lib: rsa: check algo match in rsa_verify_with_keynode
The algo name should match between the FIT's signature node and the
U-Boot's control FDT.
If we do not check it, U-Boot's control FDT can expect sha512 hash but
nothing will prevent to accept image with sha1 hash if the signature is correct.
Philippe Reynes [Thu, 17 Sep 2020 13:01:46 +0000 (15:01 +0200)]
fit: cipher: aes: allow to store the IV in the FIT image
Binaries may be encrypted in a FIT image with AES. This
algo needs a key and an IV (Initialization Vector). The
IV is provided in a file (pointer by iv-name-hint in the
ITS file) when building the ITB file.
This commits adds provide an alternative way to manage
the IV. If the property iv-name-hint is not provided in
the ITS file, the tool mkimage will generate an random
IV and store it in the FIT image.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
This patch adds vboot tests to verify the support for multiple
required keys using new required-mode DTB policy.
This patch also fixes existing test where dev
key is assumed to be marked as not required, although
it is marked as required.
Note that this patch re-added sign_fit_norequire().
sign_fit_norequire() was removed as part of the following:
commit b008677daf2a ("test: vboot: Fix pylint errors").
This patch leverages sign_fit_norequire() to fix the
existing bug.
Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com> Reviewed-by: Simon Glass <sjg@chromium.org>
vboot: add DTB policy for supporting multiple required conf keys
Currently FIT image must be signed by all required conf keys. This means
Verified Boot fails if there is a signature verification failure
using any required key in U-Boot DTB.
This patch introduces a new policy in DTB that can be set to any required
conf key. This means if verified boot passes with one of the required
keys, U-Boot will continue the OS hand off.
There were prior attempts to address this:
https://lists.denx.de/pipermail/u-boot/2019-April/366047.html
The above patch was failing "make tests".
https://lists.denx.de/pipermail/u-boot/2020-January/396629.html
Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Tom Rini [Mon, 12 Oct 2020 11:26:57 +0000 (07:26 -0400)]
Merge tag 'ti-v2021.01-rc1' of https://gitlab.denx.de/u-boot/custodians/u-boot-ti
- Minor cleanup on K3 env variables
- Fix OSPI compatible for J721e
- Drop unused property in omap-usb2-phy
- Update Maintainer for am335x-guardian board.
phy: omap-usb2-phy: Drop usage of "ti, dis-chg-det-quirk" DT property
"ti,dis-chg-det-quirk" property is not part of Linux kernel DT binding
documentation. Therefore drop this and instead use soc_device_match()
to distinguish b/w AM654 SR1.0 and SR2.0 devices similar to Linux kernel
driver.
Nishanth Menon [Thu, 8 Oct 2020 02:48:01 +0000 (21:48 -0500)]
configs: am65x_evm: Use DEFAULT_LINUX_BOOT_ENV and remove overlayaddr
Use DEFAULT_LINUX_BOOT_ENV to define the standard addresses used in rest
of TI platforms as defined in ti_armv7_common.h
This avoids the standard pitfalls we've had with kernel images and fdt
addresses stomping on each other.
As part of this process, redefine overlayaddr to be dtboaddr (defined
in ti_armv7_common.h for this very purpose) and get rid of the
definition of overlayaddr..
Nishanth Menon [Thu, 8 Oct 2020 02:47:58 +0000 (21:47 -0500)]
configs: j721e_evm: Use DEFAULT_LINUX_BOOT_ENV
Use DEFAULT_LINUX_BOOT_ENV to define the standard addresses used in rest
of TI platforms as defined in ti_armv7_common.h
This avoids the standard pitfalls we've had with kernel images and fdt
addresses stomping on each other.
As part of this process, redefine overlayaddr to be dtboaddr (defined
in ti_armv7_common.h for this very purpose).. we will get rid of
overlayaddr later in the series.
Sean Anderson [Sat, 12 Sep 2020 21:45:43 +0000 (17:45 -0400)]
net: Expose some errors generated in net_init
net_init does not always succeed, and there is no existing mechanism to
discover errors. This patch allows callers of net_init (such as net_init)
to handle errors. The root issue is that eth_get_dev can fail, but
net_init_loop doesn't expose that. The ideal way to fix eth_get_dev would
be to return an error with ERR_PTR, but there are a lot of callers, and all
of them just check if it's NULL. Another approach would be to change the
signature to something like
int eth_get_dev(struct udevice **pdev)
but that would require rewriting all of the many callers.
