Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building
RSA functions from FIT verification and allow for adding a RSA-based
signature verification for other file formats, in particular PE file
for UEFI secure boot.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
The default value of CONFIG_SYS_MALLOC_F_LEN (0x400)
leaves U-Boot with not enough memory to load i2c driver
before relocate, causing it to hang.
Change the default value of CONFIG_SYS_MALLOC_F_LEN
for below SoCs,
- LS1012A
- LS1021A
- LS1043A
- LS1046A
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
This commit add the support of encrypting image with aes
in mkimage. To enable the ciphering, a node cipher with
a reference to a key and IV (Initialization Vector) must
be added to the its file. Then mkimage add the encrypted
image to the FIT and add the key and IV to the u-boot
device tree.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Follow i.MX, Sunxi, RISC-V and Rockchip to generate u-boot.itb which
includes U-Boot proper, ATF and DTBs in FIT format. ZynqMP supports FIT for
quite a long time but with using out of tree solution. The patch is filling
this gap.
Tested on zcu102, zcu104 and zcu100/Ultra96.
zcu100/Ultra96 v2.2 ATF build by:
make DEBUG=0 ZYNQMP_CONSOLE=cadence1 RESET_TO_BL31=1 PLAT=zynqmp bl31
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
If the node describing an overlay does not specify a load address, it will
be loaded at the address previously used.
Fixing it by allocating a temporary buffer that will be used as a
default load address. By default, the size of the buffer is 64kB which
should be plenty for most use cases.
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
doc/uImage.FIT/overlay-fdt-boot.txt is describing how to create FIT
image with DT overlays in it.
Add support for this feature to SPL.
Here is the ZynqMP fragment where dtb points to full DT and dtbo is
overlay which should be applied on the top of dtb.
config {
description = "ATF with full u-boot overlay";
firmware = "atf";
loadables = "uboot";
fdt = "dtb", "dtbo";
};
The whole feature depends on OF_LIBFDT_OVERLAY which is adding +4kB code
and 0 for platforms which are not enabling this feature.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Jean-Jacques Hiblot <jjhiblot@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The existing work-around for positioning U-Boot in the ROM when it
actually runs from RAM still exists and there is not obvious way to change
this.
Add a proper Kconfig option to handle this case. This also adds a new bool
property to indicate whether CONFIG_SYS_TEXT_BASE exists.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Extract all sysboot command related code from pxe.c to new sysboot.c
Update Kconfig to insure that DISTRO_DEFAULT select new CMD_SYSBOOT
command.
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
For all the Rockchip SoCs with SPL_LOAD_FIT enable, we need to build
u-boot.itb with U-Boot proper and ATF/OPTEE.
All the Rockchip boards with SPL_LOAD_FIT now supports FIT generator to
get ATF/OPTEE binary path from environment and pass the build even if no
ATF/OPTEE binary exist, so we can enable this feature for the rockchip
platform.
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Some U-Boot pointers have redundant information, so we can use a scheme
where we can return either an error code or a pointer with the same
return value. The default implementation just casts the pointer to a
number, however, this may fail on platforms where the end of the address
range is used for valid pointers (e.g. 0xffffff00 is a valid heap pointer
in socfpga SPL). For such platforms, this value provides an upper range
of those error pointer values - up to 'MAX_ERRNO' bytes below this value
must be unused/invalid addresses.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Use BUILD_TARGET to automatically build "u-boot-with-spl.imx" on MX6
targets with SPL.
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Fabio Estevam <festevam@gmail.com>
Cc: Stefano Babic <sbabic@denx.de>
Now that we have a generic FIT generator script for RISC-V, set it as
the default. To also build the FIT image by default, set the default
build target to "u-boot.itb" if CONFIG_SPL_LOAD_FIT is enabled.
Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
- remove rk3288 fennec board
- remove SPL raw image support for Rockchip SoCs
- add common misc_init_r() for ethaddr from cpuid
- enable USB HOST support for rk3328
- unify code for finding a valid gpt in part driver
Several options are presenting themselves on a various boards
where the options are clearly not used. (ie, arm64 options on
arm9, or SPL/TPL options when SPL or TPL are not defined)
This patch is not attempting to be a complete list of items, but
more like low hanging fruit.
This patch attempts to reduce some of the menuconfig noise
by defining dependencies so they don't appear when not used.
Signed-off-by: Adam Ford <aford173@gmail.com>
The name CONFIG_LEGACY_IMAGE_FORMAT reads slightly better along with
allowing us to avoid a rather nasty Kbuild/Kconfig issue down the line
with CONFIG_IS_ENABLED(IMAGE_FORMAT_LEGACY). In a few places outside of
cmd/ switch to using CONFIG_IS_ENABLED() to test what is set.
Signed-off-by: Tom Rini <trini@konsulko.com>
Add u-boot.itb BUILD_TARGET for Rockchip platform when SPL_LOAD_FIT
is being used.
This can get rid of building itb explicitly with 'make u-boot.itb'
so, from now all required images will build just by make.
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
In order to migrate this symbol to Kconfig introduce a new symbol to
guard it, CONFIG_SYS_CUSTOM_LDSCRIPT. When that is set we can then
provide the exact final location o the script.
Signed-off-by: Tom Rini <trini@konsulko.com>
Add a new option, CONFIG_DEPRECATED, for code that relies on deprecated
functionality and has not been converted past the deadline for
conversion.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Jagan Teki <jagan@amarulasolutions.com>
Commit 3a7c45f6a7 ("simple-bus: add DM_FLAG_PRE_RELOC flag to
simple-bus driver") causes some i.MX boards that were converted
to DM, such as warp7, to fail to boot.
As explained by Lukas Auer:
"With the patch, U-Boot probes the drivers for devices under simple-bus
device tree nodes in the pre-relocation device model. The default value
of CONFIG_SYS_MALLOC_F_LEN (0x400) leaves U-Boot with not enough memory to
do this, causing it to hang."
Fix this problem by providing a convenient default value for
CONFIG_SYS_MALLOC_F_LEN.
Reported-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Suggested-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Tested-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Tested-by: Heiko Schocher <hs@denx.de>
Both the SPL_LOAD_FIT and SPL_LOAD_FIT_FULL have the same description.
Adjust the description to make it clear which one is which.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Tom Rini <trini@konsulko.com>
- Gen3 PCIe driver + enablement on Salvator-X platforms.
- Gen3 recovery SPL used to reload ATF/OpTee/U-Boot instead of minimon.
- SDHI HS400 fixes ported from latest BSP and datasheet.
This patch moves the the config SYS_MALLOC_LEN to
Kconfig as it is already done for zynq arch in
commit 01aa5b8f05 ("Kconfig: Move config
SYS_MALLOC_LEN to Kconfig for zynq")
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Build an SPL which can be started via SCIF download mode on R-Car Gen3
and allows loading and executing U-Boot uImage with the next stage code.
This is also useful for starting e.g. ATF BL2, which inits the hardware
and returns to the U-Boot SPL, which can then load e.g. U-Boot proper.
The H3, M3-W, M3-N SoCs have plenty of SRAM for storing the U-Boot SPL
while the payload, e.g. ATF BL2, executes, so there is no problem here.
However, E3 and D3 have much less SRAM, hence the loader uses a trick
where it copies itself beyond the area used by BL2 and executes from
there. That area is 32kiB large and not enough to hold U-Boot SPL, BSS,
stack and malloc area, so the later two are placed at +0x4000 offset
from start of SRAM, another area not used by ATF BL2. To make things
even more complicated, the SCIF loader cannot load to the upper 32kiB
of the SRAM directly, hence the copying approach.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
MPC83xx uses CONFIG_83XX_CLKIN instead of CONFIG_SYS_CLK_FREQ to set the
system clock. To migrate the architecture, we can replace
CONFIG_83XX_CLKIN with CONFIG_SYS_CLK_FREQ.
