<feed xmlns='http://www.w3.org/2005/Atom'>
<title>u-boot.git/test, branch main</title>
<subtitle>Unnamed repository; edit this file 'description' to name the repository.</subtitle>
<id>http://cgit.235523.xyz/u-boot.git/atom/test?h=main</id>
<link rel='self' href='http://cgit.235523.xyz/u-boot.git/atom/test?h=main'/>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/'/>
<updated>2026-07-16T18:06:40Z</updated>
<entry>
<title>Merge patch series "vbe: bound FIT external-data reads against the firmware area"</title>
<updated>2026-07-16T18:06:40Z</updated>
<author>
<name>Tom Rini</name>
<email>trini@konsulko.com</email>
</author>
<published>2026-07-16T18:06:40Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=91303d8a663248e15bd76801778ff709e490d88d'/>
<id>urn:sha1:91303d8a663248e15bd76801778ff709e490d88d</id>
<content type='text'>
Aristo Chen &lt;aristo.chen@canonical.com&gt; says:

vbe_read_fit() loads a firmware-phase FIT from a fixed firmware area on
a block device and then issues a follow-up blk_read() to pull in the
image, and optionally an FDT, referenced by the FIT's image node. The
source offset on the device and the read length both come from the FIT
itself, via data-position or data-offset and data-size. Those properties
live on mutable boot media and can be controlled by an attacker with
write access to the firmware area. On the TPL or VPL path, and on the
bootmeth bootflow path reached via abrec_read_bootflow_fw() and
vbe_simple_read_bootflow_fw(), the follow-up blk_read() runs before any
signature or hash check on the loaded phase.

Patch 1 is a sandbox test-tree preparation. The firmware1 node in
arch/sandbox/dts/test.dts declared area-size = 0xe00000 (14 MiB), but
the binman fw-update section in sandbox_vpl.dtsi is 32 MiB and the FIT
inside it carries ~16 MiB of external data, so the FIT already extended
past the declared area. The mismatch was tolerated because no caller
bounded the external-data load against area_size. Patch 1 raises
area-size to match the binman section size so test_vbe_vpl keeps passing
once the bound is enforced. The patches are ordered so the test is never
broken in the middle of the series.

Patch 2 adds the missing range check, confining the FIT-supplied
[load_addr, load_addr + len) window to [addr, addr + area_size] before
block numbers and lengths are computed, and applying the same constraint
to fdt_load_addr and fdt_size. The check is written in subtraction-only
form against the trusted area_size so the comparison cannot itself
overflow.

Patch 3 adds two sandbox unit tests under test/boot/ that construct
synthetic FITs with out-of-range data-position and oversized data-size,
write them to mmc1, and confirm vbe_read_fit() returns -E2BIG for each
before issuing the follow-up blk_read().

Deferring the external-data blk_read() until after the phase has been
signature-verified would be a stronger structural fix and was discussed
on the v1 thread. Simon confirmed the bounded read is the right first
step and that the verify-then-load change should be a separate series,
so this v3 stays scoped to the bound.

Link: https://lore.kernel.org/r/20260705034414.2247-1-aristo.chen@canonical.com
</content>
</entry>
<entry>
<title>test: vbe: cover vbe_read_fit() external-data bounds checks</title>
<updated>2026-07-16T18:06:15Z</updated>
<author>
<name>Aristo Chen</name>
<email>aristo.chen@canonical.com</email>
</author>
<published>2026-07-05T03:44:11Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=9fa00f563bea7ac4a4fda3220e05b21ebd4a242f'/>
<id>urn:sha1:9fa00f563bea7ac4a4fda3220e05b21ebd4a242f</id>
<content type='text'>
vbe_read_fit() rejects FITs whose external-data window extends past the
trusted firmware area on disk by returning -E2BIG. Add two sandbox unit
tests that construct synthetic FITs with attacker-controlled
data-position and data-size values, write them to mmc1, and assert
vbe_read_fit() catches each one before issuing the follow-up
blk_read().

vbe_read_fit_oob_position uses a data-position past area_size, which
trips the load_addr - addr &gt; area_size clause. vbe_read_fit_oversize_data
keeps data-position inside the area but picks a data-size that overruns
area_size - (load_addr - addr), tripping the third clause.