Signed-off-by: Sean Anderson <seanga2@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Simon Glass [Sat, 12 Sep 2020 18:28:50 +0000 (12:28 -0600)]
log: Disable the syslog driver by default
This driver interferes with other sandbox tests since it causes log output
to be interspersed with "No ethernet found." messages. Disable this driver
by default.
Enable it for the syslog tests so that they still pass.
Simon Glass [Sat, 12 Sep 2020 18:28:47 +0000 (12:28 -0600)]
log: Add a flag to enable log drivers
At present there is no way to disable a log driver. But the syslog driver
causes (attempted) network traffic in sandbox every time a log message
is printed, which is often.
Add a flag to enable a log driver. Adjust struct log_device to use a short
for next_filter_num so that no more memory is used for devices. Also fix
a missing line in the struct log_driver comment while here.
To maintain compatibility, enable it for all drivers for now.
Simon Glass [Sat, 12 Sep 2020 17:13:34 +0000 (11:13 -0600)]
log: Allow LOG_DEBUG to always enable log output
At present if CONFIG_LOG enabled, putting LOG_DEBUG at the top of a file
(before log.h inclusion) causes _log() to be executed for every log()
call, regardless of the build- or run-time logging level.
However there is no guarantee that the log record will actually be
displayed. If the current log level is lower than LOGL_DEBUG then it will
not be.
Add a way to signal that the log record should always be displayed and
update log_passes_filters() to handle this.
With the new behaviour, log_debug() will always log if LOG_DEBUG is
enabled.
Move log_test_syslog_nodebug() into its own file since it cannot be made
to work where it is, with LOG_DEBUG defined.
Simon Glass [Fri, 11 Sep 2020 02:21:27 +0000 (20:21 -0600)]
Kconfig: Create a new tools menu
At present MKIMAGE_DTC_PATH is in the devicetree menu but not within
'devicetree control' since it does not relate to that. As a result it
shows up in the top menu.
It actually relates to the mkimage tool, so create a new tools menu for it
and move it there.
Simon Glass [Fri, 11 Sep 2020 02:21:16 +0000 (20:21 -0600)]
Kconfig: Move autoboot options under boot options
At present the autoboot options are in cmd/Kconfig but they don't really
relate to commands. They relate to booting, so move this menu under the
boot menu.
Tom Rini [Fri, 9 Oct 2020 12:58:56 +0000 (08:58 -0400)]
Merge branch '2020-10-08-misc-board-improvements'
- Move ASPEED ram driver, update.
- Exhance pinctrl/gpio support, update Kendryte K210 support
- Enhance qemu_arm64 support for a single binary to work with and
without TF-A
Chee Hong Ang [Tue, 11 Aug 2020 13:52:30 +0000 (21:52 +0800)]
Makefile: socfpga: Generate sfp file with 4 SPL images
Generate 'u-boot-splx4.sfp' which consist of 4 SPL images required
for booting up Cyclone5/Arria10.
By default, this 'u-boot-splx4.sfp' is generated without extra
padding after each SPL image.
For Cyclone5, 'u-boot-splx4.sfp' contains:
4 x SPL(64KB) = 256KB
For Arria10, 'u-boot-splx4.sfp' contains:
4 x SPL(256KB) = 1024KB
For Cyclone5 using NAND flash image layout for 128 KB memory blocks,
user can 'make' the following target to generate 4 SPL images with
padding:
make u-boot-spl-padx4.sfp
'u-boot-spl-padx4.sfp' contains four 128KB SPL images (each 64KB SPL is
followed by 64KB of zero-padding).
4 x (SPL(64KB) + zero-padding(64KB)) = 512KB
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com> Signed-off-by: Ley Foon Tan <ley.foon.tan@intel.com>
Chee Hong Ang [Thu, 1 Oct 2020 09:15:59 +0000 (02:15 -0700)]
arm: socfpga: soc64: Remove CONFIG_OF_EMBED
CONFIG_OF_EMBED was primarily enabled to support the S10/Agilex
spl hex file requirements. Since this option now produces a
warning during build, and the spl hex can be created using
alternate methods, CONFIG_OF_EMBED is no longer needed.
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
arm: dts: socfpga: arria10: Move to use generic handoff dtsi
Move to use generic handoff dtsi (socfpga_arria10-handoff.dtsi) and include
the specify generated _handoff.h header file from qts-filter-a10.sh script.
