Commit f70f7312 authored by Simon Glass's avatar Simon Glass
Browse files

sandbox: Add a build for VPL



Add an initial VPL build for sandbox. This includes the flow:

   TPL (with of-platdata) -> VPL -> SPL -> U-Boot

To run it:

   ./tpl/u-boot-tpl -D

The -D is needed to get the default device tree, which includes the serial
console info.

Add a Makefile check for OF_HOSTFILE which is the option that enables
devicetree control on sandbox.

Series-changes: 4
- Add a sandbox_vpl build
- Update cover letter

Series-changes: 6
- Add docs for sandbox_vpl build
- Drop TPL_HASH_SUPPORT patch since we only have SPL_HASH now

Series-to: u-boot
Series-cc: trini
Series-version: 6
Series-links: 256138 4:253010
Cover-letter:
vpl: Introduce a verifying program loader
U-Boot provides a verified-boot feature based around FIT, but there is
no standard way of implementing it for a board. At present the various
required pieces must be built up separately, to produce a working
implementation. In particular, there is no built-in support for selecting
A/B boot or recovery mode.

This series introduces VPL, a verified program loader phase for U-Boot.
Its purpose is to run the verified-boot process and decide which SPL
binary should be run. It is critical that this decision happens before
SPL runs, since SPL sets up SDRAM and we need to be able to update the
SDRAM-init code in the field.

Adding VPL into the boot flow provides a standard way of implementing
verified boot. This series includes the phase itself, some useful Kconfig
options and a sandbox_vpl build for sandbox.
END

