With commit ce39ee28ec ("zynqmp: Do not place u-boot to reserved memory
location"), the function board_get_usable_ram_top() is allocating
MMU_SECTION_SIZE of about 2MB using lmb_alloc(). But we dont have this
much memory in case of mini U-Boot.
Keep these functions which use lmb under CONFIG_LMB so that they are
compiled and used only when LMB is enabled.
Signed-off-by: Ashok Reddy Soma <ashok.reddy.soma@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@amd.com>
Link: https://lore.kernel.org/r/75e52def75f573e554a6b177a78504c128cb0c4a.1657183534.git.michal.simek@amd.com
Coverity CID 131256 indicates a possible buffer overflow in label_boot().
This would only occur if the size of the downloaded file would exceed 4
GiB. But anyway we can simplify the code by using snprintf() and checking
the return value.
Addresses-Coverity-ID: 131256 ("Security best practices violations (STRING_OVERFLOW)")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
This converts the following to Kconfig:
CONFIG_SYS_BOOTM_LEN
As part of this, rework error handling in boot/bootm.c so that we pass
the buffer size to handle_decomp_error as CONFIG_SYS_BOOTM_LEN will not
be available to host tools but we do know the size that we passed to
malloc().
Cc: Soeren Moch <smoch@web.de>
Signed-off-by: Tom Rini <trini@konsulko.com>
Tighten up symbol dependencies in a number of places. Ensure that a SPL
specific option has at least a direct dependency on SPL. In places
where it's clear that we depend on something more specific, use that
dependency instead. This means in a very small number of places we can
drop redundant dependencies.
Reported-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
The documentation above the DEFINE_ALIGN_BUFFER says it's for use
outside functions, but we're inside one.
Instead use ALLOC_CACHE_ALIGN_BUFFER, the stack based macro, which also
includes the cache alignment.
Fixes: b583348ca8 ("image: fit: Align hash output buffers")
Signed-off-by: Joel Stanley <joel@jms.id.au>
Tested-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Reviewed-by: Sean Anderson <sean.anderson@seco.com>
Tighten up symbol dependencies in a number of places. Ensure that a TPL
specific option has at least a direct dependency on TPL. In places
where it's clear that we depend on something more specific, use that
dependency instead.
Reported-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Linux determines its console based on several sources:
1. the console command line parameter
2. device tree (e.g. /chosen/stdout-path)
3. various other board- and arch-specific sources
If the console parameter specifies a real console (e.g. ttyS0) then that is
used as /dev/console. However, if it does not specify a real console (e.g.
ttyDoesntExist) then *nothing* will be used as /dev/console.
Reading/writing it will return ENODEV. Additionally, no other source will
be used as a console source.
Linux commit ab4af56ae250 ("printk/console: Allow to disable console output
by using console="" or console=null") recently changed the semantics of the
parameter. Previously, specifying console="" would be treated like
specifying some other bad console. This commit changed things so that it
added /dev/ttynull as a console (if available). However, it also allows
for other console sources. If the device tree specifies a console (such as
if U-Boot and Linux share a device tree), then it will be used in addition
to /dev/ttynull. This can result in a non-silent console.
To avoid this, explicitly set ttynull as the console. This will disable
other console sources. If CONFIG_NULL_TTY is disabled, then this will have
the same behavior as in the past (no output, and writing /dev/console
returns ENODEV).
[1] and [2] have additional background on this kernel change.
[1] https://lore.kernel.org/all/20201006025935.GA597@jagdpanzerIV.localdomain/
[2] https://lore.kernel.org/all/20201111135450.11214-1-pmladek@suse.com/
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
The commit 2158b0da22 ("bootmenu: add Kconfig option
not to enter U-Boot console") disables to enter U-Boot
console from bootmenu as default, this change affects the
existing bootmenu users.
This commit reverts the default behavior, the bootmenu can
enter U-Boot console same as before.
