This commit modify efi_tcg2_register() to return the
appropriate error.
With this fix, sandbox will not boot because efi_tcg2_register()
fails due to some missing feature in GetCapabilities.
So disable sandbox if EFI_TCG2_PROTOCOL is enabled.
UEFI secure boot variable measurement is not directly related
to TCG2 protocol installation, tcg2_measure_secure_boot_variable()
is moved to the separate function.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Fixes: d80162cfc559 ("doc: Document how to apply fdt overlays") Signed-off-by: Alexander Dahl <ada@thorsis.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tom Rini [Thu, 9 Dec 2021 13:43:30 +0000 (08:43 -0500)]
Merge branch 'master' of https://source.denx.de/u-boot/custodians/u-boot-sunxi
This fixes two regressions: eMMC operation on boards with WiFi (so using
three MMC devices), and a repeated wrong error message in USB gadget
mode (fastboot, ums).
Andre Przywara [Tue, 2 Nov 2021 19:45:47 +0000 (19:45 +0000)]
sunxi: Remove misleading USB-OTG charger message
The sunxi MUSB glue driver has some code to check for external VBUS
presence when it's going to use the MUSB host mode, and it warns if
there is VBUS provided through the cable (in sunxi_musb_enable()).
This code was apparently copied to the USB gadget detection code
(g_dnl_board_usb_cable_connected()), but here we actually *expect*
external VBUS power, so a warning is wrong and confusing.
So far this message rarely triggered, but a recent patch (6fa41cdd19b9)
changed this:
===========================
=> ums 0 mmc 2
UMS: LUN 0, dev mmc 2, hwpart 0, sector 0x0, count 0xe90000
A charger is plugged into the OTG
/A charger is plugged into the OTG
\A charger is plugged into the OTG
|A charger is plugged into the OTG
-A charger is plugged into the OTG
....
===========================
Remove the message for the gadget cable detection call, and just return
the status of the VBUS detection, as this is what the callers are after.
Signed-off-by: Andre Przywara <andre.przywara@arm.com> Reviewed-by: Jagan Teki <jagan@amarulasolutions.com>
Andre Przywara [Tue, 30 Nov 2021 23:18:54 +0000 (23:18 +0000)]
sunxi: dts: Fix typoed eMMC check
Commit 03510bf62149 ("sunxi: only include alias for eMMC when mmc2
used") protected the eMMC alias in U-Boot's DT stub the with the
associated Kconfig symbol, but was actually using the wrong name.
Fix the name of the symbol to match what's defined in Kconfig and what
the defconfig files actually use.
Fixes: 03510bf62149 ("sunxi: only include alias for eMMC when mmc2 used") Signed-off-by: Andre Przywara <andre.przywara@arm.com> Reported-by: 5kft@5kft.org Reviewed-by: Icenowy Zheng <icenowy@aosc.io>
Padmarao Begari [Wed, 17 Nov 2021 12:51:18 +0000 (18:21 +0530)]
riscv: Update Microchip MPFS Icicle Kit support
This patch updates Microchip MPFS Icicle Kit support. For now,
add Microchip I2C driver, set environment variables for
mac addresses and default build for SBI_V02.
Signed-off-by: Padmarao Begari <padmarao.begari@microchip.com> Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Padmarao Begari [Wed, 17 Nov 2021 12:51:17 +0000 (18:21 +0530)]
riscv: dts: Split Microchip device tree
The device tree split into .dtsi and .dts files, common
device node for eMMC/SD, enable I2C1, UART1 for console
instead of UART0, enable the DDR 2GB memory and in
that 288MB memory is reserved for fabric buffer.
Signed-off-by: Padmarao Begari <padmarao.begari@microchip.com> Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
Marek Vasut [Sat, 13 Nov 2021 02:23:52 +0000 (03:23 +0100)]
net: dwc_eth_qos: Enable clock in probe
Enable DWC IP clock in driver probe, so the MII access is possible even
outside of active network transfers. This is particularly useful when
using 'mii' or 'mdio' commands to explore PHY state, neither of which
works with DWMAC currently due to the disabled clock.
