get_ticks does not always succeed. Sometimes it can be called before the
timer has been initialized. If it does, it returns a negative errno.
This causes the timer to appear non-monotonic, because the value will
become much smaller after the timer is initialized.
No users of get_ticks which I checked handle errors of this kind. Further,
functions like tick_to_time mangle the result of get_ticks, making it very
unlikely that one could check for an error without suggesting a patch such
as this one.
This patch panics if we ever get an error. There are two cases in which
this can occur. The first is if we couldn't find/probe the timer for some
reason. One reason for this is if the timer is not available so early. This
likely indicates misconfiguration. Another reason is that the timer has an
invalid/missing device tree binding. In this case, panicing is also
correct. The second case covers errors calling get_count. This can only
occur if the timer is missing a get_count function (or on RISC-V, but that
should be fixed soon).
Fixes: c8a7ba9e6a
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Commit fdf0819afb (rsa: fix alignment issue when getting public
exponent) changed the logic to avoid doing an 8-byte access to a
possibly-not-8-byte-aligned address.
However, using rsa_convert_big_endian is wrong: That function converts
an array of big-endian (32-bit) words with the most significant word
first (aka a BE byte array) to an array of cpu-endian words with the
least significant word first. While the exponent is indeed _stored_ as
a big-endian 64-bit word (two BE words with MSW first), we want to
extract it as a cpu-endian 64 bit word. On a little-endian host,
swapping the words and byte-swapping each 32-bit word works, because
that's the same as byte-swapping the whole 64 bit word. But on a
big-endian host, the fdt32_to_cpu are no-ops, but
rsa_convert_big_endian() still does the word-swapping, breaking
verified boot.
To fix that, while still ensuring we don't do unaligned accesses, add
a little helper that first memcpy's the bytes to a local fdt64_t, then
applies fdt64_to_cpu(). [The name is chosen based on the
[bl]eXX_to_cpup in linux/byteorder/generic.h].
Fixes: fdf0819afb ("rsa: fix alignment issue when getting public exponent")
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Simon Glass <sjg@chromium.org>
The algo name should match between the FIT's signature node and the
U-Boot's control FDT.
If we do not check it, U-Boot's control FDT can expect sha512 hash but
nothing will prevent to accept image with sha1 hash if the signature is correct.
Signed-off-by: Matthieu CASTET <castet.matthieu@free.fr>
Binaries may be encrypted in a FIT image with AES. This
algo needs a key and an IV (Initialization Vector). The
IV is provided in a file (pointer by iv-name-hint in the
ITS file) when building the ITB file.
This commits adds provide an alternative way to manage
the IV. If the property iv-name-hint is not provided in
the ITS file, the tool mkimage will generate an random
IV and store it in the FIT image.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
We assign first_deleted = 0. There is no need to check its value without
any further assignment in between.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
It is sometimes useful to output hex dumps in SPL. Add a config option to
allow this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stefan Roese <sr@denx.de>
The result of fdt_node_offset_by_phandle is negative for error,
so this patch corrects the check of this result in
fdtdec_parse_phandle_with_args.
This patch allows to have the same behavior with or without OF_LIVE
for the function dev_read_phandle_with_args with cell_name = NULL and
with invalid phandle.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
CONFIG_EFI_GRUB_ARM32 is only needed for architectures with caches that are
not managed via CP15 (or for some outdated buggy versions of GRUB). It
makes more sense to disable the setting per architecture than per defconfig.
Move QEMU's CONFIG_EFI_GRUB_ARM32_WORKAROUND=n from defconfig to Kconfig.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When we do not execute a test requiring ExitBootServices do not reset the
system after testing.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Print the CRC32 loaded via the EFI_LOAD_FILE2_PROTOCOL as a hexadecimal
number.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
strsep() changes the address that its first argument points to.
We cannot use the changed address as argument of free().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
U-Boot offers a EFI_LOAD_FILE2_PROTOCOL which the Linux EFI stub can use to
load an initial RAM disk. Update the function comments of the
implementation.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Having an EFI_RNG_PROTOCOL without a backing RNG device leads to failure
to boot Linux 5.8.
Only install the EFI_RNG_PROTOCOL if we have a RNG device.
Reported-by: Scott K Logan <logans@cottsay.net>
Cc: Neil Armstrong <narmstrong@baylibre.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add an implementation of the DBG2 (Debug Port Table 2) ACPI table.
Adjust one of the header includes to be in the correct order, before
adding more.
Note that the DBG2 table is generic but the PCI UART is x86-specific at
present since it assumes an ns16550 UART. It can be generalised later
if necessary.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a function to generate ACPI code for a _DSM method for a device.
This includes functions for starting and ending each part of the _DSM.
Signed-off-by: Simon Glass <sjg@chromium.org>
[bmeng: fix the "new blank line at EOF" git warning]
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
A 'Power Resource for Wake' list the resources a device depends on for
wake. Add a function to generate this.
Signed-off-by: Simon Glass <sjg@chromium.org>
OP-TEE reserved memory node must set property "no-map" to prevent
Linux kernel from mapping secure memory unless what non-secure world
speculative accesses of the CPU can violate the memory firmware
configuration.