CMD_BOOTMENU_ENTER_UBOOT_CONSOLE is renamed
BOOTMENU_DISABLE_UBOOT_CONSOLE and depends on
AUTOBOOT_MENU_SHOW.
Fixes: 2158b0da22 ("bootmenu: add Kconfig option not to enter U-Boot console")
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Tested-by: Pali Rohar <pali@kernel.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
TI secure devices chain-of-trust depends on FIT image processing,
enable it by default on these devices. This also reduces the delta
between the secure and non-secure defconfig files.
Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Non-FIT image loading support should be disabled for TI secure
devices as the image handlers for those image types do not follow
our secure boot checks.
Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
We would like to use bootstd by default when EFI boot manager is not
enabled. But so far bootstd does not support all the of distro-boot
fetures. So for now, add an option to select this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a bootmeth driver which handles distro boot from a disk via a U-Boot
script, so we can boot a bootflow using this commonly used mechanism. This
is required by Armbian, for example.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a bootmeth driver which handles EFI boot manager, using EFI_LOADER.
In effect, this provides the same functionality as the 'bootefi bootmgr'
command and shares the same code. But the interface into it is via a
bootmeth, so it does not require any special scripts, etc.
For now this requires the 'bootefi' command be enabled. Future work may
tidy this up so that it can be used without CONFIG_CMDLINE being enabled.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some boot methods don't act on a single bootdev but instead do their own
thing. An example is EFI bootmgr which scan various devices using its own
logic. Add a bootdev to handle this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a bootmeth driver which handles EFI boot, using EFI_LOADER.
In effect, this provides the same functionality as the 'bootefi' command
and shares the same code. But the interface into it is via a bootmeth,
so it does not require any special scripts, etc.
For now this requires the 'bootefi' command be enabled. Future work may
tidy this up so that it can be used without CONFIG_CMDLINE being enabled.
There was much discussion about whether this is needed, but it seems
that it is, at least for now.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a bootmeth driver which handles distro boot from a network device, so
we can boot a bootflow using this commonly used mechanism.
In effect, this provides the same functionality as the 'pxe' command
and shares the same code. But the interface into it is via a bootmeth.
For now this requires the 'pxe' command be enabled. Future work may tidy
this up so that it can be used without CONFIG_CMDLINE being enabled.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a bootmeth driver which handles distro boot from a disk, so we can
boot a bootflow using this commonly used mechanism.
In effect, this provides the same functionality as the 'sysboot' command
and shares the same code. But the interface into it is via a bootmeth.
For now this requires the 'pxe' command be enabled. Future work may tidy
this up so that it can be used without CONFIG_CMDLINE being enabled.
Signed-off-by: Simon Glass <sjg@chromium.org>
A bootmeth is a method of locating an operating system. For now, just
add the uclass itself. Drivers for particular bootmeths are added later.
If no bootmeths devices are included in the devicetree, create them
automatically. This avoids the need for boilerplate in the devicetree
files.
Signed-off-by: Simon Glass <sjg@chromium.org>
A 'bootdev' is a device which can be used to boot an operating system.
It is a child of the media device (e.g. MMC) which handles reading files
from that device, such as a bootflow file.
Add a uclass for bootdev and the various helpers needed to make it
work. Also add a binding file, empty for now.
Signed-off-by: Simon Glass <sjg@chromium.org>
The 'bootstd' device provides the central information about U-Boot
standard boot.
Add a uclass for bootstd and the various helpers needed to make it
work. Also add a binding file.
Signed-off-by: Simon Glass <sjg@chromium.org>
The current implementation of boot_relocate_fdt() places DT at the
highest usable DRAM address, which is calculated as:
env_get_bootm_low() + env_get_bootm_mapsize()
which by default becomes gd->ram_base + gd->ram_size.
Systems like i.MX53 can have multiple DRAM banks with gap between them,
e.g. have DRAM at 0x70000000-0x8fffffff and 0xb0000000-0xcfffffff , so
for them the calculated highest DRAM address is 0xafffffff, which is
exactly in the gap and thus not usable.
