Commit 0de81535 authored by Tom Rini's avatar Tom Rini
Browse files

Merge branch '2019-07-17-master-imports'

- Various FS/disk related fixes with security implications.
- Proper fix for the pci_ep test.
- Assorted bugfixes
- Some MediaTek updates.
- 'env erase' support.
parents 9a06eb80 bf88d2b0
......@@ -365,13 +365,11 @@ matrix:
- name: "test/py sandbox"
env:
- TEST_PY_BD="sandbox"
TEST_PY_TEST_SPEC="not pci"
BUILDMAN="^sandbox$"
TOOLCHAIN="i386"
- name: "test/py sandbox with clang"
env:
- TEST_PY_BD="sandbox"
TEST_PY_TEST_SPEC="not pci"
BUILDMAN="^sandbox$"
OVERRIDE="clang-7"
- name: "test/py sandbox_spl"
......@@ -384,7 +382,6 @@ matrix:
- name: "test/py sandbox_flattree"
env:
- TEST_PY_BD="sandbox_flattree"
TEST_PY_TEST_SPEC="not pci"
BUILDMAN="^sandbox_flattree$"
TOOLCHAIN="i386"
- name: "test/py evb-ast2500"
......
......@@ -840,6 +840,7 @@ config ARCH_OWL
config ARCH_QEMU
bool "QEMU Virtual Platform"
select ARCH_SUPPORT_TFABOOT
select DM
select DM_SERIAL
select OF_CONTROL
......@@ -1100,6 +1101,7 @@ config TARGET_LS1088AQDS
select ARCH_MISC_INIT
select ARM64
select ARMV8_MULTIENTRY
select ARCH_SUPPORT_TFABOOT
select BOARD_LATE_INIT
select SUPPORT_SPL
select FSL_DDR_INTERACTIVE if !SD_BOOT
......@@ -1115,6 +1117,7 @@ config TARGET_LS2080AQDS
select ARCH_MISC_INIT
select ARM64
select ARMV8_MULTIENTRY
select ARCH_SUPPORT_TFABOOT
select BOARD_LATE_INIT
select SUPPORT_SPL
imply SCSI
......@@ -1133,6 +1136,7 @@ config TARGET_LS2080ARDB
select ARCH_MISC_INIT
select ARM64
select ARMV8_MULTIENTRY
select ARCH_SUPPORT_TFABOOT
select BOARD_LATE_INIT
select SUPPORT_SPL
select FSL_DDR_BIST
......@@ -1165,6 +1169,7 @@ config TARGET_LX2160ARDB
select ARCH_MISC_INIT
select ARM64
select ARMV8_MULTIENTRY
select ARCH_SUPPORT_TFABOOT
select BOARD_LATE_INIT
help
Support for NXP LX2160ARDB platform.
......@@ -1178,6 +1183,7 @@ config TARGET_LX2160AQDS
select ARCH_MISC_INIT
select ARM64
select ARMV8_MULTIENTRY
select ARCH_SUPPORT_TFABOOT
select BOARD_LATE_INIT
help
Support for NXP LX2160AQDS platform.
......@@ -1218,6 +1224,7 @@ config TARGET_LS1012AQDS
bool "Support ls1012aqds"
select ARCH_LS1012A
select ARM64
select ARCH_SUPPORT_TFABOOT
select BOARD_LATE_INIT
help
Support for Freescale LS1012AQDS platform.
......@@ -1229,6 +1236,7 @@ config TARGET_LS1012ARDB
bool "Support ls1012ardb"
select ARCH_LS1012A
select ARM64
select ARCH_SUPPORT_TFABOOT
select BOARD_LATE_INIT
imply SCSI
imply SCSI_AHCI
......@@ -1242,6 +1250,7 @@ config TARGET_LS1012A2G5RDB
bool "Support ls1012a2g5rdb"
select ARCH_LS1012A
select ARM64
select ARCH_SUPPORT_TFABOOT
select BOARD_LATE_INIT
imply SCSI
help
......@@ -1254,6 +1263,7 @@ config TARGET_LS1012AFRWY
bool "Support ls1012afrwy"
select ARCH_LS1012A
select ARM64
select ARCH_SUPPORT_TFABOOT
select BOARD_LATE_INIT
imply SCSI
imply SCSI_AHCI
......@@ -1267,6 +1277,7 @@ config TARGET_LS1012AFRDM
bool "Support ls1012afrdm"
select ARCH_LS1012A
select ARM64
select ARCH_SUPPORT_TFABOOT
help
Support for Freescale LS1012AFRDM platform.
