Commit graph

5855 commits

Author SHA1 Message Date
Pali Rohár
dffeb40098 xyz-modem: Allow to cancel transfer also by CTRL+C
Currently it is possible to cancel loadx and loady commands by pressing
CTRL+X (CAN character) at least 3 times quickly.

All other U-Boot commands, including loadb and loads can be cancelled by
CTRL+C. So allow it also in xyz-modem code used by loadx and loady
commands. Implement it by handling CTRL+C (ETX character) in the same way
as CTRL+X (CAN character).

Due to how x/y-modem protocol works, it is required to press
CTRL+C or CTRL+X at least 3 times quickly.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-09-03 14:32:41 -04:00
Pali Rohár
f05d69bd0a xyz-modem: Put xyzModem_stream_close debug diagnostic message into ZM_DEBUG()
This is how all other debug / diagnostic messages are handled.

Signed-off-by: Pali Rohár <pali@kernel.org>
2021-09-03 14:32:40 -04:00
Pali Rohár
15c27a5a22 xyz-modem: Fix x-modem "xyzModem_eof error" at the end of file
In x-modem protocol EOF is not an error state at the end of file.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-09-03 14:32:40 -04:00
Pali Rohár
1e7478461b xyz-modem: Fix crash after cancelling transfer
Variable xyz.len is set to -1 on error. At the end xyzModem_stream_read()
function calls memcpy() with length from variable xyz.len. If this variable
is set to -1 then value passed to memcpy is casted to unsigned value, which
means to copy whole address space. Which then cause U-Boot crash. E.g. on
arm64 it cause CPU crash: "Synchronous Abort" handler, esr 0x96000006

Fix this issue by checking that value stored in xyz.len is valid prior
trying to use it.

Signed-off-by: Pali Rohár <pali@kernel.org>
Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-09-03 14:32:40 -04:00
Chia-Wei Wang
ca47955a66 fit: Use DM hash driver if supported
Calculate hash using DM driver if supported.
For backward compatibility, the call to legacy
hash functions is reserved.

Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
2021-09-01 19:25:37 -04:00
Michal Simek
b4c2c151b1 Kconfig: Remove all default n/no options
default n/no doesn't need to be specified. It is default option anyway.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
[trini: Rework FSP_USE_UPD portion]
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-08-31 17:47:49 -04:00
Tom Rini
d8ef01e964 Convert CONFIG_RAMBOOT_PBL et al to Kconfig
This converts the following to Kconfig:
   CONFIG_RAMBOOT_PBL
   CONFIG_SYS_FSL_PBL_PBI
   CONFIG_SYS_FSL_PBL_RCW

Signed-off-by: Tom Rini <trini@konsulko.com>
2021-08-31 17:47:49 -04:00
Tom Rini
55dabcc8f2 Convert CONFIG_SYS_I2C_LEGACY to Kconfig and add CONFIG_[ST]PL_SYS_I2C_LEGACY
First, we convert CONFIG_SYS_I2C_LEGACY to Kconfig.  Next, as you cannot
have SYS_I2C_LEGACY and DM_I2C at the same time, introduce
CONFIG_SPL_SYS_I2C_LEGACY so that we can enable the legacy option only
in SPL.  Finally, for some PowerPC cases we also need
CONFIG_TPL_SYS_I2C_LEGACY support.  Convert all of the existing users to
one or more symbols.

Signed-off-by: Tom Rini <trini@konsulko.com>
2021-08-30 14:10:07 -04:00
Tom Rini
d7d40f614d Convert CONFIG_ID_EEPROM to Kconfig
This converts the following to Kconfig:
   CONFIG_ID_EEPROM

Signed-off-by: Tom Rini <trini@konsulko.com>
2021-08-30 14:10:05 -04:00
Tom Rini
b9cb74a5aa Xilinx changes for v2021.10-rc3
xilinx:
 - Disable CONFIG_ARCH_FIXUP_FDT_MEMORY
 - Print information about cpu via soc drivers and enable DISPLAY_CPUINFO
 - Wire infrastructure for DTB_RESELECT and MULTI_DTB_FIT
 
 zynq:
 - Wire single QSPI
 - Use power-source instead of io-standard properties
 - Enable nor on zc770-xm012
 
 zynqmp:
 - Change handling around multi_boot()
 - Setup offset for u-boot.itb in spi
 - Generate run time dfu_alt_info for capsule update
 - Use explicit values for enums (zynqmp_firmware.h)
 - Enable RTC/SHA1/BUTTON/BUTTON_GPIO command
 - Disable WDT driver by default
 - Bind usb/scsi via preboot because of EFI
 - DT updates/fixes
 - Add soc driver
 - Fix SPL SPI boot mode
 
 versal:
 - Add soc driver
 
 sdhci:
 - Update tap delay programming for zynq_sdhci driver
 
 cmd:
 - Fix RTC uclass handling in date command
 - Update pwm help message
 - Update reset help message
 
 watchdog:
 - Fix wwdt compilation
 
 rtc:
 - Deal with seq alias in rtc uclass
 - Add zynqmp RTC driver
 
 fdt:
 - Add kernel-doc for fdt_fixup_memory_banks()
 -----BEGIN PGP SIGNATURE-----
 
 iF0EABECAB0WIQQbPNTMvXmYlBPRwx7KSWXLKUoMIQUCYSilpgAKCRDKSWXLKUoM
 Id2JAJ9jY19JiEpOd3vuRCT5CE/pzX4yDACeP8DiXDzSi5tLHwDWUCBobUTze2s=
 =5lnj
 -----END PGP SIGNATURE-----

Merge tag 'xilinx-for-v2021.10-rc3' of https://gitlab.denx.de/u-boot/custodians/u-boot-microblaze

Xilinx changes for v2021.10-rc3

xilinx:
- Disable CONFIG_ARCH_FIXUP_FDT_MEMORY
- Print information about cpu via soc drivers and enable DISPLAY_CPUINFO
- Wire infrastructure for DTB_RESELECT and MULTI_DTB_FIT

zynq:
- Wire single QSPI
- Use power-source instead of io-standard properties
- Enable nor on zc770-xm012

zynqmp:
- Change handling around multi_boot()
- Setup offset for u-boot.itb in spi
- Generate run time dfu_alt_info for capsule update
- Use explicit values for enums (zynqmp_firmware.h)
- Enable RTC/SHA1/BUTTON/BUTTON_GPIO command
- Disable WDT driver by default
- Bind usb/scsi via preboot because of EFI
- DT updates/fixes
- Add soc driver
- Fix SPL SPI boot mode

versal:
- Add soc driver

sdhci:
- Update tap delay programming for zynq_sdhci driver

cmd:
- Fix RTC uclass handling in date command
- Update pwm help message
- Update reset help message

watchdog:
- Fix wwdt compilation

rtc:
- Deal with seq alias in rtc uclass
- Add zynqmp RTC driver

fdt:
- Add kernel-doc for fdt_fixup_memory_banks()
2021-08-27 08:33:02 -04:00
Michal Simek
5e1a3be667 fdt_support: Add kernel-doc for fdt_fixup_memory_banks()
Add kernel-doc description for fdt_fixup_memory_banks() because it is
implemented in one specific way and this information should be available
for others to decide if their SoC conforms to it.
If you don't want U-Boot to update your memory DT layout please disable
CONFIG_ARCH_FIXUP_FDT_MEMORY.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-08-26 08:08:11 +02:00
Alexandru Gagniuc
61416fe9df Kconfig: FIT_SIGNATURE should not select RSA_VERIFY
FIT signatures can now be implemented with ECDSA. The assumption that
all FIT images are signed with RSA is no longer valid. Thus, instead
of 'select'ing RSA, only 'imply' it. This doesn't change the defaults,
but allows one to explicitly disable RSA support.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-08-16 10:49:35 +02:00
John Keeping
8edecd3110 fit: Fix verification of images with external data
The "-E" option to mkimage generates a FIT with external data using the
data-size and data-offset properties which must both be ignored when
verifying a signature.

Add "data-offset" to the list of excluded properties for signature
verification; since the line is now too long, re-format the list to
one-per-line and make it static since the data is constant.

Signed-off-by: John Keeping <john@metanate.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-08-04 15:57:13 -04:00
Simon Glass
0b1284eb52 global: Convert simple_strtoul() with decimal to dectoul()
It is a pain to have to specify the value 10 in each call. Add a new
dectoul() function and update the code to use it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-02 13:32:14 -04:00
Simon Glass
7e5f460ec4 global: Convert simple_strtoul() with hex to hextoul()
It is a pain to have to specify the value 16 in each call. Add a new
hextoul() function and update the code to use it.

Add a proper comment to simple_strtoul() while we are here.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-02 13:32:14 -04:00
Simon Glass
031725f8cd hash: Ensure verification hex pairs are terminated
This function seems to assume that the chr[] variable contains zeros at
the start, which is not always true. Use strlcpy() to be safe.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-02 13:31:32 -04:00
Simon Glass
cb8970092f sandbox: Reduce keyed autoboot delay
The autoboot tests are a recent addition to U-Boot, providing much-needed
coverage in this area.

A side effect of the keyed autoboot test is that this feature is enabled
in sandbox always. This changes the autoboot prompt and confuses the
pytests. Some tests become slower, for example the vboot tests take about
27s now instead of 3s.

We don't actually need this feature enabled to be able to run the tests.
Add a switch to allow sandbox to turn it on and off as needed. Use this
in the one test that needs it.

Add a command-line flag in case this is desired in normal use.

Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: 25c8b9f298 ("test: add first autoboot unit tests")
Reviewed-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2021-08-01 09:05:24 -06:00
Tim Harvey
c03cb02230 common: board_r: print error if binman_init fails
Display an error if binman_init fails.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2021-08-01 09:05:24 -06:00
Pali Rohár
2226ca1734 arm: mvebu: Load U-Boot proper binary in SPL code based on kwbimage header
Now that proper load and execution addresses are set in v1 kwbimage we
can use it for loading and booting U-Boot proper.

Use the new spl_parse_board_header() function to implement parsing the
kwbimage v1 header. Use information from this header to locate offset and
size of the U-Boot proper binary, instead of using the legacy U-Boot
header which is prepended to the U-Boot proper binary stored at fixed
offset. This has the advantage that we do not need to relay on legacy
U-Boot header anymore and therefore U-Boot proper binary can be stored at
any offset, as is the case when loading & booting U-Boot proper by
BootROM. The CONFIG_SYS_U_BOOT_OFFS option is therefore not used by SPL
code anymore.

Also allow to compile U-Boot SPL without CONFIG_SPL_SPI_FLASH_SUPPORT,
CONFIG_SPL_MMC_SUPPORT or CONFIG_SPL_SATA_SUPPORT set. In this case
BootROM is used for loading and executing U-Boot proper. This reduces the
size of U-Boot's SPL image. By default these config options are enabled
and so BootROM loading is not used. In some cases BootROM reads from SPI
NOR at lower speed than U-Boot SPL. So people can decide whether they
want to have smaller SPL binary at the cost of slower boot.

Therefore dependency on CONFIG_SPL_DM_SPI, CONFIG_SPL_SPI_FLASH_SUPPORT,
CONFIG_SPL_SPI_LOAD, CONFIG_SPL_SPI_SUPPORT, CONFIG_SPL_DM_GPIO,
CONFIG_SPL_DM_MMC, CONFIG_SPL_GPIO_SUPPORT, CONFIG_SPL_LIBDISK_SUPPORT,
CONFIG_SPL_MMC_SUPPORT, CONFIG_SPL_SATA_SUPPORT and
CONFIG_SPL_LIBDISK_SUPPORT is changed from strict to related "imply"
(which can be selectivelly turned off and causes booting via BootROM).

Options CONFIG_SYS_SPI_U_BOOT_OFFS,
CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR and
CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_DATA_PART_OFFSET have to to be set to
zero as they define the location where kwbimage header starts. It is the
location where BootROM expects start of the kwbimage from which it reads,
parses and executes SPL part. The same applies to option
CONFIG_SPL_SATA_RAW_U_BOOT_SECTOR, which has to be set to one.

