| Age | Commit message (Collapse) | Author |
|---|
|
Some FIT image properties have their string represented in
include/image.h via constants. FIT_ALGO_PROP does exist and would fit the
bill so let's use it instead of using a hardcoded string.
Signed-off-by: Quentin Schulz <[email protected]>
|
|
Add support for translating the EFI_PARTITION_INFO_PROTOCOL_GUID
to a text.
Reviewed-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
into next
CI: https://source.denx.de/u-boot/custodians/u-boot-riscv/-/pipelines/28674
- riscv: Implement private GCC library
- mpfs: Add MPFS CPU Implementation
- andes: Stop disabling device tree relocation and some minor fixes
- sifive: Stop disabling device tree relocation
- starfive: Cleanup size types and typos
|
|
Prepare v2026.01-rc4
|
|
The following functions are provided:
Count leading zero bits
* int __clzsi2 (unsigned int a)
* int __clzdi2 (unsigned long a)
* int __clzti2 (unsigned long long a)
Count trailing zero bits
* int __ctzsi2 (unsigned int a)
* int __ctzdi2 (unsigned long a)
* int __ctzti2 (unsigned long long a)
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
get_dp_device() is used to derive the device path from a boot variable.
However, if the last efi_get_variable_int() call fails, we return an
error without freeing 'buf'.
There's no need to call efi_get_variable_int() for variables we don't
know the size since we have the efi_get_var() wrapper.
Replace that in the two instances we use it. The first one will also
fix the memory leak.
A nice sideeffect is that the code size is also reduced, since we are
re-using functions instead of open coding them
$~ bloat-o-meter u-boot u-boot.new
add/remove: 0/0 grow/shrink: 1/2 up/down: 6/-196 (-190)
Function old new delta
version_string 70 76 +6
efi_launch_capsules 2288 2196 -92
get_dp_device 244 140 -104
Total: Before=1222331, After=1222141, chg -0.02%
Fixes: c74cd8bd08d1 ("efi_loader: capsule: add capsule_on_disk support")
Signed-off-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Heiko Schocher <[email protected]> says:
Add SM3 secure hash, as specified by OSCCA GM/T 0004-2012 SM3 and described
at https://datatracker.ietf.org/doc/html/draft-sca-cfrg-sm3-02
TPMv2 defines hash algo sm3_256, which is currently
not supported and prevented TPMv2 chip with newer
firmware to work with U-Boot. Seen this on a ST33TPHF2XI2C
u-boot=> tpm2 init
u-boot=> tpm2 autostart
tpm2_get_pcr_info: too many pcrs: 5
Error: -90
u-boot=>
Implement sm3 hash, so we can fix this problem.
Link: https://lore.kernel.org/r/[email protected]
|
|
add sm3 256 hash support, so TPM2 chips which report
5 pcrs with sm3 hash do not fail with:
u-boot=> tpm2 autostart
tpm2_get_pcr_info: too many pcrs: 5
Error: -90
Signed-off-by: Heiko Schocher <[email protected]>
|
|
add the U-Boot specific parts for the SM3 hash
implementation:
Signed-off-by: Heiko Schocher <[email protected]>
|
|
Implement SM3_256 Hash algorithm, based on
linux commit f83a4f2a4d8c: ("Merge tag 'erofs-for-6.17-rc6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs")
Therefore add the needed parts from linux.
Signed-off-by: Heiko Schocher <[email protected]>
Acked-by: Ilias Apalodimas <[email protected]>
|
|
Prepare v2026.01-rc3
|
|
Use global st_boottime and st_runtime.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Use global st_boottime and st_runtime.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Use global st_runtime.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Use global st_boottime and st_runtime.
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Use global st_runtime.
Reviewed-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Use global st_runtime.
Reviewed-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Save the address of the EFI runtime as a global variable.
This allows to simplify the setup of tests.
