drivers: p2sb: replace Primary-to-Sideband Bus with Primary to Sideband Bridge
In Intel's documentation the term P2SB stands for "Primary to Sideband
Bridge".
Signed-off-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Currently default output of 'printenv -e' is restricted to variables with
GUID EFI_GLOBAL_VARIABLE. This excludes db and dbx. As the number of
variables is small there is no need for this restriction.
If no GUID is provided, print all matching variables irrespective of GUID.
Always show the numeric value of the GUID.
If the GUID provided to 'setenv -e' is invalid, return CMD_RET_USAGE.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Include a file with the initial values for non-volatile UEFI variables
into the U-Boot binary. If this variable is set, changes to variable PK
will not be allowed.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Some distributions provide UEFI binaries like Shim that have been signed
using a Microsoft certificate. Provide the download paths for the public
keys.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tom Rini [Fri, 10 Jul 2020 20:00:08 +0000 (16:00 -0400)]
github: azure: Update our GitHub template to note for CI
While the general policy of not taking changes to the project via pull
requests directly on GitHub has not changed, it can be useful to submit
a PR there in order to trigger a CI run on Azure. These are run
automatically and the results are populated back to GitHub. Add a note
to the template to reflect this.
Pragnesh Patel [Mon, 29 Jun 2020 09:47:24 +0000 (15:17 +0530)]
mmc: mmc_spi: correct the while condition
When variable i will become 0, while(i--) loop breaks but variable i will
again decrement to -1 because of i-- and that's why below condition
"if (!i && (r != resp_match_value)" will never execute, So doing "i--"
inside of while() loop solves this problem.
Signed-off-by: Pragnesh Patel <pragnesh.patel@sifive.com> Reviewed-by: Bin Meng <bin.meng@windriver.com> Tested-by: Bin Meng <bin.meng@windriver.com>
Tom Rini [Mon, 13 Jul 2020 15:29:51 +0000 (11:29 -0400)]
Merge tag 'efi-2020-10-rc1-3' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-10-rc1 (3)
Up to now UEFI variables where stored in U-Boot environment variables.
Saving UEFI variables was not possible without saving the U-Boot
environment variables. With this patch series file ubootefi.var in the
EFI system partition is used for saving UEFI variables. Furthermore the
UEFI variables are exposed for reading at runtime.
Code corrections for UEFI secure boot are provided.
mmc: omap_hsmmc: Set 3.3V for IO voltage on all places
In commit commit d2c05f50e12f ("mmc: omap_hsmmc: Set 3.3V for IO voltage")
was changed 3.0V IO voltage to 3.3V but it was not done on all places in
omap_hsmmc driver. That commit broke eMMC support on Nokia N900.
This patch fixes that problematic commit and changes 3.0V to 3.3V on all
remaining places in omap_hsmmc driver.
Fixes: d2c05f50e12f ("mmc: omap_hsmmc: Set 3.3V for IO voltage") Signed-off-by: Pali Rohár <pali@kernel.org> Acked-by: Pavel Machek <pavel@ucw.cz> Reviewed-by: Faiz Abbas <faiz_abbas@ti.com>
Jan Kiszka [Wed, 1 Jul 2020 18:09:40 +0000 (20:09 +0200)]
arm: k3: Consolidate and silence k3_fit_atf.sh call
Buiding u-boot-spl-k3[_HS].its is currently unconditionally verbose
about what it does. Change that by wrapping the call to k3_fit_atf.sh
into a cmd, also using that chance to reduce duplicate lines of makefile
code - only IS_HS=1 is different when CONFIG_TI_SECURE_DEVICE is on.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Acked-by: Lokesh Vutla <lokeshvutla@ti.com>
Tom Rini [Tue, 30 Jun 2020 19:02:27 +0000 (15:02 -0400)]
omap3_beagle: Finish current outstanding DM migrations
At this point in time we can now remove our legacy code and switch to
enabling DM for USB and Ethernet.
