Commit 94e3c8c4fd ("crypto/fsl - Add progressive hashing support
using hardware acceleration.") created entries for CONFIG_SHA1,
CONFIG_SHA256, CONFIG_SHA_HW_ACCEL, and CONFIG_SHA_PROG_HW_ACCEL.
However, no defconfig has migrated to it. Complete the move by first
adding additional logic to various Kconfig files to select this when
required and then use the moveconfig tool. In many cases we can select
these because they are required to implement other drivers. We also
correct how we include the various hashing algorithms in SPL.
This commit was generated as follows (after Kconfig additions):
[1] tools/moveconfig.py -y SHA1 SHA256 SHA_HW_ACCEL
[2] tools/moveconfig.py -y SHA_PROG_HW_ACCEL
Note:
We cannot move SHA_HW_ACCEL and SHA_PROG_HW_ACCEL simultaneously
because there is dependency between them.
Cc: Poonam Aggrwal <poonam.aggrwal@freescale.com>
Cc: Naveen Burmi <NaveenBurmi@freescale.com>
Cc: Po Liu <po.liu@freescale.com>
Cc: Shengzhou Liu <Shengzhou.Liu@freescale.com>
Cc: Priyanka Jain <Priyanka.Jain@freescale.com>
Cc: Shaohui Xie <Shaohui.Xie@freescale.com>
Cc: Chunhe Lan <Chunhe.Lan@freescale.com>
Cc: Chander Kashyap <k.chander@samsung.com>
Cc: Steve Rae <steve.rae@raedomain.com>
Cc: Dirk Eibach <eibach@gdsys.de>
Cc: Feng Li <feng.li_2@nxp.com>
Cc: Alison Wang <alison.wang@freescale.com>
Cc: Sumit Garg <sumit.garg@nxp.com>
Cc: Mingkai Hu <Mingkai.Hu@freescale.com>
Cc: York Sun <york.sun@nxp.com>
Cc: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>
Cc: Jaehoon Chung <jh80.chung@samsung.com>
Cc: Akshay Saraswat <akshay.s@samsung.com>
Cc: Heiko Schocher <hs@denx.de>
Cc: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
The function tpm_xfer returns int so make 'err' be int rather than
uint32_t so that we can catch an error condition. Reported by
clang-3.8.
Signed-off-by: Tom Rini <trini@konsulko.com>
The rsa_st struct has been made opaque in 1.1.x, add forward compatible
code to access the n, e, d members of rsa_struct.
EVP_MD_CTX_cleanup has been removed in 1.1.x and EVP_MD_CTX_reset should be
called to reinitialise an already created structure.
The value assigned to saved_offset is never used.
The problem was indicated by clang scan-build.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In some boards like the Raspberry Pi the initial bootloader will pass
a DT to the kernel. When using U-Boot as such kernel, the board code in
U-Boot should be able to provide U-Boot with this, already assembled
device tree blob.
This patch introduces a new config option CONFIG_OF_BOARD to use instead
of CONFIG_OF_EMBED or CONFIG_OF_SEPARATE which will initialize the DT
from a board-specific funtion instead of bundling one with U-Boot or as
a separated file. This allows boards like the Raspberry Pi to reuse the
device tree passed from the bootcode.bin and start.elf firmware
files, including the run-time selected device tree overlays.
Signed-off-by: Alex Deymo <deymo@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
A common use of memmove() can be handled by memcpy(). Also memcpy()
includes an optimisation for large sizes: it copies a word at a time. So
we can get a speed-up by calling memcpy() to handle our move in this case.
Update memmove() to call memcpy() if the destination is before the source.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
We should not first dereference p and afterwards assert that is
was not NULL. Instead do the assert first.
The problem was indicated by cppcheck.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This converts the following to Kconfig:
CONFIG_CMD_AES
CONFIG_AES
Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Add select AES to CMD_AES]
Signed-off-by: Tom Rini <trini@konsulko.com>
With skeleton.dtsi being dropped it is more likely that the /aliases node
will be last in the device tree. Update fdtgrep to handle this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Add support for %p, %pa[p], %pM, %pm and %pI4 formats to tiny-printf.
