdev' instead of 'mmc0.blk.bootdev'.
Update bootdev_setup_sibling_blk() to drop '.blk' from the name where it
appears, thus removing the only reason to use the bootdev_setup_for_dev().
Switch MMC over to the subling function.
Signed-off-by: Simon Glass <sjg@chromium.org>
There is no point in trying to match the alias order for bootdevs, since
build_order() either sorts them by priority, uses the boot_targets
environment variable or the bootdev-order property.
Just use the iterator instead, to simplify the code.
Signed-off-by: Simon Glass <sjg@chromium.org>
Rather than implement this as its own case in build_order(), process the
boot_targets environment variable in the bootstd_get_bootdev_order()
function. This allows build_order() to be simplified.
Signed-off-by: Simon Glass <sjg@chromium.org>
patman fix for checkpatch
binman optional entries, improved support for ELF symbols
trace improvements
minor fdt refactoring
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAmPIpV4RHHNqZ0BjaHJv
bWl1bS5vcmcACgkQfxc6PpAIreZuqwgA0UpYQEX6/MegzHSCIx3AMT4rCF1Ytitr
LS4Cbvj1Q09Rt9jriW7wAV5AobVPwGf2L5SVcnWv2I9+MmypDIXEe8HIrt2fRFu9
bzn/2GOzXczuXqPFa/CWOUwjvCzTb8Sl9NtRszrP5NvOzuN15x00ZUYaXFO7fgsB
zZMzOKxemwjdtLaox+x+VIJ95HMDEkYrWTAqTPg74CNVSjRbbLNqNq0zqkHB8SnH
ubgphtIKYItTeIXcfIa9V4LeQp0ZitkzSfAibX+nIPCMPg9jbG9MrQQ+VvSZDjnM
y8wa8gFj47Ek+gGNFXMHIpO6tBd83uHRgtf2x+zhcovLELYnZ6fDGw==
=1K6m
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-18jan23' of https://source.denx.de/u-boot/custodians/u-boot-dm
convert rockchip to use binman
patman fix for checkpatch
binman optional entries, improved support for ELF symbols
trace improvements
minor fdt refactoring
This device is created when there are no bootmeths defined in the device
tree. But it cannot be probed without a device tree node.
For now, ignore a probe failure.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Karsten Merker <merker@debian.org>
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Fixes: a56f663f07 ("vbe: Add info about the VBE device to the fwupd node")
Tested-by: Vagrant Cascadian <vagrant@debian.org>
Tested-by: Karsten Merker <merker@debian.org>
Instead of the bash script, use binman to generate the FIT for arm64.
For 32-bit boards, use binman for all images, dropping the intermediate
files.
With this change, only Zynq is now using SPL_FIT_GENERATOR so update the
Kconfig rule accordingly.
Clean up the Makefile to the extent possible. Unfortunately, two boards
do not use SPL_FRAMEWORK so don't enable the u-boot.img rule:
evb-rk3036
kylin-rk3036
So a small remnant remains.
Signed-off-by: Simon Glass <sjg@chromium.org>
The event framework is just that, a framework. Enabling it by itself
does nothing, so we shouldn't ask the user about it. Reword (and correct
typos) around this the option and help text. This also applies to
DM_EVENT and EVENT_DYNAMIC. Only EVENT_DEBUG and CMD_EVENT should be
visible to the user to select, when EVENT is selected.
With this, it's time to address the larger problems. When functionality
uses events, typically via EVENT_SPY, the appropriate framework then
must be select'd and NOT imply'd. As the functionality will cease to
work (and so, platforms will fail to boot) this is non-optional and
where select is appropriate. Audit the current users of EVENT_SPY to
have a more fine-grained approach to select'ing the framework where
used. Also ensure the current users of event_register and also select
EVENT_DYNAMIC.
Cc: AKASHI Takahiro <takahiro.akashi@linaro.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reported-by: Oliver Graute <Oliver.Graute@kococonnector.com>
Reported-by: Francesco Dolcini <francesco.dolcini@toradex.com>
Fixes: 7fe32b3442 ("event: Convert arch_cpu_init_dm() to use events")
Fixes: 42fdcebf85 ("event: Convert misc_init_f() to use events")
Fixes: c5ef202557 ("dm: fix DM_EVENT dependencies")
Signed-off-by: Tom Rini <trini@konsulko.com>
Tested-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Fabio Estevam <festevam@denx.de>
Create an expo to handle the boot menu. For now this is quite simple, with
just a header, some menu items and a pointer to show the current one.
Signed-off-by: Simon Glass <sjg@chromium.org>
A menu is a key part of the expo design. It consists of a number of items
which the user can select from.
Add the initial implementation of this.
Signed-off-by: Simon Glass <sjg@chromium.org>
A scene is a single screen within an expo. It is possible to move between
scenes but only one can be displayed at once.
Add a basic implementation.
Signed-off-by: Simon Glass <sjg@chromium.org>
An expo is a way of presenting and collecting information from the
user. It consists of a collection of 'scenes' of which only one is
presented at a time. An expo is typically used to show a boot menu
and allow settings to be changed.
One created, the same expo can be automatically presented in graphical
form using a vidconsole, or in text form on a serial console.
Add an initial implementation of the expo itself. Supports for scenes
and objects is provided later.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some operating systems provide a logo in bmp format. Read this in if
present so it can be displayed in the menu.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add the concept of an OS name to the bootflow. This typically includes the
OS name, version and kernel version.
Implement this for the distro and script bootmeths so that it works with
Armbian and older version of Fedora.
Signed-off-by: Simon Glass <sjg@chromium.org>
We should use the cmd/ directory for commands rather than for common code
used elsewhere in U-Boot. Move the common 'source' code into
image-board.c to achieve this.
The image_source_script() function needs to call run_command_list() so
seems to belong better in the command library. Move and rename it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Commit d5ba6188df ("cmd: pxe_utils: Check fdtcontroladdr in label_boot")
forces '$fdtcontroladdr' DT address as a third parameter of bootm command
even if the PXE transfer pulls in a fitImage which contains configuration
node with its own DT that is preferrable to be passed to Linux. Limit the
$fdtcontroladdr fallback utilization to non-fitImages, since it is highly
likely a fitImage would come with its own DT, while single-file images do
need a separate DT.