The LS1012A Freedom board (FRDM) is a high-performance
......@@ -1278,6 +1289,7 @@ config TARGET_LS1028AQDS
select ARCH_LS1028A
select ARM64
select ARMV8_MULTIENTRY
select ARCH_SUPPORT_TFABOOT
help
Support for Freescale LS1028AQDS platform
The LS1028A Development System (QDS) is a high-performance
......@@ -1289,6 +1301,7 @@ config TARGET_LS1028ARDB
select ARCH_LS1028A
select ARM64
select ARMV8_MULTIENTRY
select ARCH_SUPPORT_TFABOOT
help
Support for Freescale LS1028ARDB platform
The LS1028A Development System (RDB) is a high-performance
......@@ -1301,6 +1314,7 @@ config TARGET_LS1088ARDB
select ARCH_MISC_INIT
select ARM64
select ARMV8_MULTIENTRY
select ARCH_SUPPORT_TFABOOT
select BOARD_LATE_INIT
select SUPPORT_SPL
select FSL_DDR_INTERACTIVE if !SD_BOOT
......@@ -1359,6 +1373,7 @@ config TARGET_LS1043AQDS
select ARCH_LS1043A
select ARM64
select ARMV8_MULTIENTRY
select ARCH_SUPPORT_TFABOOT
select BOARD_EARLY_INIT_F
select BOARD_LATE_INIT
select SUPPORT_SPL
......@@ -1373,6 +1388,7 @@ config TARGET_LS1043ARDB
select ARCH_LS1043A
select ARM64
select ARMV8_MULTIENTRY
select ARCH_SUPPORT_TFABOOT
select BOARD_EARLY_INIT_F
select BOARD_LATE_INIT
select SUPPORT_SPL
......@@ -1384,6 +1400,7 @@ config TARGET_LS1046AQDS
select ARCH_LS1046A
select ARM64
select ARMV8_MULTIENTRY
select ARCH_SUPPORT_TFABOOT
select BOARD_EARLY_INIT_F
select BOARD_LATE_INIT
select DM_SPI_FLASH if DM_SPI
......@@ -1403,6 +1420,7 @@ config TARGET_LS1046ARDB
select ARCH_LS1046A
select ARM64
select ARMV8_MULTIENTRY
select ARCH_SUPPORT_TFABOOT
select BOARD_EARLY_INIT_F
select BOARD_LATE_INIT
select DM_SPI_FLASH if DM_SPI
......@@ -1422,6 +1440,7 @@ config TARGET_LS1046AFRWY
select ARCH_LS1046A
select ARM64
select ARMV8_MULTIENTRY
select ARCH_SUPPORT_TFABOOT
select BOARD_EARLY_INIT_F
select BOARD_LATE_INIT
select DM_SPI_FLASH if DM_SPI
......@@ -1565,6 +1584,17 @@ config ARCH_ASPEED
endchoice
config ARCH_SUPPORT_TFABOOT
bool
config TFABOOT
bool "Support for booting from TF-A"
depends on ARCH_SUPPORT_TFABOOT
default n
help
Enabling this will make a U-Boot binary that is capable of being
booted via TF-A.
config TI_SECURE_DEVICE
bool "HS Device Type Support"
depends on ARCH_KEYSTONE || ARCH_OMAP2PLUS || ARCH_K3
......
......@@ -623,10 +623,3 @@ config HAS_FSL_XHCI_USB
help
For some SoC(such as LS1043A and LS1046A), USB and QE-HDLC multiplex use
pins, select it when the pins are assigned to USB.
config TFABOOT
bool "Support for booting from TFA"
default n
help
Enabling this will make a U-Boot binary that is capable of being
booted via TFA.
