AKASHI Takahiro [Fri, 14 Aug 2020 05:39:24 +0000 (14:39 +0900)]
test/py: efi_secboot: modify 'multiple signatures' test case
The test case 5 in test_signed (multiple signatures) must be modified
and aligned with the change introduced in the previous commit
("efi_loader: signature: correct a behavior against multiple signatures").
AKASHI Takahiro [Fri, 14 Aug 2020 05:39:23 +0000 (14:39 +0900)]
efi_loader: signature: correct a behavior against multiple signatures
Under the current implementation, all the signatures, if any, in
a signed image must be verified before loading it.
Meanwhile, UEFI specification v2.8b section 32.5.3.3 says,
Multiple signatures are allowed to exist in the binary’s certificate
table (as per PE/COFF Section “Attribute Certificate Table”). Only
one hash or signature is required to be present in db in order to pass
validation, so long as neither the SHA-256 hash of the binary nor any
present signature is reflected in dbx.
This patch makes the semantics of signature verification compliant with
the specification mentioned above.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
AKASHI Takahiro [Thu, 13 Aug 2020 08:05:29 +0000 (17:05 +0900)]
efi_loader: variable: fix secure state initialization
Under the new file-based variable implementation, the secure state
is always and falsely set to 0 (hence, the secure boot gets disabled)
after the reboot even if PK (and other signature database) has already
been enrolled in the previous boot.
This is because the secure state is set up *before* loading non-volatile
variables' values from saved data.
This patch fixes the order of variable initialization and secure state
initialization.
test/py: efi_secboot: add test for intermediate certificates
In this test case, an image may have a signature with additional
intermediate certificates. A chain of trust will be followed and all
the certificates in the middle of chain must be verified before loading.
efi_loader: signature: rework for intermediate certificates support
In this commit, efi_signature_verify(with_sigdb) will be re-implemented
using pcks7_verify_one() in order to support certificates chain, where
the signer's certificate will be signed by an intermediate CA (certificate
authority) and the latter's certificate will also be signed by another CA
and so on.
What we need to do here is to search for certificates in a signature,
build up a chain of certificates and verify one by one. pkcs7_verify_one()
handles most of these steps except the last one.
pkcs7_verify_one() returns, if succeeded, the last certificate to verify,
which can be either a self-signed one or one that should be signed by one
of certificates in "db". Re-worked efi_signature_verify() will take care
of this step.
AKASHI Takahiro [Wed, 12 Aug 2020 00:37:50 +0000 (09:37 +0900)]
efi_loader: variable: keep temporary buffer during the authentication
This is a bug fix; Setting an authenticated variable may fail due to
a memory corruption in the authentication.
A temporary buffer will, if needed, be allocated to parse a variable's
authentication data, and some portion of buffer, specifically signer's
certificates, will be referenced by efi_signature_verify().
So the buffer should be kept valid until the authentication process
is finished.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tom Rini [Thu, 13 Aug 2020 12:11:27 +0000 (08:11 -0400)]
Merge tag 'u-boot-stm32-20200813' of https://gitlab.denx.de/u-boot/custodians/u-boot-stm
- Use IS_ENABLED to prevent ifdef in board_key_check for STM32MP
- Add STM32 FMC2 EBI controller driver
- Fix dwc3-sti-glue which allows STiH410-B2260 to boot again
- Add fitImage its entry for 587-200 DHCOR SoM
- Add both PDK2 and DRC02 DT into DHCOM fitImage its
- Fix DHCOM KS8851 ethernet MAC address
- Remove stm32mp1 board.c file
- Use const for struct node_info in board stm32mp1.c file
Patrick Delaunay [Thu, 30 Jul 2020 11:57:34 +0000 (13:57 +0200)]
board: stm32mp1: remove board.c
Remove the file board/st/stm32mp1/board.c which is not more
compiled since commit 156732cc8939 ("board: stm32mp1: move the
function board_debug_uart_init in spl.c")
Fixes: 4fb46816c7e2 ("board: stm32mp1: move the function board_debug_uart_init in spl.c") Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Marek Vasut [Thu, 30 Jul 2020 23:34:50 +0000 (01:34 +0200)]
ARM: dts: stm32: Update eth1addr from EEPROM if eth1 present
The STM32MP1 DHCOM has two ethernet interfaces, the on-SoM DWMAC and KS8851.