Fixes: d5ba6188df ("cmd: pxe_utils: Check fdtcontroladdr in label_boot")
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Tested-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Peter Hoyes <peter.hoyes@arm.com>
Tested-by: Peter Hoyes <peter.hoyes@arm.com>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
This reverts commit ed6251187a.
Superseded by "cmd: pxe_utils: Limit fdtcontroladdr usage to non-fitImage"
which is less heavy-handed approach and retains part of the original
behavior for non-fitImage.
Signed-off-by: Marek Vasut <marex@denx.de>
Acked-by: Neil Armstrong <neil.armstrong@linaro.org>
As discussed previously [1,2], the source command is not safe to use with
verified boot unless there is a key with required = "images" (which has its
own problems). This is because if such a key is absent, signatures are
verified but not required. It is assumed that configuration nodes will
provide the signature. Because the source command does not use
configurations to determine the image to source, effectively no
verification takes place.
To address this, allow specifying configuration nodes. We use the same
syntax as the bootm command (helpfully provided for us by fit_parse_conf).
By default, we first try the default config and then the default image. To
force using a config, # must be present in the command (e.g. `source
$loadaddr#my-conf`). For convenience, the config may be omitted, just like
the address may be (e.g. `source \#`). This also works for images
(`source :` behaves exactly like `source` currently does).
[1] https://lore.kernel.org/u-boot/7d711133-d513-5bcb-52f2-a9dbaa9eeded@prevas.dk/
[2] https://lore.kernel.org/u-boot/042dcb34-f85f-351e-1b0e-513f89005fdd@gmail.com/
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When converting CONFIG_SDCARD and CONFIG_SPIFLASH to Kconfig, one set of
uses wasn't converted correctly. Allow for the case where platforms
don't rely on "PBL" to boot but instead use other mechanisms. See the
link below for more details.
Link: https://lore.kernel.org/all/20220802091338.f4g45ldhc7qbg6hm@pali/
Fixes: d433c74eec ("Convert CONFIG_SDCARD et al to Kconfig")
Tested-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
We ask for CONFIG_SPL_LOAD_FIT_ADDRESS in Kconfig, so we cannot define
it in C as a fall-back. However, this option previously was buried under
"if ... endif" Kconfig logic. Rework a number of config options to now
have more robust dependency lines so that we can ask this address when
needed. With that done, we can remove the fallback in spl_ram.c.
Signed-off-by: Tom Rini <trini@konsulko.com>
With the change here, all extlinux.conf files with only "KERNEL
/fitImage" don't work anymore. One common example of this would be those
files generated by thee Poky/OE WIC bootimg-partition bootloader
partition generator.
This reverts commit d5ba6188df.
Reported-by: Neil Armstrong <neil.armstrong@linaro.org>
Reported-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Regarding the documentation found here:
https://github.com/u-boot/u-boot/blob/master/common/menu.c#L347
If both timeout and prompt is set to 0 the default entry shall
be booted immediately. However the current behaviour is that
the prompt is shown (tested with distroboot) until the user
selects an entry (no timeout).
This change implements a behaviour as documented. It was tested
with distroboot.
Signed-off-by: Manuel Traut <manuel.traut@mt.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Replace malloc and strcpy by strdup in
function parse_label_kernel.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Since the commit d5ba6188df ("cmd: pxe_utils: Check fdtcontroladdr
in label_boot") the FDT or the FDTDIR label is required in extlinux.conf
and the fallback done by bootm command when only the device tree present
in this command parameters is no more performed when FIT is used for
kernel.
When the label FDT or FDTDIR are absent or if the device tree file is
absent, the PXE command in U-Boot uses the default U-Boot device tree
selected by fdtcontroladdr = gd->fdt_blob, it is the "Scenario 3".
With this scenario the bootm FIP fallback is no more possible with
the extlinux.conf when only "kernel" label is present and is a FIP:
kernel <path>#<conf>[#<extra-conf[#...]]
As the U-Boot FDT is always provided in the third bootm argument,
the device tree found in FIP is not used as fallback, it was done
previously in boot_get_fdt().
This patch adds a new field kernel_label to save the full kernel label.
The FDT bootm parameters use the kernel address (to avoid to load a
second time the same FIP) and the config when this full label is reused
for "fdt" or "initrd" label.
This FIP support in extlinux.conf is restored when the "FDT" label
can be found and select the same FIP (identical file and configuration):
kernel <path>#<conf>[#<extra-conf[#...]]
fdt <path>#<conf>[#<extra-conf[#...]]
The patch add also this possibility for initrd.
initrd <path>#<conf>[#<extra-conf[#...]]
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Reorder kernel treatment in label_boot at the beginning of the function.
This patch doesn't change the pxe command behavior, it is only a
preliminary step for next patch, build kernel_addr before parsing
the label initrd and fdt to build the next bootm arguments.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
If the user select the image type "flat_dt" a FIT image will be build.
This breaks the legacy use case of putting a Flat Device Tree into a
legacy u-boot image.
Add a new image type "fdt_legacy" to build a legacy u-boot image
with a "flat_dt" type.
Link: https://lore.kernel.org/all/20221028155205.ojw6tcso2fofgnhm@pengutronix.de
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
As there are no more non-DM_ETH cases for networking, remove this legacy
file and update the Makefile to match current usage.
Signed-off-by: Tom Rini <trini@konsulko.com>
The rest of the unmigrated CONFIG symbols in the CONFIG_SYS namespace do
not easily transition to Kconfig. In many cases they likely should come
from the device tree instead. Move these out of CONFIG namespace and in
to CFG namespace.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The rest of the unmigrated CONFIG symbols in the CONFIG_SYS_SDRAM
namespace do not easily transition to Kconfig. In many cases they likely
should come from the device tree instead. Move these out of CONFIG
namespace and in to CFG namespace.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Due to usage of PREBOOT in Kconfig, macro CONFIG_PREBOOT is always defined
when CONFIG_USE_PREBOOT is enabled. In case CONFIG_PREBOOT is not
explicitly enabled it is set to empty C string and therefore
'#ifdef CONFIG_PREBOOT' guard does not work. Fix this issue by introducing
a new Kconfig symbol PREBOOT_DEFINED which cause to define new C macro
CONFIG_PREBOOT_DEFINED only when CONFIG_PREBOOT is really defined.