Update all config files to set correct values of these options and set
CONFIG_SYS_U_BOOT_OFFS to the correct value - the offset where U-Boot
proper starts.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-07-31 09:59:58 +02:00
Pali Rohár
9baab60b80 SPL: Add support for parsing board / BootROM specific image types
Platform specific BootROM may use its own image type for loading SPL or
U-Boot proper. In some cases it makes sense to not use BootROM supplied
code for booting U-Boot proper but rather to use U-Boot SPL for this,
e.g. when U-Boot SPL can load U-Boot proper faster than BootROM. In this
case it is required for platform board code to parse and load U-Boot in
BootROM specific image type.

This change adds support for parsing platform / board / BootROM specific
image types via weak function spl_parse_board_header() which is called
before marking boot image as a raw.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-07-31 09:49:32 +02:00
Pali Rohár
5fce287556 SPL: Add support for specifying offset between header and image
Some image types (e.g. kwbimage v1) store the offset to SPL binary and
offset to U-Boot proper binary in their headers. To avoid reading SPL
binary when loading U-Boot proper, add support for specifying offset in
struct spl_image_info, which defines the offset from the beginning of
the header and the beginning of the executable data.

Initial support is added only for SPI, MMC and SATA code. We can extend
it later if needed.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-07-31 09:49:32 +02:00
Simon Glass
975e7cf301 i2c: Rename SPL/TPL_I2C_SUPPORT to I2C
Rename these options so that CONFIG_IS_ENABLED can be used with them.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heiko Schocher <hs@denx.de>
2021-07-28 14:29:37 -04:00
Simon Glass
69d9eda4da i2c: Rename CONFIG_SYS_I2C to CONFIG_SYS_I2C_LEGACY
It is quite confusing that CONFIG_SYS_I2C selects the legacy I2C and
CONFIG_DM_I2C selects the current I2C. The deadline to migrate I2C is less
than a year away.

Also we want to have a CONFIG_I2C for U-Boot proper just like we have
CONFIG_SPL_I2C for SPL, so we can simplify the Makefile rules.

Rename this symbol so it is clear it is going away.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heiko Schocher <hs@denx.de>
2021-07-28 14:29:37 -04:00
Simon Glass
9ca00684db Rename DRIVERS_MISC_SUPPORT to DRIVERS_MISC
Rename these options so that CONFIG_IS_ENABLED can be used with them.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-07-28 14:29:37 -04:00
Simon Glass
83061dbd1c Rename GPIO_SUPPORT to GPIO
Rename these options so that CONFIG_IS_ENABLED can be used with them.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-07-28 14:29:36 -04:00
Simon Glass
333e4a621d Rename SPL_USB_HOST_SUPPORT to SPL_USB_HOST
Rename this option so that CONFIG_IS_ENABLED can be used with it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-07-28 14:27:54 -04:00
Simon Glass
078111b9c0 Rename SPL_WATCHDOG_SUPPORT to SPL_WATCHDOG
Rename this option so that CONFIG_IS_ENABLED can be used with it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-07-28 14:27:54 -04:00
Simon Glass
89ddb0bfeb Rename SPL_MUSB_NEW_SUPPORT to SPL_MUSB_NEW
Rename this option so that CONFIG_IS_ENABLED can be used with it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-07-28 14:27:54 -04:00
Simon Glass
f2d7a36ec2 Rename SPL_ETH_SUPPORT to SPL_ETH
Rename this option so that CONFIG_IS_ENABLED can be used with it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-07-28 14:27:54 -04:00
Simon Glass
0c6bdbb97c Rename SPL_CRYPTO_SUPPORT to SPL_CRYPTO
Rename this option so that CONFIG_IS_ENABLED can be used with it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-07-28 14:27:54 -04:00
Simon Glass
933b2f09cb Rename SPL_POWER_SUPPORT to SPL_POWER
Rename this option so that CONFIG_IS_ENABLED can be used with it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
2021-07-28 14:27:54 -04:00
Alexandru Gagniuc
a25d6b65c2 spl: Introduce spl_board_prepare_for_optee() hook
OP-TEE requires some particular setup, which is not needed for linux
or other payloads. Add a hook for platform-specific code to perform
any OP-TEE related configuration and initialization.

A weak function is used because it is symmetrical to other
spl_board_prepare_for_*() implementations. A solution to avoid the use
of weak functions would trivially apply to all these implementations.
However, re-designing this is beyond the scope of this patch.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-07-27 09:47:40 +02:00
Alexandru Gagniuc
5f6e5c37c6 spl: mmc: Support OP-TEE payloads in Falcon mode
In general, Falcon mode means we're booting a linux kernel directly.
With FIT images, however, an OP-TEE secure kernel can be booted before
linux. Thus, if the next stage is an IH_OS_TEE, this isn't necessarily
a problem.

Of course, a general solution would involve mmc_load_image_raw_os()
only loading the binary, and leaving the decision of suitability to
someone else. However, a rework of the boot flow is beyond the scope
of this patch. Accept IH_OS_TEE as a valid OS value.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-07-27 09:47:40 +02:00
Steffen Jaeckel
25c8b9f298 test: add first autoboot unit tests
This adds tests for the crypt-based and plain SHA256-based password hashing
algorithms in the autoboot flow.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-23 13:36:20 -04:00
Steffen Jaeckel
33198740ac common: add support to fallback to plain SHA256
In case crypt-based hashing is enabled this will be the default mechanism
that is used. If a user wants to have support for both, the environment
variable `bootstopusesha256` can be set to `true` to allow plain SHA256
based hashing of the password.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-23 13:36:20 -04:00
Steffen Jaeckel
d199c3ab1c common: add AUTOBOOT_FLUSH_STDIN option
The key-sequence based unlock mechanisms are sensitive to junk symbols
that could have been sent to stdin and are still waiting to be retrieved.
Enabling this option will read all symbols off stdin before displaying the
autoboot prompt (and starting to read the password from stdin).

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-23 13:36:20 -04:00
Steffen Jaeckel
6c0ce6d3ca common: allow disabling of timeout for password entry
In case a user has to enter a complicated password it is sometimes
desireable to give the user more time than the default timeout.
Enabling this feature will disable the timeout entirely in case the user
presses the <Enter> key before entering any other character.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-23 13:36:20 -04:00
Steffen Jaeckel
1b2d68033b common: Rename macro appropriately
While doing code-review internally this got nitpicked by 2 reviewers, so
I decided to include this here.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heiko Schocher <hs@denx.de>
2021-07-23 13:36:20 -04:00
Steffen Jaeckel
1a4a778666 common: integrate crypt-based passwords
Hook into the autoboot flow as an alternative to the existing
mechanisms.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heiko Schocher <hs@denx.de>
2021-07-23 13:36:20 -04:00
Tom Rini
55adabbbfc Kconfig.boot: Make 0x0 the default SYS_TEXT_BASE for POSITION_INDEPENDENT
When we build U-Boot with POSITION_INDEPENDENT we must have
SYS_TEXT_BASE be set to zero.  Make this the default in that case.

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
2021-07-23 07:13:25 -04:00
John Keeping
650bf008e5 fit: Allow external data for FDTs
Switch to fit_image_get_data_and_size() for consistency with all other
data loaded from FIT.

Signed-off-by: John Keeping <john@metanate.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-23 07:13:25 -04:00
John Keeping
674afa6b35 spl: use CONFIG_IS_ENABLED(LOAD_FIT_FULL)
It's possible that LOAD_FIT_FULL will have different values for TPL and
SPL, in which case just checking CONFIG_SPL_LOAD_FIT_FULL causes this to
be compiled in to the TPL even though functions and struct members it
depends on are not.

Use CONFIG_IS_ENABLED() to ensure the correct TPL/SPL variant is
checked.

Signed-off-by: John Keeping <john@metanate.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-23 07:13:24 -04:00
Simon Glass
72fa1ad8d9 log: Allow padding of the function name
At present when function names are logged, the output is a little hard to
read since every function is a different length. Add a way to pad the
names so that the log messages line up vertically. This doesn't work if
the function name is very long, but it makes a big difference in most
cases.

Use 20 characters as a default since this covers the vast majority of
functions.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-07-21 10:27:35 -06:00
Simon Glass
7d84fbb573 spl: Provide more information on boot failure
If SPL fails to boot, try to provide an error code to indicate what is
wrong. For example, if a uclass is missing, this can return -EPFNOSUPPORT
(-96) which provides useful information.

Add a helper for accessing the image-loader name so we can drop the use
of #ifdefs in this code.

Put this feature behind a CONFIG_SHOW_ERRORS option to avoid increasing
the code size.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-07-21 10:27:35 -06:00
Simon Glass
1ac9c4cef5 image: Allow @ in node names when not using signatures
If signature verification is not in use we don't need to worry about
the risk of using @ in node names. Update fit_image_verify() to allow
it if the function is not enabled.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-07-21 10:27:34 -06:00
Simon Glass
1f618d528e bloblist: Correct condition in bloblist_addrec()
It is possible to add a blob that ends at the end of the bloblist, but at
present this is not supported. Fix it and add a regression test for this
case.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-07-21 10:27:34 -06:00
Simon Glass
1fe5937549 bloblist: Support resizing a blob
Sometimes a blob needs to expand, e.g. because it needs to hold more log
data. Add support for this. Note that the bloblist must have sufficient
spare space for this to work.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-07-21 10:27:34 -06:00
Simon Glass
ecc1ed912e sandbox: Adjust the bloblist default address
Move this down to provide more space for the bloblist.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-07-21 10:27:34 -06:00
Tom Rini
f929ce5072 Merge branch '2021-07-16-cleanup-image-support'
- A large rework of the logic around supporting various image
  types/formats and sharing between the host and target.
2021-07-17 11:39:50 -04:00
Tom Rini
d5dbc661c3 i.MX
----
 
 - mx7ulp : fix  WDOG
 - imx8 : Phytec
 - USB3 support for i.MX8
 
 CI: https://source.denx.de/u-boot/custodians/u-boot-imx/-/pipelines/8277
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQS2TmnA27QKhpKSZe309WXkmmjvpgUCYPLjyA8cc2JhYmljQGRl
 bnguZGUACgkQ9PVl5Jpo76aBtgCfUI2SbFwh7oydllrwb0lEvWegfNcAn1JpR3Zn
 H41xrXQqCBedYKxvuUUL
 =5wvR
 -----END PGP SIGNATURE-----

Merge tag 'u-boot-imx-20210717' of https://gitlab.denx.de/u-boot/custodians/u-boot-imx

i.MX
----

- mx7ulp : fix  WDOG
- imx8 : Phytec
- USB3 support for i.MX8

CI: https://source.denx.de/u-boot/custodians/u-boot-imx/-/pipelines/8277
2021-07-17 10:52:21 -04:00
Alexandru Gagniuc
b9826bf0c1 image: Add support for relocating crypto_algos in linker lists
Function pointers from crypto_algos array are relocated, when
NEEDS_MANUAL_RELOC is set. This relocation doesn't happen if the algo
is placed in a linker list. Implement this relocation.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Michal Simek <michal.simek@xilinx.com>
2021-07-16 15:39:29 -04:00
Alexandru Gagniuc
24cee49fcc image: image-sig.c: Remove crypto_algos array
Crytographic algorithms (currently RSA), are stored in linker lists.
The crypto_algos array is unused, so remove it, and any logic
associated with it.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-16 15:39:28 -04:00
Alexandru Gagniuc
6909edb4ce image: rsa: Move verification algorithm to a linker list
Move the RSA verification crytpo_algo structure out of the
crypto_algos array, and into a linker list.

Although it appears we are adding an #ifdef to rsa-verify.c, the gains
outweigh this small inconvenience. This is because rsa_verify() is
defined differently based on #ifdefs. This change allows us to have
a single definition of rsa_verify().

