Sughosh Ganu [Tue, 15 Oct 2024 15:37:14 +0000 (21:07 +0530)]
efi_memory: do not add RAM memory to the memory map
The EFI_CONVENTIONAL_MEMORY type, which is the usable RAM memory is
now being managed by the LMB module. Remove the addition of this
memory type to the EFI memory map. This memory now gets added to the
EFI memory map as part of the LMB memory map update event handler.
Sughosh Ganu [Tue, 15 Oct 2024 15:37:13 +0000 (21:07 +0530)]
x86: e820: use the lmb API for adding RAM memory
The EFI_CONVENTIONAL_MEMORY type is now being managed through the LMB
module. Add a separate function, lmb_arch_add_memory() to add the RAM
memory to the LMB memory map. The efi_add_known_memory() function is
now used for adding any other memory type to the EFI memory map.
Sughosh Ganu [Tue, 15 Oct 2024 15:37:12 +0000 (21:07 +0530)]
layerscape: use the lmb API's to add RAM memory
The EFI memory allocations are now being done through the LMB module,
and hence the memory map is maintained by the LMB module. Use the
lmb_arch_add_memory() API function to add the usable RAM memory to the
LMB's memory map.
Sughosh Ganu [Tue, 15 Oct 2024 15:37:11 +0000 (21:07 +0530)]
lmb: allow for boards to specify memory map
Some architectures have special or unique aspects which need
consideration when adding memory ranges to the list of available
memory map. Enable this config in such scenarios which allow
architectures and boards to define their own memory map.
Sughosh Ganu [Tue, 15 Oct 2024 15:37:10 +0000 (21:07 +0530)]
stm32mp: remove efi_add_known_memory() function definition
The efi_add_known_memory() function for the stm32mp platforms is adding
the EFI_CONVENTIONAL_MEMORY type. This memory is now being handled
through the LMB module -- the lmb_add_memory() adds this memory to the
memory map. Remove the definition of the now superfluous
efi_add_known_memory() function.
Sughosh Ganu [Tue, 15 Oct 2024 15:37:09 +0000 (21:07 +0530)]
ti: k3: remove efi_add_known_memory() function definition
The efi_add_known_memory() function for the TI K3 platforms is adding
the EFI_CONVENTIONAL_MEMORY type. This memory is now being handled
through the LMB module -- the lmb_add_memory() adds this memory to the
memory map. Remove the definition of the now superfluous
efi_add_known_memory() function.
Sughosh Ganu [Tue, 15 Oct 2024 15:37:08 +0000 (21:07 +0530)]
efi_memory: do not add U-Boot memory to the memory map
The memory region occupied by U-Boot is reserved by LMB, and gets
added to the EFI memory map through a call from the LMB module. Remove
this superfluous addition to the EFI memory map.
Sughosh Ganu [Tue, 15 Oct 2024 15:37:07 +0000 (21:07 +0530)]
lmb: notify of any changes to the LMB memory map
In U-Boot, LMB and EFI are two primary modules who provide memory
allocation and reservation API's. Both these modules operate with the
same regions of memory for allocations. Use the LMB memory map update
event to notify other interested listeners about a change in it's
memory map. This can then be used by the other module to keep track of
available and used memory.
There is no need to send these notifications when the LMB module is
being unit-tested. Add a flag to the lmb structure to indicate if the
memory map is being used for tests, and suppress sending any
notifications when running these unit tests.
Sughosh Ganu [Tue, 15 Oct 2024 15:37:06 +0000 (21:07 +0530)]
efi: memory: use the lmb API's for allocating and freeing memory
Use the LMB API's for allocating and freeing up memory. With this, the
LMB module becomes the common backend for managing non U-Boot image
memory that might be requested by other modules.
Sughosh Ganu [Tue, 15 Oct 2024 15:37:05 +0000 (21:07 +0530)]
lmb: add and reserve memory above ram_top
U-Boot does not use memory above ram_top. However, this memory does
need to get registered as part of the memory map, so that subsystems
like EFI pass it on to the operating system as part of the EFI memory
map. Add memory above ram_top and reserve it with the LMB_NOOVERWRITE
flag so that it does not get allocated or re-used.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Suggested-by: Mark Kettenis <kettenis@openbsd.org>
Sughosh Ganu [Tue, 15 Oct 2024 15:37:04 +0000 (21:07 +0530)]
lmb: add a flag to allow suppressing memory map change notification
Add a flag LMB_NONOTIFY that can be passed to the LMB API's for
reserving memory. This will then result in no notification being sent
from the LMB module for the changes to the LMB's memory map.
While here, also add a description of the memory attributes that the
flags signify.