Change usage of '#ifdef CONFIG_PREBOOT' by '#ifdef CONFIG_USE_PREBOOT' for
code which checks if preboot code would be called and by
'#ifdef CONFIG_PREBOOT_DEFINED' for defining preboot code.
Signed-off-by: Pali Rohár <pali@kernel.org>
At present we put the driver in the /chosen node in U-Boot. This is a bit
strange, since U-Boot doesn't normally use that node itself. It is better
to put it under the bootstd node.
To make this work we need to copy create the node under /chosen when
fixing up the device tree. Copy over all the properties so that fwupd
knows what to do.
Update the sandbox device tree accordingly.
Signed-off-by: Simon Glass <sjg@chromium.org>
Enable the various features needed in VPL, by adding Kconfig options.
Update the defconfig for sandbox_vpl so that the build for each phase
includes what is needed. Drop LZMA for now and make sure partition support
is omitted in SPL, since it is not needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
We don't need the U-Boot prefix on the version and in fact it is harmful
since pytest gets confused seeing the U-Boot banner bring displayed when
the version is printed.
Drop the prefix from the string.
We could produce an entirely new string from the component parts, but this
adds to the rodata size and would break the use of version_string as the
only thing which holds this information.
Signed-off-by: Simon Glass <sjg@chromium.org>
The vbe_fixup file handles device tree fixups, but these are called OS
requests in VBE. Rename the file to reflect its wider purpose.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add support for filtering out FIT images by phase. Rather than adding yet
another argument to this already overloaded function, use a composite
value, where the phase is only added in if needed.
The FIT config is still selected (and verified) as normal, but the images
are selected based on the phase.
Tests for this come in a little later, as part of the updated VPL test.
Signed-off-by: Simon Glass <sjg@chromium.org>
We want to be able to mark an image as related to a phase, so we can
easily load all the images for SPL or for U-Boot proper.
Add this to the FIT specification, along with some access functions.
Signed-off-by: Simon Glass <sjg@chromium.org>
The current name is inconsistent with SPL which uses CONFIG_SPL_TEXT_BASE
and this makes it imposible to use CONFIG_VAL().
Rename it to resolve this problem.
Signed-off-by: Simon Glass <sjg@chromium.org>
Just like we exclude data-size, data-position, and data-offset from
fit_config_check_sig, we must exclude them while signing as well.
While we're at it, use the FIT_DATA_* defines for fit_config_check_sig
as welll.
Fixes: 8edecd3110 ("fit: Fix verification of images with external data")
Fixes: c522949a29 ("rsa: sig: fix config signature check for fit with padding")
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Beside some rather unexciting sync of the DTs from the kernel tree, and
some Kconfig cleanup, there are some improvements for the ARMv5 Allwinner
family, to support boards with the F1C200s (64MB DRAM) better. We will
get actual board support as soon as the DTs have passed the Linux review
process.
There is also support for the X96 Mate TV Box, featuring the H616 SoC and
a full 4GB of DRAM.
Also we found the secret to enable SPI booting on the H616 (pin PC5 must
be pulled to GND), so the SPI boot support patch is now good to go.
Passed the gitlab CI, plus briefly tested on Pine64-LTS, LicheePi Nano,
X96 Mate and OrangePi Zero.
Traditionally we assumed that every Allwinner board would come with at
least 256 MB of DRAM, and set our DRAM layout accordingly. This affected
both the default load addresses, but also U-Boot's own address
expectations (like being loaded at 160 MB).
Some SoCs come with co-packaged DRAM, but only provide 32 or 64MB. So
far we special-cased those *chips*, as there was only one chip per DRAM
size. However new chips force us to take a more general approach.
Introduce a Kconfig symbol, which provides the minimum DRAM size of the
board. If nothing else is specified, we use 256 MB, and default to
smaller values for those co-packaged SoCs.
Then select the different DRAM maps according to this new symbol, so
that different SoCs with the same DRAM size can share those definitions.
Inspired by an idea from Icenowy.
This is just refactoring: compiled for all boards before and after this
patch: the binaries were identical.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Jernej Skrabec <jernej.skrabec@gmail.com>
As a starting point, add support for providing random data, if requested
by the OS. Also add ASLR, as a placeholder for now.
Signed-off-by: Simon Glass <sjg@chromium.org>
(fixed up to use uclass_first_device_err() instead)
Make sure the log_msg_ret() values are unique so that the log trace is
unambiguous with LOG_ERROR_RETURN. Also avoid reusing the 'node' variable
for two different nodes in bootmeth_vbe_simple_ft_fixup(), since this is
confusing.
Signed-off-by: Simon Glass <sjg@chromium.org>
Now that we support multiple device trees with the ofnode interface, we
can pass the correct FDT to this event. This allows the 'working' FDT to
be fixed up, as expected, so long as OFNODE_MULTI_TREE is enabled.
Also make sure we don't try to do this with livetree, which does not
support fixups yet.
Signed-off-by: Simon Glass <sjg@chromium.org>
This code uses casts between addresses and pointers, so does not work with
sandbox. Update it so we can allow sandbox to do device tree fixups.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present when bootm fails, it says:
subcommand not supported
and then prints help for the bootm command. This is not very useful, since
generally the error is related to something else, such as fixups failing.
It is quite confusing to see this in a test run.
Change the error and show the error code.
We could update the OS functions to return -ENOSYS when they do not
support the bootm subcommand. But this involves some thought since this is
arch-specific code and proper errno error codes are not always returned.
Also, with the code as is, all required subcommands are of course
supported - a problem would only come if someone added a new one or
removed support for one from an existing OS. Therefore it seems better to
leave that sort of effort for when our bootm tests are improved.
Note: v1 of this patch generated a discussion[1] about printing error
strings automatically using printf(). That is outside the scope of this
patch but will be dealt with separately.
[1] https://patchwork.ozlabs.org/project/uboot/patch/20220909151801.336551-3-sjg@chromium.org/
Signed-off-by: Simon Glass <sjg@chromium.org>
bootdev_list() uses uclass_*_device_err() to iterate devices.
