Mark Kettenis [Tue, 8 Feb 2022 21:00:09 +0000 (22:00 +0100)]
arm: apple: Add M1 Pro/Max support
Choose the memory map based on the compatible property from the
device tree passed to us by m1n1. Since DRAM on the M1 Pro/Max
starts at a different address avoid hardcoding the top of usable
memory. Also make sure that the addresses entered into the memory
map are page aligned such that we don't crash in dcache_enable().
Signed-off-by: Mark Kettenis <kettenis@openbsd.org>
Tested on: Macbook M1 Max Tested-by: Janne Grunau <j@jannau.net>
Heiko Thiery [Wed, 16 Feb 2022 14:58:10 +0000 (15:58 +0100)]
kontron-pitx-imx8m: fix board_mmc_getcd()
The function wrongly will return the card detection status of the SD card
(USDHC2) for the eMMC (USDHC1). Thus booting from eMMC without an inserted
SD card will fail.
Currently the space between kernel_addr_r and the fdt_addr_r is only 32MB.
To have enought space to load kernel images bigger than 32MB change the
variables to a feasible value.
The new environment variables layout is based on the scheme from
"include/configs/ti_armv7_common.h".
The CONFIG_SYS_LOAD_ADDR value is set to 0x42000000. With that we have
the same value as for the kernel_addr_r.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com> Reviewed-by: Michael Walle <michael@walle.cc>
Use the complete 512kb (4 blocks) nand partition reserved for u-boot
environment instead of just the first block, this allows the module to
have a working environment even if 3 blocks are bad.
Signed-off-by: Francesco Dolcini <francesco.dolcini@toradex.com> Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Tim Harvey [Fri, 11 Feb 2022 18:48:56 +0000 (10:48 -0800)]
board: gateworks: venice: add imx8mn-gw7902 support
The GW7902 is based on the i.MX 8M Mini / Nano SoC featuring:
- LPDDR4 DRAM
- eMMC FLASH
- Gateworks System Controller
- LTE CAT M1 modem
- USB 2.0 HUB
- M.2 Socket with USB2.0, PCIe, and dual-SIM
- IMX8M FEC
- PCIe based GbE
- RS232/RS485/RS422 serial transceiver
- GPS
- CAN bus
- WiFi / Bluetooth
- MIPI header (DSI/CSI/GPIO/PWM/I2S)
- PMIC
To add support for the i.MX8M Nano GW7902:
- Add imx8mn-venice dts/defconfig/include
- Add imx8mn-gw7902 dts
- Add imx8mn-2gb lpddr4 dram configs
- Add misc support for IMX8M Nano SoC
- rename imx8mm-venice.c to venice.c as it is no longer imx8mm specific
- update README with differences for IMX8MN vs IMX8MM
Signed-off-by: Tim Harvey <tharvey@gateworks.com> Reviewed-by: Fabio Estevam <festevam@gmail.com>
With binman generating flash.bin, it's not longer necessary to
specify either the location of ATF nor is it necessary to
specify building flash.bin, so let's update the build instructions
to remove those. While in here, update the revision of ATF and
DDR firmware so both Mini and Nano reference the same revision.
Signed-off-by: Adam Ford <aford173@gmail.com> Reviewed-by: Fabio Estevam <festevam@gmail.com>
Adam Ford [Wed, 12 Jan 2022 13:53:56 +0000 (07:53 -0600)]
mmc: fsl_esdhc_imx: Use esdhc_soc_data flags to set host caps
The Linux driver automatically can detect and enable UHS, HS200, HS400
and HS400_ES automatically without extra flags being placed into the
device tree.
Right now, for U-Boot to use UHS, HS200 or HS400, the extra flags are
needed in the device tree. Instead, go through the esdhc_soc_data
flags and enable the host caps where applicable to automatically
enable higher speeds.
Suggested-by: Fabio Estevam <festevam@gmail.com> Signed-off-by: Adam Ford <aford173@gmail.com>
- a37xx: pci: Cleanup and minor fix for root port check (Pali)
- pci: mvebu: Ensure that root port is always on root zero bus (Pali)
- kwbimage: Fix dumping DATA registers for v0 images (Pali)
- kwbimage: Support for parsing extended v0 format (Pali)
- a37xx: Fix code and update DTS files to upstream version (Pali)
- a37xx: Fix and extend building memory map (Pali)
- ddr: marvell: a38x: fix BYTE_HOMOGENEOUS_SPLIT_OUT decision (Marek)
- mvebu: Optionally reset board on DDR training failure (Marek)
Marek Behún [Thu, 17 Feb 2022 12:54:43 +0000 (13:54 +0100)]
arm: mvebu: turris_omnia: Reset the board immediately on DDR training failure
The state of the current DDR training code for Armada 38x is such that
we cannot be sure it will always train successfully - although after the
last change we were yet unable to find a board that failed DDR training,
from experience in the last 2 years we know that it is possible.