Set eth1addr for the KS8851 to a MAC address of the DWMAC incremented by 1.
The MAC of the DWMAC is set from on-SoM EEPROM already, but the MAC address
of KS8851 was left uninitialized, so fix this.
Signed-off-by: Marek Vasut <marex@denx.de> Cc: Patrice Chotard <patrice.chotard@st.com> Cc: Patrick Delaunay <patrick.delaunay@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Marek Vasut [Thu, 30 Jul 2020 23:35:33 +0000 (01:35 +0200)]
ARM: stm32: Add both PDK2 and DRC02 DT into DHCOM fitImage its
Include both PDK2 and DRC02 DTs in the DHCOM fitImage .its and implement
support in SPL to select the correct configuration entry for U-Boot by
using the machine compatible string from SPL DT.
Signed-off-by: Marek Vasut <marex@denx.de> Cc: Patrice Chotard <patrice.chotard@st.com> Cc: Patrick Delaunay <patrick.delaunay@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
mtd: rawnand: stm32_fmc2: get resources from parent node
FMC2 EBI support has been added. Common resources (registers base
address and clock) can now be shared between the 2 drivers using
"st,stm32mp1-fmc2-nfc" compatible string. It means that the
common resources should now be found in the parent device when EBI
node is available.
mtd: rawnand: stm32_fmc2: cosmetic change to use nfc instead of fmc2 where relevant
This patch renames functions and local variables.
This cleanup is done to get all functions starting by stm32_fmc2_nfc
in the FMC2 raw NAND driver when all functions will start by
stm32_fmc2_ebi in the FMC2 EBI driver.
mtd: rawnand: stm32_fmc2: use FMC2_TIMEOUT_5S for timeouts
FMC2_TIMEOUT_5S will be used each time that we need to wait.
It was seen, during stress tests in an overloaded system,
that we could be close to 1 second, even if we never met this
value. To be safe, FMC2_TIMEOUT_MS is set to 5 seconds.
node varaible is used as iterator into ofnode_for_each_subnode()
loop, when exiting of it, node is no more a valid ofnode.
Use dwc3_node instead as parameter of ofnode_valid()
Fixes: ac28e59a574d ("usb: Migrate to support live DT for some driver") Signed-off-by: Patrice Chotard <patrice.chotard@st.com> Cc: Kever Yang <kever.yang@rock-chips.com>
Tom Rini [Wed, 12 Aug 2020 03:03:46 +0000 (23:03 -0400)]
Merge tag 'ti-v2020.10-rc3' of https://gitlab.denx.de/u-boot/custodians/u-boot-ti
- Added support for J7200 evm
- DM_ETH and DM_USB migrations for omap3
- USB DFU and mass storage support for AM65x evm
- RTI watchdog support for K3 devices
- Fix an issue with L3 cache on K3 devices
board: ti: j721e: Add support for HyperFlash detection
On J7200 SoC OSPI0 and HypeFlash are muxed at HW level and only one of
them can be used at any time. J7200 EVM has both HyperFlash and OSPI
flash on board. There is a user switch (SW3.1) that can be toggled to
select OSPI flash vs HyperFlash.
Read the state of this switch via wkup_gpio0_6 line and fixup the DT
nodes to select OSPI0 vs HyperFlash
Lokesh Vutla [Wed, 5 Aug 2020 17:14:26 +0000 (22:44 +0530)]
ram: k3-j721e: Relax version checks for memory controller
k3-j721e ddr driver sanity checks for product id and version number.