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-16 15:38:49 -04:00
Alexandru Gagniuc
0980164b13 image: Add support for placing crypto_algo in linker lists
The purpose of this change is to enable crypto algorithms to be placed
in linker lists, rather than be declared as a static array. The goal
is to remove the crypto_algos array in a subsequent patch.

Create a new linker list named "cryptos", and search it when
image_get_crypto_algo() is invoked.

NOTE that adding support for manual relocation of crypto_algos within
linker lists is beyond the scope of this patch.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-16 12:58:56 -04:00
Alexandru Gagniuc
cab22c8890 common: image-sig.c: Remove host-specific logic and #ifdefs
Remove any ifdefs in image-sig.c that were previously used to
differentiate from the host code. Note that all code dedicated to
relocating ->sign() and ->add_verify_data)_ can be safely removed,
as signing is not supported target-side.

NOTE that although it appears we are removing ecdsa256 support, this
is intentional. ecdsa_verify() is a no-op on the target, and is
currently only used by host code.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-16 12:58:55 -04:00
Simon Glass
70c1c8927e image: Drop IMAGE_ENABLE_BEST_MATCH
This is not needed with Kconfig, since we can use IS_ENABLED() easily
enough. Drop it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-07-16 12:58:55 -04:00
Simon Glass
14f061dcb1 image: Drop IMAGE_ENABLE_SHAxxx
We already have a host Kconfig for these SHA options. Use
CONFIG_IS_ENABLED(SHAxxx) directly in the code shared with the host build,
so we can drop the unnecessary indirections.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-07-16 12:58:55 -04:00
Simon Glass
0ad75696d0 image: Drop IMAGE_ENABLE_SHA1
We already have a host Kconfig for SHA1. Use CONFIG_IS_ENABLED(SHA1)
directly in the code shared with the host build, so we can drop the
unnecessary indirection.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-07-16 12:58:55 -04:00
Simon Glass
4b00fd1a84 Kconfig: Rename SPL_MD5_SUPPORT to SPL_MD5
Drop the _SUPPORT suffix so we can use CONFIG_IS_ENABLED() with this
option.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-07-16 12:58:55 -04:00
Simon Glass
1e52db6799 Kconfig: Rename SPL_CRC32_SUPPORT to SPL_CRC32
Drop the _SUPPORT suffix so we can use CONFIG_IS_ENABLED() with this
option.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-07-16 12:58:55 -04:00
Simon Glass
ad74aed11e image: Rename CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
Drop the ENABLE and SUPPORT parts of this, which are redundant.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-07-16 12:58:55 -04:00
Simon Glass
f5bc9c25f3 image: Rename SPL_SHAxxx_SUPPORT to SPL_FIT_SHAxxx
These option are named inconsistently with other SPL options, thus making
them incompatible with the CONFIG_IS_ENABLED() macro. Rename them.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-07-16 12:58:55 -04:00
Simon Glass
0003b8ada9 image: Shorten FIT_ENABLE_SHAxxx_SUPPORT
The ENABLE part of this name is redundant, since all boolean Kconfig
options serve to enable something. The SUPPORT part is also redundant
since Kconfigs can be assumed to enable support for something. Together
they just serve to make these options overly long and inconsistent
with other options.

Rename FIT_ENABLE_SHAxxx_SUPPORT to FIT_SHAxxx

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-07-16 12:58:55 -04:00
Stephan Gerhold
bc599042d4 image: android: Automatically detect more compression types
At the moment android_image_get_kcomp() can automatically detect
LZ4 compressed kernels and the compression specified in uImages.
However, especially on ARM64 Linux is often compressed with GZIP.
Attempting to boot an Android image with a GZIP compressed kernel
image currently results in a very strange crash, e.g.

  Starting kernel ...
  "Synchronous Abort" handler, esr 0x02000000
   ...
  Code: 5555d555 55555d55 555f5555 5d555d55 (00088b1f)

Note the 1f8b, which are the "magic" bytes for GZIP images.

U-Boot already has the image_decomp_type() function that checks for
the magic bytes of bzip2, gzip, lzma and lzo. It's easy to make use
of it here to increase the chance that we do the right thing and the
user does not become confused with strange crashes.

This allows booting Android boot images that contain GZIP-compressed
kernel images.

Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
2021-07-15 19:06:49 -04:00
Marek Vasut
4c531d9f58 fit: Load DTO into temporary buffer and ignore load address
The current fitImage DTO implementation expects each fitImage image
subnode containing DTO to have 'load' property, pointing somewhere
into memory where the DTO will be loaded. The address in the 'load'
property must be different then the base DT load address and there
must be sufficient amount of space between those two addresses.
Selecting and using such hard-coded addresses is fragile, error
prone and difficult to port even across devices with the same SoC
and different DRAM sizes.

The DTO cannot be applied in-place because fdt_overlay_apply_verbose()
modifies the DTO when applying it onto the base DT, so if the DTO was
used in place within the fitImage, call to fdt_overlay_apply_verbose()
would corrupt the fitImage.

Instead of copying the DTO to a specific hard-coded load address,
allocate a buffer, copy the DTO into that buffer, apply the DTO onto
the base DT, and free the buffer.

The upside of this approach is that it is no longer necessary to
select and hard-code specific DTO load address into the DTO. The
slight downside is the new malloc()/free() overhead for each DTO,
but that is negligible (*).

(*) on iMX8MM/MN and STM32MP1

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Pantelis Antoniou <pantelis.antoniou@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: Add <linux/sizes.h>]
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-07-15 19:06:37 -04:00
Marek Vasut
93e310c3a6 board-info: Call sysinfo_detect() before sysinfo_get_str()
The sysinfo_get_str() implementation checks whether the sysinfo was even
detected. In U-Boot proper, sysinfo_detect() is not called anywhere but
on one specific board. Call sysinfo_detect() before sysinfo_get_str() to
make sure the sysinfo is detected and sysinfo_get_str() returns valid
value instead of -EPERM.

Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-14 16:48:00 -04:00
Marek Vasut
10f3e157e8 board-info: Use sysinfo_get()
Replace uclass_first_device_err(UCLASS_SYSINFO, &dev) with sysinfo_get(&dev).
The board_info code may use sysinfo to print board information, so use the
sysinfo functions consistently. The sysinfo_get() is internally implemented
as return uclass_first_device_err(UCLASS_SYSINFO, &dev) anyway, so there is
no functional change.

Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-14 16:47:59 -04:00
Marek Vasut
9b19159174 spl: mmc: Factor out eMMC boot partition selection code
Factor out eMMC boot partition selection code into
default_spl_mmc_emmc_boot_partition() function and implement
weak spl_mmc_emmc_boot_partition(), so that architecture or
board code can override the eMMC boot partition selection.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Faiz Abbas <faiz_abbas@ti.com>
Cc: Harald Seiler <hws@denx.de>
Cc: Lokesh Vutla <lokeshvutla@ti.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Ye Li <ye.li@nxp.com>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
2021-07-10 18:12:42 +02:00
Tom Rini
7e58a3a148 various minor sandbox improvements
-----BEGIN PGP SIGNATURE-----
 
 iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAmDkhxURHHNqZ0BjaHJv
 bWl1bS5vcmcACgkQfxc6PpAIreYqMAf+MBQMxpB5+W1k7mkoDKnbuh2oquEKwRkM
 pE8O/Svk6FJDdi3wYS2bMasxa9V2QgTDmih3wVnWBTY6bIJiH130dyWhhS3HuUdY
 E1P0OZIdcGGz+yR5RPCRn+zk+ULLlpgQymVYN/ltj+yQsXekNDwnIu70Gm0odQ9Z
 fjBytQLEU9lzBvQMA4rjBx2V6hVhedEosaoUcf/O9VLNg36p+okv709y6keLi6g8
 oBYe939Iq/K5elPc6WpKeTU/CiOWUg+0nNuimvWKe0laVkbMjRycxL/vMNutaY9S
 PAwtwJTsHxqz6FmLHSQTUM3n2gY14sfHR2eBkKJWIGUw57/tpZ1CnQ==
 =pXw2
 -----END PGP SIGNATURE-----

Merge tag 'dm-pull-6jul21' of https://source.denx.de/u-boot/custodians/u-boot-dm

various minor sandbox improvements
2021-07-07 13:34:42 -04:00
Tom Rini
cb80ff20f2 bootstage: Eliminate when not enabled
When we do not have bootstage enabled, rather than include an empty
dummy function, we just don't reference it.  This saves us space in some
tight builds.  This also shows a few cases where show_boot_progress was
incorrectly guarded before.

Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-07-07 10:17:54 -04:00
Heinrich Schuchardt
3c9fc23c44 sandbox: don't refer to symbol _init
GCC provides a symbol _init in crti.o on x86_64 and aarch64 but not on
RISC-V. The following lines leads to a build error for sandbox_defconfig on
RISC-V due to the missing symbol:

    common/board_f.c:269:
    #elif defined(CONFIG_SANDBOX) || defined(CONFIG_EFI_APP)
            gd->mon_len = (ulong)&_end - (ulong)_init;

The sandbox code is not copied into the memory allocated using mmap().
Hence we can safely use gd->mon_len = 0 to avoid the reference to _init.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Rick Chen <rick@andestech.com>
2021-07-06 10:38:03 -06:00
Tom Rini
6194b45a83 Merge branch 'next' 2021-07-05 11:20:30 -04:00
Da Xue
760d2f9e9e autoboot: fix MENUKEY
replace CONFIG_AUTOBOOT_USE_MENUKEY with CONFIG_AUTOBOOT_MENUKEY

Signed-off-by: Da Xue <da@libre.computer>
2021-07-02 15:03:53 -04:00
Tom Rini
6b69f15fd6 Xilinx changes for v2021.10
clk:
 - Add driver for Xilinx Clocking Wizard IP
 
 fdt:
 - Also record architecture in /fit-images
 
 net:
 - Fix plat/priv data handling in axi emac
 - Add support for 10G/25G speeds
 
 pca953x:
 - Add missing dependency on i2c
 
 serial:
 - Fix dependencies for DEBUG uart for pl010/pl011
 - Add setconfig option for cadence serial driver
 
 watchdog:
 - Add cadence wdt expire now function
 
 zynq:
 - Update DT bindings to reflect the latest state and descriptions
 
 zynqmp:
 - Update DT bindings to reflect the latest state and descriptions
 - SPL: Add support for ECC DRAM initialization
 - Fix R5 core 1 handling logic
 - Enable firmware driver for mini configurations
 - Enable secure boot, regulators, wdt
 - Add support xck devices and 67dr
 - Add psu init for sm/smk-k26 SOMs
 - Add handling for MMC seq number via mmc_get_env_dev()
 - Handle reserved memory locations
 - Add support for u-boot.itb generation for secure OS
 - Handle BL32 handoffs for secure OS
 - Add support for 64bit addresses for u-boot.its generation
 - Change eeprom handling via nvmem aliases
 -----BEGIN PGP SIGNATURE-----
 
 iF0EABECAB0WIQQbPNTMvXmYlBPRwx7KSWXLKUoMIQUCYN105QAKCRDKSWXLKUoM
 IZiFAJ9CIiEpHiBbnAhA0VOMGoaXHGULywCdED/5dNgVtc1C7y4avzETbEyWzD4=
 =CdMa
 -----END PGP SIGNATURE-----

Merge tag 'xilinx-for-v2021.10' of https://source.denx.de/u-boot/custodians/u-boot-microblaze into next

