The documentation above the DEFINE_ALIGN_BUFFER says it's for use
outside functions, but we're inside one.
Instead use ALLOC_CACHE_ALIGN_BUFFER, the stack based macro, which also
includes the cache alignment.
Fixes: b583348ca8 ("image: fit: Align hash output buffers")
Signed-off-by: Joel Stanley <joel@jms.id.au>
Tested-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Reviewed-by: Sean Anderson <sean.anderson@seco.com>
The commit 2158b0da22 ("bootmenu: add Kconfig option
not to enter U-Boot console") disables to enter U-Boot
console from bootmenu as default, this change affects the
existing bootmenu users.
This commit reverts the default behavior, the bootmenu can
enter U-Boot console same as before.
CMD_BOOTMENU_ENTER_UBOOT_CONSOLE is renamed
BOOTMENU_DISABLE_UBOOT_CONSOLE and depends on
AUTOBOOT_MENU_SHOW.
Fixes: 2158b0da22 ("bootmenu: add Kconfig option not to enter U-Boot console")
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Tested-by: Pali Rohar <pali@kernel.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
TI secure devices chain-of-trust depends on FIT image processing,
enable it by default on these devices. This also reduces the delta
between the secure and non-secure defconfig files.
Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Non-FIT image loading support should be disabled for TI secure
devices as the image handlers for those image types do not follow
our secure boot checks.
Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
We would like to use bootstd by default when EFI boot manager is not
enabled. But so far bootstd does not support all the of distro-boot
fetures. So for now, add an option to select this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a bootmeth driver which handles distro boot from a disk via a U-Boot
script, so we can boot a bootflow using this commonly used mechanism. This
is required by Armbian, for example.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a bootmeth driver which handles EFI boot manager, using EFI_LOADER.
In effect, this provides the same functionality as the 'bootefi bootmgr'
command and shares the same code. But the interface into it is via a
bootmeth, so it does not require any special scripts, etc.
For now this requires the 'bootefi' command be enabled. Future work may
tidy this up so that it can be used without CONFIG_CMDLINE being enabled.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some boot methods don't act on a single bootdev but instead do their own
thing. An example is EFI bootmgr which scan various devices using its own
logic. Add a bootdev to handle this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a bootmeth driver which handles EFI boot, using EFI_LOADER.
In effect, this provides the same functionality as the 'bootefi' command
and shares the same code. But the interface into it is via a bootmeth,
so it does not require any special scripts, etc.
For now this requires the 'bootefi' command be enabled. Future work may
tidy this up so that it can be used without CONFIG_CMDLINE being enabled.
There was much discussion about whether this is needed, but it seems
that it is, at least for now.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a bootmeth driver which handles distro boot from a network device, so
we can boot a bootflow using this commonly used mechanism.
In effect, this provides the same functionality as the 'pxe' command
and shares the same code. But the interface into it is via a bootmeth.
For now this requires the 'pxe' command be enabled. Future work may tidy
this up so that it can be used without CONFIG_CMDLINE being enabled.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a bootmeth driver which handles distro boot from a disk, so we can
boot a bootflow using this commonly used mechanism.
In effect, this provides the same functionality as the 'sysboot' command
and shares the same code. But the interface into it is via a bootmeth.
For now this requires the 'pxe' command be enabled. Future work may tidy
this up so that it can be used without CONFIG_CMDLINE being enabled.
Signed-off-by: Simon Glass <sjg@chromium.org>
A bootmeth is a method of locating an operating system. For now, just
add the uclass itself. Drivers for particular bootmeths are added later.
If no bootmeths devices are included in the devicetree, create them
automatically. This avoids the need for boilerplate in the devicetree
files.
Signed-off-by: Simon Glass <sjg@chromium.org>
A 'bootdev' is a device which can be used to boot an operating system.
It is a child of the media device (e.g. MMC) which handles reading files
from that device, such as a bootflow file.
Add a uclass for bootdev and the various helpers needed to make it
work. Also add a binding file, empty for now.
Signed-off-by: Simon Glass <sjg@chromium.org>
The 'bootstd' device provides the central information about U-Boot
standard boot.
Add a uclass for bootstd and the various helpers needed to make it
work. Also add a binding file.
Signed-off-by: Simon Glass <sjg@chromium.org>
The current implementation of boot_relocate_fdt() places DT at the
highest usable DRAM address, which is calculated as:
env_get_bootm_low() + env_get_bootm_mapsize()
which by default becomes gd->ram_base + gd->ram_size.
Systems like i.MX53 can have multiple DRAM banks with gap between them,
e.g. have DRAM at 0x70000000-0x8fffffff and 0xb0000000-0xcfffffff , so
for them the calculated highest DRAM address is 0xafffffff, which is
exactly in the gap and thus not usable.
Fix this by iterating over all DRAM banks and tracking the remaining
amount of the total mapping size obtained from env_get_bootm_mapsize().
Limit the maximum LMB area size to each bank, to avoid using nonexistent
DRAM.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
* free() checks if its argument is NULL. Remove duplicate checks.
* Remove duplicate free(ovcopy).
