The pkcs7 header parsing functionality is pretty generic, and can be
used by other features like capsule authentication. Make the function
an extern, also changing it's name to efi_parse_pkcs7_header
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Prior to writing to an mtd device, mtd_erase is called. This call
fails in case the sector being erased is locked. Call mtd_unlock to
unlock the region which is to be erased and later written to. Lock the
region once the write to the region has completed.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
When building the capsule using scripts in edk2, a fmp header is
added on top of the binary payload. Add logic to detect presence of
the header. When present, the pointer to the image needs to be
adjusted as per the size of the header to point to the actual binary
payload.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
The fsp_types.h header file contains macros for building signatures of
different widths. These signature macros are architecture agnostic,
and can be used in all places which use signatures in a data
structure. Move and rename the fsp_types.h under the common include
header.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
The dfu framework uses the dfu_alt_info environment variable to get
information that is needed for performing the firmware update. Add
logic to set the dfu_alt_info for the qemu arm64 platform to reflect
the two mtd partitions created for the u-boot env and the firmware
image. This can be subsequently extended for other qemu architectures
which need this variable set.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Add support for setting the default values for mtd partitions on the
platform. This would be used for updating the firmware image using
uefi capsule update with the dfu mtd backend driver.
Currently, values have been defined for the qemu arm64 platform, with
default values defined for the mtd partitions based on the NOR
flash. This can be subsequently extended for other qemu architectures
which need mtdparts set.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
RFC 2315 Section 9.3 describes the message digesting process. The
digest calculated depends on whether the authenticated attributes are
present. In case of a scenario where the authenticated attributes are
present, the message digest that gets signed and is part of the pkcs7
message is computed from the auth attributes rather than the contents
field.
Check if the auth attributes are present, and if set, use the auth
attributes to compute the hash that would be compared with the
encrypted hash on the pkcs7 message.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
On the qemu arm platform, the virtio devices are initialised in the
board_init function, which gets called before the initr_pci. With
this sequence, the virtio block devices on the pci bus are not
initialised. Move the initialisation of the virtio devices to
board_late_init which gets called after the call to initr_pci.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Add options for embedding the public key esl(efi signature list) file
to the platform's dtb. The esl file is then retrieved and used for
authenticating the capsule to be used for updating firmare components
on the platform.
The esl file can now be embedded in the dtb by invoking the following
command
mkeficapsule -K <pub_key.esl> -D <dtb>
In the scenario where the esl file is to be embedded in an overlay,
this can be done through the following command
mkeficapsule -O -K <pub_key.esl> -D <dtb>
This will create a node named 'signature' in the dtb, and the esl file
will be stored as 'capsule-key'
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
When a new event is queued we have to process the event queue by calling
efi_process_event_queue(). But there is not reason to call the function
when the event is not queueable.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Although the function description states the caller must provide a
sufficient buffer, it's better to have in function checks that the
destination buffer can hold the intended value.
So let's add an extra argument with the buffer size and check that
before doing any copying.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Up to now we install the EFI_LOAD_FILE2_PROTOCOL to load an initrd
unconditionally. Although we correctly return various EFI exit codes
depending on the file status (i.e EFI_NO_MEDIA, EFI_NOT_FOUND etc), the
kernel loader only falls back to the cmdline interpreted initrd if the
protocol is not installed.
This creates a problem for EFI installers, since they won't be able to
load their own initrd and start the installation.
A following patch introduces a different logic where we search for an
initrd path defined in an EFI variable named 'Initrd####'.
If the bootmgr is used to launch the EFI payload, we'll will try to match
the BootCurrent value and find the corresponding initrd
(i.e Boot0000 -> Initrd0000 etc). If the file is found, we'll install
the required protocol which the kernel's efi-stub can use and load our
initrd.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
dm.h and env.h serve no purpose here. Remove them and sort the
remaining in alphabetical order.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Do not use data from the loaded image object after deleting it.
Fixes: 126a43f15b ("efi_loader: unload applications upon Exit()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
load_options passed from do_efibootmgr() to do_bootefi_exec() may contain
invalid data from the stack which will lead to an invalid free().