Reviewed-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
reserved-memory nodes
I've spent time trying to figure out why my board (Rockchip PX30-based)
suddenly boot loops when running a specific program in Linux userspace
after working on a U-Boot upgrade. I actually inadvertently had the TEE
environment variable set for a device which doesn't actually need to run
any TEE OS (so had OPTEE_LIB disabled).
It is currently possible to build an image with an OP-TEE OS (via the
TEE environment variable) without OPTEE_LIB. U-Boot will happily load
the TEE OS and the next OS (e.g. the Linux kernel).
This is an issue because on FDT-enabled devices, OP-TEE OS adds nodes to
the reserved-memory FDT node for the memory regions it just reserved for
itself. This updated FDT is then passed to U-Boot proper which should
know better not to use memory from there. The actual issue is that
without OPTEE_LIB and OF_LIBFDT enabled, U-Boot proper will not copy
those nodes over to the next OS's FDT before starting it. This results
in the next OS's (e.g. Linux kernel) to not be aware of reserved memory,
incurring random crashes or device reboots when it tries to access
secure reserved memory area.
On Rockchip, the U-Boot FIT image which contains both the TEE OS and
U-Boot proper is generated by binman. Unfortunately, binman doesn't seem
to have access to Kconfig symbols (grep CONFIG_ doesn't return anything
meaningful and binman is either configured through FDT nodes or via CLI
arguments, c.f. cmd_binman in the root Makefile) so we cannot try to be
smart and guide the user to the correct Kconfig option to select if TEE
is set. We could add a property based on the presence of OPTEE_LIB in
rockchip-u-boot.dtsi for example and have a custom message based on
that, the issue is that I assume all FDT-based platforms do actually
need to do this dance, and not only Rockchip.
Another option could be to add a CLI argument to binman through which
we would pass the state of OPTEE_LIB and error out the build in that
case, but that feels like opening the door to other various dirty hacks.
Another option is to propagate the TEE environment variable to the
preprocessor of the FDT (via dtc_cpp_flags) and then we can do
#if defined(TEE) && !IS_ENABLED(CONFIG_OPTEE_LIB)
#error "CONFIG_OPTEE_LIB must be enabled!"
#endif
but we have the same issue as above, it is then Rockchip-specific and
doesn't feel right to me.
Yet another option is to remove the @tee-SEQ node from the binman FIT
description when OPTEE_LIB isn't set but then we would lose the
following nice message when no TEE is provided:
Image 'simple-bin' is missing optional external blobs but is still functional: tee-os
and even worse, build without any TEE OS even though we could provide
one via the TEE environment variable.
Finally, another option could be to move this hack under
arch/arm/mach-rockchip/Kconfig to make it Rockchip-specific or add a
depends on ARCH_ROCKCHIP. However OP-TEE OS on Aarch32 Rockchip boards
doesn't actually need any of that if SPL_OPTEE_IMAGE is set because
arch/arm/mach-rockchip/sdram.c then marks some hardcoded memory regions
in RAM as holes in DRAM, which has the same effect as reserved memory
regions I guess. I assume other platforms may use something different,
so it may be casting too wide of a net.
This commit is what I could come up with as a stopgap measure to avoid
building images that simply cannot reliably work and fail randomly.
Signed-off-by: Quentin Schulz <[email protected]>
|
|
The fitImage may be stored in EFI update capsule at address that
is not aligned to 8 bytes. Since fitImage is a DT, new version of
libfdt 1.7.2 rejects such an unaligned DT. Patch the code and copy
the fitImage into aligned buffer in case it is not aligned. This
does increase overhead for unaligned fitImages in EFI capsules, but
tries to keep the overhead low for aligned ones.
Signed-off-by: Marek Vasut <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
When building with clang, we see a warning:
lib/efi_selftest/efi_selftest_snp.c:63:18: error: field dhcp_hdr within
'struct dhcp' is less aligned than 'struct dhcp_hdr' and is usually due
to 'struct dhcp' being packed, which can lead to unaligned accesses
[-Werror,-Wunaligned-access]
when building lib/efi_selftest/efi_selftest_snp.c. Resolve this error by
packing struct dhcp_hdr as well, as the only place it is used also is
packed.
