TCG EFI Protocol Specification requires to the input
ProtocolCapability.Size < size of the EFI_TCG2_BOOT_SERVICE_CAPABILITY
up to and including the vendor ID field.
Current implementation does different calculation, let's fix it.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
TCG EFI Protocol Specification defines the required parameter
checking and return value for each API.
This commit adds the missing parameter check and
fixes the wrong return value to comply the specification.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
When U-Boot is started we have to use the existing variables to determine
in which secure boot state we are.
* If a platform key PK is present and DeployedMode=1, we are in deployed
mode.
* If no platform key PK is present and AuditMode=1, we are in audit mode.
* Otherwise if a platform key is present, we are in user mode.
* Otherwise if no platform key is present, we are in setup mode.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Writing variables AuditMode and DeployedMode serves to switch between
Secure Boot modes. Provide a separate value for these in efi_auth_var_type.
With this patch the variables will not be read from from file even if they
are marked as non-volatile by mistake.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The UEFI specification requires that the signature database may only be
stored in tamper-resistant storage. So these variable may not be read
from an unsigned file.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
We should not first allocate memory and then report a rounded up value as
image size. Instead first round up according to section allocation and then
allocate the memory.
Fixes: 82786754b9 ("efi_loader: ImageSize must be multiple of SectionAlignment")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
In a section header VirtualSize may be zero. This is for instance seen in
the .sbat section of shim. In this case use SizeOfRawData as section size.
Fixes: 9d30a941cc ("efi_loader: don't load beyond VirtualSize")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Asherah Connor <ashe@kivikakk.ee>
This Kconfig symbol was never added to U-Boot but it was mentioned in the
origin commit c35df7c9e4 ("qemu: arm64: Add documentation for capsule
update"). That's why remove it from documentation to be accurate.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
DMA is aligned to ARCH_DMA_MINALIGN(64 bytes), but as per spec, alignment
required is 4bytes only. Change DMA alignment from ARCH_DMA_MINALIGN to
GQSPI_DMA_ALIGN. Remove alignment of data length in non-exponential case.
Some minor improvements in the initialization to initialize gen_fifo
threshold and disable qspi controller while setting config register.
Signed-off-by: Ashok Reddy Soma <ashok.reddy.soma@xilinx.com>
Tested-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Current implementation uses auto mode for starting generic FIFO.
The recommendation from IP designers is to use manual mode, hence
change to manual start mode.
In fill genfifo first write to genfio and then trigger manual start.
Also enable and check for genfifo empty interrupt status in place of
genfifo not full interrupt.
Signed-off-by: Ashok Reddy Soma <ashok.reddy.soma@xilinx.com>
Tested-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
This Kconfig symbol was never added to U-Boot but it was mentioned in the
origin commit c35df7c9e4 ("qemu: arm64: Add documentation for capsule
update"). That's why remove it from documentation to be accurate.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
BTRFS volume consists of a number of subvolumes which can be mounted separately
from each other. The top-level subvolume always exists even if no subvolumes
were created manually. A subvolume can be denoted as the default subvolume i.e.
the subvolume which is mounted by default.
The default "default subvolume" is the top-level one, but this is far from the
common practices used in the wild. For instance, openSUSE provides an OS
snapshot/rollback feature based on BTRFS. To achieve this, the actual OS root
filesystem is located into a separate subvolume which is "default" but not
"top-level". That means that the /boot/dtb/ directory is also located inside
this default subvolume instead of top-level one.
However, the existing btrfs u-boot driver always uses the top-level subvolume
as the filesystem root. This behaviour 1) is inconsistent with
mount /dev/sda1 /target
command, which mount the default subvolume 2) leads to the issues when
/boot/dtb cannot be found properly (see the reference).
This patch uses the default subvolume as the filesystem root to overcome
mentioned issues.
