As discussed previously [1,2], the source command is not safe to use with
verified boot unless there is a key with required = "images" (which has its
own problems). This is because if such a key is absent, signatures are
verified but not required. It is assumed that configuration nodes will
provide the signature. Because the source command does not use
configurations to determine the image to source, effectively no
verification takes place.
To address this, allow specifying configuration nodes. We use the same
syntax as the bootm command (helpfully provided for us by fit_parse_conf).
By default, we first try the default config and then the default image. To
force using a config, # must be present in the command (e.g. `source
$loadaddr#my-conf`). For convenience, the config may be omitted, just like
the address may be (e.g. `source \#`). This also works for images
(`source :` behaves exactly like `source` currently does).
[1] https://lore.kernel.org/u-boot/7d711133-d513-5bcb-52f2-a9dbaa9eeded@prevas.dk/
[2] https://lore.kernel.org/u-boot/042dcb34-f85f-351e-1b0e-513f89005fdd@gmail.com/
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Two callers of image_source_script specify an image name. However, both
use the deprecated @ syntax, indicating that they have not been updated
in a while. If CONFIG_FIT_SIGNATURE is enabled, we will reject such
names outright. Back in commit 152576a598 ("stm32mp: stm32prog: handle
U-Boot script in flashlayout alternate"), we even renamed one of the
nodes. Instead of hard-coding a script image name, just use the default
image.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
This is not needed and we should avoid typedefs. Use the struct instead
and rename it to indicate that it really is a legacy struct.
Signed-off-by: Simon Glass <sjg@chromium.org>
Globally replace all occurances of WATCHDOG_RESET() with schedule(),
which handles the HW_WATCHDOG functionality and the cyclic
infrastructure.
Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Tom Rini <trini@konsulko.com> [am335x_evm, mx6cuboxi, rpi_3,dra7xx_evm, pine64_plus, am65x_evm, j721e_evm]
Add parameter spl_boot_device to spl_parse_board_header(), which allows
the implementations to see from which device we are booting and do
boot-device-specific checks of the image header.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Since the USB HID limits the maximum bandwidth(3072) for interrupt
endpoint transfers, when the bInterval set to 1, we can only support 3
boards to run sdp at the same time. In order to support more boards,
change the bInterval of interrupt endpoint to 3, which will not affect
the transmission speed.
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Sherry Sun <sherry.sun@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
EP0 has been used to transfer file data in sdp before, but the max
packetsize of ep0 is 64 bytes. So in order to improve the file transfer
speed, here add the EP1_OUT interrupt endpoint which max packetsize is
set to 1024 byte.
After testing, it turns out that using ep1out is twice as fast as using
ep0 while receiving data in sdp.
Signed-off-by: Sherry Sun <sherry.sun@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Add support to f_sdp to search and load iMX8 container image or iMX8M
FIT image by new UUU command SDPV.
When using the SDPV, the uuu will continue to send out data after first
level boot loader used by ROM. This means uuu won't skip to the offset
of the second boot loader, and the padding data before second boot loader
will be sent out. So we have to search the FIT header or container header
in the buffer that SDP received.
Also change to more common method to exit f_sdp handler not depending on
SPL_FIT_FOUND flag because container loader won't set this.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Because the buffer length of sdp usb request is 65, we have to allocate
65 bytes not 64 bytes. Otherwise there is potential buffer overflow.
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
Add HS endpoint descriptor for SDP. So that we can use high speed endpoint,
and the SDP device can send packet with 512 byte size.
Signed-off-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
If SDP_WRITE and SDP_JUMP addr is zero, use CONFIG_SDP_LOADADDR
as default address
Signed-off-by: Frank Li <Frank.Li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
This function has a very generic name which does not adequately describe
its purpose. Rename it and move it to image.h, since it relates to reading
a script from an image.
Signed-off-by: Simon Glass <sjg@chromium.org>
Move env_set_hex() over to the new header file along with env_set_addr()
which uses it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Add support for loading u-boot FIT images over the USB SDP protocol in
the SPL
Signed-off-by: Frieder Schrempf <frieder.schrempf@kontron.de>
[Various build fixes]
Signed-off-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
Tested-by: Fabio Estevam <festevam@gmail.com>
Tested-by: Lukasz Majewski <lukma@denx.de>
Currently it's not possible to get filesize of downloaded images and
it's impossible to automate some tasks in scripts. So this patch adds
`filesize` environment variable with size (as hex number in bytes) of
the last successfully downloaded file via `sdp` command.
Cc: Lukasz Majewski <lukma@denx.de>
Cc: Marek Vasut <marex@denx.de>
Cc: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Reviewed-by: Stefan Agner <stefan.agner@toradex.com>
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.
In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.
This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.
Signed-off-by: Tom Rini <trini@konsulko.com>
The SDP protocol contains multiple 32bit pointers. Add a helper function
to get a valid pointer from these values and use it.
This fixes the following warnings:
drivers/usb/gadget/f_sdp.c: In function ‘sdp_rx_data_complete’:
drivers/usb/gadget/f_sdp.c:347:10: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
memcpy((void *)sdp->dnl_address, req->buf + 1, datalen);
^
drivers/usb/gadget/f_sdp.c: In function ‘sdp_jump_imxheader’:
drivers/usb/gadget/f_sdp.c:625:10: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
entry = (void *)headerv2->entry;
^
drivers/usb/gadget/f_sdp.c: In function ‘sdp_handle_in_ep’:
drivers/usb/gadget/f_sdp.c:668:20: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
memcpy(&data[1], (void *)sdp_func->dnl_address, datalen);
^
drivers/usb/gadget/f_sdp.c:679:31: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
status = sdp_jump_imxheader((void *)sdp_func->jmp_address);
^
Signed-off-by: Andre Heider <a.heider@gmail.com>
This prevents board resets when calling sdp command on boards which have a watchdog.
Signed-off-by: Vincent Prince <vincent.prince.fr@gmail.com>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
Reviewed-by: Stefan Agner <stefan.agner@toradex.com>
U-Boot widely uses error() as a bit noisier variant of printf().
This macro causes name conflict with the following line in
include/linux/compiler-gcc.h:
# define __compiletime_error(message) __attribute__((error(message)))
This prevents us from using __compiletime_error(), and makes it
difficult to fully sync BUILD_BUG macros with Linux. (Notice
Linux's BUILD_BUG_ON_MSG is implemented by using compiletime_assert().)
Let's convert error() into now treewide-available pr_err().
Done with the help of Coccinelle, excluing tools/ directory.
The semantic patch I used is as follows:
// <smpl>
@@@@
-error
+pr_err
(...)
// </smpl>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: Re-run Coccinelle]
Signed-off-by: Tom Rini <trini@konsulko.com>
Support U-Boot images in SPL so that u-boot.img files can be
directly downloaded and executed. Furthermore support U-Boot
scripts download and execution in full U-Boot so that custom
recovery actions can be downloaded from the host in a third
step.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Reviewed-by: Łukasz Majewski <lukma@denx.de>
Reviewed-by: Stefano Babic <sbabic@denx.de>
Add SDP (Serial Downloader Protocol) implementation for U-Boot. The
protocol is used in NXP SoC's boot ROM and allows to download program
images. Beside that, it can also be used to read/write registers and
download complete Device Configuration Data (DCD) sets. This basic
implementation supports downloading images with the imx header format
reading and writing registers.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Reviewed-by: Łukasz Majewski <lukma@denx.de>