Sughosh Ganu [Tue, 15 Oct 2024 15:37:03 +0000 (21:07 +0530)]
lmb: add versions of the lmb API with flags
The LMB module is to be used as a backend for allocating and freeing
up memory requested from other modules like EFI. These memory requests
are different from the typical LMB reservations in that memory
required by the EFI module cannot be overwritten, or re-requested. Add
versions of the LMB API functions with flags for allocating and
freeing up memory. The caller can then use these API's for specifying
the type of memory that is required. For now, these functions will be
used by the EFI memory module.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
Andrew Goodbody [Tue, 8 Oct 2024 12:08:13 +0000 (13:08 +0100)]
test: Fix skip check for sleep command test
When the config option CMD_MISC was renamed to CMD_SLEEP the check
in the test for the sleep command was not updated. Do that now.
Fixes: 16060854095 ("cmd: Rename CMD_MISC to CMD_SLEEP") Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
Tom Rini [Tue, 15 Oct 2024 18:28:26 +0000 (12:28 -0600)]
CI: Do not test "sleep" in QEMU
When we have platforms being emulated by QEMU we cannot rely on the
"sleep" command running for the expected wall-clock amount of time. Even
with our current allowance for deviation from expected time, it will
still fail from time to time. Exclude the sleep test here.
Jonas Karlman [Tue, 8 Oct 2024 19:18:31 +0000 (19:18 +0000)]
Revert "mmc: dw_mmc: Extract FIFO data transfer into a separate routine"
The commit 0252924ac6d4 ("mmc: dw_mmc: Extract FIFO data transfer into a
separate routine") unintentionally changed behavior of the FIFO data
transfer routine.
When data is read and size reaches 0 the original loop would wait on
DWMCI_INTMSK_DTO or timeout. The remaining size to read and buf position
is no longer tracked across dwmci_data_transfer_fifo() calls and because
of this an extra call to fifo() and dwmci_fifo_ready() may now trigger a
FIFO underflow timeout error and slows down FIFO reading.
Fixes: 0252924ac6d4 ("mmc: dw_mmc: Extract FIFO data transfer into a separate routine") Signed-off-by: Jonas Karlman <jonas@kwiboo.se> Tested-by: Quentin Schulz <quentin.schulz@cherry.de> # RK3588 Tiger Reviewed-by: Simon Glass <sjg@chromium.org>
Tom Rini [Tue, 15 Oct 2024 15:31:50 +0000 (09:31 -0600)]
Merge patch series "test: Minor fixes to test.py"
Simon Glass <sjg@chromium.org> says:
This series collects together the patches from the Labgrid series which
are not related to Labgrid, or at least can be applied independently of
using Labgrid to run the lab.
Tom Rini [Tue, 15 Oct 2024 15:18:04 +0000 (09:18 -0600)]
Merge patch series to add a "fallback" keyword to extlinux.conf parsing
This series from Martyn Welch <martyn.welch@collabora.com> adds the
ability to have a "fallback" option in extlinux.conf parsing, which can
be in turn used in A/B style update mechanisms.
Martyn Welch [Wed, 9 Oct 2024 13:15:40 +0000 (14:15 +0100)]
bootstd: Add command to enable setting of bootmeth specific properties
We have previously added logic to allow a "fallback" option to be
specified in the extlinux configuration. Provide a command that allows
us to set this as the preferred default option when booting.
Combined with the bootcount functionality, this allows the "altbootcmd"
to provide a means of falling back to a previously known good state
after a failed update. For example, if "bootcmd" is set to:
bootflow scan -lb
We would set "altbootcmd" to:
bootmeth set extlinux fallback 1; bootflow scan -lb
Causing the boot process to boot from the fallback option.
Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Martyn Welch <martyn.welch@collabora.com>
Martyn Welch [Wed, 9 Oct 2024 13:15:39 +0000 (14:15 +0100)]
boot: Add logic to enable booting from fallback option
The "fallback" extlinux config option allows us to set an alternative
default boot option for when it has been detected that the default is
failing. Implement the logic required to boot from this option when
desired.
Signed-off-by: Martyn Welch <martyn.welch@collabora.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 10 Oct 2024 00:29:03 +0000 (18:29 -0600)]
test: Detect dead connections
When the connection to a board dies, assume it is dead forever until
some user action is taken. Skip all remaining tests. This avoids CI
runs taking an hour, with hundreds of 30-second timeouts all to no
avail.
Martyn Welch [Wed, 9 Oct 2024 13:15:38 +0000 (14:15 +0100)]
boot: pxe_utils: Add fallback support
When configured correctly, we can detect when boot fails after the boot
process has been handed over to the kernel through the use of U-Boot's
bootcount support. In some instances, such as when we are performing
atomic updates via a system such as OSTree, it is desirable to provide a
fallback option so that we can return to a previous (hopefully working)
state.
Add a "fallback" option to the supported extlinux configuration options
that points to a label like "default" so that we can utilise this in
later commits.