Cc: Derald D. Woods <woods.technical@gmail.com> Cc: Adam Ford <aford173@gmail.com> Signed-off-by: Tom Rini <trini@konsulko.com> Tested-by: Derald D. Woods <woods.technical@gmail.com>
Adam Ford [Mon, 29 Jun 2020 23:49:41 +0000 (18:49 -0500)]
ARM: da850-evm: Unify config options with Kconfig
There are two options that are currently whitelisted, but they
are redundant, because there are not necessary since Kconfig options
exist to basically state the same thing.
CONFIG_DIRECT_NOR_BOOT and CONFIG_USE_NOR are both set together and
only used by the da850 when booting from NOR, however the only time
CONFIG_MTD_NOR_FLASH is configured is when booting from NOR. Since
NOR doesn't need SPL, the options for SPL can be moved to a check for
building SPL instead of checking for NOR.
This patch removes the checks for these two config options and unifies
the checks around the Kconfig option of CONFIG_MTD_NOR_FLASH.
Since this board is the only board that uses these two config options,
they can be removed from the whitelist table.
Adam Ford [Mon, 29 Jun 2020 23:32:02 +0000 (18:32 -0500)]
README: davinci: Clarify when SPL is used and the target devices.
The documentation states that SPL is enabled in all config options
for the da850. This incorrect, because devices booting from NOR
do not need the SPL to do the low level initializion because when
booting from NOR, the board is able to execute in place (XIP)
This also clarifies that SPL isn't only used for booting from SPI,
because it is also used for booting from MMC and NAND for those
devices supporting those boot options.
Encapsulate channel configuration in a separate struct so as to ease
resetting of these fields with memset() and also to increase readability
of the code.
soc: ti: k3-ringacc: Add an API to request pair of rings
Add new API k3_ringacc_request_rings_pair() to request pair of rings at
once, as in the most case Rings are used with DMA channels which required
to request pair of rings - one to feed DMA with descriptors (TX/RX FDQ) and
one to receive completions (RX/TX CQ). This will allow to simplify Ringacc
API users.
soc: ti: k3-ringacc: Move state tracking variables under a struct
Move the free, occ, windex and rinfex under a struct.
We can use memset to zero them and it will allow a cleaner way to extend
the variables for duplex rings.
dma: ti: k3-udma: Update driver to use static endpoint Data
Update driver to use static PSIL endpoint Data instead of DT. This will
allow DT bindings to be in sync with kernel's DT.
Note that this patch breaks networking and OSPI boot as driver changes
are not backward compatible with existing DT. Subsequent commit will
update the DT to make it compatible with updated driver.
efi_loader: wrong printf format in efi_image_parse
Commit 1b6c08548c85 ("efi_loader: image_loader: replace debug to
EFI_PRINT") leads to a build warning on 32bit systems:
lib/efi_loader/efi_image_loader.c: In function ‘efi_image_parse’:
include/efi_loader.h:123:8: warning: format ‘%lu’ expects argument
of type ‘long unsigned int’, but argument 8 has
type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]
Use %zu for printing size_t.
Fixes: 1b6c08548c85 ("efi_loader: image_loader: replace debug to
EFI_PRINT")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
There's 2 variables in efi_get_next_variable_name() checking the size of
the variable name. Let's get rid of the reduntant definition and
simplitfy the code a bit.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
AKASHI Takahiro [Tue, 16 Jun 2020 05:26:48 +0000 (14:26 +0900)]
lib: rsa: export rsa_verify_with_pkey()
This function will be used to implement public_key_verify_signature()
in a later patch. rsa_verify() is not suitable here because calculation
of message digest is not necessary.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
test/py: efi_secboot: add a test for verifying with digest of signed image
Signature database (db or dbx) may have not only certificates that contain
a public key for RSA decryption, but also digests of signed images.
