| Age | Commit message (Collapse) | Author |
|---|
|
In order to build the spi flash environment driver, but with
CONFIG_ENV_REDUNDANT disabled we must make use of IF_ENABLED_INT to
check for a value in CONFIG_ENV_OFFSET_REDUND otherwise we will fail to
build.
Signed-off-by: Tom Rini <[email protected]>
|
|
In order to have ENV_IS_IN_NAND be valid we must have MTD_RAW_NAND
enabled as a minimum, express this dependency in Kconfig.
Signed-off-by: Tom Rini <[email protected]>
|
|
When both environment copies have valid CRCs but the flag bytes do not
match any recognized pair, env_flash_init() falls through without
setting gd->env_addr or gd->env_valid. This is a problem because:
1. env_init() then sets gd->env_addr = &default_environment (in RAM).
2. In env_flash_load(), the pointer comparison
gd->env_addr != &flash_addr->data evaluates true (RAM != flash),
triggering the pointer swap that selects the secondary copy.
3. The repair logic writes OBSOLETE (0x00) to the non-active flag but
cannot promote the other flag from 0x00 to ACTIVE (0x01) because
NOR flash requires a sector erase to set bits. Both copies end up
with flag=0x00.
4. On every subsequent boot, flag1 == flag2 triggers the ENV_REDUND
path, printing a spurious "recovered successfully" warning until
an explicit saveenv erases and rewrites the sectors.
The recognized flag values are ACTIVE (0x01), OBSOLETE (0x00), and
erased (0xFF). Of the 256 possible flag values, the existing chain of
if/else-if handles only three: 253 of 256 values fall through without
setting gd->env_addr. Combined with 0x00 (already stuck on NOR),
254 of 256 values eventually reach the persistent-warning state.
Other env backends (SPI flash, NAND, MMC) handle this through
env_check_redund() in env/common.c, which uses a numeric comparison
of the flags as a serial counter and always reaches a decision. The
CFI flash backend is the only one that uses its own flag-matching
logic.
Add a catch-all else clause that defaults to the primary copy with
ENV_REDUND status, matching the existing behavior for the flag1==flag2
case. This ensures gd->env_addr is always set, preventing the
unintended pointer swap. The condition is recoverable via saveenv.
Signed-off-by: Neil Berkman <[email protected]>
Reproducer: https://gist.github.com/neilberkman/4155612a7942d3f510f204eb85e61943
The SPI flash backend (env/sf.c) has a related but distinct issue:
it retained legacy boolean save semantics but its load path now uses
the common serial-number logic in env_check_redund(), creating an
inconsistency under interrupted updates. That has wider implications
for fw_env.c and would need separate discussion.
|
|
TARGET namespace is for machines / boards / what-have-you that
building U-Boot for. Simply replace from TARGET to ARCH
make things more clear and proper for ALL SoCFPGA.
Signed-off-by: Brian Sune <[email protected]>
Reviewed-by: Tien Fong Chee <[email protected]>
# Conflicts:
# drivers/ddr/altera/Makefile
|
|
Add support for converting single-copy environment to redundant environment.
In case CRC checks on both redundant environment copies fail, try one more
CRC check on the primary environment copy and treat it as single environment.
If that check does pass, rewrite the single-copy environment into redundant
environment format, indicate the environment is valid, and import that as
usual primary copy of redundant environment. Follow up 'env save' will then
store two environment copies and the system will continue to operate as
regular redundant environment system.
Add test which validates this upgrade path. The test starts with spi.bin
which is pre-populated as single-copy environment and then upgrades that
environment to dual-copy environment.
Signed-off-by: Marek Vasut <[email protected]>
|
|
As resolved and explained in detail in commit e589d5822cac ("env: spi:
Fix gd->env_valid for the first write") and archived discussion there is
a corner case where we don't do the right thing with redundant
environments. This same exact check was present in the mmc code and
resolved with commit 813a0df27a8a ("env: Invert gd->env_valid for
env_mmc_save") and in the discussion of that patch, I noted that both
fat and ubi (and at the time, sf) were doing the same thing. Take the
time now to correct fat and ubi environment.
Signed-off-by: Tom Rini <[email protected]>
|
|
The A/B update strategy of the env's has a gap in the first 2 calls of saveenv.
