Commit graph

114 commits

Author SHA1 Message Date
Sean Anderson
5271e359a4 spl: Only support bl_len when we have to
Aligning addresses and sizes causes overhead which is unnecessary when we
are not loading from block devices. Remove bl_len when it is not needed.

For example, on iot2050 we save 144 bytes with this patch (once the rest of
this series is applied):

add/remove: 0/0 grow/shrink: 0/3 up/down: 0/-144 (-144)
Function                                     old     new   delta
spl_load_simple_fit                          920     904     -16
load_simple_fit                              496     444     -52
spl_spi_load_image                           384     308     -76
Total: Before=87431, After=87287, chg -0.16%

We use panic() instead of BUILD_BUG_ON in spl_set_bl_len because we still
need to be able to compile it for things like mmc_load_image_raw_sector,
even if that function will not be used.

Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-11-16 13:49:14 -05:00
Sean Anderson
b63664be6a spl: Set FAT bl_len to ARCH_DMA_MINALIGN
Instead of relying on the presence of filename to determine whether we are
dealing with a FAT filesystem (and should DMA-align the buffer), have FAT set
bl_len to ARCH_DMA_MINALIGN instead. With this done, we can remove the
special-case logic checking for the presence of filename.

Because filesystems are not block-based, we may read less than the size passed
to spl_load_info.read. This can happen if the file size is not DMA-aligned. This
is fine as long as we read the amount we originally wanted to. Modify the
conditions for callers of spl_load_info.read to check against the original,
unaligned size to avoid failing spuriously.

Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-11-16 13:49:14 -05:00
Sean Anderson
73c40fcb73 spl: Refactor spl_load_info->read to use units of bytes
Simplify things a bit for callers of spl_load_info->read by refactoring it
to use units of bytes instead of bl_len. This generally simplifies the
logic, as MMC is the only loader which actually works in sectors. It will
also allow further refactoring to remove the special-case handling of
filename.  spl_load_legacy_img already works in units of bytes (oops) so it
doesn't need to be changed.

Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-11-16 13:49:14 -05:00
Sean Anderson
33c8d01a4d spl: Take advantage of bl_len's power-of-twoness
bl_len must be a power of two, so we can use ALIGN instead of roundup and
similar tricks to avoid divisions.

Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-11-16 13:49:14 -05:00
Randolph
58fa2a5aa1 spl: riscv: add os type for next booting stage
If SPL_LOAD_FIT_OPENSBI_OS_BOOT is enabled, the function
spl_invoke_opensbi should change the target OS type to IH_OS_LINUX.
OpenSBI will load the Linux image as the next boot stage.
The os_takes_devicetree function returns a value of true or false
depending on whether or not SPL_LOAD_FIT_OPENSBI_OS_BOOT is enabled.

Signed-off-by: Randolph <randolph@andestech.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-10-19 17:29:33 +08:00
Sean Anderson
b02c4e941c spl: Use map_sysmem where appropriate
All "physical" addresses in SPL must be converted to virtual addresses
before access in order for sandbox to work. Add some calls to map_sysmem in
appropriate places. We do not generally call unmap_sysmem, since we need
the image memory to still be mapped when we jump to the image. This doesn't
matter at the moment since unmap_sysmem is a no-op.

Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-10-17 20:50:52 -04:00
Sean Anderson
5264413246 spl: fit: Fix entry point for SPL_LOAD_FIT_FULL
The entry point is not always the same as the load address. Use the value
of the entry property if it exists.

Fixes: 8a9dc16e4d ("spl: Add full fitImage support")
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-10-17 20:50:52 -04:00
Marek Vasut
b13eaf3bb4 spl: fit: Add board level function to decide application of DTO
Add board-specific function used to indicate whether a DTO from fitImage
configuration node 'fdt' property DT and DTO list should be applied onto
the base DT or not applied.

This is useful in case of DTOs which implement e.g. different board revision
details, where such DTO should be applied on one board revision, and should
not be applied on another board revision.

