Commit graph

25 commits

Author SHA1 Message Date
Tom Rini
d5d9770f58 bootX measurements and measurement API moved to u-boot core
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEgWII69YpahbL5iK5gS8AYozs+qIFAmU7j50ACgkQgS8AYozs
 +qIh8w/+O4UjT0sG1NLwmyV7U1Ypk+EyYaE6wmSWzpsJLfH/YvtObBJOYRuXxRVh
 J9lkgCsw8Ct1ZNCrp8iVO+Dz1DtV8+QvTecrUHZqcOhTYDaqxXnlvEH2/EUhgo5T
 9a/ZaDtOP1mKz754C4G6G363+iRCvbcqDECeKg9VYxfWCo1cINOmqyQCqlGxFT+h
 PKiB5VzUpN/K/yiie+Hr42/+6XaykAUjUvEWeyKOsRmYY4lNiK22vG/puE42bFTh
 catXwTE2a7x+yzPKkdhR0UGvDUlIKET2kF6mi+pYN2h/cSUxWTzbP/OxcU9yJOnm
 qJiRZ+Woez1I7ul6ln4ci2kiWc3CTYFXfctwrBJPuJ/EO+2EEb3oHqG2S3Fc9VBZ
 N17flHW7XZHEQbNexlUhk9cRpCwRuSA5OJXwW+IZIuydgNeo3xF0iYvipbjkEGgW
 BBkt8PH+ivTLjEz6Gcmquvo1fHGJLHRIPg7DNb0phGHviuC0zlDJ7N5DZk0CpkiT
 36siV9xK4X6qvWkOTa6Ldw60e4tN9nv3VG30uXtPHi3XdOkKfNkyIuqO/5BkkQPt
 6yEc9IYXYoWNKDVUGme5+xszZp1sSvqltajG9VVNupt958dFyOSgS5aNa6B4UsWX
 3XfndP1/s2bezUHoQx5zjraapKVrqBFLkGeTlCDUD+mEgP440G8=
 =gvDs
 -----END PGP SIGNATURE-----

Merge tag 'tpm-next-27102023' of https://source.denx.de/u-boot/custodians/u-boot-tpm

bootX measurements and measurement API moved to u-boot core:

Up to now, U-Boot could perform measurements and EventLog creation as
described by the TCG spec when booting via EFI.

The EFI code was residing in lib/efi_loader/efi_tcg2.c and contained
both EFI specific code + the API needed to access the TPM, extend PCRs
and create an EventLog. The non-EFI part proved modular enough and
moving it around to the TPM subsystem was straightforward.

With that in place we can have a common API for measuring binaries
regardless of the boot command, EFI or boot(m|i|z), and contructing an
EventLog.

I've tested all of the EFI cases -- booting with an empty EventLog and
booting with a previous stage loader providing one and found no
regressions.  Eddie tested the bootX part.

Eddie also fixed the sandbox TPM which couldn't be used for the EFI code
and it now supports all the required capabilities. This had a slight
sideeffect in our testing since the EFI subsystem initializes the TPM
early and 'tpm2 init' failed during some python tests. That code only
opens the device though, so we can replace it with 'tpm2 autostart'
which doesn't error out and still allows you to perfom the rest of the
tests but doesn't report an error if the device is already opened.

There's a few minor issues with this PR as well but since testing and
verifying the changes takes a considerable amount of time, I prefer
merging it now.

Heinrich has already sent a PR for -master containing "efi_loader: fix
EFI_ENTRY point on get_active_pcr_banks" and I am not sure if that will
cause any conflicts, but in any case they should be trivial to resolve.

Both the EFI and non-EFI code have a Kconfig for measuring the loaded
Device Tree.  The reason this is optional is that we can't reason
when/if devices add random info like kaslr-seed, mac addresses etc in
the DT. In that case measurements are random, board specific and
eventually useless.  The reason it was difficult to fix it prior to this
patchset is because the EFI subsystem and thus measurements was brought
up late and DT fixups might have already been applied. With this
patchset we can measure the DT really early in the future.

Heinrich also pointed out that the two Kconfigs for the DTB measurements
can be squashed in a single one and that the documentation only explains
the non-EFI case.  I agree on both but as I said this is a sane working
version, so let's pull this first it's aleady big enough and painful to
test.
2023-10-27 19:27:29 -04:00
Eddie James
dec166d6b2 bootm: Support boot measurement
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.

Signed-off-by: Eddie James <eajames@linux.ibm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Ilias: Added some info on Kconfig explaining this is when booting !EFI
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-10-27 13:15:57 +03:00
Tom Rini
3616218b5a cmd: Convert existing long help messages to the new macro
- Generally we just drop the #ifdef CONFIG_SYS_LONGHELP and endif lines
  and use U_BOOT_LONGHELP to declare the same variable name as before
- In a few places, either rename the variable to follow convention or
  introduce the variable as it was being done inline before.

