Freescale's SEC block has built-in Blob Protocol which provides
a method for protecting user-defined data across system power
cycles. SEC block protects data in a data structure called a Blob,
which provides both confidentiality and integrity protection.
Encapsulating data as a blob
Each time that the Blob Protocol is used to protect data, a
different randomly generated key is used to encrypt the data.
This random key is itself encrypted using a key which is derived
from SoC's non volatile secret key and a 16 bit Key identifier.
The resulting encrypted key along with encrypted data is called a blob.
The non volatile secure key is available for use only during secure boot.
During decapsulation, the reverse process is performed to get back
the original data.
Commands added
--------------
blob enc - encapsulating data as a cryptgraphic blob
blob dec - decapsulating cryptgraphic blob to get the data
Commands Syntax
---------------
blob enc src dst len km
Encapsulate and create blob of data $len bytes long
at address $src and store the result at address $dst.
$km is the 16 byte key modifier is also required for
generation/use as key for cryptographic operation. Key
modifier should be 16 byte long.
blob dec src dst len km
Decapsulate the blob of data at address $src and
store result of $len byte at addr $dst.
$km is the 16 byte key modifier is also required for
generation/use as key for cryptographic operation. Key
modifier should be 16 byte long.
Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
Since on powerpc phys_size_t can be unsigned long long, this printout
line can result in a not nice compile warning.
Signed-off-by: Valentin Longchamp <valentin.longchamp@keymile.com>
Acked-by: Simon Glass <sjg@chromium.org>
At least on OMAP, init_sata() no longer performs scsi_scan()
so we must do it explicitly here.
Cc: Dan Murphy <dmurphy@ti.com>
Signed-off-by: Roger Quadros <rogerq@ti.com>
Commit 294b91a581 moved initr_malloc
earlier than initr_unlock_ram_in_cache. This causes issue on T4240.
It may be related to locked L1 d-cache and unlocked L2 cache. D-
cache could and should be unlock earlier for normal operation.
This patch moves initr_unlock_ram_in_cache before initr_malloc. It
has been verified on the following boards, in which only T4240QDS
suffered and has been since fixed: T4240QDS, T2080QDS, P5040DS,
P4080DS, MPC8572DS, MPC8536DS, MPC8641HPCN, B4860QDS.
Signed-off-by: York Sun <yorksun@freescale.com>
CC: Scott Wood <scottwood@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
On a couple of platforms I've tripped over long PXE append lines overflowing
this array, due to having CONFIG_SYS_CBSIZE == 256. When doing preseeded Debian
installs it's pretty trivial to exceed that.
Since the symptom can be a silent hang or a crash add a check. Of course the
affected boards would also need an increased CBSIZE to actually work.
Note that due to the printing of the final bootargs string CONFIG_SYS_PBSIZE
also needs to be sufficiently large.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
[trini: Use %zd not %d in printf for all args]
Signed-off-by: Tom Rini <trini@ti.com>
Like many platforms, the Altera socfpga platform requires that the
preloader be "signed" in a certain way or the built-in boot ROM will
not boot the code.
This change automatically creates an appropriately signed preloader
from an SPL image.
The signed image includes a CRC which must, of course, be generated
with a CRC generator that the SoCFPGA boot ROM agrees with otherwise
the boot ROM will reject the image.
Unfortunately the CRC used in this boot ROM is not the same as the
Adler CRC in lib/crc32.c. Indeed the Adler code is not technically a
CRC but is more correctly described as a checksum.
Thus, the appropriate CRC generator is added to lib/ as crc32_alt.c.
Signed-off-by: Charles Manning <cdhmanning@gmail.com>
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Chin Liang See <clsee@altera.com>
Cc: Dinh Nguyen <dinguyen@altera.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Tom Rini <trini@ti.com>
Cc: Wolfgang Denk <wd@denx.de>
Cc: Pavel Machek <pavel@denx.de>
Acked-by: Pavel Machek <pavel@denx.de>
V2: - Zap unused constant
- Explicitly print an error message in case of error
- Rework the hdr_checksum() function to take the *header directly
instead of a plan buffer pointer
Use the new force parameter to make the stdio_deregister succeed, replacing
stdin with a nulldev, and assume that the usb keyboard will come back after
the reset.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
In some cases we really want to move forward with a deregister, add a force
parameter to allow this, and replace the dev with a nulldev in this case.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
We now always properly deregister the keyboard before calling
drv_usb_kbd_init(), so we can drop the check for already being registered.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
We need to call usb_kbd_deregister() before calling usb_stop().
usbkbd's stdio_dev->priv points to the usb_device, and usb_kbd_testc
dereferences usb_device->privptr.
usb_stop zeros usb_device, leaving usb_device->privptr NULL, causing
bad things (tm) to happen once control returns to the main loop and
usb_kbd_testc gets called.
Calling usb_kbd_deregister() avoids this. Note that we do not allow
the "usb reset" to continue when the deregister fails. This will be fixed
in a later patch.