Signed-off-by: Marek Vasut <marex@denx.de>
2023-10-16 16:25:10 +02:00
Tom Rini
d9bb6d779b Merge tag 'u-boot-rockchip-20231007' of https://source.denx.de/u-boot/custodians/u-boot-rockchip
- Add Board: rk3568 Bananapi R2Pro;
- Update pcie bifurcation support;
- dwc_eth_qos controller support for rk3568 and rk3588;
- Compressed binary support for U-Boot on rockchip platform;
- dts and config updates for different board and soc;

[ trini: Fix conflict on include/spl.h ]
Signed-off-by: Tom Rini <trini@konsulko.com>
2023-10-08 09:58:55 -04:00
Manoj Sai
a1b7fd7f0a spl: fit: support for booting a LZMA-compressed U-boot binary
If LZMA Compression support is enabled, LZMA compressed U-Boot
binary will be placed at a specified RAM location which is
defined at CONFIG_SYS_LOAD_ADDR and will be assigned  as the
source address.

image_decomp() function, will decompress the LZMA compressed
U-Boot binary which is placed at source address(CONFIG_SYS_LOAD_ADDR)
to the default CONFIG_SYS_TEXT_BASE location.

spl_load_fit_image function will load the decompressed U-Boot
binary, which is placed at the CONFIG_SYS_TEXT_BASE location.

Signed-off-by: Manoj Sai <abbaraju.manojsai@amarulasolutions.com>
Signed-off-by: Suniel Mahesh <sunil@amarulasolutions.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2023-10-07 16:49:41 +08:00
Manoj Sai
ce6ab56401 spl: fit: support for booting a GZIP-compressed U-boot binary
If GZIP Compression support is enabled, GZIP compressed U-Boot binary
will be at a specified RAM location which is defined at
CONFIG_SYS_LOAD_ADDR and will be assign it as the source address.

gunzip function in spl_load_fit_image ,will decompress the GZIP
compressed U-Boot binary which is placed at
source address(CONFIG_SYS_LOAD_ADDR)  to the default
CONFIG_SYS_TEXT_BASE location.

spl_load_fit_image function will load the decompressed U-Boot
binary, which is placed at the CONFIG_SYS_TEXT_BASE location.

Signed-off-by: Manoj Sai <abbaraju.manojsai@amarulasolutions.com>
Signed-off-by: Suniel Mahesh <sunil@amarulasolutions.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2023-10-07 16:49:41 +08:00
Simon Glass
2354daaf39 spl: Use the correct FIT_..._PROP constants
Rather than open-coding the property names, use the existing constants
provided for this purpose. This better aligns the simple-FIT code with
the full FIT implementation.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-10-06 14:38:12 -04:00
Simon Glass
035ab46e39 spl: Move the full FIT code to spl_fit.c
For some reason this code was put in the main spl.c file. Move it out
to the FIT implementation where it belongs.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-10-06 14:38:12 -04:00
Simon Glass
d7c232e6b5 spl: Rename spl_load_fit_image() to load_simple_fit()
We have two functions called spl_load_fit_image(), one in spl.c and one in
spl_fit.c

Rename the second one, to indicate that it relates to simple FIT parsing,
rather than the full version.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-10-06 14:38:12 -04:00
Simon Glass
82e26e0d68 spl: Use CONFIG_SPL... instead of CONFIG_..._SPL_...
We like to put the SPL first so it is clear that it relates to SPL. Rename
various malloc-related options which have crept in, to stick to this
convention.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Reviewed-by: Martyn Welch <martyn.welch@collabora.com>
Reviewed-by: Svyatoslav Ryhel <clamor95@gmail.com>
2023-10-06 14:38:11 -04:00
Jesse Taube
6ab77bb14f Convert CFG_SYS_UBOOT_START to Kconfig
Commit 65cc0e2a65 ("global: Move remaining CONFIG_SYS_* to CFG_SYS_*")
renamed CONFIG_SYS_UBOOT_START to CFG_SYS_UBOOT_START. Unfortunately,
this meant that the value was no longer available to the Makefile. This
caused imxrt to fail to boot. All the other boards that used this
variable were unaffected because they were using the default value
which is CONFIG_TEXT_BASE.

