| Age | Commit message (Collapse) | Author |
|---|
|
Crytographic algorithms (currently RSA), are stored in linker lists.
The crypto_algos array is unused, so remove it, and any logic
associated with it.
Signed-off-by: Alexandru Gagniuc <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Move the RSA verification crytpo_algo structure out of the
crypto_algos array, and into a linker list.
Although it appears we are adding an #ifdef to rsa-verify.c, the gains
outweigh this small inconvenience. This is because rsa_verify() is
defined differently based on #ifdefs. This change allows us to have
a single definition of rsa_verify().
Signed-off-by: Alexandru Gagniuc <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
The purpose of this change is to enable crypto algorithms to be placed
in linker lists, rather than be declared as a static array. The goal
is to remove the crypto_algos array in a subsequent patch.
Create a new linker list named "cryptos", and search it when
image_get_crypto_algo() is invoked.
NOTE that adding support for manual relocation of crypto_algos within
linker lists is beyond the scope of this patch.
Signed-off-by: Alexandru Gagniuc <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Remove any ifdefs in image-sig.c that were previously used to
differentiate from the host code. Note that all code dedicated to
relocating ->sign() and ->add_verify_data)_ can be safely removed,
as signing is not supported target-side.
NOTE that although it appears we are removing ecdsa256 support, this
is intentional. ecdsa_verify() is a no-op on the target, and is
currently only used by host code.
Signed-off-by: Alexandru Gagniuc <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
This is not needed with Kconfig, since we can use IS_ENABLED() easily
enough. Drop it.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Alexandru Gagniuc <[email protected]>
Signed-off-by: Alexandru Gagniuc <[email protected]>
|
|
We already have a host Kconfig for these SHA options. Use
CONFIG_IS_ENABLED(SHAxxx) directly in the code shared with the host build,
so we can drop the unnecessary indirections.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Alexandru Gagniuc <[email protected]>
Signed-off-by: Alexandru Gagniuc <[email protected]>
|
|
We already have a host Kconfig for SHA1. Use CONFIG_IS_ENABLED(SHA1)
directly in the code shared with the host build, so we can drop the
unnecessary indirection.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Alexandru Gagniuc <[email protected]>
Signed-off-by: Alexandru Gagniuc <[email protected]>
|
|
Drop the _SUPPORT suffix so we can use CONFIG_IS_ENABLED() with this
option.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Alexandru Gagniuc <[email protected]>
Signed-off-by: Alexandru Gagniuc <[email protected]>
|
|
Drop the _SUPPORT suffix so we can use CONFIG_IS_ENABLED() with this
option.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Alexandru Gagniuc <[email protected]>
Signed-off-by: Alexandru Gagniuc <[email protected]>
|
|
Drop the ENABLE and SUPPORT parts of this, which are redundant.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Alexandru Gagniuc <[email protected]>
Signed-off-by: Alexandru Gagniuc <[email protected]>
|
|
These option are named inconsistently with other SPL options, thus making
them incompatible with the CONFIG_IS_ENABLED() macro. Rename them.
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Alexandru Gagniuc <[email protected]>
Signed-off-by: Alexandru Gagniuc <[email protected]>
|
|
The ENABLE part of this name is redundant, since all boolean Kconfig
options serve to enable something. The SUPPORT part is also redundant
since Kconfigs can be assumed to enable support for something. Together
they just serve to make these options overly long and inconsistent
with other options.
Rename FIT_ENABLE_SHAxxx_SUPPORT to FIT_SHAxxx
Signed-off-by: Simon Glass <[email protected]>
Reviewed-by: Alexandru Gagniuc <[email protected]>
Signed-off-by: Alexandru Gagniuc <[email protected]>
|
|
At the moment android_image_get_kcomp() can automatically detect
LZ4 compressed kernels and the compression specified in uImages.
However, especially on ARM64 Linux is often compressed with GZIP.
