This Trusted Application allows enabling SCP03 as well as provisioning
the keys on TEE controlled secure element (ie, NXP SE050).
All the information flowing on buses (ie I2C) between the processor
and the secure element must be encrypted. Secure elements are
pre-provisioned with a set of keys known to the user so that the
secure channel protocol (encryption) can be enforced on the first
boot. This situation is however unsafe since the keys are publically
available.
For example, in the case of the NXP SE050, these keys would be
available in the OP-TEE source tree [2] and of course in the
documentation corresponding to the part.
To address that, users are required to rotate/provision those keys
(ie, generate new keys and write them in the secure element's
persistent memory).
For information on SCP03, check the Global Platform HomePage and
google for that term [1]
[1] globalplatform.org
[2] https://github.com/OP-TEE/optee_os/
check:
core/drivers/crypto/se050/adaptors/utils/scp_config.c
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Simon Glass <sjg@chromium.org>
AVB Verified Boot uses functions related to MMC.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Typically in TPL/SPL the bloblist is quite small. But U-Boot proper may
want to add a lot more to it, such as ACPI tables.
Add a way to expand the bloblist by relocating it in U-Boot proper, along
with the other relocation activities.
Signed-off-by: Simon Glass <sjg@chromium.org>
Currently, the following #ifdef construct is used to check whether to run
console_record_init() during pre-relocation init:
defined(CONFIG_CONSOLE_RECORD) && CONFIG_VAL(SYS_MALLOC_F_LEN)
Introduce CONFIG_CONSOLE_RECORD_INIT_F Kconfig option to get rid of the
complex ifdef check. Also, use IS_ENABLED() instead of #ifdef.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The main purpose of this patch is to separate a generic interface for
updating firmware using DFU drivers from "auto-update" via tftp.
This function will also be used in implementing UEFI capsule update
in a later commit.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
This relates to booting since it is the default devicetree provided to
Linux. Move it under the 'boot options' menu.
Signed-off-by: Simon Glass <sjg@chromium.org>
There are a number of miscellaneous boot images at the top level of the
kconfig menu. Move these into the 'boot options' menu.
Signed-off-by: Simon Glass <sjg@chromium.org>
Most of the boot options are in common/Kconfig but that file is already
extremely large. Create a new Kconfig.boot to hold the boot options.
Signed-off-by: Simon Glass <sjg@chromium.org>
The 44758771ee commit removes CONFIG_PREBOOT but actually sets the USE_PREBOOT
Kconfig option which isn't CONFIG_PREBOOT and is also a bool option which means
we regress because 'usb start' isn't run when expected, it should also be run
for devices that have USB storage because keyboards aren't the only thing we
might need the USB bus for.
Fixes: 44758771ee ("arm: move CONFIG_PREBOOT="usb start" to KConfig")
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Cc: Jonas Smedegaard <dr@jones.dk>
Cc: Neil Armstrong <narmstrong@baylibre.com>
Kconfig provides several config options for setting up default variables
but these are unused when variables are passed to U-Boot via file.
That's why cover this dependency in Kconfig.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
AVB only uses CONFIG_FASTBOOT_BUF_ADDR from fastboot for memory.
This memory is used for assigning temporary buffers.
This can be assigned a new variable and used as CONFIG_AVB_BUF_ADDR.
This is to support future boards that support AVB but dont support
USB and therefore dont support FASTBOOT.
Signed-off-by: Usama Arif <usama.arif@arm.com>
Cc: Igor Opaniuk <igor.opaniuk@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Acked-by: Igor Opaniuk <igor.opaniuk@gmail.com>
[trini: Change defaults]
Signed-off-by: Tom Rini <trini@konsulko.com>
Now that this is in Kconfig we can move the logic at the top of the file
to Kconfig, and use if() instead of #if. Update the file with these
changes.
Signed-off-by: Simon Glass <sjg@chromium.org>
This commit moves CONFIG_PREBOOT="usb start" to common/KConfig
for all boards also declaring USB_KEYBOARD.
Besides simplifying defconfig files, this also enables support for
board-specific CONFIG_PREBOOT for sunxi boards:
commit 37304aaf60 ("Convert CONFIG_USE_PREBOOT and CONFIG_PREBOOT to
Kconfig") intended to support CONFIG_PREBOOT, but
include/configs/sunxi-common.h hardcodes preboot as part of internally
defined CONSOLE_STDIN_SETTINGS, silently ignoring any board-specific
CONFIG_PREBOOT.
Signed-off-by: Jonas Smedegaard <dr@jones.dk>
Reviewed-by: Neil Armstrong <narmstrong@baylibre.com>
Series-Cc: Jagan Teki <jagan@amarulasolutions.com>
Series-Cc: Lukasz Majewski <lukma@denx.de>
Series-Cc: Andre Przywara <andre.przywara@arm.com>
The name of the function emitting a log message may be of interest for a
developer but is distracting for normal users. See the example below:
try_load_entry() Booting: Debian
Make the default format for log messages customizable. By default show
only the message text.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
LOG_DEFAULT_LEVEL has been chosen as 6. Adjust the default of LOG_MAX_LEVEL
to this value.
Use ranges to clamp log levels to reasonable values.
Group output options by main U-Boot, SPL, TPL, followed by other logging
options.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
With CONFIG_DM_PCI enabled, PCI buses are not enumerated at boot, as they
are without that config option enabled. However, there are cases such as DM
PCI-based Ethernet devices that need the PCI bus enumerated so that they
can be discovered by their drivers.