The experience also tells us that in many cases the board fails training
only sometimes, and after a reset the training is successful.
Enable the new option that makes the board reset itself on DDR training
failure immediately. Until now we called hang() in such a case, which
meant that the board was reset by the MCU after 120 seconds.
Signed-off-by: Marek Behún <marek.behun@nic.cz> Reviewed-by: Stefan Roese <sr@denx.de> Reviewed-by: Pali Rohár <pali@kernel.org>
Marek Behún [Thu, 17 Feb 2022 12:54:42 +0000 (13:54 +0100)]
arm: mvebu: spl: Add option to reset the board on DDR training failure
Some boards may occacionally fail DDR training. Currently we hang() in
this case. Add an option that makes the board do an immediate reset in
such a case, so that a new training is tried as soon as possible,
instead of hanging and possibly waiting for watchdog to reset the board.
(If the DDR training fails while booting the image via UART, we will
still hang - it doesn't make sense to reset in such a case, because
after reset the board will try booting from another medium, and the
UART booting utility does not expect that.)
Signed-off-by: Marek Behún <marek.behun@nic.cz> Reviewed-by: Pali Rohár <pali@kernel.org> Reviewed-by: Stefan Roese <sr@denx.de>
Pali Rohár [Thu, 17 Feb 2022 09:43:34 +0000 (10:43 +0100)]
tools: kwbimage: Define structures for extended kwbimage v0 headers
They are used by Marvell Dove 88AP510 BootROM.
After the main header is a list of optional extended headers and after that
is a list of optional binary executable headers. Between each two extended
headers is additional 0x20 byte long padding.
Original Kirkwood SoCs support only one extended header and no binary
executable header.
Extension of struct ext_hdr_v0 is backward compatible with the old
definition. Only reserved[] fields are changed.
Signed-off-by: Pali Rohár <pali@kernel.org> Tested-by: Tony Dinh <mibodhi@gmail.com> Reviewed-by: Stefan Roese <sr@denx.de>
In commit 3fc92a215b69 ("ddr: marvell: a38x: fix SPLIT_OUT_MIX state
decision") I ported a cleaned up and changed version of patch
mv_ddr: a380: fix SPLIT_OUT_MIX state decision
In the port we removed checking for BYTE_HOMOGENEOUS_SPLIT_OUT bit,
because:
- the fix seemed to work without it
- the bit was checked for only at one place out of two, while the second
bit, BYTE_SPLIT_OUT_MIX, was checked for in both cases
- without the removal it didn't work on Allied Telesis' x530 board
We recently had a chance to test on more boards, and it seems that the
change needs to be opposite: instead of removing the check for
BYTE_HOMOGENEOUS_SPLIT_OUT from the first if() statement, the check
needs to be added also to the second one - it needs to be at both
places.
With this change all the Turris Omnia boards I have had available to
test seem to work, I didn't encounter not even one failed DDR training.
As last time, I am noting that I do not understand what this code is
actually doing, I haven't studied the DDR training algorithm and
I suspect that no one will be able to explain it to U-Boot contributors,
so we are left with this blind poking in the code with testing whether
it works on several boards and hoping it doesn't break anything for
anyone :-(.
Signed-off-by: Marek Behún <marek.behun@nic.cz> Tested-by: Chris Packham <judge.packham@gmail.com> Reviewed-by: Stefan Roese <sr@denx.de>
Pali Rohár [Wed, 16 Feb 2022 10:18:44 +0000 (11:18 +0100)]
arm: mvebu: a37xx: Map CCI-400 and AP BootROM address space
In function build_mem_map() prepare also mapping for CCI-400 and
BootROM windows.
BootROM window is 1 MB long and by default starts at address 0xfff00000.
A53 AP BootROM is 16 kB long and repeats in this BootROM window 64 times.
