The general rule of accepting or rejecting an image is
1. Is the sha256 of the image in dbx
2. Is the image signed with a certificate that's found in db and
not in dbx
3. The image carries a cert which is signed by a cert in db (and
not in dbx) and the image can be verified against the former
4. Is the sha256 of the image in db
For example SHIM is signed by "CN=Microsoft Windows UEFI Driver Publisher",
which is issued by "CN=Microsoft Corporation UEFI CA 2011", which in it's
turn is issued by "CN=Microsoft Corporation Third Party Marketplace Root".
The latter is a self-signed CA certificate and with our current implementation
allows shim to execute if we insert it in db.
However it's the CA cert in the middle of the chain which usually ends up
in the system's db. pkcs7_verify_one() might or might not return the root
certificate for a given chain. But when verifying executables in UEFI, the
trust anchor can be in the middle of the chain, as long as that certificate
is present in db. Currently we only allow this check on self-signed
certificates, so let's remove that check and allow all certs to try a
match an entry in db.
Open questions:
- Does this break any aspect of variable authentication since
efi_signature_verify() is used on those as well?
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
That code is mistakenly duplicated due to copy-and-paste error.
Just remove it.
Fixes: CID 348360
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
SMBIOS is not x86 specific. So we should have an architecture independent
page describing it.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The wrong phy was being enabled, because it worked and the proper
PHY did not. After the Renesas maintainer made some adjustments
to the device tree, Linux was able to use the proper driver, and
when that device tree was ported to Linux, the ethernet stopped
working due to the lack of rgmii-rxid support. Now that
rgmii-rxid is supported, enable the proper driver to restore
ethernet function.
Fixes: 1eaf61c84d ("arm: dts: beacon-rzg2: Resync device trees with Linux 5.16-rc3")
Signed-off-by: Adam Ford <aford173@gmail.com>
Some boards like the Beacon RZ/G2 SOM use either flags for
tx-internal-delay-ps, rx-internal-delay-ps or rgmii-rxid.
In Linux the APSR_RDM flag is set when either rx-internal-delay-ps
is set or the mode is rgmii-rxid, and the APSR_TDM is set when
tx-internal-delay-ps is found or rgmii-txid is set, and both
are set if rgmii-id is set.
The ravb driver in U-Boot driver was missing rgmii-rxid support,
so add that support in a similar fashion to what is done in Linux.
Signed-off-by: Adam Ford <aford173@gmail.com>
This has an assortment of cleanups and the occasional bugfix. Also present
is the addition of the clock subsystem documentation to HTML docs.
CI: https://source.denx.de/u-boot/custodians/u-boot-clk/-/pipelines/11075
-----BEGIN PGP SIGNATURE-----
iQGTBAABCgB9FiEEkGEdW86NSNID6GAoPuiP7LShEG4FAmIYfMVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDkw
NjExRDVCQ0U4RDQ4RDIwM0U4NjAyODNFRTg4RkVDQjRBMTEwNkUACgkQPuiP7LSh
EG5kLAf/ahTgbHHiEOnH0L82bFZ5YyMabAR6q337p1FxVPiIIPRV9RZDExutjo3l
tukOw+ZMBGtmQOPy//L2s09AJU7v/ZjGxqLddKuH/0p+OfZdqz0U0e1jDNrThxo4
HPK86b8CQveB9lbY1aK1T1oTCH1IlfQOrDK235IDpsFiHCKlY5qSwfMQCIyTF5/c
x8Rb4HWz/YbCGA6bmldoo/tLw5mNFcB51vWoCzmLm/6Mk+7I7wOH10sOeowFbaiY
Ilv8r+VSLZH6Kbd7cWjT4wXAi0L/B1D3O4dTkbsDfheDeVlOTHeR3PUmRksTVQ1V
KHrfJJU0gz6KngNvRRTTbS2VH0FH7g==
=y34/
-----END PGP SIGNATURE-----
Merge tag 'clk-2022.04-rc2' of https://source.denx.de/u-boot/custodians/u-boot-clk
Clock patches for v2022.04-rc2
This has an assortment of cleanups and the occasional bugfix. Also present
is the addition of the clock subsystem documentation to HTML docs.
CI: https://source.denx.de/u-boot/custodians/u-boot-clk/-/pipelines/11075
There is a conflict between the static file
lib/acpi/dsdt.c and the file dsdt.c generated
dynamicaly by scripts/Makefile.lib. When a
mrproper is done, the static file dsdt.c is
removed. If a build with acpi enabled is
launched after, the following error is raised:
CC lib/acpi/acpi_table.o
make[2]: *** No rule to make target 'lib/acpi/dsdt.asl', needed by 'lib/acpi/dsdt.c'. Stop.
scripts/Makefile.build:394: recipe for target 'lib/acpi' failed
To avoid such error, the generated file is named
dsdt_generated.c instead of dstdt.c.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Update the result of do_clk_setfreq and always returns a CMD_RET_ value
(-EINVAL was a possible result).