To do this
* replace all occurrences of CONFIG_83XX_CLKIN with CONFIG_SYS_CLK_FREQ
* set CONFIG_SYS_CLK_FREQ to the old value of CONFIG_83XX_CLKIN in all
MPC83xx config files
Signed-off-by: Mario Six <mario.six@gdsys.cc>
The current prompt text for FIT external offset is identical to
SYS_TEXT_BASE which might confuse the users. Provided more accurate
description for the prompt text.
Signed-off-by: Ibai Erkiaga <ibai.erkiaga-elorza@xilinx.com>
Reviewed-by: Marek Vasut <marex@denx.de>
Add default SPL_FIT_GENERATOR py script for rockchip platforms if
specific target enabled SPL_LOAD_FIT.
So, this would help get rid of explicitly mentioning the default
SPL FIT generator in defconfigs. however some targets, like puma_rk3399
still require their own FIT generator so in those cases the default will
override with defconfig defined generator.
Reviewed-by: Paul Kocialkowski <paul.kocialkowski@bootlin.com>
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
This patch adds the CONFIG_SPL_IMAGE option to select the SPL image that
shall be used to generate the combined SPL + U-Boot image. The default
value is the current value "spl/u-boot-spl.bin".
This patch also sets CONFIG_SPL_IMAGE to "spl/boot.bin" for AT91 targets
which use SPL NAND support (boot from NAND). For these build targets the
combined image "u-boot-with-spl.bin" is now automatically generated and
can be programmed into NAND as one single image (vs. SPL image and U-Boot
as 2 separate images).
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Heiko Schocher <hs@denx.de>
Cc: Andreas Bießmann <andreas@biessmann.org>
Cc: Eugen Hristev <eugen.hristev@microchip.com>
The sfp file is only valid for Gen5 (Cyclone5 & Arria5) and Arria10
devices. The file should only be built for these devices.
Signed-off-by: Dalon Westergreen <dalon.westergreen@intel.com>
Commit dc146ca111 ("Kconfig: Migrate CONFIG_BUILD_TARGET") made the
mvebu default build target depend on CONFIG_SPL_BUILD. Unfortunately,
there is no such Kconfig symbol. Use the CONFIG_SPL symbol instead to
fix that.
Cc: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Stefan Roese <sr@denx.de>
Now that BUILD_TARGET is in Kconfig we can define a default for boards
using the Kirkwood SoC.
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Cc: Jagan Teki <jagan@amarulasolutions.com>
This release is fully packed with lots of glorious improvements in UEFI
land again!
- Make PE images more standards compliant
- Improve sandbox support
- Improve correctness
- Fix RISC-V execution on virt model
- Honor board defined top of ram (fixes a few boards)
- Imply DM USB access when distro boot is available
- Code cleanups
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABAgAGBQJcBYKAAAoJECszeR4D/txgBgwQALmYioI67R5/Iizpv7bg+rIQ
0TyPKZHmfHtVjGHd5X4X+9NBsoaSKqGnoI12bJ+V9hIMuiu5qFKyM3icTOOJ6LI6
wggnvMWZl5nfZmdEgETHTmaZkQZzKwhzbftGlGf2j19FdDk1OOI7hRNLeaIZUTv0
VHiUV68PP/1Of1y7iqB5jij1wTUHWlCufKjGXELP0bAXx86/tecgCuvjBihXizz/
sMsCxEF8++pb5l/l4yFEkKd5rr5D/ZkKMLR4KniZVq2qP1S4calolP14ykHN+a/l
uKP4e4GDuYyrgXXTNRFhVTlaAn18bmvxH4ialnpYVZKRtfsdHPHQXfqmgf8ZgJPE
JK3mmG6eLCbBPeND2Yz3b7G/Ec04z+RJXx0hriyLdejLgp5jM9SBtygiz6FmQLpQ
VfDJNEWV7ot6Ejou55O0d9u5ATF0jAd4tikmsrStWWZOVHvie6nG0wFYiRxnWCKP
sid0p7lWSUKEl0sAvA0LglNMzd4tCAq7vtkfLj/BVrDc9Jpir9CVJ13ppXIGk1HC
YIGWLo0uXAGC9wgRE7ZgGCKtQ6VFZRbSiJQOowi4MrHzHXH218oSNz2w25tAVTBw
le2WbxlGNYhV1xnoWMks1GTdWGQDCXdfBAhfzRIvQq2kz4z9V8hzpnVDIk2ZL3L1
o3nqUatR0ZVXPcinf+Ke
=6o9t
-----END PGP SIGNATURE-----
Merge tag 'signed-efi-next' of git://github.com/agraf/u-boot
Patch queue for efi - 2018-12-03
This release is fully packed with lots of glorious improvements in UEFI
land again!