RVBAR_EL3 register is set to value 0xffff0000, so by default A53 AP BootROM
is accessed via range 0xffff0000-0xffff3fff.
CCI-400 window when new TF-A version is used, starts at address 0xfe000000
and when old TF-A version is used, starts at address 0xd8000000.
Physical addresses are read directly from mvebu registers, so if TF-A
remaps it in future (again) then it would not cause any issue for U-Boot.
Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Stefan Roese <sr@denx.de>
Pali Rohár [Wed, 16 Feb 2022 10:18:43 +0000 (11:18 +0100)]
arm: mvebu: a37xx: Fix calling build_mem_map()
Function build_mem_map() modifies global variable mem_map. This variable is
used by the get_page_table_size() function which is called by function
arm_reserve_mmu() (as aliased macro PGTABLE_SIZE). Function
arm_reserve_mmu() is called earlier than enable_caches() which calls
build_mem_map(). So arm_reserve_mmu() does not calculate reserved memory
correctly.
Fix this issue by calling build_mem_map() from a3700_dram_init() which is
called before arm_reserve_mmu().
Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Stefan Roese <sr@denx.de> Reviewed-by: Marek Behún <marek.behun@nic.cz>
Pali Rohár [Tue, 15 Feb 2022 10:23:35 +0000 (11:23 +0100)]
arm: a37xx: pci: Do not try to access other buses when link is down
If a PIO request is executed while link-down, the whole controller gets
stuck in a non-functional state, and even after link comes up again, PIO
requests won't work anymore, and a reset of the whole PCIe controller is
needed. Therefore we need to prevent sending PIO requests while the link
is down.
Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Stefan Roese <sr@denx.de>
Armada 3720 DTS files in upstream kernel use ethernet nodes named
'ethernet@30000' and 'ethernet@40000'. U-Boot have them named 'neta@30000'
and 'neta@40000'. To have Turris Mox U-Boot board code independent of
ethernet node names, find ethernet node via alias.
Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Stefan Roese <sr@denx.de>
Pali Rohár [Mon, 14 Feb 2022 10:34:25 +0000 (11:34 +0100)]
watchdog: armada_37xx: Convert to official DT bindings
Official DT bindings have only one reg property: watchdog address space.
Convert armada-37xx-wdt.c driver to offical DT bindings and access sel_reg
register via MVEBU_REGISTER() macro, as its value (required by U-Boot
driver) is not in DT yet. In later stage can be driver cleaned to not use
it.
This change would allow U-Boot to use A3720 watchdog DTS structure from
Linux kernel.
Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Stefan Roese <sr@denx.de>
Pali Rohár [Mon, 14 Feb 2022 10:34:23 +0000 (11:34 +0100)]
phy: marvell: a3700: Update compatible string to official DT bindings
In commit d368e1070514 ("phy: marvell: a3700: Convert to official DT
bindings in COMPHY driver") was done update to official DT bindings but
compatible string of official DT bindings was not updated.
Fix it now.
Fixes: d368e1070514 ("phy: marvell: a3700: Convert to official DT bindings in COMPHY driver") Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Stefan Roese <sr@denx.de>
Pali Rohár [Thu, 10 Feb 2022 13:53:45 +0000 (14:53 +0100)]
arm: a37xx: pci: Ensure that root port is always on root zero bus
Writing to the PCI_PRIMARY_BUS register of the root port should not change
bus number on which is root port present.
This PCI_PRIMARY_BUS register is used only for correct configuration of
legacy PCI stuff, like forwarding of PCI special cycles between buses.
Aardvark HW does not support PCI special cycles, so it does not have HW
register for PCI_PRIMARY_BUS and therefore it does not matter what is
stored in this register.
So fix this issue and do not use PCI_PRIMARY_BUS register in pci-aardvark.c
driver for moving root bus of the root port.
After this change there is no reason for storing bus number (zero) into
first_busno variable, so remove this variable.
Signed-off-by: Pali Rohár <pali@kernel.org> Fixes: cb056005dc67 ("arm: a37xx: pci: Add support for accessing PCI Bridge on root bus") Reviewed-by: Stefan Roese <sr@denx.de>
Pali Rohár [Thu, 10 Feb 2022 13:53:43 +0000 (14:53 +0100)]
arm: a37xx: pci: Cleanup macro names
Remove "PCI_" prefix from all macros which are aardvark specific to not
conflict with macros defined in global include file pci.h. Instead add
"ADVK_" prefix for them so it is visible that they are aardvark specific.