Change-Id: If1e267f286be9b2be553157103cd0146503ea50e
Signed-off-by: Simon Glass's avatarSimon Glass <sjg@chromium.org>
parent db83de6e
Pipeline #9177 passed with stages
in 72 minutes
......@@ -1192,7 +1192,7 @@ u-boot.bin: u-boot-fit-dtb.bin FORCE
u-boot-dtb.bin: u-boot-nodtb.bin dts/dt.dtb FORCE
$(call if_changed,cat)
else ifeq ($(CONFIG_OF_SEPARATE),y)
else ifeq ($(CONFIG_OF_SEPARATE)$(CONFIG_OF_HOSTFILE),y)
u-boot-dtb.bin: u-boot-nodtb.bin dts/dt.dtb FORCE
$(call if_changed,cat)
......
......@@ -29,6 +29,14 @@ config SANDBOX_SPL
bool "Enable SPL for sandbox"
select SUPPORT_SPL
config SANDBOX_TPL
bool "Enable TPL for sandbox"
select SUPPORT_TPL
config SANDBOX_VPL
bool "Enable VPL for sandbox"
select SUPPORT_VPL
config SYS_CONFIG_NAME
default "sandbox_spl" if SANDBOX_SPL
default "sandbox" if !SANDBOX_SPL
......
......@@ -31,13 +31,21 @@ int sandbox_find_next_phase(char *fname, int maxlen, bool use_img)
return 0;
}
/* SPL / TPL init function */
/* SPL / TPL / VPL init function */
void board_init_f(ulong flag)
{
struct sandbox_state *state = state_get_current();
int ret;
gd->arch.ram_buf = state->ram_buf;
gd->ram_size = state->ram_size;
ret = spl_early_init();
if (ret) {
debug("spl_early_init() failed: %d\n", ret);
hang();
}
preloader_console_init();
}
u32 spl_boot_device(void)
......@@ -74,8 +82,6 @@ void spl_board_init(void)
{
struct sandbox_state *state = state_get_current();
preloader_console_init();
if (state->run_unittests) {
struct unit_test *tests = UNIT_TEST_ALL_START();
const int count = UNIT_TEST_ALL_COUNT();
......
......@@ -226,7 +226,7 @@
};
spl-test {
u-boot,dm-pre-reloc;
u-boot,dm-spl;
compatible = "sandbox,spl-test";
boolval;
intval = <1>;
......@@ -240,7 +240,7 @@
};
spl-test2 {
u-boot,dm-pre-reloc;
u-boot,dm-spl;
compatible = "sandbox,spl-test";
intval = <3>;
intarray = <5>;
......@@ -252,14 +252,14 @@
};
spl-test3 {
u-boot,dm-pre-reloc;
u-boot,dm-spl;
compatible = "sandbox,spl-test";
stringarray = "one";
maybe-empty-int = <1>;
};
spl-test5 {
u-boot,dm-tpl;
u-boot,dm-vpl;
compatible = "sandbox,spl-test";
stringarray = "tpl";
};
......@@ -306,6 +306,8 @@
/* Needs to be available prior to relocation */
uart0: serial {
u-boot,dm-spl;
u-boot,dm-tpl;
u-boot,dm-vpl;
compatible = "sandbox,serial";
sandbox,text-colour = "cyan";
pinctrl-names = "default";
......
......@@ -33,3 +33,10 @@ S: Maintained
F: board/sandbox/
F: include/configs/sandbox.h
F: configs/sandbox_flattree_defconfig
SANDBOX VPL BOARD
M: Simon Glass <sjg@chromium.org>
S: Maintained
F: board/sandbox/
F: include/configs/sandbox_spl.h
F: configs/sandbox_vpl_defconfig
CONFIG_SYS_TEXT_BASE=0x200000
CONFIG_SPL_LIBCOMMON_SUPPORT=y
CONFIG_SPL_LIBGENERIC_SUPPORT=y
CONFIG_NR_DRAM_BANKS=1
CONFIG_SYS_MEMTEST_START=0x00100000
CONFIG_SYS_MEMTEST_END=0x00101000
CONFIG_ENV_SIZE=0x2000
CONFIG_DEFAULT_DEVICE_TREE="sandbox"
CONFIG_SPL_SERIAL_SUPPORT=y
CONFIG_TPL_LIBCOMMON_SUPPORT=y
CONFIG_TPL_LIBGENERIC_SUPPORT=y
CONFIG_SPL_DRIVERS_MISC=y
CONFIG_SPL_SYS_MALLOC_F_LEN=0x8000
CONFIG_SPL=y
CONFIG_BOOTSTAGE_STASH_ADDR=0x0