Fixes: 6ccb05eae0 ("image: fdt: copy possible optee nodes to a loaded devicetree")
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
Add boolean input argument @no_map to helper function
fdtdec_add_reserved_memory() to add or not "no-map" property
for an added reserved memory node.
Property no-map is used by the Linux kernel to not not map memory
in its static memory mapping. It is needed for example for the|
consistency of system non-cached memory and to prevent speculative
accesses to some firewalled memory.
No functional change. A later change will update to OPTEE library to
add no-map property to OP-TEE reserved memory nodes.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
On RISC-V check that the /chosen node has a boot-hartid property.
To run the test configure with CONFIG_CMD_BOOTEFI_SELFTEST=y and issue
setenv efi_selftest device tree
setenv serial# myserial
bootefi selftest
If the test succeeds, it reports the boot-hartid, e.g.
boot-hartid: 1
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Allow specifying the node on which a property is searched.
Test the device tree consistency more rigorously.
Some efi_st_printf() calls have been converted to efi_st_error().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Refine text for overlap_only_ram description to
match to what exactly flag does and aling description
with other functions.
Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Repair incorrectly negated condition in the original patch which broke
DT memory node parsing on everything which has more than one DT memory
node, e.g. R-Car3.
In case multiple valid memory nodes are present in the DT, the original
patch would complete parsing cycle for the first memory node, then move
on to the next one, identify it as a valid, and end the parsing. The fix
is to invert the condition, to make the code behave as it did before the
livetree conversion, so it would continue parsing the subsequent memory
nodes as well.
Fixes: c2f0950c33 ("lib: fdt: Convert fdtdes_setup_mem..() to livetree API")
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Michal Simek <michal.simek@xilinx.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Tested-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Michal Simek <michal.simek@xilinx.com>
Before calling do_reset() in the EFI selftest we must restore the global
data pointer.
Fixes: fa63753f86 ("efi_selftest: substitute ResetSystem() by do_reset()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
On RISC-V the global data pointer is stored in register gp. When a UEFI
binary calls the EFI API we have to restore it.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_var_mem_notify_exit_boot_services() is invoked when ExitBootServices()
is called by the UEFI payload.
efi_var_mem_notify_exit_boot_services() should not be defined as
__efi_runtime as it is invoking EFI_ENTRY() and EFI_EXIT() which themselves
are not __efi_runtime.
Fixes: f1f990a8c9 ("efi_loader: memory buffer for variables")
Fixes: e01aed47d6 ("efi_loader: Enable run-time variable support for tee based variables")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Fixes problem for unaligned 32bit big-endian access in
lib/rsa/rsa-keyprop.c.
Exchanges br_i32_decode() with get_unaligned_be32().
This will keep the unaligned access for architectures capable and will do
some byte-shift magic for the not so capable ones.
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-by: Robert Reither <robert.reither@external.thalesgroup.com>
Remove unused include.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Currently if the bootefi command fails due to missing authentication, the
user gets no feedback.
Write a log message 'Image not authenticated' if LoadImage() fails due to
missing authentication.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
After allocating to pointer ctx we should check that pointer and not
another pointer already checked above.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Since commit 86cf1c8285 ("configs: Migrate CONFIG_NR_DRAM_BANKS") &
commit 999a772d9f ("Kconfig: Migrate CONFIG_NR_DRAM_BANKS"),
CONFIG_NR_DRAM_BANKS is always defined with a value (4 is default).
It makes no sense to still carry code that is guarded with
"#ifndef CONFIG_NR_DRAM_BANKS" (and similar). This patch removes
all these unreferenced code paths.
Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
- Add basic Marvell/Cavium OcteonTX/TX2 support (Suneel)
- Infrastructure changes to PCI uclass to support these SoC's (Suneel)
- Add PCI, MMC & watchdog driver drivers for OcteonTX/TX2 (Suneel)
- Increase CONFIG_SYS_MALLOC_F_LEN for qemu-x86 (Stefan)
Cleaning up the following:
ERROR: do not use assignment in if condition
#281: FILE: drivers/xen/pvblock.c:260:
+ if ((err = xenbus_switch_state(XBT_NIL, nodename,
CHECK:COMPARISON_TO_NULL: Comparison to NULL could be written "err"
#52: FILE: drivers/xen/pvblock.c:298:
+ if (err != NULL) {
ERROR: do not use assignment in if condition
#176: FILE: drivers/xen/gnttab.c:103:
+ if ((flags = nflags) & (GTF_reading | GTF_writing)) {
WARNING: Missing or malformed SPDX-License-Identifier tag in line 1
#329: FILE: include/xen/gnttab.h:1:
+/*
WARNING: Misplaced SPDX-License-Identifier tag - use line 1 instead
#330: FILE: include/xen/gnttab.h:2:
+ * SPDX-License-Identifier: GPL-2.0
ERROR: do not use assignment in if condition
#630: FILE: lib/sscanf.c:558:
+ if ((n = inr) < width) {
Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Bootxxxx variables are provided by the user and therefore cannot be
trusted. We have to validate them before usage.
A device path provided by a Bootxxxx variable must have an end node within
the indicated device path length.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We need to check that device paths provided via UEFI variables are not
malformed.
Provide function efi_dp_check_length() to check if a device path has an
end node within a given number of bytes.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
