In this test case, a image binary, helloworld.efi.signed, is willfully
modified to print a corrupted message while the signature itself is
unchanged.
This binary must be rejected under secure boot mode.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
At the last step of PE image authentication, an image's hash value must be
compared with a message digest stored as the content (of SpcPeImageData type)
of pkcs7's contentInfo.
Fixes: commit 4540dabdca ("efi_loader: image_loader: support image authentication")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
This function is used to calculate a message digest as part of
authentication process in a later patch.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
In MS authenticode, pkcs7 should have data in its contentInfo field.
This data is tagged with SpcIndirectData type and, for a signed PE image,
provides a image's message digest as SpcPeImageData.
This parser is used in image authentication to parse the field and
retrieve a message digest.
Imported from linux v5.19-rc, crypto/asymmetric_keys/mscode*.
Checkpatch.pl generates tones of warnings, but those are not fixed
for the sake of maintainability (importing from another source).
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Commit 81755b8c20 ("usb: host: ehci-generic: Make resets and clocks
optional") improved the error check to cover the reset property being
optional. However this was using the wrong error variable for the
check, so would now never fail.
Use the correct error variable for checking the result of
reset_get_bulk(), to actually report genuine errors.
Fixes: 81755b8c20 ("usb: host: ehci-generic: Make resets and clocks optional")
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The requsted partition disk sector incorrectly has the parition start
sector added in twice for UCLASS_PARTITION devices. The efi_disk_rw_blocks()
routine adds the diskobj->offset to the requested lba. When the device
is a UCLASS_PARTITION, the dev_read() or dev_write() routine is called
which adds part-gpt_part_info.start. This causes I/O to the wrong sector.
Takahiro Akashi suggested removing the offset field from the efi_disk_obj
structure since disk-uclass.c handles the partition start biasing. Device
types other than UCLASS_PARTITION set the diskobj->offset field to zero
which makes the field unnecessary. This change removes the offset field
from the structure and removes all references from the code which is
isolated to the lib/efi_loader/efi_disk.c module.
This change also adds a test for the EFI ReadBlocks() API in the EFI
selftest code. There is already a test for reading a FAT file. The new
test uses ReadBlocks() to read the same "disk" block and compare it to
the data read from the file system API.
Signed-Off-by: Paul Barbieri <plb365@gmail.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Without the patch for qemu-x86_defconfig:
* sizeof(lbaint_t) = 4 in dev_read()
* sizeof(lbaint_t) = 8 in blkcache_read()
CONFIG_SYS_64BIT_LBA is defined in common.h via
include/configs/x86-common.h:22.
We have to include common.h before including blk.h.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The documentation above the DEFINE_ALIGN_BUFFER says it's for use
outside functions, but we're inside one.
Instead use ALLOC_CACHE_ALIGN_BUFFER, the stack based macro, which also
includes the cache alignment.
Fixes: b583348ca8 ("image: fit: Align hash output buffers")
Signed-off-by: Joel Stanley <joel@jms.id.au>
Tested-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Reviewed-by: Sean Anderson <sean.anderson@seco.com>
Both of us are working on NAND subsystem on several architectures and
we have boards and projects to improve the subsystem in uboot. The idea
is to guarantee quick feedback on patches sent on mailing list and most
of the time the possibilities to test them.
Cc: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
Acked-by: Tom Rini <trini@konsulko.com>
Since I'm leaving the company with end of June, the maintainership will
be transferred to Wolfgang Wallner.
Signed-off-by: Hannes Schmelzer <hannes.schmelzer@br-automation.com>
Signed-off-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
All the source code of clk-mem-n5x.c and clk-n5x.c are from Intel,
update the license to use both GPL2.0 and BSD-3 Clause because this
copy of code may used for open source and internal project.
Signed-off-by: Teik Heng Chong <teik.heng.chong@intel.com>
Reviewed-by: Tien Fong Chee <tien.fong.chee@intel.com>
Before relocating to SDRAM, the ECC is initialized by clearing the
whole SDRAM. In order to speed this up, dcache_enable is used (see
sdram_init_ecc_bits).
