| Age | Commit message (Collapse) | Author |
|---|
|
Add a sandbox test for the basic ACPI functionality we have so far.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
|
|
Add this binding from Linux v5.4.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
|
|
ACPI (Advanced Configuration and Power Interface) is a standard for
specifying information about a platform. It is a little like device
tree but the bindings are part of the specification and it supports an
interpreted bytecode language.
Driver model does not use ACPI for U-Boot's configuration, but it is
convenient to have it support generation of ACPI tables for passing to
Linux, etc.
As a starting point, add an optional set of ACPI operations to each
device. Initially only a single operation is available, to obtain the
ACPI name for the device. More operations are added later.
Enable ACPI for sandbox to ensure build coverage and so that we can add
tests.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
|
|
Add the C version of this header. It includes a few Chrome OS bits which
are disabled for a normal build.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolgang.wallner@br-automation.com>
|
|
At present if reading a BAR returns 0xffffffff then the value is masked
and a different value is returned. This makes it harder to detect the
problem when debugging.
Update the function to avoid masking in this case.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
|
|
With P2SB the initial BAR (base-address register) is set up by TPL and
this is used unchanged right through U-Boot.
At present the reading of this address is split between the ofdata() and
probe() methods. There are a few problems that are unique to the p2sb.
One is that its children need to call pcr_read32(), etc. which needs to
have the p2sb address correct. Also some of its children are pinctrl
devices and pinctrl is used when any device is probed. So p2sb really
needs to get its base address set up in ofdata_to_platdata(), before it is
probed.
Another point is that reading the p2sb BAR will not work if the p2sb is
hidden. The FSP-S seems to hide it, presumably to avoid confusing PCI
enumeration.
Reading ofdata in ofdata_to_platdata() is the correct place anyway, so
this is easy to fix.
Move the code into one place and use the early-regs property in all cases
for simplicity and to avoid needing to probe any PCI devices just to read
the BAR.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Tested-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
|
|
Some files are taken or modified from coreboot, but the files are
no-longer part of the coreboot project. Fix the wording in a few places.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
|
|
Add a means to avoid configuring a device when needed. Add an explanation
of why this is useful to the binding file.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
|
|
At present the cleanup() method is called on every transfer. It should
only be called on failing transfers. Fix this and tidy up the error
handling a little.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
|
|
This device should use ready-gpios rather than ready-gpio. Fix it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
|
|
Add a comment for the private structure
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
|
|
At present the cr50 driver claims the locality and does not release it for
Linux. This causes problems. Fix this by tracking what is claimed, and
adding a 'remove' method.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
|
|
With ACPI we need to describe the settings of the SPI bus. Add enums to
handle this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
|
|
Different CPUs may support different address widths, meaning the amount of
memory they can address. Add a property for this to the cpu_info struct.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
|
|
SPCR has no clue if the UART base clock speed is different to
the default one. However, the SPCR 1.04 defines baud rate 0 as
a preconfigured state of UART and OS is supposed not to touch
the configuration of the serial device.
Linux kernel supports that starting from v5.0, see commit
b413b1abeb21 ("ACPI: SPCR: Consider baud rate 0 as preconfigured state")
for the details.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
|
|
Some callers may need the UART base clock speed value.
Provide it in the ->getinfo() callback.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
|
|
Some callers of serial_getinfo() would like to know the UART base
clock speed in order to make decision what to pass to OS in some
cases. In particular, ACPI SPCR table expects only certain base
clock speed and thus we have to act accordingly.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
|
|
A small text in docs/uefi/uefi.rst was added to explain how we can
configure and utilise UEFI secure boot feature on U-Boot.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Pytest for UEFI secure boot will use several host commands.
In particular, Test setup relies on efitools, whose version must be v1.5.2
or later. So fetch a new version of deb package directly.
Please note it has a dependency on mtools, which must also be installed
along wih efitools.
In addition, the path, '/sbin', is added to PATH for use of sgdisk and
mkfs.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
|
|
Adding those extra configurations allows us to successfully run UEFI
secure boot pytest on Travis CI.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
|
Provide test cases for
* image authentication for signed images
(test_efi_secboot/test_signed.py)
* image authentication for unsigned images
(test_efi_secboot/test_unsigned.py)
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
|
Provide a couple of test cases for variable authentication.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
|
A fixture for UEFI secure boot tests (image authentication and variable
authentication) is defined. A small file system with test data in a single
partition formatted in fat is created.
This test requires efitools v1.5.2 or later. If the system's efitools
is older, you have to build it on your own and define EFITOOLS_PATH.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
|
This sub-command will be used to test image authentication,
in particular, a case where efi_load_image() failed with
EFI_SECURITY_VIOLATION but we still want to try efi_start_image().
We won't run such a case under normal bootmgr because it simply
refuses to call efi_start_image() if anything but EFI_SUCCESS
is returned when loading an image.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
|
With "-at" option, EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
will be passed to SetVariable() to authenticate the variable.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
|
A signature database variable is associated with a specific guid.
For convenience, if user doesn't supply any guid info, "env set|print -e"
should complement it.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
|
The following variable is exported as UEFI specification defines:
SignatureSupport: array of GUIDs representing the type of signatures
supported by the platform firmware
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
|
With this commit, image validation can be enforced, as UEFI specification
section 32.5 describes, if CONFIG_EFI_SECURE_BOOT is enabled.
Currently we support
* authentication based on db and dbx,
so dbx-validated image will always be rejected.
* following signature types:
EFI_CERT_SHA256_GUID (SHA256 digest for unsigned images)
EFI_CERT_X509_GUID (x509 certificate for signed images)
Timestamp-based certificate revocation is not supported here.