Fixes: 0ad64007fe ("efi_loader: set load options in boot manager")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Up to now the escape key was not correctly detected in UEFI applications.
We had to hit it twice for a single escape to be recognized.
Use a 10 ms delay to detect if we are dealing with the escape key or an
escape sequence.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
IS_ENABLED() contains parentheses. But we should still put extra
parentheses around it in an if statement for readability.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The FAT file system does not have a UUID but a 4 byte volume ID.
Let the fsuuid command show it in XXXX-XXXX format.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The FAT filesystem implementation uses several marcros referring to a magic
variable name mydata which renders the code less readable. Eliminate one of
them which is only used for a debug() statement.
Use log_debug() instead of debug().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
When opening an OP-TEE session we need to check the internal return
value of OP-TEE call arguments as well the return code of the
function itself.
The code was also ignoring to close the OP-TEE session in case the
shared memory registration failed.
Fixes: f042e47e8f ("efi_loader: Implement EFI variable handling via OP-TEE")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Currently the size of the buffer to keep UEFI variables in memory is fixed
at 16384 bytes. This size has proven to be too small for some use cases.
Make the size of the memory buffer for UEFI variables customizable.
Reported-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The following errors in the UEFI sub-system are fixed:
* use after free in efi_exit()
* invalid free when using the boot manager
* pressing escape key once not recognized
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl/rIkAACgkQxIHbvCwF
GsTEEw/+KjnvH5+rDyacPjH2+NEejhtjCCFqdG1068Kl2fCnDOsPzlGT3E4NRZDd
WWZQIvnARCgEs2JcIFi2xDs++djHpBMG+VjErOY5miRCqp2ysZn6tvTGebG29hqV
vofRT85ZGg8A/Ag8JtidiKGBmwrMWdz21Bl+kBuU4Lmcoed3Avii++AHCrB/k1Jv
7nrnXJKwhijkJLx6xhuLX2kOq/QcO5Ey0Ht3+dgP8FRHGTiDp8s+blyIcz+Q3tk5
ts5k63Uc1Ey3f+xezzMEw7Y0I3ALKXwArLsdqvCDdECpbER7qvpO1Q6TaCzQrpG2
VH0tGt3Ngpj3betiRu4E1f/0HarZP+Rhafzf4NiAr2HzlY28VI9ZOipz45pf/b3K
jBsaFYlNTJrWvbi9mBRH3QgvWBLBMzINQaE3fb3YHMvKsf1sELlRzThaDmIwKrMP
CHnSujGk4A57vNmCa0yJpO0ebLfCk/iXd6WdULlWql2lzzOobdkf/0eGYNodEc6/
k31SmMgqJ/G9W+Wujk+bIUzpYmokpbVX7gP4QWiA/itIPCV+T6MXa7hH8G3lytE3
17FtDRGDFgrjZ0oV4LfhWyw3VlESn4jekR2+RdRHvdc7fcIX+URYylGn12W+gc2y
dErKqNsLhybJDC6G6cMf7wauJiJSXakQ8a05G+EgoSh+lJ5d9b8=
=W6EE
-----END PGP SIGNATURE-----
Merge tag 'efi-2021-01-rc5-2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2021-01-rc5 (2)
The following errors in the UEFI sub-system are fixed:
* use after free in efi_exit()
* invalid free when using the boot manager
* pressing escape key once not recognized
Do not use data from the loaded image object after deleting it.
Fixes: 126a43f15b ("efi_loader: unload applications upon Exit()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
load_options passed from do_efibootmgr() to do_bootefi_exec() may contain
invalid data from the stack which will lead to an invalid free().
Fixes: 0ad64007fe ("efi_loader: set load options in boot manager")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Up to now the escape key was not correctly detected in UEFI applications.
We had to hit it twice for a single escape to be recognized.
Use a 10 ms delay to detect if we are dealing with the escape key or an
escape sequence.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
IS_ENABLED() contains parentheses. But we should still put extra
parentheses around it in an if statement for readability.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This reverts commit 828d326216.
