1. Since libavb library alone is highly portable, introduce dedicated
Kconfig symbol for AVB bootloader-dependent operations, so it's possible
to build libavb separately. AVB bootloader-dependent operations include:
* Helpers to process strings in order to build OS bootargs.
* Helpers to access MMC, similar to drivers/fastboot/fb_mmc.c.
* Helpers to alloc/init/free avb ops.
2. Add CONFIG_FASTBOOT dependency, as fastboot buffer is
re-used in partition verification operations.
Reported-by: Eugeniu Rosca <rosca.eugeniu@gmail.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Reviewed-by: Eugeniu Rosca <rosca.eugeniu@gmail.com>
Tested-by: Eugeniu Rosca <rosca.eugeniu@gmail.com>
In the case that there was no name defined for a partition the
code assumes that name_len is 22 and therefore allocates exactly
that space for a dummy name. But the function sprintf() first
resolves "0x%08llx@0x%08llx" to a string that is longer than 22
bytes. This leads to a buffer overflow. The replacement function
snprintf() limits the copied bytes to name_len and therefore
avoids the buffer overflow.
Signed-off-by: Kay Potthoff <Kay.Potthoff@microsys.de>
While the `env export` can take as parameters variables to be exported,
`env import` does not have such a mechanism of variable selection.
Let's add the ability to add parameters at the end of the command for
variables to be imported.
Every env variable from the env to be imported passed by parameter to
this command will override the value of the variable in the current env.
If a variable exists in the current env but not in the imported env, if
this variable is passed as a parameter to env import, the variable will
be unset ONLY if the -d option is passed to env import, otherwise the
current value of the variable is kept.
If a variable exists in the imported env, the variable in the current
env will be set to the value of the one from the imported env.
All the remaining variables are left untouched.
As the size parameter of env import is positional but optional, let's
add the possibility to use the sentinel '-' for when we don't want to
give the size parameter (when the env is '\0' terminated) but we pass a
list of variables at the end of the command.
env import addr
env import addr -
env import addr size
env import addr - foo1 foo2
env import addr size foo1 foo2
are all valid.
env import -c addr
env import -c addr -
env import -c addr - foo1 foo2
are all invalid because they don't pass the size parameter required for
checking, while the following are valid.
env import addr size
env import addr size foo1 foo2
Nothing's changed for the other parameters or the overall behaviour.
One of its use case could be to load a secure environment from the
signed U-Boot binary and load only a handful of variables from an
other, unsecure, environment without completely losing control of
U-Boot.
Signed-off-by: Quentin Schulz <quentin.schulz@bootlin.com>
Tested-by: Alex Kiernan <alex.kiernan@gmail.com>
Tested-by: Stephen Warren <swarren@nvidia.com>
The error message should start with `## Error: ` so that it's easily
detectable by tests without needing to have a complex regexp for
matching all possible error message patterns.
Let's add the `## Error: ` prefix to the error messages since it's the
one already in use.
Suggested-by: Stephen Warren <swarren@wwwdotorg.org>
Signed-off-by: Quentin Schulz <quentin.schulz@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stephen Warren <swarren@nvidia.com>
Tested-by: Stephen Warren <swarren@nvidia.com>
The function set_default_env() sets the hashtable flags for import_r().
Formally set_default_env() doesn't accept flags from its callers. In
practice the caller can (un)set the H_INTERACTIVE flag, but it has to be
done using the first character of the function's string argument. Other
flags like H_FORCE can't be set by the caller.
Change the function to accept flags argument. The benefits are:
1. The caller will have to explicitly set the H_INTERACTIVE flag,
instead of un-setting it using a special char in a string.
2. Add the ability to propagate flags from the caller to himport(),
especially the H_FORCE flag from do_env_default() in nvedit.c that
currently gets ignored for "env default -a -f" commands.
3. Flags and messages will not be coupled together. A caller will be
able to set flags without passing a string and vice versa.
Please note:
The propagation of H_FORCE from do_env_default() does not introduce any
functional changes, because currently himport_r() is set to destroy the
old environment regardless if H_FORCE flag is set or not. More changes
are needed to utilize the propagation of H_FORCE.
Signed-off-by: Yaniv Levinsky <yaniv.levinsky@compulab.co.il>
Acked-by: Igor Grinberg <grinberg@compulab.co.il>
The function set_default_vars() in common.c adds H_INTERACTIVE to the
h_import() flag, but the function has no way of telling if the command
actually was user directed like this flag suggest. The flag should be
set by the calling function do_env_default() in nvedit.c instead, where
the command is certainty user directed.
