Add HABv4 documentation for non-SPL targets covering the
following topics:
- How to sign an securely boot an u-boot-dtb.imx image.
- How to extend the root of trust for additional boot images.
- Add 3 CSF examples.
- Add IVT generation script example.
Reviewed-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
The HABv4 is supported in i.MX50, i.MX53, i.MX6, i.MX7,
series and i.MX 8M, i.MX8MM devices.
Add an introductory document containing the following topics:
- HABv4 Introduction
- HABv4 Secure Boot
- HABv4 Encrypted Boot
- HAB PKI tree generation
- HAB Fast Authentication PKI tree generation
- SRK Table and SRK Hash generation
Reviewed-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
There is no need to have an extra hab directory under doc/imx/.
Habv4 and AHAB documentation can be added directly in doc/imx/ for a
cleaner documentation structure.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Import liteSOM and liteboard dts files from Linux v4.20. They will
be used after transition to driver model and device-tree based boot.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
The initialization of the NAND in SPL hard-coded ecc.bytes,
ecc.size, and ecc.strength which may work for some NAND parts,
but it not appropriate for others. With the pending patch
"mxs_nand: Fix BCH read timeout error on boards requiring ECC"
the driver can auto configure the ECC when these entries are
blank. This patch has been tested in NAND flash with oob 64
and oob 128.
Signed-off-by: Adam Ford <aford173@gmail.com>
Tested-by: Jörg Krause <joerg.krause@embedded.rocks>
Acked-by: Tim Harvey <tharvey@gateworks.com>
Tested-by: Tim Harvey <tharvey@gateworks.com>
When DM_REGULATOR is enabled, the driver attempts to call
regulator_autoset() which expects the regulators to be on at boot
and/or always on and fails if they are not true.
For a more generic approach, this patch just calls
regulator_set_enable() which shouldn't have such restrictions.
Fixes: ad8c43cbca ("net: dm: fec: Support the phy-supply
binding")
Signed-off-by: Adam Ford <aford173@gmail.com>
Tested-by: Martin Fuzzey <martin.fuzzey@flowbird.group>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
The Ethernet has been broken for some time. This patch unifies
this board with a few others that use a similar approach to
enabling phy. This fixes ar8031 Ethernet controller so it works.
Signed-off-by: Adam Ford <aford173@gmail.com>
mxs_nand_init_dma is only referenced from mxs_nand.c. It's not
referenced in any headers or outside code, so this patch
defines it as static.
Signed-off-by: Adam Ford <aford173@gmail.com>
The LogicPD board uses a Micron Flash with ECC. To boot this from
SPL, the ECC needs to be correctly configured or the BCH engine
times out.
Signed-off-by: Adam Ford <aford173@gmail.com>
Acked-by: Stefan Agner <stefan.agner@toradex.com>
Tested-by: Jörg Krause <joerg.krause@embedded.rocks>
Acked-by: Tim Harvey <tharvey@gateworks.com>
Tested-by: Tim Harvey <tharvey@gateworks.com>
This patch extends the vf610 DDR memory controller code to support SW
leveling.
Signed-off-by: Lukasz Majewski <lukma@denx.de>
Reviewed-by: Stefan Agner <stefan.agner@toradex.com>
This patch provides the code to calibrate the DDR's
DQS to DQ signals (RDLVL).
It is based on:
VFxxx Controller Reference Manual, Rev. 0, 10/2016, page 1600
10.1.6.16.4.1 "Software Read Leveling in MC Evaluation Mode"
and NXP's community thread:
"Vybrid: About DDR leveling feature on DDRMC."
https://community.nxp.com/thread/395323
Signed-off-by: Lukasz Majewski <lukma@denx.de>
Goodness this time around:
- HII protocol, finally allows us to run the UEFI Shell!
