u-boot.git/cmd, branch v2022.10-rc4 Unnamed repository; edit this file 'description' to name the repository. tpm: Allow reporting the internal state 2022-09-03T13:59:05+00:00 Simon Glass sjg@chromium.org 2022-08-31T03:05:36+00:00 3bb4db4c3883c66ee0bbf152e9ba1d2504fa8c9f It is useful to read information about the current TPM state, where supported, e.g. for debugging purposes when verified boot fails. Add support for this to the TPM interface as well as Cr50. Add a simple sandbox test. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
It is useful to read information about the current TPM state, where
supported, e.g. for debugging purposes when verified boot fails.

Add support for this to the TPM interface as well as Cr50. Add a simple
sandbox test.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
tpm: Require a digest source when extending the PCR 2022-09-03T13:53:58+00:00 Simon Glass sjg@chromium.org 2022-08-31T03:05:32+00:00 a557d258c6be49ec1253947a227189de149971df This feature is used for measured boot, so we can add a log entry to the TCPA with some information about where the digest comes from. It is not currently supported in the TPM drivers, but add it to the API so that code which expects it can signal its request. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
This feature is used for measured boot, so we can add a log entry to the
TCPA with some information about where the digest comes from. It is not
currently supported in the TPM drivers, but add it to the API so that
code which expects it can signal its request.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
image-fit: don't set compression if it can't be read 2022-08-31T16:21:47+00:00 Daniel Golle daniel@makrotopia.org 2022-08-27T03:17:28+00:00 88de6c512758f9705a14965ab97f11b463f3fa7c fit_image_get_comp() should not set value -1 in case it can't read the compression node. Instead, leave the value untouched in that case as it can be absent and a default value previously defined by the caller of fit_image_get_comp() should be used. As a result the warning message WARNING: 'compression' nodes for ramdisks are deprecated, please fix your .its file! no longer shows if the compression node is actually absent. Signed-off-by: Daniel Golle <daniel@makrotopia.org> Reviewed-by: Simon Glass <sjg@chromium.org> 
fit_image_get_comp() should not set value -1 in case it can't read
the compression node. Instead, leave the value untouched in that case
as it can be absent and a default value previously defined by the
caller of fit_image_get_comp() should be used.

As a result the warning message
WARNING: 'compression' nodes for ramdisks are deprecated, please fix your .its file!
no longer shows if the compression node is actually absent.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
i2c: fix stack buffer overflow vulnerability in i2c md command 2022-08-31T16:21:47+00:00 Marek Vasut marex@denx.de 2022-08-26T21:15:56+00:00 e4573fef7701afc2df22924ce0a445b923475afc This reinstates fix from commit 8f8c04bf1ebb ("i2c: fix stack buffer overflow vulnerability in i2c md command") without the changes unrelated to the actual fix. Avoid the underflow by setting only nbytes and linebytes as unsigned integers. Signed-off-by: Marek Vasut <marex@denx.de> Cc: Heiko Schocher <hs@denx.de> Cc: Nicolas Iooss <nicolas.iooss+uboot@ledger.fr> Cc: Simon Glass <sjg@chromium.org> Cc: Tim Harvey <tharvey@gateworks.com> Acked-by: Tim Harvey <tharvey@gateworks.com> 
This reinstates fix from commit 8f8c04bf1ebb ("i2c: fix stack buffer
overflow vulnerability in i2c md command") without the changes unrelated
to the actual fix. Avoid the underflow by setting only nbytes and
linebytes as unsigned integers.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Heiko Schocher <hs@denx.de>
Cc: Nicolas Iooss <nicolas.iooss+uboot@ledger.fr>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tim Harvey <tharvey@gateworks.com>
Acked-by: Tim Harvey <tharvey@gateworks.com>
Revert "i2c: fix stack buffer overflow vulnerability in i2c md command" 2022-08-31T16:21:31+00:00 Marek Vasut marex@denx.de 2022-08-26T21:15:55+00:00 1aa9a04ff687b8d55b0fb68ae2a688c8705665cc This reverts commit 8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409. The commit is largely wrong and breaks most of i2c command functionality. The problem described in the aforementioned commit commit message is valid, however the commit itself does many more changes unrelated to fixing that one problem it describes. Those extra changes, namely the handling of i2c device address length as unsigned instead of signed integer, breaks the expectation that address length may be negative value. The negative value is used by DM to indicate that address length of device does not change. The actual bug documented in commit 8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409 can be fixed by extra sanitization in separate patch. Signed-off-by: Marek Vasut <marex@denx.de> Cc: Heiko Schocher <hs@denx.de> Cc: Nicolas Iooss <nicolas.iooss+uboot@ledger.fr> Cc: Simon Glass <sjg@chromium.org> Cc: Tim Harvey <tharvey@gateworks.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
This reverts commit 8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409.