Move the H_INTERACTIVE flag from set_default_vars() to do_env_default().
Signed-off-by: Yaniv Levinsky <yaniv.levinsky@compulab.co.il>
Acked-by: Igor Grinberg <grinberg@compulab.co.il>
The env_flag in do_env_default() doesn't get propagated and therefore
gets ignored by himport_r(). This breaks to ability to "forcibly" reset
variables to their default values using the environment command.
Scenario example of the problem:
# setenv kernel uImage
# setenv .flags kernel:so
# env default -f kernel
## Error: Can't overwrite "kernel"
himport_r: can't insert "kernel=zImage" into hash table
Change the call path so it will pass the flag correctly.
Signed-off-by: Yaniv Levinsky <yaniv.levinsky@compulab.co.il>
Acked-by: Igor Grinberg <grinberg@compulab.co.il>
The naming convention for flags in nvedit.c is:
* The hashtable flag (defined in search.h) is named "env_flag"
* The command flag argument (defined in command.h) is named "flag"
This convention is kept in functions like do_env_print(), do_env_set()
and do_env_delete(), but not in do_env_default().
Rename the hashtable flag in do_env_default() from "flag" to "env_flag".
Rename the command flag in do_env_default() from "__flag" to "flag".
No functional change.
Signed-off-by: Yaniv Levinsky <yaniv.levinsky@compulab.co.il>
Reviewed-by: Igor Grinberg <grinberg@compulab.co.il>
When sourcing a FIT format script, if we've not been told the unit name
to use, look for a default property at the root of /images to work out
which unit we should use.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When trying to attach an UBI MTD partition via "ubi part", it may happen
that the MTD partition defined in U-Boot (via mtdparts) is not big
enough than the one, where the UBI device has been created on. This
may lead to errors, which are not really descriptive to debug and
solve this issue, like:
ubi0 error: vtbl_check: too large reserved_pebs 1982, good PEBs 1020
ubi0 error: vtbl_check: volume table check failed: record 0, error 9
or:
ubi0 error: init_volumes: not enough PEBs, required 1738, available 1020
ubi0 error: ubi_wl_init: no enough physical eraseblocks (-718, need 1)
ubi0 error: ubi_attach_mtd_dev: failed to attach mtd1, error -12
Lets add an additional message upon attach failure, to aid the U-Boot
user to solve this problem.
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Heiko Schocher <hs@denx.de>
When using static volumes, the file size stored in the volume is
determined at runtime. Currently the ubi command prints the file
size specified on the console, which leads to a rather confusing
series of messages:
# ubi read ${fdt_addr_r} testvol
Read 0 bytes from volume testvol to 82000000
No size specified -> Using max size (179924992)
Make sure to print the actual size read in any case:
# ubi read ${fdt_addr_r} testvol
No size specified -> Using max size (179924992)
Read 179924992 bytes from volume testvol to 82000000
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Currently we can choose between 2 different types of behavior for the
serverip variable:
1) Always overwrite it with the DHCP server IP address (default)
2) Ignore what the DHCP server says (CONFIG_BOOTP_SERVERIP)
This patch adds a 3rd option:
3) Use serverip from DHCP if no serverip is given
(CONFIG_BOOTP_PREFER_SERVERIP)
With this new option, we can have the default case that a boot file gets
loaded from the DHCP provided TFTP server work while allowing users to
specify their own serverip variable to explicitly use a different tftp
server.
Signed-off-by: Alexander Graf <agraf@suse.de>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
We can call commands like dhcp and bootp without arguments or with
explicit command line arguments that really should tell the code where
to look for files instead.
Unfortunately, the current code simply overwrites command line arguments
in the dhcp case with dhcp values.
This patch allows the code to preserve the command line values if they
were set on the command line. That way the semantics are slightly more
intuitive.
The reason this patch does that by introducing a new variable is that we
can not rely on net_boot_file_name[0] being unset, as today it's
completely legal to call "dhcp" and afterwards run "tftp" and expect the
latter to repeat the same query as before. I would prefer not to break
that behavior in case anyone relies on it.
Signed-off-by: Alexander Graf <agraf@suse.de>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Add a new command 'wol': Wait for an incoming Wake-on-LAN packet or
time out if no WoL packed is received.
If the WoL packet contains a password, it is saved in the environment
variable 'wolpassword' using the etherwake format (dot or colon
separated decimals).
Intended use case: a networked device should boot an alternate image.
It's attached to a network on a client site, modifying the DHCP server
configuration or setup of a tftp server is not allowed.
After power on the device waits a few seconds for a WoL packet. If a
packet is received, the device boots the alternate image. Otherwise
it boots the default image.