However, the only value _err adds is returning an error when the device
pointer is null, and that's checked anyway.
Also there is some intent to report errors, and that's what
uclass_*_device_check() is for, use it.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Setting an alternative signature info node in "pre_load_sig_info_path"
allows verification of an image using the bootm pre-load mechanism with
a different key, e.g.: setenv pre_load_sig_info_path "/alt/sig" ; bootm
preload [addr]
Signed-off-by: Steven Lawrance <steven.lawrance@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Putting these definitions in a header will allow signatures to be
validated independently of bootm.
Signed-off-by: Steven Lawrance <steven.lawrance@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This adds keyword devicetree-overlay as an alias for fdtoverlays in
extlinux (sysboot) and pxe to better follow the Boot Loader Specification
[1], improves documentation around them by adding an example for both
fdtoverlays and devicetree-overlay and the environment variable required
for this feature. The link for the spec is updated to the current one.
[1] https://systemd.io/BOOT_LOADER_SPECIFICATION/
Signed-off-by: Edoardo Tomelleri <e.tomell@gmail.com>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
This function turns out to be a little confusing since it looks up a path
and also registers the tree. Split it into two, one that gets the root
node and one that looks up a path, so the purpose is clear.
Registering the tree will happen in a function to be added in a later
patch, called oftree_from_fdt().
Signed-off-by: Simon Glass <sjg@chromium.org>
This is not needed and we should avoid typedefs. Use the struct instead
and rename it to indicate that it really is a legacy struct.
Signed-off-by: Simon Glass <sjg@chromium.org>
In a lot of cases kernel resets UART HW. To ensure that U-Boot messages
printed before booting the kernel are not lost, call new U-Boot console
flush() function.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Globally replace all occurances of WATCHDOG_RESET() with schedule(),
which handles the HW_WATCHDOG functionality and the cyclic
infrastructure.
Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Tom Rini <trini@konsulko.com> [am335x_evm, mx6cuboxi, rpi_3,dra7xx_evm, pine64_plus, am65x_evm, j721e_evm]
Remove all but a few that are difficult, relying on legacy CONFIG options
or optional global_data fields.
Drop the duplicate function name in the comment for boot_get_cmdline().
Signed-off-by: Simon Glass <sjg@chromium.org>
Finish off the refactoring by correcting the indent levels. Note that this
does not include any functional changes.
Signed-off-by: Simon Glass <sjg@chromium.org>
Drop the last one of these, by using a done_select variable to control
whether to fall back to using 'select' as a hex value.
Note that the indentation is not adjusted, to make this easier to review.
Signed-off-by: Simon Glass <sjg@chromium.org>
Drop the #ifdef from near the end of select_ramdisk(). Move some variables
to the top of the function to make this work.
Signed-off-by: Simon Glass <sjg@chromium.org>
The current switch default is tricky since it relies on #ifdefs to work.
Use a bool instead.
Also fix the comment on @select, since it has a dual purpose.
Signed-off-by: Simon Glass <sjg@chromium.org>
Convert this to an if(), fix the cast from an address to a pointer and
make sure that any error is returned correctly.
Signed-off-by: Simon Glass <sjg@chromium.org>
Several different firmware users have repetitive code to extract the
firmware data from a FIT. Add some helper functions to reduce the amount
of repetition. fit_conf_get_prop_node (eventually) calls
fdt_check_node_offset_, so we can avoid an explicit if. In general, this
version avoids printing on error because the callers are typically
library functions, and because the FIT code generally has (debug)
prints of its own. One difference in these helpers is that they use
fit_image_get_data_and_size instead of fit_image_get_data, as the former
handles external data correctly.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
FTD blob can be put immediately after the OS image.
So use strict inequality for start address check.
Fixes: fbde7589ce ("common: bootm: add checks to verify if ramdisk / fdtimage overlaps OS image")
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
fit_image_get_comp() should not set value -1 in case it can't read
the compression node. Instead, leave the value untouched in that case
as it can be absent and a default value previously defined by the
caller of fit_image_get_comp() should be used.
As a result the warning message
WARNING: 'compression' nodes for ramdisks are deprecated, please fix your .its file!
no longer shows if the compression node is actually absent.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Change variable name 'imape_comp' to the supposedly intended name
'image_comp'.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Don't assign a value to a variable if it is not used afterwards.
Move variables to the code fragment where they are used.
Addresses-Coverity: CID 356243 ("Code maintainability issues (UNUSED_VALUE)")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
uclass_find_first_device() may return NULL if no device for the uclass
exists. Handle this case gracefully.
Addresses-Coverity: CID 356244 ("Null pointer dereferences (FORWARD_NULL)")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add support for VBE simple, which permits firmware update of a single
image stored in MMC or another block device.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present there is a confusing array of functions that handle the
device tree fix-ups needed for booting an OS. We should be able to switch
to using events to clean this up.
As a first step, create a new event type and call it from the standard
place.
Note that this event uses the ofnode interface only, since this can
support live tree which is more efficient when making lots of updates.
Signed-off-by: Simon Glass <sjg@chromium.org>
This was a work-around for the fact that global bootmeths such as EFI
bootmgr and VBE don't use a particular bootdev, or at least select it
themselves so that we don't need to scan all bootdevs when using that
bootmeth.
Drop the system bootdev entirely.
Signed-off-by: Simon Glass <sjg@chromium.org>
Now that we can separate this out from the normal bootmeths, update the
code to create it always.
We cannot rely on the device tree to create this, since the EFI project
is quite opposed to having anything in the device tree that helps U-Boot
with its processing.
Signed-off-by: Simon Glass <sjg@chromium.org>
Typically we want to find and use global bootmeths first, since they have
the best idea of how the system should boot. We then use normal bootmeths
as a fallback.
Add the logic for this, putting global bootmeths at the end of the
ordering. We can then easily scan the global bootmeths first, then drop
them from the list for subsequent bootdev-centric scans.
This changes the ordering of global bootmeths, so update the
bootflow_system() accordingly.