This commit converts CFG_SYS_UBOOT_START to Kconfig and sets the default
value to CONFIG_TEXT_BASE.

Suggested-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Suggested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Jesse Taube <Mr.Bossman075@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-09-30 15:24:43 -04:00
Simon Glass
1e94b46f73 common: Drop linux/printk.h from common header
This old patch was marked as deferred. Bring it back to life, to continue
towards the removal of common.h

Move this out of the common header and include it only where needed.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-09-24 09:54:57 -04:00
Marek Vasut
6039e0edc8 imx: hab: Simplify the mechanism
The current mechanism is unnecessarily complex. Simplify the whole mechanism
such that the entire fitImage is signed, IVT is placed at the end, followed
by CSF, and this entire bundle is also authenticated. This makes the signing
scripting far simpler.

Signed-off-by: Marek Vasut <marex@denx.de>
2023-06-24 13:47:02 -04:00
Simon Glass
69a3e0779a spl: Drop unwanted return in spl_fit_upload_fpga()
This was added by mistake and renders the function useless. Fix it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: 33c60a38bb ("trace: Use notrace for short")
Reported-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier-oss@weidmueller.com>
Reviewed-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
2023-02-06 13:04:53 -05:00
Tom Rini
a3fda0d30a global: Remove unused CONFIG defines
Remove some CONFIG symbols and related comments, etc, that are unused
within the code itself at this point.

Signed-off-by: Tom Rini <trini@konsulko.com>
2023-01-20 12:27:06 -05:00
Simon Glass
33c60a38bb trace: Use notrace for short
The attribute syntax is quite verbose. Use the macro provided for this
purpose.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-01-18 11:49:12 -07:00
Tom Rini
65cc0e2a65 global: Move remaining CONFIG_SYS_* to CFG_SYS_*
The rest of the unmigrated CONFIG symbols in the CONFIG_SYS namespace do
not easily transition to Kconfig. In many cases they likely should come
from the device tree instead. Move these out of CONFIG namespace and in
to CFG namespace.

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-12-05 16:06:08 -05:00
Stefan Herbrechtsmeier
77253c50ab spl: fit: Allocate buffers aligned to cache line size
Allocate memory for buffers at a cache-line boundary to avoid
misaligned buffer address for subsequent reads. This avoids an
additional sector-based memory copy in the fat file system driver:

FAT: Misaligned buffer address (...)

Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
2022-09-14 15:23:03 -04:00
Oleksandr Suvorov
71f1a5392a spl: fit: pass real compatible flags to fpga_load()
Convert taken FPGA image "compatible" string to a binary compatible
flag and pass it to an FPGA driver.

Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Tested-by: Ricardo Salveti <ricardo@foundries.io>
Tested-by: Adrian Fiergolski <adrian.fiergolski@fastree3d.com>
Link: https://lore.kernel.org/r/20220722141614.297383-9-oleksandr.suvorov@foundries.io
Signed-off-by: Michal Simek <michal.simek@amd.com>
2022-07-26 09:34:21 +02:00
Oleksandr Suvorov
282eed50ec fpga: pass compatible flags to fpga_load()
These flags may be used to check whether an FPGA driver is able to
load a particular FPGA bitstream image.

Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Tested-by: Ricardo Salveti <ricardo@foundries.io>
Tested-by: Adrian Fiergolski <adrian.fiergolski@fastree3d.com>
Link: https://lore.kernel.org/r/20220722141614.297383-7-oleksandr.suvorov@foundries.io
Signed-off-by: Michal Simek <michal.simek@amd.com>
2022-07-26 09:34:21 +02:00
Simon Glass
99f844ba3a tools: Pass the key blob around
At present we rely on the key blob being in the global_data fdt_blob
pointer. This is true in U-Boot but not with tools. For clarity, pass the
parameter around.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:44 -07:00
Nishanth Menon
6d99f86695 spl: fit: Skip attempting to load 0 length image
When, for various reasons, a bad FIT image is used where a loadable
image is marked as 0 length, attempt is made for a 0 length allocation and
read of 0 byte read operation.