Version number gets changed for every minor update in the IP. So discard
the version check and just sanity check for product id.
Lokesh Vutla [Wed, 5 Aug 2020 17:14:24 +0000 (22:44 +0530)]
board: ti: j7200: Introduce support for j7200 build targets
j7200-evm has minor differences with j721e-evm based on the IPs
available in the SoC. Introduce separate build targets for j7200-evm
to incorporate the differences.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com> Reviewed-by: Suman Anna <s-anna@ti.com>
Lokesh Vutla [Wed, 5 Aug 2020 17:14:23 +0000 (22:44 +0530)]
arm: mach-k3: j7200: Detect if ROM has already loaded sysfw
Detect if sysfw is already loaded by ROM and pass this information to
sysfw loader. Based on this information sysfw loader either loads the
sysfw image from boot media or just receives the boot notification
message form sysfw.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com> Reviewed-by: Suman Anna <s-anna@ti.com>
Lokesh Vutla [Wed, 5 Aug 2020 17:14:22 +0000 (22:44 +0530)]
arm: mach-k3: j7200: Add support for storing extended boot info from ROM
Starting J7200 SoC, ROM supports for loading sysfw directly from boot
image. ROM passes this information on number of images that are loaded
to bootloader at certain location. Add support for storing this
information before it gets corrupted.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com> Reviewed-by: Suman Anna <s-anna@ti.com>
Lokesh Vutla [Wed, 5 Aug 2020 17:14:21 +0000 (22:44 +0530)]
arm: mach-k3: j7200: Add support for SOC detection
The J7200 SoC is a part of the K3 Multicore SoC architecture platform.
It is targeted for automotive gateway, vehicle compute systems,
Vehicle-to-Vehicle (V2V) and Vehicle-to-Everything (V2X) applications.
The SoC aims to meet the complex processing needs of modern embedded
products.
Some highlights of this SoC are:
* Dual Cortex-A72s in a single cluster, two clusters of lockstep
capable dual Cortex-R5F MCUs and a Centralized Device Management and
Security Controller (DMSC).
* Configurable L3 Cache and IO-coherent architecture with high data
throughput capable distributed DMA architecture under NAVSS.
* Integrated Ethernet switch supporting up to a total of 4 external ports
in addition to legacy Ethernet switch of up to 2 ports.
* Upto 1 PCIe-GEN3 controller, 1 USB3.0 Dual-role device subsystems,
20 MCANs, 3 McASP, eMMC and SD, OSPI/HyperBus memory controller, I3C and
I2C, eCAP/eQEP, eHRPWM among other peripherals.
* One hardware accelerator block containing AES/DES/SHA/MD5 called SA2UL
management.
See J7200 Technical Reference Manual (SPRUIU1, June 2020)
for further details: https://www.ti.com/lit/pdf/spruiu1
Add support for detection J7200 SoC
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com> Signed-off-by: Suman Anna <s-anna@ti.com>
Lokesh Vutla [Wed, 5 Aug 2020 17:14:19 +0000 (22:44 +0530)]
arm: mach-k3: j721e: Add detection for j721e
Add an api soc_is_j721e(), and use it to enable certain functionality
that is available only on j721e. This detection is needed when DT is not
available.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com> Signed-off-by: Suman Anna <s-anna@ti.com>
Lokesh Vutla [Wed, 5 Aug 2020 17:14:18 +0000 (22:44 +0530)]
arm: mach-k3: sysfw-loader: Add support for rom loading sysfw image
Starting J7200 SoC, ROM supports for loading sysfw directly from boot
image. In such cases, SPL need not load sysfw from boot media, but need
to receive boot notification message from sysfw. So separate out
remoteproc calls for system controller from sysfw loader and just
receive the boot notification if sysfw is already loaded.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com> Reviewed-by: Suman Anna <s-anna@ti.com>
arm: mach-k3: Fix platform hang when SPL_MULTI_DTB_FIT is not enabled
If SPL_MULTI_DTB_FIT is not enabled, then CONFIG_SPL_OF_LIST is not defined
And in turn tispl.bin ends up not embedding any DTB.
