TCG EFI Protocol Specification defines that PCRIndex parameter
passed from caller must be 0 to 23.
TPM2_MAX_PCRS is currently used to check the range of PCRIndex,
but TPM2_MAX_PCRS is tpm2 device dependent and may have larger value.
This commit newly adds EFI_TCG2_MAX_PCR_INDEX macro, it is used to
check the range of PCRIndex parameter.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
TCG EFI Protocol Specification requires to the input
ProtocolCapability.Size < size of the EFI_TCG2_BOOT_SERVICE_CAPABILITY
up to and including the vendor ID field.
Current implementation does different calculation, let's fix it.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
TCG EFI Protocol Specification defines the required parameter
checking and return value for each API.
This commit adds the missing parameter check and
fixes the wrong return value to comply the specification.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
When U-Boot is started we have to use the existing variables to determine
in which secure boot state we are.
* If a platform key PK is present and DeployedMode=1, we are in deployed
mode.
* If no platform key PK is present and AuditMode=1, we are in audit mode.
* Otherwise if a platform key is present, we are in user mode.
* Otherwise if no platform key is present, we are in setup mode.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Writing variables AuditMode and DeployedMode serves to switch between
Secure Boot modes. Provide a separate value for these in efi_auth_var_type.
With this patch the variables will not be read from from file even if they
are marked as non-volatile by mistake.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The UEFI specification requires that the signature database may only be
stored in tamper-resistant storage. So these variable may not be read
from an unsigned file.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
We should not first allocate memory and then report a rounded up value as
image size. Instead first round up according to section allocation and then
allocate the memory.
Fixes: 82786754b9 ("efi_loader: ImageSize must be multiple of SectionAlignment")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
In a section header VirtualSize may be zero. This is for instance seen in
the .sbat section of shim. In this case use SizeOfRawData as section size.
Fixes: 9d30a941cc ("efi_loader: don't load beyond VirtualSize")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Asherah Connor <ashe@kivikakk.ee>
This Kconfig symbol was never added to U-Boot but it was mentioned in the
origin commit c35df7c9e4 ("qemu: arm64: Add documentation for capsule
update"). That's why remove it from documentation to be accurate.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Currently it is possible to cancel loadx and loady commands by pressing
CTRL+X (CAN character) at least 3 times quickly.
All other U-Boot commands, including loadb and loads can be cancelled by
CTRL+C. So allow it also in xyz-modem code used by loadx and loady
commands. Implement it by handling CTRL+C (ETX character) in the same way
as CTRL+X (CAN character).
Due to how x/y-modem protocol works, it is required to press
CTRL+C or CTRL+X at least 3 times quickly.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Transfer termination tries to instruct sender that transfer was terminated.
Print error message and indicates aborted transfer in return value.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
In x-modem protocol EOF is not an error state at the end of file.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Variable xyz.len is set to -1 on error. At the end xyzModem_stream_read()
function calls memcpy() with length from variable xyz.len. If this variable
is set to -1 then value passed to memcpy is casted to unsigned value, which
means to copy whole address space. Which then cause U-Boot crash. E.g. on
arm64 it cause CPU crash: "Synchronous Abort" handler, esr 0x96000006
Fix this issue by checking that value stored in xyz.len is valid prior
trying to use it.
Signed-off-by: Pali Rohár <pali@kernel.org>
Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Per a request from Andre Przywara and agreed with by Peter Hoyes, the
vexpress aemv8r support wasn't quite ready to be merged, but the
discussion had moved off list. We should keep the first patch in the
series for now, but revert the rest. This reverts the following
commits:
e0bd6f31ce doc: Add documentation for the Arm vexpress board configs
30e5a449e8 arm: Use armv8_switch_to_el1 env to switch to EL1
b53bbca63b vexpress64: Add BASER_FVP vexpress board variant
2f5b7b7490 armv8: Add ARMv8 MPU configuration logic
37a757e227 armv8: Ensure EL1&0 VMSA is enabled
Signed-off-by: Tom Rini <trini@konsulko.com>
DMA is aligned to ARCH_DMA_MINALIGN(64 bytes), but as per spec, alignment
required is 4bytes only. Change DMA alignment from ARCH_DMA_MINALIGN to
GQSPI_DMA_ALIGN. Remove alignment of data length in non-exponential case.