- Make PE images more standards compliant
- Improve sandbox support
- Improve correctness
- Fix RISC-V execution on virt model
- Honor board defined top of ram (fixes a few boards)
- Imply DM USB access when distro boot is available
- Code cleanups
We add the support of the padding pss for rsa signature.
This new padding is often recommended instead of pkcs-1.5.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When you support distro boot and you support USB, you usually want to
also support booting from USB storage.
Reflect that in the Kconfig, so that we don't have to explicitly add
USB storage support to every defconfig individually.
Reported-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
Xilinx is introducing Versal, an adaptive compute acceleration platform
(ACAP), built on 7nm FinFET process technology. Versal ACAPs combine
Scalar Processing Engines, Adaptable Hardware Engines, and Intelligent
Engines with leading-edge memory and interfacing technologies to deliver
powerful heterogeneous acceleration for any application. The Versal AI
Core series has five devices, offering 128 to 400 AI Engines. The series
includes dual-core Arm Cortex™-A72 application processors, dual-core Arm
Cortex-R5 real-time processors, 256KB of on-chip memory with ECC, more
than 1,900 DSP engines optimized for high-precision floating point with
low latency.
The patch is adding necessary infrastructure in place without enabling
platform which is done in separate patch.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
This patch moves the the config SYS_MALLOC_LEN to
Kconfig. It will be just for Zynq arch and to do
will be for all other archs.
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Signed-off-by: Vipul Kumar <vipul.kumar@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Trivial Kconfig cleanup. Use tabs instead of spaces.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>
Another round of sorting Kconfig entries aplhabetically.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Acked-by: Alexey Brodkin <abrodkin@synopsys.com>
Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>
This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the
max size of a FIT header's totalsize field. The field is checked before
signature checks are applied to protect from reading past the intended
FIT regions.
This field is not part of the vboot signature so it should be sanity
checked. If the field is corrupted then the structure or string region
reads may have unintended behavior, such as reading from device memory.
A default value of 256MB is set and intended to support most max storage
sizes.
Suggested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add support for loading U-Boot and optionally FDT from a fitImage
in SPL by using the full fitImage support from U-Boot. While we do
have limited SPL loading support in SPL with a small footprint, it
is missing a lot of important features, like checking signatures.
This support has all the fitImage features, while the footprint is
obviously larger.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Pantelis Antoniou <pantelis.antoniou@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Rename CONFIG_FIT_SPL_PRINT to CONFIG_SPL_FIT_PRINT and add Kconfig
entry for it.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Pantelis Antoniou <pantelis.antoniou@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Building with verified boot support requires hash, add that
dependency here. Otherwise the following build error will come out
without crc command.
LD u-boot
lib/built-in.o: In function `hash_calculate':
lib/rsa/rsa-checksum.c:29: undefined reference to
`hash_progressive_lookup_algo'
...
make[1]: *** [u-boot] Error 1
Signed-off-by: Kelvin Cheung <keguang.zhang@gmail.com>
Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>