The commit is largely wrong and breaks most of i2c command functionality.
The problem described in the aforementioned commit commit message is valid,
however the commit itself does many more changes unrelated to fixing that
one problem it describes. Those extra changes, namely the handling of i2c
device address length as unsigned instead of signed integer, breaks the
expectation that address length may be negative value. The negative value
is used by DM to indicate that address length of device does not change.

The actual bug documented in commit 8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409
can be fixed by extra sanitization in separate patch.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Heiko Schocher <hs@denx.de>
Cc: Nicolas Iooss <nicolas.iooss+uboot@ledger.fr>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Merge tag 'dm-pull-26aug22' of https://source.denx.de/u-boot/custodians/u-boot-dm 2022-08-27T12:07:09+00:00 Tom Rini trini@konsulko.com 2022-08-27T12:07:09+00:00 1573b6a86993fcf80d4badc866a46b78df7e6bda binman/patman documentation improvements other minor fixes 
binman/patman documentation improvements
other minor fixes
vbe: Enable command only with BOOTSTD_FULL 2022-08-26T22:33:48+00:00 Simon Glass sjg@chromium.org 2022-08-23T17:14:05+00:00 2d74226f2c6ed5b758c97865bef7e42c9f389437 Avoid enabling this command by default. This saves about 1KB of code space. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Avoid enabling this command by default. This saves about 1KB of code
space.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
dm: core: fix a typo in help text 2022-08-26T22:32:59+00:00 Sergei Antonov saproj@gmail.com 2022-08-21T13:45:08+00:00 a7091f3f8c859a29ad63b94952472bd93d60488c Signed-off-by: Sergei Antonov <saproj@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
Signed-off-by: Sergei Antonov <saproj@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
pci: Add checks to prevent config space overflow 2022-08-26T18:59:21+00:00 Pali Rohár pali@kernel.org 2022-07-03T10:48:06+00:00 d9f554b62440de542c482fecf9374e8da3ea3602 PCIe config space has address range 0-4095. So do not allow reading from addresses outside of this range. Lot of U-Boot drivers do not expect that passed value is not in this range. PCI DM read function is extended to fill read value to all ones or zeros when it fails as U-Boot callers ignores return value. Calling U-Boot command 'pci display.b 0.0.0 0 0x2000' now stops printing config space at the end (before 0x1000 address). Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Stefan Roese <sr@denx.de> 
PCIe config space has address range 0-4095. So do not allow reading from
addresses outside of this range. Lot of U-Boot drivers do not expect that
passed value is not in this range. PCI DM read function is extended to
fill read value to all ones or zeros when it fails as U-Boot callers
ignores return value.

Calling U-Boot command 'pci display.b 0.0.0 0 0x2000' now stops printing
config space at the end (before 0x1000 address).

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
cmd: efidebug: Add missing \n at the end of message 2022-08-13T09:09:49+00:00 Michal Simek michal.simek@amd.com 2022-08-09T14:31:12+00:00 046d7a0bb1b383fe14bfe950b91ce2e20f835bd4 Currently message is not intended that prompt end up at the end of debug line. For example like this: DFU alt info setting: done DFU entities configuration failed! (partition table does not match dfu_alt_info?) Firmware update failed: <NULL> Cannot handle a capsule at 10000000Zynq> Signed-off-by: Michal Simek <michal.simek@amd.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Currently message is not intended that prompt end up at the end of debug
line. For example like this:

DFU alt info setting: done
DFU entities configuration failed!
(partition table does not match dfu_alt_info?)
Firmware update failed: <NULL>
Cannot handle a capsule at 10000000Zynq>

Signed-off-by: Michal Simek <michal.simek@amd.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>