%pM and %pI4 are widely used by SPL networking stack and is required if
networking support is desired in SPL.
%p, %pa and %pap are mostly used by debug prints and hence supported
only when DEBUG is enabled.
Before this patch:
$ size spl/u-boot-spl
text data bss dec hex filename
99325 4899 218584 322808 4ecf8 spl/u-boot-spl
After this patch (with CONFIG_SPL_NET_SUPPORT):
$ size spl/u-boot-spl
text data bss dec hex filename
99666 4899 218584 323149 4ee4d spl/u-boot-spl
So, this patch adds ~350 bytes to code size.
If CONFIG_SPL_NET_SUPPORT is not enabled, this adds ~25 bytes.
If CONFIG_USE_TINY_PRINTF is disabled then:
$ size spl/u-boot-spl
text data bss dec hex filename
101116 4899 218584 324599 4f3f7 spl/u-boot-spl
So, there is still ~1.4K space saved even with support for %pM/%pI4.
Compiler used is to build is:
arm-linux-gnueabihf-gcc (Linaro GCC 6.2-2016.11) 6.2.1 20161016
Signed-off-by: Vignesh R <vigneshr@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
aes.h is a too generic name if this file can
be exported and used by a program.
Rename it to avoid any conflicts with
other files (for example, from openSSL).
Signed-off-by: Stefano Babic <sbabic@denx.de>
For some reason Python 3 seems to think it does not need to build
the library. Using the --force parameter makes sure that the library
gets built always. This is especially important since we move the
library in the next step of the Makefile, hence forcing a rebuild
every time the higher level Makefile triggers a rebuild is required
to make sure the library is always there.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Acked-by: Simon Glass <sjg@chromium.org>
Create a new Kconfig entry to allow CMD_UBIFS selection from Kconfig and
add an hidden LZO option that can be selected by CMD_UBIFS.
Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Acked-by: Jagan Teki <jagan@openedev.com>
Expose the RBTREE feature through Kconfig and select this option from the
MTD_UBI option.
Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Acked-by: Jagan Teki <jagan@openedev.com>
[Rebased on master]
Signed-off-by: Jagan Teki <jagan@openedev.com>
We will need the bch functions in the tool to generate the SPL images for
the Allwinner SoCs.
Do the needed adjustments so that we can use it on the host.
Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Jagan Teki <jagan@openedev.com>
Most of the time the optimised memset() is what we want. For extreme
situations such as TPL it may be too large. For example on the 'rock'
board, using a simple loop saves a useful 48 bytes. With gcc 4.9 and
the rodata bug, this patch is enough to reduce the TPL image below the
limit.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heiko Stuebner <heiko@sntech.de>
If we want to load a key into a TPM, we need to know the designated parent
key's handle, so that the TPM is able to insert the key at the correct place in
the key hierarchy.
However, if we want to load a key whose designated parent key we also
previously loaded ourselves, we first need to memorize this parent key's handle
(since the handles for the key are chosen at random when they are inserted into
the TPM). If we are, however, unable to do so, for example if the parent key is
loaded into the TPM during production, and its child key during the actual
boot, we must find a different mechanism to identify the parent key.
To solve this problem, we add a function that allows U-Boot to load a key into
the TPM using their designated parent key's SHA1 hash, and the corresponding
auth data.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Simon Glass <sjg@chromium.org>
Use CONFIG_IS_ENABLED() macro to check whether OF_TRANSLATE is enabled, so
that code block is compiled irrespective of SPL or U-Boot build
and fdt address translation is used.
Signed-off-by: Vignesh R <vigneshr@ti.com>
The CAAM in IMX parts doesn't support public key hardware acceleration
(PKHA), so don't use RSA_FREESCALE_EXP. If you try to use it on IMX
(assuming you have the clocks enabled first) you will get back an
"Invalid KEY Command" error since PKHA isn't a valid key destination for
these parts.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
So far CONFIG_MD5SUM would need to be set by a board's include file.