Signed-off-by: Martyn Welch <martyn.welch@collabora.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Simon Glass [Thu, 10 Oct 2024 00:29:02 +0000 (18:29 -0600)]
test: Separate out the exception handling
The tests currently catch a very broad Exception in each case. This is
thrown even in the event of a coding error.
We want to handle exceptions differently depending on their severity,
so that we can avoid hour-long delays waiting for a board that is
clearly broken.
As a first step, create some new exception types, separating out those
which are simply an unexpected result from executed a command, from
those which indicate some kind of hardware failure.
Simon Glass [Thu, 10 Oct 2024 00:28:59 +0000 (18:28 -0600)]
test: Avoid failing skipped tests
When a test returns -EAGAIN this should not be considered a failure.
Fix what seems to be a problem case, where the pytests see a failure
when a test has merely been skipped.
We cannot squash the -EAGAIN error in ut_run_test() since the failure
count is incremented by its caller, ut_run_test_live_flat()
The specific example here is on snow, where a test is compiled into the
image but cannot run, so returns -EAGAIN to skip:
Changes in v2:
- Fix an issue in setting macronix_octal_fixups
- Rework fixup hooks
Takahiro Kuwano (6):
mtd: ubi: Do not zero out EC and VID on ECC-ed NOR flashes
mtd: spi-nor: Allow flashes to specify MTD writesize
mtd: spi-nor: Check nor->info before setting macronix_octal_fixups
mtd: spi-nor: Replace default_init() hook with late_init()
mtd: spi-nor: Call spi_nor_post_sfdp_fixups() only after
spi_nor_parse_sfdp()
mtd: spi-nor: Set ECC unit size to MTD writesize in Infineon SEMPER
flashes
Takahiro Kuwano [Tue, 15 Oct 2024 04:08:36 +0000 (13:08 +0900)]
mtd: spi-nor: Set ECC unit size to MTD writesize in Infineon SEMPER flashes
The Infineon SEMPER NOR flash family uses 2-bit ECC by default with each
ECC block being 16 bytes. Under this scheme multi-pass programming to an
ECC block is not allowed. Set the writesize to make sure multi-pass
programming is not attempted on the flash.
Takahiro Kuwano [Tue, 15 Oct 2024 04:08:35 +0000 (13:08 +0900)]
mtd: spi-nor: Call spi_nor_post_sfdp_fixups() only after spi_nor_parse_sfdp()
This patch follows the upstream linux commit: 5273cc6df984("mtd: spi-nor: core: Call spi_nor_post_sfdp_fixups() only
when SFDP is defined")
spi_nor_post_sfdp_fixups() was called regardless of if
spi_nor_parse_sfdp() had been called or not. late_init() should be
instead used to initialize the parameters that are not defined in SFDP.
Ideally spi_nor_post_sfdp_fixups() is called only after successful parse
of SFDP. However, in case SFDP support is disabled by .config, that can
break current functionality. Therefore, we would call it after
spi_nor_parse_sfdp() regardless of its return value.
Takahiro Kuwano [Tue, 15 Oct 2024 04:08:34 +0000 (13:08 +0900)]
mtd: spi-nor: Replace default_init() hook with late_init()
default_init() is wrong, it contributes to the maze of initializing
flash parameters. We'd like to get rid of it because the flash
parameters that it initializes are not really used at SFDP parsing time,
thus they can be initialized later.
Ideally we want SFDP to initialize all the flash parameters. If (when)
SFDP tables are wrong, we fix them with the post_sfdp/bfpt hooks, to
emphasize that SFDP is indeed wrong. When there are parameters that are
not covered by SFDP, we initialize them in late_init() - these
parameters have nothing to do with SFDP and they are not needed earlier.
With this we'll have a clearer view of who initializes what.
There are six default_init() hooks implemented just for initializing
octal_dtr_enable() and/or setup() hooks that called later on.
Just moving those to late_init() does not change functionality.
Takahiro Kuwano [Tue, 15 Oct 2024 04:08:32 +0000 (13:08 +0900)]
mtd: spi-nor: Allow flashes to specify MTD writesize
Some flashes like the Infineon SEMPER NOR flash family use ECC. Under
this ECC scheme, multi-pass writes to an ECC block is not allowed.
In other words, once data is programmed to an ECC block, it can't be
programmed again without erasing it first.
Upper layers like file systems need to be given this information so they
do not cause error conditions on the flash by attempting multi-pass
programming. This can be done by setting 'writesize' in 'struct
mtd_info'.
Set the default to 1 but allow flashes to modify it in fixup hooks. If
more flashes show up with this constraint in the future it might be
worth it to add it to 'struct flash_info', but for now increasing its
size is not worth it.
This patch replicates the following upstream linux commit: afd473e85827 ("mtd: spi-nor: core: Allow flashes to specify MTD writesize")
Takahiro Kuwano [Tue, 15 Oct 2024 04:08:31 +0000 (13:08 +0900)]
mtd: ubi: Do not zero out EC and VID on ECC-ed NOR flashes
For NOR flashes EC and VID are zeroed out before an erase is issued to
make sure UBI does not mistakenly treat the PEB as used and associate it
with an LEB.