Attempting to boot an Android image with a GZIP compressed kernel
image currently results in a very strange crash, e.g.
Starting kernel ...
"Synchronous Abort" handler, esr 0x02000000
...
Code: 5555d555 55555d55 555f5555 5d555d55 (00088b1f)
Note the 1f8b, which are the "magic" bytes for GZIP images.
U-Boot already has the image_decomp_type() function that checks for
the magic bytes of bzip2, gzip, lzma and lzo. It's easy to make use
of it here to increase the chance that we do the right thing and the
user does not become confused with strange crashes.
This allows booting Android boot images that contain GZIP-compressed
kernel images.
Signed-off-by: Stephan Gerhold <[email protected]>
|
|
The current fitImage DTO implementation expects each fitImage image
subnode containing DTO to have 'load' property, pointing somewhere
into memory where the DTO will be loaded. The address in the 'load'
property must be different then the base DT load address and there
must be sufficient amount of space between those two addresses.
Selecting and using such hard-coded addresses is fragile, error
prone and difficult to port even across devices with the same SoC
and different DRAM sizes.
The DTO cannot be applied in-place because fdt_overlay_apply_verbose()
modifies the DTO when applying it onto the base DT, so if the DTO was
used in place within the fitImage, call to fdt_overlay_apply_verbose()
would corrupt the fitImage.
Instead of copying the DTO to a specific hard-coded load address,
allocate a buffer, copy the DTO into that buffer, apply the DTO onto
the base DT, and free the buffer.
The upside of this approach is that it is no longer necessary to
select and hard-code specific DTO load address into the DTO. The
slight downside is the new malloc()/free() overhead for each DTO,
but that is negligible (*).
(*) on iMX8MM/MN and STM32MP1
Signed-off-by: Marek Vasut <[email protected]>
Cc: Pantelis Antoniou <[email protected]>
Cc: Simon Glass <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
[trini: Add <linux/sizes.h>]
Signed-off-by: Tom Rini <[email protected]>
|
|
The sysinfo_get_str() implementation checks whether the sysinfo was even
detected. In U-Boot proper, sysinfo_detect() is not called anywhere but
on one specific board. Call sysinfo_detect() before sysinfo_get_str() to
make sure the sysinfo is detected and sysinfo_get_str() returns valid
value instead of -EPERM.
Signed-off-by: Marek Vasut <[email protected]>
Cc: Marcel Ziswiler <[email protected]>
Cc: Simon Glass <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Replace uclass_first_device_err(UCLASS_SYSINFO, &dev) with sysinfo_get(&dev).
The board_info code may use sysinfo to print board information, so use the
sysinfo functions consistently. The sysinfo_get() is internally implemented
as return uclass_first_device_err(UCLASS_SYSINFO, &dev) anyway, so there is
no functional change.
Signed-off-by: Marek Vasut <[email protected]>
Cc: Marcel Ziswiler <[email protected]>
Cc: Simon Glass <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Factor out eMMC boot partition selection code into
default_spl_mmc_emmc_boot_partition() function and implement
weak spl_mmc_emmc_boot_partition(), so that architecture or
board code can override the eMMC boot partition selection.
Signed-off-by: Marek Vasut <[email protected]>
Cc: Faiz Abbas <[email protected]>
Cc: Harald Seiler <[email protected]>
Cc: Lokesh Vutla <[email protected]>
Cc: Simon Glass <[email protected]>
Cc: Fabio Estevam <[email protected]>
Cc: Peng Fan <[email protected]>
Cc: Stefano Babic <[email protected]>
Cc: Ye Li <[email protected]>
Reviewed-by: Jaehoon Chung <[email protected]>
|
|
various minor sandbox improvements
|
|
When we do not have bootstage enabled, rather than include an empty
dummy function, we just don't reference it. This saves us space in some
tight builds. This also shows a few cases where show_boot_progress was
incorrectly guarded before.