Some minor improvements in the initialization to initialize gen_fifo
threshold and disable qspi controller while setting config register.
Signed-off-by: Ashok Reddy Soma <ashok.reddy.soma@xilinx.com>
Tested-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Current implementation uses auto mode for starting generic FIFO.
The recommendation from IP designers is to use manual mode, hence
change to manual start mode.
In fill genfifo first write to genfio and then trigger manual start.
Also enable and check for genfifo empty interrupt status in place of
genfifo not full interrupt.
Signed-off-by: Ashok Reddy Soma <ashok.reddy.soma@xilinx.com>
Tested-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
This Kconfig symbol was never added to U-Boot but it was mentioned in the
origin commit c35df7c9e4 ("qemu: arm64: Add documentation for capsule
update"). That's why remove it from documentation to be accurate.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
- Add position independent execution support for ARMv7
- Snapdragon, synquacer, vexpress64 fixes / improvements
- Prevent NEON register use on ARMv8
- Other assorted fixes
On some cases, the actual number of bytes read can be shorter
than what was requested. This can be handled gracefully by
taking this difference into account instead of exiting.
Signed-off-by: Thibault Ferrante <thibault.ferrante@gmail.com>
The prototype of psci_features() duplicated. Remove extra declaration.
Fixed: e21e3ffdd1 ("psci: Fix warnings when compiling with W=1")
Reported-by: Michael Scott <mike@foundries.io>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Old address doesn't exist anymore. Map it to new one.
Signed-off-by: Jernej Skrabec <jernej.skrabec@gmail.com>
Acked-by: Andre Przywara <andre.przywara@arm.com>
For ARMv8-A, NEON is standard, so the compiler can use it even when no
special target flags are provided. For example, it can use stores from
NEON registers to zero-initialize large structures. GCC 11 decides to
do this inside the DRAM init code for the Allwinner H6.
However, GCC 11 has a bug where it generates misaligned NEON register
stores even with -mstrict-align. Since the MMU is not enabled this early
in SPL, the misaligned store causes an exception and breaks booting.
Work around this issue by restricting the compiler to using GPRs only,
not vector registers. This prevents any future surprises relating to
NEON use as well.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Acked-by: Andre Przywara <andre.przywara@arm.com>
Create a new documentation section for Arm Ltd boards with a sub-page
for the vexpress board (FVP-A, FVP-R and Juno).
Document how the armv8_switch_to_el1 environment variable can be used
to switch between booting from S-EL2/S-EL1 at runtime on the BASER_FVP.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Use the environment variable armv8_switch_to_el1 to determine whether
to switch to EL1 at runtime. This is an alternative to the
CONFIG_ARMV8_SWITCH_TO_EL1 compile-time option.
The environment variable will be ineffective if the ARMV8_MULTIENTRY
config is used.
This is required by the Armv8r64 architecture, which must be able to
boot at S-EL1 for Linux but may need to boot at other ELs for other
systems.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
The BASER_FVP board variant is implemented on top of the BASE_FVP board
config (which, in turn, is based on the Juno Versatile Express board
config). They all share a similar memory map - for BASER_FVP the map is
inverted from the BASE_FVP
(https://developer.arm.com/documentation/100964/1114/Base-Platform/Base---memory/BaseR-Platform-memory-map)
* Create new TARGET_VEXPRESS64_BASER_FVP target, which uses the same
board config as BASE_FVP and JUNO
* Adapt vexpress_aemv8a.h header file to support BASER_FVP (and rename
to vexpress_aemv8.h)
* Enable config to switch to EL1 for the BASER_FVP
* Create vexpress_aemv8r defconfig
* Provide an MPU memory map for the BASER_FVP
For now, only single core boot is supported.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
[trini: Add MAINTAINERS, move BOOTCOMMAND to defconfig]
Signed-off-by: Tom Rini <trini@konsulko.com>
Armv8r64 is the first Armv8 platform that only has a PMSA at the
current exception level. The architecture supplement for Armv8r64
describes new fields in ID_AA64MMFR0_EL1 which can be used to detect
whether a VMSA or PMSA is present. These fields are RES0 on Armv8a.