(experimantal, disabled by default)
- efi selftest now available on Cortex-M
- NVMe support for distro boot
- Lots of code cleanup
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABAgAGBQJcY9m6AAoJECszeR4D/txgTikP/3J6vXriBjXh13AtsGQpCeaC
9HCRHV/iR4MNki1EaexoGkF5Mnb6ARufuG4ru+6X9lrrQWbgIyzr0NWH6ZQEz31u
MENZG5iO9fo5IZJrfc/pkBk0++dB/N/3/h0PgN6/Y3rVkUVXbkYieX7D8J62T4kn
mkpZJTRqOZD16RAk4tENOOpVclrU8HkUccg8+MgxSN0TqX18oxF4Wgbgn2GGoU8R
ANF/6Ke6mOAxUedA58Y9KflZ02q0bThoMtBYeWxI+WYCsGVgH9a4Q/TVwhZMbjH0
dAj3aAIRf6TmAOcQAlHhT8muruYlO6ri8ztq/PB/3ThDvagc4dnrXNxDFWlo6Y4q
WPJBw9TAGDpnpDplx4WW6CJdP9HlXH/NIFWEYokqyeLcnjcvvH34zfrgWTcD8epJ
gtDzLO2YsblA+q5SsbzAk/BsNjLpkzA1St7S/vZFCVNbazBAZgGUD2NoChI3MfM7
n0KQr5rlvrdckYRhln6IEZBXvs0drsb9Ki4g7jw1N9PDMmUW8uwArGINT2Zi2HW0
lPkf+jlw30ds2zcHoUH0EA8cfYgdTzvCLIKjmodN4nd/taKN292NbTmaQeZQ9wqG
TclMiyY9VoqIeKV4l44q9lxdowS82cb0G203eHyTIOAFJlNtuthNdISJIFIrqljA
na3RDAFYC8Ibfo+zIgLb
=g6l7
-----END PGP SIGNATURE-----
Merge tag 'signed-efi-next' of git://github.com/agraf/u-boot
Patch queue for efi - 2019-02-13
Goodness this time around:
- HII protocol, finally allows us to run the UEFI Shell!
(experimantal, disabled by default)
- efi selftest now available on Cortex-M
- NVMe support for distro boot
- Lots of code cleanup
We check the existence of files with fs_exist(). This function calls
fs_close(). If we do not set the active block device again fs_opendir()
fails and we do not set the flag EFI_FILE_DIRECTORY. Due to this error the
`cd` command in the EFI shell fails.
So let's add the missing set_blk_dev(fh) call.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
We have to ensure while printing UTF16 strings that we do not exceed the
end of the print buffer.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
Heinrich ran into issues with HII and iPXE which lead to #SErrors on
his Odroid-C2 system. We definitely do not want to regress just yet,
so let's not expose the HII protocols by default.
Instead, let's make it a config option that people can play with
This way, we can stabilize the code in tree without breaking any
users.
Once someone figures out, why this breaks iPXE (probably a NULL
dereference), we can enable it by default.
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
---
v1 -> v2:
- Remove HII selftest as well
v2 -> v3:
- Make config option
Commit 81ea00838c ("efi_loader: PSCI reset and shutdown") put the SMCCC
assembly code into the efi specific code section. This is wrong when we
do not have EFI_LOADER enabled, as that strips efi runtime sections from
the output binary
Reported-by: Michal Simek <monstr@monstr.eu>
Reported-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Tested-by: Michal Simek <monstr@monstr.eu>
Fixes: 81ea00838c ("efi_loader: PSCI reset and shutdown")
Signed-off-by: Alexander Graf <agraf@suse.de>
For correct indention use EFI_PRINT() instead of debug().
For printing efi_uintn_t or size_t use the %zu or %zx format code.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
efi_st_printf() does not support format code %ld. Anyway the format code
for size_t would be %zu which isn't supported either.
We do not want any divisions to avoid invalid references to integer
arithmetic routines, cf.
https://gcc.gnu.org/onlinedocs/gccint/Integer-library-routines.html.
As a simple remedy remove the noisy messages from the output.
They are not relevant for automated testing.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
This efi_selftest tests HII database protocol and HII string protocol.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch is a place holder for HII configuration routing protocol and
HII configuration access protocol.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
Allow for handling keyboard layout package in HII database protocol.
A package can be added or deleted in HII database protocol, but
we don't set 'current' keyboard layout as there is no driver that
requests a keyboard layout.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
Allow for handling GUID package in HII database protocol.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch provides enough implementation of the following protocols to
run EDKII's Shell.efi and UEFI SCT:
* EfiHiiDatabaseProtocol
* EfiHiiStringProtocol
Not implemented are:
* ExportPackageLists()
* RegisterPackageNotify()/UnregisterPackageNotify()
* SetKeyboardLayout() (i.e. *current* keyboard layout)
HII database protocol in this patch series can handle only:
* GUID package
* string package
* keyboard layout package
(The other packages, except Device path package, will be necessary
for interactive and graphical UI.)
