From 040fad3791fe05b985516a68c9437847173da56a Mon Sep 17 00:00:00 2001 From: Philippe Reynes Date: Tue, 12 Jan 2021 19:18:54 +0100 Subject: lib: rsa: rsa-verify: don't look for keys in the FIT image In the function rsa_verify_hash, if the "main" key doesn't work, u-boot try others keys. But it searches those keys in the FIT image instead of the u-boot device tree. Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- lib/rsa/rsa-verify.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index 0ab0f629d0c..e34d3293d19 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -522,10 +522,10 @@ int rsa_verify_hash(struct image_sign_info *info, return ret; /* No luck, so try each of the keys in turn */ - for (ndepth = 0, noffset = fdt_next_node(info->fit, sig_node, + for (ndepth = 0, noffset = fdt_next_node(blob, sig_node, &ndepth); (noffset >= 0) && (ndepth > 0); - noffset = fdt_next_node(info->fit, noffset, &ndepth)) { + noffset = fdt_next_node(blob, noffset, &ndepth)) { if (ndepth == 1 && noffset != node) { ret = rsa_verify_with_keynode(info, hash, sig, sig_len, -- cgit v1.2.3 From e1d23f569bb3d07611cc5e5ee41b32f553cabb9f Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Wed, 13 Jan 2021 20:29:48 -0700 Subject: fdtdec: Update the missing-devicetree message This includes information about sandbox which is not relevant for most boards. Drop it. Also add the address to help figure out the problem. Signed-off-by: Simon Glass --- lib/fdtdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/fdtdec.c b/lib/fdtdec.c index 0ab7105fef0..54f7a1fe477 100644 --- a/lib/fdtdec.c +++ b/lib/fdtdec.c @@ -600,7 +600,8 @@ int fdtdec_prepare_fdt(void) #ifdef CONFIG_SPL_BUILD puts("Missing DTB\n"); #else - puts("No valid device tree binary found - please append one to U-Boot binary, use u-boot-dtb.bin or define CONFIG_OF_EMBED. For sandbox, use -d \n"); + printf("No valid device tree binary found at %p\n", + gd->fdt_blob); # ifdef DEBUG if (gd->fdt_blob) { printf("fdt_blob=%p\n", gd->fdt_blob); -- cgit v1.2.3 From 0a2aaab0b678fd1778ff2fc59d0770fc82995532 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Wed, 13 Jan 2021 20:29:49 -0700 Subject: fdtdec: Use CONFIG_IS_ENABLED in board_fdt_blob_setup() This setting may be different in SPL and TPL. Update the code to check the correct setting. Signed-off-by: Simon Glass --- lib/fdtdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/fdtdec.c b/lib/fdtdec.c index 54f7a1fe477..a2d2fb4e1fe 100644 --- a/lib/fdtdec.c +++ b/lib/fdtdec.c @@ -1253,7 +1253,7 @@ __weak void *board_fdt_blob_setup(void) void *fdt_blob = NULL; #ifdef CONFIG_SPL_BUILD /* FDT is at end of BSS unless it is in a different memory region */ - if (IS_ENABLED(CONFIG_SPL_SEPARATE_BSS)) + if (CONFIG_IS_ENABLED(SEPARATE_BSS)) fdt_blob = (ulong *)&_image_binary_end; else fdt_blob = (ulong *)&__bss_end; -- cgit v1.2.3 From ac42fe539ca991543c888e261e62b4187ec9bbee Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Wed, 13 Jan 2021 20:29:50 -0700 Subject: display_options: Use USE_TINY_PRINTF for SPL check At present this code uses a simple printf() format if running in SPL. But SPL can use the full printf. Use USE_TINY_PRINTF instead. Signed-off-by: Simon Glass --- lib/display_options.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/display_options.c b/lib/display_options.c index b2025eeb5cf..cd48998b6d4 100644 --- a/lib/display_options.c +++ b/lib/display_options.c @@ -169,11 +169,10 @@ int print_buffer(ulong addr, const void *data, uint width, uint count, x = lb.us[i] = *(volatile uint16_t *)data; else x = lb.uc[i] = *(volatile uint8_t *)data; -#if defined(CONFIG_SPL_BUILD) - printf(" %x", (uint)x); -#else - printf(" %0*lx", width * 2, x); -#endif + if (CONFIG_IS_ENABLED(USE_TINY_PRINTF)) + printf(" %x", (uint)x); + else + printf(" %0*lx", width * 2, x); data += width; } -- cgit v1.2.3 From ec5f101a3794396fed93e480ebcf8d389041b30e Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Wed, 13 Jan 2021 20:29:55 -0700 Subject: crc32: Exclude crc32 from TPL Unfortunately the toolchain often brings in the crc32 table even if the function is not