Currently, to solve this, some boards enumerate the pci bus using
"pci enum" preboot command, while others do it manually in board files
(in board_init/board_late_init/etc. functions).
In order to possibly make the pci enumeration process uniform across all
boards, introduce CONFIG_PCI_INIT_R Kconfig option.
This change also preserves the current behavior in the !DM_PCI case
(pci_init is run unconditionally at boot).
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Do not build image_sign_info helper functions in SPL if not needed.
Fixes: b983cc2da0 ("lib: rsa: decouple rsa from FIT image verification")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
Provide a log driver that broadcasts RFC 3164 messages to syslog servers.
rsyslog is one implementation of such a server.
The messages are sent to the local broadcast address 255.255.255.255 on
port 514.
The environment variable log_hostname can be used to provide the HOSTNAME
field for the messages. The optional TIMESTAMP field of RFC 3164 is not
provided.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
An error
undefined reference to `do_log_test'
occurs for CONFIG_CMD_LOG=y, CONFIG_LOG_TEST=y, CONGIG_UNIT_TEST=n
Make CONFIG_UNIT_TEST a prerequisite.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Enable pre console buffer for rk3399 platform.
This would help to capture the console messages prior to
the console being initialised. Enabling this would help
to capture all the console messages on video output source
like HDMI. So we can find the full console messages of
U-Boot proper on HDMI display when enabled it for RK3399
platform boards.
Buffer address used for pre console is 0x0f200000 which is
ram base plus 240MiB. right now the Allwinner SoC is using
similar computation.
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Tested-by: Peter Robinson <pbrobinson@gmail.com>
Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building
RSA functions from FIT verification and allow for adding a RSA-based
signature verification for other file formats, in particular PE file
for UEFI secure boot.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Enable pre console buffer for rk3288 platform.
This would help to capture the console messages prior to
the console being initialised. Enabling this would help
to capture all the console messages on video output source
like HDMI. So we can find the full console messages of
U-Boot proper on HDMI display when enabled it for RK3288
platform boards.
Buffer address used for pre console is 0x0f000000 which is
ram base plus 240MiB. right now the Allwinner SoC is using
similar computation.
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Add more clarity by changing the Kconfig entry name.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
[trini: Re-run migration, update a few more cases]
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Boris Brezillon <boris.brezillon@bootlin.com>
This patch determines the A/B-specific bootloader message structure
that is the basis for implementation of recovery and A/B update
functions. A/B metadata is stored in this structure and used to decide
which slot should we use to boot the device. Also some basic functions
for A/B metadata manipulation are implemented (like slot selection).
The patch was extracted from commits [1], [2] with some coding style
fixes.
[1] https://android-review.googlesource.com/c/platform/external/u-boot/+/729878/2
[2] https://android-review.googlesource.com/c/platform/external/u-boot/+/729880/2
Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
If bootstage is enabled in TPL it lacks a record count and so does not
build. Fix this by adding a new Kconfig option.
Signed-off-by: Simon Glass <sjg@chromium.org>
This is the same migration path as commit b6251db8c3 ("Kconfig:
Introduce USE_BOOTCOMMAND and migrate BOOTCOMMAND").
I also moved the description in README to the Kconfig help.
I ripped off the sentence about 'LWMON' since it is gone already.
I only let my boards migrate, leaving the rest to platform maintainers.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
At present the default log level is set to LOGL_INFO on start-up. Allow
this to be controlled from Kconfig.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
The log level numbers in the Kconfig are not actually correct. Fix them
and also add a missing space in the header-file comment.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
This converts the following to Kconfig:
CONFIG_BOARD_TYPES
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
Acked-by: Alexey Brodkin <abrodkin@synopsys.com>
Reviewed-by: Minkyu Kang <mk7.kang@samsung.com>
The bounce buffer is used by a few drivers (most of the MMC drivers)
to overcome limitations in their respective DMA implementation.
This moves the configuration to Kconfig and makes it user-selectable
(even though it will be a required feature to make those drivers
work): the expected usage is for drivers depending on this to 'select'
it unconditionally from their respective Kconfig (see follow-up
patches).
This commit includes a full migration using moveconfig.py to ensure
that each commit compiles. To ensure bisectability we update
dependencies of various drivers to now select BOUNCE_BUFFER when needed.
[trini: Squash all patches to ensure bisectability]
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Otavio Salvador <otavio@ossystems.com.br> [dw_mmc portion]
Reviewed-by: Fabio Estevam <festevam@gmail.com> [mxsmmc portion]
Reviewed-by: Simon Glass <sjg@chromium.org> [tegra portion]
At present there is no standard way in U-Boot to pass information from SPL
to U-Boot proper. But sometimes SPL wants to convey information to U-Boot
that U-Boot cannot easily figure out. For example, if SPL sets up SDRAM
then it might want to pass the size of SDRAM, or the location of each
bank, to U-Boot proper.
Add a new 'bloblist' feature which provides this. A bloblist is set up in
the first phase of U-Boot that runs (i.e. TPL or SPL). The location of
this info may be in SRAM or CAR (x86 cache-as-RAM) or somewhere else.
Information placed in this region is preserved (with a checksum) through
TPL and SPL and ends up in U-Boot. At this point it is copied into SDRAM
so it can be used after relocation.
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Andreas Dannenberg <dannenberg@ti.com>