| Age | Commit message (Collapse) | Author |
|---|
|
Options which deal with memory locations and have a default value of 0x0
are dangerous, as that is often not a valid memory location. Rework
SPL_LOAD_FIT_ADDRESS as follows:
- Add SPL_HAS_LOAD_FIT_ADDRESS to guard prompting the question as the
case of loading a FIT image does not strictly require setting an
address and allows for a malloc()'d area to be used.
- For SPL_RAM_SUPPORT, select the new guard symbol if SPL_LOAD_FIT is
enabled because in that case an address must be provided.
- Update defconfigs for these new changes. Largely this means some
defconfigs need to enable SPL_HAS_LOAD_FIT_ADDRESS to maintain their
current status. In the case of sandbox, we also need to set
SPL_LOAD_FIT_ADDRESS to 0x0.
Signed-off-by: Tom Rini <[email protected]>
|
|
OPTEE-OS on ARMv7a"
This series from Marek Vasut <[email protected]> brings some
enhancements to use cases using OPTEE-OS on ARMv7a platforms, some of
which already existed on ARMv8.
Link: https://lore.kernel.org/r/[email protected]
|
|
Add support for jumping to Linux kernel through OPTEE-OS on ARMv7a to SPL.
This is already supported on ARMv8a, this patch adds the ARMv7a support.
Extend the SPL fitImage loader to record OPTEE-OS load address and in case
the load address is non-zero, use the same bootm-optee.S code used by the
U-Boot fitImage jump code to start OPTEE-OS first and jump to Linux next.
Signed-off-by: Marek Vasut <[email protected]>
|
|
Technically, commit 24bf44cf88e7 ("spl: fit: Do not fail immediately if
an overlay is not available") introduced that regression as the code
will never advance if spl_fit_get_image_name() will return an error. But
at that time, spl_fit_get_image_node() was used in spl_fit_append_fdt()
which calls fdt_subnode_offset() to get the image node. And I presume
the commit was about the latter failing gracefully and trying the next
one.
But with commit b13eaf3bb4e6 ("spl: fit: Add board level function to
decide application of DTO") that behavior changed and the loop in
spl_fit_append_fdt() no longer uses spl_fit_get_image_node() but
spl_fit_get_image_name() directly. Thus it doesn't make any sense to not
break the loop if that fails.
Also, the original use case of commit 24bf44cf88e7 ("spl: fit: Do not
fail immediately if an overlay is not available") is preserved because
spl_subnode_offset() is now called within the loop and errors are
handled gracefully (and advancing the index).
Fixes: b13eaf3bb4e6 ("spl: fit: Add board level function to decide application of DTO")
Signed-off-by: Michael Walle <[email protected]>
|
|
I had trouble booting some am335x boards (both
beagleboneblack and a custom board). SPL would start just fine, and
apparently load U-Boot proper, but it would hang when jumping to
U-Boot.
While debugging, I stumbled on this memcpy() which from code
inspection very much looked to have overlapping src and dst, and
indeed a simple printf revealed
calling memcpy(0x8087bf68, 0x8087bf80, 0xf7f8)
Now, it will always be with src > dst, our memcpy()
implementations "most likely" do forward-copying, and in the end it
turned out that this wasn't the culprit after all [*].
But to avoid me or others barking up the wrong tree in the future, and
because this use of memcpy() is technically undefined, use memmove()
instead.
[*] That was 358d1cc232c ("spl: Align FDT load address"), which has
since been fixed in master but not the v2025.07 I worked of by
52caad0d14a ("ARM: Align image end to 8 bytes to fit DT alignment").
Signed-off-by: Rasmus Villemoes <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
A malformed FIT image could have an image name property that is not NUL
terminated. Reject such images.
Reported-by: Mikhail Kshevetskiy <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
Tested-by: E Shattow <[email protected]>
|
|
spl_fit_get_image_name function
The change in commit 3704b888a4ca ("common/spl: fix potential out of buffer
access in spl_fit_get_image_name function") led to function
spl_fit_get_image_name() no longer detecting if a property does not exist
at a non-zero buffer.
Link: https://lore.kernel.org/u-boot/[email protected]/T/#m59f3a23e675daa992c28d12236de71cae2ca2bb9
Fixes: 3704b888a4ca ("common/spl: fix potential out of buffer access in spl_fit_get_image_name function")
Signed-off-by: Heinrich Schuchardt <[email protected]>
Tested-by: E Shattow <[email protected]>
|
|
This fix a possible NULL pointer dereference.
There is also a risk of memory leaking within the same portion of code.
The leak will happen if loaded image is bad or damaged. In this case
u-boot-spl will try booting from the other available media. Unfortunately
resources allocated for previous boot media will NOT be freed.