Signed-off-by: Ley Foon Tan <ley.foon.tan@intel.com>
arm: socfpga: arria10: Add qts-filter for Arria10 socfpga
Add a script to process HPS handoff data and generate a header
for inclusion in u-boot specific devicetree addons. The header
should be included in the top level of u-boot.dtsi.
Signed-off-by: Dalon Westergreen <dalon.westergreen@intel.com> Signed-off-by: Ley Foon Tan <ley.foon.tan@intel.com>
Chin Liang See [Mon, 10 Aug 2020 02:55:56 +0000 (10:55 +0800)]
arm: socfpga: soc64: Document down boot_scratch_cold register usage
Document down the usage of boot_scratch_cold register to avoid
overlapping of usage in the code for S10 & Agilex.
The boot_scratch_cold register is generally used for passing
critical system info between SPL, U-Boot and Linux.
Signed-off-by: Chin Liang See <chin.liang.see@intel.com> Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com> Reviewed-by: Ley Foon Tan <ley.foon.tan@intel.com>
Chee Hong Ang [Fri, 7 Aug 2020 03:50:03 +0000 (11:50 +0800)]
fpga: altera: Rename Stratix10 FPGA to Intel FPGA SDM Mailbox
Rename Stratix10 FPGA driver to Intel FPGA SDM Mailbox driver
because it is using generic SDM (Secure Device Manager) Mailbox
interface shared by other platform (e.g. Agilex) as well.
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com> Reviewed-by: Ley Foon Tan <ley.foon.tan@intel.com>
Chee Hong Ang [Wed, 5 Aug 2020 13:15:56 +0000 (21:15 +0800)]
arm: socfpga: soc64: Add SDM triggered warm reset bit mask
Include SDM triggered warm reset bit (BIT1) in Reset Manager's stat
register when checking for HPS warm reset status.
Refactor the warm reset mask macro for clarity purpose.
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com> Reviewed-by: Ley Foon Tan <ley.foon.tan@intel.com>
Chin Liang See [Wed, 5 Aug 2020 10:34:33 +0000 (18:34 +0800)]
configs: socfpga: soc64: Avoid SPL enter infinite loop during exception
In current implementation, any exception would trigger a CPU reset.
But a bad written SPL would cause infinite loop where the system
will reload the same SPL instead of loading factory safe image.
Hence this patch is to ensure any exception will cause a hang. At this
moment, watchdog shall be triggered and Remote System Update mechanism
shall load the next production image or factory safe image.
Signed-off-by: Chin Liang See <chin.liang.see@intel.com> Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com> Reviewed-by: Ley Foon Tan <ley.foon.tan@intel.com>
Chee Hong Ang [Fri, 10 Jul 2020 12:55:22 +0000 (20:55 +0800)]
clk: agilex: Handle clock configuration differently in SPL and U-Boot proper
Since warm reset may optionally set the CLock Manager to'boot mode',
the clock driver should always force the Agilex's Clock Manager to
'boot mode' before the clock driver start configuring the Clock Manager
in SPL.
In SSBL, clock driver will skip the Clock Manager configuration
if it's already being setup by SPL (Clock Manager NOT in 'boot
mode') to prevent any inaccurate clocking issues happened on HPS
peripherals such as UART, MAC and etc.
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
Andre Przywara [Wed, 30 Sep 2020 16:39:18 +0000 (17:39 +0100)]
qemu-arm64: Enable POSITION_INDEPENDENT
Now that PIE works when U-Boot is started from ROM, let's enable
CONFIG_POSITION_INDEPENDENT, which allows to load U-Boot also via
ARM Trusted-Firmware's fip.bin to DRAM, without tweaking the
configuration.
To get a writable initial stack, we need to keep the fixed initial
stack pointer, which points to DRAM in our case.
Signed-off-by: Andre Przywara <andre.przywara@arm.com> Reviewed-by: Stephen Warren <swarren@nvidia.com>
Andre Przywara [Wed, 30 Sep 2020 16:39:17 +0000 (17:39 +0100)]
qemu-arm: Drop ARCH_SUPPORT_TFABOOT
CONFIG_ARCH_SUPPORT_TFABOOT was used on the qemu-arm64 platform to
guard a tweak to the flash bank configuration. U-Boot now reads the
current flash setup from the devicetree, so there is no need for
this option anymore.
Signed-off-by: Andre Przywara <andre.przywara@arm.com> Reviewed-by: Tom Rini <trini@konsulko.com>
Andre Przywara [Wed, 30 Sep 2020 16:39:16 +0000 (17:39 +0100)]
qemu-arm: Remove need to specify flash banks
Currently we hard-code the number and initial addresses of QEMU's flash
banks, even though our code is perfectly able to gather the same
information from the DTB provided by QEMU.