The env's are stored twice on the first memory area if:
gd->env_valid == ENV_INVALID.
u-boot=> saveenv
Saving Environment to MMC... Writing to MMC(1)... OK
u-boot=> saveenv
Saving Environment to MMC... Writing to MMC(1)... OK <-- !!!
u-boot=> saveenv
Saving Environment to MMC... Writing to redundant MMC(1)... OK
u-boot=> saveenv
Saving Environment to MMC... Writing to MMC(1)... OK
This is the same issue as resolved in commit e589d5822cac ("env: spi:
Fix gd->env_valid for the first write")
Signed-off-by: Michael Glembotzki <[email protected]>
Signed-off-by: Jasper Orschulko <[email protected]>
Signed-off-by: Michael Heimpold <[email protected]>
[trini: Amend the commit message]
---
Changes in v2:
- Rebase to current master
- Amend the commit message to reference the SPI version of this fix,
which had significant follow-up discussion.
|
|
Falcon mode uses falcon_image_file from the env during mmc fs boot, but
external env can be compromised. Therefore disable access to external
env by setting SPL_ENV_IS_NOWHERE when SPL_OS_BOOT_SECURE is set.
Signed-off-by: Anshul Dalal <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
|
|
Merge the outstanding changes from the 'next' branch to master.
|
|
%s/environemt/environment
Signed-off-by: Thomas Bonnefille <[email protected]>
|
|
When both SPI environment locations are invalid (gd->env_valid ==
ENV_INVALID), the first call to saveenv writes to the primary location and
sets the active flag. However, the logic for updating gd->env_valid
incorrectly sets it to ENV_REDUND, which does not match the actual location
written. This causes the first two writes to target the same location, and
alternation only begins after the second write.
Update the logic to alternate gd->env_valid based on whether the last write
was to the primary or redundant location, ensuring the first write sets
ENV_VALID and subsequent writes alternate as expected. This aligns
env_valid with the actual storage location and fixes the alternation
sequence from the first write.
With this change, the "Valid environment" printout correctly reflects the
active location after each save, and the alternation between primary and
redundant locations works as intended from the start.
Signed-off-by: Michal Simek <[email protected]>
Reviewed-by: Marek Vasut <[email protected]>
Acked-by: E Shattow <[email protected]>
|
|
Prepare v2025.10-rc5
|
|
Since commit 5fb88fa725 "env: Rename SYS_REDUNDAND_ENVIRONMENT to ENV_REDUNDANT"
the option SYS_REDUNDAND_ENVIRONMENT is no longer available and should be
renamed to ENV_REDUNDANT.
Fixes: 95f03ee65c0e ("env: mmc: fix offsets relative to the end of the partition")
Signed-off-by: Heiko Thiery <[email protected]>
Reviewed-by: Marek Vasut <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
|
|
Prepare v2025.10-rc3
|
|
bug fix MTD_OOB_AUTO to MTD_OPS_AUTO_OOB since MTD_OOB_AUTO does not exist
Fixes: dfe64e2c8973 ("mtd: resync with Linux-3.7.1")
Signed-off-by: david regan <[email protected]>
Signed-off-by: Michael Trimarchi <[email protected]>
|
|
Make the interface type check consistent among the other interface types
by checking it agains the ifname string.
The ifname string contains the string returned by env_fat_get_intf(), which
returns the CONFIG_ENV_FAT_INTERFACE value.
No functional change.
Signed-off-by: Fabio Estevam <[email protected]>
|
|
Add support for retrieving the EXT4 environment from an NVME device, the
same way it can be retrieved from MMC, SCSI, or VIRTIO.
To use the EXT4 environment from an NVME device, pass
CONFIG_ENV_EXT4_INTERFACE="nvme" in the defconfig.
Signed-off-by: Fabio Estevam <[email protected]>
|
|
Add support for retrieving the FAT environment from an NVME device, the
same way it can be retrieved from MMC, SCSI, or VIRTIO.
To use the FAT environment from an NVME device, pass
CONFIG_ENV_FAT_INTERFACE="nvme" in the defconfig.
Signed-off-by: Fabio Estevam <[email protected]>
|
|
As part of renaming environment related Kconfig options,
ENV_MMC_SW_PARTITION was inadvertently changed from a string to a bool.
Correct this.
Fixes: ffc4914703a2 ("env: Rename ENV_MMC_PARTITION to ENV_MMC_SW_PARTITION")
Reviewed-by: Marek Vasut <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
In order to set the BOOTFILE symbol we first need to have USE_BOOTFILE
be set, or some of the logic might not work as expected later on when
building. Second, defaults like this belong with the symbol itself.
Fixes: da595d236b97 ("include: configs: soc64: Use CONFIG_SPL_ATF to differentiate bootfile")
Signed-off-by: Tom Rini <[email protected]>
|
|
When sect_size is greater than the CONFIG_ENV_SIZE, this wild
pointer will cause CPU halt or system crash.
