The EFI capsule authentication logic in u-boot expects the public key
in the form of an EFI Signature List(ESL) to be provided as part of
the platform's dtb. Currently, the embedding of the ESL file into the
dtb needs to be done manually.
Add a target for generating a dtsi file which contains the signature
node with the ESL file included as a property under the signature
node. Include the dtsi file in the dtb. This brings the embedding of
the ESL in the dtb into the U-Boot build flow.
The path to the ESL file is specified through the
CONFIG_EFI_CAPSULE_ESL_FILE symbol.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
At the time of building the DTB, some dtsi files can be selected for
inclusion. Have these dtsi files as dependencies for the DTB
target. This also ensures generation or updating the dtsi files if
need be.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
At the time of building a device-tree file, all the *u-boot.dtsi files
are looked for, in a particular order, and the first file found is
included. Then, the list of files specified in the
CONFIG_DEVICE_TREE_INCLUDES symbol are included.
Combine these files that are to be included into a variable, and then
include all these files in one go.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
When running the trace test on the sandbox platform, the current size
of 16MiB is no longer large enough for capturing the entire trace
history, and results in truncation. Use a size of 32MiB for the trace
buffer on the sandbox platform while running the trace test.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
The EFI capsules can now be generated as part of U-Boot build, through
binman. Highlight these changes in the documentation.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Support has been added for generating the EFI capsules through
binman. Make changes in the EFI capsule update testing feature to
generate capsules through binman.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Add support in binman for generating EFI capsules. The capsule
parameters can be specified through the capsule binman entry. Also add
test cases in binman for testing capsule generation.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a bintool for generating EFI capsules. This calls the mkeficapsule
tool which generates the capsules.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Enable the EFI capsule update code on all sandbox variants. This was
already enabled on the sandbox, sandbox64 and sandbox_flattree
variants. The rest of the variants also have the EFI capsule update
module enabled now. With this commit, the mkeficapsule tool also gets
enabled on all variants.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add the private keys and public key certificates which are to be used
for capsule authentication while testing the EFI capsule update
functionality. There are two pairs of private and public keys, good
and bad. The good key pair will be used for signing capsules, whilst
the bad key pair is to be used as malicious keys for testing
authentication failure cases. The capsule_pub_key_good.crt is also
converted to an EFI Signature List(ESL) file, SIGNER.esl, which is
embedded in the platform's device-tree for capsule authentication.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a newline at the end of the dts, without which the build fails
when including a dtsi file.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Add support to build a tool from source with a list of commands. This
is useful when a tool can be built with multiple commands instead of a
single command.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Copied as is from Linux Kernel release v6.4.
(dts file is still the same in Linux v6.5-rc7 but was moved to vendor
sub-directories with v6.5-rc1.)
Button works out of the box now if the following config options are
enabled: CONFIG_BUTTON, CONFIG_BUTTON_GPIO, CONFIG_CMD_BUTTON,
CONFIG_DM_GPIO.
Signed-off-by: Alexander Dahl <ada@thorsis.com>
If CONFIG_LED and CONFIG_LED_GPIO are enabled, it is not necessary to
initialize the RGB LED on the board by manually setting hardcoded GPIOs
anymore. Everything is well defined in dts and can be used like on
boards of other vendors.
Keep the old behaviour as fallback, though.
With all this in place enabling CONFIG_CMD_LED gives us a working 'led'
command on the U-Boot shell.
Signed-off-by: Alexander Dahl <ada@thorsis.com>
Copied as is from Linux Kernel release v6.4.
(dts file is still the same in Linux v6.5-rc7 but was moved to vendor
sub-directories with v6.5-rc1.)
Signed-off-by: Alexander Dahl <ada@thorsis.com>
Since commit 61040097a9 ("reset: at91: Add reset driver for basic
assert/deassert operations") the compatible "microchip,sam9x60-rstc" for
the sam9x60 reset controller in sam9x60.dtsi is not handled by
CONFIG_SYSRESET_AT91 anymore, but by CONFIG_RESET_AT91 now. This
resulted in the following error message, when trying to reset from
U-Boot shell:
U-Boot> reset
resetting ...
System reset not supported on this platform
### ERROR ### Please RESET the board ###
Fixed by enabling the new driver in the relevant defconfigs. Tested on
sam9x60-curiosity board. Defconfigs for sam9x60ek adapted in the same
way, but without testing. These should be all sam9x60 boards affected
in U-Boot here.
Signed-off-by: Alexander Dahl <ada@thorsis.com>
The board has two SD card slots and we have two defconfigs for booting
from either the first (micro SD) named 'sam9x60_curiosity_mmc_defconfig'
or the second (full size SD) named 'sam9x60_curiosity_mmc1_defconfig'.
For comparable Microchip boards (sama5d27-som1-ek, sama5d29-curiosity,
sama7g5ek) with two card slots the defconfigs only differ in BOOTARGS,
BOOTCOMMAND, and ENV_FAT_DEVICE_AND_PART and the same should be the case
for sam9x60_curiosity.
Here the 'mmc1' config has more options enabled to support the raw NAND
flash populated on the board, so the 'mmc' config (for mmc0) was adapted
by enabling additional options, instead of removing options from mmc1.
