Tom Rini [Sat, 15 Aug 2020 13:01:01 +0000 (09:01 -0400)]
Merge tag 'efi-2020-10-rc3-2' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-10-rc3 (2)
This series includes bug fixes for:
* UEFI secure boot - images with multiple signatures
* UEFI secure boot - support for intermediate certificates
* corrections for UEFI unit tests
* missing loadaddr on MAIX board
Michal Simek [Thu, 13 Aug 2020 08:12:21 +0000 (10:12 +0200)]
cmd: demo: Remove duplicated help message for list subcommand
There is no need to show demo list description twice when help demo is
performed. The patch removes duplicated entry.
Current state:
=> help demo
demo - Driver model (dm) demo operations
Usage:
demo list List available demo devices
demo hello <num> [<char>] Say hello
demo light [<num>] Set or get the lights
demo status <num> Get demo device status
demo list List available demo devices
Fixes: a02af4aeece4 ("dm: demo: Add a simple GPIO demonstration") Signed-off-by: Michal Simek <michal.simek@xilinx.com> Reviewed-by: Simon Glass <sjg@chromium.org>
xen: pvblock: Read XenStore configuration and initialize
Read essential virtual block device configuration data from XenStore,
initialize front ring and event channel.
Update block device description with actual block size.
xen: pvblock: Add initial support for para-virtualized block driver
Add initial infrastructure for Xen para-virtualized block device.
This includes compile-time configuration and the skeleton for
the future driver implementation.
Add new class UCLASS_PVBLOCK which is going to be a parent for
virtual block devices.
Add new interface type IF_TYPE_PVBLOCK.
Implement basic driver setup by reading XenStore configuration.
Add wait_event_timeout - sleep until a condition gets true or a
timeout elapses.
This is a stripped version of the same from Linux kernel with the
following u-boot specific modifications:
- no wait queues supported
- use u-boot timer to detect timeouts
- check for Ctrl-C pressed during wait
Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com> Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
[trini: Drop atomic_read from gadget/ether.c as this has existed for a
while and now causes problems] Signed-off-by: Tom Rini <trini@konsulko.com>
xen: Port Xen hypervisor related code from mini-os
Port hypervisor related code from Mini-OS. This is referencing the code
of Mini-OS from [1] by Huang Shijie and Volodymyr Babchuk which is for
ARM64.
Update essential arch code to support required bit operations, memory
barriers etc.
Copyright for the bits ported belong to at least the following authors,
please see related files for details:
Copyright (c) 2002-2003, K A Fraser
Copyright (c) 2005, Grzegorz Milos, gm281@cam.ac.uk,Intel Research Cambridge
Copyright (c) 2014, Karim Allah Ahmed <karim.allah.ahmed@gmail.com>
[1] - https://github.com/zyzii/mini-os.git
Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com> Signed-off-by: Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>
[trini: Drop wmb() from musb-net/linux-compat.h now] Signed-off-by: Tom Rini <trini@konsulko.com>
Andrii Anisov [Thu, 6 Aug 2020 09:42:47 +0000 (12:42 +0300)]
board: Introduce xenguest_arm64 board
Introduce a minimal Xen guest board running as a virtual
machine under Xen Project's hypervisor [1], [2].
Part of the code is ported from Xen mini-os and also uses
work initially done by different authors from NXP: please see
relevant files for their copyrights.
Add essential and required Xen interface headers only taken from
the stable Linux kernel stable/linux-5.7.y at commit 66dfe4522160 Linux 5.7.5.
These are better suited for U-boot than the original headers
from Xen as they are the stripped versions of the same.
At the same time use public protocols from Xen RELEASE-4.13.1, at
commit 6278553325a9 update Xen version to 4.13.1
as those have more comments in them.
Chia-Wei, Wang [Mon, 3 Aug 2020 09:36:10 +0000 (17:36 +0800)]
configs: evb-ast2500: Convert to OF_SEPARATE
Switch DTB provider form OF_EMBED to OF_SEPARATE
to avoid the compile warning message:
==================== WARNING ======================
CONFIG_OF_EMBED is enabled. This option should only
be used for debugging purposes. Please use
CONFIG_OF_SEPARATE for boards in mainline.
See doc/README.fdt-control for more info.
====================================================
Signed-off-by: Chia-Wei, Wang <chiawei_wang@aspeedtech.com>
The hardcoded platform variables such as DRAM base address are not
common to Aspeed SoCs AST24xx/AST25xx/AST26xx. This patch replaces
those hardcoded with macros defined in a newly added header, where
the basic SoC HW information are assigned accordingly.
Signed-off-by: Chia-Wei, Wang <chiawei_wang@aspeedtech.com>
Chia-Wei, Wang [Mon, 3 Aug 2020 09:36:06 +0000 (17:36 +0800)]
aspeed: ast2500: Add lowlevel_init assembly
The original lowlevel_init function of AST2500 is written
in C. However, the C runtime environment is not ready until
_main execution.
