In order to maintain the chain of trust, each stage of the boot process
will first authenticate each binary it loads before continuing. To
extend this to the kernal and its dtbs we can package the kernal and
its dtbs into another fitImage for Uboot to authenticate and extend the
chain of trust all the way to the kernel.
When 'boot_fit' is set, indicating we're using the secure bootflow, look
for and authenticate the kernel's fitImage.
Signed-off-by: Judith Mendez <jm@ti.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
We're currently using CONFIG_BOOTCOMMAND to run custom boot scripts to
jump into linux. While this works, let's begin the transition to more
distribution friendly jumps to linux by enabling distro_bootcmd.
Convert the custom bootcmd to a distro_bootcmd
Signed-off-by: Judith Mendez <jm@ti.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>
TI boards use a custom (though faily common to TI boards) mechanism for
booting Linux. We would like to use the "distroboot" approach.
Enable distroboot as a further option to use for booting on am625 should
the existing options fail.
Signed-off-by: Martyn Welch <martyn.welch@collabora.com>
There are currently no platform that are both CONFIG_SYS_NS16550_MEM32
and not (per how the logic was prior to being broken in 0478dac62a
("kbuild: Remove uncmd_spl logic")) enabled in CONFIG_DM_SERIAL. We drop
this line out now so that platforms which do use
CONFIG_SYS_NS16550_MEM32 and depending on stage may or may not have
DM_SERIAL set.
Fixes: 0478dac62a ("kbuild: Remove uncmd_spl logic")
Reported-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Tested-by: Quentin Schulz <quentin.schulz@theobroma-systems.com> #on Ringneck PX30, Puma RK3399
- rawnand: omap_gpmc: driver model support
-----BEGIN PGP SIGNATURE-----
iQJYBAABCgBCFiEE6GOTDNYiFygVXvMmQBtB6IWRjvEFAmO6pUskHGRhcmlvLmJp
bmFjY2hpQGFtYXJ1bGFzb2x1dGlvbnMuY29tAAoJEEAbQeiFkY7xo+kQAIRCr9c5
DPOa+yFSFnSrEj6Ci+Csx0+VFef+pzUU3phu5T8HG8bCkKtMmPopau37coFhzty/
87yQtVJoq5tMWdle8Lwg9SStYTjt2c9Vg6nZvNFaLDWkZm2zLJpgOB6KM+AIEvpG
PLJ2nVYqwoaZbW3o1eHPescKl3A7vkMuUxIZ/3NJtKOezuqhR42nHyNDaGLMbI2o
fvm17vc6gh07+ekR06frVOmUdxYbNcfEjCPLgf2fAqkAuBw17TB2akpDuTSYSck5
QcIZqJeKwCJjCKEzOlXZHktiX3E1CohOcEcPBKlWPvNORokc/ghcHFvvT846FFqE
VEZb0P/4lkvSCVBCwTbgnKtN1O8mN/lnHVMubQXWyP5ZK7PPn7BzyzOZfCm+Emdm
41B2H2+3+IRhTY9uYPyPXnyTQ/pDUZ2i7EXIguUAWOaq6GE8w9ICty1c7pxnCG5+
mm/4nhMrbQzQ7y4Snp1jZTcdvFczuBNFIEsSvOyHagXVCRHJi1/YT4L4t1mvUX5J
VPnidkrdQFIJpfJadEk/D3E43XXyqKtFpHy1yn1cqqiDd/TIGUmcf9oAkT6wuUZf
DoQjdRKJnr6nyPVfWF/cQ4c4qcDXvA5TIKztxrb/whaff+2I/vXW2QnV2YX3zyxt
Ry6YvBOH0xYTWNmQ7uFecjkpeKhb4FrKuUUf
=Agfn
-----END PGP SIGNATURE-----
Merge tag 'u-boot-nand-20230108' of https://source.denx.de/u-boot/custodians/u-boot-nand-flash into next
Pull request for u-boot-nand-20230108
- rawnand: omap_gpmc: driver model support
The "SCRIPT FAILED" string is copied from scan_dev_for_scripts script,
update it so it prints "EXTLINUX FAILED" instead in scan_dev_for_extlinux
script.
Signed-off-by: Marek Vasut <marex@denx.de>
Support u-boot driver model. We still retain
support legacy way of doing things if ELM_BASE
is defined in <asm/arch/hardware.h>
We could completely get rid of that if all
platforms defining ELM_BASE get rid of that definition
and enable CONFIG_SYS_NAND_SELF_INIT and are verified
to work.
Signed-off-by: Roger Quadros <rogerq@kernel.org>
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Link: https://lore.kernel.org/all/20221220102203.52398-9-rogerq@kernel.org
Link: https://lore.kernel.org/all/CABGWkvrvKiVA_yaDnHJcHEKwc+pEuLdz=i6HQEY0oJQvohCUsw@mail.gmail.com
On the vexpress_ca9x4 $loadaddr points to a memory area used by the EFI
sub-system. Use the same value as $kernel_addr_r which is safe.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
-----BEGIN PGP SIGNATURE-----
iQFQBAABCgA6FiEEqxhEmNJ6d7ZdeFLIHrMeAg6sL8gFAmO2mnEcHGV1Z2VuLmhy
aXN0ZXZAbWljcm9jaGlwLmNvbQAKCRAesx4CDqwvyBAOB/4y7e9y0jdKSWDwMdZj
enXK/U/GREFyuiSdadil0aJl9WfayjwZkh7uHSTj4pi9ApNivfoqsL7WZYpJxhRD
WlpNhs3TZ70i8CgKUosdzcpquAQZUZhg6iV5DCObrK6yNJRGOXLIwMOd+vw/Xz6/
YTGqzivEDMBuH/9HLuC0m+26PEpff8nenNEjC2k8ssG26ojLz7oCQh2HoHcSgNRc
HkEYlFJ/Le8kM8Ak2F3ebmsfgMTnFrRVwV1BsZa5vO0BrMYgJCORsl7Cnfcw6/2N
LEHG7kwlSorJeETn/gkLiZ+NyqzU+oFH0jGRZ5Ciqg1qcCO3k9yBMgWQzd7nTL6C
5oZA
=Ocdd
-----END PGP SIGNATURE-----
Merge tag 'u-boot-at91-2023.04-a' of https://source.denx.de/u-boot/custodians/u-boot-at91 into next
First set of u-boot-at91 features for the 2023.04 cycle:
This feature set includes the new DM-based NAND flash driver (old non-DM
driver is still kept for backwards compatibility), and the move to DM
NAND flash driver for sam9x60ek board. Feature set also includes
devicetree alignment for sama7g5 with Linux, devicetree alignment on USB
with Linux for all boards (sama5, sam9x60), chip id for sama7g5, minor
configs and tweaks.
Upstream linux commit 5994f58977e0.
Add reset bindings for SAMA7G5. At the moment only USB PHYs are
included.
The three reset USB phy's have their ID's mapped from 4 to 6. There are
no USB phy's with ID's numbered from 0 to 3.
Signed-off-by: Sergiu Moga <sergiu.moga@microchip.com>
Provide constants for the section flags used by binaries.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Per env/common.c, eth_env_get_enetaddr() returns the same return
values as is_valid_ethaddr(), i.e. true if valid, false otherwise.
Per env/common.c, eth_env_set_enetaddr() may return -EEXIST is the
ethaddr is already set. Fix both.
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Remove init of UART-clock and UART-reset in arch_cpu_init(). Add DEBUG_UART
to s5p4418_nanopi2_defconfig.
Signed-off-by: Stefan Bosch <stefan_b@posteo.net>
All uniphier v7 SoCs have cortex-a9 and use cortex-a9 global timer
in a simple implementation. Now DM_TIMER of it is available
on 35751c7f3f ("timer: sti: convert sti-timer to arm a9 global timer"),
so let's switch to it.
The old driver reads the lower 32bits of counter field
and sets the prescaler as 50 with PERIPHCLK(=50MHz),
so the global timer works as a 32-bit 1MHz timer.
The DM_TIMER uses the whole 64bits with no prescaler,
so the global timer works as a 64-bit PERIPHCLK timer.
CONFIG_SYS_HZ_CLOCK is set as the default PERIPHCLK frequency,
if there is no 'clocks' property in devicetree.
Signed-off-by: Dai Okamura <okamura.dai@socionext.com>
As discussed previously [1,2], the source command is not safe to use with
verified boot unless there is a key with required = "images" (which has its
own problems). This is because if such a key is absent, signatures are
verified but not required. It is assumed that configuration nodes will
provide the signature. Because the source command does not use
configurations to determine the image to source, effectively no
verification takes place.
To address this, allow specifying configuration nodes. We use the same
syntax as the bootm command (helpfully provided for us by fit_parse_conf).
By default, we first try the default config and then the default image. To
force using a config, # must be present in the command (e.g. `source
$loadaddr#my-conf`). For convenience, the config may be omitted, just like
the address may be (e.g. `source \#`). This also works for images
(`source :` behaves exactly like `source` currently does).
[1] https://lore.kernel.org/u-boot/7d711133-d513-5bcb-52f2-a9dbaa9eeded@prevas.dk/
[2] https://lore.kernel.org/u-boot/042dcb34-f85f-351e-1b0e-513f89005fdd@gmail.com/
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add a fallback for this function so it can be used without regard to
whether FIT_SIGNATURE is enabled or not.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
At this point in the conversion there should be no need to have logic to
disable some symbol during the SPL build as all symbols should have an
SPL counterpart.
The main real changes done here are that we now must make proper use of
CONFIG_IS_ENABLED(DM_SERIAL) rather than many of the odd tricks we
developed prior to CONFIG_IS_ENABLED() being available.
Signed-off-by: Tom Rini <trini@konsulko.com>
A number of CONFIG symbols have crept in that are never referenced in
code, so drop them here. Further, we have two symbols being enabled
in headers while already enabled correctly in Kconfig, so these lines
can also be removed.
Signed-off-by: Tom Rini <trini@konsulko.com>
Rename the CONFIG_POWER_BD71837_I2C_* symbols to not have the CONFIG
prefix and be local to the file they are used in.
Signed-off-by: Tom Rini <trini@konsulko.com>
Perform simple renames of:
CONFIG_WATCHDOG_PRESC to CFG_WATCHDOG_PRESC
CONFIG_WATCHDOG_RC to CFG_WATCHDOG_RC
Signed-off-by: Tom Rini <trini@konsulko.com>
Perform simple renames of:
CONFIG_VSC7385_IMAGE to CFG_VSC7385_IMAGE
CONFIG_VSC7385_IMAGE_SIZE to CFG_VSC7385_IMAGE_SIZE
Signed-off-by: Tom Rini <trini@konsulko.com>