Add a new OS type to be used for chain-loading an EFI compatible
firmware or boot loader like GRUB2, possibly in a verified boot
scenario.
Bellow is sample ITS file that generates a FIT image supporting
secure boot. Please note the presence of 'os = "efi";' line, which
identifies the currently introduced OS type:
/ {
#address-cells = <1>;
images {
efi-grub {
description = "GRUB EFI";
data = /incbin/("bootarm.efi");
type = "kernel_noload";
arch = "arm";
os = "efi";
compression = "none";
load = <0x0>;
entry = <0x0>;
hash-1 {
algo = "sha256";
};
};
};
configurations {
default = "config-grub";
config-grub {
kernel = "efi-grub";
signature-1 {
algo = "sha256,rsa2048";
sign-images = "kernel";
};
};
};
};
Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
These functions are CPU-related and do not use driver model. Move them to
cpu_func.h
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add a header file to house the lz4 compression function. Add a comment
while we are here, since it not even clear from the name what the function
actuall does.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Drop inclusion of crc.h in common.h and use the correct header directly
instead.
With this we can drop the conflicting definition in fw_env.h and rely on
the crc.h header, which is already included.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
The default CSF_SIZE defined in Kconfig is too high and SPL cannot
fit into the OCRAM in certain cases.
The CSF cannot achieve 0x2000 length when using RSA 4K key which is
the largest key size supported by HABv4.
According to AN12056 "Encrypted Boot on HABv4 and CAAM Enabled Devices"
it's recommended to pad CSF binary to 0x2000 and append DEK blob to
deploy encrypted boot images.
As the maximum DEK blob size is 0x58 we can reduce CSF_SIZE to 0x2060
which should cover both CSF and DEK blob length.
Update default_image.c and image.c to align with this change and avoid
a U-Boot proper authentication failure in HAB closed devices:
Authenticate image from DDR location 0x877fffc0...
bad magic magic=0x32 length=0x6131 version=0x38
bad length magic=0x32 length=0x6131 version=0x38
bad version magic=0x32 length=0x6131 version=0x38
spl: ERROR: image authentication fail
Fixes: 96d27fb218 (Revert "habv4: tools: Avoid hardcoded CSF size for SPL targets")
Reported-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Currently it's not possible to authenticate the U-Boot proper of
mx6ul_14x14_evk_defconfig target:
Authenticate image from DDR location 0x877fffc0...
bad magic magic=0x0 length=0x00 version=0x3
bad length magic=0x0 length=0x00 version=0x3
bad version magic=0x0 length=0x00 version=0x3
spl: ERROR: image authentication fail
Commit 0633e13478 ("imx: hab: Increase CSF_SIZE for i.MX6 and
i.MX7 devices") has increased CSF_SIZE to avoid a possible issue
when booting encrypted boot images.
Commit d21bd69b6e ("tools: mkimage: add firmware-ivt image type
for HAB verification") is hardcoding the CSF and IVT sizes, the
new CSF size is not being considered and u-boot-ivt.img fails to
boot.
Avoid hardcoded CSF and IVT size to fix this issue.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Microblaze as Arm is using multiple memory banks which are read from DT
that's why there is a need to initialized LMB based on bd->bi_dram[].
Without this fix memory base/size is all the time 0 and image relocation is
not possible.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Define new image type for coprocessor images.
It is used in FIT to identify the files loaded
with remoteproc command (elf or bin).
Signed-off-by: Loic Pallardy <loic.pallardy@st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
RISC-V OpenSBI is an open-source implementation of the RISC-V Supervisor
Binary Interface (SBI) specification. It is required by Linux and U-Boot
running in supervisor mode. This patch adds support for booting via the
OpenSBI FW_DYNAMIC firmware. It supports OpenSBI version 0.4 and higher.