The two remaining bound clauses stay unreachable from a sandbox test.
The load_addr &lt; addr guard trivially holds when addr comes from
CONFIG_VAL(TEXT_BASE), which is 0 on sandbox, and the FDT-region bound
sits behind a !CONFIG_SANDBOX guard in vbe_read_fit(), so fdt_size stays
0 and that block is skipped in this test environment.

The new file follows the existing bootstd VBE test layout and writes
the FIT at block 16, past the version and nvdata blocks already used by
bootstd_setup_for_tests().

Suggested-by: Simon Glass &lt;sjg@chromium.org&gt;
Reviewed-by: Simon Glass &lt;sjg@chromium.org&gt;
Signed-off-by: Aristo Chen &lt;aristo.chen@canonical.com&gt;
</content>
</entry>
<entry>
<title>Merge tag 'mmc-for-2026.10-rc1' of https://git.u-boot-project.org/u-boot/custodians/u-boot-mmc</title>
<updated>2026-07-14T13:59:50Z</updated>
<author>
<name>Tom Rini</name>
<email>trini@konsulko.com</email>
</author>
<published>2026-07-14T13:59:50Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=501d76ca801343cce6dafb17740a8b679ed17072'/>
<id>urn:sha1:501d76ca801343cce6dafb17740a8b679ed17072</id>
<content type='text'>
CI: https://git.u-boot-project.org/u-boot/custodians/u-boot-mmc/-/pipelines/614

- Add PMBUS regulator, thermal and test
- Add regulator helper to set voltage within an acceptable range
- Update dw_mmc to use in-spec voltage range for vqmmc
- Fix regulator_enable/disable() macros
- Clear LPUART OR STAT in tstc to avoid hang
- Add MAINTAINERS entry for SDHCI
</content>
</entry>
<entry>
<title>test: cmd: part: fix integer handling in setup_gpt_partitions()</title>
<updated>2026-07-13T23:06:37Z</updated>
<author>
<name>Dario Binacchi</name>
<email>dario.binacchi@amarulasolutions.com</email>
</author>
<published>2026-06-26T18:33:49Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=8d50a5ce721212f0b4277a3b24f5d07799970bee'/>
<id>urn:sha1:8d50a5ce721212f0b4277a3b24f5d07799970bee</id>
<content type='text'>
Coverity reports an INTEGER_OVERFLOW issue because ut_asserteq() compares
an unsigned int (mmc_dev_num) with ret, which can hold a negative error
code.

Addresses-Coverity-ID: CID 646439: Integer handling issues  (INTEGER_OVERFLOW)
Signed-off-by: Dario Binacchi &lt;dario.binacchi@amarulasolutions.com&gt;
Reviewed-by: Quentin Schulz &lt;quentin.schulz@cherry.de&gt;
</content>
</entry>
<entry>
<title>test: dm: pmbus: test pmbus command and framework</title>
<updated>2026-07-13T03:24:45Z</updated>
<author>
<name>Vincent Jardin</name>
<email>vjardin@free.fr</email>
</author>
<published>2026-07-12T18:20:49Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=722a82278752f4b9e6cf052a67e722508503f2c7'/>
<id>urn:sha1:722a82278752f4b9e6cf052a67e722508503f2c7</id>
<content type='text'>
Add dm unit tests that drive every pmbus subcommand handler against
the sandbox PMBus chip emulator:
  dev (select by bus:addr and by regulator-name), list, info,
  telemetry, status, dump, read, write, clear, vout, scan and help.

Tested using:

  ./u-boot -T -c "ut dm pmbus*"

Signed-off-by: Vincent Jardin &lt;vjardin@free.fr&gt;
Reviewed-by: Simon Glass &lt;sjg@chromium.org&gt;
Signed-off-by: Peng Fan &lt;peng.fan@nxp.com&gt;
</content>
</entry>
<entry>
<title>test: dm: regulator: Add regulator_set_value_clamp() tests</title>
<updated>2026-07-12T08:18:32Z</updated>
<author>
<name>Jonas Karlman</name>
<email>jonas@kwiboo.se</email>
</author>
<published>2026-07-09T23:02:40Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=10acd5bc9a6c453b86486156e76f1fbbe116e285'/>
<id>urn:sha1:10acd5bc9a6c453b86486156e76f1fbbe116e285</id>
<content type='text'>
Add a sandbox LDO3 with a configurable 1.8V to 3.3V range and use it
to test regulator_set_value_clamp().

