Raymond Mao <raymond.mao@linaro.org> says:
Integrate MbedTLS v3.6 LTS (currently v3.6.0) with U-Boot.
Motivations:
------------
1. MbedTLS is well maintained with LTS versions.
2. LWIP is integrated with MbedTLS and easily to enable HTTPS.
3. MbedTLS recently switched license back to GPLv2.
Prerequisite:
-------------
This patch series requires mbedtls git repo to be added as a
subtree to the main U-Boot repo via:
$ git subtree add --prefix lib/mbedtls/external/mbedtls \
https://github.com/Mbed-TLS/mbedtls.git \
v3.6.0 --squash
Moreover, due to the Windows-style files from mbedtls git repo,
we need to convert the CRLF endings to LF and do a commit manually:
$ git add --renormalize .
$ git commit
New Kconfig options:
--------------------
`MBEDTLS_LIB` is for MbedTLS general switch.
`MBEDTLS_LIB_CRYPTO` is for replacing original digest and crypto libs with
MbedTLS.
`MBEDTLS_LIB_CRYPTO_ALT` is for using original U-Boot crypto libs as
MbedTLS crypto alternatives.
`MBEDTLS_LIB_X509` is for replacing original X509, PKCS7, MSCode, ASN1,
and Pubkey parser with MbedTLS.
By default `MBEDTLS_LIB_CRYPTO_ALT` and `MBEDTLS_LIB_X509` are selected
when `MBEDTLS_LIB` is enabled.
`LEGACY_CRYPTO` is introduced as a main switch for legacy crypto library.
`LEGACY_CRYPTO_BASIC` is for the basic crypto functionalities and
`LEGACY_CRYPTO_CERT` is for the certificate related functionalities.
For each of the algorithm, a pair of `<alg>_LEGACY` and `<alg>_MBEDTLS`
Kconfig options are introduced. Meanwhile, `SPL_` Kconfig options are
introduced.
In this patch set, MBEDTLS_LIB, MBEDTLS_LIB_CRYPTO and MBEDTLS_LIB_X509
are by default enabled in qemu_arm64_defconfig and sandbox_defconfig
for testing purpose.
Patches for external MbedTLS project:
-------------------------------------
Since U-Boot uses Microsoft Authentication Code to verify PE/COFFs
executables which is not supported by MbedTLS at the moment,
addtional patches for MbedTLS are created to adapt with the EFI loader:
1. Decoding of Microsoft Authentication Code.
2. Decoding of PKCS#9 Authenticate Attributes.
3. Extending MbedTLS PKCS#7 lib to support multiple signer's certificates.
4. MbedTLS native test suites for PKCS#7 signer's info.
All above 4 patches (tagged with `mbedtls/external`) are submitted to
MbedTLS project and being reviewed, eventually they should be part of
MbedTLS LTS release.
But before that, please merge them into U-Boot, otherwise the building
will be broken when MBEDTLS_LIB_X509 is enabled.
See below PR link for the reference:
https://github.com/Mbed-TLS/mbedtls/pull/9001
Miscellaneous:
--------------
Optimized MbedTLS library size by tailoring the config file
and disabling all unnecessary features for EFI loader.
From v2, original libs (rsa, asn1_decoder, rsa_helper, md5, sha1, sha256,
sha512) are completely replaced when MbedTLS is enabled.
From v3, the size-growth is slightly reduced by refactoring Hash functions.
From v6, smaller implementations for SHA256 and SHA512 are enabled and
target size reduce significantly.
Target(QEMU arm64) size-growth when enabling MbedTLS:
v1: 6.03%
v2: 4.66%
v3 - v5: 4.55%
v6: 2.90%
Tests done:
-----------
EFI Secure Boot test (EFI variables loading and verifying, EFI signed image
verifying and booting) via U-Boot console.
EFI Secure Boot and Capsule sandbox test passed.
Known issues:
-------------
None.
Link: https://lore.kernel.org/u-boot/20241003215112.3103601-1-raymond.mao@linaro.org/
We don't need an API specially for non-watchdog since sha1_csum_wd
supports it by disabling CONFIG_HW_WATCHDOG and CONFIG_WATCHDOG.
Set 0x10000 as default chunk size for SHA1.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
As part of bringing the master branch back in to next, we need to allow
for all of these changes to exist here.
Reported-by: Jonas Karlman <jonas@kwiboo.se>
Signed-off-by: Tom Rini <trini@konsulko.com>
When bringing in the series 'arm: dts: am62-beagleplay: Fix Beagleplay
Ethernet"' I failed to notice that b4 noticed it was based on next and
so took that as the base commit and merged that part of next to master.
This reverts commit c8ffd1356d, reversing
changes made to 2ee6f3a5f7.
