summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-08-14test/py: efi_secboot: modify 'multiple signatures' test caseAKASHI Takahiro
The test case 5 in test_signed (multiple signatures) must be modified and aligned with the change introduced in the previous commit ("efi_loader: signature: correct a behavior against multiple signatures"). Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-08-14efi_loader: signature: correct a behavior against multiple signaturesAKASHI Takahiro
Under the current implementation, all the signatures, if any, in a signed image must be verified before loading it. Meanwhile, UEFI specification v2.8b section 32.5.3.3 says, Multiple signatures are allowed to exist in the binary’s certificate table (as per PE/COFF Section “Attribute Certificate Table”). Only one hash or signature is required to be present in db in order to pass validation, so long as neither the SHA-256 hash of the binary nor any present signature is reflected in dbx. This patch makes the semantics of signature verification compliant with the specification mentioned above. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-13efi_loader: variable: fix secure state initializationAKASHI Takahiro
Under the new file-based variable implementation, the secure state is always and falsely set to 0 (hence, the secure boot gets disabled) after the reboot even if PK (and other signature database) has already been enrolled in the previous boot. This is because the secure state is set up *before* loading non-volatile variables' values from saved data. This patch fixes the order of variable initialization and secure state initialization. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: 5f7dcf079de8 ("efi_loader: UEFI variable persistence")
2020-08-13test/py: efi_secboot: add test for intermediate certificatesAKASHI Takahiro
In this test case, an image may have a signature with additional intermediate certificates. A chain of trust will be followed and all the certificates in the middle of chain must be verified before loading. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-08-13test/py: efi_secboot: small rework for adding a new testAKASHI Takahiro
It won't be very useful to customize HELLO_PATH and EFI_SECBOOT_IMAGE_NAME under the current code base. So just remove them. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-08-13efi_loader: signature: rework for intermediate certificates supportAKASHI Takahiro
In this commit, efi_signature_verify(with_sigdb) will be re-implemented using pcks7_verify_one() in order to support certificates chain, where the signer's certificate will be signed by an intermediate CA (certificate authority) and the latter's certificate will also be signed by another CA and so on. What we need to do here is to search for certificates in a signature, build up a chain of certificates and verify one by one. pkcs7_verify_one() handles most of these steps except the last one. pkcs7_verify_one() returns, if succeeded, the last certificate to verify, which can be either a self-signed one or one that should be signed by one of certificates in "db". Re-worked efi_signature_verify() will take care of this step. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-08-13efi_loader: variable: keep temporary buffer during the authenticationAKASHI Takahiro
This is a bug fix; Setting an authenticated variable may fail due to a memory corruption in the authentication. A temporary buffer will, if needed, be allocated to parse a variable's authentication data, and some portion of buffer, specifically signer's certificates, will be referenced by efi_signature_verify(). So the buffer should be kept valid until the authentication process is finished. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-13cmd/efidebug: missing initialization of load_optionsHeinrich Schuchardt
Variable load_options must be initialized to NULL to avoid a segmentation fault when freeing the memory this variable points to. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-08-13Merge https://gitlab.denx.de/u-boot/custodians/u-boot-marvellTom Rini
- Fix dtc warnings for some MVEBU boards
2020-08-13Merge tag 'u-boot-stm32-20200813' of ↵Tom Rini
https://gitlab.denx.de/u-boot/custodians/u-boot-stm - Use IS_ENABLED to prevent ifdef in board_key_check for STM32MP - Add STM32 FMC2 EBI controller driver - Fix dwc3-sti-glue which allows STiH410-B2260 to boot again - Add fitImage its entry for 587-200 DHCOR SoM - Add both PDK2 and DRC02 DT into DHCOM fitImage its - Fix DHCOM KS8851 ethernet MAC address - Remove stm32mp1 board.c file - Use const for struct node_info in board stm32mp1.c file
2020-08-13arm: mvebu: armada-3720-turris-mox.dts: Fix dtc warningStefan Roese
Fix this dtc warning: Warning (avoid_default_addr_size) Signed-off-by: Stefan Roese <sr@denx.de> Cc: Marek Behún <marek.behun@nic.cz>
2020-08-13arm: mvebu: armada-388-gp.dts: Fix dtc warningsStefan Roese
Fix these dtc warnings: Warning (reg_format) Warning (avoid_default_addr_size) Signed-off-by: Stefan Roese <sr@denx.de> Cc: Chris Packham <judge.packham@gmail.com> Reviewed-by: Chris Packham <judge.packham@gmail.com>
2020-08-13arm: mvebu: armada-xp-maxbcm.dts: Fix dtc warningStefan Roese