Cc: Simon Glass <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
GCC provides a symbol _init in crti.o on x86_64 and aarch64 but not on
RISC-V. The following lines leads to a build error for sandbox_defconfig on
RISC-V due to the missing symbol:
common/board_f.c:269:
#elif defined(CONFIG_SANDBOX) || defined(CONFIG_EFI_APP)
gd->mon_len = (ulong)&_end - (ulong)_init;
The sandbox code is not copied into the memory allocated using mmap().
Hence we can safely use gd->mon_len = 0 to avoid the reference to _init.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Bin Meng <[email protected]>
Reviewed-by: Rick Chen <[email protected]>
|
|
|
|
replace CONFIG_AUTOBOOT_USE_MENUKEY with CONFIG_AUTOBOOT_MENUKEY
Signed-off-by: Da Xue <[email protected]>
|
|
https://source.denx.de/u-boot/custodians/u-boot-microblaze into next
Xilinx changes for v2021.10
clk:
- Add driver for Xilinx Clocking Wizard IP
fdt:
- Also record architecture in /fit-images
net:
- Fix plat/priv data handling in axi emac
- Add support for 10G/25G speeds
pca953x:
- Add missing dependency on i2c
serial:
- Fix dependencies for DEBUG uart for pl010/pl011
- Add setconfig option for cadence serial driver
watchdog:
- Add cadence wdt expire now function
zynq:
- Update DT bindings to reflect the latest state and descriptions
zynqmp:
- Update DT bindings to reflect the latest state and descriptions
- SPL: Add support for ECC DRAM initialization
- Fix R5 core 1 handling logic
- Enable firmware driver for mini configurations
- Enable secure boot, regulators, wdt
- Add support xck devices and 67dr
- Add psu init for sm/smk-k26 SOMs
- Add handling for MMC seq number via mmc_get_env_dev()
- Handle reserved memory locations
- Add support for u-boot.itb generation for secure OS
- Handle BL32 handoffs for secure OS
- Add support for 64bit addresses for u-boot.its generation
- Change eeprom handling via nvmem aliases
|
|
Prepare v2021.07-rc5
# gpg: Signature made Mon 28 Jun 2021 03:39:36 PM EDT
# gpg: using RSA key 1A3C7F70E08FAB1707809BBF147C39FF9634B72C
# gpg: Good signature from "Thomas Rini <[email protected]>" [ultimate]
# Conflicts:
# configs/am64x_evm_r5_defconfig
|
|
The original code is in the public domain. Licenses/README states that the
general license for U-Boot is GPL 2.0+. So we can mark the malloc code as
GPL 2.0+ too.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
On ARM64 secure OS can run as 64bit or 32bit that's why it is necessary to
record information about architecture that other code can read it and
properly pass it to TF-A and start in 64bit or 32bit mode.
Signed-off-by: Michal Simek <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Replace typo CONFIG_USE_AUTOBOOT_MENUKEY with
CONFIG_AUTOBOOT_USE_MENUKEY as when they were introduced initially there
was some mismatch in which name was used where.
Fixes: 8fc31e23aa83 ("autoboot: Rename CONFIG_MENUKEY to CONFIG_AUTOBOOT_MENUKEY")
Signed-off-by: Da Xue <[email protected]>
|
|
board_fit_image_post_process() passes only start and size of the image,
but type of the image is not passed. So pass fit and node_offset, to
derive information about image to be processed.
Signed-off-by: Lokesh Vutla <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
Signed-off-by: Tero Kristo <[email protected]>
|
|
The print_buffer() function is very useful for debugging. Add a version
of this in the log system also.
Signed-off-by: Simon Glass <[email protected]>
|
|
If the console output buffer is exhausted, characters are silently dropped
from the end. Detect this condition and report an error when reading back
the characters.
Signed-off-by: Simon Glass <[email protected]>
|
|
Save the 'no-map' information present in 'reserved-memory' node to allow
correct handling when the MMU is configured in board to avoid
speculative access.