Signed-off-by: Tom Rini <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
|
|
Memset() must return a pointer to the start of the updated memory block.
Fixes: 476476e73b14 ("efi: Add support for loading U-Boot through an EFI stub")
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Remove duplicate #include.
Acked-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
%s/eventfor/event for/
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Convert function comments in efi_selftest_console.c to match
Sphinx style.
Correct function name in print_uuid() comment.
Acked-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Quentin Schulz <[email protected]> says:
While historically signature verification is mostly done for FIT such
FIT_SIGNATURE dependency for signature algorithm makes sense, it isn't
the only kind of file we can verify signatures of. It can also be done
manually with rsa_verify_hash() with an embedded public key.
Considering the impacted code is guarded by RSA_VERIFY, let's make the
symbol depend on that otherwise selecting it without RSA_VERIFY won't do
anything. The FIT_SIGNATURE dependency wasn't also enough before as it
only implied RSA_VERIFY.
Then, simply relocate the RSA SSA PSS padding with the other RSA symbols
in lib/rsa instead of in boot/ and rename it to remove the mention to
FIT.
Finally, add the PSS padding wherever PKCS1.5 padding is specified as
one or the other can be used.
Link: https://lore.kernel.org/r/[email protected]
|
|
While the verification step originally only supported PKCS1.5 as padding
algorithm for the signature, it was later extended to add support for
PSS but the doxygen doc wasn't updated to reflect that so let's fix
that oversight.
Fixes: 061daa0b61f0 ("rsa: add support of padding pss")
Signed-off-by: Quentin Schulz <[email protected]>
|
|
This renames FIT_RSASSA_PSS symbols to drop the FIT_ prefix to avoid
potential confusion since there's nothing FIT specific to those symbols.
It also isn't really related to booting, so boot/Kconfig is an odd place
for them to live. Since they make sense only in relation with RSA,
simply move them to lib/rsa where it makes more sense for them to
reside.
Signed-off-by: Quentin Schulz <[email protected]>
|
|
https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request efi-2026-01-rc2
CI: https://source.denx.de/u-boot/custodians/u-boot-efi/-/pipelines/28208
Documentation:
* bootstd: Describe environment variable extension_overlay_addr
environment and remove extension support from TODO list
EFI:
* Correct the detection of the video mode in the EFI payload app:
- Use struct efi_gop_mode_info in the definition of struct
efi_entry_gopmode.
- In function get_mode_from_entry() use the correct type for the video
mode structure.
* Use a valid error code as return value in efi_store_memory_map().
* Avoid a memory leak for the variable name in efi_bl_create_block_device().
* Correct the code indentation in efi_uc_stop().
* Correct the description of struct efi_priv.
* Fix typos in code comments.