CONFIG_SANDBOX_SPL=y
CONFIG_SANDBOX_TPL=y
CONFIG_SANDBOX_VPL=y
CONFIG_DEBUG_UART=y
CONFIG_DISTRO_DEFAULTS=y
CONFIG_FIT=y
CONFIG_FIT_SIGNATURE=y
CONFIG_FIT_VERBOSE=y
CONFIG_SPL_LOAD_FIT=y
# CONFIG_USE_SPL_FIT_GENERATOR is not set
CONFIG_BOOTSTAGE=y
CONFIG_BOOTSTAGE_REPORT=y
CONFIG_BOOTSTAGE_FDT=y
CONFIG_BOOTSTAGE_STASH=y
CONFIG_BOOTSTAGE_STASH_SIZE=0x4096
CONFIG_CONSOLE_RECORD=y
CONFIG_CONSOLE_RECORD_OUT_SIZE=0x1000
CONFIG_DISPLAY_BOARDINFO_LATE=y
CONFIG_MISC_INIT_F=y
CONFIG_HANDOFF=y
CONFIG_SPL_BOARD_INIT=y
CONFIG_TPL_SYS_MALLOC_SIMPLE=y
CONFIG_SPL_ENV_SUPPORT=y
CONFIG_SPL_I2C=y
CONFIG_SPL_RTC_SUPPORT=y
CONFIG_TPL=y
CONFIG_TPL_DRIVERS_MISC=y
CONFIG_TPL_ENV_SUPPORT=y
CONFIG_TPL_I2C=y
CONFIG_TPL_RTC_SUPPORT=y
CONFIG_TPL_SERIAL_SUPPORT=y
CONFIG_VPL=y
CONFIG_VPL_ENV_SUPPORT=y
CONFIG_CMD_CPU=y
CONFIG_CMD_LICENSE=y
CONFIG_CMD_BOOTZ=y
CONFIG_CMD_BOOTEFI_HELLO=y
# CONFIG_CMD_ELF is not set
CONFIG_CMD_ASKENV=y
CONFIG_CMD_GREPENV=y
CONFIG_CMD_ERASEENV=y
CONFIG_CMD_ENV_CALLBACK=y
CONFIG_CMD_ENV_FLAGS=y
CONFIG_CMD_NVEDIT_INFO=y
CONFIG_CMD_NVEDIT_LOAD=y
CONFIG_CMD_NVEDIT_SELECT=y
CONFIG_LOOPW=y
CONFIG_CMD_MD5SUM=y
CONFIG_CMD_MEMINFO=y
CONFIG_CMD_MX_CYCLIC=y
CONFIG_CMD_MEMTEST=y
CONFIG_CMD_DEMO=y
CONFIG_CMD_GPIO=y
CONFIG_CMD_GPT=y
CONFIG_CMD_IDE=y
CONFIG_CMD_I2C=y
CONFIG_CMD_OSD=y
CONFIG_CMD_PCI=y
CONFIG_CMD_REMOTEPROC=y
CONFIG_CMD_SPI=y
CONFIG_CMD_USB=y
CONFIG_BOOTP_DNS2=y
CONFIG_CMD_TFTPPUT=y
CONFIG_CMD_TFTPSRV=y
CONFIG_CMD_RARP=y
CONFIG_CMD_CDP=y
CONFIG_CMD_SNTP=y
CONFIG_CMD_DNS=y
CONFIG_CMD_LINK_LOCAL=y
CONFIG_CMD_BMP=y
CONFIG_CMD_EFIDEBUG=y
CONFIG_CMD_TIME=y
CONFIG_CMD_TIMER=y
CONFIG_CMD_SOUND=y
CONFIG_CMD_BOOTSTAGE=y
CONFIG_CMD_PMIC=y
CONFIG_CMD_REGULATOR=y
CONFIG_CMD_TPM=y
CONFIG_CMD_TPM_TEST=y
CONFIG_CMD_CBFS=y
CONFIG_CMD_CRAMFS=y
CONFIG_CMD_EXT4_WRITE=y
CONFIG_MAC_PARTITION=y
CONFIG_AMIGA_PARTITION=y
CONFIG_OF_CONTROL=y
CONFIG_SPL_OF_CONTROL=y
CONFIG_TPL_OF_CONTROL=y
CONFIG_OF_HOSTFILE=y
CONFIG_TPL_OF_PLATDATA=y
CONFIG_TPL_OF_PLATDATA_INST=y
CONFIG_ENV_IS_NOWHERE=y
CONFIG_ENV_IS_IN_EXT4=y
CONFIG_ENV_EXT4_INTERFACE="host"
CONFIG_ENV_EXT4_DEVICE_AND_PART="0:0"
CONFIG_BOOTP_SEND_HOSTNAME=y
CONFIG_NETCONSOLE=y
CONFIG_IP_DEFRAG=y
CONFIG_SPL_DM=y
CONFIG_TPL_DM=y
CONFIG_DM_DMA=y
CONFIG_REGMAP=y
CONFIG_SPL_REGMAP=y
CONFIG_SYSCON=y
CONFIG_SPL_SYSCON=y
CONFIG_DEVRES=y
CONFIG_DEBUG_DEVRES=y
# CONFIG_SPL_SIMPLE_BUS is not set
CONFIG_ADC=y
CONFIG_ADC_SANDBOX=y
CONFIG_AXI=y
CONFIG_AXI_SANDBOX=y
CONFIG_CLK=y
CONFIG_SPL_CLK=y
CONFIG_TPL_CLK=y
CONFIG_CPU=y
CONFIG_DM_DEMO=y
CONFIG_DM_DEMO_SIMPLE=y
CONFIG_DM_DEMO_SHAPE=y
CONFIG_SPL_FIRMWARE=y
CONFIG_GPIO_HOG=y
CONFIG_PM8916_GPIO=y
CONFIG_SANDBOX_GPIO=y
CONFIG_I2C_CROS_EC_TUNNEL=y
CONFIG_I2C_CROS_EC_LDO=y
CONFIG_DM_I2C_GPIO=y
CONFIG_SYS_I2C_SANDBOX=y
CONFIG_I2C_MUX=y
CONFIG_I2C_ARB_GPIO_CHALLENGE=y
CONFIG_CROS_EC_KEYB=y
CONFIG_I8042_KEYB=y
CONFIG_LED=y
CONFIG_LED_BLINK=y
CONFIG_LED_GPIO=y
CONFIG_DM_MAILBOX=y
CONFIG_SANDBOX_MBOX=y
CONFIG_MISC=y
CONFIG_TPL_MISC=y
CONFIG_CROS_EC=y
CONFIG_CROS_EC_I2C=y
CONFIG_CROS_EC_LPC=y
CONFIG_CROS_EC_SANDBOX=y