Instead provide warning in log and skip attempting to do such a load.

Signed-off-by: Nishanth Menon <nm@ti.com>
Reviewed-by: Aswath Govindraju <a-govindraju@ti.com>
2021-12-01 16:28:45 -05:00
Heiko Schocher
deb80ec023 imx: spl: fix imx8m secure boot
cherry-picked from NXP code:
719d665a87c6: ("MLK-20467 imx8m: Fix issue for booting signed image through uuu")

which fixes secure boot on imx8m based boards. Problem was
that FIT header and so IVT header too, was loaded to
memallocated address. So the ivt header address coded
in IVT itself does not fit with the real position.

Signed-off-by: Heiko Schocher <hs@denx.de>
Tested-by: Tim Harvey <tharvey@gateworks.com>
2021-10-07 16:53:50 +02:00
Heiko Schocher
884ba50a07 spl_fit. add hook to make fixes after fit header is loaded
add hook function spl_load_simple_fit_fix_load()
which is called after fit image header is loaded.

Signed-off-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-10-07 16:53:50 +02:00
Tom Rini
6b69f15fd6 Xilinx changes for v2021.10
clk:
 - Add driver for Xilinx Clocking Wizard IP
 
 fdt:
 - Also record architecture in /fit-images
 
 net:
 - Fix plat/priv data handling in axi emac
 - Add support for 10G/25G speeds
 
 pca953x:
 - Add missing dependency on i2c
 
 serial:
 - Fix dependencies for DEBUG uart for pl010/pl011
 - Add setconfig option for cadence serial driver
 
 watchdog:
 - Add cadence wdt expire now function
 
 zynq:
 - Update DT bindings to reflect the latest state and descriptions
 
 zynqmp:
 - Update DT bindings to reflect the latest state and descriptions
 - SPL: Add support for ECC DRAM initialization
 - Fix R5 core 1 handling logic
 - Enable firmware driver for mini configurations
 - Enable secure boot, regulators, wdt
 - Add support xck devices and 67dr
 - Add psu init for sm/smk-k26 SOMs
 - Add handling for MMC seq number via mmc_get_env_dev()
 - Handle reserved memory locations
 - Add support for u-boot.itb generation for secure OS
 - Handle BL32 handoffs for secure OS
 - Add support for 64bit addresses for u-boot.its generation
 - Change eeprom handling via nvmem aliases
 -----BEGIN PGP SIGNATURE-----
 
 iF0EABECAB0WIQQbPNTMvXmYlBPRwx7KSWXLKUoMIQUCYN105QAKCRDKSWXLKUoM
 IZiFAJ9CIiEpHiBbnAhA0VOMGoaXHGULywCdED/5dNgVtc1C7y4avzETbEyWzD4=
 =CdMa
 -----END PGP SIGNATURE-----

Merge tag 'xilinx-for-v2021.10' of https://source.denx.de/u-boot/custodians/u-boot-microblaze into next

Xilinx changes for v2021.10

clk:
- Add driver for Xilinx Clocking Wizard IP

fdt:
- Also record architecture in /fit-images

net:
- Fix plat/priv data handling in axi emac
- Add support for 10G/25G speeds

pca953x:
- Add missing dependency on i2c

serial:
- Fix dependencies for DEBUG uart for pl010/pl011
- Add setconfig option for cadence serial driver