In this configuration, U-Boot SPL starts in machine mode. After loading
OpenSBI and U-Boot proper, it will start OpenSBI. All necessary
parameters are generated by U-Boot SPL and are passed to OpenSBI. U-Boot
proper is started in supervisor mode by OpenSBI. Support for OpenSBI is
enabled with CONFIG_SPL_OPENSBI. An additional configuration entry,
CONFIG_SPL_OPENSBI_LOAD_ADDR, is used to specify the load address of the
OpenSBI firmware binary. It is not used directly in U-Boot and instead
is intended to make the value available to scripts such as FIT
configuration generators.
The header file include/opensbi.h is based on header files from the
OpenSBI project. They are recent, as of commit bae54f764570 ("firmware:
Add fw_dynamic firmware").
Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
This header file is now only used by files that access internal
environment features. Drop it from various places where it is not needed.
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
As part of the effort to remove things from common.h, create a new header
for the gzip functions. Move the function declarations to it and add
missing documentation.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Upcoming patches want to add decompression to use cases that are no
longer directly related to booting. It makes sense to retain a single
decompression routine, but it should no longer be in bootm.c (which is
not compiled for all configurations). This patch moves
bootm_decomp_image() to image.c and renames it to image_decomp() in
preparation of those upcoming patches.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
[trini: Fix warning around handle_decomp_error being unused]
Signed-off-by: Tom Rini <trini@konsulko.com>
The name CONFIG_LEGACY_IMAGE_FORMAT reads slightly better along with
allowing us to avoid a rather nasty Kbuild/Kconfig issue down the line
with CONFIG_IS_ENABLED(IMAGE_FORMAT_LEGACY). In a few places outside of
cmd/ switch to using CONFIG_IS_ENABLED() to test what is set.
Signed-off-by: Tom Rini <trini@konsulko.com>
It works perfectly fine to boot an Android boot.img with bootm command
followed by an explicit address argument that holds the image. But if
we have boot.img downloaded into default 'loadaddr', and then boot it
using bootm command without the address argument, we will run into
problem, because U-Boot fails to find ramdisk and fdt (second area) in
boot.img.
The current Android image support assumes there is always an address
argument on bootm command. However just like booting any other images,
'loadaddr' should be used when address argument is missing from bootm
command. It patches boot_get_ramdisk() and boot_get_fdt() a bit to
support this quite common usage of bootm command for Android image.
Signed-off-by: Shawn Guo <shawn.guo@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
i.MX8M bootable image type is like i.MX6/7, but there is signed HDMI
firmware image in front of A53 bootable image, which is also has an IVT
header.
Here we also include fit image to generate a bootable image.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Stefano Babic <sbabic@denx.de>
This patch adds support for MTK boot image generation.
Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
i.MX8/8X bootable image type is container type.
The bootable image, containers a container set which supports two
container. The 1st container is for SECO firmware, the 2nd container
needs to include scfw, m4_0/1 image, ACore images per your requirement.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
microblaze:
- Align defconfig
zynq:
- Rework fpga initialization and cpuinfo handling
zynqmp:
- Add ZynqMP R5 support
- Wire and enable watchdog on zcu100-revC
- Setup MMU map for DDR at run time
- Show board info based on DT and cleanup IDENT_STRING
zynqmp tools:
- Add read partition support
- Add initial support for Xilinx bif format for boot.bin generation
mmc:
- Fix get_timer usage on 64bit cpus
- Add support for SD3.0 UHS mode
nand-zynq:
- Add support for 16bit buswidth
- Use address cycles from onfi params
scsi:
- convert ceva sata to UCLASS_AHCI
timer:
- Add Cadence TTC for ZynqMP r5
watchdog:
- Minor cadence driver cleanup
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEABECAAYFAlr1ldMACgkQykllyylKDCHioACghoJw6+NqsZXl8zGWRP38yZ5K
mvgAnihfOQq125mpKPZmcc5yt6wVwYIU
=8ji9
-----END PGP SIGNATURE-----
Merge tag 'xilinx-for-v2018.07' of git://www.denx.de/git/u-boot-microblaze
Xilinx changes for v2018.07
microblaze:
- Align defconfig
zynq:
- Rework fpga initialization and cpuinfo handling
zynqmp:
- Add ZynqMP R5 support
- Wire and enable watchdog on zcu100-revC
- Setup MMU map for DDR at run time
- Show board info based on DT and cleanup IDENT_STRING
zynqmp tools:
- Add read partition support
- Add initial support for Xilinx bif format for boot.bin generation
mmc:
- Fix get_timer usage on 64bit cpus
- Add support for SD3.0 UHS mode
nand-zynq:
- Add support for 16bit buswidth
- Use address cycles from onfi params
scsi:
- convert ceva sata to UCLASS_AHCI
timer:
- Add Cadence TTC for ZynqMP r5
watchdog:
- Minor cadence driver cleanup
The officially described way to generate boot.bin files for ZynqMP is to
describe the contents of the target binary using a file of the "bif"
format. This file then links to other files that all get packed into a
bootable image.