But on some flashes, like the Infineon Semper NOR flash family,
multi-pass page programming is not allowed on the default ECC scheme.
This means zeroing out these magic numbers will result in the flash
throwing a page programming error.
Do not zero out EC and VID for such flashes. A writesize > 1 is an
indication of an ECC-ed flash.
This patch replicates the following upstream linux commit: f669e74be820 ("ubi: Do not zero out EC and VID on ECC-ed NOR flashes")
Neil Armstrong [Fri, 11 Oct 2024 14:38:26 +0000 (16:38 +0200)]
usb: dwc3: invalidate dcache on buffer used in interrupt handling
On Qualcomm systems, the setup buffer and even buffers are in
a bad state at interrupt handling, so invalidate the dcache lines
for the setup_buf and event buffer to make sure we read correct
data written by the hardware.
This fixes the following error:
dwc3-generic-peripheral usb@a600000: UNKNOWN IRQ type -1
dwc3-generic-peripheral usb@a600000: UNKNOWN IRQ type 4673109
and invalid situation in dwc3_gadget_giveback() because setup_buf content
is read at 0s and leads to fatal crash fixed by [1].
Neil Armstrong [Fri, 11 Oct 2024 14:38:25 +0000 (16:38 +0200)]
usb: dwc3: fix dcache flush range calculation
The current flush operation will omit doing a flush/invalidate on
the first and last bytes if the base address and size are not aligned
with CACHELINE_SIZE.
This causes operation failures Qualcomm platforms.
Take in account the alignment and size of the buffer and also
flush the previous and last cacheline.
Neil Armstrong [Fri, 11 Oct 2024 14:38:24 +0000 (16:38 +0200)]
usb: dwc3: allocate setup_buf with dma_alloc_coherent()
Since setup_buf is also consumed by hardware DMA, aligns it's
allocation like other hardware buffers by introduce setup_buf_addr
populated by dma_alloc_coherent(), and use it to pass the physical
address of the buffer to the hardware.
Marek Vasut [Fri, 4 Oct 2024 00:10:42 +0000 (02:10 +0200)]
dts: Deduplicate dtbs target
The dtbs: target is almost identical in all architecture Makefiles.
All architecture Makefiles include scripts/Makefile.dts . Deduplicate
the dtbs: target into scripts/Makefile.dts . No functional change.
Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Marek Vasut <marex@denx.de> Reviewed-by: Simon Glass <sjg@chromium.org> Tested-by: Caleb Connolly <caleb.connolly@linaro.org> #qcom, OF_UPSTREAM
Tom Rini [Mon, 14 Oct 2024 19:34:06 +0000 (13:34 -0600)]
Merge patch series "Integrate MbedTLS v3.6 LTS with U-Boot"
Raymond Mao <raymond.mao@linaro.org> says:
Integrate MbedTLS v3.6 LTS (currently v3.6.0) with U-Boot.
Motivations:
------------
1. MbedTLS is well maintained with LTS versions.
2. LWIP is integrated with MbedTLS and easily to enable HTTPS.
3. MbedTLS recently switched license back to GPLv2.
Prerequisite:
-------------
This patch series requires mbedtls git repo to be added as a
subtree to the main U-Boot repo via:
$ git subtree add --prefix lib/mbedtls/external/mbedtls \
https://github.com/Mbed-TLS/mbedtls.git \
v3.6.0 --squash
Moreover, due to the Windows-style files from mbedtls git repo,
we need to convert the CRLF endings to LF and do a commit manually:
$ git add --renormalize .
$ git commit
New Kconfig options:
--------------------
`MBEDTLS_LIB` is for MbedTLS general switch.
`MBEDTLS_LIB_CRYPTO` is for replacing original digest and crypto libs with
MbedTLS.
`MBEDTLS_LIB_CRYPTO_ALT` is for using original U-Boot crypto libs as
MbedTLS crypto alternatives.
`MBEDTLS_LIB_X509` is for replacing original X509, PKCS7, MSCode, ASN1,
and Pubkey parser with MbedTLS.
By default `MBEDTLS_LIB_CRYPTO_ALT` and `MBEDTLS_LIB_X509` are selected
when `MBEDTLS_LIB` is enabled.
`LEGACY_CRYPTO` is introduced as a main switch for legacy crypto library.
`LEGACY_CRYPTO_BASIC` is for the basic crypto functionalities and
`LEGACY_CRYPTO_CERT` is for the certificate related functionalities.
For each of the algorithm, a pair of `<alg>_LEGACY` and `<alg>_MBEDTLS`
Kconfig options are introduced. Meanwhile, `SPL_` Kconfig options are
introduced.