watchdog:
- Add cadence wdt expire now function

zynq:
- Update DT bindings to reflect the latest state and descriptions

zynqmp:
- Update DT bindings to reflect the latest state and descriptions
- SPL: Add support for ECC DRAM initialization
- Fix R5 core 1 handling logic
- Enable firmware driver for mini configurations
- Enable secure boot, regulators, wdt
- Add support xck devices and 67dr
- Add psu init for sm/smk-k26 SOMs
- Add handling for MMC seq number via mmc_get_env_dev()
- Handle reserved memory locations
- Add support for u-boot.itb generation for secure OS
- Handle BL32 handoffs for secure OS
- Add support for 64bit addresses for u-boot.its generation
- Change eeprom handling via nvmem aliases
2021-07-01 08:57:23 -04:00
Michal Simek
be2d1a87c7 spl: fit: Also record architecture in /fit-images
On ARM64 secure OS can run as 64bit or 32bit that's why it is necessary to
record information about architecture that other code can read it and
properly pass it to TF-A and start in 64bit or 32bit mode.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-06-23 09:48:36 +02:00
Lokesh Vutla
481d394e77 common: fit: Update board_fit_image_post_process() to pass fit and node_offset
board_fit_image_post_process() passes only start and size of the image,
but type of the image is not passed. So pass fit and node_offset, to
derive information about image to be processed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>
2021-06-11 16:34:52 +05:30
Sean Anderson
4d65c6bcd7 sysinfo: Require that sysinfo_detect be called before other methods
This has the uclass enforce calling detect() before other methods.  This
allows drivers to cache information in detect() and perform (cheaper)
retrieval in the other accessors. This also modifies the only instance
where this sequencing was not followed.

Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-05-04 07:57:18 -04:00
Alexandru Gagniuc
35f4f8e6fc spl: fit: Support loading FPGA images from list of "loadables"
Commit 4afc4f37c7 ("doc: FIT image: Clarify format and simplify
syntax") and delegated FPGA images to be added via the list of
"loadables" in lieu of the "fpga" property. Now actually implement
this in code.

Note that the "compatible" property is ignored for the time being, as
implementing "compatible" loading is beyond the scope of this change.
However, "u-boot,fpga-legacy" is accepted without warning.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
d8a395109e spl: fit: Warn if FIT contains "fpga" property in config node
Commit 4afc4f37c7 ("doc: FIT image: Clarify format and simplify
syntax") requires that FPGA images be referenced through the
"loadables" in the config node. This means that "fpga" properties in
config nodes are deprecated.

Given that there are likely FIT images which use "fpga", let's not
break those right away. Print a warning message that such use is
deprecated, and give users a couple of releases to update their

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
55e7a1a435 spl: fit: Move FPGA loading code to separate functions
The FPGA loading code in spl_simple_fit_read() can easily be separated
from the rest of the logic. It is split into two functions instead of
one because spl_fit_upload_fpga() is used in a subsequent patch.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
f0a6ec3656 spl: fit: Don't overwrite previous loadable if "load" is missing
spl_load_fit_image() will try to load an image at the address given
in the "load" property. Absent such property, it uses

	image_info->load_addr

Correct use of this is demonstrated in spl_fit_append_fdt(), which
resets the 'load_addr' before each spl_load_fit_image() call.

On the other hand loading "loadables" loop in spl_load_simple_fit()
completely ignores this. It re-uses the same structure, but doesn't
reset load_addr. If loadable [i] does not have a "load" property, its
load address defaults to load_addr, which still contains the address
of loadable [i - 1].

A simple solution is to treat NULL as an invalid load address. The
caller can set load_addr = 0 to request an abort if the "load"
property is absent.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Simon Glass
891d9e84a7 spl: Convert spl_fit to work with sandbox
At present this casts addresses to pointers so cannot work with sandbox.
Update the code to use map_sysmem() instead.

As part of this change, the existing load_ptr is renamed to src_ptr since
it is not a pointer to load_addr. It is confusing to use a similar name
for something that is not actually related. For the alignment code,
ALIGN() is used instead of open-coded alignment. Add a comment to the line
that casts away a const.