This change revers code which asserting PERST# signal when unloading
driver. Driver's remove callback is still there as it is used for other
functionality.
Asserting PERST# signal prior booting kernel is causing that A3720 boards
(Turris MOX and Espressobin) with stable Linux kernel versions 4.14 and
4.19 are not able to detect some PCIe cards (e.g. Compex WLE200 and WLE900)
and anymore. When PERST# signal is not asserted these cards are detected
correctly. As this is regression for existing stable Linux kernel versions
revert this problematic change in U-Boot.
To make cards working with OpenWRT 4.14 kernel it is needed to disable link
training prior booting kernel, which is already done in driver's remove
callback.
Described issue is in Linux kernel pci aardvark driver which is (hopefully)
fixed in latest upstream versions. Latest upstream versions should be able
to initialize PCIe bus and detects cards independently of the link training
and PERST# signal state.
So with this change, U-Boot on A3720 boards should be able to boot OpenWRT
4.14 kernel, stable 4.14 and 4.19 kernels and also latest mainline kernels.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
For correct spi bus detection the spi0 alias is needed in the DT.
Otherwise this error will ocurr in U-Boot:
Invalid bus 0 (err=-19)
Failed to initialize SPI flash at 0:0 (error -19)
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Dennis Gilmore <dgilmore@redhat.com>
Tested-by: Dennis Gilmore <dgilmore@redhat.com>
Add some missing "u-boot,dm-pre-reloc;" properties to UART0, SPI
controller and SPI NOR flash node to enable usage in SPL. Otherwise
these devices will not be available.
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Dennis Gilmore <dgilmore@redhat.com>
Tested-by: Dennis Gilmore <dgilmore@redhat.com>
Use 0x%2lx to print the i2c bus base address in hexadecimal format
instead of printing as an integer.
Signed-off-by: Marc Ferland <ferlandm@amotus.ca>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Use %u and not %d for unsigned values.
Print kHz and not khz.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
The dart6ul has an i2c eeprom at 0x50 which contains, among other
things, the manufacturing/revision/options info of the SoM. This patch
replaces the current checkboard() implementation with a more
exhaustive one based on the content of the eeprom.
Since this code uses the new driver model, some changes were also
required in the DTS to make the nodes related to i2c available before
relocation.
This code was inspired from the supported u-boot code from Variscite
which can be found here:
https://github.com/varigit/uboot-imx/tree/imx_v2018.03_4.14.78_1.0.0_ga_var02
New output example:
Board: PN: VSM-6UL-705B, Assy: AS1812142257, Date: 2019 Feb 17
Storage: eMMC, Wifi: yes, DDR: 1024 MiB, Rev: 2.4G
Signed-off-by: Marc Ferland <ferlandm@amotus.ca>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
The eeprom at address 0x50 is a BR24G04NUX-3TTR. It has a
4Kbit (512x8) capacity, change the compatible string to reflect this
fact.
Also, add an alias to easily refer to this eeprom with
fdt_path_offset() which will be in another commit.
Signed-off-by: Marc Ferland <ferlandm@amotus.ca>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Hand over maintainership of Toradex SoMs (that I was responsible of) to
Oleksandr because of my resignation from Toradex, as such I will
have no immediate involvement with these modules and as a result not
able to continue maintaining these boards.
CC: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@toradex.com>
Reviewed-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
Acked-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
When booting imx8mp-evk the following allocation error
message is seen:
U-Boot 2021.01-rc3-00200-ge668bec96a5f (Dec 21 2020 - 14:36:42 -0300)
alloc space exhausted
Fix it by increasing CONFIG_SYS_MALLOC_F_LEN to 0x10000 like it
is done on other i.MX8MM/8MN boards.
Reported-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Tested-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Calling ahab_close cmd force the user to interact for confirmation.
This is not user-friendly when using this cmd during factory process.
Allow the user to pass '-y' option to bypass this confirmation.