Fix this by iterating over all DRAM banks and tracking the remaining
amount of the total mapping size obtained from env_get_bootm_mapsize().
Limit the maximum LMB area size to each bank, to avoid using nonexistent
DRAM.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
* free() checks if its argument is NULL. Remove duplicate checks.
* Remove duplicate free(ovcopy).
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
It can be useful for the OS (Linux) to know which configuration has
been chosen by U-Boot when launching a FIT image.
Store the name of the FIT configuration node used in a new string
property called 'u-boot,bootconf' in the '/chosen' node in device tree.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Hardware-accelerated hash functions require that the input and output
buffers be aligned to the minimum DMA alignment. memalign.h helpfully
provides a macro just for this purpose. It doesn't exist on the host,
but we don't need to be aligned there either.
Fixes: 5dfb521386 ("[new uImage] New uImage low-level API")
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Since the commit bfaa51dd4a ("cmd: add serial console support
for the cls command") the cls command is not enough to clear the
video display when ANSI console is activated.
This patch clears the video device with the video_clear() API
before to display the bitmap used for the PXE background.
This patch avoids to display the LOGO, activated by default with
commit 7a8555d871 ("video: Show the U-Boot logo by default").
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
A big part is the DM pinctrl driver, which allows us to get rid of quite
some custom pinmux code and make the whole port much more robust. Many
thanks to Samuel for that nice contribution! There are some more or less
cosmetic warnings about missing clocks right now, I will send the trivial
fixes for that later.
Another big chunk is the mkimage upgrade, which adds RISC-V and TOC0
(secure images) support. Both features are unused at the moment, but I
have an always-secure board that will use that once the DT lands in the
kernel.
On top of those big things we have some smaller fixes, improving the
I2C DM support, fixing some H6/H616 early clock setup and improving the
eMMC boot partition support.
The gitlab CI completed successfully, including the build test for all
161 sunxi boards. I also boot tested on a A64, A20, H3, H6, and F1C100
board. USB, SD card, eMMC, and Ethernet all work there (where applicable).
Most Allwinner sunxi SoCs have separate boot ROMs in non-secure and
secure mode. The "non-secure" or "normal" boot ROM (NBROM) uses the
existing sunxi_egon image type. The secure boot ROM (SBROM) uses a
completely different image type, known as TOC0.
A TOC0 image is composed of a header and two or more items. One item
is the firmware binary. The others form a chain linking the firmware
signature to the root-of-trust public key (ROTPK), which has its hash
burned in the SoC's eFuses. Signatures are made using RSA-2048 + SHA256.
The pseudo-ASN.1 structure is manually assembled; this is done to work
around bugs/quirks in the boot ROM, which vary between SoCs. This TOC0
implementation has been verified to work with the A50, A64, H5, H6,
and H616 SBROMs, and it may work with other SoCs.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Acked-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
When u-boot is used as a chain-loaded bootloader (replacing OS kernel),
previous bootloader leaves data in RAM, that can be reused.
For example, on recent arm linux system, when chainloading u-boot,
there are initramfs and fdt in RAM prepared for OS booting. Initramfs
may be modified to store u-boot's payload, thus providing the ability to
use chainloaded u-boot to boot OS without any storage support.
Two config options added:
- SAVE_PREV_BL_INITRAMFS_START_ADDR
saves initramfs start address to 'prevbl_initrd_start_addr' environment
variable
- SAVE_PREV_BL_FDT_ADDR
saves fdt address to 'prevbl_fdt_addr' environment variable
Signed-off-by: Dzmitry Sankouski <dsankouski@gmail.com>
Cc: Tom Rini <trini@konsulko.com>
Unfortunately, we require additional logic to buildman to support this
removal and still use SYS_SOC, etc, for build targets.
This reverts commit eeec00072d.