This patch adds the assembly version of the lowlevel_init
function. Additional initialization to DRAM configuration
and LPC reset source are also added.
Signed-off-by: Chia-Wei, Wang <chiawei_wang@aspeedtech.com>
- Fix HiFive Unleashed the broken problem by call fix_fdt() before
reserve_fdt(). Please refer to
https://www.mail-archive.com/u-boot@lists.denx.de/msg379444.html for
master u-boot broken for HiFive Unleashed.
- Add unaligned exception cmd.
- Refine sifive/fu540 spl flow.
- Add additional crash information for efi.
- Update sipeed/maix doc.
- Two minor refine.
AKASHI Takahiro [Fri, 14 Aug 2020 05:39:24 +0000 (14:39 +0900)]
test/py: efi_secboot: modify 'multiple signatures' test case
The test case 5 in test_signed (multiple signatures) must be modified
and aligned with the change introduced in the previous commit
("efi_loader: signature: correct a behavior against multiple signatures").
AKASHI Takahiro [Fri, 14 Aug 2020 05:39:23 +0000 (14:39 +0900)]
efi_loader: signature: correct a behavior against multiple signatures
Under the current implementation, all the signatures, if any, in
a signed image must be verified before loading it.
Meanwhile, UEFI specification v2.8b section 32.5.3.3 says,
Multiple signatures are allowed to exist in the binary’s certificate
table (as per PE/COFF Section “Attribute Certificate Table”). Only
one hash or signature is required to be present in db in order to pass
validation, so long as neither the SHA-256 hash of the binary nor any
present signature is reflected in dbx.
This patch makes the semantics of signature verification compliant with
the specification mentioned above.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Pragnesh Patel [Thu, 13 Aug 2020 04:42:26 +0000 (10:12 +0530)]
common/board_f: make sure to call fix_fdt() before reserve_fdt()
There may be a chance that board specific fix_fdt() will change the
size of FDT blob so it's safe to call reserve_fdt() after fix_fdt()
otherwise global data (gd) will overwrite with FDT blob values.
Fixes: a8492e25ac71 ("riscv: Expand the DT size before copy reserved memory node") Signed-off-by: Pragnesh Patel <pragnesh.patel@sifive.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Rick Chen <rick@andestech.com> Reviewed-by: Atish Patra <atish.patra@wdc.com>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Sean Anderson <seanga2@gmail.com> Tested-by: Sean Anderson <seanga2@gmail.com> Reviewed-by: Bin Meng <bin.meng@windriver.com> Reviewed-by: Rick Chen <rick@andestech.com>
Bin Meng [Mon, 3 Aug 2020 06:09:05 +0000 (23:09 -0700)]
riscv: sifive/fu540: Drop NET_RANDOM_ETHADDR
This option was enabled during the earlier U-Boot porting time. Now
we already have the OTP driver in place and the unique MAC address
is read from the OTP, there is no need to turn on this option.
Signed-off-by: Bin Meng <bin.meng@windriver.com> Reviewed-by: Leo Liang <ycliang@andestech.com> Reviewed-by: Rick Chen <rick@andestech.com> Reviewed-by: Pragnesh Patel <pragnesh.patel@sifive.com> Tested-by: Pragnesh Patel <pragnesh.patel@sifive.com>
AKASHI Takahiro [Thu, 13 Aug 2020 08:05:29 +0000 (17:05 +0900)]
efi_loader: variable: fix secure state initialization
Under the new file-based variable implementation, the secure state
is always and falsely set to 0 (hence, the secure boot gets disabled)
after the reboot even if PK (and other signature database) has already
been enrolled in the previous boot.
This is because the secure state is set up *before* loading non-volatile
variables' values from saved data.
This patch fixes the order of variable initialization and secure state
initialization.
test/py: efi_secboot: add test for intermediate certificates
In this test case, an image may have a signature with additional
intermediate certificates. A chain of trust will be followed and all
the certificates in the middle of chain must be verified before loading.
efi_loader: signature: rework for intermediate certificates support
In this commit, efi_signature_verify(with_sigdb) will be re-implemented
using pcks7_verify_one() in order to support certificates chain, where
the signer's certificate will be signed by an intermediate CA (certificate
authority) and the latter's certificate will also be signed by another CA
and so on.
What we need to do here is to search for certificates in a signature,
build up a chain of certificates and verify one by one. pkcs7_verify_one()
handles most of these steps except the last one.
pkcs7_verify_one() returns, if succeeded, the last certificate to verify,
which can be either a self-signed one or one that should be signed by one
of certificates in "db". Re-worked efi_signature_verify() will take care
of this step.