Add logic to read these fields and, for the protection of the memory
used by U-Boot, initialize the MPU instead of the MMU during init, then
clear the MPU regions before transition to the next stage.
Provide a default (blank) MPU memory map, which can be overridden by
board configurations.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
On Armv8-R, the EL1&0 memory system architecture is configurable as a
VMSA or PMSA, and resets to an "architecturally unknown" value.
Add code to armv8_switch_to_el1_m which detects whether the MSA at
EL1&0 is configurable using the id_aa64mmfr0_el1 register MSA fields.
If it is we must ensure the VMSA is enabled so that a rich OS can boot.
The MSA and MSA_FRAC fields are described in the Armv8-R architecture
profile supplement (section G1.3.7):
https://developer.arm.com/documentation/ddi0600/latest/
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
The use of ARMv8.3 pointer authentication (PAuth) is governed by fields
in HCR_EL2, which trigger a 'trap to EL2' if not enabled. The reset
value of these fields is 'architecturally unknown' so we must ensure
that the fields are enabled (to disable the traps) if we are entering
the kernel at EL1.
The APK field disables PAuth instruction traps and the API field
disables PAuth register traps
Add code to disable the traps in armv8_switch_to_el1_m. Prior to doing
so, it checks fields in the ID_AA64ISAR1_EL1 register to ensure pointer
authentication is supported by the hardware.
The runtime checks require a second temporary register, so add this to
the EL1 transition macro signature and update 2 call sites.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
This reverts commit f7e16bb0c5, since
the U-Boot doesn't boot if it is booted directly from SPI-NOR with
CONFIG_POSITION_INDEPENDENT=y. Unless fixing this issue, it is better
to revert this change.
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
CONFIG_MMC_SPI_CRC_ON needs the crc16 functions, but it was not included
in an SPL build. For non-SPL builds, crc16.o is already added
unconditionally. This also removes CONFIG_SPL_YMODEM_SUPPORT from the
sifive board configs, which is only relevant for some ARM boards and was
only set for its side effect of adding crc16.o.
When running 'part list' for an ISO partition the numbers are not under the
labels.
Correct the alignment of the ISO partition list. With the patch the
output looks like:
Part Start Sect x Size Type
1 3720 5024 512 U-Boot
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The logic in msm_generate_mac_addr() was originally taken from the LK
bootloader where the serial number is a string and must be parsed first.
However, in U-Boot msm_board_serial() returns an u32 and
msm_generate_mac_addr() has quite complicated code that will first
print it as a hex string and then immediately parse it again.
What this function actually does at the end is to put the serial number
encoded as big endian (the order used for the hex string) into the u8 *mac.
Use put_unaligned_be32() to do that with bit shifts instead of going
through the string format.
This should be slightly more efficient and cleaner but does not result
in any functional difference.
Cc: Ramon Fried <rfried.dev@gmail.com>
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
At the moment U-Boot produces an empty MAC address (02:00:00:00:00:00)
if the eMMC is not used by anything in U-Boot (e.g. with
CONFIG_ENV_IS_NOWHERE=y instead of having the environment on eMMC).
This happens because then there is nothing that actually initializes
the eMMC and reads the "cid" that is later accessed.
To fix this, call mmc_init() to ensure the eMMC is initialized.
There is no functional difference if the eMMC is already initialized
since then mmc_init() will just return without doing anything.
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
A U-Boot image could be loaded and executed at a different
location than it was linked at.
For example, Aspeed takes a stable release version of U-Boot image
as the golden one for recovery purposes. When the primary storage
such as flash is corrupted, the golden image would be loaded to any
SRAM/DRAM address on demands through ethernet/UART/etc and run for
rescue.
To deal with this condition, the PIE is needed as there is only one
signed, golden image, which could be however executed at different
places.
This patch adds the PIE support for ARMv7 platform.
Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
This new option allows to disable ahci-pci driver in SPL. Disabling it is
needed when SPL_PCI is not enabled as ahci-pci depends on PCI.
This change fixes following compile error when CONFIG_SPL_SATA_SUPPORT is
enabled and SPL_PCI is disabled.