Signed-off-by: Tom Rini <trini@konsulko.com>
This converts the following to Kconfig:
CONFIG_SYS_MONITOR_BASE
Note that for how this is re-used on some PowePC platforms, we introduce
CONFIG_SPL_SYS_MONITOR_BASE and CONFIG_TPL_SYS_MONITOR_BASE and use the
CONFIG_VAL macro to get the correct value at build time, in the code.
Signed-off-by: Tom Rini <trini@konsulko.com>
Add a stage pre-load to the command bootm.
Right now, this stage may be used to read a
header and check the signature of the full
image.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Add a stage pre-load that could
check or modify an image.
For the moment, only a header with a signature is
supported. This header has the following format:
- magic : 4 bytes
- version : 4 bytes
- header size : 4 bytes
- image size : 4 bytes
- offset image signature : 4 bytes
- flags : 4 bytes
- reserved0 : 4 bytes
- reserved1 : 4 bytes
- sha256 of the image signature : 32 bytes
- signature of the first 64 bytes : n bytes
- image signature : n bytes
- padding : up to header size
The stage uses a node /image/pre-load/sig to
get some informations:
- algo-name (mandatory) : name of the algo used to sign
- padding-name : name of padding used to sign
- signature-size : size of the signature (in the header)
- mandatory : set to yes if this sig is mandatory
- public-key (madatory) : value of the public key
Before running the image, the stage pre-load checks
the signature provided in the header.
This is an initial support, later we could add the
support of:
- ciphering
- uncompressing
- ...
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
The code was mistakenly initializing the input buffer twice.
Tested to be working on BeagleBone by adjusting CONFIG_SYS_BOOTM_LEN to
64MiB (probably works with less) and preparing uImage with:
cat arch/arm/boot/Image \
| zstd --ultra -22 --zstd=windowLog=22 \
> linux.bin.zst
mkimage -A arm -T kernel uImage -C zstd -d linux.bin.zst \
-a 0x80008000 -e 0x80008000
Without the windowLog restriction, bootm fails with a zstd decompression
error 7 (window too large), which I haven't troubleshooted.
There should be a bit more documentation on the feature...
Reviewed-by: Simon Glass <sjg@chromium.org>
Fixes: 458b30af66 image: Update image_decomp() to avoid ifdefs
This converts the following to Kconfig:
CONFIG_BOOT_RETRY_TIME
CONFIG_BOOT_RETRY_MIN
CONFIG_RESET_TO_RETRY
We also introduce CONFIG_BOOT_RETRY to gate these options, and clean up
the associated Makefile entry and C code for picking default values of
CONFIG_BOOT_RETRY_MIN.
Signed-off-by: Tom Rini <trini@konsulko.com>
this will add kaslrseed keyword to sysboot lable,
when it set, it will request to genarate random number
from hwrng as kaslr-seed.
with this patch exlinux.conf label looks like
label l0
menu testing
linux /boot/vmlinuz-5.15.16-arm
initrd /boot/initramfs-5.15.16-arm.img
fdtdir /boot/dtbs/5.15.16-arm/
kaslrseed
append root=UUID=92ae1e50-eeeb-4c5b-8939-7e1cd6cfb059 ro
Tested on Khadas VIM with kernel 5.16.0-rc5-arm64, Debian 11.
Signed-off-by: Zhang Ning <zhangn1985@qq.com>
The Lichee Pi Nano is a board based on the F1C100s.
Add defconfigs for it.
Signed-off-by: Icenowy Zheng <icenowy@aosc.io>
Signed-off-by: Jesse Taube <Mr.Bossman075@gmail.com>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At present we rely on the key blob being in the global_data fdt_blob
pointer. This is true in U-Boot but not with tools. For clarity, pass the
parameter around.
Signed-off-by: Simon Glass <sjg@chromium.org>
Put the parent node first in the parameters as this is more natural. Also
add a comment to explain what is going on.
Signed-off-by: Simon Glass <sjg@chromium.org>