Reported-by: Jonas Karlman <jonas@kwiboo.se>
Signed-off-by: Tom Rini <trini@konsulko.com>
Add a new event which handles this function. Convert existing use of
the function to use the new event instead.
Make sure that EVENT is enabled by affected boards, by selecting it from
the LAST_STAGE_INIT option. For x86, enable it by default since all boards
need it.
For controlcenterdc, inline the get_tpm() function and make sure the event
is not built in SPL.
Signed-off-by: Simon Glass <sjg@chromium.org>
A number of platforms have "common" directories that are in turn not
listed by the board MAINTAINERS file. Add these directories in many
cases.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This is not used since CONFIG_SYS_FPGA_COMMON is not defined anywhere.
Drop the code and the Makefile rule.
Signed-off-by: Simon Glass <sjg@chromium.org>
The rest of the unmigrated CONFIG symbols in the CONFIG_SYS namespace do
not easily transition to Kconfig. In many cases they likely should come
from the device tree instead. Move these out of CONFIG namespace and in
to CFG namespace.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The rest of the unmigrated CONFIG symbols in the CONFIG_SYS_SDRAM
namespace do not easily transition to Kconfig. In many cases they likely
should come from the device tree instead. Move these out of CONFIG
namespace and in to CFG namespace.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
In a later patch sysinfo_get will be changed to return the device in cae
of an error. Set sysinfo to NULL on error to preserve previous behavior.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
We have a number of CONFIG_SYS_xxx_SIZE options to describe the amount
main memory available. Rework CONFIG_SYS_DDR_SIZE, which described a
size in number of MiB to use CONFIG_SYS_SDRAM_SIZE which is most often
used as a number of bytes. Use shifts of this option when required.
Signed-off-by: Tom Rini <trini@konsulko.com>
Currently we require PHY interface mode to be known when
finding/creating the PHY - the functions
* phy_connect_phy_id()
* phy_device_create()
* create_phy_by_mask()
* search_for_existing_phy()
* get_phy_device_by_mask()
* phy_find_by_mask()
all require the interface parameter, but the only thing done with it is
that it is assigned to phydev->interface.
This makes it impossible to find a PHY device without overwriting the
set mode.
Since the interface mode is not used during .probe() and should be used
at first in .config(), drop the interface parameter from these
functions. Make the default value of phydev->interface (in
phy_device_create()) to be PHY_INTERFACE_MODE_NA. Move the interface
parameter to phy_connect_dev(), where it should be.
Change all occurrences treewide. In occurrences where we don't call
phy_connect_dev() for some reason (they only configure the PHY without
connecting it to an ethernet controller), set
phydev->interface = value from phy_find_by_mask call.
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
Reviewed-by: Vladimir Oltean <vladimir.oltean@nxp.com>
I got an
<dirk.eibach@gdsys.cc>: host mxlb.ispgateway.de[80.67.18.126] said:
554 Sorry, no mailbox here by that name. (in reply to RCPT TO command)
when sending e-mail to dirk.eibach@gdsys.cc.
Drop Dirk Eibach from MAINTAINERS of board/gdsys/a38x and
board/gdsys/mpc8308. The latter would be left maintainerless, add
Mario Six <mario.six@gdsys.cc> (he is also maintainer of the former
board).
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
A385 controlcenterdc board does not use PCI DM properly and touches some
PCIe devices directly in its board code.
This controlcenterdc spl_board_init() function expects that PCIe link is
already initialized. Link itself is initialized in a38x serdes code but
this will change in future and link initialization will be postponed from
U-Boot SPL to proper U-Boot.
So explicitly enable PCIe link 2 in spl_board_init() function via
SoC Control Register 1 to not break this code by future changes. This board
has PCIe link 2 just x1, so no additional initialization (except enabling
PCIe port) is needed.
Signed-off-by: Pali Rohár <pali@kernel.org>
The only user of board_pex_config() weak function is A385 controlcenterdc
board. It looks like that code in its board_pex_config() function needs to
be executed after PCIe link is up. Therefore put this code into
spl_board_init() function which is called after a38x serdes initialization,
and therefore it is after the serdes hws_pex_config() function finishes
(which is the state before this change).
With this change completely remove board_pex_config() function as it is not
used anymore.
Signed-off-by: Pali Rohár <pali@kernel.org>
strncpy() simply bails out when copying a source string whose size
exceeds the destination string size, potentially leaving the destination
string unterminated.
One possible way to address is to pass MDIO_NAME_LEN - 1 and a
previously zero-initialized destination string, but this is more
difficult to maintain.