Fixes: 03fb08d4aef8 ("env: Introduce support for MTD")
Signed-off-by: Shiji Yang <[email protected]>
|
|
The mtd device is got in setup_mtd_device(), we must put the mtd
device before exiting the function to update the mtd use count.
This patch fixes the following env error:
> Removing MTD device #2 (u-boot-env) with use count 1
> Error when deleting partition "u-boot-env" (-16)
Fixes: 03fb08d4aef8 ("env: Introduce support for MTD")
Signed-off-by: Shiji Yang <[email protected]>
|
|
We have a few options that we cannot enable in a "allyesconfig" type
build because we cannot use zero as a default value.
- The logic around HAS_BOARD_SIZE_LIMIT assumes that if we have set this
then we compare with it. Similarly, we need to set SPL_NO_BSS_LIMIT as
the default there.
- Both SYS_CUSTOM_LDSCRIPT and ENV_USE_DEFAULT_ENV_TEXT_FILE then prompt
for a file name to use.
- The SYS_I2C_SOFT driver is a legacy driver which requires a lot of
configuration within the board config. file instead, so disable it.
Signed-off-by: Tom Rini <[email protected]>
|
|
It was discovered that env_do_env_set() currently suffer from a long
time of a possible out-of-bound access for the argv array handling.
The BUG is present in the function env_do_env_set() line:
name = argv[1];
where the function at this point assume the argv at index 1 is always
present and can't be NULL. Aside from the fact that it's always
better to validate argv entry with the argc variable, situation where
the argv[1] is NULL is actually possible and not an error condition.
A example of where an out-of-bound access is triggered is with the
command "askenv - Press ENTER to ...".
This is a common pattern for bootmenu entry to ask the user input after
a bootmenu command succeeded.
In the context of such command, the while loop before "name = argv[1];"
parse the "-" char as an option arg and increment the argv pointer by
one (to make the rest of the logic code ignore the option argv) and
decrement argc value.
The while loop logic is correct but at the "name = argv[1];" line, the
argv have only one element left (the "-" char) and accessing argv[1]
(aka the secong element from argv pointer) cause an out-of-bound access
(making the bootloader eventually crash with strchr searching in invalid
data)
To better handle this and prevent the out-of-bound access, actually
check the argv entry left (with the use of the argc variable) and exit
early before doing any kind of array access.
Signed-off-by: Christian Marangi <[email protected]>
|
|
According to the help text, you can set negative offsets to indicated
that the offset is relative to the end of the parition. But kconfig
doesn't let you specify negative hex values. I think this fell through
the cracks when converting the symbol from a '#define' to a kconfig
option.
Introduce a new boolean kconfig option to switch on the "relative to the
end" behavior.
Signed-off-by: Michael Walle <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
Signed-off-by: Peng Fan <[email protected]>
|
|
Marek Vasut <[email protected]> says:
Rename the environment related variables and add ENV_ prefix, so that
all configuration options which are related to environment would have
an CONFIG_ENV_ prefix. No functional change.
Link: https://lore.kernel.org/r/[email protected]
|
|
There are no users of DELAY_ENVIRONMENT and the same effect can
be achieved either using DT /config/load-environment property,
or by using ENV_IS_NOWHERE . Remove this configuration option
and matching functionality.
Signed-off-by: Marek Vasut <[email protected]>
|
|
Rename the variable and add ENV_ prefix, so that all configuration
options which are related to environment would have an CONFIG_ENV_
prefix. No functional change.
Also rename USE_DEFAULT_ENV_FILE to USE_ENV_DEFAULT_ENV_TEXT_FILE .
Signed-off-by: Marek Vasut <[email protected]>
|
|
Rename the variable and add ENV_ prefix, so that all configuration
options which are related to environment would have an CONFIG_ENV_
prefix. No functional change.
Use ENV_MMC_SW_PARTITION to clarify this is the SD/MMC software
partition table entry selector. Update the help text accordingly.
Signed-off-by: Marek Vasut <[email protected]>
|
|
Rename the variable and add ENV_ prefix, so that all configuration
options which are related to environment would have an CONFIG_ENV_
prefix. No functional change.
Use ENV_MMC_EMMC_HW_PARTITION to clarify this is the eMMC hardware
partition selector, not a software partition table entry selector.
Retain the ENV_MMC_ prefix to make it easier to search for all the
SD/MMC related ENV options. Update the help text accordingly.