......@@ -18,7 +18,6 @@
chosen {
stdout-path = &uart0;
tick-timer = &timer0;
};
};
......
......@@ -82,8 +82,8 @@
compatible = "mediatek,timer";
reg = <0x10004000 0x80>;
interrupts = <GIC_SPI 152 IRQ_TYPE_LEVEL_LOW>;
clocks = <&topckgen CLK_TOP_10M_SEL>,
<&topckgen CLK_TOP_CLKXTAL_D4>;
clocks = <&topckgen CLK_TOP_CLKXTAL_D4>,
<&topckgen CLK_TOP_10M_SEL>;
clock-names = "mux", "src";
u-boot,dm-pre-reloc;
};
......
......@@ -86,7 +86,7 @@ struct pt_regs {
#define user_mode(regs) \
(((regs)->ARM_cpsr & 0xf) == 0)
#ifdef CONFIG_ARM_THUMB
#if CONFIG_IS_ENABLED(SYS_THUMB_BUILD)
#define thumb_mode(regs) \
(((regs)->ARM_cpsr & T_BIT))
#else
......
......@@ -4,6 +4,7 @@
*/
#include <linux/linkage.h>
#include <asm/proc-armv/ptrace.h>
#define WAIT_CODE_SRAM_BASE 0x0010ff00
......@@ -27,6 +28,18 @@ ENTRY(lowlevel_init)
movt r0, #0x131
mcr p15, 0, r0, c14, c0, 0
cps #MON_MODE
mrc p15, 0, r1, c1, c1, 0 @ Get Secure Config
orr r0, r1, #1
mcr p15, 0, r0, c1, c1, 0 @ Set Non Secure bit
isb
mov r0, #0
mcrr p15, 4, r0, r0, c14 @ CNTVOFF = 0
isb
mcr p15, 0, r1, c1, c1, 0 @ Set Secure bit
isb
cps #SVC_MODE
/* enable SMP bit */
mrc p15, 0, r0, c1, c0, 1
orr r0, r0, #0x40
......
......@@ -24,6 +24,7 @@ config BOARD_SPECIFIC_OPTIONS # dummy
imply VIRTIO_MMIO
imply VIRTIO_NET
imply VIRTIO_BLK
imply VIRTIO_PCI
imply CMD_PING
imply CMD_FS_GENERIC
imply DOS_PARTITION
......
......@@ -408,6 +408,14 @@ config CMD_SAVEENV
Save all environment variables into the compiled-in persistent
storage.
config CMD_ERASEENV
bool "eraseenv"
default n
depends on CMD_SAVEENV
help
Erase environment variables from the compiled-in persistent
storage.
config CMD_ENV_EXISTS
bool "env exists"
default y
......@@ -563,6 +571,13 @@ config CMD_MEMORY
base - print or set address offset
loop - initialize loop on address range
config CMD_RANDOM
bool "random"
default y
depends on CMD_MEMORY && (LIB_RAND || LIB_HW_RAND)
help
random - fill memory with random data
config CMD_MEMTEST
bool "memtest"
help
......