Drop the comment from bootmeth_setup_iter_order() since this is an
exported function and it should be in the header file.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add support for handling this concept in bootflows. Update the 'bootflow'
command to allow only the normal bootmeths to be used. This alllows
skipping EFI bootmgr and VBE, for example.
Signed-off-by: Simon Glass <sjg@chromium.org>
With global bootmeths we want to scan without a bootdev. Update the logic
to allow this.
Change the bootflow command to show the bootdev only when valid.
Signed-off-by: Simon Glass <sjg@chromium.org>
For most testing we don't want this bootmeth to actually do anything. For
the one test where we do, add a test hook to obtain the correct behaviour.
This will allow us to bind the device always, rather than just doing it
for this test.
Signed-off-by: Simon Glass <sjg@chromium.org>
The current way of handling things like EFI bootmgr is a bit odd, since
that bootmeth handles selection of the bootdev itself. VBE needs to work
the same way, so we should support it properly.
Add a flag that indicates that the bootmeth is global, rather than being
invoked on each bootdev. Provide a helper to read a bootflow from the
bootmeth.
Signed-off-by: Simon Glass <sjg@chromium.org>
Avoid using 'count' to mean either a count or an error, since this is
confusing. In fact, the called function never return 0, since that is an
error.
Use 'ret' instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some bootmeths can provide information about what is available to boot.
For example, VBE simple provides access to the firmware state.
Add a new method for this, along with a sandbox test.
Signed-off-by: Simon Glass <sjg@chromium.org>
If the ordering produces no entries, this is an error. Report it, so that
the caller doesn't try to continue with a NULL bootmeth.
This fixes a crash in the bootflow_iter test when running with the sandbox
'default' device tree, instead of the required 'test' one.
Signed-off-by: Simon Glass <sjg@chromium.org>
Remove the dependency on CMD_PXE from BOOTMETH_DISTRO by introducing a
new hidden kconfig symbol to control whether pxe_utils is compiled,
allowing bootstd's distro method to be compiled without needing
networking support enabled.
Signed-off-by: John Keeping <john@metanate.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Correct build errors when CMD_BOOTM is not enabled:
Signed-off-by: Simon Glass <sjg@chromium.org>
This is not needed now that CONFIG_SYS_TARGET_NAME is correctly determined
when scanning Kconfig.
This reverts commit 25b8acee2e.
Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
As the only pic32 platform does not enable flash, this is dead code.
Remove it.
Cc: Purna Chandra Mandal <purna.mandal@microchip.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
These flags may be used to check whether an FPGA driver is able to
load a particular FPGA bitstream image.
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Tested-by: Ricardo Salveti <ricardo@foundries.io>
Tested-by: Adrian Fiergolski <adrian.fiergolski@fastree3d.com>
Link: https://lore.kernel.org/r/20220722141614.297383-7-oleksandr.suvorov@foundries.io
Signed-off-by: Michal Simek <michal.simek@amd.com>
With commit ce39ee28ec ("zynqmp: Do not place u-boot to reserved memory
location"), the function board_get_usable_ram_top() is allocating
MMU_SECTION_SIZE of about 2MB using lmb_alloc(). But we dont have this
much memory in case of mini U-Boot.
Keep these functions which use lmb under CONFIG_LMB so that they are
compiled and used only when LMB is enabled.
Signed-off-by: Ashok Reddy Soma <ashok.reddy.soma@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@amd.com>
Link: https://lore.kernel.org/r/75e52def75f573e554a6b177a78504c128cb0c4a.1657183534.git.michal.simek@amd.com
Coverity CID 131256 indicates a possible buffer overflow in label_boot().
This would only occur if the size of the downloaded file would exceed 4
GiB. But anyway we can simplify the code by using snprintf() and checking
the return value.
Addresses-Coverity-ID: 131256 ("Security best practices violations (STRING_OVERFLOW)")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
This converts the following to Kconfig:
CONFIG_SYS_BOOTM_LEN
As part of this, rework error handling in boot/bootm.c so that we pass
the buffer size to handle_decomp_error as CONFIG_SYS_BOOTM_LEN will not
be available to host tools but we do know the size that we passed to
malloc().
Cc: Soeren Moch <smoch@web.de>
Signed-off-by: Tom Rini <trini@konsulko.com>
Tighten up symbol dependencies in a number of places. Ensure that a SPL
specific option has at least a direct dependency on SPL. In places
where it's clear that we depend on something more specific, use that
dependency instead. This means in a very small number of places we can
drop redundant dependencies.
Reported-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
The documentation above the DEFINE_ALIGN_BUFFER says it's for use
outside functions, but we're inside one.
Instead use ALLOC_CACHE_ALIGN_BUFFER, the stack based macro, which also
includes the cache alignment.
Fixes: b583348ca8 ("image: fit: Align hash output buffers")
Signed-off-by: Joel Stanley <joel@jms.id.au>
Tested-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Reviewed-by: Sean Anderson <sean.anderson@seco.com>
Tighten up symbol dependencies in a number of places. Ensure that a TPL
specific option has at least a direct dependency on TPL. In places
where it's clear that we depend on something more specific, use that
dependency instead.
Reported-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Linux determines its console based on several sources:
1. the console command line parameter
2. device tree (e.g. /chosen/stdout-path)
3. various other board- and arch-specific sources
If the console parameter specifies a real console (e.g. ttyS0) then that is
used as /dev/console. However, if it does not specify a real console (e.g.
ttyDoesntExist) then *nothing* will be used as /dev/console.
Reading/writing it will return ENODEV. Additionally, no other source will
be used as a console source.
Linux commit ab4af56ae250 ("printk/console: Allow to disable console output
by using console="" or console=null") recently changed the semantics of the
parameter. Previously, specifying console="" would be treated like
specifying some other bad console. This commit changed things so that it
added /dev/ttynull as a console (if available). However, it also allows
for other console sources. If the device tree specifies a console (such as
if U-Boot and Linux share a device tree), then it will be used in addition
to /dev/ttynull. This can result in a non-silent console.
To avoid this, explicitly set ttynull as the console. This will disable
other console sources. If CONFIG_NULL_TTY is disabled, then this will have
the same behavior as in the past (no output, and writing /dev/console
returns ENODEV).
[1] and [2] have additional background on this kernel change.