Signed-off-by: Clément Péron <peron.clem@gmail.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Acked-by: Oliver Graute <oliver.graute@kococonnector.com>
The current PHY rework does the following things:
1. Configure 125MHz clock
2. Setup the TX clock delay (RX is enabled by default),
3. Setup reserved bits to avoid voltage peak
The clock delays are nowadays already configured by the
PHY driver (in ar803x_delay_config). The code for that
can simply be dropped. The clock speed can also be
configured by the PHY driver by adding the device tree
property "qca,clk-out-frequency".
What is left is setting up the undocumented reserved bits
to avoid the voltage peak problem. I slightly improved its
documentation while updating the board's PHY rework code.
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Instead of hardcoding index magic numbers in the board code,
also rely on board_fit_config_name_match choosing the right
config for the fitImage containing the kernel.
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
* In the Standalone MM based implementation of UEFI variables
check the internal OP-TEE return code
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl/nI30ACgkQxIHbvCwF
GsRmxRAAidqMs2iLFE+Q0hulVD7wk0Wo1c+NfkT/ivO76Ea6vwq02d4sIvzz1c3J
L+YFzsmOQ0HzT80EYQF7l2eIzKeCebzQMygAQMAo4ZZl7HuMJXGV1z63JrTrHPMa
YdzKz6Ogvsv90c5GYCVPMd9p3kfEBQ9IPrSZHDOK0XC4V4Qk1g9PKoF0sQOrtDuw
ESkf1wCkoLdqrAIL77pfvraUUt3V7NY4LrHy9AbNj+uh2VIZLQiV0rfg4LzYhEsz
NFZawHRYT+Hle3GbA3O+hhIH404/ltoen6ERalfa8JNWpnOOgrW/MGkwtYbG1BE7
Fqthiun6Snko/Do5KjlH4LxHXgIWB2QMJjj3VUsX/GQDTharHOVn0ZBkj6ZKun/p
jiqh8Mhxr5OmcLjWM3I+2/N0BY7Y0KnAi8Ny1V49L6aEJSnNWmDQl54LA3f9wEKB
d3a3+wW+0WjjfstICier21XSiANm+AUnW8lMUnHT/QHKtoETp4Ui/q9LNisJHUBz
JnIPbeAhxdvEL/GRurCESFFVavZ7rajvaJ7V0sHrU2ANejVRhWUd7u0PgNNL2yiy
0r7dhM/xe/ecb8jH1iAV5hbY1Q9xtDSxUMBUAB06IlNojePZ9jW/xbti/yJ5R+ec
fmwglVYQxSOxGU3dd/U430kEfCfvP+5qykv+GTz6nRBNSUz2eGQ=
=yIz4
-----END PGP SIGNATURE-----
Merge tag 'efi-2021-01-rc5' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2021-01-rc5
* In the Standalone MM based implementation of UEFI variables
check the internal OP-TEE return code
When opening an OP-TEE session we need to check the internal return
value of OP-TEE call arguments as well the return code of the
function itself.
The code was also ignoring to close the OP-TEE session in case the
shared memory registration failed.
Fixes: f042e47e8f ("efi_loader: Implement EFI variable handling via OP-TEE")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add a host_build() function, so that it's possible to
check for software being build with USE_HOSTCC without
relying on preprocessor conditions. In other words
#ifdef USE_HOSTCC
host_only_code();
#endif
can be written like this instead:
if (host_build())
host_only_code();
This improves code readability and test coverage and
compiler will eleminate this unreachable code.
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
After the conversion to device tree the board information becomes
redundant:
Model: Freescale i.MX6 Quad Plus SABRE Smart Device Board
Board: MX6-SabreSD
Remove the printing of the board information.
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
i.MX8M series includes support for high speed modes in uSDHC controllers.
Turn on corresponding configuration options for EVK boards, which would
enable high speed modes to be included in U-Boot.
Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
i.MX8M series provide support for high speed grades in their
usdhc controllers, which has eMMC and SDHC connected to them.
Enable this support across the entire i.MX8M family by providing quirks
to usdhc controllers designated by storage media connected to them.
Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Ye Li <ye.li@nxp.com>