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
It can be useful for the OS (Linux) to know which configuration has
been chosen by U-Boot when launching a FIT image.
Store the name of the FIT configuration node used in a new string
property called 'u-boot,bootconf' in the '/chosen' node in device tree.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Hardware-accelerated hash functions require that the input and output
buffers be aligned to the minimum DMA alignment. memalign.h helpfully
provides a macro just for this purpose. It doesn't exist on the host,
but we don't need to be aligned there either.
Fixes: 5dfb521386 ("[new uImage] New uImage low-level API")
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Since the commit bfaa51dd4a ("cmd: add serial console support
for the cls command") the cls command is not enough to clear the
video display when ANSI console is activated.
This patch clears the video device with the video_clear() API
before to display the bitmap used for the PXE background.
This patch avoids to display the LOGO, activated by default with
commit 7a8555d871 ("video: Show the U-Boot logo by default").
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
A big part is the DM pinctrl driver, which allows us to get rid of quite
some custom pinmux code and make the whole port much more robust. Many
thanks to Samuel for that nice contribution! There are some more or less
cosmetic warnings about missing clocks right now, I will send the trivial
fixes for that later.
Another big chunk is the mkimage upgrade, which adds RISC-V and TOC0
(secure images) support. Both features are unused at the moment, but I
have an always-secure board that will use that once the DT lands in the
kernel.
On top of those big things we have some smaller fixes, improving the
I2C DM support, fixing some H6/H616 early clock setup and improving the
eMMC boot partition support.
The gitlab CI completed successfully, including the build test for all
161 sunxi boards. I also boot tested on a A64, A20, H3, H6, and F1C100
board. USB, SD card, eMMC, and Ethernet all work there (where applicable).
Most Allwinner sunxi SoCs have separate boot ROMs in non-secure and
secure mode. The "non-secure" or "normal" boot ROM (NBROM) uses the
existing sunxi_egon image type. The secure boot ROM (SBROM) uses a
completely different image type, known as TOC0.
A TOC0 image is composed of a header and two or more items. One item
is the firmware binary. The others form a chain linking the firmware
signature to the root-of-trust public key (ROTPK), which has its hash
burned in the SoC's eFuses. Signatures are made using RSA-2048 + SHA256.
The pseudo-ASN.1 structure is manually assembled; this is done to work
around bugs/quirks in the boot ROM, which vary between SoCs. This TOC0
implementation has been verified to work with the A50, A64, H5, H6,
and H616 SBROMs, and it may work with other SoCs.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Acked-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
When u-boot is used as a chain-loaded bootloader (replacing OS kernel),
previous bootloader leaves data in RAM, that can be reused.
For example, on recent arm linux system, when chainloading u-boot,
there are initramfs and fdt in RAM prepared for OS booting. Initramfs
may be modified to store u-boot's payload, thus providing the ability to
use chainloaded u-boot to boot OS without any storage support.
Two config options added:
- SAVE_PREV_BL_INITRAMFS_START_ADDR
saves initramfs start address to 'prevbl_initrd_start_addr' environment
variable
- SAVE_PREV_BL_FDT_ADDR
saves fdt address to 'prevbl_fdt_addr' environment variable
Signed-off-by: Dzmitry Sankouski <dsankouski@gmail.com>
Cc: Tom Rini <trini@konsulko.com>
Unfortunately, we require additional logic to buildman to support this
removal and still use SYS_SOC, etc, for build targets.
This reverts commit eeec00072d.
Signed-off-by: Tom Rini <trini@konsulko.com>
This converts the following to Kconfig:
CONFIG_SYS_MONITOR_BASE
Note that for how this is re-used on some PowePC platforms, we introduce
CONFIG_SPL_SYS_MONITOR_BASE and CONFIG_TPL_SYS_MONITOR_BASE and use the
CONFIG_VAL macro to get the correct value at build time, in the code.
Signed-off-by: Tom Rini <trini@konsulko.com>
Add a stage pre-load to the command bootm.
Right now, this stage may be used to read a
header and check the signature of the full
image.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Add a stage pre-load that could
check or modify an image.
For the moment, only a header with a signature is
supported. This header has the following format:
- magic : 4 bytes
- version : 4 bytes
- header size : 4 bytes
- image size : 4 bytes
- offset image signature : 4 bytes
- flags : 4 bytes
- reserved0 : 4 bytes
- reserved1 : 4 bytes
- sha256 of the image signature : 32 bytes
- signature of the first 64 bytes : n bytes
- image signature : n bytes
- padding : up to header size
The stage uses a node /image/pre-load/sig to
get some informations:
- algo-name (mandatory) : name of the algo used to sign
- padding-name : name of padding used to sign
- signature-size : size of the signature (in the header)
- mandatory : set to yes if this sig is mandatory
- public-key (madatory) : value of the public key
Before running the image, the stage pre-load checks
the signature provided in the header.
This is an initial support, later we could add the
support of:
- ciphering
- uncompressing
- ...
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
The code was mistakenly initializing the input buffer twice.
