Age | Commit message (Collapse) | Author |
|
The default CSF_SIZE defined in Kconfig is too high and SPL cannot
fit into the OCRAM in certain cases.
The CSF cannot achieve 0x2000 length when using RSA 4K key which is
the largest key size supported by HABv4.
According to AN12056 "Encrypted Boot on HABv4 and CAAM Enabled Devices"
it's recommended to pad CSF binary to 0x2000 and append DEK blob to
deploy encrypted boot images.
As the maximum DEK blob size is 0x58 we can reduce CSF_SIZE to 0x2060
which should cover both CSF and DEK blob length.
Update default_image.c and image.c to align with this change and avoid
a U-Boot proper authentication failure in HAB closed devices:
Authenticate image from DDR location 0x877fffc0...
bad magic magic=0x32 length=0x6131 version=0x38
bad length magic=0x32 length=0x6131 version=0x38
bad version magic=0x32 length=0x6131 version=0x38
spl: ERROR: image authentication fail
Fixes: 96d27fb218 (Revert "habv4: tools: Avoid hardcoded CSF size for SPL targets")
Reported-by: Jagan Teki <jagan@amarulasolutions.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
|
|
This change tries to fix the following problem:
- The board boots (to be more precise - ROM loads SPL) from a slow SPI-NOR
memory.
As a result the spl_boot_device() will return SPI-NOR as a boot device
(which is correct).
- The problem is that in 'falcon boot' the eMMC is used as a boot medium to
load kernel from its partition.
Calling spl_boot_device() will break things as it returns SPI-NOR device.
To fix this issue the new CONFIG_SPL_FORCE_MMC_BOOT Kconfig flag is
introduced to handle this special use case. By default it is not defined,
so there is no change in the legacy code flow.
Signed-off-by: Lukasz Majewski <lukma@denx.de>
|
|
This reverts commit 62a52f3f85bf33e286632e99f0d39b2c166af0c4.
|
|
Currently it's not possible to authenticate the U-Boot proper of
mx6ul_14x14_evk_defconfig target:
Authenticate image from DDR location 0x877fffc0...
bad magic magic=0x0 length=0x00 version=0x3
bad length magic=0x0 length=0x00 version=0x3
bad version magic=0x0 length=0x00 version=0x3
spl: ERROR: image authentication fail
Commit 0633e134784a ("imx: hab: Increase CSF_SIZE for i.MX6 and
i.MX7 devices") has increased CSF_SIZE to avoid a possible issue
when booting encrypted boot images.
Commit d21bd69b6e95 ("tools: mkimage: add firmware-ivt image type
for HAB verification") is hardcoding the CSF and IVT sizes, the
new CSF size is not being considered and u-boot-ivt.img fails to
boot.
Avoid hardcoded CSF and IVT size to fix this issue.
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
|
|
i.MX8 only support AHAB secure boot with Container format image,
we could not use FIT to support secure boot, so introduce container
support to let SPL could load container images.
Cc: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Cc: Tien Fong Chee <tien.fong.chee@intel.com>
Cc: York Sun <york.sun@nxp.com>
Cc: Marek Vasut <marex@denx.de>
Cc: Alex Kiernan <alex.kiernan@gmail.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Cc: Heiko Schocher <hs@denx.de>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
|
Previously the SPL size on all iMX6 platforms was restricted to 68KB
because the OCRAM size on iMX6SL/DL parts is only 128KB. However, the
other iMX6 variants have 256KB of OCRAM. Add an option
CONFIG_MX6_OCRAM_256KB which allows using the full size on boards which
don't need to support the SL/DL variants. This allows for an SPL size of
196KB, which makes it much easier to use configurations such as SPL with
driver model and FDT control.
Signed-off-by: Robert Hancock <hancock@sedsystems.ca>
Tested-by: Adam Ford <aford173@gmail.com> #imx6q_logic
|
|
Pass spl_image and bootdev to board_return_bootrom.
i.MX8MN needs the args to let ROM to load images
Cc: Simon Glass <sjg@chromium.org>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Kever Yang <kever.yang@rock-chips.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
|
|
Old splash code in cfb_console driver displayed U-Boot version
string by default. Restore this behaviour for DM_VIDEO enabled
configurations.