We can't fix that issue as the memory allocation mechanism used here
is unknown. It can be different kinds of malloc() or something else.
To somewhat reduce memory consumption, one can try to reuse previously
allocated memory as it's done in board_spl_fit_buffer_addr() from
test/image/spl_load.c.
The corresponding comment was put to the code as well.
Signed-off-by: Mikhail Kshevetskiy <[email protected]>
Reviewed-by: Anshul Dalal <[email protected]>
|
|
load_simple_fit() returns -EPERM for the images with broken signatures.
Unfortunately this may conflict with image loaging selection on the base
of boot phase. See commit 873112db9ce68c38984ff25808dde726f8dd5573
("spl: Support selecting images based on phase in simple FIT").
Thus loading of
configurations {
uboot {
description = "u-boot";
firmware = "atf";
loadables = "atf", "tee", "uboot";
};
};
with damaged "tee" image may finish without errors. This may results in
board bricking.
This patch fixes commit 873112db9ce68c38984ff25808dde726f8dd5573
("spl: Support selecting images based on phase in simple FIT")
by replacing EPERM with EBADSLT places where it should be done.
Signed-off-by: Mikhail Kshevetskiy <[email protected]>
|
|
function
The current code have two issues:
1) ineffective NULL pointer check
str = strchr(str, '\0') + 1
if (!str || ...
The str here will never be NULL (because we add 1 to result of strchr())
2) strchr() may go out of the buffer for the special forms of name variable.
It's better use memchr() function here.
According to the code the property is a sequence of C-string like
shown below:
'h', 'e', 'l', 'l', 'o', '\0', 'w', 'o', 'r', 'l', 'd', '\0', '!', '\0'
index is the string number we are interested, so
index = 0 => "hello",
index = 1 => "world",
index = 2 => "!"
The issue will arrise if last string for some reason have no terminating
'\0' character. This can happen for damaged or specially crafted dtb.
Signed-off-by: Mikhail Kshevetskiy <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
|
|
While the image size is generally a multiple of 8 bytes, this is not
actually guaranteed; some linkers (like LLD) will shave a few bytes off
of the end of output sections if there are no content bytes there. Since
libfdt imposes a hard rule of 8-byte alignment, make the SPL also be
explicit about the alignment when loading the FDT.
Signed-off-by: Sam Edwards <[email protected]>
|
|
When VBE operates within VPL it does not want the FDT to be changed.
Provide a way to disable this feature.
Move the FIT_IMAGE_TINY condition out of spl_fit_record_loadable() so
that both conditions are together. This makes the code easier to
understand.
Replace the existing fit_loaded member, which is no-longer used.
Signed-off-by: Simon Glass <[email protected]>
|
|
At present the simple FIT-loader always loads images, ignoring whether
they are intended for the next phase or not.
VBE packages up several images in the same FIT, some destined for VPL
and some for SPL. Add logic to check the phase before loading the
image. Return -EPERM in that case and handle it gracefully.
Fix a unnecessary re-computation of read_offset while here.
Signed-off-by: Simon Glass <[email protected]>
|
|
This function can only be used with FITs that use embedded data. Rename
it so this is clear.
Signed-off-by: Simon Glass <[email protected]>
Acked-by: Heinrich Schuchardt <[email protected]>
|
|
Add debugging of image-loading progress. Fix a stale comment in the
function comment while we are here.
Signed-off-by: Simon Glass <[email protected]>
|
|
U-Boot uses ulong for addresses. It is confusing to use uintptr_t in a
few places, since it makes people wonder if the types are compatible.
Change the few occurences in SPL to use ulong
Signed-off-by: Simon Glass <[email protected]>
|
|
This reverts commit 1fdf53ace13f745fe8ad4d2d4e79eed98088d555, reversing
changes made to e5aef1bbf11412eebd4c242b46adff5301353c30.
I had missed that this caused too much size growth on rcar3_salvator-x.
Signed-off-by: Tom Rini <[email protected]>
|
|
Add debugging of image-loading progress. Fix a stale comment in the
function comment while we are here.
Signed-off-by: Simon Glass <[email protected]>
|
|
U-Boot uses ulong for addresses. It is confusing to use uintptr_t in a
few places, since it makes people wonder if the types are compatible.
Change the few occurences in SPL to use ulong
Signed-off-by: Simon Glass <[email protected]>
|
|
Rename these to use the word PHASE instead.
Signed-off-by: Simon Glass <[email protected]>
|
|
Specify the FIT and include information about each loaded image, as
required by the UPL handoff.
Write the UPL handoff into the bloblist before jumping to the next phase.
Control this using a runtime flag to avoid conflicting with other
handoff mechanisms.
