- Jul 18, 2021
-
-
https://source.denx.de/u-boot/custodians/u-boot-efiTom Rini authored
Pull request for efi-2021-10-rc1-2 * Correct device path nodes for GUID partitions * Embed keys to check update capsules instead of providing then in DTB * Increase event log buffer size for measured boot.
-
Since we removed embeddingg the capsule key into a .dtb and fixed authenticated capsule updates for all boards, move the relevant documentation in the efi file and update it accordingly Signed-off-by:Ilias Apalodimas <ilias.apalodimas@linaro.org>
-
commit 322c813f ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by:
-
The capsule signature is now part of our DTB. This is problematic when a user is allowed to change/fixup that DTB from U-Boots command line since he can overwrite the signature as well. So Instead of adding the key on the DTB, embed it in the u-boot binary it self as part of it's .rodata. This assumes that the U-Boot binary we load is authenticated by a previous boot stage loader. Reviewed-by:
Masami Hiramatsu <masami.hiramatsu@linaro.org> Tested-by:
Sughosh Ganu <sughosh.ganu@linaro.org> Signed-off-by:
-
TCG PC Client PFP spec says "The Log Area Minimum Length for the TCG event log MUST be at least 64KB." in ACPI chapter. This commit increase the buffer size to 64KB. Signed-off-by:
Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by:
Heinrich Schuchardt <xypron.glpk@gmx.de>
-
Use %pD to log device-path instead of using efi_dp_str() and efi_free_pool() locally in find_boot_device(). This is a cleanup patch, no feature update nor fix. Suggested-by:
-
Previously, the GPT device GUID was being used instead of the partition, which was incorrect. Signed-off-by:
Alfonso Sánchez-Beato <alfonso.sanchez-beato@canonical.com> Let EFI_LOADER select CONFIG_PARTITION_UUIDS. Use log_warning() instead of printf() for warning. Reviewed-by:
Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
-
- Jul 17, 2021
-
-
Tom Rini authored
- A large rework of the logic around supporting various image types/formats and sharing between the host and target.
-
https://gitlab.denx.de/u-boot/custodians/u-boot-imxTom Rini authored
i.MX ---- - mx7ulp : fix WDOG - imx8 : Phytec - USB3 support for i.MX8 CI: https://source.denx.de/u-boot/custodians/u-boot-imx/-/pipelines/8277
-
According to i.MX7ULP Reference Manual we should wait for WDOG unlock and reconfiguration to complete. Section "59.5.3 Configure Watchdog" provides the following example: DisableInterrupts; //disable global interrupt WDOG_CNT = 0xD928C520; //unlock watchdog while(WDOG_CS[ULK]==0); //wait until registers are unlocked WDOG_TOVAL = 256; //set timeout value WDOG_CS = WDOG_CS_EN(1) | WDOG_CS_CLK(1) | WDOG_CS_INT(1) | WDOG_CS_WIN(0) | WDOG_CS_UPDATE(1); while(WDOG_CS[RCS]==0); //wait until new configuration takes effect EnableInterrupts; //enable global interrupt Update U-Boot WDOG driver to align with i.MX7ULP reference manual. Use 32 bits accessing to CS register. According to RM, the bits in this register only can write once after unlock. So using 8 bits access will cause problem. Reviewed-by:
Ye Li <ye.li@nxp.com> Signed-off-by:
Breno Lima <breno.lima@nxp.com> Signed-off-by:
Peng Fan <peng.fan@nxp.com>
-
According to i.MX7ULP Reference Manual the second word write for both UNLOCK and REFRESH operations must occur in maximum 16 bus clock. The current code is using writel() function which has a DMB barrier to order the memory access. The DMB between two words write may introduce some delay in certain circumstance, causing a WDOG timeout due to 16 bus clock window requirement. Replace writel() function by __raw_writel() to achieve a faster memory access and avoid such issue. Reviewed-by:
-
Setup USB clock in board codes, and enable the DWC3 XHCI and PHY drivers to make USB3.0 host port working on i.MX8MQ EVK. Signed-off-by:
Patrick Wildt <patrick@blueri.se>
-
Add clock function to setup relevant clocks for USB3.0 controllers and PHYs on i.MX8MQ Signed-off-by:
-
Add alias for two DWC3 usb controllers to fix the seq index. Signed-off-by:
-
Add the USB PHY driver for i.MX8MQ to work with DWC3 USB controller. Signed-off-by:
-
- Jul 16, 2021
-
-
Host tool features, such as mkimage's ability to sign FIT images were enabled or disabled based on the target configuration. However, this misses the point of a target-agnostic host tool. A target's ability to verify FIT signatures is independent of mkimage's ability to create those signatures. In fact, u-boot's build system doesn't sign images. The target code can be successfully built without relying on any ability to sign such code. Conversely, mkimage's ability to sign images does not require that those images will only work on targets which support FIT verification. Linking mkimage cryptographic features to target support for FIT verification is misguided. Without loss of generality, we can say that host features are and should be independent of target features. While we prefer that a host tool always supports the same feature set, we recognize the following - some users prefer to build u-boot without a dependency on OpenSSL. - some distros prefer to ship mkimage without linking to OpenSSL To allow these use cases, introduce a host-only Kconfig which is used to select or deselect libcrypto support. Some mkimage features or some host tools might not be available, but this shouldn't affect the u-boot build. I also considered setting the default of this config based on FIT_SIGNATURE. While it would preserve the old behaviour it's also contrary to the goals of this change. I decided to enable it by default, so that the default build yields the most feature-complete mkimage. Signed-off-by:Alexandru Gagniuc <mr.nuke.me@gmail.com>
-
