The documentation states that SPL is enabled in all config options
for the da850. This incorrect, because devices booting from NOR
do not need the SPL to do the low level initializion because when
booting from NOR, the board is able to execute in place (XIP)
This also clarifies that SPL isn't only used for booting from SPI,
because it is also used for booting from MMC and NAND for those
devices supporting those boot options.
Signed-off-by: Adam Ford <aford173@gmail.com>
We only request ring pairs via K3 DMA driver, switch to use the new
k3_ringacc_request_rings_pair() to simplify the code.
As a good side effect, all boot stages now use exposed RING mode which
avoid maintaining proxy mode for 32 bit R5 core.
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
In K3 UDMA architecture, RX rings are associated with RX flows rather
than RX channels, therefore move the ring pointers to udma_rflow struct
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Encapsulate channel configuration in a separate struct so as to ease
resetting of these fields with memset() and also to increase readability
of the code.
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
In preparation of adding more K3 SoCs, separate soc specific
initialization add a SoC specific initialization hook.
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Add new API k3_ringacc_request_rings_pair() to request pair of rings at
once, as in the most case Rings are used with DMA channels which required
to request pair of rings - one to feed DMA with descriptors (TX/RX FDQ) and
one to receive completions (RX/TX CQ). This will allow to simplify Ringacc
API users.
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Move the free, occ, windex and rinfex under a struct.
We can use memset to zero them and it will allow a cleaner way to extend
the variables for duplex rings.
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Sync DT bindings from kernel DT and move them to out of -u-boot.dtsi
files.
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Reviewed-by: Grygorii Strashko <grygorii.strashko@ti.com>
Update driver to use static PSIL endpoint Data instead of DT. This will
allow DT bindings to be in sync with kernel's DT.
Note that this patch breaks networking and OSPI boot as driver changes
are not backward compatible with existing DT. Subsequent commit will
update the DT to make it compatible with updated driver.
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Reviewed-by: Grygorii Strashko <grygorii.strashko@ti.com>
Much of PSIL endpoint configuration for a given SoC can be known at
compile time, therefore pass them for platform specific data instead of
DT.
Add per SoC's specific PSIL endpoint data. This is to bring driver in
sync with upstream DT.
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Reviewed-by: Grygorii Strashko <grygorii.strashko@ti.com>
As variable services are available at runtime we have to expect EFI_SUCCESS
when calling the services.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Saving UEFI variable as encoded U-Boot environment variables does not allow
implement run-time support.
Use a memory buffer for storing UEFI variables.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Saving UEFI variable as encoded U-Boot environment variables does not allow
support at runtime.
Provide functions to manage a memory buffer with UEFI variables.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
If the EFI_OPTIONAL_PTR is set in DebugDisposition, a NULL pointer does not
constitute an invalid parameter.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We need ConvertPointer() to adjust pointers when implementing runtime
services within U-Boot.
After ExitBootServices() gd is not available anymore. So we should not use
EFI_ENTRY() and EFI_EXIT().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Persist non-volatile UEFI variables in a file on the EFI system partition.
The file is written whenever a non-volatile UEFI variable is changed after
initialization of the UEFI sub-system.
The file is read during the UEFI sub-system initialization to restore
non-volatile UEFI variables.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In audit mode the UEFI variable SecureBoot is set to zero but the
efi_secure_boot flag is set to true.
The efi_secure_boot flag should match the UEFIvariable SecureBoot.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Set the read only property of the UEFI variables AuditMode and DeployedMode
conforming to the UEFI specification.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
According to the UEFI specification the variable VendorKeys is 1 if the
"system is configured to use only vendor-provided keys".
As we do not supply any vendor keys yet the variable VendorKeys must be
zero.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Do not change the value of parameter attributes in function
efi_set_variable_int(). This allows to use it later.
Do not use variable attr for different purposes but declare separate
variables (attr and old_attr).
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Simplify the implementation of the UEFI boot manager:
* avoid EFI_CALL for SetVariable() and GetVariable()
* remove unnecessary type conversions
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
UEFI variables OsIndicationsSupported, PlatformLangCodes should be read
only.
Avoid EFI_CALL() for SetVariable().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Separate the remaining UEFI variable API functions GetNextVariableName and
QueryVariableInfo() from internal functions implementing them.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Let the 'printenv -e' command display the read only flag.