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-10-16 10:24:58 -04:00
Simon Glass
d9d7c20b73 treewide: Drop bootm_headers_t typedef
This is not needed and we should avoid typedefs. Use the struct instead.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-09-29 16:07:57 -04:00
Simon Glass
7e5f460ec4 global: Convert simple_strtoul() with hex to hextoul()
It is a pain to have to specify the value 16 in each call. Add a new
hextoul() function and update the code to use it.

Add a proper comment to simple_strtoul() while we are here.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-02 13:32:14 -04:00
Simon Glass
401d1c4f5d common: Drop asm/global_data.h from common header
Move this out of the common header and include it only where needed.  In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly.   Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-02-02 15:33:42 -05:00
Tero Kristo
9b83f9c594 cmd: booti: convert the debug print about image move to printf
Moving of the OS image may have some nasty side effects like corrupting
DTB. Convert the current debug print to printf so that the relocation of
the OS is always obvious to the user.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
2020-07-17 08:51:01 -04:00
Tero Kristo
fbde7589ce common: bootm: add checks to verify if ramdisk / fdtimage overlaps OS image
These cases are typically fatal and are difficult to debug for random
users. Add checks for detecting overlapping images and abort if overlap
is detected.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
2020-07-17 08:51:01 -04:00
Vagrant Cascadian
d1896e365c cmd: booti: Fix spelling of "environment".
Signed-off-by: Vagrant Cascadian <vagrant@debian.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-06-23 14:43:24 -04:00
Simon Glass
f7ae49fc4f common: Drop log.h from common header
Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 21:19:18 -04:00
Simon Glass
0914011310 command: Remove the cmd_tbl_t typedef
We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.

Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.

This requires quite a few header-file additions.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 18:36:55 -04:00
Atish Patra
414c34ed55 image: Add compressed Image parsing support in booti.
Add compressed Image parsing support so that booti can parse both
flat and compressed Image to boot Linux. Currently, it is difficult
to calculate a safe address for every board where the compressed
image can be decompressed. It is also not possible to figure out the
size of the compressed file as well. Thus, user need to set two
additional environment variables kernel_comp_addr_r and filesize to
make this work.

Following compression methods are supported for now.
lzma, lzo, bzip2, gzip.

lz4 support is not added as ARM64 kernel generates a lz4 compressed
image with legacy header which U-Boot doesn't know how to parse and
decompress.

Tested on HiFive Unleashed and Qemu for RISC-V.
Tested on Qemu for ARM64.

Signed-off-by: Atish Patra <atish.patra@wdc.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
[trini: Fix minor rST formatting problems]
Signed-off-by: Tom Rini <trini@konsulko.com>
2020-04-17 12:32:36 -04:00
Simon Glass
bb872dd930 image: Rename load_addr, save_addr, save_size
These global variables are quite short and generic. In fact the same name
is more often used locally for struct members and function arguments.

Add a image_ prefix to make them easier to distinguish.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-01-17 14:02:35 -05:00
Simon Glass
36bf446b64 common: Move enable/disable_interrupts out of common.h
Move these two functions into the irq_funcs.h header file. Also move
interrupt_handler_t as this is used by the irq_install_handler() function.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2019-12-02 18:25:01 -05:00
Lokesh Vutla
683cdd6837 cmd: booti: Store OS start and end info in images structure
Store the start and end of the OS image that is loaded in images
structure.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
2019-10-25 17:33:21 -04:00
Atish Patra
3cedc97479 RISCV: image: Add booti support
This patch adds booti support for RISC-V Linux kernel. The existing
bootm method will also continue to work as it is.

It depends on the following kernel patch which adds the header to the
flat Image. Gzip compressed Image (Image.gz) support is not enabled with
this patch.

https://patchwork.kernel.org/patch/10925543/

Tested on HiFive Unleashed and QEMU.

Signed-off-by: Atish Patra <atish.patra@wdc.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Tested-by: Karsten Merker <merker@debian.org>
Reviewed-by: Marek Vasut <marek.vasut@gmail.com>
2019-05-09 16:47:52 +08:00
Marek Vasut
7f13b374fd ARM: image: Add option for ignoring ep bit 3
Add option to the booti_setup() which indicates to it that the caller
requires the image to be relocated to the beginning of the RAM and
that the information whether the image can be located anywhere in RAM
at 2 MiB aligned boundary or not is to be ignored. This is useful ie.
in case the Image is wrapped in another envelope, ie. fitImage and not
relocating it but moving it would corrupt the envelope.

Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Bin Chen <bin.chen@linaro.org>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Tom Rini <trini@konsulko.com>
Reviewed-By: Bin Chen <bin.chen@linaro.org>
2018-06-19 07:31:45 -04:00
Tom Rini
83d290c56f SPDX: Convert all of our single license tags to Linux Kernel style
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from.  So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry.  Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents.  There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-07 09:34:12 -04:00
Tom Rini
d024236e5a Remove unnecessary instances of DECLARE_GLOBAL_DATA_PTR
We have a large number of places where while we historically referenced
gd in the code we no longer do, as well as cases where the code added
that line "just in case" during development and never dropped it.