The 'mem=128M' argument can be dropped from kernel command line, because
it is redundant to memory node in dts in both Linux and U-Boot:
memory@20000000 {
reg = <0x20000000 0x8000000>;
};
Signed-off-by: Alexander Dahl <ada@thorsis.com>
- A few platform-specific config/dts updates to fix issues, drop a
temporary change in binman, update the MAINTAINERS file to remove
Wolfgang Denk, fix a typo, fix a corner case with bootstd, update
Azure to not timeout so easily, and fix a case where we would omit
some files in SPL.
This reverts commit c5b68ef8af.
CONFIG_OPTEE_TZDRAM_SIZE is used by imx6-based SoCs as well. Move the
option back.
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
The affected boards have been fixed, so drop this hack.
This reverts commit 288ae53cb7.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Tim Harvey <tharvey@gateworks.com>
Adding a phandle to a template node is not allowed, since when the node is
instantiated multiple times, we end up with duplicate phandles.
Drop this invalid constructs.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Tim Harvey <tharvey@gateworks.com>
If one of SHA* algorithms is disabled in u-boot, its code is not
included in SPL even if a given SHA* option is enabled in SPL. Fix
this.
Fixes: 603d15a572 ("spl: cypto: Bring back SPL_ versions of SHA")
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Reviewed-by: Tom Rini <trini@konsulko.com>
As per current Azure Pipelines documentation we qualify for 3600 minutes
per job, if specified, as the timeout. The default unspecified timeout
is 60 minutes. Rework things to specify 0 as the timeout (and so maximum
allowed) so that we don't have failures due to running slightly past 60
minutes total.
Link: https://learn.microsoft.com/en-us/azure/devops/pipelines/process/phases?view=azure-devops&tabs=yaml#timeouts
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Similar to MT7981 and MT7986 also MT7988 can have a high number of
reserved-memory regions used by the various hardware offloading
subsystems.
Raise CONFIG_LMB_MAX_REGIONS to 64 to avoid errors when trying to boot
Linux with more then 6 reserved regions:
ERROR: reserving fdt memory region failed (addr=4f700000 size=240000 flags=4)
ERROR: reserving fdt memory region failed (addr=15194000 size=1000 flags=4)
ERROR: reserving fdt memory region failed (addr=15294000 size=1000 flags=4)
ERROR: reserving fdt memory region failed (addr=15394000 size=1000 flags=4)
ERROR: Failed to allocate 0xb161 bytes below 0x80000000.
device tree - allocation error
Fixes: bc4adc97cf ("board: mediatek: add MT7988 reference boards")
Reported-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This should have already been enabled but was missed when converting the
base platform defconfig, fix this here.
Fixes: 3c5aa6cacc ("configs: Enable CONFIG_BLK in am57xx_evm and am57xx_hs_evm")
Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The existing distro scripts check extlinux and scripts before EFI. Adjust
the default ordering to do the same, to avoid breaking existing flows.
Add some documentation, mentioning that this order will likely change in
future.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Da Xue <da@libre.computer>
Ethernet on Bananapi-r3 is broken after
commit bd70f3cea3 ("net: mediatek: add support for SGMII 1Gbps auto-negotiation mode")
because changes from this commit were not applied to bpi-r3 devicetree too:
commit aef54ea16c ("arm: dts: medaitek: convert gmac link mode to 2500base-x")
Signed-off-by: Frank Wunderlich <frank-w@public-files.de>
Reviewed-by: Weijie Gao <weijie.gao@mediatek.com>
The Kconfig references a readme file that's moved and
converted to rst so update the reference.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Documentation:
* describe TPL/VPL/SPL boot
* Add support for sphinx-prompt and convert TI K3 to use it
* board: sdm845: Explicitly add boot.img flashing command
EFI:
* remove handle from events when deleting it
Others:
* fix gpt sub-commands setenv and enumerate
* add a parameter check in hash_calculate()
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmTq//oACgkQxIHbvCwF
GsSzOA//Z7UVffxRIqvpmL6WUGuE9qyh4VQQlBKwyKNmVeymHZr4Ll+FIQcKwxsP
MgxrHZF1THq0hmmvvqMB/PdmAK5attheGGXPwwJ1myAapBWgOds2VNkWROC6KoCd
I/yoXy/U7AbzhAAufFUSZM67od/tKylbO1lokC7ZQI0noeku/0uQOTDhgAnmDulV
UNCbCJLuEu+tPRP3BnTW6NSchkaMEIJ+lUYhWb2XESEQdR5aspCtnXwesyxhgrva
zpGE7kh/fWTcIT+Xk/Dsex2DW0uZTchscOMwbGyPlncODSyVod2yOeNgltRKQ3ky
DG5fAe4y9GckUg9LM3m2xsVcz7AybyHnIPwBceGFr4VR44f4n98yJH4PwuFw4Wbq
w94KQBjNGdxf1BXFKBDiJqLqmecSyvHXIrEuxVm9K3a8m13ZSiHX40TPfYE5Y832
BVobxNrXyK0O9iQP2x6arSZJOLx9k51k6jMbUYPpKOJPV7we61ZoFfNNMm47lsvK
/3CVjFRCqT8hwGPf3dYJlqeT1nGYHOT77AqpsgBfXDbvTnY3/V49fHKM0BbXmgKK
HMYpMYr+SuazqrkYmZyt+TJELwlR51ha1IFP7thPouKIWtShPhQvwezgrwR5xsRY
tCME7X2wQZdwDTyiIHCzzTxBkNKA14XFQ9squFa0k/phFSm8KoM=
=owiu
-----END PGP SIGNATURE-----
Merge tag 'efi-2023-10-rc4' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request efi-2023-10-rc4
Documentation:
* describe TPL/VPL/SPL boot
* Add support for sphinx-prompt and convert TI K3 to use it
* board: sdm845: Explicitly add boot.img flashing command
EFI:
* remove handle from events when deleting it
Others:
* fix gpt sub-commands setenv and enumerate
* add a parameter check in hash_calculate()
When a notification event is registered for a protocol the handle of the
protocol is added in our event notification list. When all the protocols
of the handle are uninstalled we delete the handle but we do not remove
it from the event notification list.