This patch adds support to read such a .bif file and generate a respective
ZynqMP boot.bin file that can include the normal image and pmu files, but
also supports image partitions now. This makes it a handy replacement for
the proprietary "bootgen" utility that is currently used to generate
boot.bin files with FSBL.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Add support for the SoCFPGA header v1, which is used on Arria 10.
The layout of the v0 and v1 header is similar, yet there are a few
differences which make it incompatible with previous v0 header, so
add a new entry.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Dinh Nguyen <dinguyen@kernel.org>
Cc: Chin Liang See <chin.liang.see@intel.com>
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.
In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.
This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.
Signed-off-by: Tom Rini <trini@konsulko.com>
Add riscv uimage arch to support riscv-linux booting.
It can Convert riscv-linux to image which can be
booted by bootm command.
Signed-off-by: Rick Chen <rick@andestech.com>
Signed-off-by: Rick Chen <rickchen36@gmail.com>
This patch adds a new type IH_OS_TEE. This new OS type will be used for
chain-loading to Linux via a TEE.
With this patch in-place you can generate a bootable OPTEE image like this:
mkimage -A arm -T kernel -O tee -C none -d tee.bin uTee.optee
where "tee.bin" is the input binary prefixed with an OPTEE header and
uTee.optee is the output prefixed with a u-boot wrapper header.
This image type "-T kernel -O tee" is differentiated from the existing
IH_TYPE_TEE "-T tee" in that the IH_TYPE is installed by u-boot (flow
control returns to u-boot) whereas for the new IH_OS_TEE control passes to
the OPTEE firmware and the firmware chainloads onto Linux.
Andrew Davis gave the following ASCII diagram:
IH_OS_TEE: (mkimage -T kernel -O tee)
Non-Secure Secure
BootROM
|
-------------
|
v
SPL
|
v
U-Boot ------>
<----- OP-TEE
|
V
Linux
IH_TYPE_TEE: (mkimage -T tee)
Non-Secure Secure
BootROM
|
-------------
|
v
SPL ------->
<----- OP-TEE
|
v
U-Boot
|
V
Linux
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Suggested-by: Andrew F. Davis <afd@ti.com>
Cc: Harinarayan Bhatta <harinarayan@ti.com>
Cc: Andrew F. Davis <afd@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Peng Fan <peng.fan@nxp.com>
Link: http://mrvan.github.io/optee-imx6ul
STM32MP157 bootrom needs a specific header for first boot stage.
This patch adds support of this header in mkimage.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Thomas reported U-Boot failed to build host tools if libfdt-devel
package is installed because tools include libfdt headers from
/usr/include/ instead of using internal ones.