This method is a simple way to interact with a system via network even
if only the MAC address is known. Tools to send WoL packets are
available on all common platforms.
Some Ethernet drivers seem to pad the incoming packet. The additional
padding bytes might be recognized as Wake-on-LAN password bytes.
By default enabled in pengwyn_defconfig.
Signed-off-by: Lothar Felten <lothar.felten@gmail.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
ACPI tables can be passed via EFI configuration table to an EFI
application. This is only supported on x86 so far.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Each entry of the EFI memory descriptors occupies map->desc_size,
not sizeof(struct efi_mem_desc).
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add option to the booti_setup() which indicates to it that the caller
requires the image to be relocated to the beginning of the RAM and
that the information whether the image can be located anywhere in RAM
at 2 MiB aligned boundary or not is to be ignored. This is useful ie.
in case the Image is wrapped in another envelope, ie. fitImage and not
relocating it but moving it would corrupt the envelope.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Bin Chen <bin.chen@linaro.org>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Tom Rini <trini@konsulko.com>
Reviewed-By: Bin Chen <bin.chen@linaro.org>
Don't continue updating the offset when buffer is full.
When the buffer size exhausts and there's no space left to write
warn the user and update only the needed size and not both the
offset and needed size.
Add needed buffer size information in the iotrace command.
Signed-off-by: Ramon Fried <ramon.fried@gmail.com>
Add dump trace command which dump all trace
buffer content in a much more readable fashion
than md.
Signed-off-by: Ramon Fried <ramon.fried@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
1. Add initial support of boot states mode (red, green, yellow)
2. Add functions for enforcing dm-verity configurations
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Enable a "avb" command to execute Android Verified
Boot 2.0 operations. It includes such subcommands:
avb init - initialize avb2 subsystem
avb read_rb - read rollback index
avb write_rb - write rollback index
avb is_unlocked - check device lock state
avb get_uuid - read and print uuid of a partition
avb read_part - read data from partition
avb read_part_hex - read data from partition and output to stdout
avb write_part - write data to partition
avb verify - run full verification chain
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
A few minor fixes for the release:
- Compile fixes
- HI20 relocations for RISC-V
- Fix bootefi without load path
- Fix Runtime Services with certain compilers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABAgAGBQJbIp83AAoJECszeR4D/txg98QQAKjmnamRAJDWg5L2ZW9O8F6X
wtpVu5O9A6C8mVnt1RICPX2zgeeZ/Hx+2NIkvzj9rOon6CNt9ofNgefKJs9i7lI2
JOCZM9In66lGJUtNvMhbmFfWboa4DZN3bhbzU0h+clErMlcXaaatEOewUHfYTSzj
MxwQGktESvGOvZVcKPUXnFqd4dNFnBUF7yC9R903L3LXfAtSZZwmyhoEpNeUY6PK
1KMsycOmb5alZ90QzxAsWNTMDysnwmMXZmFTyFms3uy/NlMion+p2Wx6PQJK8woT
ImMhAF7B4c/C+Qa2n2oGrFIjSJi/8oDupKT2tLMcFEZWkyXoHbDLm2vAADBLVWIB
9IoxOt+N+ZVI+RSUbG0MI3aNzOcbIhXb3XwSbBnvsSabT9Uv1GMCRZfAKyROJCVR
jZx2xvOEsJZrgbPe3fM7UUlwYvOOvc+dKGYj+PjnoS8egq676GguMgGgI9PLsJOx
S0350+lhyVkKaSJOsTaeIFoExMrvSOmFSRl2KI1eDASwYIBI/afMIK3pgIcI4W4B
rRYGpF7jIcQzw11mEpu4DnC/yqJFmF60EywTY+pbvPKsW0GUSJ2Lt7h7f4eL1cgo
/za3FK1mzONKQqT6imvy3E/qWam7E58jG+W0TuQsOBH7L/1YerFmtHNnwysPUOCm
qGHYKbPExzeLtPsVsWol
=/PaA
-----END PGP SIGNATURE-----
Merge tag 'signed-efi-next' of git://github.com/agraf/u-boot
Patch queue for efi - 2018-06-14
A few minor fixes for the release:
- Compile fixes
- HI20 relocations for RISC-V
- Fix bootefi without load path
- Fix Runtime Services with certain compilers
When we boot using memdp (bootefi on an address without previous
load that populates the device path) then the memory device path
we pass in is not backed by any handle.
That can result in weird effects. For example grub gets very grumpy
about this inside the efi_net module and just loops endlessly.
So let's expose a simple handle that the memory device path is backed
on. That way any code that looks for the device the dp is on, finds
one.
