The Raspberry Pi Foundation released the new RPi400 which we want to
detect, so we can enable Ethernet on it and know the correct device tree
file name.
Signed-off-by: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
Reviewed-by: Peter Robinson <pbrobinson@gmail.com>
Tested-by: Peter Robinson <pbrobinson@gmail.com>
Signed-off-by: Matthias Brugger <mbrugger@suse.com>
When RPi4 is booted from USB Mass Storage, the firmware reports 947MiB of
the ARM memory (948 in case of the standard SD-card boot). This value is
not MMU_SECTION_SIZE aligned, so the dram_bank_mmu_setup() skips mapping
of the last 1MiB. This later causes u-boot in ARM 32bit mode to freeze,
because it relocated itself into that unmapped memory and fails to
execute.
Fix this by limiting the size of the first bank to the multiple of
MMU_SECTION_SIZE.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
Tested-by: Jaehoon Chung <jh80.chung@samsung.com>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
Signed-off-by: Matthias Brugger <mbrugger@suse.com>
Make sure we handover the PCIe controller in a clean state. Some of the
devices hanging from the PCIe bus might need to be properly reset
through #PERST in order for Linux to be able to initialize them.
This is specially important in order to properly initialize Raspberry Pi
4 B and 400's USB chip.
Signed-off-by: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
Signed-off-by: Matthias Brugger <mbrugger@suse.com>
The PCIe bus the controller is connected to might need to be removed
prior the handover. Make sure xhci-pci is also removed so as to avoid
unexpected timeouts or hangs.
Signed-off-by: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
Signed-off-by: Matthias Brugger <mbrugger@suse.com>
We find the iProc RNG200 in the Raspberry Pi 4. Add it to all it's
config so that it can be used.
Signed-off-by: Matthias Brugger <mbrugger@suse.com>
Tested-by: Peter Robinson <pbrobinson@gmail.com>
[mb: drop rpi_4_32b_defconfig]
Signed-off-by: Matthias Brugger <mbrugger@suse.com>
Add adc-keys device to the sandbox/test.dts and connect it to the channel
#3 of the sandbox_adc driver. The default values sampled by sandbox_adc
driver determines that button3 and button4 are released and button5 is
pressed.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Add options required to check the 'Function' button state.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Add support for getting the 'vref-supply' regulator and register it as
ADC's reference voltage regulator, so clients can translate sampled ADC
values to the voltage.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Add a simple Analog to Digital Converter device based button driver. This
driver binds to the 'adc-keys' device tree node.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Dump adc-keys bindings documentation from Linux kernel source tree from
commit 698dc0cf9447 ("dt-bindings: input: adc-keys: clarify
description").
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
When a FIT config specifies a devicetree, we should load it, no
questions asked. In the case of the "simple" FIT loading path, a
difficulty arises in selecting the load address of the FDT.
The default FDT location is right after the "kernel" or "firmware"
image. However, if that is an OP-TEE image, then the FDT may end up in
secure DRAM, and not be accessible to normal world kernels.
Although the best solution is to be more careful about the FDT
address, a viable workaround is to only append the FDT after a u-boot
or Linux image. This is identical to the previous logic, except that
FDT loading is extended to IH_OS_LINUX images.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Use the IS_ENABLED() macro to control code flow, instead of the
caveman approach of sprinkling #ifdefs. Code size is not affected, as
the linker garbage-collects unused functions. However, readability is
improved significantly.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
There's no point in guarding function prototypes with #ifdefs. If a
function is not defined, the linker will notice. Having the prototype
does not affect code size.
What the #if guard takes away is the ability to use IS_ENABLED:
if (CONFIG_IS ENABLED(FIT_IMAGE_POST_PROCESS))
board_fit_image_post_process(...)
When the prototype is guarded, the above form cannot be used. This
leads to the proliferation of #ifdefs, and unreadable code. The
opportunity cost of the #if guard outweighs any benefits. Remove it.
Since the original version of this patch, an empty definition was
added by commit f14e6eec6c ("image: cleanup pre-processor usage").
The empty definition can cause silent failures, when an implementation
of board_fit_image_post_process() is expected because the linker will
not catch the missing function. Thus this patch removes this empty
inline declaration.
Fixes: f14e6eec6c ("image: cleanup pre-processor usage")
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The configuration node a sub node under "/configurations", which
describes the components to load from "/images". We only need to
locate this node once.
However, for each component, spl_fit_get_image_name() would parse the
FIT image, looking for the correct node. Such work duplication is not
necessary. Instead, once the node is found, cache it, and re-use it.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When a desired configuration is not found, conf_node will have a
negative value. Thus the for loop will start at the root "/" node of
the image, print the "/description" property, and stop.
It appears the intent of the loop was to print the names of the
subnodes under "/configurations". We would need the offset to the
"/configurations" node, which is abstracted by fit_find_config_node().