This patch avoid the CLI output "exit not allowed from main input shell."
Fixes: 7ab418fbe6 ("clk: add support for setting clk rate from cmdline")
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
Link: https://lore.kernel.org/r/20220131172131.3.Iec2029edb7fc0b29e13bcb86058ad2f614f62779@changeid
The function clk_lookup can be replaced by a direct call
to uclass_get_device_by_name for UCLASS_CLK.
This patch removes duplicated codes by the generic DM API and avoids
issue in clk_lookup because result of uclass_get_device wasn't tested;
when ret < 0, dev = NULL and dev->name is invalid, the next function
call strcmp(name, dev->name) causes a crash.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Link: https://lore.kernel.org/r/20220131172131.2.I7bc7762eff1e31ab7ff5b34c416ee03b8fe52200@changeid
Test the number of argument in setfreq command to avoid a crash when
the command setfreq is called without argument:
STM32MP> clk setfreq
data abort
pc : [<ddba3f18>] lr : [<ddba3f89>]
reloc pc : [<c018ff18>] lr : [<c018ff89>]
sp : dbaf45b8 ip : ddb1d859 fp : 00000002
r10: dbb3fd80 r9 : dbb11e90 r8 : ddbf38cc
r7 : ddb39725 r6 : 00000000 r5 : 00000000 r4 : dbb3fd84
r3 : dbb3fd84 r2 : 0000000a r1 : dbaf45bc r0 : 00000011
Flags: nzCv IRQs off FIQs off Mode SVC_32 (T)
Code: 4dd3 1062 85a3 ddbd (7803) 2b30
Resetting CPU ...
Fixes: 7ab418fbe6 ("clk: add support for setting clk rate from cmdline")
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
Link: https://lore.kernel.org/r/20220131172131.1.I32a8f213d330dccd922f7aafc60d3d63fcbe8615@changeid
It is safe to check if the uclass id on the device is UCLASS_CLK
before to call the clk_ functions, but today this comparison is
not done on the device used in API: clkp->dev->parent
but on the device himself: clkp->dev.
This patch corrects this behavior and tests if the parent device
is a clock device before to call the clock API, clk_enable or
clk_disable, on this device.
Fixes: 0520be0f67 ("clk: prograte clk enable/disable to parent")
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
This adds a helper function for clk_get_by_name in cases where the clock is
optional. Hopefully this helps point driver writers in the right direction.
Also convert some existing users.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Neil Armstrong <narmstrong@baylibre.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Link: https://lore.kernel.org/r/20220115205247.566210-2-seanga2@gmail.com
This converts the existing driver API docs (clk-uclass.h) to kernel doc
format and adds them to the HTML documentation. Because the kernel doc
sphinx converter does not handle functions in structs very well, the
individual methods are documented separately. This is primarily inspired by
the phylink documentation [1], which uses this trick extensively.
[1] https://www.kernel.org/doc/html/latest/networking/kapi.html#c.phylink_mac_ops
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Link: https://lore.kernel.org/r/20211222171114.3091780-5-seanga2@gmail.com
This converts the existing client (aka clk.h) documentation to kernel doc
format, and adds it to the HTML docs. I have tried to preserve existing
comments as much as possible, refraining from semantic changes.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Link: https://lore.kernel.org/r/20211222171114.3091780-4-seanga2@gmail.com
[rebased onto u-boot/master and resolved conflicts]
Signed-off-by: Sean Anderson <seanga2@gmail.com>
The optional varients of clk_get_* functions are just simple wrappers.
Reduce code size a bit by inlining them. On platforms where it is not used
(most of them), it will not be compiled in any more. On platforms where
they are used, the inlined branch should not cause any significant growth.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Link: https://lore.kernel.org/r/20211222171114.3091780-3-seanga2@gmail.com
This xlate function just performs some checking. We can do this in
request() instead and use the default xlate.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Tero Kristo <kristo@kernel.org>
Link: https://lore.kernel.org/r/20211215164718.2778664-1-seanga2@gmail.com
With the Kconfig options being deleted, the references to
OMAP_EHCI_PHY are useless. Remove them from the various
defconfigs.
Signed-off-by: Adam Ford <aford173@gmail.com>
With the omap-ehci driver now using the phy subsystem to enable
and disable reset, the driver no longer needs to know which
GPIO's are used, and they can be removed from Kconfig.
Signed-off-by: Adam Ford <aford173@gmail.com>
There are a few boards that use hard-coded GPIO definitions in
their respective defconfig files. If the GPIO's are listed
in their device trees, the nop-phy can toggle the GPIO's,
so the EHCI driver does not need to know anything about the
GPIO's. Add functions for getting the phys and remove the GPIO
toggles since the phy will now do that.