Signed-off-by: Anatolij Gustschin <agust@denx.de>
Reported-by: Fabio Estevam <festevam@gmail.com>
|
|
After mxc_ipuv3 DM_VIDEO conversion board configs with enabled
CONFIG_VIDEO_LOGO do not show splash screen (previosly drawing
splash screen worked via cfb_console driver with CONFIG_VIDEO_LOGO
enabled). Use splash_source library for loading splash images
when CONFIG_SPLASH_SOURCE is selected, otherwise prepare built-in
video logo for drawing.
Signed-off-by: Anatolij Gustschin <agust@denx.de>
|
|
This will be used to implement non-blocking keyboard polling in case of
errors.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
|
|
Use the wrapper as other callers do.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
|
|
This aligns naming with usb_bulk_msg and usb_control_msg.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
|
|
Causes unbound key repeat on error otherwise.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
|
|
The current code in reserve_noncached() has two issues:
1) The first update of gd->start_addr_sp always rounds down to a section
start. However, the equivalent calculation in cache.c:noncached_init()
always first rounds up to a section start, then subtracts a section size.
These two calculations differ if the initial value is already rounded to
section alignment.
2) The second update of gd->start_addr_sp subtracts exactly
CONFIG_SYS_NONCACHED_MEMORY, whereas the equivalent calculation in
cache.c:noncached_init() rounds the noncached size up to section
alignment before subtracting it. The two calculations differ if the
noncached region size is not a multiple of the MMU section size.
In practice, one/both of those issues causes a practical problem on
Jetson TX1; U-Boot triggers a synchronous abort during initialization,
likely due to overlapping use of some memory region.
This change fixes both these issues by duplicating the exact calculations
from noncached_init() into reserve_noncached().
However, this fix assumes that gd->start_addr_sp on entry to
reserve_noncached() exactly matches mem_malloc_start on entry to
noncached_init(). I haven't traced the code to see whether it absolutely
guarantees this in all (or indeed any!) cases. Consequently, I added some
comments in the hope that this condition will continue to be true.
Fixes: 5f7adb5b1c02 ("board_f: reserve noncached space below malloc area")
Cc: Vikas Manocha <vikas.manocha@st.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
|
|
Define new image type for coprocessor images.
It is used in FIT to identify the files loaded
with remoteproc command (elf or bin).
Signed-off-by: Loic Pallardy <loic.pallardy@st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
- Assorted minor bugfixes
|
|
Several options are presenting themselves on a various boards
where the options are clearly not used. (ie, SPL/TPL options
when SPL or TPL are not defined)
This patch is not attempting to be a complete list of items, but
more like low hanging fruit. In some instances, I wasn't sure
of DM was required, so I simply made them SPL or TPL.
This patch attempts to reduce some of the menuconfig noise
by defining dependencies so they don't appear when not used.
Signed-off-by: Adam Ford <aford173@gmail.com>
|
|
Noncached area at present is being initialized to random space after malloc
area. It works in most the cases as it goes to stack area & stack is not
overwriting it being far from it.
Signed-off-by: Vikas Manocha <vikas.manocha@st.com>
|
|
- Support SPL and OpenSBI (FW_DYNAMIC firmware) boot.
- Fix qemu kconfig build warning.
|
|
To support relocation of the stack and global data on RISC-V, the
secondary harts must be notified of the change using IPIs. We can reuse
the hart relocation code for this purpose. It uses global data to store
the new stack pointer and global data pointer for the secondary harts.
This means that we cannot update the global data pointer of the main
hart in spl_relocate_stack_gd(), because the secondary harts have not
yet been relocated at this point. It is updated after the secondary
harts have been notified.
Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
|
|
RISC-V OpenSBI is an open-source implementation of the RISC-V Supervisor
Binary Interface (SBI) specification. It is required by Linux and U-Boot
running in supervisor mode. This patch adds support for booting via the
OpenSBI FW_DYNAMIC firmware. It supports OpenSBI version 0.4 and higher.