Fix this dtc warning: Warning (avoid_default_addr_size) Signed-off-by: Stefan Roese <sr@denx.de>
2020-08-13arm: mvebu: armada-xp-theadorable.dts: Fix dtc warningStefan Roese
Fix this dtc warning: Warning (avoid_default_addr_size) Signed-off-by: Stefan Roese <sr@denx.de>
2020-08-13board: stm32mp1: use const for struct node_infoPatrick Delaunay
Use const for the variable nodes in ft_board_setup, this patch follow fdt_fixup_mtdparts prototype and no more use stack. Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13board: stm32mp1: remove board.cPatrick Delaunay
Remove the file board/st/stm32mp1/board.c which is not more compiled since commit 156732cc8939 ("board: stm32mp1: move the function board_debug_uart_init in spl.c") Fixes: 4fb46816c7e2 ("board: stm32mp1: move the function board_debug_uart_init in spl.c") Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13ARM: dts: stm32: Update eth1addr from EEPROM if eth1 presentMarek Vasut
The STM32MP1 DHCOM has two ethernet interfaces, the on-SoM DWMAC and KS8851. Set eth1addr for the KS8851 to a MAC address of the DWMAC incremented by 1. The MAC of the DWMAC is set from on-SoM EEPROM already, but the MAC address of KS8851 was left uninitialized, so fix this. Signed-off-by: Marek Vasut <marex@denx.de> Cc: Patrice Chotard <patrice.chotard@st.com> Cc: Patrick Delaunay <patrick.delaunay@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13ARM: stm32: Add fitImage its entry for 587-200 DHCOR SoMMarek Vasut
The new 587-200 DHCOR SoM is compatible with the 587-100 prototype, hence just replicate the entries, as there is no pattern matching. Signed-off-by: Marek Vasut <marex@denx.de> Cc: Patrice Chotard <patrice.chotard@st.com> Cc: Patrick Delaunay <patrick.delaunay@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13ARM: stm32: Add both PDK2 and DRC02 DT into DHCOM fitImage itsMarek Vasut
Include both PDK2 and DRC02 DTs in the DHCOM fitImage .its and implement support in SPL to select the correct configuration entry for U-Boot by using the machine compatible string from SPL DT. Signed-off-by: Marek Vasut <marex@denx.de> Cc: Patrice Chotard <patrice.chotard@st.com> Cc: Patrick Delaunay <patrick.delaunay@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13ARM: dts: stm32: add FMC2 EBI support for stm32mp157cChristophe Kerello
This patch adds FMC2 External Bus Interface support on stm32mp157c. Signed-off-by: Christophe Kerello <christophe.kerello@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13configs: stm32mp: add CONFIG_STM32_FMC2_EBIChristophe Kerello
This patch enables the support of FMC2 EBI. Signed-off-by: Christophe Kerello <christophe.kerello@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13board: stm32mp1: update fdt fixup partitions tableChristophe Kerello
This patch adds "st,stm32mp1-fmc2-nfc" compatible string in the fdt fixup partitions table. Signed-off-by: Christophe Kerello <christophe.kerello@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13mtd: rawnand: stm32_fmc2: get resources from parent nodeChristophe Kerello
FMC2 EBI support has been added. Common resources (registers base address and clock) can now be shared between the 2 drivers using "st,stm32mp1-fmc2-nfc" compatible string. It means that the common resources should now be found in the parent device when EBI node is available. Signed-off-by: Christophe Kerello <christophe.kerello@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13memory: stm32-fmc2-ebi: add STM32 FMC2 EBI controller driverChristophe Kerello
The driver adds the support for the STMicroelectronics FMC2 EBI controller found on STM32MP SOCs. Signed-off-by: Christophe Kerello <christophe.kerello@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13mtd: rawnand: stm32_fmc2: use clrsetbits_le32Christophe Kerello
This patch uses clrsetbits_le32 function instead of multiple instructions. Signed-off-by: Christophe Kerello <christophe.kerello@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13mtd: rawnand: stm32_fmc2: use FIELD_PREP/FIELD_GET macrosChristophe Kerello
This patch removes custom macros and uses FIELD_PREP and FIELD_GET macros. Signed-off-by: Christophe Kerello <christophe.kerello@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13mtd: rawnand: stm32_fmc2: cosmetic change to use nfc instead of fmc2 where ↵Christophe Kerello
relevant This patch renames functions and local variables. This cleanup is done to get all functions starting by stm32_fmc2_nfc in the FMC2 raw NAND driver when all functions will start by stm32_fmc2_ebi in the FMC2 EBI driver. Signed-off-by: Christophe Kerello <christophe.kerello@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13mtd: rawnand: stm32_fmc2: use FMC2_TIMEOUT_5S for timeoutsChristophe Kerello
FMC2_TIMEOUT_5S will be used each time that we need to wait. It was seen, during stress tests in an overloaded system, that we could be close to 1 second, even if we never met this value. To be safe, FMC2_TIMEOUT_MS is set to 5 seconds. Signed-off-by: Christophe Kerello <christophe.kerello@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13mtd: rawnand: stm32_fmc2: remove useless inline commentsChristophe Kerello