CONFIG_CROS_EC_SPI=y
CONFIG_P2SB=y
CONFIG_PWRSEQ=y
CONFIG_SPL_PWRSEQ=y
CONFIG_MMC_SANDBOX=y
CONFIG_SPI_FLASH_SANDBOX=y
CONFIG_SPI_FLASH_ATMEL=y
CONFIG_SPI_FLASH_EON=y
CONFIG_SPI_FLASH_GIGADEVICE=y
CONFIG_SPI_FLASH_MACRONIX=y
CONFIG_SPI_FLASH_SPANSION=y
CONFIG_SPI_FLASH_STMICRO=y
CONFIG_SPI_FLASH_SST=y
CONFIG_SPI_FLASH_WINBOND=y
CONFIG_DM_ETH=y
CONFIG_NVME=y
CONFIG_PCI=y
CONFIG_PCI_SANDBOX=y
CONFIG_PHY=y
CONFIG_PHY_SANDBOX=y
CONFIG_PINCTRL=y
CONFIG_PINCONF=y
CONFIG_PINCTRL_SANDBOX=y
CONFIG_DM_PMIC=y
CONFIG_PMIC_ACT8846=y
CONFIG_DM_PMIC_PFUZE100=y
CONFIG_DM_PMIC_MAX77686=y
CONFIG_DM_PMIC_MC34708=y
CONFIG_PMIC_PM8916=y
CONFIG_PMIC_RK8XX=y
CONFIG_PMIC_S2MPS11=y
CONFIG_DM_PMIC_SANDBOX=y
CONFIG_PMIC_S5M8767=y
CONFIG_PMIC_TPS65090=y
CONFIG_DM_REGULATOR=y
CONFIG_REGULATOR_ACT8846=y
CONFIG_DM_REGULATOR_PFUZE100=y
CONFIG_DM_REGULATOR_MAX77686=y
CONFIG_DM_REGULATOR_FIXED=y
CONFIG_REGULATOR_RK8XX=y
CONFIG_REGULATOR_S5M8767=y
CONFIG_DM_REGULATOR_SANDBOX=y
CONFIG_REGULATOR_TPS65090=y
CONFIG_DM_PWM=y
CONFIG_PWM_CROS_EC=y
CONFIG_PWM_SANDBOX=y
CONFIG_RAM=y
CONFIG_REMOTEPROC_SANDBOX=y
CONFIG_DM_RESET=y
CONFIG_SANDBOX_RESET=y
CONFIG_DM_RTC=y
CONFIG_SPL_DM_RTC=y
CONFIG_TPL_DM_RTC=y
CONFIG_SANDBOX_SERIAL=y
CONFIG_SOUND=y
CONFIG_SOUND_SANDBOX=y
CONFIG_SOC_DEVICE=y
CONFIG_SANDBOX_SPI=y
CONFIG_SPMI=y
CONFIG_SPMI_SANDBOX=y
CONFIG_SYSINFO=y
CONFIG_SYSINFO_SANDBOX=y
CONFIG_SYSINFO_GPIO=y
CONFIG_SYSRESET=y
CONFIG_SPL_SYSRESET=y
CONFIG_TPL_SYSRESET=y
CONFIG_TIMER=y
CONFIG_TIMER_EARLY=y
CONFIG_SANDBOX_TIMER=y
CONFIG_USB=y
CONFIG_USB_EMUL=y
CONFIG_USB_KEYBOARD=y
CONFIG_DM_VIDEO=y
CONFIG_CONSOLE_ROTATION=y
CONFIG_CONSOLE_TRUETYPE=y
CONFIG_CONSOLE_TRUETYPE_CANTORAONE=y
CONFIG_VIDEO_SANDBOX_SDL=y
CONFIG_OSD=y
CONFIG_SANDBOX_OSD=y
CONFIG_SPLASH_SCREEN_ALIGN=y
CONFIG_VIDEO_BMP_RLE8=y
CONFIG_FS_CBFS=y
CONFIG_FS_CRAMFS=y
# CONFIG_SPL_USE_TINY_PRINTF is not set
CONFIG_CMD_DHRYSTONE=y
CONFIG_RSA_VERIFY_WITH_PKEY=y
CONFIG_TPM=y
CONFIG_LZ4=y
CONFIG_ERRNO_STR=y
CONFIG_UNIT_TEST=y
CONFIG_SPL_UNIT_TEST=y
CONFIG_UT_TIME=y
CONFIG_UT_DM=y
......@@ -420,6 +420,19 @@ state_setprop() which does this automatically and avoids running out of
space. See existing code for examples.
VPL (Verifying Program Loader)
------------------------------
Sandbox provides an example build of vpl called `sandbox_vpl`. This can be run
using::
/path/to/sandbox_vpl/tpl/u-boot-tpl -D
It starts up TPL (first-stage init), then VPL, then runs SPL and finally U-Boot
proper, following the normal flow for a verified boot. At present, no
verification is actually implemented.
Debugging the init sequence
---------------------------
......
......@@ -25,7 +25,7 @@ config BCH
config BINMAN_FDT
bool "Allow access to binman information in the device tree"
depends on BINMAN && DM && OF_CONTROL
default y if OF_SEPARATE || OF_EMBED
default y if OF_SEPARATE || OF_EMBED || OF_HOSTFILE
help
This enables U-Boot to access information about binman entries,
stored in the device tree in a binman node. Typical uses are to
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment