u-boot.git/cmd/bootm.c, branch v2024.01 Unnamed repository; edit this file 'description' to name the repository. Merge tag 'tpm-next-27102023' of https://source.denx.de/u-boot/custodians/u-boot-tpm 2023-10-27T23:27:29+00:00 Tom Rini trini@konsulko.com 2023-10-27T23:27:29+00:00 d5d9770f58ce0ba620e4d311bbd756b97839480a bootX measurements and measurement API moved to u-boot core: Up to now, U-Boot could perform measurements and EventLog creation as described by the TCG spec when booting via EFI. The EFI code was residing in lib/efi_loader/efi_tcg2.c and contained both EFI specific code + the API needed to access the TPM, extend PCRs and create an EventLog. The non-EFI part proved modular enough and moving it around to the TPM subsystem was straightforward. With that in place we can have a common API for measuring binaries regardless of the boot command, EFI or boot(m|i|z), and contructing an EventLog. I've tested all of the EFI cases -- booting with an empty EventLog and booting with a previous stage loader providing one and found no regressions. Eddie tested the bootX part. Eddie also fixed the sandbox TPM which couldn't be used for the EFI code and it now supports all the required capabilities. This had a slight sideeffect in our testing since the EFI subsystem initializes the TPM early and 'tpm2 init' failed during some python tests. That code only opens the device though, so we can replace it with 'tpm2 autostart' which doesn't error out and still allows you to perfom the rest of the tests but doesn't report an error if the device is already opened. There's a few minor issues with this PR as well but since testing and verifying the changes takes a considerable amount of time, I prefer merging it now. Heinrich has already sent a PR for -master containing "efi_loader: fix EFI_ENTRY point on get_active_pcr_banks" and I am not sure if that will cause any conflicts, but in any case they should be trivial to resolve. Both the EFI and non-EFI code have a Kconfig for measuring the loaded Device Tree. The reason this is optional is that we can't reason when/if devices add random info like kaslr-seed, mac addresses etc in the DT. In that case measurements are random, board specific and eventually useless. The reason it was difficult to fix it prior to this patchset is because the EFI subsystem and thus measurements was brought up late and DT fixups might have already been applied. With this patchset we can measure the DT really early in the future. Heinrich also pointed out that the two Kconfigs for the DTB measurements can be squashed in a single one and that the documentation only explains the non-EFI case. I agree on both but as I said this is a sane working version, so let's pull this first it's aleady big enough and painful to test. 
bootX measurements and measurement API moved to u-boot core:

Up to now, U-Boot could perform measurements and EventLog creation as
described by the TCG spec when booting via EFI.

The EFI code was residing in lib/efi_loader/efi_tcg2.c and contained
both EFI specific code + the API needed to access the TPM, extend PCRs
and create an EventLog. The non-EFI part proved modular enough and
moving it around to the TPM subsystem was straightforward.

With that in place we can have a common API for measuring binaries
regardless of the boot command, EFI or boot(m|i|z), and contructing an
EventLog.

I've tested all of the EFI cases -- booting with an empty EventLog and
booting with a previous stage loader providing one and found no
regressions.  Eddie tested the bootX part.

Eddie also fixed the sandbox TPM which couldn't be used for the EFI code
and it now supports all the required capabilities. This had a slight
sideeffect in our testing since the EFI subsystem initializes the TPM
early and 'tpm2 init' failed during some python tests. That code only
opens the device though, so we can replace it with 'tpm2 autostart'
which doesn't error out and still allows you to perfom the rest of the
tests but doesn't report an error if the device is already opened.

There's a few minor issues with this PR as well but since testing and
verifying the changes takes a considerable amount of time, I prefer
merging it now.

Heinrich has already sent a PR for -master containing "efi_loader: fix
EFI_ENTRY point on get_active_pcr_banks" and I am not sure if that will
cause any conflicts, but in any case they should be trivial to resolve.

Both the EFI and non-EFI code have a Kconfig for measuring the loaded
Device Tree.  The reason this is optional is that we can't reason
when/if devices add random info like kaslr-seed, mac addresses etc in
the DT. In that case measurements are random, board specific and
eventually useless.  The reason it was difficult to fix it prior to this
patchset is because the EFI subsystem and thus measurements was brought
up late and DT fixups might have already been applied. With this
patchset we can measure the DT really early in the future.

Heinrich also pointed out that the two Kconfigs for the DTB measurements
can be squashed in a single one and that the documentation only explains
the non-EFI case.  I agree on both but as I said this is a sane working
version, so let's pull this first it's aleady big enough and painful to
test.
bootm: Support boot measurement 2023-10-27T10:15:57+00:00 Eddie James eajames@linux.ibm.com 2023-10-24T15:43:50+00:00 dec166d6b2c28d971394ebe1bc0ac70b88b575c0 Add a configuration option to measure the boot through the bootm function. Add the measurement state to the booti and bootz paths as well. Signed-off-by: Eddie James <eajames@linux.ibm.com> Reviewed-by: Simon Glass <sjg@chromium.org> Ilias: Added some info on Kconfig explaining this is when booting !EFI Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.

Signed-off-by: Eddie James <eajames@linux.ibm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Ilias: Added some info on Kconfig explaining this is when booting !EFI
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
cmd: Convert existing long help messages to the new macro 2023-10-16T14:24:58+00:00 Tom Rini trini@konsulko.com 2023-10-07T19:13:08+00:00 3616218b5acea74011aea2d14aa1f6366f242849 - Generally we just drop the #ifdef CONFIG_SYS_LONGHELP and endif lines and use U_BOOT_LONGHELP to declare the same variable name as before - In a few places, either rename the variable to follow convention or introduce the variable as it was being done inline before. Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
- Generally we just drop the #ifdef CONFIG_SYS_LONGHELP and endif lines
  and use U_BOOT_LONGHELP to declare the same variable name as before
- In a few places, either rename the variable to follow convention or
  introduce the variable as it was being done inline before.

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
boot: Remove unused NEEDS_MANUAL_RELOC code bits 2023-09-14T14:42:24+00:00 Marek Vasut marek.vasut+renesas@mailbox.org 2023-09-06T21:29:41+00:00 446d6643033edffd4b832de71ef190533398bd91 The last user of the NEEDS_MANUAL_RELOC has been removed in commit 26af162ac8f8 ("arch: m68k: Implement relocation") Remove now unused NEEDS_MANUAL_RELOC code. Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org> 
The last user of the NEEDS_MANUAL_RELOC has been removed in commit
26af162ac8f8 ("arch: m68k: Implement relocation")
Remove now unused NEEDS_MANUAL_RELOC code.

Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
bootm: Drop #ifdef from do_bootm() 2022-10-18T03:17:12+00:00 Simon Glass sjg@chromium.org 2022-10-11T15:47:09+00:00 2c0b61d562d3d5db46cc72cd4ae66fb13b3185cf Drop the #ifdefs from this command by using a variable to hold the states that should be executed. Signed-off-by: Simon Glass <sjg@chromium.org> 
Drop the #ifdefs from this command by using a variable to hold the states
that should be executed.

Signed-off-by: Simon Glass <sjg@chromium.org>
bootm: Avoid returning error codes from command 2022-10-18T03:17:12+00:00 Simon Glass sjg@chromium.org 2022-10-11T15:47:08+00:00 f06443f9d5dfc616b05d3526c258044bfce77419 Functions which implement commands must return a CMD_RET_... error code. At present bootm can return a negative errno value in some cases, thus causing strange behaviour such as trying to exit the shell and printing usage information. Fix this by returning the correct value. Signed-off-by: Simon Glass <sjg@chromium.org> 
Functions which implement commands must return a CMD_RET_... error code.
At present bootm can return a negative errno value in some cases, thus
causing strange behaviour such as trying to exit the shell and printing
usage information.

Fix this by returning the correct value.

Signed-off-by: Simon Glass <sjg@chromium.org>
treewide: Drop image_header_t typedef 2022-09-29T20:07:57+00:00 Simon Glass sjg@chromium.org 2022-09-07T02:26:52+00:00 f3543e69442ca393e52df253d9c5d45bc189d471 This is not needed and we should avoid typedefs. Use the struct instead and rename it to indicate that it really is a legacy struct. Signed-off-by: Simon Glass <sjg@chromium.org> 
This is not needed and we should avoid typedefs. Use the struct instead
and rename it to indicate that it really is a legacy struct.

Signed-off-by: Simon Glass <sjg@chromium.org>
Audit <flash.h> inclusion 2022-08-04T20:18:47+00:00 Tom Rini trini@konsulko.com 2022-07-23T17:05:03+00:00 17ead040d402c6e1fe26ac5acc4773146c8a0918 A large number of files include <flash.h> as it used to be how various SPI flash related functions were found, or for other reasons entirely. In order to migrate some further CONFIG symbols to Kconfig we need to not include flash.h in cases where we don't have a NOR flash of some sort enabled. Furthermore, in cases where we are in common code and it doesn't make sense to try and further refactor the code itself in to new files we need to guard this inclusion. Signed-off-by: Tom Rini <trini@konsulko.com> 
A large number of files include <flash.h> as it used to be how various
SPI flash related functions were found, or for other reasons entirely.
In order to migrate some further CONFIG symbols to Kconfig we need to
not include flash.h in cases where we don't have a NOR flash of some
sort enabled.  Furthermore, in cases where we are in common code and it
doesn't make sense to try and further refactor the code itself in to new
files we need to guard this inclusion.

Signed-off-by: Tom Rini <trini@konsulko.com>
cmd: bootm: add subcommand preload 2022-03-31T18:12:23+00:00 Philippe Reynes philippe.reynes@softathome.com 2022-03-28T20:57:07+00:00 7bebc11c42351c8f0364f0e3eb922f5af7b6e826 Add a subcommand preload to bootm that execute the preload stage on the image. Right now, it checks the signature of the image with the pre-load header. If the check succeed, the u-boot env variable 'loadaddr_verified' is set to the address of the image (without the header). It allows to run such commands: tftp script.img && bootm preload $loadaddr && source $loadaddr_verified Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> 
Add a subcommand preload to bootm that execute the preload
stage on the image. Right now, it checks the signature
of the image with the pre-load header. If the check
succeed, the u-boot env variable 'loadaddr_verified'
is set to the address of the image (without the header).

It allows to run such commands:
tftp script.img && bootm preload $loadaddr && source $loadaddr_verified

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
cmd: bootm: add a stage pre-load 2022-03-31T18:12:01+00:00 Philippe Reynes philippe.reynes@softathome.com 2022-03-28T20:57:00+00:00 9d46e63d9771c789c2c934bb6f5f6af042f1bba0 Add a stage pre-load to the command bootm. Right now, this stage may be used to read a header and check the signature of the full image. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> 
Add a stage pre-load to the command bootm.
Right now, this stage may be used to read a
header and check the signature of the full
image.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>