- Merge some fixes to how we enable hash algorithms for FIT images in
SPL. This fixes a few cases where we should have had some options
enabled, but did not. This also removes otherwise unused options in a
few other cases.
calculate_hash() would try to select the appropriate hashing function
by a if/elseif contruct. But that is exactly why hash_lookup_algo()
exists, so use it instead.
This does mean that we now have to 'select HASH' to make sure we get
the hash_lookup_algo() symbol. However, the change makes sense because
even basic FITs will have to deal with "hash" nodes.
My only concern is that the 'select SPL_HASH' might cause some
platform to grow above its SPL size allowance
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Make FSL_CAAM be implied only on ARM && SPL]
Signed-off-by: Tom Rini <trini@konsulko.com>
MD5 is being called directly in some places, but it is not available
via hash_lookup_algo("md5"). This is inconsistent with other hasing
routines. To resolve this, add an "md5" entry to hash_algos[].
The #ifdef clause looks funnier than those for other entries. This is
because both MD5 and SPL_MD5 configs exist, whereas the other hashes
do not have "SPL_" entries. The long term plan is to get rid of the
ifdefs, so those should not be expected to survive much longer.
The md5 entry does not have .hash_init/update/finish members. That's
okay because hash_progressive_lookup_algo() will catch that, and
return -EPROTONOSUPPORT, while hash_lookup_algo() will return the
correct pointer.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Use CONFIG_IS_ENABLED not IS_ENABLED for MD5 check]
Signed-off-by: Tom Rini <trini@konsulko.com>
All of these configs exist. Stick to using CONFIG_[ST]PL_HASH, and drop all
references to CONFIG_[ST]PL_HASH_SUPPORT. This means we need for
CHAIN_OF_TRUST to select SPL_HASH now.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Add TPL case, fix CHAIN_OF_TRUST, other tweaks]
Signed-off-by: Tom Rini <trini@konsulko.com>
SHA512_ALGO was used as a "either SHA512 or SHA384", although the
implementations of these two algorithms share a majority of code.
From a Kconfig interface perspective, it makes sense to present two
distinct options. This requires #ifdefing out the SHA512
implementation from sha512.c. The latter doesn't make any sense.
It's reasonable to say in Kconfig that SHA384 depends on SHA512, and
seems to be the more polite way to handle the selection.
Thus, automatically select SHA512 when SHA384 is enabled.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Originally CONFIG_FIT_SHAxxx enabled specific SHA algos for and only
for hash_calculate() in common/image-fit.c. However, since commit
14f061dcb1 ("image: Drop IMAGE_ENABLE_SHAxxx"),
the correct selector was changed to CONFIG_SHAxxx.
The extra "_FIT_" variants are neither used, nor needed. Remove them.
One defconfig disables FIT_SHA256, which is now changed to 'SHA256'.
CMD_MVEBU_BUBT needs to select select SHA256 to avoid undefined
references to "sha256_*()". bubt.c needs sha256, so this selection is
correct. It is not clear why this problem did not manifest before.
Note that SHA selection in SPL is broken for this exact reason. There
is no corresponding SPL_SHAxxx. Fixing this is is beyond the scope of
this change.
Also note that we make CONFIG_FIT now imply SHA256, to make up for
FIT_SHA256 previously being a default y option.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Add imply SHA256 to FIT]
Signed-off-by: Tom Rini <trini@konsulko.com>
We usually use a space in function declaration, rather than a tab.
Signed-off-by: Zong Li <zong.li@sifive.com>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Rick Chen <rick@andestech.com>
Invokes the common cache_init function to initialize ccache.
Signed-off-by: Zong Li <zong.li@sifive.com>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Rick Chen <rick@andestech.com>
The enable_caches is a generic hook for architecture-implemented, we
define this function to enable composable cache of sifive platforms.
In sifive_cache, it invokes the generic cache_enable interface of cache
uclass to execute the relative implementation in SiFive ccache driver.