In this patch set, MBEDTLS_LIB, MBEDTLS_LIB_CRYPTO and MBEDTLS_LIB_X509
are by default enabled in qemu_arm64_defconfig and sandbox_defconfig
for testing purpose.
Patches for external MbedTLS project:
-------------------------------------
Since U-Boot uses Microsoft Authentication Code to verify PE/COFFs
executables which is not supported by MbedTLS at the moment,
addtional patches for MbedTLS are created to adapt with the EFI loader:
1. Decoding of Microsoft Authentication Code.
2. Decoding of PKCS#9 Authenticate Attributes.
3. Extending MbedTLS PKCS#7 lib to support multiple signer's certificates.
4. MbedTLS native test suites for PKCS#7 signer's info.
All above 4 patches (tagged with `mbedtls/external`) are submitted to
MbedTLS project and being reviewed, eventually they should be part of
MbedTLS LTS release.
But before that, please merge them into U-Boot, otherwise the building
will be broken when MBEDTLS_LIB_X509 is enabled.
See below PR link for the reference:
https://github.com/Mbed-TLS/mbedtls/pull/9001
Miscellaneous:
--------------
Optimized MbedTLS library size by tailoring the config file
and disabling all unnecessary features for EFI loader.
From v2, original libs (rsa, asn1_decoder, rsa_helper, md5, sha1, sha256,
sha512) are completely replaced when MbedTLS is enabled.
From v3, the size-growth is slightly reduced by refactoring Hash functions.
From v6, smaller implementations for SHA256 and SHA512 are enabled and
target size reduce significantly.
Target(QEMU arm64) size-growth when enabling MbedTLS:
v1: 6.03%
v2: 4.66%
v3 - v5: 4.55%
v6: 2.90%
Tests done:
-----------
EFI Secure Boot test (EFI variables loading and verifying, EFI signed image
verifying and booting) via U-Boot console.
EFI Secure Boot and Capsule sandbox test passed.
Raymond Mao [Thu, 3 Oct 2024 21:50:38 +0000 (14:50 -0700)]
asn1_decoder: add build options for ASN1 decoder
When building with MbedTLS, we are using MbedTLS to decode ASN1 data
for x509, pkcs7 and mscode.
Introduce _LEGACY and _MBEDTLS kconfigs for ASN1 decoder legacy and
MbedTLS implementations respectively.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Raymond Mao [Thu, 3 Oct 2024 21:50:36 +0000 (14:50 -0700)]
mbedtls: add RSA helper layer on MbedTLS
Add RSA helper layer on top on MbedTLS PK and RSA library.
Introduce _LEGACY and _MBEDTLS kconfigs for RSA helper legacy and
MbedTLS implementations respectively.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Raymond Mao [Thu, 3 Oct 2024 21:50:35 +0000 (14:50 -0700)]
lib/crypto: Adapt mscode_parser to MbedTLS
Previous patch has introduced MbedTLS porting layer for mscode parser,
here to adjust the header and makefiles accordingly.
Adding _LEGACY Kconfig for legacy mscode implementation.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Raymond Mao [Thu, 3 Oct 2024 21:50:32 +0000 (14:50 -0700)]
mbedtls: add PKCS7 parser porting layer
Add porting layer for PKCS7 parser on top of MbedTLS PKCS7 library.
Introduce _LEGACY and _MBEDTLS kconfigs for PKCS7 parser legacy and
MbedTLS implementations respectively.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Raymond Mao [Thu, 3 Oct 2024 21:50:30 +0000 (14:50 -0700)]
mbedtls: add X509 cert parser porting layer
Add porting layer for X509 cert parser on top of MbedTLS X509
library.
Introduce _LEGACY and _MBEDTLS kconfigs for X509 cert parser legacy
and MbedTLS implementations respectively.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Raymond Mao [Thu, 3 Oct 2024 21:50:28 +0000 (14:50 -0700)]
mbedtls: add public key porting layer
Add porting layer for public key on top of MbedTLS X509 library.
Introduce _LEGACY and _MBEDTLS kconfigs for public key legacy and
MbedTLS implementations respectively.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Raymond Mao [Thu, 3 Oct 2024 21:50:24 +0000 (14:50 -0700)]
mbedtls/external: update MbedTLS PKCS7 test suites
Update the PKCS7 test suites for multiple certs.
The PR for this patch is at:
https://github.com/Mbed-TLS/mbedtls/pull/9001
For enabling EFI loader PKCS7 features with MbedTLS build,
we need this patch on top of MbedTLS v3.6.0 before it is merged into
the next MbedTLS LTS release.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Raymond Mao [Thu, 3 Oct 2024 21:50:23 +0000 (14:50 -0700)]
mbedtls/external: support decoding multiple signer's cert
Support decoding multiple signer's cert in the signed data within
a PKCS7 message.