This is especially annoying, since we have two slightly different
U-Boot configurations ("bare-metal" vs. loaded via Arm Trusted
Firmware), which need to be selected at build time.
Drop the two hard coded alternatives, and use
CONFIG_SYS_MAX_FLASH_BANKS_DETECT instead, which relies on the DTB to
figure out the actual flash configuration at runtime.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Wed, 30 Sep 2020 16:39:15 +0000 (17:39 +0100)]
arm64: PIE: Allow fixed stack pointer
Currently selecting CONFIG_POSITION_INDEPENDENT also forces us to use an
initial stack pointer relative to the beginning of the BSS section.
This makes some sense, because this should be writable memory anyway.
However the BSS section is not cleared or used until later in the
setup process (after relocation), so memory nearby might not be
available early enough to host the initial stack. This is an issue if
U-Boot is loaded from (Flash-)ROM, for instance.
Allow CONFIG_INIT_SP_RELATIVE to be turned off by a board's config, to
be able to select a fixed stack pointer, for instance in known good
DRAM.
This will help QEMU utilising PIE, when it's loaded to (Flash-)ROM.
Signed-off-by: Andre Przywara <andre.przywara@arm.com> Reviewed-by: Stephen Warren <swarren@nvidia.com>
Andre Przywara [Wed, 30 Sep 2020 16:39:14 +0000 (17:39 +0100)]
arm64: PIE: Skip fixups if distance is zero
When the actual offset between link and runtime address is zero, there
is no need for patching up U-Boot early when running with
CONFIG_POSITION_INDEPENDENT.
Skip the whole routine when the distance is 0.
This helps when U-Boot is loaded into ROM, or in otherwise sensitive
memory locations.
Signed-off-by: Andre Przywara <andre.przywara@arm.com> Reviewed-by: Stephen Warren <swarren@nvidia.com>
Andre Przywara [Wed, 30 Sep 2020 16:39:13 +0000 (17:39 +0100)]
arm64: PIE: Do not skip static relocation
When we build an arm64 target and enable POSITION_INDEPENDENT, we were
skipping our build-time dynamic relocation fixup routine (STATIC_RELA).
This was probably done because we didn't need it in this case, as the
PIE fixup routine in start.S would take care of that at runtime.
However when we now skip this routine (upon detecting that the fixup
offset is 0), this might lead to uninitialised pointers.
Remove the exception, so that we always do the build-time relocation.
NOTE: GNU binutils starting with v2.27.1 do this build-time relocation
automatically, to be in-line with other architecures. So on newer
toolchains our manual fixup is actually not needed. It doesn't hurt to
have it, though, so that we keep compatibility with the popular Linaro
toolchains, which lack this feature.
Signed-off-by: Andre Przywara <andre.przywara@arm.com> Reviewed-by: Stephen Warren <swarren@nvidia.com>
Most users don't need the standalone API examples. Distributions like SUSE
do not supply libgcc for cross-compiling and we cannot do without on ARMv8
for building examples/.
Make examples selectable via symbol CONFIG_EXAMPLES. It defaults to
yes on ARCH_QEMU to ensure that we compile the API as part of our
continuous integration.
Cc: Matthias Brugger <mbrugger@suse.com> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Matthias Brugger <mbrugger@suse.com>
Jack Mitchell [Thu, 17 Sep 2020 09:30:40 +0000 (10:30 +0100)]
wdt: designware: fix timeout calculation due to expecting KHz
The timeout calculation is based on the clk being in KHz but
the clk api returns the clk value in Hz. Convert this to KHz
to calculate the correct timeout value.
riscv: add DT binding for BOOT button on Maix board
Add a device tree binding for the BOOT button on the Maix board.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Sean Anderson <seanga2@gmail.com> Signed-off-by: Sean Anderson <seanga2@gmail.com> Reviewed-by: Rick Chen <rick@andestech.com>
Sean Anderson [Mon, 14 Sep 2020 15:02:01 +0000 (11:02 -0400)]
gpio: dw: Return output value when direction is out
dm_gpio_ops.get_value can be called when the gpio is either input or
output. The current dw code always returns the input value, which is
invalid if the direction is set to out.