Signed-off-by: Adam Ford <aford173@gmail.com>
The USB_EHCI_OMAP driver currently has a series of Kconfig options
which let users specify a GPIO for the reset pin. Some devices
may have only one reset, while others might have more.
Since there is a nop phy driver, let's selct enable the PHY
system, and imply the nop phy driver. The nop phy driver can now
toggle the reset pins when putting the phy in and out of reset.
If the gpio is listed under the phy, it will get toggled and
the hard-coded config options specifying the GPIO numbers can
eventually go away.
Signed-off-by: Adam Ford <aford173@gmail.com>
The reset function should place the phy into reset, while the
init function should take the phy out of reset. Currently the
reset function takes it out of reset, and the init calls the
reset.
Signed-off-by: Adam Ford <aford173@gmail.com>
The OMAP3 hierarchy has the ehci node as a sub-node of the
usbhshost. The usbhshost node contains an ohci and an ehci
subnode. The configuration of the ehci belongs in the
EHCI node and not its parent. Move it to the proper probe.
usb start
starting USB...
Bus ehci@48064800: USB EHCI 1.00
Bus usb_otg_hs@480ab000: Port not available.
scanning bus ehci@48064800 for devices... 3 USB Device(s) found
scanning usb for storage devices... 1 Storage Device(s) found
Signed-off-by: Adam Ford <aford173@gmail.com>
omap_ehci_hcd_stop appears to be dead code, and omap_ehci_hcd_init
is only called by the probe function, so it can be static to that
function. Remove both from the header along with some additional
checking for DM_USB.
Signed-off-by: Adam Ford <aford173@gmail.com>
On some configs (like stm32mp15_dhcom_basic_defconfig), if configs
SPL_LOAD_FIT_FULL and SPL_FIT_FULL_CHECK are enabled. Then the compilatio
fails with the following error:
arm-linux-gnueabi-ld.bfd: boot/image-fit.o: in function `fit_check_format':
<PATH>/uboot/u-boot-stm/boot/image-fit.c:1641: undefined reference to `fdt_check_full'
scripts/Makefile.spl:509: recipe for target 'spl/u-boot-spl' failed
This issue happens because the function fdt_check_full is only defined if
"!defined(FDT_ASSUME_MASK) || FDT_ASSUME_MASK != 0xff". But this function
may be called even if this condition are not verified. To avoid this issue,
the function fdt_check_full is always defined.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The port/hub leaf nodes don't contain the phy definitions in some dts
files so check the parents.
Signed-off-by: Angus Ainslie <angus@akkea.ca>
Reviewed-by: Simon Glass <sjg@chromium.org>
At present we only support expanding out FDT nodes. Make the operation
into an @operation property, so that others can be supported.
Re-arrange and tidy up the documentation so that it has separate
headings for each topic.
Signed-off-by: Simon Glass <sjg@chromium.org>
Split subnode and property processing into separate functions to make
the _AddNode() function a little smaller. Tweak a few comments.
This does not change any functionality.
Signed-off-by: Simon Glass <sjg@chromium.org>
Collecting the data from a list of entries and putting it in a file is
a useful operation that will be needed by other entry types. Put this into
a method in the Entry class.
Add some documentation about how to collect data for an entry type.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a file that has two text sections at different addresses, so we can
test this behaviour in binman, once added.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present the 'args' property of the mkimage entry type is a string. This
makes it difficult to include CONFIG options in that property. In
particular, this does not work:
args = "-n CONFIG_SYS_SOC -E"
since the preprocessor does not operate within strings, nor does this:
args = "-n" CONFIG_SYS_SOC" "-E"
since the device tree compiler does not understand string concatenation.
With this new feature, we can do:
args = "-n", CONFIG_SYS_SOC, "-E";
Signed-off-by: Simon Glass <sjg@chromium.org>
Add an entry for OP-TEE Trusted OS 'BL32' payload.
This is required by platforms using Cortex-A cores with TrustZone
technology.
Signed-off-by: Roger Quadros <rogerq@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add missing-blob-help, renumber the test file, update entry-docs:
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a function which reads the segments and the entry address.
Also fix a comment nit in the tests while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
It is helpful to support a string or stringlist containing a list of
space-separated arguments, for example:
args = "-n fred", "-a", "123";
This resolves to the list:
-n fred -a 123
which can be passed to a program as arguments.
Add a helper to do the required processing.
Signed-off-by: Simon Glass <sjg@chromium.org>
This does not work at present, since the current algorithm assumes that
either there are no nodes or all nodes have an offset. If a node is new,
but an old node is still in the tree, then syncing fails due to this
assumption.
Fix it and add a test.
Signed-off-by: Simon Glass <sjg@chromium.org>
When CONFIG_SPL_FIT is enabled we do not access U-Boot directly in
the image, since it is embedded in a FIT which is parsed at runtime.
Provide a CONFIG option to drop the symbols in this case.
Signed-off-by: Simon Glass <sjg@chromium.org>