Reference: https://bugzilla.suse.com/show_bug.cgi?id=1185656
Signed-off-by: Matwey V. Kornilov <matwey.kornilov@gmail.com>
Fixes: f06bfcf54d ("fs: btrfs: Crossport open_ctree_fs_info() from btrfs-progs")
Reviewed-by: Qu Wenruo <wqu@suse.com>
Support for register headers in v1 images was implemented in commit
02ba70ad68 ("tools: kwbimage: Add support for DATA command also for v1
images"). So remove old comment.
Signed-off-by: Pali Rohár <pali@kernel.org>
Fixes: 02ba70ad68 ("tools: kwbimage: Add support for DATA command also for v1 images")
Reviewed-by: Stefan Roese <sr@denx.de>
image_get_csk_index() may return -1 in case of an error. Don't use this
value as index.
This resolves Coverity CID 338488
Memory - illegal accesses (NEGATIVE_RETURNS)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Pali Rohár <pali@kernel.org>
Always check the return value of fopen().
This resolves Coverity CID 338491:
Null pointer dereferences (NULL_RETURNS)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Pali Rohár <pali@kernel.org>
Disable MCU watchdog in board_late_init() instead of board_init(), so
that it is disabled after U-Boot enables SOC watchdog instead of before.
This way there is no window when the board is vulnerable.
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
When booting over UART, sending U-Boot proper may take too much time and
MCU watchdog will reset the board before U-Boot proper is loaded.
Better disable MCU watchdog in SPL when booting over UART.
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
We do not need to guard code in board_init() and board_late_init()
functions with the CONFIG_SPL_BUILD macro, since these functions are not
called in SPL.
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Move the function get_boot_device() from spl.c to cpu.c.
Make it visible, so that it may be used from other files.
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Armada 37xx serial driver does not use CONFIG_DEBUG_UART_SHIFT.
So do not define any bogus value for CONFIG_DEBUG_UART_SHIFT option in any
Armada 37xx defconfig file.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
PCIe-based NVMe SSD disks in M.2 2230/2242/2260 form-factor can be
connected to Turris Omnia mPCIe slot via passive M.2 <--> mPCIe adapter.
So enable PCIe NVMe drivers.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
SATA disks could be connected via mPCIe add-in card with PCIe-SATA
controller into Mox-B or Mox-G module.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Espressobin has one on-board SATA port which is connected directly to CPU.
More SATA disks can be connected via mPCIe add-in card with PCIe-SATA
controller.
So enable required SATA AHCI PCIe drivers in defconfig file.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
File mach/soc.h is included also in 64-bit mvebu processors, so define
Armada XP related macros only when compiling for Armada XP.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
There are already IBR_HDR_* constants for these numbers, so use them.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Part of image data is 4 byte checksum, so every image must contain at least
4 bytes. Verify it to prevent memory corruptions.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Only image versions 0 and 1 are supported. Verify it in
kwbimage_verify_header() function.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Define all standard baudrates plus 3 non-standard high speed:
3125000 4000000 5150000
3125000 matches divisor 5 with 250 MHz TCLK and divisor 4 with 200 MHz TCLK.
4000000 is the rounded value for divisor 4 with 250 MHz TCLK (3906250) and
divisor 3 with 200 MHz TCLK (4166666).
5150000 is the rounded value (5208333) for divisor 3 with 250 MHz TCLK.
Testing showed that rounded value is more stable then exactly calculated.
And it is the highest possible baudrate which is stable on A38x platform.
Any other baudrate values above 2500000 are unstable, which is reason why
e.g. standard value 3000000 is not defined, and it is needed to use
non-standard value 3125000.
Tested all defined UART baudrates on Turris Omnia (A38x with 250 MHz TCLK).