Xilinx changes for v2021.10

clk:
- Add driver for Xilinx Clocking Wizard IP

fdt:
- Also record architecture in /fit-images

net:
- Fix plat/priv data handling in axi emac
- Add support for 10G/25G speeds

pca953x:
- Add missing dependency on i2c

serial:
- Fix dependencies for DEBUG uart for pl010/pl011
- Add setconfig option for cadence serial driver

watchdog:
- Add cadence wdt expire now function

zynq:
- Update DT bindings to reflect the latest state and descriptions

zynqmp:
- Update DT bindings to reflect the latest state and descriptions
- SPL: Add support for ECC DRAM initialization
- Fix R5 core 1 handling logic
- Enable firmware driver for mini configurations
- Enable secure boot, regulators, wdt
- Add support xck devices and 67dr
- Add psu init for sm/smk-k26 SOMs
- Add handling for MMC seq number via mmc_get_env_dev()
- Handle reserved memory locations
- Add support for u-boot.itb generation for secure OS
- Handle BL32 handoffs for secure OS
- Add support for 64bit addresses for u-boot.its generation
- Change eeprom handling via nvmem aliases
2021-07-01 08:57:23 -04:00
Tom Rini
6d0453d889 Prepare v2021.07-rc5
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmDaJXgACgkQFHw5/5Y0
 tyySmwwAkW7GVAv+bXSd+8u1IsScl0QrSCoBdfHpdMcAME3gZmXqxClxskfbYJR/
 3IByQFlsn7j8HruR/49+etk0i0Pc4HNfynTLuAy+77/lh+h3Pnru/VPBhQqR7KW0
 NN5STn91QWLl74vRmx5wmEfSMhg7LTE1US8Rh6UXAd2dAiPd+hUawIR9D0Pq5Gzm
 nn7HvamDYspFUgSYYl8h1RtRQ9VqAFpnnPphpLkvX6323uCQwccXu5pnj1fLfGfj
 iO2Q+bDcwpEdUosox/LM1BdMoaSA+opOjk/e72y9V84+Jk6D+Jn5zQEpF5TJnTyI
 Yi2+NuJWS5xFWk1dnJrbGt0HpWM2oO12dZZ7eYy/FdsPJiWAS0ppRuxHVb868vjD
 ulca7acFPUjGyo3vBw1S0iVmPCBFGHBoyg3QLrUHYbpISeBeoa2w2cDxQl90ahw/
 TgRx+yutKfwkBPfILwDylNOgCGRwvLfroRyMEMiQ3gTSOCBmBX/yMv1k8tb9ZvPZ
 /WVsK6dw
 =F7x1
 -----END PGP SIGNATURE-----

Merge tag 'v2021.07-rc5' into next

Prepare v2021.07-rc5

# gpg: Signature made Mon 28 Jun 2021 03:39:36 PM EDT
# gpg:                using RSA key 1A3C7F70E08FAB1707809BBF147C39FF9634B72C
# gpg: Good signature from "Thomas Rini <trini@konsulko.com>" [ultimate]

# Conflicts:
#	configs/am64x_evm_r5_defconfig
2021-06-28 16:22:13 -04:00
Heinrich Schuchardt
5ad9220bf7 malloc: add SPDX license identifiers
The original code is in the public domain. Licenses/README states that the
general license for U-Boot is GPL 2.0+. So we can mark the malloc code as
GPL 2.0+ too.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-06-23 08:45:03 -04:00
Michal Simek
be2d1a87c7 spl: fit: Also record architecture in /fit-images
On ARM64 secure OS can run as 64bit or 32bit that's why it is necessary to
record information about architecture that other code can read it and
properly pass it to TF-A and start in 64bit or 32bit mode.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-06-23 09:48:36 +02:00
Da Xue
5a87df8380 autoboot: fix typos of CONFIG_AUTOBOOT_USE_MENUKEY
Replace typo CONFIG_USE_AUTOBOOT_MENUKEY with
CONFIG_AUTOBOOT_USE_MENUKEY as when they were introduced initially there
was some mismatch in which name was used where.

Fixes: 8fc31e23aa ("autoboot: Rename CONFIG_MENUKEY to CONFIG_AUTOBOOT_MENUKEY")
Signed-off-by: Da Xue <da@libre.computer>
2021-06-22 14:01:22 -04:00
Lokesh Vutla
481d394e77 common: fit: Update board_fit_image_post_process() to pass fit and node_offset
board_fit_image_post_process() passes only start and size of the image,
but type of the image is not passed. So pass fit and node_offset, to
derive information about image to be processed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>
2021-06-11 16:34:52 +05:30
Simon Glass
58b4b7133a log: Add support for logging a buffer
The print_buffer() function is very useful for debugging. Add a version
of this in the log system also.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-06-08 11:39:09 -04:00
Simon Glass
c1a2bb4f83 console: Report an error when output buffer is exhausted
If the console output buffer is exhausted, characters are silently dropped
from the end. Detect this condition and report an error when reading back
the characters.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-06-08 11:39:09 -04:00
Patrick Delaunay
f46959cef4 image-fdt: save no-map parameter of reserve-memory
Save the 'no-map' information present in 'reserved-memory' node to allow
correct handling when the MMU is configured in board to avoid
speculative access.

This binding is defined in
doc/device-tree-bindings/reserved-memory/reserved-memory.txt

Additional properties:
...
no-map (optional) - empty property
    - Indicates the operating system must not create a virtual mapping
      of the region as part of its standard mapping of system memory,
      nor permit speculative access to it under any circumstances other
      than under the control of the device driver using the region.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-06-07 10:48:40 -04:00
Green Wan
70415e1e52 board: sifive: add HiFive Unmatched board support
Add defconfig and board support for HiFive Unmatched.

Signed-off-by: Green Wan <green.wan@sifive.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Rick Chen <rick@andestech.com>
2021-05-31 16:35:55 +08:00
Alexandru Gagniuc
ec0512b173 Revert "lib: introduce HASH_CALCULATE option"
When we think of Kconfig, we usually think of features that we like
to enable or not. Ideally, we wouldn't use Kconfig to fix a build
issue, although sometimes it might make sense. With Kconfig it's hard
to guarantee that the fix is universal. We can only say that it works
for the set of tested configurations. In the majority of cases, it's
preferable to let the linker figure things out for us.

The reverted commit attempted to fix a build issue by adding an
invisible Kconfig option. This is wrong in several ways:

It invents a new Kconfig variable when CONFIG_HASH already
exists for the same purpose.
Second, hash-checksum.c makes use of the hash_progressive_lookup_algo()
symbol, which is only provided with CONFIG_HASH, but this dependency
was not expressed in the reverted patch.

It feels like Kconfig is turning into a listing of all available
source files, and a buffet to 'select' which ones to compile. The
purpose of this revert is to enable the next change to make use of
CONFIG_HASH instead of adding to Kconfig.

This reverts commit 87316da05f.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Acked-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-05-28 16:17:01 +02:00
Michal Simek
ce869b55f8 spl: Kconfig: Use tabs instead of space for alignment
A lot of entries were using spaces instead of tab for alignment that's why
it is good to fix it to use the same style everywhere.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-05-26 17:26:07 -04:00
Bin Meng
84dee33ca8 riscv: Drop USE_SPL_FIT_GENERATOR
Now that we have switched to binman to generate u-boot.itb for all
RISC-V boards, USE_SPL_FIT_GENERATOR is no longer needed and can
be dropped.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-05-19 17:01:51 +08:00
Bin Meng
6e847f6d5d common: kconfig: Correct a typo in SPL_LOAD_FIT
It should be FDT, not FTD.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Rick Chen <rick@andestech.com>
2021-05-19 17:01:49 +08:00
Tom Rini
428bec7cf9 Merge branch '2021-05-17-assorted-fixes' 2021-05-18 14:17:54 -04:00
Masahisa Kojima
87316da05f lib: introduce HASH_CALCULATE option
Build error occurs when CONFIG_EFI_SECURE_BOOT or
CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled,
because hash-checksum.c is not compiled.

Since hash_calculate() implemented in hash-checksum.c can be
commonly used aside from FIT image signature verification,
this commit itroduces HASH_CALCULATE option to decide
if hash-checksum.c shall be compiled.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-05-18 12:36:13 +02:00
Heinrich Schuchardt
e2ae483c3b hash: Kconfig option for SHA512 hardware acceleration
Commit a479f103dc ("hash: Allow for SHA512 hardware implementations")
defined function definitions for hardware accelerated SHA384 and SHA512.
If CONFIG_SHA_HW_ACCEL=y, these functions are used.

We already have boards using CONFIG_SHA_HW_ACCEL=y but none implements the
new functions hw_sha384() and hw_sha512().

For implementing the EFI TCG2 protocol we need SHA384 and SHA512. The
missing hardware acceleration functions lead to build errors on boards like
peach-pi_defconfig.

Introduce a new Kconfig symbol CONFIG_SHA512_HW_ACCEL to control if the
functions hw_sha384() and hw_sha512() shall be used to implement the SHA384
and SHA512 algorithms.

Fixes: a479f103dc ("hash: Allow for SHA512 hardware implementations")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Reviewed-by: Simon Glass <sjg@chromium.org>
2021-05-18 12:36:12 +02:00
peng.wang@smartm.com
6c353b34cf cli: slighly more clear error messages
This patch tries to distinguish two error messages.

Signed-off-by: peng.wang@smartm.com <peng.wang@smartm.com>
2021-05-17 17:06:42 -04:00
Kory Maincent
bbdbcaf59d fdt_support: move fdt_valid from cmd_fdt.c to fdt_support.c
Move the fdt_valid function to fdt_support.
This changes allow to be able to test the validity of a devicetree in
other c files.

Update code syntax.

Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Maxime Ripard <maxime@cerno.tech>
2021-05-13 07:19:34 -04:00
Dario Binacchi
a47abd7bf4 Revert "fdt: translate address if #size-cells = <0>"
This reverts commit d64b9cdcd4.

As pointed by [1] and [2], the reverted patch made every DT 'reg'
property translatable. What the patch was trying to fix was fixed in a
different way from previously submitted patches which instead of
correcting the generic address translation function fixed the issue with
appropriate platform code.

[1] https://patchwork.ozlabs.org/project/uboot/patch/1614324949-61314-1-git-send-email-bmeng.cn@gmail.com/
[2] https://lore.kernel.org/linux-clk/20210402192054.7934-1-dariobin@libero.it/T/

Signed-off-by: Dario Binacchi <dariobin@libero.it>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2021-05-12 16:27:57 +05:30
Niko Mauno
f0b21ebd41 fdt_support.c: Allow late kernel cmdline modification
By declaring board-specific board_fdt_chosen_bootargs() the kernel
command line arguments can be adjusted before injecting to flat dt
chosen node.

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
2021-05-04 12:52:46 -04:00
Rasmus Villemoes
95fd977201 env: allow environment to be amended from control dtb
It can be useful to use the same U-Boot binary for multiple purposes,
say the normal one, one for developers that allow breaking into the
U-Boot shell, and one for use during bootstrapping which runs a
special-purpose bootcmd. Or one can have several board variants that
can share almost all boot logic, but just needs a few tweaks in the
variables used by the boot script.

To that end, allow the control dtb to contain a /config/enviroment
node (or whatever one puts in fdt_env_path variable), whose
property/value pairs are used to update the run-time environment after
it has been loaded from its persistent location.

The indirection via fdt_env_path is for maximum flexibility - for
example, should the user wish (or board logic dictate) that the values
in the DTB should no longer be applied, one simply needs to delete the
fdt_env_path variable; that can even be done automatically by
including a

  fdt_env_path = "";

property in the DTB node.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
2021-05-04 11:50:50 -04:00
Sean Anderson
4d65c6bcd7 sysinfo: Require that sysinfo_detect be called before other methods
This has the uclass enforce calling detect() before other methods.  This
allows drivers to cache information in detect() and perform (cheaper)
retrieval in the other accessors. This also modifies the only instance
where this sequencing was not followed.

Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-05-04 07:57:18 -04:00
Yuichiro Goto
77ed7a2ac9 IOMUX: Fix buffer overflow in iomux_replace_device()
Use of strcat() against an uninitialized buffer would lead
to buffer overflow. This patch fixes it.