Test in-range requests, clamping against the regulator limits, invalid
ranges outside the regulator limits and a min value higher than max.

Signed-off-by: Jonas Karlman &lt;jonas@kwiboo.se&gt;
Reviewed-by: Peng Fan &lt;peng.fan@nxp.com&gt;
Signed-off-by: Peng Fan &lt;peng.fan@nxp.com&gt;
</content>
</entry>
<entry>
<title>Merge branch 'next'</title>
<updated>2026-07-07T00:26:12Z</updated>
<author>
<name>Tom Rini</name>
<email>trini@konsulko.com</email>
</author>
<published>2026-07-07T00:26:12Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=ee5d46b45ec0c63f8f9dd1e816e0dac3452ccc3d'/>
<id>urn:sha1:ee5d46b45ec0c63f8f9dd1e816e0dac3452ccc3d</id>
<content type='text'>
</content>
</entry>
<entry>
<title>test: Stop running the patman tests</title>
<updated>2026-07-06T14:28:51Z</updated>
<author>
<name>Simon Glass</name>
<email>sjg@chromium.org</email>
</author>
<published>2026-07-05T19:32:22Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=c8db1555251aada7478f4fbad7e643bed02a8cbe'/>
<id>urn:sha1:c8db1555251aada7478f4fbad7e643bed02a8cbe</id>
<content type='text'>
The patman tests no longer exist in the tree, so drop them from the
test/run script (used by 'make tcheck' and friends) and from the
tools-testing example in the documentation.

Signed-off-by: Simon Glass &lt;sjg@chromium.org&gt;
</content>
</entry>
<entry>
<title>test: bootdev: scan with a broken high-priority device</title>
<updated>2026-07-03T16:14:25Z</updated>
<author>
<name>Denis Mukhin</name>
<email>dmukhin@ford.com</email>
</author>
<published>2026-06-23T22:06:30Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=93e9af685fefc454580dcf567b03c139a2fe8ebc'/>
<id>urn:sha1:93e9af685fefc454580dcf567b03c139a2fe8ebc</id>
<content type='text'>
Add bootdev_hunt_fallthrough() test to verify that 'bootflow scan -l'
falls back to a lower-priority bootdev when a higher-priority hunter
fails.

Introduce a simple 'sandbox-bootdev' device for the test. The new
bootdev can be configured to produce an error at the hunting stage.

Introduce new host_set_flags_by_label() API and a flags field to
'host_sb_plat' to simulate a bootdev hunter failure for the test.

Adjust boot{dev,flow} tests which depend on bootdev hunters.

Signed-off-by: Denis Mukhin &lt;dmukhin@ford.com&gt;
Reviewed-by: Simon Glass &lt;sjg@chromium.org&gt;
</content>
</entry>
<entry>
<title>treewide: Staticize and constify acpi ops</title>
<updated>2026-06-29T21:29:44Z</updated>
<author>
<name>Marek Vasut</name>
<email>marek.vasut+renesas@mailbox.org</email>
</author>
<published>2026-06-12T02:05:38Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=d5046398433e48e7b0b664c1ee3e4e2af6f861a8'/>
<id>urn:sha1:d5046398433e48e7b0b664c1ee3e4e2af6f861a8</id>
<content type='text'>
Set the acpi_ops structure as static const where applicable. The
The structure is not accessible from outside of drivers and is not
going to be modified at runtime. The structure may be unused in a
couple of drivers depending on their configuration, mark those
sites with __maybe_unused .

Signed-off-by: Marek Vasut &lt;marek.vasut+renesas@mailbox.org&gt;
Reviewed-by: Simon Glass &lt;sjg@chromium.org&gt;
</content>
</entry>
</feed>