Signed-off-by: Marek Vasut <marex@denx.de> Cc: Joe Hershberger <joe.hershberger@ni.com> Cc: Patrice Chotard <patrice.chotard@foss.st.com> Cc: Patrick Delaunay <patrick.delaunay@foss.st.com> Cc: Ramon Fried <rfried.dev@gmail.com> Cc: Stephen Warren <swarren@nvidia.com> Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com> Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
Marek Vasut [Sat, 13 Nov 2021 02:23:11 +0000 (03:23 +0100)]
net: eth-phy: Handle gpio_request_by_name() return value
The gpio_request_by_name() returns zero in case of success, however the
conditional return value check in gpio_request_by_name() checks only for
(ret != -ENOENT) and if the condition is true, returns ret outright.
This leads to a situation where successful gpio_request_by_name() return
leads to immediate successful eth_phy_of_to_plat() return as well, and
to skipped parsing of "reset-assert-us" and "reset-deassert-us", so the
PHY driver operates with valid reset GPIO, but with assert/deassert times
set to default, which is 0, instead of the values from DT. This breaks
PHY reset.
Fix this by checking if return value is non-zero and then for this one
single allowed non-zero return value, -ENOENT.
Signed-off-by: Marek Vasut <marex@denx.de> Cc: Ramon Fried <rfried.dev@gmail.com> Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
tpm_tis_remove() leads to calling tpm_tis_ready() with the IO region
unmapped and chip->locality == -1 (locality released). This leads to a
crash in mmio_write_bytes().
The patch implements these changes:
tpm_tis_remove(): Unmap the IO region after calling tpm_tis_cleanup().
tpm_tis_cleanup(): Request locality before IO output and releasing
locality.
Ruchika Gupta [Mon, 29 Nov 2021 07:39:46 +0000 (13:09 +0530)]
efi_loader: Extend PCR's for firmware measurements
Firmwares before U-Boot may be capable of doing tpm measurements
and passing them to U-Boot in the form of eventlog. However there
may be scenarios where the firmwares don't have TPM driver and
are not capable of extending the measurements in the PCRs.
Based on TCG spec, if previous firnware has extended PCR's, PCR0
would not be 0. So, read the PCR0 to determine if the PCR's need
to be extended as eventlog is parsed or not.
Ruchika Gupta [Mon, 29 Nov 2021 07:39:45 +0000 (13:09 +0530)]
tpm: use more algorithms than sha256 on pcr_read
The current tpm2_pcr_read is hardcoded using SHA256. Make the
actual command to TPM configurable to use wider range of algorithms.
The current command line is kept as is i.e limited to SHA-256 only.
Ruchika Gupta [Mon, 29 Nov 2021 07:39:44 +0000 (13:09 +0530)]
efi_loader: Add check for event log passed from firmware
Platforms may have support to measure their initial firmware components
and pass the event log to u-boot. The event log address can be passed
in property tpm_event_log_addr and tpm_event_log_size of the tpm node.
Platforms may choose their own specific mechanism to do so. A weak
function is added to check if even log has been passed to u-boot
from earlier firmware components. If available, the eventlog is parsed
to check for its correctness and further event logs are appended to the
passed log.
Pali Rohár [Mon, 15 Nov 2021 12:48:06 +0000 (13:48 +0100)]
serial: a37xx: Reset whole UART when changing parent clock from TBG to XTAL
Sometimes UART stops transmitting characters after UART clock is changed
back to XTAL. In this state UART fifo is always full. Kernel during early
boot wants to print output on UART and is waiting for non-empty UART fifo.
Which leads to CPU hangup without any (debug) output on UART.
Marvell Armada 3700 Functional Specifications says that for programming
fractional divisor registers it is required to disable UART, enable
loopback mode, reset fifos, program registers, disable loopback mode,
release reset of fifos and enable UART.
But these steps do not fix above mentioned issue that UART hangup. Also
gating UART clock does not help. And even resetting UART state machines do
not help.
Experiments showed that UART fifo is unblocked after board is being reset
(during board reset UART HW transmit UART fifo even CPU is not executing
kernel/bootloader anymore).
And another experiments showed that same workaround can be achieved also
by external reset of UART HW (without need to reset board).
So do not implement any of "Marvell recommended" steps from Functional
Specifications as they do not work. And rather prior changing parent clock
back to XTAL, do external reset of UART HW. This operation also resets all
UART registers, so basically it also sets UART clock to default, which is
XTAL. It is unknown why UART hangups and enters such broken state.
Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Stefan Roese <sr@denx.de>
Pali Rohár [Tue, 9 Nov 2021 16:14:02 +0000 (17:14 +0100)]
arm: mvebu: turris_omnia: enable A385 watchdog before disabling MCU watchdog
Commit aeb0ca64dbb5 ("arm: mvebu: turris_omnia: disable MCU watchdog in
SPL when booting over UART") disabled MCU watchdog when booting over
UART to ensure that watchdog does not reboot the board before UART
transfer finishes.
But if UART transfer fails for some reason, or if U-Boot binary crashes,
then board hangs forever as there is no watchdog running which could
reset it.
To fix this issue, enable A385 watchdog with very high timeout before
disabling MCU watchdog to ensure that even slow transfer can finish
successfully before watchdog timer expires and also to ensure that if
board hangs for some reason, watchdog will reset it.
Omnia's MCU watchdog has fixed 120 seconds timer and it cannot be
changed (without updating MCU firmware). A385 watchdog by default uses
25 MHz input clock and so the largest timeout value (2^32-1) can be
just 171 seconds. But A385 watchdog can be switched to use NBCLK (L2) as
input clock (on Turris Omnia it is 800 MHz clock) and in this case final
watchdog clock frequency is calculated as:
freq = NBCLK / 2 / (2 ^ R)
So A385 watchdog on Turris Omnia can be configured to at most 1374
seconds (about 22 minutes). We set it to 10 minutes, which should be
enough even for bigger U-Boot binaries or slower UART transfers.
Both U-Boot and Linux kernel, when initializing A385 watchdog, switch
watchdog timer to 25 MHz input clock, so usage of NBCLK input clock in
U-Boot SPL does not cause any issues.
Fixes: aeb0ca64dbb5 ("arm: mvebu: turris_omnia: disable MCU watchdog in SPL when booting over UART") Signed-off-by: Pali Rohár <pali@kernel.org> Signed-off-by: Marek Behún <marek.behun@nic.cz>
Vincent Stehlé [Wed, 24 Nov 2021 14:54:20 +0000 (15:54 +0100)]
qemu: common: Fix build with update capsule
The common emulation Makefile has a dependency on a non-existent
qemu_capsule.o when building with support for capsule update enabled
(CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y).
The code which was in qemu_capsule.c has been completely moved to
lib/efi_loader/efi_capsule.c by commit 7a6fb28c8e4b ("efi_loader: capsule:
add back efi_get_public_key_data()").
Remove the false dependency.
This fixes the following build error:
make[1]: *** No rule to make target 'board/emulation/common/qemu_capsule.o', needed by 'board/emulation/common/built-in.o'. Stop.
Fixes: commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com> Cc: Simon Glass <sjg@chromium.org>
Tom Rini [Fri, 26 Nov 2021 22:10:53 +0000 (17:10 -0500)]
Merge tag 'efi-2022-01-rc3-2' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2022-01-rc3-2
Test:
* fix pylint warnings
UEFI:
* disable interrupts before removing devices in ExitBootServices()
* implement poweroff in efi_system_reset() on sandbox
* allow booting via EFI even if some block device fails
Here efi_resister_disk() failed due to an error in the BTRFS implementation.
Move the logic to clear EFI_OS_INDICATIONS_FILE_CAPSULE_DELIVERY_SUPPORTED
to the rest of the capsule code.
If CONFIG_EFI_IGNORE_OSINDICATIONS=y, we should still clear the flag.
If OsIndications does not exist, we should not create it as it is owned by
the operating system.
Our algorithm for creating USB device paths may lead to duplicate device
paths which result in efi_disk_register() failing. Instead we should just
skip devices that cannot be registered as EFI block devices.
Fix a memory leak in efi_disk_add_dev() caused by the duplicate device
path.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tom Rini [Fri, 19 Nov 2021 21:33:04 +0000 (16:33 -0500)]
efi: Call bootm_disable_interrupts earlier in efi_exit_boot_services
If we look at the path that bootm/booti take when preparing to boot the
OS, we see that as part of (or prior to calling do_bootm_states,
explicitly) the process, bootm_disable_interrupts() is called prior to
announce_and_cleanup() which is where udc_disconnect() /
board_quiesce_devices() / dm_remove_devices_flags() are called from. In
the EFI path, these are called afterwards. In efi_exit_boot_services()
however we have been calling bootm_disable_interrupts() after the above
functions, as part of ensuring that we disable interrupts as required
by the spec. However, bootm_disable_interrupts() is also where we go
and call usb_stop(). While this has been fine before, on the TI J721E
platform this leads us to an exception. This exception seems likely to
be the case that we're trying to stop devices that we have already
disabled clocks for. The most direct way to handle this particular
problem is to make EFI behave like the do_bootm_states() process and
ensure we call bootm_disable_interrupts() prior to ending up in
usb_stop().
