Heinrich Schuchardt authored 4 years ago and Tom Rini committed 4 years ago

Remove initialization of ret with unused value.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>

Rasmus Villemoes authored 4 years ago and Tom Rini committed 4 years ago

Commit fdf0819a (rsa: fix alignment issue when getting public
exponent) changed the logic to avoid doing an 8-byte access to a
possibly-not-8-byte-aligned address.

However, using rsa_convert_big_endian is wrong: That function converts
an array of big-endian (32-bit) words with the most significant word
first (aka a BE byte array) to an array of cpu-endian words with the
least significant word first. While the exponent is indeed _stored_ as
a big-endian 64-bit word (two BE words with MSW first), we want to
extract it as a cpu-endian 64 bit word. On a little-endian host,
swapping the words and byte-swapping each 32-bit word works, because
that's the same as byte-swapping the whole 64 bit word. But on a
big-endian host, the fdt32_to_cpu are no-ops, but
rsa_convert_big_endian() still does the word-swapping, breaking
verified boot.

To fix that, while still ensuring we don't do unaligned accesses, add
a little helper that first memcpy's the bytes to a local fdt64_t, then
applies fdt64_to_cpu(). [The name is chosen based on the
[bl]eXX_to_cpup in linux/byteorder/generic.h].

Fixes: fdf0819a ("rsa: fix alignment issue when getting public exponent")
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Simon Glass <sjg@chromium.org>

Matthieu CASTET authored 4 years ago and Tom Rini committed 4 years ago

The algo name should match between the FIT's signature node and the
U-Boot's control FDT.

If we do not check it, U-Boot's control FDT can expect sha512 hash but
nothing will prevent to accept image with sha1 hash if the signature is correct.

Signed-off-by: Matthieu CASTET <castet.matthieu@free.fr>

Philippe Reynes authored 4 years ago and Tom Rini committed 4 years ago

Binaries may be encrypted in a FIT image with AES. This
algo needs a key and an IV (Initialization Vector). The
IV is provided in a file (pointer by iv-name-hint in the
ITS file) when building the ITB file.

This commits adds provide an alternative way to manage
the IV. If the property iv-name-hint is not provided in
the ITS file, the tool mkimage will generate an random
IV and store it in the FIT image.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

Heinrich Schuchardt authored 4 years ago and Tom Rini committed 4 years ago

We assign first_deleted = 0. There is no need to check its value without
any further assignment in between.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>

Simon Glass authored 4 years ago and Tom Rini committed 4 years ago

It is sometimes useful to output hex dumps in SPL. Add a config option to
allow this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Stefan Roese <sr@denx.de>

Patrick Delaunay authored 4 years ago and Simon Glass committed 4 years ago

The result of fdt_node_offset_by_phandle is negative for error,
so this patch corrects the check of this result in
fdtdec_parse_phandle_with_args.

This patch allows to have the same behavior with or without OF_LIVE
for the function dev_read_phandle_with_args with cell_name = NULL and
with invalid phandle.

Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

CONFIG_EFI_GRUB_ARM32 is only needed for architectures with caches that are
not managed via CP15 (or for some outdated buggy versions of GRUB). It
makes more sense to disable the setting per architecture than per defconfig.

Move QEMU's CONFIG_EFI_GRUB_ARM32_WORKAROUND=n from defconfig to Kconfig.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Sean Anderson authored 4 years ago and Heinrich Schuchardt committed 4 years ago

There is an extra space.

Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

When we do not execute a test requiring ExitBootServices do not reset the
system after testing.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Print the CRC32 loaded via the EFI_LOAD_FILE2_PROTOCOL as a hexadecimal
number.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Add code to use %x in efi_st_print().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

strsep() changes the address that its first argument points to.
We cannot use the changed address as argument of free().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

U-Boot offers a EFI_LOAD_FILE2_PROTOCOL which the Linux EFI stub can use to
load an initial RAM disk. Update the function comments of the
implementation.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Having an EFI_RNG_PROTOCOL without a backing RNG device leads to failure
to boot Linux 5.8.

Only install the EFI_RNG_PROTOCOL if we have a RNG device.

Reported-by: Scott K Logan <logans@cottsay.net>
Cc: Neil Armstrong <narmstrong@baylibre.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Simon Glass authored 4 years ago and Bin Meng committed 4 years ago

Use the correct name of the ACPI structure being created.

Signed-off-by: Simon Glass <sjg@chromium.org>

Simon Glass authored 4 years ago and Bin Meng committed 4 years ago

This adds tables relating to P-States and C-States.

Signed-off-by: Simon Glass <sjg@chromium.org>

Simon Glass authored 4 years ago and Bin Meng committed 4 years ago

ACPI has a number of CPU-related tables. Add utility functions to write
out the basic packages.

Signed-off-by: Simon Glass <sjg@chromium.org>

Simon Glass authored 4 years ago and Bin Meng committed 4 years ago

Add an implementation of the DBG2 (Debug Port Table 2) ACPI table.
Adjust one of the header includes to be in the correct order, before
adding more.

Note that the DBG2 table is generic but the PCI UART is x86-specific at
present since it assumes an ns16550 UART. It can be generalised later
if necessary.

Signed-off-by: Simon Glass <sjg@chromium.org>

Simon Glass authored 4 years ago and Bin Meng committed 4 years ago

This function currently accepts the IRQ-polarity type. Fix it to use the
GPIO type instead.

Signed-off-by: Simon Glass <sjg@chromium.org>

Simon Glass authored 4 years ago and Bin Meng committed 4 years ago

Add a function to generate ACPI code for a _DSM method for a device.
This includes functions for starting and ending each part of the _DSM.

Signed-off-by: Simon Glass <sjg@chromium.org>
[bmeng: fix the "new blank line at EOF" git warning]
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>

Simon Glass authored 4 years ago and Bin Meng committed 4 years ago

Add functions to support generating ACPI code for condition checks and
return values.

Signed-off-by: Simon Glass <sjg@chromium.org>

Simon Glass authored 4 years ago and Bin Meng committed 4 years ago

A 'Power Resource for Wake' list the resources a device depends on for
wake. Add a function to generate this.

Signed-off-by: Simon Glass <sjg@chromium.org>

Etienne Carriere authored 4 years ago and Simon Glass committed 4 years ago

OP-TEE reserved memory node must set property "no-map" to prevent
Linux kernel from mapping secure memory unless what non-secure world
speculative accesses of the CPU can violate the memory firmware
configuration.

Fixes: 6ccb05ea ("image: fdt: copy possible optee nodes to a loaded devicetree")
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>

Etienne Carriere authored 4 years ago and Simon Glass committed 4 years ago

Add boolean input argument @no_map to helper function
fdtdec_add_reserved_memory() to add or not "no-map" property
for an added reserved memory node.

Property no-map is used by the Linux kernel to not not map memory
in its static memory mapping. It is needed for example for the|
consistency of system non-cached memory and to prevent speculative
accesses to some firewalled memory.

No functional change. A later change will update to OPTEE library to
add no-map property to OP-TEE reserved memory nodes.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

On RISC-V check that the /chosen node has a boot-hartid property.

To run the test configure with CONFIG_CMD_BOOTEFI_SELFTEST=y and issue

    setenv efi_selftest device tree
    setenv serial# myserial
    bootefi selftest

If the test succeeds, it reports the boot-hartid, e.g.

    boot-hartid: 1

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Allow specifying the node on which a property is searched.
Test the device tree consistency more rigorously.
Some efi_st_printf() calls have been converted to efi_st_error().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Maxim Uvarov authored 4 years ago and Heinrich Schuchardt committed 4 years ago

Refine text for overlap_only_ram description to
match to what exactly flag does and aling description
with other functions.

Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Marek Vasut authored 4 years ago and Tom Rini committed 4 years ago

Repair incorrectly negated condition in the original patch which broke
DT memory node parsing on everything which has more than one DT memory
node, e.g. R-Car3.

In case multiple valid memory nodes are present in the DT, the original
patch would complete parsing cycle for the first memory node, then move
on to the next one, identify it as a valid, and end the parsing. The fix
is to invert the condition, to make the code behave as it did before the
livetree conversion, so it would continue parsing the subsequent memory
nodes as well.

Fixes: c2f0950c ("lib: fdt: Convert fdtdes_setup_mem..() to livetree API")
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Michal Simek <michal.simek@xilinx.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Tested-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Michal Simek <michal.simek@xilinx.com>

Before calling do_reset() in the EFI selftest we must restore the global
data pointer.

Fixes: fa63753f ("efi_selftest: substitute ResetSystem() by do_reset()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

On RISC-V the global data pointer is stored in register gp. When a UEFI
binary calls the EFI API we have to restore it.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

efi_var_mem_notify_exit_boot_services() is invoked when ExitBootServices()
is called by the UEFI payload.

efi_var_mem_notify_exit_boot_services() should not be defined as
__efi_runtime as it is invoking EFI_ENTRY() and EFI_EXIT() which themselves
are not __efi_runtime.

Fixes: f1f990a8 ("efi_loader: memory buffer for variables")
Fixes: e01aed47 ("efi_loader: Enable run-time variable support for tee based variables")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Robert Reither authored 4 years ago and Heinrich Schuchardt committed 4 years ago

Fixes problem for unaligned 32bit big-endian access in
lib/rsa/rsa-keyprop.c.

Exchanges br_i32_decode() with get_unaligned_be32().

This will keep the unaligned access for architectures capable and will do
some byte-shift magic for the not so capable ones.

Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-by: Robert Reither <robert.reither@external.thalesgroup.com>
Remove unused include.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

CONFIG_EFI_LOADER cannot be selected for ARMv7-M CPUs. So don't check it in
the Makefile.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

The image size is checked in efi_load_pe(). Avoid checking it twice.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Currently if the bootefi command fails due to missing authentication, the
user gets no feedback.

Write a log message 'Image not authenticated' if LoadImage() fails due to
missing authentication.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Use log_err() for error messages.
Replace debug() by EFI_PRINT().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Heinrich Schuchardt authored 4 years ago and Tom Rini committed 4 years ago

After allocating to pointer ctx we should check that pointer and not
another pointer already checked above.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>

Since commit 86cf1c82 ("configs: Migrate CONFIG_NR_DRAM_BANKS") &
commit 999a772d ("Kconfig: Migrate CONFIG_NR_DRAM_BANKS"),
CONFIG_NR_DRAM_BANKS is always defined with a value (4 is default).
It makes no sense to still carry code that is guarded with
"#ifndef CONFIG_NR_DRAM_BANKS" (and similar). This patch removes
all these unreferenced code paths.

Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>

Suneel Garapati authored 5 years ago and Stefan Roese committed 4 years ago

Add fdtdec_get_pci_bus_range to read bus-range property
values.

Signed-off-by: Suneel Garapati <sgarapati@marvell.com>
Reviewed-by: Simon Glass <sjg@chromium.org>