[1] https://lore.kernel.org/all/20201006025935.GA597@jagdpanzerIV.localdomain/
[2] https://lore.kernel.org/all/20201111135450.11214-1-pmladek@suse.com/
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
The commit 2158b0da22 ("bootmenu: add Kconfig option
not to enter U-Boot console") disables to enter U-Boot
console from bootmenu as default, this change affects the
existing bootmenu users.
This commit reverts the default behavior, the bootmenu can
enter U-Boot console same as before.
CMD_BOOTMENU_ENTER_UBOOT_CONSOLE is renamed
BOOTMENU_DISABLE_UBOOT_CONSOLE and depends on
AUTOBOOT_MENU_SHOW.
Fixes: 2158b0da22 ("bootmenu: add Kconfig option not to enter U-Boot console")
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Tested-by: Pali Rohar <pali@kernel.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
TI secure devices chain-of-trust depends on FIT image processing,
enable it by default on these devices. This also reduces the delta
between the secure and non-secure defconfig files.
Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Non-FIT image loading support should be disabled for TI secure
devices as the image handlers for those image types do not follow
our secure boot checks.
Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
We would like to use bootstd by default when EFI boot manager is not
enabled. But so far bootstd does not support all the of distro-boot
fetures. So for now, add an option to select this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a bootmeth driver which handles distro boot from a disk via a U-Boot
script, so we can boot a bootflow using this commonly used mechanism. This
is required by Armbian, for example.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a bootmeth driver which handles EFI boot manager, using EFI_LOADER.
In effect, this provides the same functionality as the 'bootefi bootmgr'
command and shares the same code. But the interface into it is via a
bootmeth, so it does not require any special scripts, etc.
For now this requires the 'bootefi' command be enabled. Future work may
tidy this up so that it can be used without CONFIG_CMDLINE being enabled.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some boot methods don't act on a single bootdev but instead do their own
thing. An example is EFI bootmgr which scan various devices using its own
logic. Add a bootdev to handle this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a bootmeth driver which handles EFI boot, using EFI_LOADER.
In effect, this provides the same functionality as the 'bootefi' command
and shares the same code. But the interface into it is via a bootmeth,
so it does not require any special scripts, etc.
For now this requires the 'bootefi' command be enabled. Future work may
tidy this up so that it can be used without CONFIG_CMDLINE being enabled.
There was much discussion about whether this is needed, but it seems
that it is, at least for now.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a bootmeth driver which handles distro boot from a network device, so
we can boot a bootflow using this commonly used mechanism.
In effect, this provides the same functionality as the 'pxe' command
and shares the same code. But the interface into it is via a bootmeth.
For now this requires the 'pxe' command be enabled. Future work may tidy
this up so that it can be used without CONFIG_CMDLINE being enabled.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a bootmeth driver which handles distro boot from a disk, so we can
boot a bootflow using this commonly used mechanism.
In effect, this provides the same functionality as the 'sysboot' command
and shares the same code. But the interface into it is via a bootmeth.
For now this requires the 'pxe' command be enabled. Future work may tidy
this up so that it can be used without CONFIG_CMDLINE being enabled.
Signed-off-by: Simon Glass <sjg@chromium.org>
A bootmeth is a method of locating an operating system. For now, just
add the uclass itself. Drivers for particular bootmeths are added later.
If no bootmeths devices are included in the devicetree, create them
automatically. This avoids the need for boilerplate in the devicetree
files.
Signed-off-by: Simon Glass <sjg@chromium.org>
A 'bootdev' is a device which can be used to boot an operating system.
It is a child of the media device (e.g. MMC) which handles reading files
from that device, such as a bootflow file.
Add a uclass for bootdev and the various helpers needed to make it
work. Also add a binding file, empty for now.
Signed-off-by: Simon Glass <sjg@chromium.org>
The 'bootstd' device provides the central information about U-Boot
standard boot.
Add a uclass for bootstd and the various helpers needed to make it
work. Also add a binding file.
Signed-off-by: Simon Glass <sjg@chromium.org>
The current implementation of boot_relocate_fdt() places DT at the
highest usable DRAM address, which is calculated as:
env_get_bootm_low() + env_get_bootm_mapsize()
which by default becomes gd->ram_base + gd->ram_size.
Systems like i.MX53 can have multiple DRAM banks with gap between them,
e.g. have DRAM at 0x70000000-0x8fffffff and 0xb0000000-0xcfffffff , so
for them the calculated highest DRAM address is 0xafffffff, which is
exactly in the gap and thus not usable.
Fix this by iterating over all DRAM banks and tracking the remaining
amount of the total mapping size obtained from env_get_bootm_mapsize().
Limit the maximum LMB area size to each bank, to avoid using nonexistent
DRAM.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
* free() checks if its argument is NULL. Remove duplicate checks.
* Remove duplicate free(ovcopy).
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
It can be useful for the OS (Linux) to know which configuration has
been chosen by U-Boot when launching a FIT image.
Store the name of the FIT configuration node used in a new string
property called 'u-boot,bootconf' in the '/chosen' node in device tree.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Hardware-accelerated hash functions require that the input and output
buffers be aligned to the minimum DMA alignment. memalign.h helpfully
provides a macro just for this purpose. It doesn't exist on the host,
but we don't need to be aligned there either.
Fixes: 5dfb521386 ("[new uImage] New uImage low-level API")
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Since the commit bfaa51dd4a ("cmd: add serial console support
for the cls command") the cls command is not enough to clear the
video display when ANSI console is activated.
This patch clears the video device with the video_clear() API
before to display the bitmap used for the PXE background.
This patch avoids to display the LOGO, activated by default with
commit 7a8555d871 ("video: Show the U-Boot logo by default").
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
A big part is the DM pinctrl driver, which allows us to get rid of quite
some custom pinmux code and make the whole port much more robust. Many
thanks to Samuel for that nice contribution! There are some more or less
cosmetic warnings about missing clocks right now, I will send the trivial
fixes for that later.
Another big chunk is the mkimage upgrade, which adds RISC-V and TOC0
(secure images) support. Both features are unused at the moment, but I
have an always-secure board that will use that once the DT lands in the
kernel.