Signed-off-by: Alexander Graf <agraf@suse.de>
After the commit 9b643e312d ("treewide: replace with error() with
pr_err()"), there are some pr_err() with no line break. Add missing
line breaks.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
For distro-boot, the TIMEOUT directive in the boot script specifies
how long to pause in units of 1/10 sec. [1]
Commit 8594753ba0 ("menu: only timeout when menu is displayed")
corrected this by simply dividing the timeout value by 10 in
menu_interactive_choice().
I see two problems:
- For example, "TIMEOUT 5" should wait for 0.5 sec, but the current
implementation cannot handle the granularity of 1/10 sec.
In fact, it never breaks because "m->timeout / 10" is zero,
which means no timeout.
- The menu API is used not only by cmd/pxe.c but also by
common/autoboot.c . For the latter case, the unit of the
timeout value is _second_ because its default is associated
with CONFIG_BOOTDELAY.
To fix the first issue, use DIV_ROUND_UP() so that the timeout value
is rounded up to the closest integer.
For the second issue, move the division to the boundary between
cmd/pxe.c and common/menu.c . This is a more desirable place because
the comment of struct pxe_menu says:
* timeout - time in tenths of a second to wait for a user key-press before
* booting the default label.
Then, the comment of menu_create() says:
* timeout - A delay in seconds to wait for user input. If 0, timeout is
* disabled, and the default choice will be returned unless prompt is 1.
[1] https://www.syslinux.org/wiki/index.php?title=SYSLINUX#TIMEOUT_timeout
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Do not use anonymous constants when calling efi_allocage_pages.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
The UEFI spec mandates that unaligned memory access should be enabled if
supported by the CPU architecture.
This patch adds an empty weak function unaligned_access() that can be
overridden by an architecture specific routine.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Remove a superfluous call to efi_init_obj_list() invoked by
'bootefi selftest'.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch adds support to load secure bitstreams(authenticated or
encrypted or both). As of now, this feature is added and tested only
for xilinx bitstreams and the secure bitstream was generated using
xilinx bootgen tool, but the command is defined in more generic way.
Command example to load authenticated and device key
encrypted bitstream is as follows
"fpga loads 0 100000 2000000 0 1"
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
This patch modifies the arguments parsing code by parsing
based on requested operation for fpga loadfs and then
parses the most common/basic args for other fpga load
commands. This makes it easy for new command extensions
or additions especially the commands with more args.
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Introduce CONFIG_IMAGE_SPARSE and CONFIG_CMD_MMC_SWRITE so the "mmc
swrite" command is separated from the fastboot code.
Move image-sparse from common to lib so it's clear it's library code.
Rename CONFIG_FASTBOOT_FLASH_FILLBUF_SIZE to CONFIG_IMAGE_SPARSE_FILLBUF_SIZE
and migrate it to Kconfig.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Acked-by: Jassi Brar <jaswinder.singh@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add the response string as a parameter to fastboot_okay/fail, instead
of modifying a global, to match the contract expected by the AOSP
U-Boot code.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>
Separate CMD_FASTBOOT from FASTBOOT and move code and configuration to
drivers/fastboot.
Switch dependencies on FASTBOOT to USB_FUNCTION_FASTBOOT as anyone who wants
FASTBOOT before this series wants USB_FUNCTION_FASTBOOT. Split
USB_FUNCTION_FASTBOOT from FASTBOOT so they retain their existing
behaviour.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
We have almost all pieces needed to support RISC-V UEFI binaries in place already.
The only missing piece are ELF relocations for runtime code and
data.
This patch adds respective support in the linker script and the runtime
relocation code. It also allows users to enable the EFI_LOADER configuration
switch on RISC-V platforms.
Signed-off-by: Alexander Graf <agraf@suse.de>
Add support for the TPM2_PCR_SetAuthPolicy and
TPM2_PCR_SetAuthValue commands.
Change the command file and the help accordingly.
Note: These commands could not be tested because the TPMs available
do not support them, however they could be useful for someone else.
The user is warned by the command help.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add support for the TPM2_HierarchyChangeAuth command.
Change the command file and the help accordingly.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add support for the TPM2_DictionaryAttackParameters and
TPM2_DictionaryAttackLockReset commands.
Change the command file and the help accordingly.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add support for the TPM2_GetCapability command.
Change the command file and the help accordingly.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add support for the TPM2_PCR_Read command.
Change the command file and the help accordingly.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add support for the TPM2_PCR_Extend command.
Change the command file and the help accordingly.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add support for the TPM2_Clear command.
Change the command file and the help accordingly.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>