In this test case, if database has an image's digest (EFI_CERT_SHA256_GUID)
and if the value matches to a hash value calculated from image's binary,
authentication should pass in case of db, and fail in case of dbx.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Use defined time stamps for sign-efi-sig-list. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
test/py: efi_secboot: add a test for multiple signatures
In this test case, an image is signed multiple times with different
keys. If any of signatures contained is not verified, the whole
authentication check should fail.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Provide a defined time stamp for dbx_hash1.auth. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
test/py: efi_secboot: add a test against certificate revocation
Revocation database (dbx) may have not only certificates, but also
message digests of certificates with revocation time
(EFI_CERT_X509_SHA256_GUILD).
In this test case, if the database has such a digest and if the value
matches to a certificate that created a given image's signature,
authentication should fail.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Set defined time stamp for dbx_hash.auth. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_loader: image_loader: add digest-based verification for signed image
In case that a type of certificate in "db" or "dbx" is
EFI_CERT_X509_SHA256_GUID, it is actually not a certificate which contains
a public key for RSA decryption, but a digest of image to be loaded.
If the value matches to a value calculated from a given binary image, it is
granted for loading.
With this patch, common digest check code, which used to be used for
unsigned image verification, will be extracted from
efi_signature_verify_with_sigdb() into efi_signature_lookup_digest(), and
extra step for digest check will be added to efi_image_authenticate().
efi_loader: image_loader: verification for all signatures should pass
A signed image may have multiple signatures in
- each WIN_CERTIFICATE in authenticode, and/or
- each SignerInfo in pkcs7 SignedData (of WIN_CERTIFICATE)
In the initial implementation of efi_image_authenticate(), the criteria
of verification check for multiple signatures case is a bit ambiguous
and it may cause inconsistent result.
With this patch, we will make sure that verification check in
efi_image_authenticate() should pass against all the signatures.
The only exception would be
- the case where a digest algorithm used in signature is not supported by
U-Boot, or
- the case where parsing some portion of authenticode has failed
In those cases, we don't know how the signature be handled and should
just ignore them.
Please note that, due to this change, efi_signature_verify_with_sigdb()'s
function prototype will be modified, taking "dbx" as well as "db"
instead of outputing a "certificate." If "dbx" is null, the behavior would
be the exact same as before.
The function's name will be changed to efi_signature_verify() once
current efi_signature_verify() has gone due to further improvement
in intermediate certificates support.
efi_loader: signature: fix a size check against revocation list
Since the size check against an entry in efi_search_siglist() is
incorrect, this function will never find out a to-be-matched certificate
and its associated revocation time in the signature list.
efi_loader: image_loader: retrieve authenticode only if it exists
Since the certificate table, which is indexed by
IMAGE_DIRECTORY_ENTRY_SECURITY and contains authenticode in PE image,
doesn't always exist, we should make sure that we will retrieve its pointer
only if it exists.
efi_loader: image_loader: add a check against certificate type of authenticode
UEFI specification requires that we shall support three type of
certificates of authenticode in PE image:
WIN_CERT_TYPE_EFI_GUID with the guid, EFI_CERT_TYPE_PCKS7_GUID
WIN_CERT_TYPE_PKCS_SIGNED_DATA
WIN_CERT_TYPE_EFI_PKCS1_15
As EDK2 does, we will support the first two that are pkcs7 SignedData.
Now that commit 3e57f879eee6 ("mtd: nand: raw: denali: Assert reset
before deassert") added the reset assertion, this code in the board
file is unneeded.
serial: uniphier: flush transmitter before changing hardware settings
Ensure the transmitter is empty when chaining the baudrate or any
hardware settings. If a character is remaining in the transmitter,
the console will be garbled.
bus: uniphier-system-bus: add UniPhier System Bus driver
Since commit 1517126fdac2 ("ARM: uniphier: select DM_ETH"), DM-based
drivers/net/smc911x.c is compiled, but it is never probed because the
parent node lacks the DM-based driver.
I need a skeleton driver to populate child devices (but the next commit
will move more hardware settings to the this driver).
I put this to drivers/bus/uniphier-system-bus.c because this is the
same path as the driver in Linux kernel.