After "ADVK_" prefix append keyword which describes register group, so it
would be clear to which register each macro value belongs.
Rename some macros for consistency with other macros.
Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Stefan Roese <sr@denx.de>
Pali Rohár [Thu, 10 Feb 2022 13:53:42 +0000 (14:53 +0100)]
arm: a37xx: pci: Use standard register macros from pci.h
PCI config space of the aardvark PCIe Root Port is available only in
internal aardvark memory space starting at offset 0x0. PCI Express
registers (PCI_EXP_*) start at offset 0xc0. And Advanced Error Reporting
registers (PCI_ERR_*) start at offset 0x100.
Replace custom aardvark register macros by standard PCI macros from
include/pci.h file with fixed offset.
Some DEVCTL and AER macros are not defined in include/pci.h file, so define
them in the same way as in linux uapi header file pci_regs.h.
Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Stefan Roese <sr@denx.de>
Sinthu Raja [Tue, 2 Nov 2021 14:29:44 +0000 (19:59 +0530)]
arm: dts: k3-j721e-sk: EMIF tool update to 0.6.1 with 4266MTs for lpddr4
EMIF tool for J721E SK is now updated to 0.6.1 that includes
* Updated write DQ training pattern to enable user pattern and clock
pattern (from 0x7 to 0x6).
* Updated IO drive strength to 40-80-80 Ohms.
J721E SK uses the lpddr4 configuration of 4266 MTs data rate which is
the same as J721E EVM but facing random failures. As the tool update is
specific to the SK board, add a new lpddr4 config of 4266 MTs.
Signed-off-by: Kevin Scholz <k-scholz@ti.com> Signed-off-by: Sinthu Raja <sinthu.raja@ti.com>
Sinthu Raja [Wed, 9 Feb 2022 09:37:01 +0000 (15:07 +0530)]
include: configs: Update env for selecting right dtb
Now that single defconfig can be used for booting J721E EVM and
SK, default device tree will not work for selecting dtb for
kernel. Update the findfdt env to select right dtb based on
board_name env variable.
Sinthu Raja [Wed, 9 Feb 2022 09:36:59 +0000 (15:06 +0530)]
configs: j721e_evm_a72: Align OSPI partitions on erase block boundary
S28HS512T on TI SK has sector size of 256KB, so update OSPI partition
to align on 256KB sector size. Since the sector size for MT35XU512ABA
on EVM is 128KB, partitions will remain aligned for EVM.
Also, now since the sector size is 256KB ospi.env.backup will collide
with ospi.sysfw, so move ospi.env.backup to the padding space (0x7C0000)
before ospi.rootfs partition.
Sinthu Raja [Wed, 9 Feb 2022 09:36:57 +0000 (15:06 +0530)]
configs: j721e_evm_r5: Enable support for building multiple dtbs into FIT
Enable configs for building multiple dtbs into a single fit image
and load the right dtb for next stage. This will help to use same
defconfig for both J721E EVM and SK boards.
Sinthu Raja [Wed, 9 Feb 2022 09:36:55 +0000 (15:06 +0530)]
arm: dts: k3-j721e-sk: Add initial A72 specific dts support
J721E Starter Kit (SK)[1] is a low cost, small form factor board designed
for TI’s J721E SoC. TI’s J721E SoC comprises of dual core A72, high
performance vision accelerators, video codec accelerators, latest C71x
and C66x DSP, high bandwidth real-time IPs for capture and display, GPU,
dedicated safety island and security accelerators. The SoC is power
optimized to provide best in class performance for industrial and
automotive applications.
J721E SK supports the following interfaces:
* 4 GB LPDDR4 RAM
* x1 Gigabit Ethernet interface
* x1 USB 3.0 Type-C port
* x3 USB 3.0 Type-A ports
* x1 PCIe M.2 E Key
* x1 PCIe M.2 M Key
* 512 Mbit OSPI flash
* x2 CSI2 Camera interface (RPi and TI Camera connector)
* 40-pin Raspberry Pi GPIO header
Sinthu Raja [Wed, 9 Feb 2022 09:36:53 +0000 (15:06 +0530)]
arm: j721e: Add support for selecting DT based on board name
Enable support for selecting DTB from FIT within SPL based on the
board name read from EEPROM. This will help to use single defconfig
for both EVM and SK.