Signed-off-by: Tom Rini <trini@konsulko.com>
2018-04-27 14:54:48 -04:00
Masahiro Yamada
bf14d9a7e1 cmd: booti: fix invalid image address in debug message
With commit 6808ef9ac2 ("move booti_setup to arch/arm/lig/image.c"),
images->ep has not been set at this point.

Fixes: 6808ef9ac2 ("move booti_setup to arch/arm/lig/image.c")
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Bin Chen <bin.chen@linaro.org>
2018-02-13 23:24:22 -05:00
Bin Chen
6808ef9ac2 move booti_setup to arch/arm/lig/image.c
Follow bootz's pattern by moving the booti_setup to arch/arm/lib.
This allows to use booti_setup in other paths, e.g booting
an Android image containing Image format.

Note that kernel relocation is move out of booti_setup and it is the
caller's responsibility to do it and allows them do it differently. say,
cmd/booti.c just do a manually, while in the bootm path, we can use
bootm_load_os(with some changes).

Signed-off-by: Bin Chen <bin.chen@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2018-02-07 22:06:11 -05:00
Masahiro Yamada
2808576491 arm64: booti: allow to place kernel image anywhere in physical memory
At first, the ARM64 Linux booting requirement recommended that the
kernel image be placed text_offset bytes from 2MB aligned base near
the start of usable system RAM because memory below that base address
was unusable at that time.

This requirement was relaxed by Linux commit a7f8de168ace ("arm64:
allow kernel Image to be loaded anywhere in physical memory").
Since then, the bit 3 of the flags field indicates the tolerance
of the kernel physical placement.  If this bit is set, the 2MB
aligned base may be anywhere in physical memory.  For details, see
Documentation/arm64/booting.txt of Linux.

The booti command should be also relaxed.  If the bit 3 is set,
images->ep is respected, and the image is placed at the nearest
bootable location.  Otherwise, it is relocated to the start of the
system RAM to keep the original behavior.

Another wrinkle we need to take care of is the unknown endianness of
text_offset for a kernel older than commit a2c1d73b94ed (i.e. v3.16).
We can detect this based on the image_size field.  If the field is
zero, just use a fixed offset 0x80000.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2017-03-14 20:40:23 -04:00
Scott Wood
0fff19a678 booti: Set images.os.arch
Commit ec6617c397 ("armv8: Support loading 32-bit OS in AArch32
execution state") broke SMP boot by assuming that an image is 32-bit if
the arch field in the spin table != IH_ARCH_DEFAULT (i.e.
IH_ARCH_ARM64), even if the arch field also does not match IH_ARCH_ARM,
even though nothing actually set the arch field in the spin table.

Commit e2c18e40b1 ("armv8: fsl-layerscape: SMP support for loading
32-bit OS") fixed this for bootm by setting the arch field of the spin
table based on images.os.arch, but booti remaineed broken because it did
not set images.os.arch.

Fixes: ec6617c397 ("armv8: Support loading 32-bit OS in AArch32 execution state")
Fixes: e2c18e40b1 ("armv8: fsl-layerscape: SMP support for loading 32-bit OS")
Cc: Alison Wang <alison.wang@nxp.com>
Cc: Chenhui Zhao <chenhui.zhao@nxp.com>
Cc: York Sun <york.sun@nxp.com>
Cc: Stuart Yoder <stuart.yoder@nxp.com>
Signed-off-by: Scott Wood <oss@buserror.net>
Reviewed-by: Tom Rini <trini@konsulko.com>
2017-01-28 14:04:51 -05:00
Cédric Schieli
4943dc2f19 bootz/booti: relocate ramdisk if CONFIG_SYS_BOOT_RAMDISK_HIGH set
In commit c2e7e72, the ramdisk relocation code was moved from
image_setup_linux to do_bootm, leaving the bootz and booti cases broken.

This patch fixes both by adding the BOOTM_STATE_RAMDISK state in their
call to do_bootm_states if CONFIG_SYS_BOOT_RAMDISK_HIGH is set.

Signed-off-by: Cédric Schieli <cschieli@gmail.com>
Reviewed-by: Rick Altherr <raltherr@google.com>
Tested-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2017-01-24 10:35:55 -05:00
Tom Rini
5db28905c9 cmd: Split 'bootz' and 'booti' out from 'bootm'
The bootz and booti commands rely on common functionality that is found
in common/bootm.c and common/bootm_os.c.  They do not however rely on
the rest of cmd/bootm.c to be implemented so split them into their own
files.  Have various Makefiles include the required infrastructure for
CONFIG_CMD_BOOT[IZ] as well as CONFIG_CMD_BOOTM.  Move the declaration
of 'images' over to common/bootm.c.

Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-08-20 11:35:07 -04:00