Fixing it by using CONFIG_DEFAULT_DEVICE_TREE if SPL_OF_LIST is empty.
Suman Anna [Wed, 5 Aug 2020 17:14:15 +0000 (22:44 +0530)]
board: ti: j721e: Update fdt fixup logic for interconnect nodes
The DT nodes on J721E SoCs currently use a node name "interconnect" for
the various interconnects. This name is not following the DT schema, and
should simply be "bus". Update the fdt fixup logic to use both the current
and the expected corrected path names so that this logic won't be broken
with newer kernels.
Lokesh Vutla [Wed, 5 Aug 2020 17:14:13 +0000 (22:44 +0530)]
board: ti: board_detect: Add stub functions for EEPROM detection apis
Current usage of eeprom apis produce a build failure when
CONFIG_TI_I2C_BOARD_DETECT is not defined. Add stub function for these
apis to avoid build failures.
Reviewed-by: Suman Anna <s-anna@ti.com> Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Faiz Abbas [Mon, 3 Aug 2020 06:05:09 +0000 (11:35 +0530)]
arm: mach-k3: am6_init: Do USB fixups to facilitate host and device boot modes
U-boot only supports either USB host or device mode for a node at a
time in dts. To support both host and dfu bootmodes, set "peripheral"
as the default dr_mode but fixup property to "host" if host bootmode
is detected.
This needs to happen before the dwc3 generic layer binds the usb device
to a host or device driver. Therefore, add an fdtdec_setup_board()
implementation to fixup the dt based on the boot mode.
Also use the same fixup function to set the USB-PCIe Serdes mux to PCIe
in both the host and device cases. This is required for accessing the
interface at USB 2.0 speeds.
Faiz Abbas [Mon, 3 Aug 2020 06:05:06 +0000 (11:35 +0530)]
armv7R: K3: am654: Use full malloc in SPL both pre and post reloc
In order to be able to use things like file system drivers early on in
SPL (before relocation) in a memory-constrained environment when DDR is
not yet available we cannot use the simple malloc scheme which does not
implement the freeing of previously allocated memory blocks. To address
this issue go ahead and enable the use of the full malloc by manually
initializing the required functionality inside board_init_f by creating
a full malloc pool inside the pre-relocation malloc pool.
Suman Anna [Wed, 29 Jul 2020 18:41:12 +0000 (13:41 -0500)]
board: ti: am65x: Update fdt fixup logic for interconnect nodes
The DT nodes on AM65x SoCs currently use a node name "interconnect" for
the various interconnects. This name is not following the DT schema, and
should simply be "bus". Update the fdt fixup logic to use both the
current and the expected corrected path names so that this logic won't
be broken with newer kernels.
The logic also corrects the crypto node name as the DT node
unit-addresses are all expected to be lower case.
Faiz Abbas [Wed, 29 Jul 2020 01:33:41 +0000 (07:03 +0530)]
mmc: am654_sdhci: Use MMC_MODES_END value instead of hardcoded value
The hardcoded array size leads to array overflows with changes in
speed modes enum in mmc core. Use MMC_MODES_END for otap_del_sel
array declaration to fix this.
Signed-off-by: Faiz Abbas <faiz_abbas@ti.com> Reviewed-by: Peng Fan <peng.fan@nxp.com>
Suman Anna [Fri, 24 Jul 2020 22:51:40 +0000 (17:51 -0500)]
arm: dts: k3-j721e: Fix interconnect node names
The various CBASS interconnect nodes on K3 J721E SoCs are defined
using the node name "interconnect". This is not a valid node name
as per the dt-schema. Fix these node names to use the standard name
used for SoC interconnects, "bus".