Fixes: 694cd5618c ("IOMUX: Introduce iomux_replace_device()")
Signed-off-by: Yuichiro Goto <goto@k-tech.co.jp>
Cc: Peter Robinson <pbrobinson@gmail.com>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Tested-by: Peter Robinson <pbrobinson@gmail.com>
2021-04-27 08:05:30 -04:00
Jernej Skrabec
a327feeef4 common: edid: Search for valid timing in extension block
One of my monitors have only 4k@60 timing in base EDID block which is
out of range for devices with HDMI 1.4. It turns out that it has
additional detailed timings in CTA-861 Extension Block and two of them
are appropriate for HDMI 1.4.

Add additional search for valid detailed timing in extension block.

Signed-off-by: Jernej Skrabec <jernej.skrabec@siol.net>
Acked-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2021-04-24 13:44:47 +02:00
Jernej Skrabec
3daea8632c common: edid: extract code for detailed timing search
Code which searches for valid detailed timing entry will be used in more
places. Extract it.

No functional change is made. However, descriptors are casted to
edid_detailed_timing instead of edid_monitor_descriptor. Descriptor can
be of either type, but since we're interested only in DTD, it is more
fitting to cast to edid_detailed_timing.

Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Jernej Skrabec <jernej.skrabec@siol.net>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2021-04-24 13:44:44 +02:00
Jernej Skrabec
4fb0c3c43f common: edid: check for digital display earlier
When searching for detailed timing in EDID, check for digital display
earlier. There is no point parsing other parameters if this flag is not
present.

Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Jernej Skrabec <jernej.skrabec@siol.net>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2021-04-24 13:44:41 +02:00
Joel Peshkin
4e9bce1243 Add support for stack-protector
Add support for stack protector for UBOOT, SPL, and TPL
as well as new pytest for stackprotector

Signed-off-by: Joel Peshkin <joel.peshkin@broadcom.com>

Adjust UEFI build flags.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-20 07:31:12 -04:00
Alexandru Gagniuc
58b504e5e1 Revert "spl: Drop bd_info in the data section"
This reverts commit 38d6b7ebda.

struct global_data contains a pointer to the bd_info structure. This
pointer was populated spl_set_bd() to a pre-allocated bd_info in the
".data" section. The referenced commit replaced this mechanism to one
that uses malloc(). That new mechanism is only used if SPL_ALLOC_BD=y.
which very few boards do.

The result is that (struct global_data)->bd is NULL in SPL on most
platforms. This breaks falcon mode, since arch_fixup_fdt() tries to
access (struct global_data)->bd and set the "/memory" node in the
devicetree. The result is that the "/memory" node contains garbage
values, causing linux to panic() as it sets up the page table.

Instead of trying to fix the mess, potentially causing other issues,
revert to the code that worked, while this change is reworked.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-04-19 11:34:01 -04:00
Alexandru Gagniuc
033ac4ebba image-fit: Accept OP-TEE images when booting a FIT
OP-TEE images are normally packaged with
	type = "tee;
	os = "tee";

However, fit_image_load() thinks that is somehow invalid. However if
they were declared as type = "kernel", os = "linux", fit_image_load()
would happily accept them and allow the boot to continue. There is no
technical limitation to excluding "tee".

Allowing "tee" images is useful in a boot flow where OP-TEE is
executed before linux.

In fact, I think it's unintuitive for a "load"ing function to also do
parsing and contain a bunch ad-hoc heuristics that only its caller
might know. But I don't make the rules, I just write fixes. In more
polite terms: refactoring the fit_image API is beyond the scope of
this change.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 16:02:43 -04:00
Alexandru Gagniuc
47b6f7f845 image-fit: Accept IH_TYPE_FIRMWARE in fit_image_load() as valid
Consider the following FIT:

	images {
		whipple {};
	};
	configurations {
		conf-1 {
			firmware = "whipple";
		};
	};

Getting the 'firmware' image with fit_image_load() is not possible, as
it doesn't understand 'firmware =' properties. Although one could pass
IH_TYPE_FIRMWARE for 'image_type', this needs to be converted to a
"firmware" string for FDT lookup -- exactly what this change does.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 16:02:43 -04:00
Alexandru Gagniuc
51d3a8b54f spl: LOAD_FIT_FULL: Support 'kernel' and 'firmware' properties
The 'firmware' property of a config node takes precedence over the
'kernel' property. 'standalone' is deprecated. However, give users a
couple of releases where 'standalone' still works, but warns loudly.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-04-14 16:02:43 -04:00
Alexandru Gagniuc
60138aa87c spl: LOAD_FIT_FULL: Relocate FDT for u-boot payloads
U-Boot expects the FDT to be located right after the _end
linker symbol (see fdtdec.c: board_fdt_blob_setup())

The "basic" LOAD_FIT path is aware of this limitation, and relocates
the FDT at the expected location. Guessing the expected location
probably only works reliably on 32-bit arm, and it feels like a hack.
One proposal would be to pass the FDT address to u-boot
(e.g. using 'r2' on arm platforms).

The variable is named "fdt_hack" to remind future contributors that,
"hey! we should fix the underlying problem". However, that is beyond
the scope of this patch.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-04-14 16:02:43 -04:00
Alexandru Gagniuc
2eaae17bc9 spl: LOAD_FIT_FULL: Do not hard-code os to IH_OS_U_BOOT
The information on the OS should be contained in the FIT, as the
self-explanatory "os" property of a node under /images. Hard-coding
this to U_BOOT might send us down the wrong path later in the boot
process.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-04-14 16:02:43 -04:00
Alexandru Gagniuc
18fd663c63 spl: LOAD_FIT_FULL: Fix selection of the "fdt" node
The correct FDT to use is described by the "fdt" property of the
configuration node. When the fit_unamep argument to fit_image_load()
is "fdt", we get the "/images/fdt" node. This is incorrect, as it
ignores the "fdt" property of the config node, and in most cases,
the "/images/fdt" node doesn't exist.

Use NULL for the 'fit_unamep' argument. With NULL, fit_image_load()
uses the IH_TYPE_FLATDT value to read the config property "fdt",
which points to the correct FDT node(s).

fit_image_load() should probably be split into a function that reads
an image by name, and one that reads an image by config reference. I
don't make those decisions, I just point out the craziness.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Sean Anderson
d442f69399 common: fit: Add weak board_fit_config_name_match
Several architectures had a default board_fit_config_name_match already;
this provides a generic weak version. We default to rejecting all configs.
This will use the FIT's default config, instead of the first config. This
may result in boot failures if there are multiple configurations and the
first config is *not* the default.

Signed-off-by: Sean Anderson <sean.anderson@seco.com>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
df51ae767e Kconfig: Document the limitations of the simple SPL_LOAD_FIT path
The "simple" SPL_LOAD_FIT path is the most compliant with the format
documented in doc/uImage.FIT/source_file_format.txt. The other two
paths to load a FIT are SPL_LOAD_FIT_FULL and the "bootm" command.

Since the Kconfig menu is the most likely place for a new user to see
these options, it seems like the most logical candidate to document
the limitations. This documents the _known_ issues, and is not
intended to be a complete list of all follies.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
35f4f8e6fc spl: fit: Support loading FPGA images from list of "loadables"
Commit 4afc4f37c7 ("doc: FIT image: Clarify format and simplify
syntax") and delegated FPGA images to be added via the list of
"loadables" in lieu of the "fpga" property. Now actually implement
this in code.

Note that the "compatible" property is ignored for the time being, as
implementing "compatible" loading is beyond the scope of this change.
However, "u-boot,fpga-legacy" is accepted without warning.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
d8a395109e spl: fit: Warn if FIT contains "fpga" property in config node
Commit 4afc4f37c7 ("doc: FIT image: Clarify format and simplify
syntax") requires that FPGA images be referenced through the
"loadables" in the config node. This means that "fpga" properties in
config nodes are deprecated.

Given that there are likely FIT images which use "fpga", let's not
break those right away. Print a warning message that such use is
deprecated, and give users a couple of releases to update their

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
55e7a1a435 spl: fit: Move FPGA loading code to separate functions
The FPGA loading code in spl_simple_fit_read() can easily be separated
from the rest of the logic. It is split into two functions instead of
one because spl_fit_upload_fpga() is used in a subsequent patch.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
f0a6ec3656 spl: fit: Don't overwrite previous loadable if "load" is missing
spl_load_fit_image() will try to load an image at the address given
in the "load" property. Absent such property, it uses

	image_info->load_addr

Correct use of this is demonstrated in spl_fit_append_fdt(), which
resets the 'load_addr' before each spl_load_fit_image() call.

On the other hand loading "loadables" loop in spl_load_simple_fit()
completely ignores this. It re-uses the same structure, but doesn't
reset load_addr. If loadable [i] does not have a "load" property, its
load address defaults to load_addr, which still contains the address
of loadable [i - 1].

A simple solution is to treat NULL as an invalid load address. The
caller can set load_addr = 0 to request an abort if the "load"
property is absent.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
ed6c9e0b66 lib: Add support for ECDSA image signing
mkimage supports rsa2048, and rsa4096 signatures. With newer silicon
now supporting hardware-accelerated ECDSA, it makes sense to expand
signing support to elliptic curves.

Implement host-side ECDSA signing and verification with libcrypto.
Device-side implementation of signature verification is beyond the
scope of this patch.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:06:08 -04:00
Alexandru Gagniuc
0bcb28dfb9 lib: Rename rsa-checksum.c to hash-checksum.c
rsa-checksum.c sontains the hash_calculate() implementations. Despite
the "rsa-" file prefix, this function is useful for other algorithms.

To prevent confusion, move this file to lib/, and rename it to
hash-checksum.c, to give it a more "generic" feel.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:06:08 -04:00
Asherah Connor
5b0b43e0e2 x86: qemu: move QFW to its own uclass
We move qfw into its own uclass and split the PIO functions into a
specific driver for that uclass.  The PIO driver is selected in the
qemu-x86 board config (this covers x86 and x86_64).

include/qfw.h is cleaned up and documentation added.

Signed-off-by: Asherah Connor <ashe@kivikakk.ee>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
2021-04-12 17:44:55 -04:00
Sean Anderson
9539f71675 hush: Fix assignments being misinterpreted as commands
If there were no variable substitutions in a command, then initial
assignments would be misinterpreted as commands, instead of being skipped
over. This is demonstrated by the following example:

	=> foo=bar echo baz
	Unknown command 'foo=bar' - try 'help'

Signed-off-by: Sean Anderson <seanga2@gmail.com>
2021-04-12 17:17:11 -04:00
Joel Stanley
a479f103dc hash: Allow for SHA512 hardware implementations
Similar to support for SHA1 and SHA256, allow the use of hardware hashing
engine by enabling the algorithm and setting  CONFIG_SHA_HW_ACCEL /
CONFIG_SHA_PROG_HW_ACCEL.

Signed-off-by: Joel Stanley <joel@jms.id.au>
2021-04-12 17:17:11 -04:00
Patrick Delaunay
a2535243e0 lib: optee: migration optee_copy_fdt_nodes for OF_LIVE support
The optee_copy_fdt_nodes is only used to copy op-tee nodes
of U-Boot device tree (from gd->fdt_blob when OF_LIVE is not activated)
to external device tree but it is not compatible with OF_LIVE.

This patch migrates all used function fdt_ functions to read node on
old_blob to ofnode functions, compatible with OF_LIVE and remove this
parameter "old_blob".

The generated "device tree" is checked on stm32mp platform with OF_LIVE
activated.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-04-12 14:25:31 -04:00
Patrick Delaunay
83064c2706 board_f: cosmetic: change the debug trace to KB in reserve_video
Update the debug trace for the reserved video memory to KB as indicated
in the message with "%luk"; before the patch the computed size
gd->relocaddr - addr is in bytes.