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Signed-off-by: Rob Clark <robdclark@gmail.com>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
arch/x86/lib/string.c contains assembler implementations of memcpy(),
memmove(), and memset() written for i386. Don't use it on x86_64.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Our implementation of GetNextVariableName() relies on
CONFIG_REGEX=y. So EFI_LOADER has to select it.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Our current implementation of GetNextVariableName() first collects all EFI
variables. If none is found at all hexport_r() returns a zero length string
terminated by \0 and the value 1 as number of bytes in the returned buffer.
In this case GetNextVariableName() has to return EFI_NOT_FOUND.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Symbolic links are not supported on all file systems, e.g. not on FAT. So
it is not wise to use them in our source tree.
Use a qualified path to refer to lib/efi_loader/efi_freestanding.c in
scripts/Makefile.lib instead.
Reported-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
[agraf: Fix build with O=]
Signed-off-by: Alexander Graf <agraf@suse.de>
Helloworld does not need its own memcpy() implementation anymore. Use the
one provided in efi_freestanding.c.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
GCC requires that freestanding programs provide memcpy(), memmove(),
memset(), and memcmp().
Add the library functions when building a *.efi files.
The EFI selftests might use other compilation flags. So use a symbolic
link to provide lib/efi_selftest/efi_freestanding.c and compile it
separately.
Reported-by: Alexander Graf <agraf@suse.de>
Fixes: 5be444d14b38 ("efi_loader: consistent build flags for EFI applications")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
GCC requires that freestanding programs provide memcpy(), memmove(),
memset(), and memcmp().
Provide the required library functions.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
There is a bug in efi variables test.
Fix it with some cosmetic improvements.
Please note that efi variables test still fails at QueryVariableInfo()
and GetVariable(), but this is not due to a change in this patch.
==8<==
Testing EFI API implementation
Selected test: 'variables'
Setting up 'variables'
Setting up 'variables' succeeded
Executing 'variables'
.../u-boot/lib/efi_selftest/efi_selftest_variables.c(60):
TODO: QueryVariableInfo failed
.../u-boot/lib/efi_selftest/efi_selftest_variables.c(131):
TODO: GetVariable returned wrong length 7
.../u-boot/lib/efi_selftest/efi_selftest_variables.c(133):
TODO: GetVariable returned wrong value
Executing 'variables' succeeded
Boot services terminated
Summary: 0 failures
==>8==
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
The current GetNextVariableName() is a placeholder.
With this patch, it works well as expected.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
rebased on efi-next
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Comment the functions implementing the runtime variable services.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Replace duplicate function mem2hex() by inline function bin2hex().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Use existing inline function hex2bin() instead of defining a new one.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Remove duplicate definition o EFI_SIMPLE_FILE_SYSTEM_PROTOCOL_GUID.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
At the same time adding and removing the -Os flag does not make any sense.
Actually it leads to -Os not being used.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
UTF-16 strings in our code should all be u16 *. Fix an inconsistency for
file names which may lead to a warning for printf("%ls", ).
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
CopyMem() must support overlapping buffers. So replace memcpy() by
memmove().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Refactor the switch from supervisor to hypervisor to a new function called
at the beginning of do_bootefi().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Stating the function module is sufficient. We don't need file and line
number. Anyway the format code for the line number was incorrect (should
be %d).
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
For some API calls checks for the return values are missing.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
For some API calls checks for the return values are missing.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Running the simple network protocol test on the sandbox requires setting
the environment variable ethact to a network interface connected to a DHCP
server and ethrotate to 'no'. So let's make it an on-request test on the
sandbox (selectable by setting environment variable efi_selftest).
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
The SetVariable() runtime service does not change the data passed to it.
So mark the parameter as constant.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
The runtime variable services never change GUIDs. So we should declare
the GUID parameters as constant.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
The function, efi_init_obj_list(), can be shared in different pseudo efi
applications, like bootefi/bootmgr as well as my efishell. Moreover, it
will be utilized to extend efi initialization, for example, my "removable
disk support" patch and "capsule-on-disk support" patch in the future.
So with this patch, it will be moved to a new file, efi_setup.c, under
lib/efi_loader and exported, making no changes in functionality.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Remove lines deactivated by #if 1 #else
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>