This commit moves the header code:
include/libfdt.h -> include/linux/libfdt.h
include/libfdt_env.h -> include/linux/libfdt_env.h
and replaces include directives:
#include <libfdt.h> -> #include <linux/libfdt.h>
#include <libfdt_env.h> -> #include <linux/libfdt_env.h>
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
When booting a itb file with a Ramdisk on a imx6 based
board, U-Boot drops the warning:
Loading Kernel Image ... OK
Loading Ramdisk to 4ecf1000, end 4ef8b11f ... \
CACHE: Misaligned operation at range [4ecf1000, 4ef8b11f]
Fix it!
Signed-off-by: Heiko Schocher <hs@denx.de>
Tested-by: Ayoub Zaki <hs@denx.de>
This drops the limit that fpga is only loaded from FIT images for Xilinx.
This is done by moving the 'partial' check from 'common/image.c' to
'drivers/fpga/xilinx.c' (the only driver supporting partial images yet)
and supplies a weak default implementation in 'drivers/fpga/fpga.c'.
Signed-off-by: Simon Goldschmidt <sgoldschmidt@de.pepperl-fuchs.com>
Tested-by: Michal Simek <michal.simek@xilinx.com> (On zcu102)
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
This does not appear to be used by any boards. Before introducing a new
log system, remove this old one.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
To boot on ARMv8 systems with ARM Trusted Firmware, we need to
assemble an ATF-specific parameter structure and also provide the
address of the images started by ATF (e.g. BL3-3, which may be the
full U-Boot).
To allow us to identify an ARM Trusted Firmware contained in a FIT
image, this adds the necessary definitions.
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Removal of the legacy DataFlash code turned genimg_get_image() into a
no-op. Drop all calls to it and the function itself.
Signed-off-by: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
Last user of this option went away in commit:
fdc7718999 ("board: usb_a9263: Update to support DT and DM")
Signed-off-by: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
We are now using an env_ prefix for environment functions. Rename these
other functions as well, for consistency:
getenv_vlan()
getenv_bootm_size()
getenv_bootm_low()
getenv_bootm_mapsize()
env_get_default()
Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
We are now using an env_ prefix for environment functions. Rename these
two functions for consistency. Also add function comments in common.h.
Quite a few places use getenv() in a condition context, provoking a
warning from checkpatch. These are fixed up in this patch also.
Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
IEC 80000-13:2008 Quantities and units
Part 13: Information science and technology
defines the prefixes to use for binary multiples.
So instead of writing
Data Size: 6726132 Bytes = 6568.49 kB = 6.41 MB
in dumpimage we should write
Data Size: 6726132 Bytes = 6568.49 KiB = 6.41 MiB.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In 35fc84f, bootm was refactored so plain 'bootm' and
'bootm <subcommand>' shared a common implementation.
The 'bootm ramdisk' command implementation is now part of the common
implementation but not invoke by plain 'bootm' since the original
implementation never did ramdisk relocation. Instead, ramdisk
relocation happened in image_setup_linux() which is typically called
during the OS portion of 'bootm'.
On ARM, parameters to the Linux kernel can either be passed by FDT or
ATAGS. When using FDT, image_setup_linux() is called which also triggers
ramdisk relocation. When using ATAGS, image_setup_linux() is _not_
called because it mostly does FDT setup.
Instead of calling image_setup_linux() in both FDT and ATAGS cases,
include BOOTM_STATE_RAMDISK in the requested states during a plain
'bootm' if CONFIG_SYS_BOOT_RAMDISK_HIGH is set and remove the ramdisk
relocation from image_setup_linux(). This causes ramdisk relocation to
happen on any system where CONFIG_SYS_BOOT_RAMDISK_HIGH regardless of
the OS being booted. Also remove IMAGE_ENABLE_RAMDISK_HIGH as it was
only used by the now-removed code from image_setup_linux().
Signed-off-by: Rick Altherr <raltherr@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
When we want to use Secure Boot with HAB from SPL over U-Boot.img,
we need to append the IVT to the image and leave space for the CSF.