Signed-off-by: Zong Li <zong.li@sifive.com>
Reviewed-by: Rick Chen <rick@andestech.com>
The enable_caches is a generic hook for architecture-implemented, we
leverage this function to enable caches for RISC-V
Signed-off-by: Zong Li <zong.li@sifive.com>
Reviewed-by: Rick Chen <rick@andestech.com>
This driver is currently responsible for enabling all ccache ways.
Composable cache could be configure as RAM or cache, we will use it as
RAM at the beginning to put the u-boot SPL there. In u-boot proper
phrase, we will use the composable cache as cache, and try to enable the
cache ways.
Signed-off-by: Zong Li <zong.li@sifive.com>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Rick Chen <rick@andestech.com>
The ocores_i2c.c driver is missing a sentinel at the end of
the compatible strings list. This causes the "dm compat" command
to spew garbage.
Signed-off-by: Thomas Skibo <thomas-git@skibo.net>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
To make analyzing exceptions easier output the code that leads to it.
We already do the same on the ARM platform.
Here is an example:
=> exception ebreak
Unhandled exception: Breakpoint
EPC: 000000008ff5d50e RA: 000000008ff5d62c TVAL: 0000000000000000
EPC: 000000008020b50e RA: 000000008020b62c reloc adjusted
Code: 2785 0693 07a0 dce3 fef6 47a5 d563 00e7 (9002)
To disassemble the code we can use the decodecode script:
$ echo 'Code: 2785 0693 07a0 dce3 fef6 47a5 d563 00e7 (9002)' | \
CROSS_COMPILE=riscv64-linux-gnu- scripts/decodecode
Code: 2785 0693 07a0 dce3 fef6 47a5 d563 00e7 (9002)
All code
========
0: 2785 addiw a5,a5,1
2: 07a00693 li a3,122
6: fef6dce3 bge a3,a5,0xfffffffffffffffe
a: 47a5 li a5,9
c: 00e7d563 bge a5,a4,0x16
10:* 9002 ebreak <-- trapping instruction
...
Code starting with the faulting instruction
===========================================
0: 9002 ebreak
...
As it is not always clear if the first 16 bits are at the start or in the
middle of a 32bit instruction it may become necessary to strip the first
u16 from the output before calling decodecode to get the correct
disassembled code.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Sean Anderson <seanga2@gmail.com>
Both for 64bit and 32bit at least on one board we should compile the sbi
command. Enabling it on QEMU will allow to write a test for it.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
On the HiFive Unmatched a PCI to SATA adapter may be used to install a SATA
drive. Enable booting from it.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
When booting in EFI, lib/efi_loader/efi_memory.c calls
board_get_usable_ram_top(0) which returns by default
gd->ram_base + gd->ram_size which is the top of DDR.
In case of OPTEE boot, the top of DDR is currently reserved by OPTEE,
board_get_usable_ram_top(0) must return an address outside OPTEE
reserved memory.
gd->ram_top matches this constraint as it has already been initialized
by substracting all DT reserved-memory (included OPTEE memory area).
Fixes: 92b611e8b0 ("stm32mp: correctly handle board_get_usable_ram_top(0)")
Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Documentation:
Remove invalid reference to configuration variable in UEFI doc
UEFI:
Parameter checks for the EFI_TCG2_PROTOCOL
Improve support of preseeding UEFI variables.
Correct the calculation of the size of loaded images.