This patch aligns the debug trace in reserve_video() with others
functions, for example on stm32mp157c-dk2:

  - Reserving 3080192k for video at: dfd00000
  + Reserving 3008k for video at: dfd00000
    Reserving 873k for U-Boot at: dfc25000
    Reserving 32776k for malloc() at: ddc23000
    Reserving 72 Bytes for Board Info at: ddc22fb0
    Reserving 280 Bytes for Global Data at: ddc22e90
    Reserving 119072 Bytes for FDT at: ddc05d70
    Reserving 0x278 Bytes for bootstage at: ddc05af0

Fixes: 5630d2fbc5 ("board: Show memory for frame buffers")
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-10 16:53:56 +02:00
Tom Rini
a1e95e3805 u-boot-imx-20210409
-------------------
 
 - Secure Boot :
 	- HAB for MX8M / MX7ULP
 	- CAAM fixes
 - Fixes for imxrt1020
 - Fixes for USDHC driver
 - Fixes for Toradex (Colibri / Apalis)
 - Switch to DM for several boards
 	- mx23 olinuxo
 	- usbarmory
 	- marsboard / riotboard
 	- Gateworks GW Ventana
 - NXP upstream patches (LPDDR / CAAM / HAB)
 
 CI: https://source.denx.de/u-boot/custodians/u-boot-imx/-/pipelines/7089
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQS2TmnA27QKhpKSZe309WXkmmjvpgUCYHA8Xg8cc2JhYmljQGRl
 bnguZGUACgkQ9PVl5Jpo76aVbQCfb0Z+N836ZSAodyLa0t6FSHgKqfYAnRdrWQAv
 MNlGOmmpfHENtE75eSnd
 =g48D
 -----END PGP SIGNATURE-----

Merge tag 'u-boot-imx-20210409' of https://gitlab.denx.de/u-boot/custodians/u-boot-imx

u-boot-imx-20210409
-------------------

- Secure Boot :
	- HAB for MX8M / MX7ULP
	- CAAM fixes
- Fixes for imxrt1020
- Fixes for USDHC driver
- Fixes for Toradex (Colibri / Apalis)
- Switch to DM for several boards
	- mx23 olinuxo
	- usbarmory
	- marsboard / riotboard
	- Gateworks GW Ventana
- NXP upstream patches (LPDDR / CAAM / HAB)

CI: https://source.denx.de/u-boot/custodians/u-boot-imx/-/pipelines/7089
2021-04-09 10:08:52 -04:00
Tim Harvey
aa0032f672 spl: fit: nand: allow for non-page-aligned elements
Add a weak nand_get_mtd function for nand drivers to provide mtd info
and use this to set pagesize such that reading of non page-aligned
elements can succeed.

The spl_load_simple_fit already handles block block access so all we
need to do is provide the nand writesize as the block length.

Further cleanup of the drivers which use nand_spl_loaders.c such as
am335x_spl_bch.c, atmel_nand.c, and nand_spl_simple.c could be done
using info from mtd_info instead of statically defined details.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2021-04-08 20:29:53 +02:00
Tim Harvey
39cb85043c spl: fit: nand: skip bad block handling if NAND chip not fully defined
commit 9f6a14c47f ("spl: fit: nand: fix fit loading in case of bad blocks")
added support for adjusting the image offset to account for bad blocks.
However this requires nand_spl_adjust_offset() which requires fully defined
specifics of the NAND chip being used may not be avialable.

Allow skipping this support for drivers or configs which don't specify
the NAND chip details statically with defines.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2021-04-08 20:29:53 +02:00
Bin Meng
ae2d9506a3 riscv: sifive: Rename fu540 board to unleashed
In preparation to add SiFive Unmatched board support, let's rename
the existing fu540 board to unleashed.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
2021-04-08 15:37:29 +08:00
Tom Rini
2e216be8cf Merge https://source.denx.de/u-boot/custodians/u-boot-usb
- XHCI fixes
2021-04-06 14:11:21 -04:00
Aaron Williams
c1125bad6c usb: hub: Fix usb_get_port_status() for big-endian platforms
Add missing endianness conversions to usb_get_port_status(). This
(amongst others) is necessary to enable the use of USB 3 hubs on
big-endian platforms like MIPS Octeon.

Signed-off-by: Aaron Williams <awilliams@marvell.com>
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Chandrakala Chavva <cchavva@marvell.com>
Cc: Bin Meng <bmeng.cn@gmail.com>
Cc: Marek Vasut <marex@denx.de>
2021-04-06 16:38:57 +02:00
Simon Glass
48f45455bf Convert CONFIG_MISC_INIT_F to Kconfig
This converts the following to Kconfig:
   CONFIG_MISC_INIT_F

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-04-06 16:33:19 +12:00
Tom Rini
1057b1be75 Prepare v2021.04-rc5
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmBiRbMACgkQFHw5/5Y0
 tyz0KAv/T8glQGL6L2CYeLuwbs9tndQoaH2YNb3teNUJrqehBleJAQ6ubHP30d87
 rHrokJ4Zu3TC15sACrK4GOMvsAVkeCuU/jIqFJA4ieDZr8g7yfUMOZMsDiIFdd36
 Rdmi71Jtek/csyS5BfcUUYoXVbUCGQ8yAx7z0VrK0sqsqZYYJNwPmqgkR8U2ulNb
 FiLxwamFwH7+bsvcvHajO1dOyko0zR7GTisf/fOgmlHuF3BldqG4SDcNd528uEWb
 r3fXs2Ut6IaC/beCnmKUPVG3ZjdPtb+T230rRRhUOfjTwqR7SzXp5bTyzdgyw3gU
 rOgfi/mAGQPPG2E2fzPz0JCI1irbnkSE2fVJ4epaVUCoHIEsQQdy034aD3qLcHFY
 65ihEpRvCM7s9jfKX8XeIG4rKFB4i60TX5orzdMvx7wV3rxmPE9qQmF9lkD+fEA+
 TPuFtkjGmluSe+xWBVK7+6xuF6rcLEbNXuFWRi3qMSMgH8rtGfeJRonusOGPolwC
 jQ1T7szW
 =UJ/O
 -----END PGP SIGNATURE-----

Merge tag 'v2021.04-rc5' into next

Prepare v2021.04-rc5
2021-03-29 18:00:21 -04:00
Simon Glass
96dedb0da2 sysinfo: Allow showing model info from sysinfo
Some boards may want to show the SKU ID or other information obtained at
runtime. Allow this to come from sysinfo. The board can then provide a
sysinfo driver to provide it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2021-03-27 16:26:48 +13:00
Simon Glass
a8d696275a bootm: Skip command-line substitution if !CONFIG_CMDLINE
When there is no command line, we cannot enable this feature. Add a check
to avoid a build error.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-27 15:04:31 +13:00
Simon Glass
529d5f96cf cpu: Rename SPL_CPU_SUPPORT to SPL_CPU
The _SUPPORT suffix is from an earlier time and interferes with use of
the CONFIG_IS_ENABLED() macro. Rename the option to drop the suffix.

Tidy up the TODO that prompted this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-27 15:04:31 +13:00
Simon Glass
eb26d88d55 bootstage: Warning if space is exhausted
At present bootstage silently ignores new records if it runs out of
space. It is sometimes obvious by looking at the report, but the IDs are
not contiguous, so it is easy to miss.

Aad a message so that action can be taken.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-27 15:04:31 +13:00
Simon Glass
05e3a0d648 spl: Split out bootstage ID into a function
We have two separate places that need to figure out the bootstage ID to
use. Put this code in a function so that the logic is in one place.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-27 15:04:31 +13:00
Simon Glass
e2734d647e sandbox: image: Allow sandbox to load any image
Sandbox is special in that it is used for testing and it does not match
any particular target architecture. Allow it to load an image from any
architecture, so that 'bootm' can be used as needed.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-27 15:04:31 +13:00
Simon Glass
95a5825f31 dm: core: Add an option to support SPL in read-only memory
Some systems (e.g. x86 APL) run SPL from read-only memory. The device
instances created by dtoc are therefore not writeable. To make things work
we would need to copy the devices to read/write memory.

To avoid this, add an option to use a separate runtime struct for devices,
just as is done for drivers. This can be used to hold information that
changes at runtime, avoiding the need for a copy.

Also add a Kconfig option for read-only SPL, which selects this feature.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-26 17:03:09 +13:00
schspa
0453411998 avb: Fix error when partition not found
part_get_info_by_name will return -1 on error, and >0 on success.

Signed-off-by: schspa <schspa@gmail.com>
Cc: Igor Opaniuk <igor.opaniuk@gmail.com>
Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com>
2021-03-17 12:50:19 -04:00
Simon Glass
29cbc4babf image: Avoid -ENODATA in host tools
Unfortunately -ENODATA is not available in OpenBSD. Use -EBADMSG
instead, to indicate a missing timestamp.

Fixes: c5819701a3 image: Adjust the workings of fit_check_format()
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
2021-03-17 12:50:19 -04:00
Tom Rini
22fc991daf Prepare v2021.04-rc4
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmBPhiUACgkQFHw5/5Y0
 tywChgv/RYpdSKrD5s4kCJnImfOwDznESj/CqAQK3Au5zviq7qXRrgxyTKv2e1wM
 W51vUBd0cE1YTACXqbr92wSSyqoTthLqd57KQgVele5uC2dvkqVTSvjPOUwtyIbQ
 BTPkoQnHPn30AILRdPjpEdBGfZhJDDtJFdQopn6h4GjEjPKVH8Wx1Dd+V6SD5f20
 WiksUjgdjMr1AmORY+LdwwJO8FZrGGPYgs8CDtiqxmCSwh3d7kUFFTT+G23BZdo7
 M+81+1uIUaW2Bolds7ZTPrrjr8bPwkWoTqNYhUB4bNPLp72gwnjM1rtU1X3hyiJM
 MdxSBimLHUOYPihfeSYCHSUrJaQFAAEFkuzWfZN1fgoswKEZQIVVVTzT/TomTyqf
 1DIXD+0HpXGKgVLW/Nkpl4D+UFjR865XI4kiuDxddjKI7bGbvDlbZ/k3PNelD7op
 umUswHnC3OTSw/g+A9VH/zf1rMFNLfu++vD7XJtdoWlcsl6x6/6Fh75tuC6K/X0K
 caPmehD3
 =ENym
 -----END PGP SIGNATURE-----

Merge tag 'v2021.04-rc4' into next

Prepare v2021.04-rc4
2021-03-15 12:15:38 -04:00
Jorge Ramirez-Ortiz
166363f2ed common: SCP03 control (enable and provision of keys)
This Trusted Application allows enabling SCP03 as well as provisioning
the keys on TEE controlled secure element (ie, NXP SE050).

All the information flowing on buses (ie I2C) between the processor
and the secure element must be encrypted. Secure elements are
pre-provisioned with a set of keys known to the user so that the
secure channel protocol (encryption) can be enforced on the first
boot. This situation is however unsafe since the keys are publically
available.

For example, in the case of the NXP SE050, these keys would be
available in the OP-TEE source tree [2] and of course in the
documentation corresponding to the part.

To address that, users are required to rotate/provision those keys
(ie, generate new keys and write them in the secure element's
persistent memory).

For information on SCP03, check the Global Platform HomePage and
google for that term [1]
[1] globalplatform.org
[2] https://github.com/OP-TEE/optee_os/
    check:
    core/drivers/crypto/se050/adaptors/utils/scp_config.c

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-03-13 13:14:52 -05:00
Simon Glass
9ad7a6c25c log: Handle line continuation
When multiple log() calls are used which don't end in newline, the
log prefix is prepended multiple times in the same line. This makes the
output look strange.

Fix this by detecting when the previous log record did not end in newline.
In that case, setting a flag.

Drop the unused BUFFSIZE in the test while we are here.

As an example implementation, update log_console to check the flag and
produce the expected output.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-12 17:41:35 -05:00
Simon Glass
79d5983b61 log: Set up a flag byte for log records
At present only a single flag (force_debug) is used in log records. Before
adding more, convert this into a bitfield, so more can be added without
using more space.