This binding is defined in
doc/device-tree-bindings/reserved-memory/reserved-memory.txt
Additional properties:
...
no-map (optional) - empty property
- Indicates the operating system must not create a virtual mapping
of the region as part of its standard mapping of system memory,
nor permit speculative access to it under any circumstances other
than under the control of the device driver using the region.
Signed-off-by: Patrick Delaunay <[email protected]>
|
|
Add defconfig and board support for HiFive Unmatched.
Signed-off-by: Green Wan <[email protected]>
Reviewed-by: Bin Meng <[email protected]>
Reviewed-by: Rick Chen <[email protected]>
|
|
When we think of Kconfig, we usually think of features that we like
to enable or not. Ideally, we wouldn't use Kconfig to fix a build
issue, although sometimes it might make sense. With Kconfig it's hard
to guarantee that the fix is universal. We can only say that it works
for the set of tested configurations. In the majority of cases, it's
preferable to let the linker figure things out for us.
The reverted commit attempted to fix a build issue by adding an
invisible Kconfig option. This is wrong in several ways:
It invents a new Kconfig variable when CONFIG_HASH already
exists for the same purpose.
Second, hash-checksum.c makes use of the hash_progressive_lookup_algo()
symbol, which is only provided with CONFIG_HASH, but this dependency
was not expressed in the reverted patch.
It feels like Kconfig is turning into a listing of all available
source files, and a buffet to 'select' which ones to compile. The
purpose of this revert is to enable the next change to make use of
CONFIG_HASH instead of adding to Kconfig.
This reverts commit 87316da05f2fd49d3709275e64ef0c5980366ade.
Signed-off-by: Alexandru Gagniuc <[email protected]>
Acked-by: Masahisa Kojima <[email protected]>
|
|
A lot of entries were using spaces instead of tab for alignment that's why
it is good to fix it to use the same style everywhere.
Signed-off-by: Michal Simek <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Now that we have switched to binman to generate u-boot.itb for all
RISC-V boards, USE_SPL_FIT_GENERATOR is no longer needed and can
be dropped.
Signed-off-by: Bin Meng <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
It should be FDT, not FTD.
Signed-off-by: Bin Meng <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Reviewed-by: Rick Chen <[email protected]>
|
|
|
|
Build error occurs when CONFIG_EFI_SECURE_BOOT or
CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled,
because hash-checksum.c is not compiled.
Since hash_calculate() implemented in hash-checksum.c can be
commonly used aside from FIT image signature verification,
this commit itroduces HASH_CALCULATE option to decide
if hash-checksum.c shall be compiled.
Signed-off-by: Masahisa Kojima <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Commit a479f103dc1c ("hash: Allow for SHA512 hardware implementations")
defined function definitions for hardware accelerated SHA384 and SHA512.
If CONFIG_SHA_HW_ACCEL=y, these functions are used.
We already have boards using CONFIG_SHA_HW_ACCEL=y but none implements the
new functions hw_sha384() and hw_sha512().
For implementing the EFI TCG2 protocol we need SHA384 and SHA512. The
missing hardware acceleration functions lead to build errors on boards like
peach-pi_defconfig.
Introduce a new Kconfig symbol CONFIG_SHA512_HW_ACCEL to control if the
functions hw_sha384() and hw_sha512() shall be used to implement the SHA384
and SHA512 algorithms.
Fixes: a479f103dc1c ("hash: Allow for SHA512 hardware implementations")
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
This patch tries to distinguish two error messages.
Signed-off-by: [email protected] <[email protected]>
|
|
Move the fdt_valid function to fdt_support.
This changes allow to be able to test the validity of a devicetree in
other c files.
Update code syntax.
Signed-off-by: Kory Maincent <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
Reviewed-by: Maxime Ripard <[email protected]>
|
|
This reverts commit d64b9cdcd475eb7f07b49741ded87e24dae4a5fc.