Sinthu Raja [Wed, 9 Feb 2022 09:36:49 +0000 (15:06 +0530)]
board: ti: j721e: Enable support for reading EEPROM at next alternate address
J721E EVM has EEPROM populated at 0x50. J721E SK has EEPROM populated
at next address 0x51 in order to be compatible with RPi. So start
looking for TI specific EEPROM at 0x50, if not found look for EEPROM at
0x51.
Sinthu Raja [Wed, 9 Feb 2022 09:36:48 +0000 (15:06 +0530)]
board: ti: j721e: Guard functions with right #ifdef to avoid build warnings
board_late_init(), setup_board_eeprom_env() and setup_serial() is
called only under CONFIG_BOARD_LATE_INIT, so guard these functions
with the same. Also, reorder these functions to place it under
single #ifdef
Sinthu Raja [Wed, 9 Feb 2022 09:36:47 +0000 (15:06 +0530)]
drivers: power: regulator: tps65941_regulator: Add support for 3Phase buck
Buck regulator 1, 2 and 3 of TPS6594132 on j721e-sk is in 3 Phase
confguration, in-order to support this, add configuring 3 Phase buck
in tps65941 while driver probing.
Signed-off-by: Sinthu Raja <sinthu.raja@ti.com> Acked-by: Jaehoon Chung <jh80.chung@samsung.com>
Stefan Agner [Mon, 27 Sep 2021 12:42:58 +0000 (14:42 +0200)]
usb: xhci: reset endpoint on USB stall
There are devices which cause a USB stall when trying to read strings.
Specifically Arduino Mega R3 stalls when trying to read the product
string.
The stall currently remains unhandled, and subsequent retries submit new
transfers on a stopped endpoint which ultimately cause a crash in
abort_td():
WARN halted endpoint, queueing URB anyway.
XHCI control transfer timed out, aborting...
Unexpected XHCI event TRB, skipping... (3affe040000000001300000002008401)
BUG at drivers/usb/host/xhci-ring.c:505/abort_td()!
BUG!
resetting ...
Linux seems to be able to recover from the stall by issuing a
TRB_RESET_EP command.
Introduce reset_ep() which issues a TRB_RESET_EP followed by setting the
transfer ring dequeue pointer via TRB_SET_DEQ. This allows to properly
recover from a USB stall error and continue communicating with the USB
device.
Angus Ainslie [Wed, 2 Feb 2022 23:08:54 +0000 (15:08 -0800)]
usb: dwc3: dwc3-generic: check the parent nodes
The kernel devicetree has definitions for port and hub nodes as subnodes
to the USB devices. These subnodes don't contain all of the data required
to properly configure the dwc3. Check the parent nodes if the data is not
in the port/hub node.
Here's an example from the librem5 kernel dts file
Felix Brack [Tue, 8 Feb 2022 10:38:39 +0000 (11:38 +0100)]
arm: pdu001: Fix dt to work with the current am33xx dtsi files
The changes introduced with commit 6337d53fdf45 ("arm: dts: sync am33xx
with Linux 5.9-rc7") prevent the PDU001 from operating correctly.
This patch fixes the configuration of the pin multiplexer and uart3.
Nikita Maslov [Thu, 13 Jan 2022 21:13:39 +0000 (00:13 +0300)]
scripts: setlocalversion: remove quotes around localversion from config
After replacing of include/config/auto.conf sourcing with
extraction of CONFIG_LOCALVERSION, resulting version string
contains quotes around localversion part which are always
present in auto.conf (even if localversion is empty).
This patch fixes this script to remove quotes.
Signed-off-by: Nikita Maslov <wkernelteam@gmail.com> Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com> Cc: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Detlev Casanova [Mon, 7 Feb 2022 16:02:30 +0000 (11:02 -0500)]
pstore: Support already existing reserved-memory node
The pstore command tries to create a reserved-memory node but fails if
it is already present with:
Add 'reserved-memory' node failed: FDT_ERR_EXISTS
This patch creates the node only if it does not exist and adapts the reg
values sizes depending on already present #address-cells and #size-cells
values.