Since commit 503eea4519 ("arm: cp15: update DACR value to activate
access control"), this no longer works, because running code in OCRAM
with the XN bit set causes a page fault. Override dram_bank_mmu_setup
to disable XN in the OCRAM and setup DRAM dcache before relocation.
Signed-off-by: Paweł Anikiel <pan@semihalf.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
For some reason, on the Mercury+ AA1 module, calling
fpgamgr_wait_early_user_mode immediately after writing the peripheral
bitstream leaves the fpga in a broken state (ddr calibration hangs).
Adding a delay before the first sync word is written seems to fix this.
Inspecting the fpgamgr registers before and after the delay,
imgcfg_FifoEmpty is the only bit that changes. Waiting for this bit
(instead of a hardcoded delay) also fixes the issue.
Signed-off-by: Paweł Anikiel <pan@semihalf.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Apply some optimizations to speed up bitstream loading
(both for full and split periph/core bitstreams):
* Change the size of the first fs read, so that all the subsequent
reads are aligned to a specific value (called MAX_FIRST_LOAD_SIZE).
This value was chosen so that in subsequent reads the fat fs driver
doesn't have to allocate a temporary buffer in get_contents
(assuming 8KiB clusters).
* Change the buffer size to a larger value when reading to ddr
(but not too large, because large transfers cause a stack overflow
in the dwmmc driver).
Signed-off-by: Paweł Anikiel <pan@semihalf.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Using udelay while the clocks aren't fully configured causes the timer
system to save the wrong clock rate. Use sdelay and wait_on_value
instead (the values used in these functions were found experimentally).
Signed-off-by: Paweł Anikiel <pan@semihalf.com>
Reviewed-by: Tien Fong Chee <tien.fong.chee@intel.com>
This driver is a child of the rstmgr driver, both of which share the
same devicetree node. As a result, passing the child's udevice pointer
to dev_read_addr_ptr results in a failure of reading the #address-cells
property. Use the parent udevice pointer instead.
Signed-off-by: Paweł Anikiel <pan@semihalf.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
From the ATSHA204A datasheet (document DS40002025A):
Wake: If SDA is held low for a period greater than tWLO, the device
exits low-power mode and, after a delay of tWHI, is ready to receive
I2C commands.
tWHI value can be found in table 7-2.
Signed-off-by: Paweł Anikiel <pan@semihalf.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add defconfig and Kconfig files for Google Chameleon V3 board
Signed-off-by: Paweł Anikiel <pan@semihalf.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add devicetrees for Google Chameleon V3 board
Signed-off-by: Paweł Anikiel <pan@semihalf.com>
Signed-off-by: Alexandru M Stan <amstan@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add handoff headers for the Google Chameleonv3 variants: 480-2 and
270-3. Both files were generated using qts-filter-a10.sh.
Signed-off-by: Paweł Anikiel <pan@semihalf.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
- Fix for rk3328 nonopi-r2s boot env;
- Fix for rk8xx pmic boot on power plug-in;
- Fix for tee.bin support in fit image;
- rk3288 board dts update or fix;
- Some rk3399 board fix;
mxs_nand_command() implementation assume that it's working with a
LP NAND, which is a common case nowadays and thus uses two bytes
for column address.
However this is wrong for NAND_CMD_READID and NAND_CMD_PARAM, which
expects only one byte of column address, even for LP NANDs.
This leads to ONFI detection problem with some NAND manufacturer (like
Winbond) but not with others (like Samsung and Spansion)
We fix this with a simple workaround to avoid the 2nd byte column address
for those two commands.
Also align the code with nand_base to support 16 bit devices.
Tested on an iMX6SX device with:
* Winbond W29N04GVSIAA
* Spansion S34ML04G100TF100
* Samsung K9F4G08U00
Tested on imx8mn device with:
* Windbond W29N04GV
Signed-off-by: Andrea Scian <andrea.scian@dave.eu>
CC: Stefano Babic <sbabic@denx.de>
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
Reviewed-by: Fabio Estevam <festevam@denx.de>
Sync the pinebook pro to upstream 5.18, in particular this brings
brings in a fix so the DP is disabled so Linux will actually boot.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
The Rockpro64 has some GPIO leds so let's enable them so the
user gets some output in early boot.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Set a default offset for environment so it doesn't write it to
unexpected locations, drop unneeded mtd config option.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
For Rockchip boards with the all rk8xx series PMICs (excluding the
rk808), it is sometimes desirable to not boot whenever the device is
plugged in. An example would be for the Odroid Go Advance.