This change agrees that abstracting the node offset is the correct
design, and we shouldn't be parsing the configurations manually. Thus
the loop in spl_fit_get_image_name() is useless. Remove it.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Several loose arguments describe the FIT image. They are thus related,
and it makes sense to pass them together, in a structure. Examples
include the FIT blob pointer, offset to FDT nodes, and the offset to
external data.
Use a spl_fit_info structure to group these parameters.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The logical steps in spl_load_simple_fit() are difficult to follow.
I think the long comments, ifdefs, and ungodly number of variables
seriously affect the readability. In particular, it violates section 6
of the coding style, paragraphs (3), and (4).
The purpose of this patch is to improve the situation by
- Factoring out initialization and parsing to separate functions
- Reduce the number of variables by using a context structure
This change introduces no functional changes.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The size is derived from the FIT image itself. Any alignment
requirements are machine-specific and known by the board code. Thus
the total length can be derived from the FIT image and knowledge of
the platform. The 'length' argument is redundant. Remove it.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
CC: Matt Porter <mporter@konsulko.com>
Add support for random number generator RNG200.
This is for example found on RPi4.
Signed-off-by: Matthias Brugger <mbrugger@suse.com>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Peter Robinson <pbrobinson@gmail.com>
[mb: adapt to new struct driver memebers]
Signed-off-by: Matthias Brugger <mbrugger@suse.com>
The switch driver for LS1028A Ethernet switch is now compiled in for
the NXP LS1028A reference design boards and for the Kontron SMARC-sAL28.
Signed-off-by: Alex Marginean <alexandru.marginean@nxp.com>
Signed-off-by: Claudiu Manoil <claudiu.manoil@nxp.com>
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Acked-by: Michael Walle <michael@walle.cc>
The definition follows the DSA binding in kernel and describes the switch,
its ports and PHYs. The switch node has the same structure as in Linux
and this patch enables it (and relevant ports) for the LS1028A RDB board.
ENETC PF6 is the 2nd Eth controller linked to the switch on LS1028A, it is
not used in U-Boot and was disabled. Ethernet port aliases were also
added to better manage the multitude of ports available now.
Signed-off-by: Alex Marginean <alexandru.marginean@nxp.com>
Signed-off-by: Claudiu Manoil <claudiu.manoil@nxp.com>
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Michael Walle <michael@walle.cc>
This driver is used for the Ethernet switch integrated into LS1028A NXP.
Felix on LS1028A has 4 front panel ports and two internal ports, I/O
to/from the switch is done through an ENETC Ethernet interface.
The 4 front panel ports are available as Ethernet interfaces and can be
used with the typical network commands like tftp.
Signed-off-by: Alex Marginean <alexandru.marginean@nxp.com>
Signed-off-by: Claudiu Manoil <claudiu.manoil@nxp.com>
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
DSA stands for Distributed Switch Architecture and it covers switches that
are connected to the CPU through an Ethernet link and generally use frame
tags to pass information about the source/destination ports to/from CPU.
Front panel ports are presented as regular ethernet devices in U-Boot and
they are expected to support the typical networking commands.
DSA switches may be cascaded, DSA class code does not currently support
this.
Signed-off-by: Alex Marginean <alexandru.marginean@nxp.com>
Signed-off-by: Claudiu Manoil <claudiu.manoil@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
The DSA (Distributed Switch Architecture) implementation has made a
design decision when it got introduced to the Linux kernel in 2008.
That was to hide away from the user the CPU-facing Ethernet MAC, since
it does not make sense to register it as a struct net_device (UCLASS_ETH
udevice for U-Boot), because that would never be beneficial for a user:
they would not be able to use it for traffic, since conceptually, a
packet delivered to the CPU port should loop back into the system.
Nonetheless, DSA has had numerous growing pains due to the lack of a
struct net_device for the CPU port, but so far it has overcome them.
It is unlikely at this stage of maturity that this aspect of it will
change.
We would like U-Boot to present the same information as Linux, to be at
parity in terms of number of interfaces, so that ethNaddr environment
variables could directly be associated between U-Boot and Linux.
Therefore, we would implicitly like U-Boot to hide the CPU port from the
user as well.
But the paradox is that DSA still needs a struct phy_device to inform
the driver of the parameters of the link that it should configure the
CPU port to. The problem is that the phy_device is typically returned
via a call to phy_connect, which needs an udevice to attach the PHY to,
and to search its ofnode for the 'fixed-link' property. But we don't
have an udevice to present for the CPU port.
Since 99% of DSA setups are MAC-to-MAC connections between the switch
and the host Ethernet controller, the struct phy_device is going to be a
fixed PHY. This simplifies things quite a bit. In U-Boot, a fixed PHY
does not need an MDIO bus, and does not need an attached dev either.
Basically, the phy_connect call doesn't do any connection, it just
creates the fixed PHY.
The proposal of this patch is to introduce a new fixed_phy_create
function which will take a single argument: the ofnode that holds this:
port@4 {
reg = <4>;
phy-mode = "internal";
fixed-link {
speed = <2500>;
full-duplex;
};
};
and probe a fixed PHY driver using the information from this ofnode.