Signed-off-by: Sean Anderson <seanga2@gmail.com> Reviewed-by: Ley Foon Tan <ley.foon.tan@intel.com>
Sean Anderson [Mon, 14 Sep 2020 15:02:00 +0000 (11:02 -0400)]
gpio: dw: Add a trailing underscore to generated name
Previously, if there was no bank-name property, it was easy to have
confusing gpio names like "gpio1@08", instead of "gpio1@0_8". This patch
follows the example of the sifive gpio driver.
Signed-off-by: Sean Anderson <seanga2@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Sean Anderson [Mon, 14 Sep 2020 15:01:59 +0000 (11:01 -0400)]
gpio: dw: Fix warnings about casting int to pointer
Change the type of gpio_dwabp_platdata.base from fdt_addr_t to a void
pointer, since we pass it to readl.
Signed-off-by: Sean Anderson <seanga2@gmail.com> Reviewed-by: Ley Foon Tan <ley.foon.tan@intel.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Sean Anderson [Mon, 14 Sep 2020 15:01:58 +0000 (11:01 -0400)]
pinctrl: Add support for Kendryte K210 FPIOA
The Fully-Programmable Input/Output Array (FPIOA) device controls pin
multiplexing on the K210. The FPIOA can remap any supported function to any
multifunctional IO pin. It can also perform basic GPIO functions, such as
reading the current value of a pin. However, GPIO functionality remains
largely unimplemented (in favor of the dedicated GPIO peripherals).
Signed-off-by: Sean Anderson <seanga2@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Sean Anderson [Mon, 14 Sep 2020 15:01:57 +0000 (11:01 -0400)]
test: pinmux: Add test for pin muxing
This extends the pinctrl-sandbox driver to support pin muxing, and adds a
test for that behaviour. The test is done in C and not python (like the
existing tests for the pinctrl uclass) because it needs to call
pinctrl_select_state. Another option could be to add a command that
invokes pinctrl_select_state and then test everything in
test/py/tests/test_pinmux.py.
The pinctrl-sandbox driver now mimics the way that many pinmux devices
work. There are two groups of pins which are muxed together, as well as
four pins which are muxed individually. I have tried to test all normal
paths. However, very few error cases are explicitly checked for.
Signed-off-by: Sean Anderson <seanga2@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Sean Anderson [Mon, 14 Sep 2020 15:01:56 +0000 (11:01 -0400)]
pinctrl: Reformat documentation in dm/pinctrl.h
This normalizes the documentation to conform to kernel-doc style [1]. It
also moves the documentation for pinctrl_ops inline, and adds argument and
return-value documentation. I have kept the usual function style for these
comments. I could not find any existing examples of function documentation
inside structs.
Sean Anderson [Mon, 14 Sep 2020 15:01:55 +0000 (11:01 -0400)]
pinctrl: Add pinmux property support to pinctrl-generic
The pinmux property allows for smaller and more compact device trees,
especially when there are many pins which need to be assigned individually.
Instead of specifying an array of strings to be parsed as pins and a
function property, the pinmux property contains an array of integers
representing pinmux groups. A pinmux group consists of the pin identifier
and mux settings represented as a single integer or an array of integers.
Each individual pin controller driver specifies the exact format of a
pinmux group. As specified in the Linux documentation, a pinmux group may
be multiple integers long. However, no existing drivers use multi-integer
pinmux groups, so I have chosen to omit this feature. This makes the
implementation easier, since there is no need to allocate a buffer to do
endian conversions.
Support for the pinmux property is done differently than in Linux. As far
as I can tell, inversion of control is used when implementing support for
the pins and groups properties to avoid allocating. This results in some
duplication of effort; every property in a config node is parsed once for
each pin in that node. This is not such an overhead with pins and groups
properties, since having multiple pins in one config node does not occur
especially often. However, the semantics of the pinmux property make such a
configuration much more appealing. A future patch could parse all config
properties at once and store them in an array. This would make it easier to
create drivers which do not function solely as callbacks from
pinctrl-generic.
This commit increases the size of the sandbox build by approximately 48
bytes. However, it also decreases the size of the K210 device tree by 2
KiB from the previous version of this series.
The documentation has been updated from the last Linux commit before it was
split off into yaml files.
Signed-off-by: Sean Anderson <seanga2@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
the aspeed ddr sdram controller needs to know if the memory chip mounted on
the board is dual x8 die or not. Or it may get the wrong size of the
memory space.
Signed-off-by: Dylan Hung <dylan_hung@aspeedtech.com> Reviewed-by: Ryan Chen <ryan_chen@aspeedtech.com>