The PR for this patch is at:
https://github.com/Mbed-TLS/mbedtls/pull/9001
For enabling EFI loader PKCS7 features with MbedTLS build,
we need this patch on top of MbedTLS v3.6.0 before it is merged into
the next MbedTLS LTS release.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Raymond Mao [Thu, 3 Oct 2024 21:50:22 +0000 (14:50 -0700)]
mbedtls/external: support PKCS9 Authenticate Attributes
Populate PKCS9 Authenticate Attributes from signer info if it exists
in a PKCS7 message.
Add OIDs for describing objects using for Authenticate Attributes.
The PR for this patch is at:
https://github.com/Mbed-TLS/mbedtls/pull/9001
For enabling EFI loader PKCS7 features with MbedTLS build,
we need this patch on top of MbedTLS v3.6.0 before it is merged into
the next MbedTLS LTS release.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Raymond Mao [Thu, 3 Oct 2024 21:50:21 +0000 (14:50 -0700)]
mbedtls/external: support Microsoft Authentication Code
Populate Microsoft Authentication Code from the content data
into PKCS7 decoding context if it exists in a PKCS7 message.
Add OIDs for describing objects using for Microsoft Authentication
Code.
The PR for this patch is at:
https://github.com/Mbed-TLS/mbedtls/pull/9001
For enabling EFI loader PKCS7 features with MbedTLS build,
we need this patch on top of MbedTLS v3.6.0 before it is merged into
the next MbedTLS LTS release.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Raymond Mao [Thu, 3 Oct 2024 21:50:20 +0000 (14:50 -0700)]
mbedtls: Enable smaller implementation for SHA256/512
Smaller implementation for SHA256 and SHA512 helps to reduce the
ROM footprint though it has a certain impact on performance.
As a trade-off, enable it as a default config when MbedTLS is
enabled can reduce the target size significantly with acceptable
performance loss.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Raymond Mao [Thu, 3 Oct 2024 21:50:18 +0000 (14:50 -0700)]
sha1: Remove sha1 non-watchdog API
We don't need an API specially for non-watchdog since sha1_csum_wd
supports it by disabling CONFIG_HW_WATCHDOG and CONFIG_WATCHDOG.
Set 0x10000 as default chunk size for SHA1.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Raymond Mao [Thu, 3 Oct 2024 21:50:17 +0000 (14:50 -0700)]
md5: Remove md5 non-watchdog API
We don't need an API specially for non-watchdog since md5_wd supports
it by disabling CONFIG_HW_WATCHDOG and CONFIG_WATCHDOG.
Set 0x10000 as default chunk size for MD5.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Michal Simek <michal.simek@amd.com>
Raymond Mao [Thu, 3 Oct 2024 21:50:16 +0000 (14:50 -0700)]
lib: Adapt digest header files to MbedTLS
Adapt digest header files to support both original libs and MbedTLS
by switching on/off MBEDTLS_LIB_CRYPTO.
Introduce <alg>_LEGACY kconfig for legacy hash implementations.
sha256.o should depend on SHA256 kconfig only but not SUPPORT_EMMC_RPMB,
SHA256 should be selected when SUPPORT_EMMC_RPMB is enabled instead.
`IS_ENABLED` or `CONFIG_IS_ENABLED` is not applicable here, since
including <linux/kconfig.h> causes undefined reference on schedule()
with sandbox build, as <linux/kconfig.h> includes <generated/autoconf.h>
which enables `CONFIG_HW_WATCHDOG` and `CONFIG_WATCHDOG` but no schedule()
are defined in sandbox build,
Thus we use `#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)` instead.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Raymond Mao [Thu, 3 Oct 2024 21:50:15 +0000 (14:50 -0700)]
mbedtls: add mbedtls into the build system
Port mbedtls with adapted libc header files.
Add mbedtls default config header file.
Optimize mbedtls default config by disabling unused features to
reduce the target size.
Add mbedtls kbuild makefile.
Add Kconfig skeleton and config submenu entry for selecting
crypto libraries between mbedtls and legacy ones.
Add the mbedtls include directories into the build system.
Port u-boot hash functions as MbedTLS crypto alternatives and set
it as default.
Subsequent patches will separate those Kconfigs into pairs of
_LEGACY and _MBEDTLS for controlling the implementations of legacy
crypto libraries and MbedTLS ones respectively.
The motivation of moving and adapting *INT* macros from kernel.h
to limits.h is to fulfill the MbedTLS building requirement.
The conditional compilation statements in MbedTLS expects the
*INT* macros as constant expressions, thus expressions like
`((int)(~0U >> 1))` will not work.