If the variable is time authenticated write the time stamp.
Avoid EFI_CALL() when calling SetVariable() and GetVariable().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
We currently have two implementations of UEFI variables:
* variables provided via an OP-TEE module
* variables stored in the U-Boot environment
Read only variables are up to now only implemented in the U-Boot
environment implementation.
Provide a common interface for both implementations that allows handling
read-only variables.
As variable access is limited to very few source files put variable
related definitions into new include efi_variable.h instead of efi_loader.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Allocated tmpbuf_cluster dynamically to reduce the data size added by
compiling with CONFIG_FAT_WRITE.
Reported-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Commit 1b6c08548c ("efi_loader: image_loader: replace debug to
EFI_PRINT") leads to a build warning on 32bit systems:
lib/efi_loader/efi_image_loader.c: In function ‘efi_image_parse’:
include/efi_loader.h:123:8: warning: format ‘%lu’ expects argument
of type ‘long unsigned int’, but argument 8 has
type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]
Use %zu for printing size_t.
Fixes: 1b6c08548c ("efi_loader: image_loader: replace debug to
EFI_PRINT")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
There's 2 variables in efi_get_next_variable_name() checking the size of
the variable name. Let's get rid of the reduntant definition and
simplitfy the code a bit.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This function will be used to implement public_key_verify_signature()
in a later patch. rsa_verify() is not suitable here because calculation
of message digest is not necessary.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signature database (db or dbx) may have not only certificates that contain
a public key for RSA decryption, but also digests of signed images.
In this test case, if database has an image's digest (EFI_CERT_SHA256_GUID)
and if the value matches to a hash value calculated from image's binary,
authentication should pass in case of db, and fail in case of dbx.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Use defined time stamps for sign-efi-sig-list.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
In this test case, an image is signed multiple times with different
keys. If any of signatures contained is not verified, the whole
authentication check should fail.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Provide a defined time stamp for dbx_hash1.auth.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Revocation database (dbx) may have not only certificates, but also
message digests of certificates with revocation time
(EFI_CERT_X509_SHA256_GUILD).
In this test case, if the database has such a digest and if the value
matches to a certificate that created a given image's signature,
authentication should fail.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Set defined time stamp for dbx_hash.auth.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Split the existing test case-1 into case1 and a new case-2:
case-1 for non-SecureBoot mode; case-2 for SecureBoot mode.
In addition, one corner case is added to case-2; a image is signed
but a corresponding certificate is not yet installed in "db."
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Python's autopep8 can automatically correct some of warnings from pylint
and rewrite the code in a pretty print format. So just do it.
Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
In case that a type of certificate in "db" or "dbx" is
EFI_CERT_X509_SHA256_GUID, it is actually not a certificate which contains
a public key for RSA decryption, but a digest of image to be loaded.
If the value matches to a value calculated from a given binary image, it is
granted for loading.
With this patch, common digest check code, which used to be used for
unsigned image verification, will be extracted from
efi_signature_verify_with_sigdb() into efi_signature_lookup_digest(), and
extra step for digest check will be added to efi_image_authenticate().
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
A signed image may have multiple signatures in
- each WIN_CERTIFICATE in authenticode, and/or
- each SignerInfo in pkcs7 SignedData (of WIN_CERTIFICATE)
In the initial implementation of efi_image_authenticate(), the criteria
of verification check for multiple signatures case is a bit ambiguous
and it may cause inconsistent result.
With this patch, we will make sure that verification check in
efi_image_authenticate() should pass against all the signatures.
The only exception would be
- the case where a digest algorithm used in signature is not supported by
U-Boot, or
- the case where parsing some portion of authenticode has failed
In those cases, we don't know how the signature be handled and should
just ignore them.
Please note that, due to this change, efi_signature_verify_with_sigdb()'s
function prototype will be modified, taking "dbx" as well as "db"
instead of outputing a "certificate." If "dbx" is null, the behavior would
be the exact same as before.
The function's name will be changed to efi_signature_verify() once
current efi_signature_verify() has gone due to further improvement
in intermediate certificates support.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
There are a couple of occurrences of hash calculations in which a new
efi_hash_regions will be commonly used.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Since the size check against an entry in efi_search_siglist() is
incorrect, this function will never find out a to-be-matched certificate
and its associated revocation time in the signature list.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>