u-boot.git/cmd, branch v2022.10-rc5 Unnamed repository; edit this file 'description' to name the repository. cmd: mvebu/bubt: Check for A38x/A37xx OTP secure bits and secure boot 2022-09-13T04:38:08+00:00 Pali Rohár pali@kernel.org 2022-08-23T12:52:24+00:00 f7b0bbca2b6257c50d4e087322602593a0f279cf For obvious reasons BootROMS rejects unsigned images when secure boot is enabled in OTP secure bits. So check for OPT secure bits and do not allow flashing unsigned images when secure boot is enabled. Access to OTP via U-Boot fuse API is currently implemented only for A38x and A37xx SoCs. Additionally Armada 3700 BootROM rejects signed trusted image when secure boot is not enabled in OTP. So add also check for this case. On the other hand Armada 38x BootROM acceps images with secure boot header when secure boot is not enabled in OTP. OTP secure bits may have burned also boot device source. Check it also and reject flashing images to target storage which does not match OTP. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Stefan Roese <sr@denx.de> 
For obvious reasons BootROMS rejects unsigned images when secure boot is
enabled in OTP secure bits. So check for OPT secure bits and do not allow
flashing unsigned images when secure boot is enabled. Access to OTP via
U-Boot fuse API is currently implemented only for A38x and A37xx SoCs.

Additionally Armada 3700 BootROM rejects signed trusted image when secure
boot is not enabled in OTP. So add also check for this case. On the other
hand Armada 38x BootROM acceps images with secure boot header when secure
boot is not enabled in OTP.

OTP secure bits may have burned also boot device source. Check it also and
reject flashing images to target storage which does not match OTP.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
cmd: mvebu/bubt: Check for A38x image data checksum 2022-09-13T04:38:08+00:00 Pali Rohár pali@kernel.org 2022-08-23T12:52:23+00:00 5a0653493307796e63227d78e40651096c1ca23a Currently for A38x image is checked only header checksum. So check also for image data checksum to prevent flashing broken image. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Stefan Roese <sr@denx.de> 
Currently for A38x image is checked only header checksum.
So check also for image data checksum to prevent flashing broken image.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
cmd: correct short text for tftpboot 2022-09-09T14:07:54+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-09-04T07:08:11+00:00 651031ef7c47f2efb2cec11c18eb9aa2020e0815 The command's name is a misnomer. The command loads a file but does not run (boot) it. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
The command's name is a misnomer.
The command loads a file but does not run (boot) it.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
cmd: fix tftpput command 2022-09-09T14:07:54+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-09-03T12:21:09+00:00 5f46c6eba59bc3bd29f0641628891c443930e477 Calling tftpput with less than 2 arguments must lead to a failure. If tftpput is called with two arguments, these are the address and the size of the file to be transferred. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
Calling tftpput with less than 2 arguments must lead to a failure.

If tftpput is called with two arguments, these are the address and
the size of the file to be transferred.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
cmd: fpga: Convert to use fit_get_data_node 2022-09-07T05:40:47+00:00 Sean Anderson sean.anderson@seco.com 2022-08-16T15:16:05+00:00 7b42bde075c9cec85aa200d2e093d3b2b5641d94 This converts the FIT loading process of the fpga command to use fit_get_data_node. Signed-off-by: Sean Anderson <sean.anderson@seco.com> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Peng Fan <peng.fan@nxp.com> 
This converts the FIT loading process of the fpga command to use
fit_get_data_node.

Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
cmd/sbi: format KVM version 2022-09-06T05:00:58+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-08-14T19:57:14+00:00 aa8aa48b4c32fafaf2c393b4a937b0b35668943e Format the KVM implementation number in a human readable form. With the patch output of the sbi command for Linux 5.19.1 looks like: => sbi SBI 0.3 KVM 5.19.1 Machine: Vendor ID 0 Architecture ID 7005c Implementation ID 7005c Extensions: SBI Base Functionality Timer Extension IPI Extension RFENCE Extension Hart State Management Extension System Reset Extension Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com> 
Format the KVM implementation number in a human readable form.