Signed-off-by: Marek Vasut <[email protected]>
|
|
Rename the variable and add ENV_ prefix, so that all configuration
options which are related to environment would have an CONFIG_ENV_
prefix. No functional change.
Use ENV_MMC_DEVICE_INDEX to clarify this is the SD/MMC device
index, a number, as enumerated by U-Boot. Update the help text
accordingly.
Signed-off-by: Marek Vasut <[email protected]>
|
|
Rename the variable and add ENV_ prefix, so that all configuration
options which are related to environment would have an CONFIG_ENV_
prefix. No functional change.
Reviewed-by: Tom Rini <[email protected]>
Signed-off-by: Marek Vasut <[email protected]>
|
|
Rename the variable and add ENV_ prefix, so that all configuration
options which are related to environment would have an CONFIG_ENV_
prefix. No functional change.
Signed-off-by: Marek Vasut <[email protected]>
|
|
Rename the variable and add ENV_ prefix, so that all configuration
options which are related to environment would have an CONFIG_ENV_
prefix. No functional change.
Reviewed-by: Quentin Schulz <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
Signed-off-by: Marek Vasut <[email protected]>
|
|
Prepare v2025.07-rc4
|
|
When lwIP (CONFIG_NET_LWIP) is used instead of legacy stack (CONFIG_NET),
environment flags support associated with network was not built: restore
support of "i" and "m" environment flags.
Signed-off-by: Benjamin ROBIN <[email protected]>
Acked-by: Jerome Forissier <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
|
|
Varadarajan Narayanan <[email protected]> says:
The qcs9100 based Ride platforms have UFS as their primary storage.
Hence add support to U-Boot env framework to be able to save and
retrieve the environment from UFS. The environment will be
saved/retrieved from the partition specified in the config option
CONFIG_SCSI_ENV_PART.
Also add an API to convert partition UUID string to block device
descriptor for UFS. This API will be used to get the block device
descriptor for the partition specified in CONFIG_SCSI_ENV_PART.
Link: https://lore.kernel.org/r/[email protected]
|
|
Allow SCSI to be able to store environment variables.
Signed-off-by: Varadarajan Narayanan <[email protected]>
Acked-by: Casey Connolly <[email protected]>
|
|
1. As this is for MTD-based devices, the Kconfig dependency should be MTD
instead of only spi-nor flashes
2. Initialize saved_buf to avoid crash on free()
3. Remaining size should be set correctly to write_size
Fixes: 03fb08d4aef (env: Introduce support for MTD)
Signed-off-by: Weijie Gao <[email protected]>
Reviewed-by: Christian Marangi <[email protected]>
|
|
Introduce support for env in generic MTD. Currently we only support SPI
flash based on the lagacy sf cmd that assume SPI flash are always NOR.
This is not the case as to SPI controller also NAND can be attached.
To support also these flash scenario, add support for storing and
reading ENV from generic MTD device by adding an env driver that
base entirely on the MTD api.
Introduce a new kconfig CONFIG_ENV_IS_IN_MTD and
CONFIG_ENV_MTD_DEV to define the name of the MTD device as exposed
by mtd list.
Signed-off-by: Christian Marangi <[email protected]>
|
|
This series from Raymond Mao <[email protected]> fixes some cases
of passing the device tree to U-Boot via standard passage and then
ensures that we set the environment variable of the device tree
correctly in this case.
Link: https://lore.kernel.org/r/[email protected]
|
|
Point fdt_addr to the fdt embedded in the bloblist since fdt_addr
is a default address for bootefi, bootm and booti to look for the
device tree when launching the kernel.
Signed-off-by: Raymond Mao <[email protected]>
|
|
Enable saving variables to MMC(FAT) and SPI based on primary
bootmode. If bootmode is JTAG, dont save env anywhere(NOWHERE).
Enable ENV_FAT_DEVICE_AND_PART="0:auto" for Versal Gen 2 platform.
Signed-off-by: Venkatesh Yadav Abbarapu <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Michal Simek <[email protected]>
|
|
The symbol "ENV_IS_EMBEDDED" is an environment internal define and not a
real CONFIG symbol. The IS_ENABLED() macro is still valid to use here,
so update the check.
Signed-off-by: Tom Rini <[email protected]>
|
|
Rename the variants of env_mmc_load() for redundant and non-redundant
environment to env_mmc_load_redundant() and env_mmc_load_singular()
respectively and convert the env_mmc_load() implementation to use of
if (IS_ENABLED(...)). As a result, drop __maybe_unused from
mmc_env_is_redundant_in_both_boot_hwparts().