Prerequisite
------------
This patch series requires mbedtls git repo to be added as a
subtree to the main U-Boot repo via:
Raymond Mao [Thu, 3 Oct 2024 21:50:14 +0000 (14:50 -0700)]
CI: Exclude MbedTLS subtree for CONFIG checks
Since MbedTLS is an external repo with its own coding style,
exclude it from Azure and gitlab CI CONFIG checks.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Godfrey Mwangi [Fri, 4 Aug 2023 19:00:39 +0000 (12:00 -0700)]
usb: xhci: pet watchdog during transfers
On some platforms with low USB throughput, tranfers
of huge files take a long time and watchdog timer can
expire resulting in hardware reset. Avoid this by
petting the watchdog as long as we have pending transfers.
Signed-off-by: Godfrey Mwangi <godmwan@microsoft.com> Reviewed-by: Marek Vasut <marex@denx.de>
Tom Rini [Mon, 14 Oct 2024 14:14:46 +0000 (08:14 -0600)]
Merge tag 'u-boot-amlogic-next-20241014' of https://source.denx.de/u-boot/custodians/u-boot-amlogic
- Add Libre Computer boards into proper libre-computer board directory
- Add new Boards:
- Libre Computer aml-s905d3-cc
- Libre Computer aml-a311d-cc
- Add capsule update to libretech-ac and the new boards since they have an onboard SPI nor flash
- Fix HDMI support after sync to v6.11 and regulator enable from Marek
- Fix khadas-vim3 android config for android-mainline kernel
- Disable meson64 boot targets when configs are not eavailable
Tom Rini [Mon, 14 Oct 2024 14:13:23 +0000 (08:13 -0600)]
Merge branch 'u-boot-nand-20241012' of https://source.denx.de/u-boot/custodians/u-boot-nand-flash
This merge request add support for BCMBCA raw nand driver for bcm96846
board that switch using OF_UPSTREAM and allow use onfi ecc params when
they are available in the atmel nand controller
The patches pass the pipeline CI:
https://source.denx.de/u-boot/custodians/u-boot-nand-flash/-/pipelines/22638
Callum Parsey [Sat, 12 Oct 2024 08:03:51 +0000 (08:03 +0000)]
configs: meson64: Ensure commands for boot targets are available
When populating BOOT_TARGET_DEVICES on Amlogic Meson platforms, verify
that the shell commands for accessing the relevant media have been
enabled in the build configuration.
This was already being done for USB, NVME and SCSI devices, but not
for MMC devices or network boot. This meant that configuring U-Boot
without the networking or MMC subsystems/drivers would cause an error
to be thrown during preprocessing.
Neil Armstrong [Wed, 9 Oct 2024 09:15:20 +0000 (11:15 +0200)]
clk: meson: gxbb: add HDMI clocks
Align with g12a driver to handle the CLKID_HDMI, CLKID_HDMI_SEL
and CLKID_HDMI_DIV clocks since they were added to the upstream
GXBB/GXL Devicetree on v6.11 with [1]
Neil Armstrong [Fri, 20 Sep 2024 13:33:34 +0000 (15:33 +0200)]
ARM: meson: add support for Libre Computer aml-s905d3-cc
Add support for the Libre Computer aml-s905d3-cc "Solitude" board:
https://libre.computer/products/aml-s905d3-cc/
The Solitude board has a Credit Card form factor, similar to the
the previous "Le Potato" card, but with the Amlogic A311D SoC,
MIPI DSI and CSI connectors. PoE header and a single USB2 Type-C
connector replacing the microUSB one for power and USB 2.0.
The board has an embedded SPI NOR flash, and EFI Capsule support
is added.
The GUID is dynamically generated for the board, to get it:
=> efidebug capsule esrt
========================================
ESRT: fw_resource_count=1
ESRT: fw_resource_count_max=1
ESRT: fw_resource_version=1
[entry 0]==============================
ESRT: fw_class=4302C3CB-2502-5EFE-87E0-894A8A322893
ESRT: fw_type=unknown
ESRT: fw_version=0
ESRT: lowest_supported_fw_version=0
ESRT: capsule_flags=0
ESRT: last_attempt_version=0
ESRT: last_attempt_status=success
========================================
On the host (with the aml_encrypt_g12a result binary):
$ eficapsule --guid 4302C3CB-2502-5EFE-87E0-894A8A322893 -i 1 u-boot.bin u-boot.cap
On the board (from USB disk containing u-boot.cap at root):
=> load usb 0:1 $kernel_addr_r u-boot.cap
=> efidebug capsule update $kernel_addr_r
Neil Armstrong [Fri, 20 Sep 2024 13:33:33 +0000 (15:33 +0200)]
ARM: meson: add support for Libre Computer aml-a311d-cc
Add support for the Libre Computer aml-a311d-cc "Alta" board:
https://libre.computer/products/aml-a311d-cc/
The Alta board has a Credit Card form factor, similar to the
the prvevious "Le Potato" card, but with the Amlogic A311D SoC,
MIPI DSI and CSI connectors. PoE header and a single USB2 Type-C
connector replacing the microUSB one for power and USB 2.0.