Signed-off-by: Simon Glass <[email protected]>
|
|
This flag is set for simple FIT, so set it for full FIT too.
Signed-off-by: Simon Glass <[email protected]>
|
|
Replace the invalid link to the FIT file format specification.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
As part of bringing the master branch back in to next, we need to allow
for all of these changes to exist here.
Reported-by: Jonas Karlman <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
When bringing in the series 'arm: dts: am62-beagleplay: Fix Beagleplay
Ethernet"' I failed to notice that b4 noticed it was based on next and
so took that as the base commit and merged that part of next to master.
This reverts commit c8ffd1356d42223cbb8c86280a083cc3c93e6426, reversing
changes made to 2ee6f3a5f7550de3599faef9704e166e5dcace35.
Reported-by: Jonas Karlman <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
Remove <common.h> from all "commmon/" files and when needed add
missing include files directly.
Signed-off-by: Tom Rini <[email protected]>
|
|
There could be two memory allocation scheme in SPL phase.
Explicitly print the corresponding error message.
Signed-off-by: Leo Yu-Chi Liang <[email protected]>
|
|
Aligning addresses and sizes causes overhead which is unnecessary when we
are not loading from block devices. Remove bl_len when it is not needed.
For example, on iot2050 we save 144 bytes with this patch (once the rest of
this series is applied):
add/remove: 0/0 grow/shrink: 0/3 up/down: 0/-144 (-144)
Function old new delta
spl_load_simple_fit 920 904 -16
load_simple_fit 496 444 -52
spl_spi_load_image 384 308 -76
Total: Before=87431, After=87287, chg -0.16%
We use panic() instead of BUILD_BUG_ON in spl_set_bl_len because we still
need to be able to compile it for things like mmc_load_image_raw_sector,
even if that function will not be used.
Signed-off-by: Sean Anderson <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Instead of relying on the presence of filename to determine whether we are
dealing with a FAT filesystem (and should DMA-align the buffer), have FAT set
bl_len to ARCH_DMA_MINALIGN instead. With this done, we can remove the
special-case logic checking for the presence of filename.
Because filesystems are not block-based, we may read less than the size passed
to spl_load_info.read. This can happen if the file size is not DMA-aligned. This
is fine as long as we read the amount we originally wanted to. Modify the
conditions for callers of spl_load_info.read to check against the original,
unaligned size to avoid failing spuriously.
Signed-off-by: Sean Anderson <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Simplify things a bit for callers of spl_load_info->read by refactoring it
to use units of bytes instead of bl_len. This generally simplifies the
logic, as MMC is the only loader which actually works in sectors. It will
also allow further refactoring to remove the special-case handling of
filename. spl_load_legacy_img already works in units of bytes (oops) so it
doesn't need to be changed.
Signed-off-by: Sean Anderson <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
bl_len must be a power of two, so we can use ALIGN instead of roundup and
similar tricks to avoid divisions.
Signed-off-by: Sean Anderson <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
If SPL_LOAD_FIT_OPENSBI_OS_BOOT is enabled, the function
spl_invoke_opensbi should change the target OS type to IH_OS_LINUX.
OpenSBI will load the Linux image as the next boot stage.
The os_takes_devicetree function returns a value of true or false
depending on whether or not SPL_LOAD_FIT_OPENSBI_OS_BOOT is enabled.
Signed-off-by: Randolph <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
All "physical" addresses in SPL must be converted to virtual addresses
before access in order for sandbox to work. Add some calls to map_sysmem in
appropriate places. We do not generally call unmap_sysmem, since we need
the image memory to still be mapped when we jump to the image. This doesn't
matter at the moment since unmap_sysmem is a no-op.
Signed-off-by: Sean Anderson <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
The entry point is not always the same as the load address. Use the value
of the entry property if it exists.
Fixes: 8a9dc16e4d0 ("spl: Add full fitImage support")
Signed-off-by: Sean Anderson <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Add board-specific function used to indicate whether a DTO from fitImage
configuration node 'fdt' property DT and DTO list should be applied onto
the base DT or not applied.
This is useful in case of DTOs which implement e.g. different board revision
details, where such DTO should be applied on one board revision, and should
not be applied on another board revision.
