u-boot.git/common, branch v2013.07-rc2 Unnamed repository; edit this file 'description' to name the repository. bootm: Disable interrupts before loading OS 2013-06-28T20:26:50+00:00 Simon Glass sjg@chromium.org 2013-06-28T07:46:12+00:00 5ff0d0832e085fe64740e6c78e11193b048896da This restores the ordering of interrupt disable to what it what before commit 35fc84fa. It seems that on some archiectures (e.g. PowerPC) the OS is loaded into an interrupt region, which can cause problems if interrupts are still running. Tested-by: Stefan Roese <sr@denx.de> Signed-off-by: Simon Glass <sjg@chromium.org> 
This restores the ordering of interrupt disable to what it what before
commit 35fc84fa. It seems that on some archiectures (e.g. PowerPC) the
OS is loaded into an interrupt region, which can cause problems if
interrupts are still running.

Tested-by: Stefan Roese <sr@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
cmd_bootm.c: Correct BOOTM_ERR_OVERLAP handling 2013-06-28T20:24:13+00:00 Tom Rini trini@ti.com 2013-06-28T15:38:02+00:00 d366438d8ac80fd10110dceda9f4792f4a16ac9d With 35fc84fa1 [Refactor the bootm command to reduce code duplication] we stopped checking the return value of bootm_load_os (unintentionally!) and simply returned if we had a non-zero return value from the function. This broke the valid case of a legacy image file of a single kernel loaded into an overlapping memory area (the default way of booting nearly all TI platforms). The best way to fix this problem in the new code is to make bootm_load_os be the one to see if we have a problem with this, and if it's fatal return BOOTM_ERR_RESET and if it's not BOOTM_ERR_OVERLAP, so that we can avoid calling lmb_reserve() but continue with booting. We however still need to handle the other BOOTM_ERR values so re-work do_bootm_states so that we have an error handler at the bottom we can goto for problems from bootm_load_os, or problems from the other callers (as the code was before). Add a comment to do_bootm_states noting the existing restriction on negative return values. Signed-off-by: Tom Rini <trini@ti.com> --- Changes in v2: - Rework so that only bootm_load_os and boot_selected_os head down into the err case code, and other errors simply return back to the caller. Fixes 'spl export'. 
With 35fc84fa1 [Refactor the bootm command to reduce code duplication]
we stopped checking the return value of bootm_load_os (unintentionally!)
and simply returned if we had a non-zero return value from the function.
This broke the valid case of a legacy image file of a single kernel
loaded into an overlapping memory area (the default way of booting
nearly all TI platforms).

The best way to fix this problem in the new code is to make
bootm_load_os be the one to see if we have a problem with this, and if
it's fatal return BOOTM_ERR_RESET and if it's not BOOTM_ERR_OVERLAP, so
that we can avoid calling lmb_reserve() but continue with booting.  We
however still need to handle the other BOOTM_ERR values so re-work
do_bootm_states so that we have an error handler at the bottom we can
goto for problems from bootm_load_os, or problems from the other callers
(as the code was before).  Add a comment to do_bootm_states noting the
existing restriction on negative return values.

Signed-off-by: Tom Rini <trini@ti.com>

---
Changes in v2:
- Rework so that only bootm_load_os and boot_selected_os head down into
  the err case code, and other errors simply return back to the caller.
  Fixes 'spl export'.
Fix block device accesses beyond 2TiB 2013-06-26T14:26:06+00:00 Sascha Silbe t-uboot@infra-silbe.de 2013-06-14T11:07:25+00:00 ff8fef566601ba27767e885386cb2074c4f09886 With CONFIG_SYS_64BIT_LBA, lbaint_t gets defined as a 64-bit type, which is required to represent block numbers for storage devices that exceed 2TiB (the block size usually is 512B), e.g. recent hard drives. For some obscure reason, the current U-Boot code uses lbaint_t for the number of blocks to read (a rather optimistic estimation of how RAM sizes will evolve), but not for the starting address. Trying to access blocks beyond the 2TiB boundary will simply wrap around and read a block within the 0..2TiB range. We now use lbaint_t for block start addresses, too. This required changes to all block drivers as the signature of block_read(), block_write() and block_erase() in block_dev_desc_t changed. Signed-off-by: Sascha Silbe <t-uboot@infra-silbe.de> 
With CONFIG_SYS_64BIT_LBA, lbaint_t gets defined as a 64-bit type,
which is required to represent block numbers for storage devices that
exceed 2TiB (the block size usually is 512B), e.g. recent hard drives.