The board has an embedded SPI NOR flash, and EFI Capsule support
is added.
The GUID is dynamically generated for the board, to get it:
=> efidebug capsule esrt
========================================
ESRT: fw_resource_count=1
ESRT: fw_resource_count_max=1
ESRT: fw_resource_version=1
[entry 0]==============================
ESRT: fw_class=17E07D9D-4D91-53F4-8780-1D91F279C1A5
ESRT: fw_type=unknown
ESRT: fw_version=0
ESRT: lowest_supported_fw_version=0
ESRT: capsule_flags=0
ESRT: last_attempt_version=0
ESRT: last_attempt_status=success
========================================
On the host (with the aml_encrypt_g12a result binary):
$ eficapsule --guid 17E07D9D-4D91-53F4-8780-1D91F279C1A5 -i 1 u-boot.bin u-boot.cap
On the board (from USB disk containing u-boot.cap at root):
=> load usb 0:1 $kernel_addr_r u-boot.cap
=> efidebug capsule update $kernel_addr_r
Since the aml-s805-cc works well using EFI, and now the capsule updates
backend has been merged, let's enable the missing configs and add
the required structures to support it.
The GUID is dynamically generated for the board, to get it:
=> efidebug capsule esrt
========================================
ESRT: fw_resource_count=1
ESRT: fw_resource_count_max=1
ESRT: fw_resource_version=1
[entry 0]==============================
ESRT: fw_class=B8079027-9B2C-57D4-86AA-CC782ADA598C
ESRT: fw_type=unknown
ESRT: fw_version=0
ESRT: lowest_supported_fw_version=0
ESRT: capsule_flags=0
ESRT: last_attempt_version=0
ESRT: last_attempt_status=success
========================================
On the host (with the aml_encrypt_gxl result binary):
$ eficapsule --guid B8079027-9B2C-57D4-86AA-CC782ADA598C -i 1 u-boot.bin u-boot.cap
On the board (from USB disk containing u-boot.cap at root):
=> load usb 0:1 $kernel_addr_r u-boot.cap
=> efidebug capsule update $kernel_addr_r
Neil Armstrong [Tue, 17 Sep 2024 12:34:45 +0000 (14:34 +0200)]
board: libretech-ac: move board support into dedicated directory
The libretech-ac aka aml-s805x-ac supports mainline U-boot
from a dedicated SPI flash, move the board support into
a dedicated vendor/board subdirectory in order to support
vendor specific customization.
It also aligns with the vendor downstream changes.
Neil Armstrong [Tue, 10 Sep 2024 09:50:11 +0000 (11:50 +0200)]
ufs: add get_max_pwr_mode callback
Add a new get_max_pwr_mode callback to permit the UFS controller
driver manipulate the max_pwr_mode struct right before setting
the new pwr_mode to the UFS device.
It can be used to limit the HS Gear with errata and hardware
limitations on some UFS controllers.
ufs: ufs-amd-versal2: Add support for AMD UFS controller
Add UFS AMD platform support on top of the UFS DWC
and UFS platform driver. UFS AMD platform requires
some platform specific configurations like M-PHY/RMMI/UniPro
and vendor specific registers programming before doing the LINKSTARTUP.
This patch has the goal to add support for DesignWare UFS Controller
specific operations.
This is based on linux kernel commit:
"drivers/scsi/ufs/ufshcd-dwc.c: ufs: add support for DesignWare
Controller" (sha1: 4b9ffb5a353bdee49f1f477ffe2b95ab3f9cbc0c)
It is ported from linux kernel 6.11-rc1.
Neil Armstrong [Mon, 30 Sep 2024 12:44:34 +0000 (14:44 +0200)]
ufs: core: remove link_startup_again logic
The link_startup_again logic was added in Linux to handle device
that were set in LinkDown state, which should not be the case since U-boot
doesn't set LinkDown state are init, and Linux sets the device active
in ufshcd_init() for the first link startup.
ufshcd_set_ufs_dev_active(hba) is called at ufshcd_init() right before
scheduling an ufshcd_async_scan that will call ufshcd_device_init() then ufshcd_link_startup().
The comment in probe says:
/*
* We are assuming that device wasn't put in sleep/power-down
* state exclusively during the boot stage before kernel.
* This assumption helps avoid doing link startup twice during
* ufshcd_probe_hba().
*/
we can assume the same from U-Boot.
While it worked to far, it breaks link startup for Qualcomm Controllers v5,
let's just remove the logic.
Neil Armstrong [Mon, 30 Sep 2024 12:44:35 +0000 (14:44 +0200)]
MAINTAINERS: Add myself to the list of UFS maintainers
Adding myself to continue Bhupesh's work to enhance and fix UFS
support in U-Boot, especially for Qualcomm SoCs, and help review
patches and maintain the UFS subsystem.