Clean up the protocol removal functions and add a wrapper which
- Removes the to-be deleted handle from any lists it participates
- Remove the handle if no more protocols are present
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
This is a stub describing how TPL, VPL, and SPL load the next boot stages
on a detail level for users.
For sure we will need a few patches on top to catch the whole complexity.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Paul Barker <paul.barker.ct@bp.renesas.com>
Sphinx-prompt provides a handy scheme to provide documentation that
renders nicely and yet provides a scheme to copy paste for users without
having to hand-edit the copied text as is the result of code-block
[1] https://lore.kernel.org/all/87fs48rgto.fsf@baylibre.com/
Reported-by: Simon Glass <sjg@chromium.org>
Suggested-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Sphinx-prompt[1] helps bring-in '.. prompt::' option that allows a
better rendered documentation, yet be able to copy paste without
picking up the prompt from rendered documentation.
[1] https://lore.kernel.org/all/87fs48rgto.fsf@baylibre.com/
Suggested-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Use code-block. Fix length of two heading underlines.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
In commands like 'ls mmc 0:f' the partition number is hexadecimal.
In command 'gpt setenv' variable gpt_partition_entry needs to be set
to a hexadecimal value to allow its use as a parameter in a
subsequent command.
Fixes: 57f8cf1b9aea ("cmd: fix gpt enumerate")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Do not assume that partitions are numbered continuously starting at 1.
Only a single partition table type can exist on a block device. If we found
a GPT partition table, we must not re-enumerate with the MBR partition
driver which would find the protective partition.
Fixes: 12fc1f3bb2 ("cmd: gpt: add eMMC and GPT support")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Do not assume that partitions are continuously numbered starting at 1.
Having a partition table with a single partition 63 is valid.
Fixes: 12fc1f3bb2 ("cmd: gpt: add eMMC and GPT support")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
If hash_calculate is invoked with region_count = 0, it will try to hash
INT_MAX regions. We should check this parameter.
* Avoid a comparison with different signedness.
* Check that region_count is at least 1.
* Avoid a superfluous assignment.
Fixes: b37b46f042 ("rsa: Use checksum algorithms from struct hash_algo")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
First, update CI to using gcc-13.2 from 13.1, and rebuild the CI
containers. This is needed because the second part adds utilities for
tests and provides, to quote the author:
This updates the ChromiumOS bootmeth to detect multiple kernel
partitions on a disk.
It also includes minor code improvements to the partition drivers,
including accessors for the optional fields.
This series also includes some other related tweaks in testing.
The latest kernel.org toolchains for gcc are now 13.2.0, so upgrade to
that.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
The existing ChromiumOS bootmeth only supports reading a single kernel
partition, either 2 or 4. In fact there are normally two options
available.
Use the GUID to detect kernel partitions, with the BOOTMETHF_ANY_PART
flag, so that bootstd does not require a valid filesystem before calling
the bootmeth.
Tidy up and improve the logging while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
[trini: Add missing select of PARTITION_TYPE_GUID]
Signed-off-by: Tom Rini <trini@konsulko.com>
Some bootmeths support scanning a partition without a filesystem on it.
Add a flag to support this.
This will allow the ChromiumOS bootmeth to find kernel partition, which
are stored in a special format, without a filesystem.
Signed-off-by: Simon Glass <sjg@chromium.org>
The ChromiumOS bootmeth has no tests at present. Before adding more
features. add a basic test.
This creates a disk which can be scanned by the bootmeth, so make sure
things work. It is quite rudimentary, since the kernel is faked, the root
disk is missing and there is no cmdline stored.
Enable the bootmeth for snow so it can build the unit test.
Signed-off-by: Simon Glass <sjg@chromium.org>
We currently use mmc4 for tests. Update the function which sets this up
so that it can handle any device.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present 'bootflow list' shows <NULL> for the filename when it is not
present. Show an empty string instead, since that is more user-friendly.
Signed-off-by: Simon Glass <sjg@chromium.org>