For some obscure reason, the current U-Boot code uses lbaint_t for the
number of blocks to read (a rather optimistic estimation of how RAM
sizes will evolve), but not for the starting address. Trying to access
blocks beyond the 2TiB boundary will simply wrap around and read a
block within the 0..2TiB range.

We now use lbaint_t for block start addresses, too. This required
changes to all block drivers as the signature of block_read(),
block_write() and block_erase() in block_dev_desc_t changed.

Signed-off-by: Sascha Silbe <t-uboot@infra-silbe.de>
cmd_bootm: Add command line arguments to Plan 9 2013-06-26T14:25:22+00:00 Steven Stallion sstallion@gmail.com 2013-06-10T08:00:09+00:00 eeaef5e4305497537bd47308724de39c7d6cbf19 This patch introduces support for command line arguments to Plan 9. Plan 9 generally dedicates a small region of kernel memory (known as CONFADDR) for runtime configuration. A new environment variable named confaddr was introduced to indicate this location when copying arguments. Signed-off-by: Steven Stallion <sstallion@gmail.com> [trini: Adapt for Simon's changes about correcting argc, no need to bump by 2 now] Signed-off-by: Tom Rini <trini@ti.com> 
This patch introduces support for command line arguments to Plan 9.
Plan 9 generally dedicates a small region of kernel memory (known
as CONFADDR) for runtime configuration.  A new environment variable
named confaddr was introduced to indicate this location when copying
arguments.

Signed-off-by: Steven Stallion <sstallion@gmail.com>
[trini: Adapt for Simon's changes about correcting argc, no need to bump
by 2 now]
Signed-off-by: Tom Rini <trini@ti.com>
image: Add support for signing of FIT configurations 2013-06-26T14:18:56+00:00 Simon Glass sjg@chromium.org 2013-06-13T22:10:09+00:00 4d0985295bbb50a952f4312c0a818cd89b8ee7aa While signing images is useful, it does not provide complete protection against several types of attack. For example, it it possible to create a FIT with the same signed images, but with the configuration changed such that a different one is selected (mix and match attack). It is also possible to substitute a signed image from an older FIT version into a newer FIT (roll-back attack). Add support for signing of FIT configurations using the libfdt's region support. Please see doc/uImage.FIT/signature.txt for more information. Signed-off-by: Simon Glass <sjg@chromium.org> 
While signing images is useful, it does not provide complete protection
against several types of attack. For example, it it possible to create a
FIT with the same signed images, but with the configuration changed such
that a different one is selected (mix and match attack). It is also possible
to substitute a signed image from an older FIT version into a newer FIT
(roll-back attack).

Add support for signing of FIT configurations using the libfdt's region
support.

Please see doc/uImage.FIT/signature.txt for more information.

Signed-off-by: Simon Glass <sjg@chromium.org>
image: Add RSA support for image signing 2013-06-26T14:18:56+00:00 Simon Glass sjg@chromium.org 2013-06-13T22:10:02+00:00 19c402afa2e1190f596f35a84ac049b10d814f1f RSA provides a public key encryption facility which is ideal for image signing and verification. Images are signed using a private key by mkimage. Then at run-time, the images are verified using a private key. This implementation uses openssl for the host part (mkimage). To avoid bringing large libraries into the U-Boot binary, the RSA public key is encoded using a simple numeric representation in the device tree. Signed-off-by: Simon Glass <sjg@chromium.org> 
RSA provides a public key encryption facility which is ideal for image
signing and verification.