Use a (new) load_ptr variable to access memory at address load_addr.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-12 09:57:31 -05:00
Alexandru Gagniuc
71551055cb spl: fit: Load devicetree when a Linux payload is found
When a FIT config specifies a devicetree, we should load it, no
questions asked. In the case of the "simple" FIT loading path, a
difficulty arises in selecting the load address of the FDT.

The default FDT location is right after the "kernel" or "firmware"
image. However, if that is an OP-TEE image, then the FDT may end up in
secure DRAM, and not be accessible to normal world kernels.

Although the best solution is to be more careful about the FDT
address, a viable workaround is to only append the FDT after a u-boot
or Linux image. This is identical to the previous logic, except that
FDT loading is extended to IH_OS_LINUX images.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-02-17 19:46:43 -05:00
Alexandru Gagniuc
aeedeae407 spl: fit: Replace #ifdef blocks with more readable constructs
Use the IS_ENABLED() macro to control code flow, instead of the
caveman approach of sprinkling #ifdefs. Code size is not affected, as
the linker garbage-collects unused functions. However, readability is
improved significantly.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-02-17 19:46:43 -05:00
Alexandru Gagniuc
9e9aa0b473 spl: fit: Only look up FIT configuration node once
The configuration node a sub node under "/configurations", which
describes the components to load from "/images". We only need to
locate this node once.

However, for each component, spl_fit_get_image_name() would parse the
FIT image, looking for the correct node. Such work duplication is not
necessary. Instead, once the node is found, cache it, and re-use it.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-02-17 19:46:43 -05:00
Alexandru Gagniuc
e4928270a4 spl: fit: Remove useless loop in spl_fit_get_image_name()
When a desired configuration is not found, conf_node will have a
negative value. Thus the for loop will start at the root "/" node of
the image, print the "/description" property, and stop.

It appears the intent of the loop was to print the names of the
subnodes under "/configurations". We would need the offset to the
"/configurations" node, which is abstracted by fit_find_config_node().

This change agrees that abstracting the node offset is the correct
design, and we shouldn't be parsing the configurations manually. Thus
the loop in spl_fit_get_image_name() is useless. Remove it.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-02-17 19:46:43 -05:00
Alexandru Gagniuc
3dc2079733 spl: fit: Pass FIT context via a structure pointer
Several loose arguments describe the FIT image. They are thus related,
and it makes sense to pass them together, in a structure. Examples
include the FIT blob pointer, offset to FDT nodes, and the offset to
external data.

Use a spl_fit_info structure to group these parameters.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-02-17 19:46:42 -05:00
Alexandru Gagniuc
917fa369f6 spl: fit: Factor out FIT parsing and use a context struct
The logical steps in spl_load_simple_fit() are difficult to follow.
I think the long comments, ifdefs, and ungodly number of variables
seriously affect the readability. In particular, it violates section 6
of the coding style, paragraphs (3), and (4).

The purpose of this patch is to improve the situation by
  - Factoring out initialization and parsing to separate functions
  - Reduce the number of variables by using a context structure
This change introduces no functional changes.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-02-17 17:12:45 -05:00
Alexandru Gagniuc
efc4ad0bc7 spl: fit: Drop 'length' argument to board_spl_fit_post_load()
The size is derived from the FIT image itself. Any alignment
requirements are machine-specific and known by the board code. Thus
the total length can be derived from the FIT image and knowledge of
the platform. The 'length' argument is redundant. Remove it.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
CC: Matt Porter <mporter@konsulko.com>
2021-02-17 17:12:45 -05:00
Simon Glass
401d1c4f5d common: Drop asm/global_data.h from common header
Move this out of the common header and include it only where needed.  In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly.   Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-02-02 15:33:42 -05:00
Philippe Reynes
c61b2bf30c common: spl: spl_fit.c: report an error on hash check fail
When the hash check fails on a loadable image, the SPL/TPL simply
jump to the next one. This commit changes this behaviour, when the
hash check fails on a loadable image, the function spl_load_simple_fit
stops and report an error.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-01-16 14:49:09 -05:00
Alexandru Gagniuc
03f1f78a9b spl: fit: Prefer a malloc()'d buffer for loading images
Fit images were loaded to a buffer provided by spl_get_load_buffer().
This may work when the FIT image is small and fits between the start
of DRAM and SYS_TEXT_BASE.