Tested to be working on BeagleBone by adjusting CONFIG_SYS_BOOTM_LEN to
64MiB (probably works with less) and preparing uImage with:
cat arch/arm/boot/Image \
| zstd --ultra -22 --zstd=windowLog=22 \
> linux.bin.zst
mkimage -A arm -T kernel uImage -C zstd -d linux.bin.zst \
-a 0x80008000 -e 0x80008000
Without the windowLog restriction, bootm fails with a zstd decompression
error 7 (window too large), which I haven't troubleshooted.
There should be a bit more documentation on the feature...
Reviewed-by: Simon Glass <sjg@chromium.org>
Fixes: 458b30af66 image: Update image_decomp() to avoid ifdefs
This converts the following to Kconfig:
CONFIG_BOOT_RETRY_TIME
CONFIG_BOOT_RETRY_MIN
CONFIG_RESET_TO_RETRY
We also introduce CONFIG_BOOT_RETRY to gate these options, and clean up
the associated Makefile entry and C code for picking default values of
CONFIG_BOOT_RETRY_MIN.
Signed-off-by: Tom Rini <trini@konsulko.com>
this will add kaslrseed keyword to sysboot lable,
when it set, it will request to genarate random number
from hwrng as kaslr-seed.
with this patch exlinux.conf label looks like
label l0
menu testing
linux /boot/vmlinuz-5.15.16-arm
initrd /boot/initramfs-5.15.16-arm.img
fdtdir /boot/dtbs/5.15.16-arm/
kaslrseed
append root=UUID=92ae1e50-eeeb-4c5b-8939-7e1cd6cfb059 ro
Tested on Khadas VIM with kernel 5.16.0-rc5-arm64, Debian 11.
Signed-off-by: Zhang Ning <zhangn1985@qq.com>
The Lichee Pi Nano is a board based on the F1C100s.
Add defconfigs for it.
Signed-off-by: Icenowy Zheng <icenowy@aosc.io>
Signed-off-by: Jesse Taube <Mr.Bossman075@gmail.com>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At present we rely on the key blob being in the global_data fdt_blob
pointer. This is true in U-Boot but not with tools. For clarity, pass the
parameter around.
Signed-off-by: Simon Glass <sjg@chromium.org>
Put the parent node first in the parameters as this is more natural. Also
add a comment to explain what is going on.
Signed-off-by: Simon Glass <sjg@chromium.org>
We should be consistent in using the term 'signature' to describe a value
added to sign something and 'key' to describe the key that can be used to
verify the signature.
Tidy up the code to stick to this.
Add some comments to fit_config_verify_key() and its callers while we are
here.
Signed-off-by: Simon Glass <sjg@chromium.org>
This will allow consumers to choose a pxe label at runtime instead of
having to prompt the user. One good use-case for this, is choosing
whether or not to apply a dtbo depending on the hardware configuration.
e.g: for TI's AM335x EVM, it would be convenient to apply a particular
dtbo only when the J9 jumper is on PRUSS mode. To achieve this, the
pxe menu should have 2 labels, one with the dtbo and the other without,
then the "pxe_label_override" env variable should point to the label with
the dtbo at runtime only when the jumper is on PRUSS mode.
This change can be used for different use-cases and bring more
flexibilty to consumers who use sysboot/pxe_utils.
if "pxe_label_override" is set but does not exist in the pxe menu,
the code should fallback to the default label if given, and no failure
is returned but rather a warning message.
Signed-off-by: Amjad Ouled-Ameur <aouledameur@baylibre.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
LynxOS needed the do_bootm_lynxkdi() function that got removed in
7e713067ee ("Remove LYNX KDI remainders") - and that function needed
a lynxkdi_boot() function, where the last implementation had been
removed in 98f705c9ce ("powerpc: remove 4xx support") already. Looks
like this OS is definitely not supported anymore, so remove it from
the corresponding lists.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Stefan Roese <sr@denx.de>
In order to finish moving this symbol to Kconfig for all platforms, we
need to do a few more things. First, for all platforms that define this
to a function, introduce CONFIG_DYNAMIC_SYS_CLK_FREQ, similar to
CONFIG_DYNAMIC_DDR_CLK_FREQ and populate clock_legacy.h. This entails
also switching all users from CONFIG_SYS_CLK_FREQ to get_board_sys_clk()
and updating a few preprocessor tests.
With that done, all platforms that define a value here can be converted
to Kconfig, and a fall-back of zero is sufficiently safe to use (and
what is used today in cases where code may or may not have this
available). Make sure that code which calls this function includes
<clock_legacy.h> to get the prototype.
Signed-off-by: Tom Rini <trini@konsulko.com>
In strange cases it is possible for fdtgrep to find nothing to output.
Typically this means that the resulting SPL device tree is not going to
allow anything to boot, but at present the tree is actually invalid,
since it only has an END tag in the struct region.
The FDT spec requires at least a root node. So add a special case to
include at least this, if the FDT_REG_SUPERNODES flag is set.
This ensures that grepping an empty tree still produces a valid tree.
Also add comments to the enum since it is not completely obvious from
the names now.
The typical symptom of this problem is a message from binman:
pylibfdt error -11: FDT_ERR_BADSTRUCTURE
Signed-off-by: Simon Glass <sjg@chromium.org>