......@@ -1082,6 +1082,49 @@ static int do_mem_crc(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
#endif
#ifdef CONFIG_CMD_RANDOM
static int do_random(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
{
unsigned long addr, len;
unsigned long seed; // NOT INITIALIZED ON PURPOSE
unsigned int *buf, *start;
unsigned char *buf8;
unsigned int i;
if (argc < 3 || argc > 4) {
printf("usage: %s <addr> <len> [<seed>]\n", argv[0]);
return 0;
}
len = simple_strtoul(argv[2], NULL, 16);
addr = simple_strtoul(argv[1], NULL, 16);
if (argc == 4) {
seed = simple_strtoul(argv[3], NULL, 16);
if (seed == 0) {
printf("The seed cannot be 0. Using 0xDEADBEEF.\n");
seed = 0xDEADBEEF;
}
} else {
seed = get_timer(0) ^ rand();
}
srand(seed);
start = map_sysmem(addr, len);
buf = start;
for (i = 0; i < (len / 4); i++)
*buf++ = rand();
buf8 = (unsigned char *)buf;
for (i = 0; i < (len % 4); i++)
*buf8++ = rand() & 0xFF;
unmap_sysmem(start);
printf("%lu bytes filled with random data\n", len);
return 1;
}
#endif
/**************************************************/
U_BOOT_CMD(
md, 3, 1, do_mem_md,
......@@ -1250,3 +1293,12 @@ U_BOOT_CMD(
""
);
#endif
#ifdef CONFIG_CMD_RANDOM
U_BOOT_CMD(
random, 4, 0, do_random,
"fill memory with random pattern",
"<addr> <len> [<seed>]\n"
" - Fill 'len' bytes of memory starting at 'addr' with random data\n"
);
#endif
......@@ -767,6 +767,20 @@ U_BOOT_CMD(
"save environment variables to persistent storage",
""
);
#if defined(CONFIG_CMD_ERASEENV)
static int do_env_erase(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[])
{
return env_erase() ? 1 : 0;
}
U_BOOT_CMD(
eraseenv, 1, 0, do_env_erase,
"erase environment variables from persistent storage",
""
);
#endif
#endif
#endif /* CONFIG_SPL_BUILD */
......@@ -1316,6 +1330,9 @@ static cmd_tbl_t cmd_env_sub[] = {
#endif
#if defined(CONFIG_CMD_SAVEENV) && defined(ENV_IS_IN_DEVICE)
U_BOOT_CMD_MKENT(save, 1, 0, do_env_save, "", ""),
#if defined(CONFIG_CMD_ERASEENV)
U_BOOT_CMD_MKENT(erase, 1, 0, do_env_erase, "", ""),
#endif
#endif
U_BOOT_CMD_MKENT(set, CONFIG_SYS_MAXARGS, 0, do_env_set, "", ""),
#if defined(CONFIG_CMD_ENV_EXISTS)
......@@ -1396,6 +1413,9 @@ static char env_help_text[] =
#endif
#if defined(CONFIG_CMD_SAVEENV) && defined(ENV_IS_IN_DEVICE)
"env save - save environment\n"
#if defined(CONFIG_CMD_ERASEENV)
"env erase - erase environment\n"
#endif
#endif
#if defined(CONFIG_CMD_NVEDIT_EFI)
"env set -e name [arg ...] - set UEFI variable; unset if 'arg' not specified\n"
......
......@@ -356,8 +356,13 @@ int cmd_auto_complete(const char *const prompt, char *buf, int *np, int *colp)
int i, j, k, len, seplen, argc;
int cnt;
char last_char;
#ifdef CONFIG_CMDLINE_PS_SUPPORT
const char *ps_prompt = env_get("PS1");
#else
const char *ps_prompt = CONFIG_SYS_PROMPT;
#endif
if (strcmp(prompt, CONFIG_SYS_PROMPT) != 0)
if (strcmp(prompt, ps_prompt) != 0)
return 0; /* not in normal console */
cnt = strlen(buf);
......