To avoid expanding the log_record struct itself (which some drivers may
wish to store in memory) reduce the line-number field to 16 bits. This
provides for up to 64K lines which should be enough for anyone.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-12 17:41:35 -05:00
Simon Glass
891d9e84a7 spl: Convert spl_fit to work with sandbox
At present this casts addresses to pointers so cannot work with sandbox.
Update the code to use map_sysmem() instead.

As part of this change, the existing load_ptr is renamed to src_ptr since
it is not a pointer to load_addr. It is confusing to use a similar name
for something that is not actually related. For the alignment code,
ALIGN() is used instead of open-coded alignment. Add a comment to the line
that casts away a const.

Use a (new) load_ptr variable to access memory at address load_addr.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-12 09:57:31 -05:00
Siew Chin Lim
1bc20897c1 arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)
Vendor Authorized Boot is a security feature for authenticating
the images such as U-Boot, ARM trusted Firmware, Linux kernel,
device tree blob and etc loaded from FIT. After those images are
loaded from FIT, the VAB certificate and signature block appended
at the end of each image are sent to Secure Device Manager (SDM)
for authentication. U-Boot will validate the SHA384 of the image
against the SHA384 hash stored in the VAB certificate before
sending the image to SDM for authentication.

Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Reviewed-by: Ley Foon Tan <ley.foon.tan@intel.com>
2021-03-08 10:59:10 +08:00
Bin Meng
a43b598cc1 common: Move initr_addr_map() to a bit earlier
At present initr_addr_map() is put at a late stage in the
init_sequence_r[] calls. This won't work because lot of
device driver initialization (e.g.: serial port) happens
before it but is lack of the address translation support.

This moves the call to a bit earlier, right after the DM
initialization.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2021-03-05 10:25:43 +05:30
Bin Meng
a932aa3c69 common: fdt_support: Support special case of PCI address in fdt_read_prop()
At present fdt_read_prop() can only handle 1 or 2 cells. It is
called by fdt_read_range() which may be used to read PCI address
from <ranges> for a PCI bus node where the number of PCI address
cell is 3. The <ranges> property is an array of:

  { <child address> <parent address> <size in child address space> }

When trying to read <child address> from a PCI bus node using
fdt_read_prop(), as the codes below:

    /* Read <child address> */
    if (child_addr) {
        r = fdt_read_prop(ranges, ranges_len, cell, child_addr,
                          acells);
        if (r)
            return r;
    }

it will fail, because the PCI child address is made up of 3 cells
but fdt_read_prop() cannot handle it. We advance the cell offset
by 1 so that the <child address> can be correctly read.

This adds the special handling of such case.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2021-03-05 10:25:42 +05:30
Simon Glass
939b04e9cf bootstage: Fix dependency for BOOTSTAGE_RECORD_COUNT
At present these three Kconfigs exist even when bootstage is not enabled.
This is not necessary since bootstage.c is only built if BOOTSTAGE is
enabled.

Make them conditional. Also fix up the overflow message to mention TPL.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-03 19:17:25 -07:00
Simon Glass
185756ec0f bootm: Fix duplicate debugging in bootm_process_cmdline()
These two returns use the same string so are not distinguishable with
LOG_ERROR_RETURN. Fix it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-02 15:53:37 -05:00
Simon Glass
1a9e75bd5d spl: Drop duplicate 'Jumping to U-Boot' message
This is printed twice but we only need one message, since there is very
little processing in between them. Drop the second one, since all branches
of the switch() already have output. Update the U-Boot message to include
the phase being jumped to.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-02 15:53:37 -05:00
Frieder Schrempf
3bbe1a7faf Respect that some compression algos can be enabled separately for SPL
Some compression algorithms currently can be enabled for SPL and
U-Boot proper separately. Therefore take into account USE_HOSTCC
is well as CONFIG_IS_ENABLED() in these cases to prevent compiling these
functions in case of a host tool build.

Signed-off-by: Frieder Schrempf <frieder.schrempf@kontron.de>
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2021-03-01 10:21:36 +01:00
Stefan Brüns
ba0b984bb0 usb: kbd: Also accept keyboards with Interrupt OUT endpoint
The OUT endpoint can just be ignored as it is not used, just as the
corresponding Set_Report request for IN-only interfaces. E.g. the
Linux gadget hid keyboard also provides an interrupt endpoint.

Also cleanup confusing debug messages like "found set protocol", which
is printed when a keyboard device is found, while the Set_Protocol request
is issued quite some time later.

Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
2021-02-26 15:30:55 +01:00
Klaus Heinrich Kiwi
bdb7f2632b Kconfig: SPL_FIT_SIGNATURE requires SPL_LOAD_FIT
Having the ability to support firmware FIT signatures on the SPL sounds
not so useful if the SPL is not supporting to load a (U-boot) firmware
as a FIT image.

Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
2021-02-24 16:51:48 -05:00
Klaus Heinrich Kiwi
6ce28132b8 Kconfig: SPL_FIT_SIGNATURE selects FIT_SIGNATURE
Selecting SPL_FIT_SIGNATURE (without selecting U-boot proper
verified boot first) breaks the build due to
CONFIG_FIT_SIGNATURE_MAX_SIZE being undefined, in addition to Kconfig
warnings on RSA and IMAGE_SIGN_INFO unmet dependencies.

Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
2021-02-24 16:51:48 -05:00
Wasim Khan
402558b1fe cmd: fdt: skip board specific fixup using env variable
Sometimes it is useful to boot OS with already fixed-up
device tree. Check for env variable 'skip_board_fixup'
before calling ft_board_setup().
Current behaviour is unchanged, additionally user can
set skip_board_fixup to 1 to skip the fixup.

Signed-off-by: Wasim Khan <wasim.khan@nxp.com>
2021-02-24 16:51:48 -05:00
Tom Rini
a3ddc776fa - splash_source warning fix when building with 64-bit toolchains
- lq123p1jx31 and nv101wxmn51 compatible in simple panel driver
  - remove not used mb862xx driver
  - add Himax HX8238D panel driver
  - s/video_uc_platdata/video_uc_plat/
 -----BEGIN PGP SIGNATURE-----
 
 iGwEABECACwWIQSC4hxrSoIUVfFO0kRM6ATMmsalXAUCYDOevA4cYWd1c3RAZGVu
 eC5kZQAKCRBM6ATMmsalXNaAAJ0RUysoiZFAddxyrW7otwe+xxmdTACbBcVXCPuX
 W41gJtQyftU4rMGbMoo=
 =iAX1
 -----END PGP SIGNATURE-----

Merge tag 'video-for-v2021.04-rc3' of https://gitlab.denx.de/u-boot/custodians/u-boot-video

 - splash_source warning fix when building with 64-bit toolchains
 - lq123p1jx31 and nv101wxmn51 compatible in simple panel driver
 - remove not used mb862xx driver
 - add Himax HX8238D panel driver
 - s/video_uc_platdata/video_uc_plat/
2021-02-22 09:11:27 -05:00
Andre Przywara
e036a1d227 fdt/sunxi: Remove OF_STDOUT_PATH
OF_STDOUT_PATH was meant to hold the devicetree path to the serial
console, to be put into the linux,stdout-path property of the chosen node.

The only user of that was sunxi, and it was actually wrong for years
there: the paths hardcoded in sunxi_common.h were not matching the DTs,
evident by the leading 0's in nodenames, which have been removed years
ago.

On top of that, "linux,stdout-path" is now deprecated for a while (Linux
commit 2a9d832cc9aae from November 2014), and also all modern DTs
(including those included in U-Boot) carry a "stdout-path" property
already.

So remove the stanza from sunxi_common.h, and, since this was the last
user, also remove the associated bits from the rest of U-Boot.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-02-19 23:29:47 +00:00
Jaehoon Chung
a0b74acb9b common: splash_source: fix -Wint-to-pointer-cast warning
Fix -Wint-to-pointer-cast warning

common/splash_source.c: In function 'splash_load_raw':
common/splash_source.c💯12: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
  100 |  bmp_hdr = (struct bmp_header *)bmp_load_addr;
      |            ^
common/splash_source.c: In function 'splash_sf_read_raw':
common/splash_source.c:39:47: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
   39 |  return spi_flash_read(sf, offset, read_size, (void *)bmp_load_addr);
      |                                               ^

Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-02-19 22:17:10 +01:00
Tom Rini
766927a759 Merge branch '2021-02-18-SPL-FIT-OP-TEE-Linux-improvements'
- Improve interactions between SPL / OP-TEE and Linux in FIT images
2021-02-18 12:02:11 -05:00
Nicolas Saenz Julienne
51bdb50904 dm: Introduce xxx_get_dma_range()
Add the following functions to get a specific device's DMA ranges:
 - dev_get_dma_range()
 - ofnode_get_dma_range()
 - of_get_dma_range()
 - fdt_get_dma_range()
They are specially useful in oder to be able validate a physical address
space range into a bus's and to convert addresses from and to address
spaces.

Signed-off-by: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Peter Robinson <pbrobinson@gmail.com>
Signed-off-by: Matthias Brugger <mbrugger@suse.com>
2021-02-18 11:56:25 +01:00
Alexandru Gagniuc
71551055cb spl: fit: Load devicetree when a Linux payload is found
When a FIT config specifies a devicetree, we should load it, no
questions asked. In the case of the "simple" FIT loading path, a
difficulty arises in selecting the load address of the FDT.

The default FDT location is right after the "kernel" or "firmware"
image. However, if that is an OP-TEE image, then the FDT may end up in
secure DRAM, and not be accessible to normal world kernels.

Although the best solution is to be more careful about the FDT
address, a viable workaround is to only append the FDT after a u-boot
or Linux image. This is identical to the previous logic, except that
FDT loading is extended to IH_OS_LINUX images.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-02-17 19:46:43 -05:00
Alexandru Gagniuc
aeedeae407 spl: fit: Replace #ifdef blocks with more readable constructs
Use the IS_ENABLED() macro to control code flow, instead of the
caveman approach of sprinkling #ifdefs. Code size is not affected, as
the linker garbage-collects unused functions. However, readability is
improved significantly.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-02-17 19:46:43 -05:00
Alexandru Gagniuc
9e9aa0b473 spl: fit: Only look up FIT configuration node once
The configuration node a sub node under "/configurations", which
describes the components to load from "/images". We only need to
locate this node once.

However, for each component, spl_fit_get_image_name() would parse the
FIT image, looking for the correct node. Such work duplication is not
necessary. Instead, once the node is found, cache it, and re-use it.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-02-17 19:46:43 -05:00
Alexandru Gagniuc
e4928270a4 spl: fit: Remove useless loop in spl_fit_get_image_name()
When a desired configuration is not found, conf_node will have a
negative value. Thus the for loop will start at the root "/" node of
the image, print the "/description" property, and stop.

It appears the intent of the loop was to print the names of the
subnodes under "/configurations". We would need the offset to the
"/configurations" node, which is abstracted by fit_find_config_node().

This change agrees that abstracting the node offset is the correct
design, and we shouldn't be parsing the configurations manually. Thus
the loop in spl_fit_get_image_name() is useless. Remove it.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-02-17 19:46:43 -05:00
Alexandru Gagniuc
3dc2079733 spl: fit: Pass FIT context via a structure pointer
Several loose arguments describe the FIT image. They are thus related,
and it makes sense to pass them together, in a structure. Examples
include the FIT blob pointer, offset to FDT nodes, and the offset to
external data.

Use a spl_fit_info structure to group these parameters.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-02-17 19:46:42 -05:00
Alexandru Gagniuc
917fa369f6 spl: fit: Factor out FIT parsing and use a context struct
The logical steps in spl_load_simple_fit() are difficult to follow.
I think the long comments, ifdefs, and ungodly number of variables
seriously affect the readability. In particular, it violates section 6
of the coding style, paragraphs (3), and (4).