On top of those big things we have some smaller fixes, improving the
I2C DM support, fixing some H6/H616 early clock setup and improving the
eMMC boot partition support.
The gitlab CI completed successfully, including the build test for all
161 sunxi boards. I also boot tested on a A64, A20, H3, H6, and F1C100
board. USB, SD card, eMMC, and Ethernet all work there (where applicable).
Most Allwinner sunxi SoCs have separate boot ROMs in non-secure and
secure mode. The "non-secure" or "normal" boot ROM (NBROM) uses the
existing sunxi_egon image type. The secure boot ROM (SBROM) uses a
completely different image type, known as TOC0.
A TOC0 image is composed of a header and two or more items. One item
is the firmware binary. The others form a chain linking the firmware
signature to the root-of-trust public key (ROTPK), which has its hash
burned in the SoC's eFuses. Signatures are made using RSA-2048 + SHA256.
The pseudo-ASN.1 structure is manually assembled; this is done to work
around bugs/quirks in the boot ROM, which vary between SoCs. This TOC0
implementation has been verified to work with the A50, A64, H5, H6,
and H616 SBROMs, and it may work with other SoCs.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Acked-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
When u-boot is used as a chain-loaded bootloader (replacing OS kernel),
previous bootloader leaves data in RAM, that can be reused.
For example, on recent arm linux system, when chainloading u-boot,
there are initramfs and fdt in RAM prepared for OS booting. Initramfs
may be modified to store u-boot's payload, thus providing the ability to
use chainloaded u-boot to boot OS without any storage support.
Two config options added:
- SAVE_PREV_BL_INITRAMFS_START_ADDR
saves initramfs start address to 'prevbl_initrd_start_addr' environment
variable
- SAVE_PREV_BL_FDT_ADDR
saves fdt address to 'prevbl_fdt_addr' environment variable
Signed-off-by: Dzmitry Sankouski <dsankouski@gmail.com>
Cc: Tom Rini <trini@konsulko.com>
Unfortunately, we require additional logic to buildman to support this
removal and still use SYS_SOC, etc, for build targets.
This reverts commit eeec00072d.
Signed-off-by: Tom Rini <trini@konsulko.com>
This converts the following to Kconfig:
CONFIG_SYS_MONITOR_BASE
Note that for how this is re-used on some PowePC platforms, we introduce
CONFIG_SPL_SYS_MONITOR_BASE and CONFIG_TPL_SYS_MONITOR_BASE and use the
CONFIG_VAL macro to get the correct value at build time, in the code.
Signed-off-by: Tom Rini <trini@konsulko.com>
Add a stage pre-load to the command bootm.
Right now, this stage may be used to read a
header and check the signature of the full
image.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Add a stage pre-load that could
check or modify an image.
For the moment, only a header with a signature is
supported. This header has the following format:
- magic : 4 bytes
- version : 4 bytes
- header size : 4 bytes
- image size : 4 bytes
- offset image signature : 4 bytes
- flags : 4 bytes
- reserved0 : 4 bytes
- reserved1 : 4 bytes
- sha256 of the image signature : 32 bytes
- signature of the first 64 bytes : n bytes
- image signature : n bytes
- padding : up to header size
The stage uses a node /image/pre-load/sig to
get some informations:
- algo-name (mandatory) : name of the algo used to sign
- padding-name : name of padding used to sign
- signature-size : size of the signature (in the header)
- mandatory : set to yes if this sig is mandatory
- public-key (madatory) : value of the public key
Before running the image, the stage pre-load checks
the signature provided in the header.
This is an initial support, later we could add the
support of:
- ciphering
- uncompressing
- ...
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
The code was mistakenly initializing the input buffer twice.
Tested to be working on BeagleBone by adjusting CONFIG_SYS_BOOTM_LEN to
64MiB (probably works with less) and preparing uImage with:
cat arch/arm/boot/Image \
| zstd --ultra -22 --zstd=windowLog=22 \
> linux.bin.zst
mkimage -A arm -T kernel uImage -C zstd -d linux.bin.zst \
-a 0x80008000 -e 0x80008000
Without the windowLog restriction, bootm fails with a zstd decompression
error 7 (window too large), which I haven't troubleshooted.
There should be a bit more documentation on the feature...
Reviewed-by: Simon Glass <sjg@chromium.org>
Fixes: 458b30af66 image: Update image_decomp() to avoid ifdefs
This converts the following to Kconfig:
CONFIG_BOOT_RETRY_TIME
CONFIG_BOOT_RETRY_MIN
CONFIG_RESET_TO_RETRY
We also introduce CONFIG_BOOT_RETRY to gate these options, and clean up
the associated Makefile entry and C code for picking default values of
CONFIG_BOOT_RETRY_MIN.
Signed-off-by: Tom Rini <trini@konsulko.com>
this will add kaslrseed keyword to sysboot lable,
when it set, it will request to genarate random number
from hwrng as kaslr-seed.
with this patch exlinux.conf label looks like
label l0
menu testing
linux /boot/vmlinuz-5.15.16-arm
initrd /boot/initramfs-5.15.16-arm.img
fdtdir /boot/dtbs/5.15.16-arm/
kaslrseed
append root=UUID=92ae1e50-eeeb-4c5b-8939-7e1cd6cfb059 ro
Tested on Khadas VIM with kernel 5.16.0-rc5-arm64, Debian 11.
Signed-off-by: Zhang Ning <zhangn1985@qq.com>
The Lichee Pi Nano is a board based on the F1C100s.
Add defconfigs for it.
Signed-off-by: Icenowy Zheng <icenowy@aosc.io>
Signed-off-by: Jesse Taube <Mr.Bossman075@gmail.com>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At present we rely on the key blob being in the global_data fdt_blob
pointer. This is true in U-Boot but not with tools. For clarity, pass the
parameter around.
Signed-off-by: Simon Glass <sjg@chromium.org>
Put the parent node first in the parameters as this is more natural. Also
add a comment to explain what is going on.
Signed-off-by: Simon Glass <sjg@chromium.org>
We should be consistent in using the term 'signature' to describe a value
added to sign something and 'key' to describe the key that can be used to
verify the signature.
Tidy up the code to stick to this.
Add some comments to fit_config_verify_key() and its callers while we are
here.