Other:
* qfw: Add more fields and a heading to qfw list
* Fix the support for ACPI pass-through on ARM and RISC-V:
Avoid zeroing out the XSDT address
* test: provide unit test for 'acpi list' command
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAmkNj/kACgkQxIHbvCwF
# GsS8NQ/6Aj+Z54HJTIEfoXssvElLr5ATactrCxszq42i/yy6dLqa2Ym1afG6w1XS
# 1ZbCeU/bCXFke5Tsz+x89gEfckUm83oTwngwcID0WR1qn8mWjwR7tM5MuORq8NxU
# 7NwLuFs9O/QZihagKdz6hv1/Y+cBwiAYLY16EYVSuUlbLaKQo3QvxwWkqG3jdKWV
# Rm58/PolU+2h04MBwP0SxSduX4OyRF/tMOGjf5RGLyqCyj8kIgdu7PvUAPMM+Gps
# KemL59V0Bdv8hlF4JknmPz+idtZg2nHIDdNrBZvoxwzwGQeRZ1YXAMruRxZXqDYL
# tiuDp6HMv/GfIIGkz14tJtJMdboaAybAnluPWGalx8JQJqJzEPww0R+9s4KKQeWL
# mHgRyl6PxVV9p19f79Qq6q6ETwrFDX0YH3pdrGUk3DBa3lDt0UsEAnuW4FvaJ8tx
# 3PMrjKAxpxocT0hglsMVnptnfvDEigMsjwH/TWrau83mY+juxFQLjm+U4vye+qCa
# 4zXjjLas18+eRcrv2KxU7teakyi1Jp+WbqHq37L26YcQMaLq/RkBc0bTrsreKKLu
# jprYFpvc7EJpH2Fd1XWaZ2EnxXcVSJSvrY/iwRQqb6wbwQ6XGtMvSh3IFY8IzAoh
# N2Pj78oaYqyL1q/TftuZWhEHo3a0M/HfM4D+oMSHzJtWCb0wZHE=
# =OGcS
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 07 Nov 2025 12:21:45 AM CST
# gpg: using RSA key 6DC4F9C71F29A6FA06B76D33C481DBBC2C051AC4
# gpg: Good signature from "Heinrich Schuchardt <[email protected]>" [unknown]
# gpg: aka "[jpeg image of size 1389]" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6DC4 F9C7 1F29 A6FA 06B7 6D33 C481 DBBC 2C05 1AC4
|
|
Signed-off-by: Quentin Schulz <[email protected]>
|
|
%s/mange/manage/
Reviewed-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
blk_create_devicef() uses a copy of parameter name.
We can use a local variable.
Reviewed-by: Bin Meng <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
%s/to be write/to write/
Reviewed-by: Bin Meng <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Correct indentation.
Reviewed-by: Bin Meng <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
The type efi_status_t is not compatible with the return type int.
Let efi_store_memory_map() return -EFAULT instead of a truncated EFI error
code.
Acked-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
The U-Boot project has been assigned the vendor ID 'UBOO' [1]. Use this
vendor ID and our release version in the ACPI table headers.
[1] ACPI ID Registry
https://uefi.org/ACPI_ID_List
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Bin Meng <[email protected]>
|
|
When editing eficonfig "optional data" (typically cmdline arguments)
it's useful to be able to edit the string rather than having to re-type
the entire thing. Implement support for editing buffers to make this a
whole lot nicer. Specifically, add support for moving the cursor with
the arrow keys and End key as well as deleting backwards with the delete
key.
Signed-off-by: Casey Connolly <[email protected]>
Acked-by: Ilias Apalodimas <[email protected]>
Tested-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
We do not yet support UTHREADS in xPL phases. However, we have the need
to dummy out certain functions so that xPL can build when full U-Boot
has UTHREADS enabled. Update the few places that need to use
CONFIG_IS_ENABLED so that we have the correct dummy in xPL.
Signed-off-by: Tom Rini <[email protected]>
Acked-by: Jerome Forissier <[email protected]>
|
|
Add the EFI Debug Image Info Table GUID to the translation table used by
uuid_guid_get_str().
This allows to print a human readable table name with `efidebug tables'
instead of "(unknown)".
Signed-off-by: Vincent Stehlé <[email protected]>
Cc: Tom Rini <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
Use the Debug Image Info Table GUID definition from efi_api.h instead or
redefining it locally.
Signed-off-by: Vincent Stehlé <[email protected]>
Cc: Heinrich Schuchardt <[email protected]>
Cc: Ilias Apalodimas <[email protected]>
Cc: Tom Rini <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
We currently set the firmware image type to ESRT_FW_TYPE_UNKNOWN.
The spec defines the following:
ESRT_FW_TYPE_UNKNOWN 0x00000000
ESRT_FW_TYPE_SYSTEMFIRMWARE 0x00000001
ESRT_FW_TYPE_DEVICEFIRMWARE 0x00000002
ESRT_FW_TYPE_UEFIDRIVER 0x00000003
Since we don't support updating DEVICEFIRMWARE or UEFIDRIVER types,
let's switch over to SYSTEMFIRMWARE which seems more appropriate.