The purpose of this patch is to improve the situation by
  - Factoring out initialization and parsing to separate functions
  - Reduce the number of variables by using a context structure
This change introduces no functional changes.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-02-17 17:12:45 -05:00
Alexandru Gagniuc
efc4ad0bc7 spl: fit: Drop 'length' argument to board_spl_fit_post_load()
The size is derived from the FIT image itself. Any alignment
requirements are machine-specific and known by the board code. Thus
the total length can be derived from the FIT image and knowledge of
the platform. The 'length' argument is redundant. Remove it.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
CC: Matt Porter <mporter@konsulko.com>
2021-02-17 17:12:45 -05:00
Andy Shevchenko
eb5fd9e46c usb: kbd: destroy device after console is stopped
In case of IOMUX enabled it assumes that console devices in the list
are available to get them stopped properly via ->stop() callback.
However, the USB keyboard driver violates this assumption and tries
to play tricks so the device get destroyed while being listed as
an active console.

Swap the order of device deregistration and IOMUX update along with
converting to use iomux_replace_device() jelper to avoid the use-after-free.

Fixes: 3cbcb28928 ("usb: Fix usb_kbd_deregister when console-muxing is used")
Fixes: 8a83487030 ("dm: usb: Add a remove() method for USB keyboards")
Reported-by: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2021-02-16 11:16:08 -05:00
Andy Shevchenko
694cd5618c IOMUX: Introduce iomux_replace_device()
Some console devices may appear or disappear at run time. In order to
support such a hotplug mechanism introduce a new iomux_replace_device()
helper to update the list of devices without altering environment.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2021-02-16 11:16:08 -05:00
Andy Shevchenko
400797cad3 IOMUX: Split out for_each_console_dev() helper macro
It is not only less lines of code, but also better readability
when new macro is being in use. Introduce for_each_console_dev()
helper macro and convert current users to it.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2021-02-16 11:16:08 -05:00
Andy Shevchenko
b672c1619b IOMUX: Split out iomux_match_device() helper
Deduplicate the code used in a few places by splitting out a common helper.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2021-02-16 11:16:08 -05:00
Andy Shevchenko
658d6c5836 IOMUX: Switch to use stdio_file_to_flags()
Deduplicate code by replacing with stdio_file_to_flags() helper.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2021-02-16 11:16:08 -05:00
Andy Shevchenko
09d8f07762 console: Set file and devices at one go
Logical continuation of the change that brought console_devices_set() is
to unify console_setfile() with it and replace in the callers.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2021-02-16 11:16:07 -05:00
Andy Shevchenko
20a7d35148 console: Set console device counter in console_devices_set()
console_devices_set() missed the console device counter to be set correctly.

Fixes: 45375adc97 ("console: add function console_devices_set")
Cc: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2021-02-16 11:16:07 -05:00
Andy Shevchenko
7b9ca3f89c console: Switch to use stdio_file_to_flags()
Deduplicate code by replacing with stdio_file_to_flags() helper.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2021-02-16 11:16:07 -05:00
Andy Shevchenko
d9b0ac90ba stdio: Introduce a new helper stdio_file_to_flags()
Let's deduplicate existing copies by splitting off to a new helper.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2021-02-16 11:16:07 -05:00
Andy Shevchenko
99cb2b996b stdio: Split out nulldev_register() and move it under #if
It's possible that NULLDEV can be disabled while it makes leftovers,
move entire device under #if.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2021-02-16 11:16:07 -05:00
Andy Shevchenko
c090e8f236 stdio: Get rid of dead code, i.e. stdio_deregister()
Nobody is using stdio_deregister(), remove for good.

Note, even its parameters are not consistent with stdio_register().
So, if anyone want to introduce this again, better with some consistency.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
2021-02-16 11:16:07 -05:00
Simon Glass
3f04db891a image: Check for unit addresses in FITs
Using unit addresses in a FIT is a security risk. Add a check for this
and disallow it.

CVE-2021-27138

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 22:31:54 -05:00
Simon Glass
6f3c2d8aa5 image: Add an option to do a full check of the FIT
Some strange modifications of the FIT can introduce security risks. Add an
option to check it thoroughly, using libfdt's fdt_check_full() function.

Enable this by default if signature verification is enabled.

CVE-2021-27097

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 22:31:53 -05:00
Simon Glass
c5819701a3 image: Adjust the workings of fit_check_format()
At present this function does not accept a size for the FIT. This means
that it must be read from the FIT itself, introducing potential security
risk. Update the function to include a size parameter, which can be
invalid, in which case fit_check_format() calculates it.

For now no callers pass the size, but this can be updated later.

Also adjust the return value to an error code so that all the different
types of problems can be distinguished by the user.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 22:31:52 -05:00
Simon Glass
79af75f777 fit: Don't allow verification of images with @ nodes
When searching for a node called 'fred', any unit address appended to the
name is ignored by libfdt, meaning that 'fred' can match 'fred@1'. This
means that we cannot be sure that the node originally intended is the one
that is used.

Disallow use of nodes with unit addresses.

Update the forge test also, since it uses @ addresses.

CVE-2021-27138

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 19:17:25 -05:00
Simon Glass
8a7d4cf982 fdt_region: Check for a single root node of the correct name
At present fdt_find_regions() assumes that the FIT is a valid devicetree.
If the FIT has two root nodes this is currently not detected in this
function, nor does libfdt's fdt_check_full() notice. Also it is possible
for the root node to have a name even though it should not.

Add checks for these and return -FDT_ERR_BADSTRUCTURE if a problem is
detected.

CVE-2021-27097

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 19:17:18 -05:00
Simon Glass
401d1c4f5d common: Drop asm/global_data.h from common header
Move this out of the common header and include it only where needed.  In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly.   Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-02-02 15:33:42 -05:00
Ravik Hasija
7a01882eb3 common: Kconfig.boot: Add FIT_PRINT config option
Config allows to disable printing contents of fitImage to optimize boottime.

Signed-off-by: Ravik Hasija <rahasij@linux.microsoft.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-02-01 16:32:06 -05:00
Simon Glass
86c372af1a x86: spl: Add a function to find the text base
It is useful to know the TEXT_BASE value for the image being loaded in
TPL/SPL. Add a new spl_get_image_text_base() function to handle this.

Make use of this in the x86 SPL handler, instead of having the logic
there.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2021-02-01 15:11:41 +08:00
Marek Szyprowski
9129f2f164 dfu: add support for the dfu_alt_info reintialization from the flashed script
Reinitialize DFU USB gadget after flashing the 'SCRIPT' entity to ensure
that the potential changes to the 'dfu_alt_info' environment variable are
applied.

Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
[lukma - I've moved the bool retry to avoid build (CI) errors]
2021-01-31 14:08:56 +01:00
Heinrich Schuchardt
9c3808deba avb: AVB_VERIFY depends on MMC
AVB Verified Boot uses functions related to MMC.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Igor Opaniuk <igor.opaniuk@foundries.io>
2021-01-29 10:36:48 -05:00
Yuezhang.Mo@sony.com
e088f0c3d8 autoboot: fix illegal memory access when stop key and delay key are empty
If both stop key and delay key are empty, the length of these
keys is 0. The subtraction operation will cause the u_int type
variable to overflow, will cause illegal memory access in key
input loop.

This commit fixes this bug by using int type instead of u_init.
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-27 17:07:48 -05:00
Simon Glass
02d7a53ce6 bloblist: Add missing tag names
Add tag names for recently added types.

Fixes: d2cb7a22da (x86: Allow putting some tables in the bloblist)
Signed-off-by: Simon Glass <sjg@chromium.org>
2021-01-27 17:03:16 -05:00
Simon Glass
9fe064646d bloblist: Support relocating to a larger space
Typically in TPL/SPL the bloblist is quite small. But U-Boot proper may
want to add a lot more to it, such as ACPI tables.

Add a way to expand the bloblist by relocating it in U-Boot proper, along
with the other relocation activities.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-01-27 17:03:16 -05:00
Simon Glass
09d9ba9097 spl: Add functions for next and previous phase
It is useful to be able to figure out which phase we are loading next and
which phase we came from. Add some functions to handle this as well as
returning the name of a phase. This allows messages like "Booting to x"
where x is the next phase.

At present, TPL says 'Jumping to U-Boot' at the end, when in fact it is
jumping to SPL. This is confusing, so use the new functions to correct
this.

Tests for this will come with an upcoming minor SPL test refactor.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-01-27 17:03:16 -05:00
Alexandru Gagniuc
76c78a5481 common: fit-sig: Fix error message in fit_config_verify_sig()
In fit_config_verify_sig(), when no 'signature*' subnode exists in
the configuration node, the fdt_for_each_subnode() loop is a no-op.
Therefore, no error flags are set, and 'err_,sg' is not populated
with an error string. This is incorrect behavior.

Populate err_msg to indicate that no 'signature' is found, before
entering the loop. The first call to fit_image_verify_sig() will
override clear err_msg, or set it to a more specific message.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-01-27 17:03:16 -05:00
Philippe Reynes
4d145f26dd bootcount: allow to use this feature on TPL
This commit add an option TPL_BOOTCOUNT_LIMIT to
use bootcount on TPL.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-01-27 16:58:57 -05:00
Andre Przywara
c0b417b2f1 sunxi: support loading with SPL > 32KB
H616 supports and needs bigger SPL than 32 KiB, mostly due to big DRAM
driver and need for PMIC configuration, which pulls several drivers which
are not needed otherwise.

spl_mmc_get_uboot_raw_sector() will now compare pre-configured size with
that, reported in SPL header. If size in header is bigger, it will use
that value instead.

In the process of function rework, also add missing function argument.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Jernej Skrabec <jernej.skrabec@siol.net>
Reviewed-by: Samuel Holland <samuel@sholland.org>
2021-01-25 21:52:00 +00:00
Jernej Skrabec
44726096cf sunxi: Introduce common symbol for H6 like SoCs
It turns out that there are at least 2 other SoCs which have basically
the same memory map, similar clocks and other features as H6. It's very
likely that we'll see more such SoCs in the future. In order to ease
porting to new SoCs and lower ifdef clutter, introduce common symbol for
them.

Signed-off-by: Jernej Skrabec <jernej.skrabec@siol.net>
Reviewed-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2021-01-25 21:52:00 +00:00
Joel Stanley
93af80f3e8 image-fit: Fix FIT_CIPHER linking
When CONFIG_FIT_CIPHER=y and CONFIG_FIT_SIGNATURE=n is there is no
implementation of image_get_host_blob for mkimage/dumpimage:

 /usr/bin/ld: tools/common/image-cipher.o: in function `fit_image_decrypt_data':
 image-cipher.c:(.text+0x9a): undefined reference to `image_get_host_blob'

Move the implementation to a common file so it can be shaed between
image-cipher.c and image-fit-sig.c.

Signed-off-by: Joel Stanley <joel@jms.id.au>
2021-01-22 16:17:52 -05:00
Peng Fan
52e77726ef common: Makefile: drop duplicated line
obj-$(CONFIG_$(SPL_TPL_)YMODEM_SUPPORT) += xyzModem.o is there,
no need obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-01-16 14:49:09 -05:00
Patrick Delaunay
449efce69a console: cosmetics: remove #if 0
Remove the #if 0 present since the first version of console.c

Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-01-16 14:49:09 -05:00
Heinrich Schuchardt
7cf5b4053b common: always compile fixup_cmdtable()
With our optimization settings the linker eliminates unused functions.

But for debugging it is better to compile with -Og or -O0. With -O0
compiling the sandbox fails due to the missing function fixup_cmdtable()
called by dm_reloc() and others.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-01-16 14:49:09 -05:00
Philippe Reynes
c61b2bf30c common: spl: spl_fit.c: report an error on hash check fail
When the hash check fails on a loadable image, the SPL/TPL simply
jump to the next one. This commit changes this behaviour, when the
hash check fails on a loadable image, the function spl_load_simple_fit
stops and report an error.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-01-16 14:49:09 -05:00