DSA will probably be the only user of this function.
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Claudiu Manoil <claudiu.manoil@nxp.com>
Unlike the Linux fixed PHY driver, the one in U-Boot does not attempt to
emulate the clause 22 register set of a gigabit copper PHY driver
through the swphy framework. Therefore, the limitation of being unable
to support speeds higher than gigabit in fixed-link does not apply to
the U-Boot fixed PHY driver. This makes the fixed-link U-Boot
implementation more similar to the one from phylink, which can work with
any valid link speed.
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Claudiu Manoil <claudiu.manoil@nxp.com>
Extend existing DM tee tests adding test coverage for reverse RPC calls.
Currently this commit only adds tests for I2C requests from TEE driver
to TEE supplicant, for instance reading/writing data to emulated i2c
eeprom defines in standard sandbox test device tree
(arch/sandbox/dts/test.dtb):
=> i2c bus
Bus 0: i2c@0 (active 0)
2c: eeprom@2c, offset len 1, flags 0
...
Running TEE tests:
=> ut dm tee
Test: dm_test_tee: tee.c
Test: dm_test_tee: tee.c (flat tree)
Failures: 0
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
This adds support for RPC test trusted application emulation, which
permits to test reverse RPC calls to TEE supplicant. Currently it covers
requests to the I2C bus from TEE.
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Add pygit2 and pyelftools to the list of packages for virtualenv
needed to run all sets of pytests.This fixes warnings like:
binman.elf_test.TestElf.testDecodeElf (subunit.RemotedTestCase):
Python elftools not available
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Simon Glass <sjg@chromium.org>
This commit gives the secure world access to the I2C bus so it can
communicate with I2C slaves (typically those would be secure elements
like the NXP SE050).
A similar service implementation has been merged in linux:
c05210ab ("drivers: optee: allow op-tee to access devices on the i2c
bus")
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
In case of IOMUX enabled it assumes that console devices in the list
are available to get them stopped properly via ->stop() callback.
However, the USB keyboard driver violates this assumption and tries
to play tricks so the device get destroyed while being listed as
an active console.
Swap the order of device deregistration and IOMUX update along with
converting to use iomux_replace_device() jelper to avoid the use-after-free.
Fixes: 3cbcb28928 ("usb: Fix usb_kbd_deregister when console-muxing is used")
Fixes: 8a83487030 ("dm: usb: Add a remove() method for USB keyboards")
Reported-by: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Some console devices may appear or disappear at run time. In order to
support such a hotplug mechanism introduce a new iomux_replace_device()
helper to update the list of devices without altering environment.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
It is not only less lines of code, but also better readability
when new macro is being in use. Introduce for_each_console_dev()
helper macro and convert current users to it.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Logical continuation of the change that brought console_devices_set() is
to unify console_setfile() with it and replace in the callers.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
console_devices_set() missed the console device counter to be set correctly.
Fixes: 45375adc97 ("console: add function console_devices_set")
Cc: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
It's possible that NULLDEV can be disabled while it makes leftovers,
move entire device under #if.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Nobody is using stdio_deregister(), remove for good.
Note, even its parameters are not consistent with stdio_register().
So, if anyone want to introduce this again, better with some consistency.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Move gpio controller nodes from am33xx.dtsi to am33xx-l4.dtsi. Now both
files are more similar to those found in Linux 5.9-rc7. To be fully
operational as before it was also necessary to fix the am33xx-clock.dtsi
file. It too is now almost the same as the Linux kernel.
Signed-off-by: Dario Binacchi <dariobin@libero.it>
Since commit 6239cc8c4e ("arm: dts: k3-j7200: Sync Linux v5.11-rc6 dts
into U-Boot") ranges have been added to CPSW node which results in
U-Boot CPSW driver failing to acquire phy_gmii_sel register range and
thus failing to configure GMII mode correctly.
Fix this by deleting ranges in -u-boot-dtsi just like its done for other
K3 platforms.
Fixes: 6239cc8c4e ("arm: dts: k3-j7200: Sync Linux v5.11-rc6 dts into U-Boot")
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Using unit addresses in a FIT is a security risk. Add a check for this
and disallow it.
CVE-2021-27138
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
It is possible to construct a devicetree blob with multiple root nodes.
Update fdt_check_full() to check for this, along with a root node with an
invalid name.
CVE-2021-27097
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
Some strange modifications of the FIT can introduce security risks. Add an
option to check it thoroughly, using libfdt's fdt_check_full() function.
Enable this by default if signature verification is enabled.
CVE-2021-27097
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
At present this function does not accept a size for the FIT. This means
that it must be read from the FIT itself, introducing potential security
risk. Update the function to include a size parameter, which can be
invalid, in which case fit_check_format() calculates it.
For now no callers pass the size, but this can be updated later.
Also adjust the return value to an error code so that all the different
types of problems can be distinguished by the user.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
Add tests to check that these two attacks are mitigated by recent patches.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>