Suggested-by: Michal Simek <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
In function efi_http_service_binding_destroy_child() phandler is created as
as a local variable. If efi_search_protocol() fails, phandler will hold a
random value from the stack. Even it is not zero, we must not use it.
If efi_search_protocol() succeeds, the pointer has already be dereferenced,
so checking against NULL makes not sense here.
If ChildHandle is not a valid UEFI handle, we must return
EFI_INVALID_PARAMETER.
Use a single location for EFI_EXIT().
Addresses-Coverity-ID: CID 531974 (Unchecked return value)
Fixes: 5753dc3f6572 ("efi_loader: Prevent dereference of uninitialised variable")
Reviewed-by: Ilias Apalodimas <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
After the malloc of tmp_files and before its value is recorded an early
exit will need to free tmp_files to prevent leaking that memory.
This issue was found by Smatch.
Signed-off-by: Andrew Goodbody <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
|
|
https://source.denx.de/u-boot/custodians/u-boot-microblaze
AMD/Xilinx/FPGA changes for v2026.01-rc1 v2
zynqmp:
- DT updates
- Enable new commands
mbv:
- Simplify defconfigs
clk:
- Separate legacy handler and use SMC handler
misc:
- Tighten TTC Kconfig dependency
net:
- Add 10GBE support to Gem
pwm:
- cadence-ttc: Fix array sizes
fwu:
- Add platform hook support
spi:
- Remove undocumented cdns,is-dma property
video:
- Fix DPSUB RGB handling
|
|
https://source.denx.de/u-boot/custodians/u-boot-tpm
TPM changes:
Make all drive names defined with U_BOOT_DRIVER unique
TEE changes:
Rework things such that sandbox will also traverse the optee directory
when SANDBOX_TEE is enabled, but only build one of the optee-specific
files when OPTEE is enabled.
EFI changes:
Up to now we were relying on the file extension to accept and load
an image over HTTP. We expected images to be either .iso or .img.
By wiring up internal existing functions we can try to mount any
file extension and reject it only if mounting fails.
part_driver_lookup_type
|
|
Enhances the process for identifying disk images within the EFI boot
manager. Utilize part_driver_lookup_type() to verify the validity of a
downloaded file as a disk image, rather than depending on file
extensions.
part_driver_lookup_type() is now used in the prepare_loaded_image()
function in the EFI boot manager to detect partitions on a block device
created from a downloaded image. This allows the boot manager to boot
from any disk image that can be recognized by a partition driver, not
just ISO and IMG images.
Update prepare_loaded_image() to create the ramdisk block device
internally, obtain the blk_desc and use part_driver_lookup_type() to
detect a valid partition table.
In try_load_from_uri_path(), try prepare_loaded_image() first to detect
disk images, and fall back to PE-COFF detection only if that fails.
Signed-off-by: Javier Tia <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
|
|
We should compile the LZ4_decompress_safe and
LZ4_decompress_safe_partial functions in SPL and they will be discarded
if unused.
Signed-off-by: Tom Rini <[email protected]>
|
|
Add the script name as a prefix to fw_addr and fw_size variables
to make sure they are always unique and won't easily conflict with
user variables.
Signed-off-by: Marek Vasut <[email protected]>
|
|
The script based firmware loader does not use anything from the
fs_loader implementation. Separate it into its own library source
file and convert the mediatek PHY to use this separate code. This
should reduce the amount of code that is pulled in alongside the
firmware loader, as the FS loader is no longer included.
Signed-off-by: Marek Vasut <[email protected]>
|
|
FWU metadata information is unavailable for platform-specific
operations since FWU initialization has not yet occurred.
The initialization function is invoked as part of the main
loop event. To address this, the FWU platform hook function
is introduced during FWU initialization, allowing metadata
processing with platform-specific operations.
Signed-off-by: Padmarao Begari <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Michal Simek <[email protected]>
|
