Several different firmware users have repetitive code to extract the
firmware data from a FIT. Add some helper functions to reduce the amount
of repetition. fit_conf_get_prop_node (eventually) calls
fdt_check_node_offset_, so we can avoid an explicit if. In general, this
version avoids printing on error because the callers are typically
library functions, and because the FIT code generally has (debug)
prints of its own. One difference in these helpers is that they use
fit_image_get_data_and_size instead of fit_image_get_data, as the former
handles external data correctly.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
FTD blob can be put immediately after the OS image.
So use strict inequality for start address check.
Fixes: fbde7589ce ("common: bootm: add checks to verify if ramdisk / fdtimage overlaps OS image")
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
fit_image_get_comp() should not set value -1 in case it can't read
the compression node. Instead, leave the value untouched in that case
as it can be absent and a default value previously defined by the
caller of fit_image_get_comp() should be used.
As a result the warning message
WARNING: 'compression' nodes for ramdisks are deprecated, please fix your .its file!
no longer shows if the compression node is actually absent.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Change variable name 'imape_comp' to the supposedly intended name
'image_comp'.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Don't assign a value to a variable if it is not used afterwards.
Move variables to the code fragment where they are used.
Addresses-Coverity: CID 356243 ("Code maintainability issues (UNUSED_VALUE)")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
uclass_find_first_device() may return NULL if no device for the uclass
exists. Handle this case gracefully.
Addresses-Coverity: CID 356244 ("Null pointer dereferences (FORWARD_NULL)")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add support for VBE simple, which permits firmware update of a single
image stored in MMC or another block device.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present there is a confusing array of functions that handle the
device tree fix-ups needed for booting an OS. We should be able to switch
to using events to clean this up.
As a first step, create a new event type and call it from the standard
place.
Note that this event uses the ofnode interface only, since this can
support live tree which is more efficient when making lots of updates.
Signed-off-by: Simon Glass <sjg@chromium.org>
This was a work-around for the fact that global bootmeths such as EFI
bootmgr and VBE don't use a particular bootdev, or at least select it
themselves so that we don't need to scan all bootdevs when using that
bootmeth.
Drop the system bootdev entirely.
Signed-off-by: Simon Glass <sjg@chromium.org>
Now that we can separate this out from the normal bootmeths, update the
code to create it always.
We cannot rely on the device tree to create this, since the EFI project
is quite opposed to having anything in the device tree that helps U-Boot
with its processing.
Signed-off-by: Simon Glass <sjg@chromium.org>
Typically we want to find and use global bootmeths first, since they have
the best idea of how the system should boot. We then use normal bootmeths
as a fallback.
Add the logic for this, putting global bootmeths at the end of the
ordering. We can then easily scan the global bootmeths first, then drop
them from the list for subsequent bootdev-centric scans.
This changes the ordering of global bootmeths, so update the
bootflow_system() accordingly.
Drop the comment from bootmeth_setup_iter_order() since this is an
exported function and it should be in the header file.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add support for handling this concept in bootflows. Update the 'bootflow'
command to allow only the normal bootmeths to be used. This alllows
skipping EFI bootmgr and VBE, for example.
Signed-off-by: Simon Glass <sjg@chromium.org>
With global bootmeths we want to scan without a bootdev. Update the logic
to allow this.
Change the bootflow command to show the bootdev only when valid.
Signed-off-by: Simon Glass <sjg@chromium.org>
For most testing we don't want this bootmeth to actually do anything. For
the one test where we do, add a test hook to obtain the correct behaviour.
This will allow us to bind the device always, rather than just doing it
for this test.
Signed-off-by: Simon Glass <sjg@chromium.org>
The current way of handling things like EFI bootmgr is a bit odd, since
that bootmeth handles selection of the bootdev itself. VBE needs to work
the same way, so we should support it properly.
Add a flag that indicates that the bootmeth is global, rather than being
invoked on each bootdev. Provide a helper to read a bootflow from the
bootmeth.
Signed-off-by: Simon Glass <sjg@chromium.org>
Avoid using 'count' to mean either a count or an error, since this is
confusing. In fact, the called function never return 0, since that is an
error.
Use 'ret' instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some bootmeths can provide information about what is available to boot.
For example, VBE simple provides access to the firmware state.
Add a new method for this, along with a sandbox test.
Signed-off-by: Simon Glass <sjg@chromium.org>
If the ordering produces no entries, this is an error. Report it, so that
the caller doesn't try to continue with a NULL bootmeth.
This fixes a crash in the bootflow_iter test when running with the sandbox
'default' device tree, instead of the required 'test' one.
Signed-off-by: Simon Glass <sjg@chromium.org>
Remove the dependency on CMD_PXE from BOOTMETH_DISTRO by introducing a
new hidden kconfig symbol to control whether pxe_utils is compiled,
allowing bootstd's distro method to be compiled without needing
networking support enabled.
Signed-off-by: John Keeping <john@metanate.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Correct build errors when CMD_BOOTM is not enabled:
Signed-off-by: Simon Glass <sjg@chromium.org>
This is not needed now that CONFIG_SYS_TARGET_NAME is correctly determined
when scanning Kconfig.
This reverts commit 25b8acee2e.
Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
As the only pic32 platform does not enable flash, this is dead code.
Remove it.
Cc: Purna Chandra Mandal <purna.mandal@microchip.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
These flags may be used to check whether an FPGA driver is able to
load a particular FPGA bitstream image.
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Tested-by: Ricardo Salveti <ricardo@foundries.io>
Tested-by: Adrian Fiergolski <adrian.fiergolski@fastree3d.com>
Link: https://lore.kernel.org/r/20220722141614.297383-7-oleksandr.suvorov@foundries.io
Signed-off-by: Michal Simek <michal.simek@amd.com>
With commit ce39ee28ec ("zynqmp: Do not place u-boot to reserved memory
location"), the function board_get_usable_ram_top() is allocating
MMU_SECTION_SIZE of about 2MB using lmb_alloc(). But we dont have this
much memory in case of mini U-Boot.
Keep these functions which use lmb under CONFIG_LMB so that they are
compiled and used only when LMB is enabled.
Signed-off-by: Ashok Reddy Soma <ashok.reddy.soma@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@amd.com>
Link: https://lore.kernel.org/r/75e52def75f573e554a6b177a78504c128cb0c4a.1657183534.git.michal.simek@amd.com
Coverity CID 131256 indicates a possible buffer overflow in label_boot().
This would only occur if the size of the downloaded file would exceed 4
GiB. But anyway we can simplify the code by using snprintf() and checking
the return value.
Addresses-Coverity-ID: 131256 ("Security best practices violations (STRING_OVERFLOW)")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
This converts the following to Kconfig:
CONFIG_SYS_BOOTM_LEN
As part of this, rework error handling in boot/bootm.c so that we pass
the buffer size to handle_decomp_error as CONFIG_SYS_BOOTM_LEN will not
be available to host tools but we do know the size that we passed to
malloc().
Cc: Soeren Moch <smoch@web.de>
Signed-off-by: Tom Rini <trini@konsulko.com>
Tighten up symbol dependencies in a number of places. Ensure that a SPL
specific option has at least a direct dependency on SPL. In places
where it's clear that we depend on something more specific, use that
dependency instead. This means in a very small number of places we can
drop redundant dependencies.
Reported-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
The documentation above the DEFINE_ALIGN_BUFFER says it's for use
outside functions, but we're inside one.
Instead use ALLOC_CACHE_ALIGN_BUFFER, the stack based macro, which also
includes the cache alignment.
Fixes: b583348ca8 ("image: fit: Align hash output buffers")
Signed-off-by: Joel Stanley <joel@jms.id.au>
Tested-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Reviewed-by: Sean Anderson <sean.anderson@seco.com>
Tighten up symbol dependencies in a number of places. Ensure that a TPL
specific option has at least a direct dependency on TPL. In places
where it's clear that we depend on something more specific, use that
dependency instead.
Reported-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Linux determines its console based on several sources:
1. the console command line parameter
2. device tree (e.g. /chosen/stdout-path)
3. various other board- and arch-specific sources
If the console parameter specifies a real console (e.g. ttyS0) then that is
used as /dev/console. However, if it does not specify a real console (e.g.
ttyDoesntExist) then *nothing* will be used as /dev/console.
Reading/writing it will return ENODEV. Additionally, no other source will
be used as a console source.
Linux commit ab4af56ae250 ("printk/console: Allow to disable console output
by using console="" or console=null") recently changed the semantics of the
parameter. Previously, specifying console="" would be treated like
specifying some other bad console. This commit changed things so that it
added /dev/ttynull as a console (if available). However, it also allows
for other console sources. If the device tree specifies a console (such as
if U-Boot and Linux share a device tree), then it will be used in addition
to /dev/ttynull. This can result in a non-silent console.
To avoid this, explicitly set ttynull as the console. This will disable
other console sources. If CONFIG_NULL_TTY is disabled, then this will have
the same behavior as in the past (no output, and writing /dev/console
returns ENODEV).
[1] and [2] have additional background on this kernel change.
[1] https://lore.kernel.org/all/20201006025935.GA597@jagdpanzerIV.localdomain/
[2] https://lore.kernel.org/all/20201111135450.11214-1-pmladek@suse.com/
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
The commit 2158b0da22 ("bootmenu: add Kconfig option
not to enter U-Boot console") disables to enter U-Boot
console from bootmenu as default, this change affects the
existing bootmenu users.
This commit reverts the default behavior, the bootmenu can
enter U-Boot console same as before.
CMD_BOOTMENU_ENTER_UBOOT_CONSOLE is renamed
BOOTMENU_DISABLE_UBOOT_CONSOLE and depends on
AUTOBOOT_MENU_SHOW.
Fixes: 2158b0da22 ("bootmenu: add Kconfig option not to enter U-Boot console")
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Tested-by: Pali Rohar <pali@kernel.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
TI secure devices chain-of-trust depends on FIT image processing,
enable it by default on these devices. This also reduces the delta
between the secure and non-secure defconfig files.
Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Non-FIT image loading support should be disabled for TI secure
devices as the image handlers for those image types do not follow
our secure boot checks.
Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
We would like to use bootstd by default when EFI boot manager is not
enabled. But so far bootstd does not support all the of distro-boot
fetures. So for now, add an option to select this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a bootmeth driver which handles distro boot from a disk via a U-Boot
script, so we can boot a bootflow using this commonly used mechanism. This
is required by Armbian, for example.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a bootmeth driver which handles EFI boot manager, using EFI_LOADER.
In effect, this provides the same functionality as the 'bootefi bootmgr'
command and shares the same code. But the interface into it is via a
bootmeth, so it does not require any special scripts, etc.
For now this requires the 'bootefi' command be enabled. Future work may
tidy this up so that it can be used without CONFIG_CMDLINE being enabled.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some boot methods don't act on a single bootdev but instead do their own
thing. An example is EFI bootmgr which scan various devices using its own
logic. Add a bootdev to handle this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a bootmeth driver which handles EFI boot, using EFI_LOADER.
In effect, this provides the same functionality as the 'bootefi' command
and shares the same code. But the interface into it is via a bootmeth,
so it does not require any special scripts, etc.
For now this requires the 'bootefi' command be enabled. Future work may
tidy this up so that it can be used without CONFIG_CMDLINE being enabled.
There was much discussion about whether this is needed, but it seems
that it is, at least for now.
Signed-off-by: Simon Glass <sjg@chromium.org>