Signed-off-by: Marek Vasut <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
Reviewed-by: Mattijs Korpershoek <[email protected]>
|
|
Introduce a new function mmc_env_is_redundant_in_both_boot_hwparts()
which replaces IS_ENABLED(ENV_MMC_HWPART_REDUND) and internally does
almost the same check as the macro which assigned ENV_MMC_HWPART_REDUND
did, and call it in place of IS_ENABLED(ENV_MMC_HWPART_REDUND).
The difference compared to IS_ENABLED(ENV_MMC_HWPART_REDUND) is
in the last conditional, which does not do plain macro compare
(CONFIG_ENV_OFFSET == CONFIG_ENV_OFFSET_REDUND), but instead does
mmc_offset(mmc, 0) == mmc_offset(mmc, 1). If OF_CONTROL is not
in use, this gets optimized back to original macro compare, but
if OF_CONTROL is in use, this also takes into account the DT
properties u-boot,mmc-env-offset and u-boot,mmc-env-offset-redundant.
Signed-off-by: Marek Vasut <[email protected]>
Reviewed-by: Mattijs Korpershoek <[email protected]>
Reviewed-by: Quentin Schulz <[email protected]>
|
|
The env_fat_get_dev_part() function mostly returns a fixed string, set
via some Kconfig variable. However when the first character is a colon,
that means that the boot device number is determined at runtime, and
patched in. This requires altering the string.
So far this was done via some ugly and actually illegal direct write to
the .rodata string storage. We got away with this because U-Boot maps
everything as read/write/execute so far.
A proposed patch set actually enforces read-only (and no-execute)
permissions in the page tables, so this routine now causes an exception:
=======================
Loading Environment from FAT... "Synchronous Abort" handler, esr 0x9600004f, far 0xfffb7d4c
elr: 000000004a054228 lr : 000000004a05421c (reloc)
elr: 00000000fff7c228 lr : 00000000fff7c21c
.....
=======================
Rewrite the routine to do away with the dodgy string manipulation,
instead allocate the string in the r/w .data section, where we can
safely manipulate it.
Signed-off-by: Andre Przywara <[email protected]>
Acked-by: Ilias Apalodimas <[email protected]>
|
|
Replace Maximumm with Maximum in Kconfig symbol description, fix a typo.
No functional change.
Signed-off-by: Marek Vasut <[email protected]>
Reviewed-by: Michal Simek <[email protected]>
|
|
Switch the callback static list from the board configuration variable
CFG_ENV_CALLBACK_LIST_STATIC to Kconfig CONFIG_ENV_CALLBACK_LIST_STATIC.
Signed-off-by: Christoph Niedermaier <[email protected]>
Reviewed-by: Marek Vasut <[email protected]>
|
|
Simon Glass <[email protected]> says:
When the SPL build-phase was first created it was designed to solve a
particular problem (the need to init SDRAM so that U-Boot proper could
be loaded). It has since expanded to become an important part of U-Boot,
with three phases now present: TPL, VPL and SPL
Due to this history, the term 'SPL' is used to mean both a particular
phase (the one before U-Boot proper) and all the non-proper phases.
This has become confusing.
For a similar reason CONFIG_SPL_BUILD is set to 'y' for all 'SPL'
phases, not just SPL. So code which can only be compiled for actual SPL,
for example, must use something like this:
#if defined(CONFIG_SPL_BUILD) && !defined(CONFIG_TPL_BUILD)
In Makefiles we have similar issues. SPL_ has been used as a variable
which expands to either SPL_ or nothing, to chose between options like
CONFIG_BLK and CONFIG_SPL_BLK. When TPL appeared, a new SPL_TPL variable
was created which expanded to 'SPL_', 'TPL_' or nothing. Later it was
updated to support 'VPL_' as well.
This series starts a change in terminology and usage to resolve the
above issues:
- The word 'xPL' is used instead of 'SPL' to mean a non-proper build
- A new CONFIG_XPL_BUILD define indicates that the current build is an
'xPL' build
- The existing CONFIG_SPL_BUILD is changed to mean SPL; it is not now
defined for TPL and VPL phases
- The existing SPL_ Makefile variable is renamed to SPL_
- The existing SPL_TPL Makefile variable is renamed to PHASE_
It should be noted that xpl_phase() can generally be used instead of
the above CONFIGs without a code-space or run-time penalty.
This series does not attempt to convert all of U-Boot to use this new
terminology but it makes a start. In particular, renaming spl.h and
common/spl seems like a bridge too far at this point.
The series is fully bisectable. It has also been checked to ensure there
are no code-size changes on any commit.
|