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
xilinx:
- Disable CONFIG_ARCH_FIXUP_FDT_MEMORY
- Print information about cpu via soc drivers and enable DISPLAY_CPUINFO
- Wire infrastructure for DTB_RESELECT and MULTI_DTB_FIT
zynq:
- Wire single QSPI
- Use power-source instead of io-standard properties
- Enable nor on zc770-xm012
zynqmp:
- Change handling around multi_boot()
- Setup offset for u-boot.itb in spi
- Generate run time dfu_alt_info for capsule update
- Use explicit values for enums (zynqmp_firmware.h)
- Enable RTC/SHA1/BUTTON/BUTTON_GPIO command
- Disable WDT driver by default
- Bind usb/scsi via preboot because of EFI
- DT updates/fixes
- Add soc driver
- Fix SPL SPI boot mode
versal:
- Add soc driver
sdhci:
- Update tap delay programming for zynq_sdhci driver
cmd:
- Fix RTC uclass handling in date command
- Update pwm help message
- Update reset help message
watchdog:
- Fix wwdt compilation
rtc:
- Deal with seq alias in rtc uclass
- Add zynqmp RTC driver
fdt:
- Add kernel-doc for fdt_fixup_memory_banks()
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQQbPNTMvXmYlBPRwx7KSWXLKUoMIQUCYSilpgAKCRDKSWXLKUoM
Id2JAJ9jY19JiEpOd3vuRCT5CE/pzX4yDACeP8DiXDzSi5tLHwDWUCBobUTze2s=
=5lnj
-----END PGP SIGNATURE-----
Merge tag 'xilinx-for-v2021.10-rc3' of https://gitlab.denx.de/u-boot/custodians/u-boot-microblaze
Xilinx changes for v2021.10-rc3
xilinx:
- Disable CONFIG_ARCH_FIXUP_FDT_MEMORY
- Print information about cpu via soc drivers and enable DISPLAY_CPUINFO
- Wire infrastructure for DTB_RESELECT and MULTI_DTB_FIT
zynq:
- Wire single QSPI
- Use power-source instead of io-standard properties
- Enable nor on zc770-xm012
zynqmp:
- Change handling around multi_boot()
- Setup offset for u-boot.itb in spi
- Generate run time dfu_alt_info for capsule update
- Use explicit values for enums (zynqmp_firmware.h)
- Enable RTC/SHA1/BUTTON/BUTTON_GPIO command
- Disable WDT driver by default
- Bind usb/scsi via preboot because of EFI
- DT updates/fixes
- Add soc driver
- Fix SPL SPI boot mode
versal:
- Add soc driver
sdhci:
- Update tap delay programming for zynq_sdhci driver
cmd:
- Fix RTC uclass handling in date command
- Update pwm help message
- Update reset help message
watchdog:
- Fix wwdt compilation
rtc:
- Deal with seq alias in rtc uclass
- Add zynqmp RTC driver
fdt:
- Add kernel-doc for fdt_fixup_memory_banks()
There is no space in OCM for SPL stack because the space in OCM is occupied
by TF-A. That's why move relocate stack to DDR to 0x18000000 address
and also enable SPL_SIZE_LIMIT not to be more then 0xfffea000 which is
default address for TFA.
It is good to summarize current DDR usage in SPL flow.
0-0x80000 is used for BSS
(CONFIG_SPL_BSS_START_ADDR, CONFIG_SPL_BSS_MAX_SIZE)
0x100000 is used for DTB passing address
(CONFIG_XILINX_OF_BOARD_DTB_ADDR)
0x17fffe70 - CONFIG_SPL_STACK_R_ADDR - is used for GD
0x18000000 is used for SPL stack
(CONFIG_SPL_STACK_R_ADDR)
0x20000000-0x21000000 is used for SPL malloc area
(CONFIG_SYS_SPL_MALLOC_START, CONFIG_SYS_SPL_MALLOC_SIZE)
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Use TF-A instead of ATF in description. And update generic description with
removing ATF because also configurations without it are supported.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
U-Boot support board detection at run time and based on it change DT.
This feature is implemented for SOM Kria platforms which contain two
eeproms which contain information about SOM module and CC (Carrier card).
Full U-Boot starts with minimal DT file defined by
CONFIG_DEFAULT_DEVICE_TREE which is available in multi DTB fit image.
It is using default setup of board_name variable initializaed to
DEVICE_TREE which corresponds to CONFIG_DEFAULT_DEVICE_TREE option.