Suman Anna [Fri, 24 Jul 2020 22:51:39 +0000 (17:51 -0500)]
arm: dts: k3-am65: Fix interconnect node names
The various CBASS interconnect nodes on K3 AM65x SoCs are defined
using the node name "interconnect". This is not a valid node name
as per the dt-schema. Fix these node names to use the standard name
used for SoC interconnects, "bus".
Andrew F. Davis [Wed, 15 Jul 2020 21:02:36 +0000 (17:02 -0400)]
arm: mach-k3: Clean non-coherent lines out of L3 cache
When switching on or off the ARM caches some care must be taken to ensure
existing cache line allocations are not left in an inconsistent state.
An example of this is when cache lines are considered non-shared by
and L3 controller even though the lines are shared. To prevent these
and other issues all cache lines should be cleared before enabling
or disabling a coherent master's cache. ARM cores and many L3 controllers
provide a way to efficiently clean out all cache lines to allow for
this, unfortunately there is no such easy way to do this on current K3
MSMC based systems.
We could explicitly clean out every valid external address tracked by
MSMC (all of DRAM), or we could attempt to identify only the set of
addresses accessed by a given boot stage and flush only those
specifically. This patch attempts the latter. We start with cleaning the
SPL load address. More addresses can be added here later as they are
identified.
Note that we perform a flush operation for both the flush and invalidate
operations, this is not a typo. We do this to avoid the situation that
some ARM cores will promote an invalidate to a clean+invalidate, but only
emit the invalidation operation externally, leading to a loss of data.
Signed-off-by: Andrew F. Davis <afd@ti.com> Tested-by: Faiz Abbas <faiz_abbas@ti.com>
Jan Kiszka [Tue, 23 Jun 2020 11:15:10 +0000 (13:15 +0200)]
arm: dts: k3: Add RTI watchdogs
Add DT entries for main domain watchdog0 and 1 instances on the J721e
well as RTI1-based watchdog on the AM65x. RTI0 does not work for this
purpose on the AM65x, so leave it out.
On AM65x, we mark the power-domain as shared because RTI firmware such
as https://github.com/siemens/k3-rti-wdt may request it as well in order
to prevent accidental shutdown of the watchdog.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Tue, 23 Jun 2020 11:15:08 +0000 (13:15 +0200)]
watchdog: Add support for K3 RTI watchdog
This is based on the Linux kernel driver for the RTI watchdog.
To actually reset the system on an AM65x, it requires firmware running
on the R5 that accepts the NMI and issues the actual system reset via
TISCI. Kind of an iTCO, except that this watchdog hardware has support
for no-way-out, and only for that.
On the J721E, reset works without extra firmware help when routing the
RTI interrupt via the ESM.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Up to now we used the value of the bootargs environment variable as load
options in the boot manager. This is not correct. The data has to be taken
from the Boot#### variable.
Let the boot manager copy the optional data of the EFI_LOAD_OPTION as load
options to the loaded image protocol.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The bootefi bootmgr command has to set the load options for a loaded image
from the value of BootXXXX variable. If the boot manager is not used, the
value is set from the environment variable bootargs (or efi_selftest).
Factor out a common function efi_set_load_options().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Some amount of code was moved/derived from efi_variable.c regarding
UEFI secure boot, in particluar in the commit 012c56ac76e1 ("efi_loader:
restructure code for TEE variables").
So add the orignal author's copyright notice.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tom Rini [Fri, 24 Jul 2020 21:14:47 +0000 (17:14 -0400)]
Convert CONFIG_SYS_MMC_ENV_DEV et al to Kconfig
This converts the following to Kconfig:
CONFIG_SYS_MMC_ENV_DEV
CONFIG_SYS_MMC_ENV_PART
Note that with this conversion we now have consistent behavior with
respect to ensuring that we have always selected the correct MMC
device and hardware partition.