This provides a configurable option to check the PMIC says it was
powered because of a plug-in event. If the value is 1 and this option
is selected, the device shuts down shortly after printing a message
to console stating the reason why it's shutting down. Powering up the
board with the power button is not affected.
This patch parallels the work done in the following patch series:
https://lore.kernel.org/u-boot/20220121133732.2397273-1-andre.przywara@arm.com/
Signed-off-by: Chris Morgan <macromorgan@hotmail.com>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
Add support for sysreset shutdown for this PMIC. The values were pulled
from the various datasheets, but for now it has only been tested on
the rk817 (for an Odroid Go Advance).
Signed-off-by: Chris Morgan <macromorgan@hotmail.com>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
This commit adds support for the OP-TEE 'tee.bin' v1 format for Rockchip
platforms.
Since OP-TEE 3.8.0, tee.bin contains meta-data in a proprietary format
in addition to the ELF data. They are essential information for proper
initialization of the TEE core, such as the size of the memory region
covered by the TEE or a compact representation of runtime relocation
data when ASLR is enabled.
With OP-TEE 3.8.0 onwards, 'tee.elf' MUST NOT be used and 'tee.bin'
MUST be used instead. Ignoring this recommendation can lead to crashes
as described in [3].
Link: [1] 5dd1570ac5
Link: [2] https://github.com/OP-TEE/optee_os/blob/3.17.0/scripts/gen_tee_bin.py#L275-L302
Link: [3] https://github.com/OP-TEE/optee_os/issues/4542
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Peter Griffin <peter.griffin@linaro.org>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Acked-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
The NanoPi-R2S doesn't have eMMC so use the sdcard as the device
to save the environment variables
Signed-off-by: Emmanuel Vadot <manu@FreeBSD.org>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
In order to better compare the Linux rk3288.dtsi version
with the u-boot version move the dma-controller nodes
to the DT root.
Signed-off-by: Johan Jonker <jbx6244@gmail.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
In order to better compare the Linux rk3288.dtsi version
with the u-boot version sort the mipi,hdmi,lvds and dp nodes.
Changed:
Rename mipi_dsi label.
Rename dp nodename.
Signed-off-by: Johan Jonker <jbx6244@gmail.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
With the conversion of rockchip-usb-phy.yaml a long time used fallback
string for rk3066a/rk3188 was added. The linux driver doesn't do much with
the GRF phy address range, however the u-boot driver rockchip_usb2_phy.c
does. The bits in GRF_UOC0_CON2 for rk3066a/rk3188 and rk3288 for example
don't match. Remove the usb-phy fallback string for rk3188
to prevent possible strange side effects.
Signed-off-by: Johan Jonker <jbx6244@gmail.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Change define condition in board_usb_init() function
to allow rk3066/rk3188 to use the USB PHY driver.
Signed-off-by: Johan Jonker <jbx6244@gmail.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Add rk3066a/rk3188 support to rockchip_usb2_phy.c
They don't have completely identical usb phy registers,
so separate comapatible strings and data.
Signed-off-by: Johan Jonker <jbx6244@gmail.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Product id of rk3066 usb otg is 0x300a.
Signed-off-by: Paweł Jarosz <paweljarosz3691@gmail.com>
Signed-off-by: Johan Jonker <jbx6244@gmail.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
The configs ROCKCHIP_CHIP_TAG and ROCKCHIP_MAX_INIT_SIZE were
originally added with rksd.c, rkspi.c and rkcommon.c in mind,
but are no longer in use and replaced by struct spl_info,
so remove unused configs for tag and size.
Signed-off-by: Johan Jonker <jbx6244@gmail.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
This is not needed or used, and adds code size. Drop it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Passing the mtdparts environment variable to the Linux kernel is
required to properly mount the UBI rootfs.
Co-developed-by: Michael Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