One problem with this approach is that the location of the buffer may
be manipulated by changing the 'size' field of the FIT. A maliciously
crafted FIT image could place the buffer over executable code and be
able to take control of SPL. This is unacceptable for secure boot of
signed FIT images.

Another problem is with larger FIT images, usually containing one or
more linux kernels. In such cases the buffer be be large enough so as
to start before DRAM (Figure I). Trying to load an image in this case
has undefined behavior.
For example, on stm32mp1, the MMC controller hits a RX overrun error,
and aborts loading.
    _________________
   |    FIT Image    |
   |                 |
  /===================\                        /=====================\
  ||      DRAM       ||                        |        DRAM         |
  ||                 ||                        |                     |
  ||_________________||  SYS_TEXT_BASE         | ___________________ |
  |                   |                        ||     FIT Image     ||
  |                   |                        ||                   ||
  | _________________ |  SYS_SPL_MALLOC_START  || _________________ ||
  ||  malloc() data  ||                        |||  malloc() data  |||
  ||_________________||                        |||_________________|||
  |                   |                        ||___________________||
  |                   |                        |                     |

        Figure I                                       Figure II

One possibility that was analyzed was to remove the negative offset,
such that the buffer starts at SYS_TEXT_BASE. This is not a proper
solution because on a number of platforms, the malloc buffer() is
placed at a fixed address, usually after SYS_TEXT_BASE. A large
enough FIT image could cause the malloc()'d data to be overwritten
(Figure II) when loading.

          /======================\
          |        DRAM          |
          |                      |
          |                      |   CONFIG_SYS_TEXT_BASE
          |                      |
          |                      |
          | ____________________ |   CONFIG_SYS_SPL_MALLOC_START
          ||   malloc() data    ||
          ||                    ||
          || __________________ ||
          |||    FIT Image     |||
          |||                  |||
          |||                  |||

                 Figure III

The solution proposed here is to replace the ad-hoc heuristics of
spl_get_load_buffer() with malloc(). This provides two advantages:
    * Bounds checking of the buffer region
    * Guarantees the buffer does not conflict with other memory

The first problem is solved by constraining the buffer such that it
will not overlap currently executing code. This eliminates the chance
of a malicious FIT being able to replace the executing SPL code prior
to signature checking.

The second problem is solved in conjunction with increasing
CONFIG_SYS_SPL_MALLOC_SIZE. Since the SPL malloc() region is
carefully crafted on a per-platform basis, the chances of memory
conflicts are virtually eliminated.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2020-12-07 17:40:34 -05:00
Philippe Reynes
7d5b1bf6b8 spl: spl_fit.c: enable check of signature for config node in spl/tpl
This commit add the support of signature check for config node
in spl/tpl when the function spl_load_simple_fit is used.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-12-01 14:12:28 -05:00
Simon Glass
3a8ee3df83 board: Rename uclass to sysinfo
This uclass is intended to provide a way to obtain information about a
U-Boot board. But the concept of a U-Boot 'board' is the whole system,
not just one circuit board, meaning that 'board' is something of a
misnomer for this uclass.

In addition, the name 'board' is a bit overused in U-Boot and we want to
use the same uclass to provide SMBIOS information.

The obvious name is 'system' but that is so vague as to be meaningless.
Use 'sysinfo' instead, since this uclass is aimed at providing information
on the system.

Rename everything accordingly.

Note: Due to the patch delta caused by the symbol renames, this patch
shows some renamed files as being deleted in one place and created in
another.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-11-06 10:18:20 +08:00