AKASHI Takahiro [Wed, 12 Aug 2020 00:37:50 +0000 (09:37 +0900)]
efi_loader: variable: keep temporary buffer during the authentication
This is a bug fix; Setting an authenticated variable may fail due to
a memory corruption in the authentication.
A temporary buffer will, if needed, be allocated to parse a variable's
authentication data, and some portion of buffer, specifically signer's
certificates, will be referenced by efi_signature_verify().
So the buffer should be kept valid until the authentication process
is finished.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tom Rini [Thu, 13 Aug 2020 12:11:27 +0000 (08:11 -0400)]
Merge tag 'u-boot-stm32-20200813' of https://gitlab.denx.de/u-boot/custodians/u-boot-stm
- Use IS_ENABLED to prevent ifdef in board_key_check for STM32MP
- Add STM32 FMC2 EBI controller driver
- Fix dwc3-sti-glue which allows STiH410-B2260 to boot again
- Add fitImage its entry for 587-200 DHCOR SoM
- Add both PDK2 and DRC02 DT into DHCOM fitImage its
- Fix DHCOM KS8851 ethernet MAC address
- Remove stm32mp1 board.c file
- Use const for struct node_info in board stm32mp1.c file
Patrick Delaunay [Thu, 30 Jul 2020 11:57:34 +0000 (13:57 +0200)]
board: stm32mp1: remove board.c
Remove the file board/st/stm32mp1/board.c which is not more
compiled since commit 156732cc8939 ("board: stm32mp1: move the
function board_debug_uart_init in spl.c")
Fixes: 4fb46816c7e2 ("board: stm32mp1: move the function board_debug_uart_init in spl.c") Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Marek Vasut [Thu, 30 Jul 2020 23:34:50 +0000 (01:34 +0200)]
ARM: dts: stm32: Update eth1addr from EEPROM if eth1 present
The STM32MP1 DHCOM has two ethernet interfaces, the on-SoM DWMAC and KS8851.
Set eth1addr for the KS8851 to a MAC address of the DWMAC incremented by 1.
The MAC of the DWMAC is set from on-SoM EEPROM already, but the MAC address
of KS8851 was left uninitialized, so fix this.
Signed-off-by: Marek Vasut <marex@denx.de> Cc: Patrice Chotard <patrice.chotard@st.com> Cc: Patrick Delaunay <patrick.delaunay@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Marek Vasut [Thu, 30 Jul 2020 23:35:33 +0000 (01:35 +0200)]
ARM: stm32: Add both PDK2 and DRC02 DT into DHCOM fitImage its
Include both PDK2 and DRC02 DTs in the DHCOM fitImage .its and implement
support in SPL to select the correct configuration entry for U-Boot by
using the machine compatible string from SPL DT.
Signed-off-by: Marek Vasut <marex@denx.de> Cc: Patrice Chotard <patrice.chotard@st.com> Cc: Patrick Delaunay <patrick.delaunay@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
mtd: rawnand: stm32_fmc2: get resources from parent node
FMC2 EBI support has been added. Common resources (registers base
address and clock) can now be shared between the 2 drivers using
"st,stm32mp1-fmc2-nfc" compatible string. It means that the
common resources should now be found in the parent device when EBI
node is available.
mtd: rawnand: stm32_fmc2: cosmetic change to use nfc instead of fmc2 where relevant
This patch renames functions and local variables.
This cleanup is done to get all functions starting by stm32_fmc2_nfc
in the FMC2 raw NAND driver when all functions will start by
stm32_fmc2_ebi in the FMC2 EBI driver.
mtd: rawnand: stm32_fmc2: use FMC2_TIMEOUT_5S for timeouts
FMC2_TIMEOUT_5S will be used each time that we need to wait.
It was seen, during stress tests in an overloaded system,
that we could be close to 1 second, even if we never met this
value. To be safe, FMC2_TIMEOUT_MS is set to 5 seconds.
node varaible is used as iterator into ofnode_for_each_subnode()
loop, when exiting of it, node is no more a valid ofnode.
Use dwc3_node instead as parameter of ofnode_valid()
Fixes: ac28e59a574d ("usb: Migrate to support live DT for some driver") Signed-off-by: Patrice Chotard <patrice.chotard@st.com> Cc: Kever Yang <kever.yang@rock-chips.com>
Tom Rini [Wed, 12 Aug 2020 03:03:46 +0000 (23:03 -0400)]
Merge tag 'ti-v2020.10-rc3' of https://gitlab.denx.de/u-boot/custodians/u-boot-ti
- Added support for J7200 evm
- DM_ETH and DM_USB migrations for omap3
- USB DFU and mass storage support for AM65x evm
- RTI watchdog support for K3 devices
- Fix an issue with L3 cache on K3 devices