CONFIG_PPC=y
CONFIG_SYS_TEXT_BASE=0x11000000
CONFIG_MPC85xx=y
CONFIG_TARGET_UCP1020=y
CONFIG_TARGET_UCP1020_SPIFLASH=y
CONFIG_FIT=y
CONFIG_FIT_VERBOSE=y
CONFIG_OF_BOARD_SETUP=y
CONFIG_OF_STDOUT_VIA_ALIAS=y
# CONFIG_MISC_INIT_R is not set
CONFIG_BOARD_EARLY_INIT_F=y
CONFIG_BOARD_EARLY_INIT_R=y
CONFIG_LAST_STAGE_INIT=y
CONFIG_HUSH_PARSER=y
# CONFIG_AUTO_COMPLETE is not set
CONFIG_AUTOBOOT_KEYED=y
CONFIG_AUTOBOOT_PROMPT="Autobooting in %d seconds, press \"<Esc>\" to stop\n"
CONFIG_AUTOBOOT_STOP_STR="\x1b"
CONFIG_CMD_IMLS=y
CONFIG_CMD_GPIO=y
CONFIG_CMD_I2C=y
CONFIG_CMD_MMC=y
# CONFIG_CMD_NAND is not set
CONFIG_CMD_MMC_SPI=y
CONFIG_CMD_SF=y
CONFIG_CMD_SPI=y
CONFIG_CMD_USB=y
CONFIG_CMD_DHCP=y
CONFIG_CMD_MII=y
CONFIG_CMD_PING=y
CONFIG_CMD_DATE=y
CONFIG_MP=y
# CONFIG_CMD_HASH is not set
CONFIG_CMD_CRAMFS=y
CONFIG_CMD_EXT2=y
CONFIG_CMD_FAT=y
CONFIG_ENV_IS_IN_SPI_FLASH=y
CONFIG_FSL_ESDHC=y
CONFIG_MTD_NOR_FLASH=y
CONFIG_FLASH_CFI_DRIVER=y
CONFIG_SYS_FLASH_USE_BUFFER_WRITE=y
CONFIG_SYS_FLASH_CFI=y
CONFIG_SPI_FLASH=y
CONFIG_SF_DEFAULT_MODE=0
CONFIG_SF_DEFAULT_SPEED=10000000
CONFIG_SPI_FLASH_STMICRO=y
CONFIG_SPI_FLASH_SST=y
CONFIG_SPI_FLASH_WINBOND=y
CONFIG_PHY_MARVELL=y
CONFIG_PHY_GIGE=y
CONFIG_E1000=y
CONFIG_MII=y
CONFIG_TSEC_ENET=y
CONFIG_SYS_NS16550=y
CONFIG_SPI=y
CONFIG_FSL_ESPI=y
CONFIG_USB=y
CONFIG_USB_STORAGE=y
CONFIG_FS_CRAMFS=y
CONFIG_OF_LIBFDT=y
CONFIG_ARM=y
CONFIG_SYS_ARCH_TIMER=y
CONFIG_SYS_THUMB_BUILD=y
CONFIG_ARCH_MEDIATEK=y
CONFIG_SYS_TEXT_BASE=0x41e00000
......@@ -67,9 +68,6 @@ CONFIG_MTK_QSPI=y
CONFIG_SYSRESET=y
CONFIG_SPL_SYSRESET=y
CONFIG_SYSRESET_WATCHDOG=y
CONFIG_TIMER=y
CONFIG_SPL_TIMER=y
CONFIG_MTK_TIMER=y
CONFIG_WDT_MTK=y
CONFIG_LZMA=y
# CONFIG_EFI_LOADER is not set
......@@ -23,6 +23,10 @@
#define DOS_PART_DEFAULT_SECTOR 512
/* should this be configurable? It looks like it's not very common at all
* to use large numbers of partitions */
#define MAX_EXT_PARTS 256
/* Convert char[4] in little endian format to the host format integer
*/
static inline unsigned int le32_to_int(unsigned char *le32)
......@@ -126,6 +130,13 @@ static void print_partition_extended(struct blk_desc *dev_desc,
dos_partition_t *pt;
int i;
/* set a maximum recursion level */
if (part_num > MAX_EXT_PARTS)
{
printf("** Nested DOS partitions detected, stopping **\n");
return;
}
if (blk_dread(dev_desc, ext_part_sector, 1, (ulong *)buffer) != 1) {
printf ("** Can't read partition table on %d:" LBAFU " **\n",
dev_desc->devnum, ext_part_sector);
......@@ -191,6 +202,13 @@ static int part_get_info_extended(struct blk_desc *dev_desc,
int i;
int dos_type;
/* set a maximum recursion level */
if (part_num > MAX_EXT_PARTS)
{
printf("** Nested DOS partitions detected, stopping **\n");
return -1;
}
if (blk_dread(dev_desc, ext_part_sector, 1, (ulong *)buffer) != 1) {
printf ("** Can't read partition table on %d:" LBAFU " **\n",
dev_desc->devnum, ext_part_sector);
......