Function pointers from crypto_algos array are relocated, when NEEDS_MANUAL_RELOC is set. This relocation doesn't happen if the algo is placed in a linker list. Implement this relocation. Signed-off-by:
Simon Glass <sjg@chromium.org> Acked-by:
Michal Simek <michal.simek@xilinx.com>
-
This macro is no longer needed for code flow or #ifdefs. Remove it. Signed-off-by:
-
This macro is no longer needed for code flow or #ifdefs. Remove it. Signed-off-by:
-
It is no longer necessary to implement rsa_() functions as no-ops depending on config options. It is merely sufficient to provide the prototypes, as the rsa code is no longer linked when unused. Signed-off-by:
-
It is no longer necessary to implement ecdsa_() functions as no-ops depending on config options. It is merely sufficient to provide the prototypes, as the ecdsa code is no longer linked when unused. Signed-off-by:
-
Crytographic algorithms (currently RSA), are stored in linker lists. The crypto_algos array is unused, so remove it, and any logic associated with it. Signed-off-by:
-
Move the RSA verification crytpo_algo structure out of the crypto_algos array, and into a linker list. Although it appears we are adding an #ifdef to rsa-verify.c, the gains outweigh this small inconvenience. This is because rsa_verify() is defined differently based on #ifdefs. This change allows us to have a single definition of rsa_verify(). Signed-off-by:
-
The purpose of this change is to enable crypto algorithms to be placed in linker lists, rather than be declared as a static array. The goal is to remove the crypto_algos array in a subsequent patch. Create a new linker list named "cryptos", and search it when image_get_crypto_algo() is invoked. NOTE that adding support for manual relocation of crypto_algos within linker lists is beyond the scope of this patch. Signed-off-by:
-
Remove any ifdefs in image-sig.c that were previously used to differentiate from the host code. Note that all code dedicated to relocating ->sign() and ->add_verify_data)_ can be safely removed, as signing is not supported target-side. NOTE that although it appears we are removing ecdsa256 support, this is intentional. ecdsa_verify() is a no-op on the target, and is currently only used by host code. Signed-off-by:
-
image-sig.c is used to map a hash or crypto algorithm name to a handler of that algorithm. There is some similarity between the host and target variants, with the differences worked out by #ifdefs. The purpose of this change is to remove those ifdefs. First, copy the file to a host-only version, and remove target specific code. Although it looks like we are duplicating code, subsequent patches will change the way target algorithms are searched. Besides we are only duplicating three string to struct mapping functions. This isn't something to fuss about. Signed-off-by:
-
This is not needed with Kconfig, since we can use IS_ENABLED() easily enough. Drop it. Signed-off-by:
-
We already have a host Kconfig for these SHA options. Use CONFIG_IS_ENABLED(SHAxxx) directly in the code shared with the host build, so we can drop the unnecessary indirections. Signed-off-by:
-
We already have a host Kconfig for SHA1. Use CONFIG_IS_ENABLED(SHA1) directly in the code shared with the host build, so we can drop the unnecessary indirection. Signed-off-by:
-
Drop the _SUPPORT suffix so we can use CONFIG_IS_ENABLED() with this option. Signed-off-by:
-
Drop the _SUPPORT suffix so we can use CONFIG_IS_ENABLED() with this option. Signed-off-by:
-
Drop the ENABLE and SUPPORT parts of this, which are redundant. Signed-off-by:
-
These option are named inconsistently with other SPL options, thus making them incompatible with the CONFIG_IS_ENABLED() macro. Rename them. Signed-off-by:
-
The ENABLE part of this name is redundant, since all boolean Kconfig options serve to enable something. The SUPPORT part is also redundant since Kconfigs can be assumed to enable support for something. Together they just serve to make these options overly long and inconsistent with other options. Rename FIT_ENABLE_SHAxxx_SUPPORT to FIT_SHAxxx Signed-off-by:
-
Tom Rini authored
- Large number of Coverity reported issues addressed - m41t62 bugfix - Support more Android image compression formats - FIT + DTO bugfix
-
https://source.denx.de/u-boot/custodians/u-boot-marvellTom Rini authored
- designware_wdt: reset watchdog in designware_wdt_stop() function (Meng) - socfpga_stratix10: enable wdt command (Meng) - wdt-uclass: Use IS_ENABLED for WATCHDOG_AUTOSTART (Teresa)
-
https://source.denx.de/u-boot/custodians/u-boot-stmTom Rini authored
- DTS: alignment with Linux kernel v5.13 for stm32mp15 boards - STM32MP1: update the stm32key command - STM32MP1: activate the rng command - STM32MP1: fix the stm32prog command (help, parttition size) - STM32MP1: add fdtoverlay_addr_r variable - STM32MP1: correctly managed SYSCON/SYSCFG clock - STM32MP1: remove mmc alias and directly use device instance in boot_instance variable
-
There is no separate SPL/TPL config for WATCHDOG_AUTOSTART. So use IS_ENABLED instead of CONFIG_IS_ENABLED to make watchdog working in SPL again. Fixes: 830d29ac ("watchdog: Allow to use CONFIG_WDT without starting watchdog") Signed-off-by:
Teresa Remmet <t.remmet@phytec.de> Reviewed-by:
Stefan Roese <sr@denx.de>
-
In latest u-boot code, watchdog feature is implemented, so enable wdt command by default. Signed-off-by:Meng Li <Meng.Li@windriver.com>
-
In uboot command line environment, watchdog is not able to be stopped with below commands: SOCFPGA_STRATIX10 # wdt dev watchdog@ffd00200 SOCFPGA_STRATIX10 # wdt stop Refer to watchdog driver in linux kernel, it is also need to reset watchdog after disable it so that the disable action takes effect. Signed-off-by:
Sean Anderson <sean.anderson@seco.com>
-