Allow for UEFI images with zero VirtualSize
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmEzRO0ACgkQxIHbvCwF
GsSXeQ//QkOl49qqDIgySVeq28Q1Ijs0vpqHdNi65Ob12rB2k1Sc8s9bLizmDn8r
D1uicHCpEKzW+8j2xoDEGjNon8RryFqVrhTuKSvPt6WHDZedpCuCijvEYfj5CWU2
/M16yLdYCrIlk9lMZrPsCRkrFC70PD7VIfZP51CfIY4WDx749VehVEgzUEEf863f
etEmXTNL4p+lkMPzfV945OiiszRKx1VGAzM+koNhdi1SJZq+esR+dzZD55d81luT
4kR3FW4DLjdzKch5tuNli9cvFW0n0Ky+2zfrIBsbYtCXinrvdxrU0RzjaU9PUmHs
NnWDie0bbsLJJx7fkUIQ0Twk5lZPYxTkGLRi37z67gLl0cRLidgZ0wRLYLjIzBQJ
4zfgnY2BKoFfCrt1pkKXeGh6Fl8NDSpw3zXvvtxINDfRV7iFY52kTuBNguyZPz/+
Fz9S31f1o+KW6oD5ltLGIJRX5H+MRWSvzpWR+tYtG/cQf9C6u+SKtOdJNOZZRTZ+
fPfdszapZiyMgCGcdHdUSYaeG091/0Q7wkrIEMK/w7nkzqlEi6HaM2n7ybNL3SMc
bSkGno4qecTW+zkLIoRrahV9KpKqXkzkiAwSPkkg6flF4ZnNrvbBXa9T7wbygw1u
Csb95GXcYf3o4zskSl20MNoY8H0nEDf7FVPauDRwd6Xuqp43sS0=
=vUWc
-----END PGP SIGNATURE-----
Merge tag 'efi-2021-10-rc4' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2021-10-rc4
Documentation:
Remove invalid reference to configuration variable in UEFI doc
UEFI:
Parameter checks for the EFI_TCG2_PROTOCOL
Improve support of preseeding UEFI variables.
Correct the calculation of the size of loaded images.
Allow for UEFI images with zero VirtualSize
TCG EFI Protocol Specification defines that PCRIndex parameter
passed from caller must be 0 to 23.
TPM2_MAX_PCRS is currently used to check the range of PCRIndex,
but TPM2_MAX_PCRS is tpm2 device dependent and may have larger value.
This commit newly adds EFI_TCG2_MAX_PCR_INDEX macro, it is used to
check the range of PCRIndex parameter.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
TCG EFI Protocol Specification requires to the input
ProtocolCapability.Size < size of the EFI_TCG2_BOOT_SERVICE_CAPABILITY
up to and including the vendor ID field.
Current implementation does different calculation, let's fix it.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
TCG EFI Protocol Specification defines the required parameter
checking and return value for each API.
This commit adds the missing parameter check and
fixes the wrong return value to comply the specification.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
When U-Boot is started we have to use the existing variables to determine
in which secure boot state we are.
* If a platform key PK is present and DeployedMode=1, we are in deployed
mode.
* If no platform key PK is present and AuditMode=1, we are in audit mode.
* Otherwise if a platform key is present, we are in user mode.
* Otherwise if no platform key is present, we are in setup mode.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Writing variables AuditMode and DeployedMode serves to switch between
Secure Boot modes. Provide a separate value for these in efi_auth_var_type.
With this patch the variables will not be read from from file even if they
are marked as non-volatile by mistake.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The UEFI specification requires that the signature database may only be
stored in tamper-resistant storage. So these variable may not be read
from an unsigned file.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
We should not first allocate memory and then report a rounded up value as
image size. Instead first round up according to section allocation and then
allocate the memory.
Fixes: 82786754b9 ("efi_loader: ImageSize must be multiple of SectionAlignment")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
In a section header VirtualSize may be zero. This is for instance seen in
the .sbat section of shim. In this case use SizeOfRawData as section size.
Fixes: 9d30a941cc ("efi_loader: don't load beyond VirtualSize")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Asherah Connor <ashe@kivikakk.ee>
This Kconfig symbol was never added to U-Boot but it was mentioned in the
origin commit c35df7c9e4 ("qemu: arm64: Add documentation for capsule
update"). That's why remove it from documentation to be accurate.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
DMA is aligned to ARCH_DMA_MINALIGN(64 bytes), but as per spec, alignment
required is 4bytes only. Change DMA alignment from ARCH_DMA_MINALIGN to
GQSPI_DMA_ALIGN. Remove alignment of data length in non-exponential case.
Some minor improvements in the initialization to initialize gen_fifo
threshold and disable qspi controller while setting config register.
Signed-off-by: Ashok Reddy Soma <ashok.reddy.soma@xilinx.com>
Tested-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Current implementation uses auto mode for starting generic FIFO.
The recommendation from IP designers is to use manual mode, hence
change to manual start mode.
In fill genfifo first write to genfio and then trigger manual start.
Also enable and check for genfifo empty interrupt status in place of
genfifo not full interrupt.