actually used. For now, exclude it from the TPL build, which is very sensitive to size. Signed-off-by: Simon Glass --- lib/Makefile | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/Makefile b/lib/Makefile index 851a80ef3bf..edc1c3dd4f9 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -92,7 +92,9 @@ obj-y += display_options.o CFLAGS_display_options.o := $(if $(BUILD_TAG),-DBUILD_TAG='"$(BUILD_TAG)"') obj-$(CONFIG_BCH) += bch.o obj-$(CONFIG_MMC_SPI) += crc7.o +#ifndef CONFIG_TPL_BUILD obj-y += crc32.o +#endif obj-$(CONFIG_CRC32C) += crc32c.o obj-y += ctype.o obj-y += div64.o -- cgit v1.2.3 From 76b54d8ca159b217be976eef986b76e26409ea4a Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Wed, 13 Jan 2021 20:29:56 -0700 Subject: binman: Move selection of the binman node into a function Move this logic out of the main init function so it is available for other purpose. Use a different error when multiple-images is in use but no subnode is available. This makes it easier to determine what is wrong. Signed-off-by: Simon Glass --- lib/binman.c | 43 +++++++++++++++++++++++++++++++++---------- 1 file changed, 33 insertions(+), 10 deletions(-) (limited to 'lib') diff --git a/lib/binman.c b/lib/binman.c index f027d1b3042..b6d9dff5b7c 100644 --- a/lib/binman.c +++ b/lib/binman.c @@ -30,6 +30,34 @@ struct binman_info { static struct binman_info *binman; +/** + * find_image_node() - Find the top-level binman node + * + * Finds the binman node which can be used to load entries. The correct node + * depends on whether multiple-images is in use. + * + * @nodep: Returns the node found, on success + * @return 0 if OK, , -EINVAL if there is no /binman node, -ECHILD if multiple + * images are being used but the first image is not available + */ +static int find_image_node(ofnode *nodep) +{ + ofnode node; + + node = ofnode_path("/binman"); + if (!ofnode_valid(node)) + return log_msg_ret("binman node", -EINVAL); + if (ofnode_read_bool(node, "multiple-images")) { + node = ofnode_first_subnode(node); + + if (!ofnode_valid(node)) + return log_msg_ret("first image", -ECHILD); + } + *nodep = node; + + return 0; +} + static int binman_entry_find_internal(ofnode node, const char *name, struct binman_entry *entry) { @@ -90,19 +118,14 @@ int binman_get_rom_offset(void) int binman_init(void) { + int ret; + binman = malloc(sizeof(struct binman_info)); if (!binman) return log_msg_ret("space for binman", -ENOMEM); - binman->image = ofnode_path("/binman"); - if (!ofnode_valid(binman->image)) - return log_msg_ret("binman node", -EINVAL); - if (ofnode_read_bool(binman->image, "multiple-images")) { - ofnode node = ofnode_first_subnode(binman->image); - - if (!ofnode_valid(node)) - return log_msg_ret("first image", -ENOENT); - binman->image = node; - } + ret = find_image_node(&binman->image); + if (ret) + return log_msg_ret("node", -ENOENT); binman_set_rom_offset(ROM_OFFSET_NONE); return 0; -- cgit v1.2.3 From 1e35a4d2282329093ae384bfbb8df844e23798c6 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Wed, 13 Jan 2021 20:29:57 -0700 Subject: binman: Allow reading entries from a subnode Some images may have multiple copies of the same thing, e.g. two versions of the read/write U-Boots. It is necessary to read data from one or other of these under selection of the verified-boot logic. Add a function to select the subnode to use. Signed-off-by: Simon Glass --- lib/binman.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'lib') diff --git a/lib/binman.c b/lib/binman.c index b6d9dff5b7c..f415df30545 100644 --- a/lib/binman.c +++ b/lib/binman.c @@ -116,6 +116,24 @@ int binman_get_rom_offset(void) return binman->rom_offset; } +int binman_select_subnode(const char *name) +{ + ofnode node; + int ret; + + ret = find_image_node(&node); + if (ret) + return log_msg_ret("main", -ENOENT); + node = ofnode_find_subnode(node, name); + if (!ofnode_valid(node)) + return log_msg_ret("node", -ENOENT); + binman->image = node; + log_debug("binman: Selected image subnode '%s'\n", + ofnode_get_name(binman->image)); + + return 0; +} + int binman_init(void) { int ret; -- cgit v1.2.3