Images are signed using a private key by mkimage. Then at run-time, the
images are verified using a private key.

This implementation uses openssl for the host part (mkimage). To avoid
bringing large libraries into the U-Boot binary, the RSA public key
is encoded using a simple numeric representation in the device tree.

Signed-off-by: Simon Glass <sjg@chromium.org>
image: Support signing of images 2013-06-26T14:18:56+00:00 Simon Glass sjg@chromium.org 2013-06-13T22:10:01+00:00 56518e71041fafdfd7af3a24f263b0a22efbeda9 Add support for signing images using a new signature node. The process is handled by fdt_add_verification_data() which now takes parameters to provide the keys and related information. Signed-off-by: Simon Glass <sjg@chromium.org> 
Add support for signing images using a new signature node. The process
is handled by fdt_add_verification_data() which now takes parameters to
provide the keys and related information.

Signed-off-by: Simon Glass <sjg@chromium.org>
image: Add signing infrastructure 2013-06-26T14:18:56+00:00 Simon Glass sjg@chromium.org 2013-06-13T22:10:00+00:00 3e569a6b1eb7ef0c8144f8c243f9e33c834bf003 Add a structure to describe an algorithm which can sign and (later) verify images. Signed-off-by: Simon Glass <sjg@chromium.org> 
Add a structure to describe an algorithm which can sign and (later) verify
images.

Signed-off-by: Simon Glass <sjg@chromium.org>
Add a 'fake' go command to the bootm command 2013-06-26T14:18:56+00:00 Simon Glass sjg@chromium.org 2013-06-11T18:14:48+00:00 d0ae31eb0714a8b44dcdb644f8b68dafdbc1c197 For tracing it is useful to run as much of U-Boot as possible so as to get a complete picture. Quite a bit of work happens in bootm, and we don't want to have to stop tracing before bootm starts. Add a way of doing a 'fake' boot of the OS - which does everything up to the point where U-Boot is about to jump to the OS image. This allows tracing to record right until the end. This requires arch support to work. Signed-off-by: Simon Glass <sjg@chromium.org> 
For tracing it is useful to run as much of U-Boot as possible so as to get
a complete picture. Quite a bit of work happens in bootm, and we don't want
to have to stop tracing before bootm starts.

Add a way of doing a 'fake' boot of the OS - which does everything up to
the point where U-Boot is about to jump to the OS image. This allows
tracing to record right until the end.

This requires arch support to work.

Signed-off-by: Simon Glass <sjg@chromium.org>
Refactor the bootm command to reduce code duplication 2013-06-26T14:18:56+00:00 Simon Glass sjg@chromium.org 2013-06-11T18:14:47+00:00 35fc84fa1ff51e15ecd3e464dac87eb105ffed30 At present the bootm code is mostly duplicated for the plain 'bootm' command and its sub-command variant. This makes the code harder to maintain and means that changes must be made to several places. Introduce do_bootm_states() which performs selected portions of the bootm work, so that both plain 'bootm' and 'bootm <sub_command>' can use the same code. Additional duplication exists in bootz, so tidy that up as well. This is not intended to change behaviour, apart from minor fixes where the previously-duplicated code missed some chunks of code. Signed-off-by: Simon Glass <sjg@chromium.org> 
At present the bootm code is mostly duplicated for the plain 'bootm'
command and its sub-command variant. This makes the code harder to
maintain and means that changes must be made to several places.

Introduce do_bootm_states() which performs selected portions of the bootm
work, so that both plain 'bootm' and 'bootm <sub_command>' can use the
same code.

Additional duplication exists in bootz, so tidy that up as well. This
is not intended to change behaviour, apart from minor fixes where the
previously-duplicated code missed some chunks of code.

Signed-off-by: Simon Glass <sjg@chromium.org>