Signed-off-by: Ashok Reddy Soma <ashok.reddy.soma@xilinx.com>
Tested-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
This Kconfig symbol was never added to U-Boot but it was mentioned in the
origin commit c35df7c9e4 ("qemu: arm64: Add documentation for capsule
update"). That's why remove it from documentation to be accurate.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
BTRFS volume consists of a number of subvolumes which can be mounted separately
from each other. The top-level subvolume always exists even if no subvolumes
were created manually. A subvolume can be denoted as the default subvolume i.e.
the subvolume which is mounted by default.
The default "default subvolume" is the top-level one, but this is far from the
common practices used in the wild. For instance, openSUSE provides an OS
snapshot/rollback feature based on BTRFS. To achieve this, the actual OS root
filesystem is located into a separate subvolume which is "default" but not
"top-level". That means that the /boot/dtb/ directory is also located inside
this default subvolume instead of top-level one.
However, the existing btrfs u-boot driver always uses the top-level subvolume
as the filesystem root. This behaviour 1) is inconsistent with
mount /dev/sda1 /target
command, which mount the default subvolume 2) leads to the issues when
/boot/dtb cannot be found properly (see the reference).
This patch uses the default subvolume as the filesystem root to overcome
mentioned issues.
Reference: https://bugzilla.suse.com/show_bug.cgi?id=1185656
Signed-off-by: Matwey V. Kornilov <matwey.kornilov@gmail.com>
Fixes: f06bfcf54d ("fs: btrfs: Crossport open_ctree_fs_info() from btrfs-progs")
Reviewed-by: Qu Wenruo <wqu@suse.com>
Support for register headers in v1 images was implemented in commit
02ba70ad68 ("tools: kwbimage: Add support for DATA command also for v1
images"). So remove old comment.
Signed-off-by: Pali Rohár <pali@kernel.org>
Fixes: 02ba70ad68 ("tools: kwbimage: Add support for DATA command also for v1 images")
Reviewed-by: Stefan Roese <sr@denx.de>
image_get_csk_index() may return -1 in case of an error. Don't use this
value as index.
This resolves Coverity CID 338488
Memory - illegal accesses (NEGATIVE_RETURNS)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Pali Rohár <pali@kernel.org>
Always check the return value of fopen().
This resolves Coverity CID 338491:
Null pointer dereferences (NULL_RETURNS)
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Pali Rohár <pali@kernel.org>
Disable MCU watchdog in board_late_init() instead of board_init(), so
that it is disabled after U-Boot enables SOC watchdog instead of before.
This way there is no window when the board is vulnerable.
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
When booting over UART, sending U-Boot proper may take too much time and
MCU watchdog will reset the board before U-Boot proper is loaded.
Better disable MCU watchdog in SPL when booting over UART.
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
We do not need to guard code in board_init() and board_late_init()
functions with the CONFIG_SPL_BUILD macro, since these functions are not
called in SPL.
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Move the function get_boot_device() from spl.c to cpu.c.
Make it visible, so that it may be used from other files.
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Armada 37xx serial driver does not use CONFIG_DEBUG_UART_SHIFT.
So do not define any bogus value for CONFIG_DEBUG_UART_SHIFT option in any
Armada 37xx defconfig file.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
PCIe-based NVMe SSD disks in M.2 2230/2242/2260 form-factor can be
connected to Turris Omnia mPCIe slot via passive M.2 <--> mPCIe adapter.
So enable PCIe NVMe drivers.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
SATA disks could be connected via mPCIe add-in card with PCIe-SATA
controller into Mox-B or Mox-G module.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Espressobin has one on-board SATA port which is connected directly to CPU.
More SATA disks can be connected via mPCIe add-in card with PCIe-SATA
controller.
So enable required SATA AHCI PCIe drivers in defconfig file.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
File mach/soc.h is included also in 64-bit mvebu processors, so define
Armada XP related macros only when compiling for Armada XP.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
There are already IBR_HDR_* constants for these numbers, so use them.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Part of image data is 4 byte checksum, so every image must contain at least
4 bytes. Verify it to prevent memory corruptions.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>