Since the command is really generic, move it over to Kconfig to allow
it to be defined by either a board's defconfig, menuconfig or some
config snippet merged via mergeconfig.sh.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
These two functions are only used in lib/tiny-printf.c .
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Tested-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Stefan Roese <sr@denx.de>
Instead of adding all memory banks, add a hook so individual SoC/board
can has its own implementation.
Signed-off-by: York Sun <york.sun@nxp.com>
CC: Alexander Graf <agraf@suse.de>
Reviewed-by: Alexander Graf <agraf@suse.de>
We should use unsigned long rather than u32 for addresses. Update this so
that the table-generation code builds correctly on 64-bit machines.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
This patch adds a function to the TPM library, which allows U-Boot to
flush resources, e.g. keys, from the TPM.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Roese <sr@denx.de>
Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, etc without exposing the keys.
Support for other engines can be added in the future by modifying
rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct
correct key_id strings.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Ensure '.' is used to separate octets. If another character is seen
reject the string outright and return 0.0.0.0.
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Previously values greater than 255 were implicitly truncated. Add some
stricter checking to reject addresses with components >255.
With the input "1234192.168.1.1" the old behaviour would truncate the
address to 192.168.1.1. New behaviour rejects the string outright and
returns 0.0.0.0, which for the purposes of IP addresses can be
considered an error.
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Currently, mdelay() and udelay() are declared in include/common.h,
while ndelay() in include/linux/compat.h. It would be nice to
collect them into include/linux/delay.h like Linux.
While we are here, fix the ndelay() implementation; I used the
DIV_ROUND_UP() instead of (x)/1000 because it must wait *longer*
than the given period of time.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The fdt_overlay_apply() function purports to support the edge cases where
an overlay has no fixups to be applied, or a base tree which has no
symbols (the latter can only work if the former is also true). However it
gets it wrong in a couple of small ways:
* In the no fixups case, it doesn't fail immediately, but will attempt
fdt_for_each_property_offset() giving -FDT_ERR_NOTFOUND as the node
offset, which will fail. Instead it should succeed immediately, since
there's nothing to do.
* In the case of no symbols, it again doesn't fail immediately. However
if there is an actual fixup it will fail with an unexpected error,
because -FDT_ERR_NOTFOUND is passed to fdt_getprop() when attempting to
look up the symbols. We should instead return -FDT_ERR_NOTFOUND
directly.
Both of these errors lead to the code returning misleading error codes in
failing cases.
[ DTC commit: 7d8ef6e1db9794f72805a0855f4f7f12fadd03d3 ]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Acked-by: Simon Glass <sjg@chromium.org>
tiny-printf does not know about the "-" modifier, which aligns numbers.
This is used by some SPL code, but as it's purely cosmetical, we just
ignore this modifier here to avoid changing correct printf strings.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jagan Teki <jagan@openedev.com>
tiny-printf does not know about the "l" modifier so far, which breaks
the crash dump on AArch64, because it uses %lx to print the registers.
Add an easy way of handling longs correctly.
Using a relatively decent compiler (GCC 5.3.0) this does _not_ increase
the code size of tiny-printf.o for 32-bit builds (where long and int
are actually the same), actually it looses three (ARM Thumb2) instructions
from the actual SPL (numbers for orangepi_plus_defconfig):
text data bss dec hex filename
758 0 0 758 2f6 spl/lib/tiny-printf.o before
18839 488 232 19559 4c67 spl/u-boot-spl before
758 0 0 758 2f6 spl/lib/tiny-printf.o after
18833 488 232 19553 4c61 spl/u-boot-spl after
This adds some substantial amount of code to a 64-bit build, though:
(taken after a later commit, which enables the ARM64 SPL build for sunxi)
text data bss dec hex filename
1542 0 0 1542 606 spl/lib/tiny-printf.o before
25830 392 360 26582 67d6 spl/u-boot-spl before
1758 0 0 1758 6de spl/lib/tiny-printf.o after
26040 392 360 26792 68a8 spl/u-boot-spl after
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jagan Teki <jagan@openedev.com>
Add two functions for use by board implementations to decode the memory
banks of the /memory node so as to populate the global data with
ram_size and board info for memory banks.