In this configuration, U-Boot SPL starts in machine mode. After loading
OpenSBI and U-Boot proper, it will start OpenSBI. All necessary
parameters are generated by U-Boot SPL and are passed to OpenSBI. U-Boot
proper is started in supervisor mode by OpenSBI. Support for OpenSBI is
enabled with CONFIG_SPL_OPENSBI. An additional configuration entry,
CONFIG_SPL_OPENSBI_LOAD_ADDR, is used to specify the load address of the
OpenSBI firmware binary. It is not used directly in U-Boot and instead
is intended to make the value available to scripts such as FIT
configuration generators.
The header file include/opensbi.h is based on header files from the
OpenSBI project. They are recent, as of commit bae54f764570 ("firmware:
Add fw_dynamic firmware").
Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
|
|
As part of the SPL FIT boot flow, the device tree is appended to U-Boot
proper. The device tree is used to record information on the loadables
to make them available to the SPL framework and U-Boot proper. Depending
on the U-Boot device tree provider, the FIT image might not include a
device tree. Information on the loadables is missing in this case.
When booting via firmware bundled with the FIT image, U-Boot SPL loads
the firmware binary and U-Boot proper before starting the firmware. The
firmware, in turn, is responsible for starting U-Boot proper.
Information on the memory location of the U-Boot proper loadable must be
available to the SPL framework so that it can be passed to the firmware
binary. To support this use case when no device tree is found in the FIT
image, fall back to the U-Boot device tree in this situation.
At the same time, update the comment to remove the note that the
destination address must be aligned to ARCH_DMA_MINALIGN. Alignment is
only required as an intermediate step when reading external data. This
is automatically handled by spl_fit_append_fdt(). After reading the
external data, it is copied to the specified address, which does not
have to be aligned to ARCH_DMA_MINALIGN.
Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
|
|
This converts the following to Kconfig:
CONFIG_SYS_SPI_U_BOOT_OFFS
Signed-off-by: Hannes Schmelzer <hannes.schmelzer@br-automation.com>
[trini: Expose this for SPL_SPI_SUNXI for now]
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
Several options are presenting themselves on a various boards
where the options are clearly not used. (ie, arm64 options on
arm9, or SPL/TPL options when SPL or TPL are not defined)
This patch is not attempting to be a complete list of items, but
more like low hanging fruit.
This patch attempts to reduce some of the menuconfig noise
by defining dependencies so they don't appear when not used.
Signed-off-by: Adam Ford <aford173@gmail.com>
|
|
This is no-longer used in U-Boot and has not been converted to driver
model. Drop it.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
This file contains lots of internal details about the environment. Most
code can include env.h instead, calling the functions there as needed.
Rename this file and add a comment at the top to indicate its internal
nature.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
[trini: Fixup apalis-tk1.c]
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
This header file is now only used by files that access internal
environment features. Drop it from various places where it is not needed.
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Move these functions to the new header file and rename set_default_env()
to env_set_default() so that it has a consistent env_ prefix.
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Move env_get() over to the new header file.
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Move env_set() over to the new header file.
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Move env_get_hex() over to the new header file.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
|
|
Move env_set_hex() over to the new header file along with env_set_addr()
which uses it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
|
|
Move env_relocate() over to the new header file.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
|
|
Move env_init() over to the new header file.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
|
|
At present we have environment.h but this file includes all the
environment-related header files as well as internals such as
default_environment.
It seems desirable to have a new header to hold the commonly used
environment functions, so that most files can avoid including all of this
unnecessary stuff.
Create a new env.h header and move one function over to it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
|
|
This function is no-longer defined in U-Boot. Drop the declaration from
common.h
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
This function relates to lcd.h and is about to become obsolete with the
driver-model conversion. Move it out of common.h
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
As part of the effort to remove things from common.h, create a new header
for the gzip functions. Move the function declarations to it and add
missing documentation.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
|
|
This implements a stack usage check in SPL.
Many boards start up SPL to run code + data from one common, rather small
SRAM. To implement a sophisticated SPL binary size limit on such boards,
the stack size (as well as malloc size and global data size) must be
subtracted from this SRAM size.
However, to do that properly, the stack size first needs to be known.
This patch adds a new Kconfig option:
- SPL_SYS_REPORT_STACK_F_USAGE: memset(0xaa) the whole area of the stack
very early and check stack usage based on this constant later before the
stack is switched to DRAM
Initializing the stack and checking it is implemented in weak functions,
in case a board does not use the stack as saved in gd->start_addr_sp.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
|
|
Do not attempt to print fdt info if root node wasn't found.