Images generated as firmware_ivt can directly be signed using the
Freescale code signing tool. For creation of a CSF, mkimage outputs
the correct HAB Blocks for the image.
The changes to the usual firmware image class are quite small,
that is why I implemented that directly into the default_image.
Cc: sbabic@denx.de
v2-Changes: None
Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
Tested-by: George McCollister <george.mccollister@gmail.com>
Stop boot process if fpga programming fails.
Without this patch boot process continues even if fpga programming
failed.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a new image type representing Trusted Execution Environment (TEE)
image types. For example, an OP-TEE OS binary image.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
To help automate the loading of custom image types we add the ability
to define custom handlers for the loadable section types. When we find
a compatible type while loading a "loadable" image from a FIT image we
run its associated handlers to perform any additional steps needed for
loading this image.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Coverity complains that this can overflow. If we later increase the size
of one of the strings in the table, it could happen.
Adjust the code to protect against this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Coverity (CID: 150964)
These have now landed upstream. The naming is different and in one case the
function signature has changed. Update the code to match.
This applies the following upstream commits by
Thierry Reding <treding@nvidia.com> :
604e61e fdt: Add functions to retrieve strings
8702bd1 fdt: Add a function to get the index of a string
2218387 fdt: Add a function to count strings
Signed-off-by: Simon Glass <sjg@chromium.org>
This format can be flashed directly at address 0 of
the NAND FLASH, as it contains all necessary headers.
Signed-off-by: Albert ARIBAUD (3ADEV) <albert.aribaud@3adev.fr>
Now, arch/${ARCH}/include/asm/errno.h and include/linux/errno.h have
the same content. (both just wrap <asm-generic/errno.h>)
Replace all include directives for <asm/errno.h> with <linux/errno.h>.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
[trini: Fixup include/clk.]
Signed-off-by: Tom Rini <trini@konsulko.com>
Commit bac17b78da ("image-fit: switch ENOLINK to ENOENT") changed
fit_get_node_from_config to return -ENOENT when a property doesn't
exist, but didn't change any of its callers which check return values.
Notably it didn't change boot_get_ramdisk, which leads to U-Boot failing
to boot FIT images which don't include ramdisks with the following
message:
Ramdisk image is corrupt or invalid
It also didn't take into account that by returning -ENOENT to denote the
lack of a property we lost the ability to determine from the return
value of fit_get_node_from_config whether it was the property or the
configuration node that was missing, which may potentially lead callers
to accept invalid FIT images.
Fix this by having fit_get_node_from_config return -EINVAL when the
configuration node isn't found and -ENOENT when the property isn't
found, which seems to make semantic sense. Callers that previously
checked for -ENOLINK are adjusted to check for -ENOENT, which fixes the
breakage introduced by commit bac17b78da ("image-fit: switch ENOLINK
to ENOENT").
The only other user of the return fit_get_node_from_config return value,
indirectly, is bootm_find_os which already checked for -ENOENT. From a
read-through of the code I suspect it ought to have been checking for
-ENOLINK prior to bac17b78da ("image-fit: switch ENOLINK to ENOENT")
anyway, which would make it right after this patch, but this would be
good to get verified by someone who knows this x86 code or is able to
test it.
Signed-off-by: Paul Burton <paul.burton@imgtec.com>
Cc: Jonathan Gray <jsg@jsg.id.au>
Cc: Marek Vasut <marex@denx.de>
Acked-by: Marek Vasut <marex@denx.de>
Acked-by: Stefan Roese <sr@denx.de>
Acked-by: George McCollister <george.mccollister@gmail.com>
Tested-by: George McCollister <george.mccollister@gmail.com>
The Xtensa processor architecture is a configurable, extensible,
and synthesizable 32-bit RISC processor core provided by Cadence.
This is the first part of the basic architecture port with changes to
common files. The 'arch/xtensa' directory, and boards and additional
drivers will be in separate commits.
Signed-off-by: Chris Zankel <chris@zankel.net>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>