Internally, authentication data is stored in one of certificates tables
of PE image (See efi_image_parse()) and will be verified by
efi_image_authenticate() before loading a given image.
It seems that UEFI specification defines the verification process
in a bit ambiguous way. I tried to implement it as closely to as
EDK2 does.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
|
The following variable is exported as UEFI specification defines:
VendorKeys: whether the system is configured to use only vendor-provided
keys or not
The value will have to be modified if a platform has its own way of
initializing signature database, in particular, PK.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
|
UEFI specification defines several global variables which are related to
the current secure boot state. In this commit, those values will be
maintained according to operations. Currently, AuditMode and DeployedMode
are defined but not implemented.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
|
With this commit, EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
is supported for authenticated variables and the system secure state
will transfer between setup mode and user mode as UEFI specification
section 32.3 describes.
Internally, authentication data is stored as part of authenticated
variable's value. It is nothing but a pkcs7 message (but we need some
wrapper, see efi_variable_parse_signature()) and will be validated by
efi_variable_authenticate(), hence efi_signature_verify_with_db().
Associated time value will be encoded in "{...,time=...}" along with
other UEFI variable's attributes.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
|
efi_signature_parse_sigdb() is a helper function will be used to parse
signature database variable and instantiate a signature store structure
in later patches.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
|
In this commit, implemented are a couple of helper functions which will be
used to materialize variable authentication as well as image authentication
in later patches.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
|
Under this configuration, UEFI secure boot support will be added
in later patches.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
|
Function rsa_verify_key() is not called before relocation. So there is no
need to load the UCLASS_MOD_EXP drivers before relocation.
This avoid a failure to boot for pine64-lts_defconfig with CONFIG_RSA=y.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
Correct function descriptions in efi_watchdog.c.
Add the descriptions to the generated HTML documentation.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
Add missing descriptions for functions in efi_disk.c.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
Correct function descriptions in efi_unicode_collation.c
Add the Unicode collation protocol to the generated HTML documentation.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
Enable EFI_RNG_PROTOCOL by default if DM_RNG is set.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Acked-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Remove superfluous 'if DM_RNG'
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
https://gitlab.denx.de/u-boot/custodians/u-boot-stm
- Replace STM32MP1_TRUSTED by TFABOOT flag
- Enable bootd, iminfo, imxtract on ST defconfig
- Rename LEDs to match silkscreen on AV96
- Add KS8851-16MLL ethernet on FMC2
- Define FMC2 base address
- net: dwc_eth_qos: implement reset-gpios for stm32
- net: dwc_eth_qos: implement phy reg and max-speed for stm32
|
|
- Common: honour hw_margin_ms property (Rasmus)
- sp805_wdt: get platform clock from dt (Rayagonda)
|
|
Use the correct macro to test presence CONFIG_LED:
replace CONFIG_IS_ENABLED(CONFIG_LED) by CONFIG_IS_ENABLED(LED)
Issue see during review unrelated patch
"board: stm32mp1: update management of boot-led"
http://patchwork.ozlabs.org/patch/1264823/
Cc: Marek Vasut <marex@denx.de>
Cc: Patrice Chotard <patrice.chotard@st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Marek Vasut <marex@denx.de>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
|
|
Enable these standard U-Boot commands for image manipulation and for
starting the default boot command using 'boot' command in U-Boot shell.
Cc: Marek Vasut <marex@denx.de>
Cc: Patrice Chotard <patrice.chotard@st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
|
|
The LED labels do not match the silkscreen on the board, fix it.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Cc: Patrick Delaunay <patrick.delaunay@st.com>
Cc: Patrice Chotard <patrice.chotard@st.com>
Cc: Tom Rini <trini@konsulko.com>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
|
|
Activate ARCH_SUPPORT_TFABOOT and replace the arch stm32mp
specific config CONFIG_STM32MP1_TRUSTED by the generic CONFIG_TFABOOT
introduced by the commit 535d76a12150 ("armv8: layerscape: Add TFABOOT
support").
This config CONFIG_TFABOOT is activated for the trusted boot chain,
when U-Boot is loaded by TF-A.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
|
|
Add DT entries, Kconfig entries and board-specific entries to configure
FMC2 bus and make KS8851-16MLL on that bus accessible to U-Boot.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Patrick Delaunay <patrick.delaunay@st.com>
Cc: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@st.com>
|
|
Define FMC2 base address, for use in board files, until there is an
actual FMC2 bus driver.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Patrick Delaunay <patrick.delaunay@st.com>
Cc: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@st.com>
|
|
Add management of property "reg" to configure @ of phy and
also "max-speed" property to specify maximum speed in Mbit/s
supported by the device
Signed-off-by: Christophe Roullier <christophe.roullier@st.com>
Reviewed-by: Patrick DELAUNAY <patrick.delaunay@st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
|
|
Add management of property "reset-gpios" in the node identified by
"phy-handle" to configure any GPIO used to reset the PHY.
Signed-off-by: Christophe Roullier <christophe.roullier@st.com>
Reviewed-by: Patrice CHOTARD <patrice.chotard@st.com>
Reviewed-by: Patrick DELAUNAY <patrick.delaunay@st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
|
|
Get the watchdog platform clock from the DTS file
using clk subsystem and use the same for calculating
ticks in msec.
Signed-off-by: Rayagonda Kokatanur <rayagonda.kokatanur@broadcom.com>
Signed-off-by: Bharat Kumar Reddy Gooty <bharat.gooty@broadcom.com>
Reviewed-by: Stefan Roese <sr@denx.de>
|