Signed-off-by: Marek Vasut <[email protected]>
|
|
https://source.denx.de/u-boot/custodians/u-boot-rockchip
- Add Board: rk3568 Bananapi R2Pro;
- Update pcie bifurcation support;
- dwc_eth_qos controller support for rk3568 and rk3588;
- Compressed binary support for U-Boot on rockchip platform;
- dts and config updates for different board and soc;
[ trini: Fix conflict on include/spl.h ]
Signed-off-by: Tom Rini <[email protected]>
|
|
If LZMA Compression support is enabled, LZMA compressed U-Boot
binary will be placed at a specified RAM location which is
defined at CONFIG_SYS_LOAD_ADDR and will be assigned as the
source address.
image_decomp() function, will decompress the LZMA compressed
U-Boot binary which is placed at source address(CONFIG_SYS_LOAD_ADDR)
to the default CONFIG_SYS_TEXT_BASE location.
spl_load_fit_image function will load the decompressed U-Boot
binary, which is placed at the CONFIG_SYS_TEXT_BASE location.
Signed-off-by: Manoj Sai <[email protected]>
Signed-off-by: Suniel Mahesh <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Reviewed-by: Kever Yang <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
|
|
If GZIP Compression support is enabled, GZIP compressed U-Boot binary
will be at a specified RAM location which is defined at
CONFIG_SYS_LOAD_ADDR and will be assign it as the source address.
gunzip function in spl_load_fit_image ,will decompress the GZIP
compressed U-Boot binary which is placed at
source address(CONFIG_SYS_LOAD_ADDR) to the default
CONFIG_SYS_TEXT_BASE location.
spl_load_fit_image function will load the decompressed U-Boot
binary, which is placed at the CONFIG_SYS_TEXT_BASE location.
Signed-off-by: Manoj Sai <[email protected]>
Signed-off-by: Suniel Mahesh <[email protected]>
Reviewed-by: Kever Yang <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
|
|
Rather than open-coding the property names, use the existing constants
provided for this purpose. This better aligns the simple-FIT code with
the full FIT implementation.
Signed-off-by: Simon Glass <[email protected]>
|
|
For some reason this code was put in the main spl.c file. Move it out
to the FIT implementation where it belongs.
Signed-off-by: Simon Glass <[email protected]>
|
|
We have two functions called spl_load_fit_image(), one in spl.c and one in
spl_fit.c
Rename the second one, to indicate that it relates to simple FIT parsing,
rather than the full version.
Signed-off-by: Simon Glass <[email protected]>
|
|
We like to put the SPL first so it is clear that it relates to SPL. Rename
various malloc-related options which have crept in, to stick to this
convention.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Marcel Ziswiler <[email protected]>
Reviewed-by: Martyn Welch <[email protected]>
Reviewed-by: Svyatoslav Ryhel <[email protected]>
|
|
Commit 65cc0e2a65d2 ("global: Move remaining CONFIG_SYS_* to CFG_SYS_*")
renamed CONFIG_SYS_UBOOT_START to CFG_SYS_UBOOT_START. Unfortunately,
this meant that the value was no longer available to the Makefile. This
caused imxrt to fail to boot. All the other boards that used this
variable were unaffected because they were using the default value
which is CONFIG_TEXT_BASE.
This commit converts CFG_SYS_UBOOT_START to Kconfig and sets the default
value to CONFIG_TEXT_BASE.
Suggested-by: Marek Vasut <[email protected]>
Suggested-by: Tom Rini <[email protected]>
Signed-off-by: Jesse Taube <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
This old patch was marked as deferred. Bring it back to life, to continue
towards the removal of common.h
Move this out of the common header and include it only where needed.
Signed-off-by: Simon Glass <[email protected]>
|
|
The current mechanism is unnecessarily complex. Simplify the whole mechanism
such that the entire fitImage is signed, IVT is placed at the end, followed
by CSF, and this entire bundle is also authenticated. This makes the signing
scripting far simpler.
Signed-off-by: Marek Vasut <[email protected]>
|
|
This was added by mistake and renders the function useless. Fix it.
Signed-off-by: Simon Glass <[email protected]>
Fixes: 33c60a38bb9 ("trace: Use notrace for short")
Reported-by: Stefan Herbrechtsmeier <[email protected]>
Reviewed-by: Oleksandr Suvorov <[email protected]>
|
|
Remove some CONFIG symbols and related comments, etc, that are unused
within the code itself at this point.
Signed-off-by: Tom Rini <[email protected]>
|
|
The attribute syntax is quite verbose. Use the macro provided for this
purpose.
Signed-off-by: Simon Glass <[email protected]>
|
|
The rest of the unmigrated CONFIG symbols in the CONFIG_SYS namespace do
not easily transition to Kconfig. In many cases they likely should come
from the device tree instead. Move these out of CONFIG namespace and in
to CFG namespace.
Signed-off-by: Tom Rini <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Allocate memory for buffers at a cache-line boundary to avoid
misaligned buffer address for subsequent reads. This avoids an
additional sector-based memory copy in the fat file system driver:
FAT: Misaligned buffer address (...)
Signed-off-by: Stefan Herbrechtsmeier <[email protected]>
|