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> Cc: Simon Glass <sjg@chromium.org> Suggested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tom Rini [Sat, 20 Nov 2021 14:36:37 +0000 (09:36 -0500)]
Merge branch 'efi-2022-01' of https://source.denx.de/u-boot/custodians/u-boot-efi
Scripts:
* Update spelling.txt
LMB:
* remove extern keyword in lmb.h
* drop unused lmb_size_bytes()
Test:
* test truncation in snprintf()
Documentation:
* add include/lmb.h to HTML documentation
UEFI:
* reduce non-debug logging output for measured boot
* fix use after free in measured boot
* startup the tpm device when installing the protocol
* implement EFI_EVENT_GROUP_BEFORE_EXIT_BOOT_SERVICES
* record capsule result only if capsule is read
Ilias Apalodimas [Thu, 18 Nov 2021 08:13:42 +0000 (10:13 +0200)]
efi_loader: startup the tpm device when installing the protocol
Due to U-Boot's lazy binding mentality the TPM is probed but not properly
initialized. The user can startup the device from the command line
e.g 'tpm2 startup TPM2_SU_CLEAR'. However we can initialize the TPM during
the TCG protocol installation, which is easier to use overall.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Ilias Apalodimas [Thu, 18 Nov 2021 07:03:39 +0000 (09:03 +0200)]
efi_loader: fix FinalEvents table if an EFI app invoked GetEventLog
As described in the TCG spec [1] in sections 7.1.1 and 7.1.2 the FinalEvent
table should include events after GetEventLog has been called. This
currently works for us as long as the kernel is the only EFI application
calling that. Specifically we only implement what's described in 7.1.1.
So refactor the code a bit and support EFI application(s) calling
GetEventLog. Events will now be logged in both the EventLog and FinalEvent
table as long as ExitBootServices haven't been invoked.
Masami Hiramatsu [Fri, 12 Nov 2021 13:05:15 +0000 (22:05 +0900)]
efi_loader: capsule: Record capsule result only if capsule is read
Record capsule update result only if the capsule file is
successfully read, because the capsule GUID is not sure when
the file can not be read or the file is not a capsule.
Without this fix, if user puts a dummy (non-capsule) file
under (ESP)EFI/UpdateCapsule, U-Boot causes a synchronous
abort.
This also fixes use-after-free bug of the 'capsule' variable.
Masahisa Kojima [Tue, 9 Nov 2021 11:35:53 +0000 (20:35 +0900)]
efi_loader: Reduce efi_tcg2 logging statement
log_info() is used for the debug level logging statement
which should use log_debug() instead. Convert it to reduce the
log output.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Masahisa Kojima [Fri, 12 Nov 2021 07:24:27 +0000 (16:24 +0900)]
efi: add comment for efi_system_table and efi_configuration_table
This commit adds the comment for efi_system_table and
efi_configuration_table structure.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tom Rini [Thu, 18 Nov 2021 23:25:19 +0000 (18:25 -0500)]
Merge branch '2021-11-18-regression-fixes'
- An assortment of fixes related to GD, GD_FLG_SKIP_RELOC, and the lmb
- Environment fix on synquacer developmentbox
- Fix for get_info is not valid in partition code
Marek Vasut [Sat, 13 Nov 2021 17:34:37 +0000 (18:34 +0100)]
lmb: Reserve U-Boot separately if relocation is disabled
In case U-Boot starts with GD_FLG_SKIP_RELOC, the U-Boot code is
not relocated, however the stack and heap is at the end of DRAM
after relocation. Reserve a LMB area for the non-relocated U-Boot
code so it won't be overwritten.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com> Cc: Simon Glass <sjg@chromium.org> Cc: Tom Rini <trini@konsulko.com>
Marek Vasut [Sat, 13 Nov 2021 17:34:04 +0000 (18:34 +0100)]
board_f: Copy GD to new GD even if relocation disabled
Even if U-Boot has relocation disabled via GD_FLG_SKIP_RELOC , the
relocated stage of U-Boot still picks GD from new_gd location. The
U-Boot itself is not relocated, but GD might be, so copy the GD to
new GD location even if relocation is disabled.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com> Cc: Peng Fan <peng.fan@oss.nxp.com> Cc: Simon Glass <sjg@chromium.org> Cc: Tom Rini <trini@konsulko.com>
Masami Hiramatsu [Thu, 18 Nov 2021 05:45:25 +0000 (14:45 +0900)]
Revert "board: synquacer: developerbox: Don't set gd->env_addr to default_environment"
Without default setting of gd->env_addr, U-Boot will cause
a synchronous abort if the env-variables on the SPI flash is
broken or not saved corectly. Set gd->env_addr correctly.
Without get_desc, the tpm command will not provide a
description of the device in 'tpm device' or 'tpm info'.
Due to the characteristics of the Atmel TPM it isn't
possible to determine certain attributes (e.g open/close
status) without using the TPM stack (compare Infineon
and ST TPM drivers), so just print out the chip model
and udevice name as the identifier.
Mathew McBride [Thu, 11 Nov 2021 04:06:27 +0000 (04:06 +0000)]
cmd: tpm-v1: fix load_key_by_sha1 compile errors
This command is not compiled by default and has not been updated alongside
changes to the tpmv1 API, such as passing the TPM udevice to the relevant
functions.
Tom Rini [Tue, 16 Nov 2021 14:51:04 +0000 (09:51 -0500)]
Merge tag 'xilinx-for-v2022.01-rc3' of https://source.denx.de/u-boot/custodians/u-boot-microblaze
Xilinx changes for v2022.01-rc3
sdhci:
- Fix emmc mini case with missing firmware interface
zynqmp:
- Restore JTAG interface if required
- Allow overriding board name
- Add support for DLC21
- Fix one fallthrought statement description
- Use config macro instead of name duplication
- Save multiboot to variable
firmware:
- Handle ipi_req errors better
- Use local buffer in case user doesn't need it instead of NULL/0 location
Andy Shevchenko [Mon, 8 Nov 2021 18:03:38 +0000 (21:03 +0300)]
image: Explicitly declare do_bdinfo()
Compiler is not happy:
common/image-board.c: In function ‘boot_get_kbd’:
common/image-board.c:902:17: warning: implicit declaration of function ‘do_bdinfo’ [-Wimplicit-function-declaration]
902 | do_bdinfo(NULL, 0, 0, NULL);
| ^~~~~~~~~
Move the forward declaration to a header.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Masami Hiramatsu [Wed, 10 Nov 2021 00:40:07 +0000 (09:40 +0900)]
configs: synquacer: Fix dfu_alt_info to use nor1
Fix dfu_alt_info to use nor1 instead of the device name.
This reverts a part of commit 59bd18d4c4d7 ("configs: synquacer:
Remove mtdparts settings and update DFU setting") because the
commit a4f2d8341455 ("mtd: spi: nor: force mtd name to "nor%d"")
changed the mtd device naming scheme to nor%d.
The subdivision name "TQ Components" hasn't been in use for a long time.
Rename the vendor directory to "tq", which also matches our Device Tree
vendor prefix.
Alistair Delva [Wed, 20 Oct 2021 21:31:32 +0000 (21:31 +0000)]
arm64: relocate-rela: Add support for ld.lld
Cap end of relocations by the binary size.
Linkers like to insert some auxiliary sections between .rela.dyn and
.bss_start. These sections don't make their way to the final binary, but
reloc_rela still tries to relocate them, resulting in attempted read
past the end of file.
When linking U-Boot with ld.lld, the STATIC_RELA feature (enabled by
default on arm64) breaks the build. After this patch, U-Boot can be
linked successfully with and without CONFIG_STATIC_RELA.
Originally-from: Elena Petrova <lenaptr@google.com> Signed-off-by: Alistair Delva <adelva@google.com> Cc: David Brazdil <dbrazdil@google.com> Cc: Scott Wood <scottwood@freescale.com> Cc: Tom Rini <trini@konsulko.com>