For the same reasons always fail "usb stop" if the usb_kbd_deregister() fails,
even in the force path. This can happen when CONFIG_SYS_STDIO_DEREGISTER is
not set.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
sub-command 'bootpart-resize' check for argc == 4,
it will retrun CMD_RET_FAILURE when argc value not matched.
but bootpart-resize's maxarg is 3, which means you never execute
this sub-command successfully.
fix it by change bootpart-resize maxarg to 4.
Signed-off-by: wally.yeh <wally.yeh@atrustcorp.com>
Cc: Wolfgang Denk <wd@denx.de>
Cc: Pierre Aubert <p.aubert@staubli.com>
Acked-by: Pantelis Antoniou <panto@antoniou-consulting.com>
The code to set the MMC partition uses an weak function to obtain the
correct partition number. Use that instead of the compile-time default
when deciding whether it needs to switch back.
Fixes: 6e7b7df4df ("env_mmc: support env partition setup in runtime")
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Acked-by: Dmitry Lifshitz <lifshitz@compulab.co.il>
Acked-by: Pantelis Antoniou <panto@antoniou-consulting.com>
In preparation for changing the error handling in this code for driver
model, move it into its own function.
Reviewed-by: Jagannadha Sutradharudu Teki <jaganna@xilinx.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
of_bus_default_count_cells can be used to get the #address-cells
and #size-cells defined by the current node's parent node. This
is required when using of_read_number to read from FDT nodes that
can be 32 or 64 bytes depending on values defined by the parent.
Signed-off-by: Arnab Basu <arnab.basu@freescale.com>
CC: Scott Wood <scottwood@freescale.com>
This is being done so that it can be used outside 'fdt_support.c'. Making
life more convenient when reading device node properties that can be 32
or 64 bits long.
Signed-off-by: Arnab Basu <arnab.basu@freescale.com>
Cc: Scott Wood <scottwood@freescale.com>
[1] Move driver/core/, driver/input/ and drivers/input/ entries
from the top Makefile to drivers/Makefile
[2] Remove the conditional by CONFIG_DM in drivers/core/Makefile
because the whole drivers/core directory is already selected
by CONFIG_DM in the upper level
[3] Likewise for CONFIG_DM_DEMO in drivers/demo/Makefile
[4] Simplify common/Makefile - both CONFIG_DDR_SPD and
CONFIG_SPD_EEPROM are boolean macros so they can directly
select objects
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Acked-by: Marek Vasut <marex@denx.de>
The arg_off() and arg_off_size() update the 'current NAND
device' variable (dev). This is then used when assigning the
(nand_info_t*)nand value. Place the assignment after the
arg_off(_size) calls to prevent using incorrect (nand_info_t*)
nand value.
Signed-off-by: Rostislav Lisovy <lisovy@merica.cz>
Since CONFIG_CMD_IMPORTENV is defined in config_cmd_defaults.h,
it should be enabled for all the boards except bf506f-ezkit
that undefs it explicitely.
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Acked-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
Since CONFIG_CMD_GO is defined in config_cmd_defaults.h
(and no board undefs it its own header), it can be moved to
Kconfig with the default value "y".
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Acked-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
Since CONFIG_CMD_EXPORTENV is defined in config_cmd_defaults.h,
it should be enabled for all the boards except bf506f-ezkit
that undefs it explicitely.
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Acked-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
Since CONFIG_CMD_CRC32 is defined in config_cmd_defaults.h,
it is enabled for all the boards except the ones undefining it
explicitly:
kwb
tseries_mmc
tseries_nand
tseries_spi
vct_platinum_onenand_small
vct_platinum_small
vct_platinumavc_onenand_small
vct_platinumavc_small
vct_premium_onenand_small
vct_premium_small
The default value of this config option should be "y" and
"# CONFIG_CMD_CRC32 is not set" should be added for those exceptions.
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Acked-by: Simon Glass <sjg@chromium.org>
CONFIG_CMD_BOOTM is defined in config_cmd_defaults.h
which is forcebly included from each board.
So, the default value of "config CMD_BOOTM" should be "y".
For some boards undefining it (bf506f-ezkit, controlcenterd_TRAILBLA,
controlcenterd_TRAILBLAZER_DEVELOP, controlcenterd_TRAILBLAZER),
"# CONFIG_CMD_BOOTM is not set" should be added to their defconfig.
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Acked-by: Simon Glass <sjg@chromium.org>
This would be useful to start moving various config options.
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Acked-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
This is not supported properly on sandbox, and interferes with running
tests, since when a test script is piped in, some commands will call
ctrlc() which will drop characters from the test script.
Signed-off-by: Simon Glass <sjg@chromium.org>
- add capability to "fastboot flash" with sparse format images
Signed-off-by: Steve Rae <srae@broadcom.com>
Acked-by: Lukasz Majewski <l.majewski@samsung.com>
- update static function
- additional debugging statements
- update "fastboot command" information
- add missing include file
- update spelling
Signed-off-by: Steve Rae <srae@broadcom.com>
Currently, CONFIG_SPL_SPI_* #defines are used for controlling SPI boot in
SPL. These #defines do not allow the user to select SPI mode for the SPI flash
(there's no CONFIG_SPL_SPI_MODE, so the SPI mode is hardcoded in
spi_spl_load.c), and duplicate information already provided by
CONFIG_SF_DEFAULT_* #defines.