When DTB_RESELECT is enabled board_detection() is called. Keep it your mind
that this code is called before relocation. board_detection() is calling
xilinx_read_eeprom() which fills board_info (xilinx_board_description)
structure which are parsed in board_name_decode().
Based on DT configuration and amount of nvmemX aliases name of the board is
composed by concatenating CONFIG_SYS_BOARD "-" <board_name> "-rev"
<board_revision> "-" <cc_name> "-rev" <cc_revision>.
If CC is not present or more are available it keeps going.
When board name is composed and returned from board_name_decode() it is
assigned to board_name variable which is used by
board_fit_config_name_match() which is called via fdtdec_setup() when it
goes over config options in multi dtb FIT image.
From practical point of view multi DTB image is key point here which has to
contain configs for detected combinations. Unfortunately as of now they
have to be full DTBs and DTBOs are not supported.
That's why configuration like:
config_X {
description = "zynqmp-board-cc";
fdt = "board", "cc";
};
needs to be squashed together with:
fdtoverlay -o zynqmp-board-cc -i arch/arm/dts/zynqmp-board.dtb \
arch/arm/dts/zynqmp-cc.dtbo
and only one dtb is in fit:
config_X {
description = "zynqmp-board-cc";
fdt = "board-cc";
};
For creating multi DTBs fit image use mkimage -E, e.g.:
mkimage -E -f all.its all.dtb
When DTB_RESELECT is enabled xilinx_read_eeprom() is called before
relocation and it uses calloc for getting a buffer. Because this is dynamic
memory it is not relocated that's why xilinx_read_eeprom() is called again
as the part of board_init(). This second read with calloc buffer placed in
proper position board_late_init_xilinx() can setup u-boot variables as
before.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
When MULTI_DTB_FIT is enabled fit-dtb.blob fit image is created which
contain all DTBs listed by CONFIG_OF_LIST. And with DTB_RELESELECT there is
a need to handle it as one file with DTBs in it not as separate DTBs in
u-boot.its/itb.
That's why extend mkimage_fit_atf.sh to generate u-boot.itb correctly.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Start of DTB should be 64bit aligned that's why also make sure that end is
also 64bit aligned. It is not required but it is nice thing to do.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Enabling MULTI_DTB_FIT and DTB_RESELECT can end up with multi DTBs in FIT
image placed and aligned only by 32bits (4bytes). Based on device tree
specification:
"Specifically, the memory reservation block shall be aligned to an 8-byte boundary
and the structure block to a 4-byte boundary."
is 64bit (8bytes) alignment required. That's why make sure that
fit-dtb.blob and u-boot.itb as our primary target images for Xilinx ZynqMP
are all 64bit aligned.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
DT needs to be 64bit aligned. If it is not fdt64_to_cpu will fail when try
to read information about reserved memory. The system ends in exception
without any clue what's going it. That's why detect not aligned DT and
panic to show where the issue is coming from.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Add support for changing DT at run time. It is done via board_detection()
which returns platform_id and platform_version which can be used via
board_name_decode() to compose board_local_name string which corresponds
with DT which is should be used.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Origin code was allocating only pointers to struct xilinx_board_description
and there was separate allocation for structure self and freeing in case of
failure.
The code is directly allocating space for all structures by one calloc to
simlify logic.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Use variable which points to DEVICE_TREE by default. The reason for this
change is to enable DTB_RESELECT and MULTI_DTB_FIT where board detection
can be used for change DTB at run time. That's why there must be reference
in board_fit_config_name_match() via variable instead of hardcoding it
which is sufficient for that use case.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
FRU spec expected \0 for unused symbols but unfortunately a lot of boards
are using spaces instead of \0. That's why after saving it to desc->name
name is checked again and all spaces are converted to \0. This will ensure
that names can be used for string manipulations like concatenation.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
dev_dbg, dev_err and dev_warn seems to be moved to different header file.
Include dm/device_compat.h file to compile properly.
Signed-off-by: Ashok Reddy Soma <ashok.reddy.soma@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>