......@@ -33,12 +33,18 @@ To obtain:
cd u-boot
git checkout cros-master
cd ..
git clone https://chromium.googlesource.com/chromiumos/platform/vboot_reference
cd vboot_reference
git checkout 45964294
# futility: updater: Correct output version for Snow
To build for sandbox:
UB=/tmp/b/chromeos_sandbox # U-Boot build directory
CROS=/home/sglass/cosarm # Chromium OS directory
make O=$UB/chromeos_sandbox_defconfig
make O=$UB -j20 -s VBOOT_SOURCE=$CROS/src/platform/vboot_reference \
cd u-boot
make O=$UB chromeos_sandbox_defconfig
make O=$UB -j20 -s VBOOT_SOURCE=/path/to/vboot_reference \
MAKEFLAGS_VBOOT=DEBUG=1 QUIET=1
Replace sandbox with another supported target.
......
......@@ -5,8 +5,8 @@ Android Fastboot
Overview
========
The protocol that is used over USB and UDP is described in the
``README.android-fastboot-protocol`` file in the same directory.
The protocol that is used over USB and UDP is described in
``doc/android/fastboot-protocol.txt``.
The current implementation supports the following standard commands:
......
......@@ -388,8 +388,8 @@ Test Verified Boot Run: signed config with bad hash: OK
Test passed
Hardware Signing with PKCS#11
-----------------------------
Hardware Signing with PKCS#11 or with HSM
-----------------------------------------
Securely managing private signing keys can challenging, especially when the
keys are stored on the file system of a computer that is connected to the
......@@ -402,14 +402,43 @@ them perform the signing. PKCS#11 is standard for interfacing with these crypto
device.
Requirements:
Smartcard/USB token/HSM which can work with the pkcs11 engine
Smartcard/USB token/HSM which can work with some openssl engine
openssl
For pkcs11 engine usage:
libp11 (provides pkcs11 engine)
p11-kit (recommended to simplify setup)
opensc (for smartcards and smartcard like USB devices)
gnutls (recommended for key generation, p11tool)
The following examples use the Nitrokey Pro. Instructions for other devices may vary.
For generic HSMs respective openssl engine must be installed and locateable by
openssl. This may require setting up LD_LIBRARY_PATH if engine is not installed
to openssl's default search paths.
PKCS11 engine support forms "key id" based on "keydir" and with
"key-name-hint". "key-name-hint" is used as "object" name and "keydir" if
defined is used to define (prefix for) which PKCS11 source is being used for
lookup up for the key.
PKCS11 engine key ids:
"pkcs11:<keydir>;object=<key-name-hint>;type=<public|private>"
or
"pkcs11:object=<key-name-hint>;type=<public|private>",
Generic HSM engine support forms "key id" based on "keydir" and with
"key-name-hint". If "keydir" is specified for mkimage it is used as a prefix in
"key id" and is appended with "key-name-hint".
Generic engine key ids:
"<keydir><key-name-hint>"
or
"<key-name-hint>"
As mkimage does not at this time support prompting for passwords HSM may need
key preloading wrapper to be used when invoking mkimage.
The following examples use the Nitrokey Pro using pkcs11 engine. Instructions
for other devices may vary.
Notes on pkcs11 engine setup:
......
......@@ -208,7 +208,11 @@ int blk_select_hwpart_devnum(enum if_type if_type, int devnum, int hwpart)
if (ret)
return ret;
return blk_select_hwpart(dev, hwpart);
ret = blk_select_hwpart(dev, hwpart);
if (!ret)
blkcache_invalidate(if_type, devnum);
return ret;
}
int blk_list_part(enum if_type if_type)
......@@ -348,7 +352,13 @@ int blk_select_hwpart(struct udevice *dev, int hwpart)
int blk_dselect_hwpart(struct blk_desc *desc, int hwpart)
{
return blk_select_hwpart(desc->bdev, hwpart);
int ret;
ret = blk_select_hwpart(desc->bdev, hwpart);
if (!ret)
blkcache_invalidate(desc->if_type, desc->devnum);
return ret;
}
int blk_first_device(int if_type, struct udevice **devp)
......