LD spl/u-boot-spl
arm-linux-gnueabihf-ld.bfd: drivers/ata/ahci.o: in function `ahci_probe_scsi_pci':
drivers/ata/ahci.c:1205: undefined reference to `dm_pci_map_bar'
arm-linux-gnueabihf-ld.bfd: drivers/ata/ahci.c:1215: undefined reference to `dm_pci_read_config16'
arm-linux-gnueabihf-ld.bfd: drivers/ata/ahci.c:1216: undefined reference to `dm_pci_read_config16'
arm-linux-gnueabihf-ld.bfd: drivers/ata/ahci.c:1220: undefined reference to `dm_pci_map_bar'
make[1]: *** [scripts/Makefile.spl:512: spl/u-boot-spl] Error 1
make: *** [Makefile:1977: spl/u-boot-spl] Error 2
LD spl/u-boot-spl
arm-linux-gnueabihf-ld.bfd: drivers/ata/ahci-pci.o: in function `ahci_pci_probe':
drivers/ata/ahci-pci.c:21: undefined reference to `ahci_probe_scsi_pci'
make[1]: *** [scripts/Makefile.spl:512: spl/u-boot-spl] Error 1
make: *** [Makefile:1977: spl/u-boot-spl] Error 2
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
File drivers/ata/ahci-pci.c calls function ahci_probe_scsi_pci() which is
compiled only when DM_PCI is enabled. So add missing dependency into
Kconfig.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
The ds1307 driver also supports the DS1339 and DS1340.
However, in ds1307_rtc_reset the register writes assume that the chip
is a DS1307. This is evident in the writing of bits SQWE, RS1, RS0 to
the control register. While this applies correctly to the DS1307, on a
DS1340 the control register doesn't contain those bits (instead, the
register is used for clock calibration). By writing these bits the
clock calibration will be changed and the chip can become
non-functional after a reset call.
Signed-off-by: Callum Sinclair <callum.sinclair@alliedtelesis.co.nz>
Enabling CONFIG_SYS_THUMB_BUILD produces a significantly smaller
U-Boot binary (250 KiB vs 320 KiB) that still seems to be fully
functional. Make use of that by default but keep it as "imply" so it
can be disabled for testing in case this causes trouble for someone.
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
Over the time, the "stemmy" U-Boot board was tested on several other
Samsung smartphones based on ST-Ericsson NovaThor Ux500. Convert the
documentation to reStructuredText at doc/board/ste/stemmy.rst and
make the device list complete. Also note that the board now boots
into USB Fastboot instead of just ending up at the U-Boot prompt.
The device table is mostly taken from the postmarketOS wiki article
(https://wiki.postmarketos.org/wiki/ST-Ericsson_NovaThor_U8500).
All the newly added devices were tested by Linus Walleij.
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
Make use of the new drivers for ARM U8500 introduced in the U-Boot
2021.10 merge window by adding basic support for USB Fastboot with
the "stemmy" board. As a first step this will always boot directly
into USB Fastboot for now with the console displayed on the screen
to make that obvious.
Samsung uses quite strange GPT partition labels on these boards,
so also add a bunch of fastboot_partition_alias_* to make this more
easy to use.
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
So far there is no need for a clock driver in U-Boot because the
previous boot stage leaves all the necessary clocks on. However,
some drivers in U-Boot (e.g. arm_pl180_mmci) depend on having a clock
driver to obtain the clock frequency.
Setting up the clock drivers properly is a bit tricky on U8500,
so for now add a simple fixed-clock for the eMMC that allows obtaining
the clock frequency. This should be replaced eventually if some board
actually requires enabling some of the clocks.
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
Update ste-dbx5x0.dtsi, ste-ab8500.dtsi and ste-ab8505.dtsi with
the changes made in upstream Linux. They are taken from
https://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-nomadik.git/
branch "ux500-dts-for-v5.15" (pending merge for Linux 5.15).
The only relevant change for U-Boot here is
"ARM: dts: ux500: ab8500: Link USB PHY to USB controller node" [1]
which links the USB PHY to the USB controller. This is necessary on
U-Boot because the PHY driver is implemented as part of the generic
PHY subsystem that makes use of these bindings.
[1]: https://lore.kernel.org/linux-arm-kernel/20210709182234.47232-1-stephan@gerhold.net/
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>