As pointed by [1] and [2], the reverted patch made every DT 'reg'
property translatable. What the patch was trying to fix was fixed in a
different way from previously submitted patches which instead of
correcting the generic address translation function fixed the issue with
appropriate platform code.
[1] https://patchwork.ozlabs.org/project/uboot/patch/[email protected]/
[2] https://lore.kernel.org/linux-clk/[email protected]/T/
Signed-off-by: Dario Binacchi <[email protected]>
Reviewed-by: Bin Meng <[email protected]>
|
|
By declaring board-specific board_fdt_chosen_bootargs() the kernel
command line arguments can be adjusted before injecting to flat dt
chosen node.
Signed-off-by: Niko Mauno <[email protected]>
|
|
It can be useful to use the same U-Boot binary for multiple purposes,
say the normal one, one for developers that allow breaking into the
U-Boot shell, and one for use during bootstrapping which runs a
special-purpose bootcmd. Or one can have several board variants that
can share almost all boot logic, but just needs a few tweaks in the
variables used by the boot script.
To that end, allow the control dtb to contain a /config/enviroment
node (or whatever one puts in fdt_env_path variable), whose
property/value pairs are used to update the run-time environment after
it has been loaded from its persistent location.
The indirection via fdt_env_path is for maximum flexibility - for
example, should the user wish (or board logic dictate) that the values
in the DTB should no longer be applied, one simply needs to delete the
fdt_env_path variable; that can even be done automatically by
including a
fdt_env_path = "";
property in the DTB node.
Reviewed-by: Simon Glass <[email protected]>
Signed-off-by: Rasmus Villemoes <[email protected]>
Acked-by: Joe Hershberger <[email protected]>
|
|
This has the uclass enforce calling detect() before other methods. This
allows drivers to cache information in detect() and perform (cheaper)
retrieval in the other accessors. This also modifies the only instance
where this sequencing was not followed.
Signed-off-by: Sean Anderson <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Use of strcat() against an uninitialized buffer would lead
to buffer overflow. This patch fixes it.
Fixes: 694cd5618c ("IOMUX: Introduce iomux_replace_device()")
Signed-off-by: Yuichiro Goto <[email protected]>
Cc: Peter Robinson <[email protected]>
Cc: Andy Shevchenko <[email protected]>
Cc: Nicolas Saenz Julienne <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Tested-by: Peter Robinson <[email protected]>
|
|
One of my monitors have only 4k@60 timing in base EDID block which is
out of range for devices with HDMI 1.4. It turns out that it has
additional detailed timings in CTA-861 Extension Block and two of them
are appropriate for HDMI 1.4.
Add additional search for valid detailed timing in extension block.
Signed-off-by: Jernej Skrabec <[email protected]>
Acked-by: Andre Przywara <[email protected]>
Signed-off-by: Andre Przywara <[email protected]>
|
|
Code which searches for valid detailed timing entry will be used in more
places. Extract it.
No functional change is made. However, descriptors are casted to
edid_detailed_timing instead of edid_monitor_descriptor. Descriptor can
be of either type, but since we're interested only in DTD, it is more
fitting to cast to edid_detailed_timing.
Reviewed-by: Andre Przywara <[email protected]>
Signed-off-by: Jernej Skrabec <[email protected]>
Signed-off-by: Andre Przywara <[email protected]>
|
|
When searching for detailed timing in EDID, check for digital display
earlier. There is no point parsing other parameters if this flag is not
present.
Reviewed-by: Andre Przywara <[email protected]>
Signed-off-by: Jernej Skrabec <[email protected]>
Signed-off-by: Andre Przywara <[email protected]>
|
|
Add support for stack protector for UBOOT, SPL, and TPL
as well as new pytest for stackprotector
Signed-off-by: Joel Peshkin <[email protected]>
Adjust UEFI build flags.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