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
|
|
The Linux ramdisk should always be decompressed by the kernel itself,
not by U-Boot. Therefore, the 'compression' node in the FIT image should
always be set to "none" for ramdisk images, since the only point of
using that node is if you want U-Boot to do the decompression itself.
Yet some systems populate the node to the compression algorithm used by
the kernel instead. This used to be ignored, but now that we support
decompression of all image types it becomes a problem. Since ramdisks
should never be decompressed by U-Boot anyway, this patch adds a special
exception for them to avoid these issues. Still, setting the
'compression' node like that is wrong in the first place, so we still
want to print out a warning so that third-party distributions doing this
can notice and fix it.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Heiko Schocher <hs@denx.de>
Tested-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
|
|
Avoid to flush buffer when silent console is activated as the
console can be reactivate later, after relocation, when the env will
be updated with the saved one.
Solve issue (missing beginning of U-Boot trace) when:
- CONFIG_SILENT_CONSOLE is activated
- silent=1 is defined in default environment (CONFIG_EXTRA_ENV_SETTINGS)
- silent is removed in saved environment with:
> env delete silent; env save
Only functional when PRE_CONSOLE_BUFFER is activated.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
|
|
Update the "silent" property with the variable "silent" get from
saved environment, it solves the issue when:
- CONFIG_SILENT_CONSOLE and CONFIG_SYS_CONSOLE_IS_IN_ENV are activated
- silent is not defined in default environment
- silent is requested in saved environment with:
> env set silent 1; env save
On next reboot the console is not disabled as expected after relocation
and the environment load from flash (the callback is not called when
the INSERT is requested in the created hash table)
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
|
|
When having only these AVB related configs enabled:
CONFIG_AVB_VERIFY=y
CONFIG_CMD_AVB=y
CONFIG_LIBAVB=y
build fails with next errors:
common/avb_verify.c: In function 'read_persistent_value':
common/avb_verify.c:867:6: warning: implicit declaration of function
'get_open_session'
common/avb_verify.c:870:45: error: 'struct AvbOpsData' has no member
named 'tee'
common/avb_verify.c:894:7: warning: implicit declaration of function
'invoke_func'
common/avb_verify.c: In function 'write_persistent_value':
common/avb_verify.c:931:45: error: 'struct AvbOpsData' has no member
named 'tee'
Guard read_persistent_value() and write_persistent_value() functions
by checking if CONFIG_OPTEE_TA_AVB is enabled (as those are only used in
that case) to fix the build with mentioned configuration.
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com>
|
|
if CONFIG_AUTOBOOT_KEYED, CONFIG_AUTOBOOT_ENCRYPTION and
CONFIG_AUTOBOOT_STOP_STR_SHA256 are enabled in conjunction
with CONFIG_SHA_HW_ACCEL and CONFIG_FSL_CAAM, we get the
Error when pressing a key while waiting for bootdelay:
Error: Address arguments are not aligned
CAAM was not setup properly or it is faulty
Reason is, that used variables are not cache aligned,
so malloc this variables cache aligned.
Probably this is also a bugfix for other hw accelerators
than CAAM.
Signed-off-by: Heiko Schocher <hs@denx.de>
|
|
Avoid use of #ifdef and keep the common condion in a variable. This makes
the code easier to read.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Adjust some of the code which can be trivially moved to use IS_ENABLED()
instead of #ifdef.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Rename this option to CONFIG_AUTOBOOT_MENU_SHOW this it relates to the
autoboot functionality.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Move the variable to the top of the file and adjust the code which uses it
to use if() rather than #ifdef, to make it easier to read.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Since this is part of the autoboot functionality, it makes sense to name
it with an AUTOBOOT prefix. No mainline boards use it so this should be
safe, and downstream boards will need to adjust.
Since this option is just an integer value, it really needs another option
to control whether the feature is enabled or not. Add a new
CONFIG_USE_AUTOBOOT_MENUKEY for that. This fits better with how things are
done with Kconfig, avoiding the need to use a specific value to disable
the feature.
Signed-off-by: Simon Glass <sjg@chromium.org>
|