The chosen alternative is to use strlcpy(), which properly limits the
copy len in the (srclen >= size) case to "size - 1", and which is also
more efficient than the strncpy() byte-by-byte implementation by using
memcpy. The destination string returned by strlcpy() is always NULL
terminated.
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
It is a pain to have to specify the value 10 in each call. Add a new
dectoul() function and update the code to use it.
Signed-off-by: Simon Glass <sjg@chromium.org>
It is a pain to have to specify the value 16 in each call. Add a new
hextoul() function and update the code to use it.
Add a proper comment to simple_strtoul() while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
The gdsys a38x config file (controlcenterdc_defconfig) uses BootROM to
load U-Boot proper.
Since it is now possible to do this via U-Boot SPL framework, we do not
need to provide custom spl_board_init() which calls return_to_bootrom().
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
These boards have not been converted to CONFIG_DM_MMC by the deadline.
Remove them.
Cc: Mario Six <mario.six@gdsys.cc>
Cc: Dirk Eibach <dirk.eibach@gdsys.cc>
Signed-off-by: Tom Rini <trini@konsulko.com>
These boards have not been converted to CONFIG_DM_MMC, along with other
DM conversions, by the deadline. Remove them.
Cc: Dirk Eibach <dirk.eibach@gdsys.cc>
Signed-off-by: Tom Rini <trini@konsulko.com>
These boards have not been converted to CONFIG_DM_MMC, along with other
DM conversions, by the deadline. Remove them.
Cc: Dirk Eibach <dirk.eibach@gdsys.cc>
Signed-off-by: Tom Rini <trini@konsulko.com>
Take over the plain 'tpm_...' functions for use by the new TPM API. Rename
all the TPMv1 functions so they are called from the API.
Update the TPMv1 functions so that they are called from the API. Change
existing users to use the tpm1_ prefix so they don't need to go through
the API, which might introduce uncertainty.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
commit 6285efb8a118940877522c4c07bd7c64569b4f5f upstream.
the twin-die combined memory device should be treatened as X8
device and not as X16 one
Signed-off-by: Moti Buskila <motib@marvell.com>
Reviewed-by: Kostya Porotchkin <kostap@marvell.com>
[ - the default value for twin_die_combined is set to NOT_COMBINED for
all boards, as this was default behaviour prior this change ]
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Tested-by: Chris Packham <chris.packham@alliedtelesis.co.nz>
Move this out of the common header and include it only where needed. In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly. Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
This uclass is intended to provide a way to obtain information about a
U-Boot board. But the concept of a U-Boot 'board' is the whole system,
not just one circuit board, meaning that 'board' is something of a
misnomer for this uclass.
In addition, the name 'board' is a bit overused in U-Boot and we want to
use the same uclass to provide SMBIOS information.
The obvious name is 'system' but that is so vague as to be meaningless.
Use 'sysinfo' instead, since this uclass is aimed at providing information
on the system.
Rename everything accordingly.
Note: Due to the patch delta caused by the symbol renames, this patch
shows some renamed files as being deleted in one place and created in
another.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
The Linux coding style guide (Documentation/process/coding-style.rst)
clearly says:
It's a **mistake** to use typedef for structures and pointers.
Besides, using typedef for structures is annoying when you try to make
headers self-contained.
Let's say you have the following function declaration in a header:
void foo(bd_t *bd);
This is not self-contained since bd_t is not defined.
To tell the compiler what 'bd_t' is, you need to include <asm/u-boot.h>
#include <asm/u-boot.h>
void foo(bd_t *bd);
Then, the include direcective pulls in more bloat needlessly.
If you use 'struct bd_info' instead, it is enough to put a forward
declaration as follows:
struct bd_info;
void foo(struct bd_info *bd);
Right, typedef'ing bd_t is a mistake.
I used coccinelle to generate this commit.
The semantic patch that makes this change is as follows:
<smpl>
@@
typedef bd_t;
@@
-bd_t
+struct bd_info
</smpl>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.
Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.
This requires quite a few header-file additions.
Signed-off-by: Simon Glass <sjg@chromium.org>
Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.
Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.
Signed-off-by: Simon Glass <sjg@chromium.org>
Move this uncommon header out of the common header.
Fix up some style problems in flash.h while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.
Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>
These three clock functions don't use driver model and should be migrated.
In the meantime, create a new file to hold them.
Signed-off-by: Simon Glass <sjg@chromium.org>
This function can be dropped when all boards use driver model for PCI. For
now, move it into init.h with a comment.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
A number of board function belong in init.h with the others. Move them.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Move these functions into the command.h header file which is a better fit.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Drop inclusion of crc.h in common.h and use the correct header directly
instead.
With this we can drop the conflicting definition in fw_env.h and rely on
the crc.h header, which is already included.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>