Tom Rini [Fri, 11 Feb 2022 20:07:49 +0000 (15:07 -0500)]
Merge tag 'efi-2022-04-rc2-4' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request for efi-2022-04-rc2-4
Documentation:
* mkeficapsule man-page
UEFI changes:
* add support for signing images to mkeficapsule
* add support for user define capsule GUID
* adjust unit tests for capsules
* fix UEFI image signature validation in case of multiple signatures
Ilias Apalodimas [Fri, 11 Feb 2022 07:37:50 +0000 (09:37 +0200)]
test/py: efi_secboot: adjust secure boot tests to code changes
The previous patch is changing U-Boot's behavior wrt certificate based
binary authentication. Specifically an image who's digest of a
certificate is found in dbx is now rejected. Fix the test accordingly
and add another one testing signatures in reverse order
Ilias Apalodimas [Fri, 11 Feb 2022 07:37:49 +0000 (09:37 +0200)]
efi_loader: fix dual signed image certification
The EFI spec allows for images to carry multiple signatures. Currently
we don't adhere to the verification process for such images.
The spec says:
"Multiple signatures are allowed to exist in the binary's certificate
table (as per PE/COFF Section "Attribute Certificate Table"). Only one
hash or signature is required to be present in db in order to pass
validation, so long as neither the SHA-256 hash of the binary nor any
present signature is reflected in dbx."
With our current implementation signing the image with two certificates
and inserting both of them in db and one of them dbx doesn't always reject
the image. The rejection depends on the order that the image was signed
and the order the certificates are read (and checked) in db.
While at it move the sha256 hash verification outside the signature
checking loop, since it only needs to run once per image and get simplify
the logic for authenticating an unsigned imahe using sha256 hashes.
AKASHI Takahiro [Wed, 9 Feb 2022 10:10:42 +0000 (19:10 +0900)]
test/py: efi_capsule: check the results in case of CAPSULE_AUTHENTICATE
Before the capsule authentication is supported, this test script works
correctly, but with the feature enabled, most tests will fail due to
unsigned capsules.
So check the results depending on CAPSULE_AUTHENTICATE or not.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
AKASHI Takahiro [Wed, 9 Feb 2022 10:10:39 +0000 (19:10 +0900)]
tools: mkeficapsule: allow for specifying GUID explicitly
The existing options, "--fit" and "--raw," are only used to put a proper
GUID in a capsule header, where GUID identifies a particular FMP (Firmware
Management Protocol) driver which then would handle the firmware binary in
a capsule. In fact, mkeficapsule does the exact same job in creating
a capsule file whatever the firmware binary type is.
To prepare for the future extension, the command syntax will be a bit
modified to allow users to specify arbitrary GUID for their own FMP driver.
OLD:
[--fit <image> | --raw <image>] <capsule file>
NEW:
[--fit | --raw | --guid <guid-string>] <image> <capsule file>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
AKASHI Takahiro [Wed, 9 Feb 2022 10:10:38 +0000 (19:10 +0900)]
test/py: efi_capsule: add image authentication test
Add a couple of test cases against capsule image authentication
for capsule-on-disk, where only a signed capsule file with the verified
signature will be applied to the system.
Due to the difficulty of embedding a public key (esl file) in U-Boot
binary during pytest setup time, all the keys/certificates are pre-created.
AKASHI Takahiro [Wed, 9 Feb 2022 10:10:35 +0000 (19:10 +0900)]
tools: mkeficapsule: add firmware image signing
With this enhancement, mkeficapsule will be able to sign a capsule
file when it is created. A signature added will be used later
in the verification at FMP's SetImage() call.
To do that, we need specify additional command parameters:
-monotonic-cout <count> : monotonic count
-private-key <private key file> : private key file
-certificate <certificate file> : certificate file
Only when all of those parameters are given, a signature will be added
to a capsule file.
Users are expected to maintain and increment the monotonic count at
every time of the update for each firmware image.
AKASHI Takahiro [Wed, 9 Feb 2022 08:24:23 +0000 (17:24 +0900)]
CI: enforce packages upgrade for Msys2 on Windows
We need to install libgnutls-devel package to build the host tool,
mkeficapsule, and as of now, there seems to be a depencency conflict
in the current msys2 installer;
To resolve this conflict, however, the initial "pacman -Syyuu" in
'tools_only_windows' job is not enough. Another "pacman -Su" will
enforce all the out-of-date packages being upgraded.
(Probably the first "-Syyuu" can be changed to "-Syu".)
See the installation steps in
https://www.msys2.org/
A partial list:
- fw_env updates, a new testcase for mkimage -o ..., nop-phy reset-gpios
support, DFU updates, kaslr-seed support in extlinux.conf, modern
"partitions" support in mtd device tree