Kill CONFIG_SPL_SPI_*, and use CONFIG_SF_DEFAULT_* instead.
Cc: Tom Rini <trini@ti.com>
Cc: Marek Vasut <marex@denx.de>
Cc: Sudhakar Rajashekhara <sudhakar.raj@ti.com>
Cc: Lokesh Vutla <lokeshvutla@ti.com>
Cc: Vitaly Andrianov <vitalya@ti.com>
Cc: Lars Poeschel <poeschel@lemonage.de>
Cc: Bo Shen <voice.shen@atmel.com>
Cc: Hannes Petermaier <hannes.petermaier@br-automation.com>
Cc: Michal Simek <monstr@monstr.eu>
Acked-by: Marek Vasut <marex@denx.de>
Signed-off-by: Nikita Kiryanov <nikita@compulab.co.il>
Reviewed-by: Jagannadha Sutradharudu Teki <jaganna@xilinx.com>
gd->fdt_blob is used for FDT control of U-Boot.
If CONFIG_OF_CONTROL is not defined, it is useless.
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Cc: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
This was breaking the build for some boards:
MPC8536DS MPC8536DS_36BIT MPC8536DS_SDCARD MPC8536DS_SPIFLASH qemu-ppce500
Include only these features for some PPC boards if the configuration for MultiProcessor
is enabled.
Signed-off-by: Gabriel Huau <contact@huau-gabriel.fr>
Cc: Tom Rini <trini@ti.com>
Cc: York Sun <yorksun@freescale.com>
Acked-by: York Sun <yorksun@freescale.com>
There are two ways to run into handle_exception, run command 'kgdb' and
encounter a breakpoint which triggers exception handling.
The origin source code only saves regs when first run command 'kgdb'.
Take the following for example, When run 'kgdb', regs is saved to entry_regs.
When run 'bootz', regs is not saved. However, if we set a breakpoint, then
continue. When breakpoint is reached, run `quit`, and Now return to the
instruction which follows kgdb, but not bootz.This may cause errors. So,
save regs for each handle_exception call to return to the correct place.
Example:
Target | Host
=>kgdb | (gdb)b bootz
| (gdb)c
=>bootz |
| (gdb)Here stop because of breakpoint
| (gdb)q
Signed-off-by: Peng Fan <van.freenix@gmail.com>
The parameters of size_t type shall be formatted using "%zu" and not
using "%d".
Precision argument for the "%.*s" parameters shall be of int type.
Signed-off-by: Vasili Galka <vvv444@gmail.com>
For some boards board_init() will change GPIOs, so we need to have driver
model available before then. Adjust the board init to arrange this, but
enable it for driver model only, just to be safe.
This does create additional #ifdef logic, but it is safer than trying to
make a pervasive change which may cause some boards to break.
Signed-off-by: Simon Glass <sjg@chromium.org>
Since driver model registers itself with the stdio subsystem, and we
want to avoid delayed registration and other complexity associated with
the current serial console, move the stdio subsystem init earlier when
driver model is used for serial.
This simplifies the implementation. Should there be any problems with
this approach they can be dealt with as boards are converted over to
use driver model for serial.
Signed-off-by: Simon Glass <sjg@chromium.org>
In order to support GPIO access in board_early_init_f() we must set up
driver model before this function is called. In any case, earlier is
better since driver model is (or will become) a key function for most
init.
Signed-off-by: Simon Glass <sjg@chromium.org>
For ARM / ARM64 the relocation routines already updated
gd to the new value. Don't set it again. This allows
compilation with clang as it cannot update gd directly.
cc: Albert ARIBAUD <albert.u.boot@aribaud.net>
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
This commit provides distinction between DFU device detach and reset.
The -R behavior is preserved with proper handling of the dfu-util's -e
switch, which detach the DFU device.
By running dfu-util -e; one can force device to finish the execution of
dfu command on target and execute some other scripted commands.
Moreover, some naming has been changed - the dfu_reset() method now is known
as dfu_detach(). New name better reflects the purpose of the code.
It was also necessary to increase the number of usb_gadget_handle_interrupts()
calls since we also must wait for detection of the USB reset event.
Example usage:
1. -e (detach) switch
dfu-util -a0 -D file1.bin;dfu-util -a3 -D uImage;dfu-util -e
access to u-boot prompt.
2. -R (reset) switch
dfu-util -a0 -D file1.bin;dfu-util -R -a3 -D uImage
target board reset
Signed-off-by: Lukasz Majewski <l.majewski@samsung.com>
Reviewed-by: Stephen Warren <swarren@nvidia.com>
Tested-by: Stephen Warren <swarren@nvidia.com>