Remove inline comments that are useless since function label are self explanatory. Signed-off-by: Christophe Kerello <christophe.kerello@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13mtd: rawnand: stm32_fmc2: fix a buffer overflowChristophe Kerello
The chip select defined in the device tree could only be 0 or 1. Signed-off-by: Christophe Kerello <christophe.kerello@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13arm: stm32mp: stm32prog: use IS_ENABLED to prevent ifdefPatrick Delaunay
Use IS_ENABLED to prevent ifdef in stm32prog command. Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13arm: stm32mp: bsec: use IS_ENABLED to prevent ifdefPatrick Delaunay
Use IS_ENABLED to prevent ifdef in bsec driver. Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13board: stm32mp1: use IS_ENABLED to prevent ifdef in ft_board_setupPatrick Delaunay
Use IS_ENABLED to prevent ifdef in ft_board_setup. Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13board: stm32mp1: use IS_ENABLED to prevent ifdef in env functionsPatrick Delaunay
Use IS_ENABLED to prevent ifdef in env functions: - env_get_location - env_ext4_get_intf - mmc_get_env_dev Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13board: stm32mp1: use IS_ENABLED to prevent ifdef in board_late_initPatrick Delaunay
Use IS_ENABLED to prevent ifdef in board_late_init. Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13board: stm32mp1: use IS_ENABLED to prevent ifdef in dk2_i2c1_fixPatrick Delaunay
Use IS_ENABLED to prevent ifdef in dk2_i2c1_fix. Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13board: stm32mp1: use IS_ENABLED to prevent ifdef in set_dfu_alt_infPatrick Delaunay
Use CONFIG_IS_ENABLED to prevent ifdef in set_dfu_alt_inf. Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13board: stm32mp1: use IS_ENABLED to prevent ifdef in sysconf_initPatrick Delaunay
Use IS_ENABLED to prevent ifdef in sysconf_init. Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13board: stm32mp1: use IS_ENABLED to prevent ifdef in board_check_usb_powerPatrick Delaunay
Use IS_ENABLED to prevent ifdef in board_check_usb_power. Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13board: stm32mp1: use IS_ENABLED to prevent ifdef in ↵Patrick Delaunay
g_dnl_board_usb_cable_connected Use IS_ENABLED to prevent ifdef in g_dnl_board_usb_cable_connected and in g_dnl_bind_fixup Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13board: stm32mp1: use IS_ENABLED to prevent ifdef in board_key_checkPatrick Delaunay
Use IS_ENABLED to prevent ifdef in board_key_check Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com> Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
2020-08-13usb: host: dwc3-sti-glue: Fix ofnode_valid() parameterPatrice Chotard
node varaible is used as iterator into ofnode_for_each_subnode() loop, when exiting of it, node is no more a valid ofnode. Use dwc3_node instead as parameter of ofnode_valid() Fixes: ac28e59a574d ("usb: Migrate to support live DT for some driver") Signed-off-by: Patrice Chotard <patrice.chotard@st.com> Cc: Kever Yang <kever.yang@rock-chips.com>
2020-08-12Makefile: fix annoying sunxi hack messageFrank Wunderlich
every compilation shows this error Hack for sunxi which doesn't have a proper binman definition for 64-bit boards not only for sunxi-boards/arm64 fix this by changing to real comments Fixes: 9f55ee259d0c ("Makefile: sunxi: Don't use binman to build ATF image") Signed-off-by: Frank Wunderlich <frank-w@public-files.de>
2020-08-11Merge tag 'ti-v2020.10-rc3' of ↵Tom Rini
https://gitlab.denx.de/u-boot/custodians/u-boot-ti - Added support for J7200 evm - DM_ETH and DM_USB migrations for omap3 - USB DFU and mass storage support for AM65x evm - RTI watchdog support for K3 devices - Fix an issue with L3 cache on K3 devices
2020-08-11arm: dts: k3-j7200-common-proc-board: Enable CPSW2G portVignesh Raghavendra
Enable CPSW2G port to support networking in U-Boot Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
2020-08-11ARM: dts: k3-j7200-mcu-wakeup: Add CPSW2G supportVignesh Raghavendra
Add MCU NAVSS, UDMA and CPSW2G DT nodes. Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
2020-08-11ARM: dts: k3-j7200: Add HyperBus and HyperFlash nodesVignesh Raghavendra
J7200 SoM has Cypress HyperFlash connected to HyperBus interface, add DT entries for the same. Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
2020-08-11ARM: dts: k3-j7200: Add wkup gpio nodeVignesh Raghavendra
Add wkup_gpio0 node required for detecting whether board mux is set HyperFlash. Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
2020-08-11board: ti: j721e: Add support for HyperFlash detectionVignesh Raghavendra
On J7200 SoC OSPI0 and HypeFlash are muxed at HW level and only one of them can be used at any time. J7200 EVM has both HyperFlash and OSPI flash on board. There is a user switch (SW3.1) that can be toggled to select OSPI flash vs HyperFlash. Read the state of this switch via wkup_gpio0_6 line and fixup the DT nodes to select OSPI0 vs HyperFlash Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
2020-08-11arm: dts: k3-j7200: Add USB related DT entriesVignesh Raghavendra
Add USB related DT entries to enable USB device mode. Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>