The fdtdec_setup_memory_size() function decodes the first memory bank
and sets up the gd->ram_size with the size of the memory bank. This
function should be called from the boards dram_init().
The fdtdec_setup_memory_banksize() function decode the memory banks
(up to the CONFIG_NR_DRAM_BANKS) and populates the base address and size
into the gd->bd->bi_dram array of banks. This function should be called
from the boards dram_init_banksize().
Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Michal Simek <monstr@monstr.eu>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Today we can compile a self-contained hello world efi test binary that
allows us to quickly verify whether the EFI loader framwork works.
We can use that binary outside of the self-contained test case though,
by providing it to a to-be-tested system via tftp.
This patch separates compilation of the helloworld.efi file from
including it in the u-boot binary for "bootefi hello". It also modifies
the efi_loader test case to enable travis to pick up the compiled file.
Because we're now no longer bloating the resulting u-boot binary, we
can enable compilation always, giving us good travis test coverage.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA
pairings will still fail on verify operations when the hash length is
longer than the key length.
Follow the same naming scheme "checksum,crytpo" without explicitly
defining the string.
Indirectly adds support for "sha1,rsa4096" signing/verification.
Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cut down on the repetition of algorithm information by defining separate
checksum and crypto structs. image_sig_algos are now simply pairs of
unique checksum and crypto algos.
Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Padding verification was done against static SHA/RSA pair arrays which
take up a lot of static memory, are mostly 0xff, and cannot be reused
for additional SHA/RSA pairings. The padding can be easily computed
according to PKCS#1v2.1 as:
EM = 0x00 || 0x01 || PS || 0x00 || T
where PS is (emLen - tLen - 3) octets of 0xff and T is DER encoding
of the hash.
Store DER prefix in checksum_algo and create rsa_verify_padding
function to handle verification of a message for any SHA/RSA pairing.
Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
checksum_algo's pad_len field isn't actually used to store the length of
the padding but the total length of the RSA key (msg_len + pad_len)
Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
On ls2080 we have a separate network fabric component which we need to
shut down before we enter Linux (or any other OS). Along with that also
comes configuration of the fabric using a description file.
Today we always stop and configure the fabric in the boot script and
(again) exit it on device tree generation. This works ok for the normal
booti case, but with bootefi the payload we're running may still want to
access the network.
So let's add a new fsl_mc command that defers configuration and stopping
the hardware to when we actually exit U-Boot, so that we can still use
the fabric from an EFI payload.
For existing boot scripts, nothing should change with this patch.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: York Sun <york.sun@nxp.com>
[agraf: Fix x86 build]
Enable this so that EFI applications (notably grub) can be run under U-Boot
on x86 platforms.
At present the 'hello world' EFI application is not supported for the
qemu-x86_efi_payload64 board. That board builds a payload consisting of a
64-bit header and a 32-bit U-Boot, which is incompatible with the way the
EFI loader builds its EFI application. The following error is obtained:
x86_64-linux-ld.bfd: i386 architecture of input file
`lib/efi_loader/helloworld.o' is incompatible with i386:x86-64 output
This could be corrected with additional Makefile rules. For now, this
feature is disabled for that board.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
[agraf: drop hello kconfig bits]
Signed-off-by: Alexander Graf <agraf@suse.de>
It is useful to have a basic sanity check for EFI loader support. Add a
'bootefi hello' command which loads HelloWord.efi and runs it under U-Boot.
Signed-off-by: Simon Glass <sjg@chromium.org>
[agraf: Fix documentation, add unfulfilled kconfig dep]
Signed-off-by: Alexander Graf <agraf@suse.de>
At present we use a CONFIG option in efi.h to determine whether we are
building the EFI stub or not. This means that the same header cannot be
used for EFI_LOADER support. The CONFIG option will be enabled for the
whole build, even when not building the stub.
Use a different define instead, set up just for the files that make up the
stub.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>