With the patch output of the sbi command for Linux 5.19.1 looks like:

    => sbi
    SBI 0.3
    KVM 5.19.1
    Machine:
      Vendor ID 0
      Architecture ID 7005c
      Implementation ID 7005c
    Extensions:
      SBI Base Functionality
      Timer Extension
      IPI Extension
      RFENCE Extension
      Hart State Management Extension
      System Reset Extension

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
tpm: Allow reporting the internal state 2022-09-03T13:59:05+00:00 Simon Glass sjg@chromium.org 2022-08-31T03:05:36+00:00 3bb4db4c3883c66ee0bbf152e9ba1d2504fa8c9f It is useful to read information about the current TPM state, where supported, e.g. for debugging purposes when verified boot fails. Add support for this to the TPM interface as well as Cr50. Add a simple sandbox test. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
It is useful to read information about the current TPM state, where
supported, e.g. for debugging purposes when verified boot fails.

Add support for this to the TPM interface as well as Cr50. Add a simple
sandbox test.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
tpm: Require a digest source when extending the PCR 2022-09-03T13:53:58+00:00 Simon Glass sjg@chromium.org 2022-08-31T03:05:32+00:00 a557d258c6be49ec1253947a227189de149971df This feature is used for measured boot, so we can add a log entry to the TCPA with some information about where the digest comes from. It is not currently supported in the TPM drivers, but add it to the API so that code which expects it can signal its request. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
This feature is used for measured boot, so we can add a log entry to the
TCPA with some information about where the digest comes from. It is not
currently supported in the TPM drivers, but add it to the API so that
code which expects it can signal its request.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
image-fit: don't set compression if it can't be read 2022-08-31T16:21:47+00:00 Daniel Golle daniel@makrotopia.org 2022-08-27T03:17:28+00:00 88de6c512758f9705a14965ab97f11b463f3fa7c fit_image_get_comp() should not set value -1 in case it can't read the compression node. Instead, leave the value untouched in that case as it can be absent and a default value previously defined by the caller of fit_image_get_comp() should be used. As a result the warning message WARNING: 'compression' nodes for ramdisks are deprecated, please fix your .its file! no longer shows if the compression node is actually absent. Signed-off-by: Daniel Golle <daniel@makrotopia.org> Reviewed-by: Simon Glass <sjg@chromium.org> 
fit_image_get_comp() should not set value -1 in case it can't read
the compression node. Instead, leave the value untouched in that case
as it can be absent and a default value previously defined by the
caller of fit_image_get_comp() should be used.

As a result the warning message
WARNING: 'compression' nodes for ramdisks are deprecated, please fix your .its file!
no longer shows if the compression node is actually absent.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
i2c: fix stack buffer overflow vulnerability in i2c md command 2022-08-31T16:21:47+00:00 Marek Vasut marex@denx.de 2022-08-26T21:15:56+00:00 e4573fef7701afc2df22924ce0a445b923475afc This reinstates fix from commit 8f8c04bf1ebb ("i2c: fix stack buffer overflow vulnerability in i2c md command") without the changes unrelated to the actual fix. Avoid the underflow by setting only nbytes and linebytes as unsigned integers. Signed-off-by: Marek Vasut <marex@denx.de> Cc: Heiko Schocher <hs@denx.de> Cc: Nicolas Iooss <nicolas.iooss+uboot@ledger.fr> Cc: Simon Glass <sjg@chromium.org> Cc: Tim Harvey <tharvey@gateworks.com> Acked-by: Tim Harvey <tharvey@gateworks.com> 
This reinstates fix from commit 8f8c04bf1ebb ("i2c: fix stack buffer
overflow vulnerability in i2c md command") without the changes unrelated
to the actual fix. Avoid the underflow by setting only nbytes and
linebytes as unsigned integers.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Heiko Schocher <hs@denx.de>
Cc: Nicolas Iooss <nicolas.iooss+uboot@ledger.fr>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tim Harvey <tharvey@gateworks.com>
Acked-by: Tim Harvey <tharvey@gateworks.com>