Signed-off-by: Simon Glass <sjg@chromium.org>
This will allow consumers to choose a pxe label at runtime instead of
having to prompt the user. One good use-case for this, is choosing
whether or not to apply a dtbo depending on the hardware configuration.
e.g: for TI's AM335x EVM, it would be convenient to apply a particular
dtbo only when the J9 jumper is on PRUSS mode. To achieve this, the
pxe menu should have 2 labels, one with the dtbo and the other without,
then the "pxe_label_override" env variable should point to the label with
the dtbo at runtime only when the jumper is on PRUSS mode.
This change can be used for different use-cases and bring more
flexibilty to consumers who use sysboot/pxe_utils.
if "pxe_label_override" is set but does not exist in the pxe menu,
the code should fallback to the default label if given, and no failure
is returned but rather a warning message.
Signed-off-by: Amjad Ouled-Ameur <aouledameur@baylibre.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
LynxOS needed the do_bootm_lynxkdi() function that got removed in
7e713067ee ("Remove LYNX KDI remainders") - and that function needed
a lynxkdi_boot() function, where the last implementation had been
removed in 98f705c9ce ("powerpc: remove 4xx support") already. Looks
like this OS is definitely not supported anymore, so remove it from
the corresponding lists.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Stefan Roese <sr@denx.de>
In order to finish moving this symbol to Kconfig for all platforms, we
need to do a few more things. First, for all platforms that define this
to a function, introduce CONFIG_DYNAMIC_SYS_CLK_FREQ, similar to
CONFIG_DYNAMIC_DDR_CLK_FREQ and populate clock_legacy.h. This entails
also switching all users from CONFIG_SYS_CLK_FREQ to get_board_sys_clk()
and updating a few preprocessor tests.
With that done, all platforms that define a value here can be converted
to Kconfig, and a fall-back of zero is sufficiently safe to use (and
what is used today in cases where code may or may not have this
available). Make sure that code which calls this function includes
<clock_legacy.h> to get the prototype.
Signed-off-by: Tom Rini <trini@konsulko.com>
In strange cases it is possible for fdtgrep to find nothing to output.
Typically this means that the resulting SPL device tree is not going to
allow anything to boot, but at present the tree is actually invalid,
since it only has an END tag in the struct region.
The FDT spec requires at least a root node. So add a special case to
include at least this, if the FDT_REG_SUPERNODES flag is set.
This ensures that grepping an empty tree still produces a valid tree.
Also add comments to the enum since it is not completely obvious from
the names now.
The typical symptom of this problem is a message from binman:
pylibfdt error -11: FDT_ERR_BADSTRUCTURE
Signed-off-by: Simon Glass <sjg@chromium.org>
If using OF_CONTROL, fdtcontroladdr is set to the fdt used to configure
U-Boot. When using PXE, if no fdt is defined in the menu file, and
there is no fdt at fdt_addr, add fall back on fdtcontroladdr too.
We are developing board support for the Armv8r64 FVP using
config_distro_bootcmd. We are also using OF_BOARD and would like the
PXE boot option to default to the fdt provided by board_fdt_blob_setup.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ramon Fried <rfried.dev@gmail.com>
Fix inconsistent function parameter name of the hash algorithm.
Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Fixes: 92055e138f ("image: Drop if/elseif hash selection in calculate_hash()")
Reviewed-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Simon Glass <sjg@chromium.org>
This has different semantics in different places. Go with the bootm method
and put it in a common function so that the behaviour is consistent in
U-Boot. Update the docs.
To be clear, this changes the way that 'bootelf' and standalone boot
work. Before, if autostart was set to "fred" or "YES", for example, they
would consider that a "yes". This may change behaviour for some boards,
but the only in-tree boards which mention autostart use "no" to disable
it, which will still work.
Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Wolfgang Denk <wd@denx.de>
Compiler is not happy:
common/image-board.c: In function ‘boot_get_kbd’:
common/image-board.c:902:17: warning: implicit declaration of function ‘do_bdinfo’ [-Wimplicit-function-declaration]
902 | do_bdinfo(NULL, 0, 0, NULL);
| ^~~~~~~~~
Move the forward declaration to a header.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Both U-Boot proper and SPL entries were using the same description.
Fixes: b55881dd ("bootstage: Add SPL support")
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The last board that used to set CONFIG_LYNXKDI has been removed in
commit 242836a893 ("powerpc: ppc4xx: remove pcs440ep support"),
doc/README.lynxkdi only talks about a MPC8260 board being supported,
and the mpc8260 support has been removed four years ago in commit
2eb48ff7a2 ("powerpc, 8260: remove support for mpc8260") already,
and common/lynxkdi.c only consists of an "#error" statement these
days, so it seems like the LYNX KDI code is dead code nowadays.
Let's remove it now.
Signed-off-by: Thomas Huth <thuth@redhat.com>
It is pretty strange that the pxe code uses the 'filesize' environment
variable find the size of a file it has just read.
Partly this is because it uses the command-line interpreter to parse its
request to load the file.
As a first step towards unwinding this, return it directly from the
getfile() function. This makes the code a bit longer, for now, but will be
cleaned up in future patches.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
Tested-by: Artem Lapkin <email2tema@gmail.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
This function no longer makes sense, since it is pretty easy to prepend
the boot directory to the filename. Drop it and update its only caller.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
Tested-by: Artem Lapkin <email2tema@gmail.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
The 'bootfile' environment variable is read in the bowels of pxe_util to
provide a directory to which all loaded files are relative.
This is not obvious from the API to PXE and it is strange to make the
caller set an environment variable rather than pass this as a parameter.
The code is also convoluted, which this feature implemented by
get_bootfile_path().
Update the API to improve this. Unfortunately this means that
pxe_setup_ctx() can fail, so add error checking.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
Tested-by: Artem Lapkin <email2tema@gmail.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
Both the syslinux and pxe commands use essentially the same code to parse
and run extlinux.conf files. Move this into a common function.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
Tested-by: Artem Lapkin <email2tema@gmail.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
There are a few more blank lines than makes sense for readability. Also
free() handles a NULL pointer so drop the pointless checks.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
Tested-by: Artem Lapkin <email2tema@gmail.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
