Provide command 'mmc wp' to power on write protect boot areas on eMMC
devices.
The B_PWR_WP_EN bit in the extended CSD register BOOT_WP is set. The boot
area are write protected until the next power cycle occurs.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Boot partitions of eMMC devices can be power on or permanently write
protected. Let the 'mmc info' command display the protection state.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This pull request
* provides an implementation of UEFI secure booting
* fixes a problem with the rsa_mod_exp driver which stops some boards
from booting when CONFIG_RSA is enabled which is needed for UEFI
secure booting
* enables the EFI_RNG_PROTOCOL if DM_RNG is enabled
* fixes some function comments
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbcT5xx8ppvoGt20zxIHbvCwFGsQFAl6YjlcACgkQxIHbvCwF
GsQ6Jg/+KVRQF0Dn2jiag8Me9ZhafZx4xGTI3LEzFD7V9kG3dmUzbO3m8a5dEevW
bcPNA6EmcKAjyP09AZY4C8ns4sU7wzPu/GQvApD4S5+vcuNbEqRHfW6zzReNXq09
t89DrFH+XLhGnh4uSh0hmfjrlIPVi86hs/f57vKRayrBu8W2yGPci3SNTO5Y0AY1
to7sxP3hGlDCUhqIABWp5ylpWWUSG1MsVNcMOnHpj+jl0iWWYP46EQrGr95egQor
gcGgUOLdOLLOHPYUIOBmo9INnS2MbvE9Mfgh5Bw7JW8DIu/Xp7r1qePQyMLsngc1
pO5yzwMq6EQy6OjuYnXdIBXtHOlZ8rnE9pbTgyUR8T/2CdL2hqr9ddpqa4ryDABX
iaQF8FG+KhY0XQ5EIJV7pEkvf9TMwGguJNlOkmJPeub2n9i0k1tPk0Rwq5ZWWBIn
rHcgZXwl0On3O3f0HvfL0Oas5u9KE1HhA12h/EVmu2Muy36x2WxAAzDnsH19HzqU
QnWBAo8VMyp3qTIZjb3y+qrxcU/joPGt9+hxmur03hzmKOJ9JNOv6vExb+yUIyXQ
4ML6jvTvSVZbvkP++0zMKOjT8ks3xv5q84oFD5Gp4cG8ZpHpA9dj3mXM92Waepo4
pAkko5IGQ4SqaGIBltEQzrG+cCiHHezdD/raCwAo6DgYSmfZUvc=
=+ZDZ
-----END PGP SIGNATURE-----
Merge tag 'efi-2020-07-rc1' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-07-rc1
This pull request
* provides an implementation of UEFI secure booting
* fixes a problem with the rsa_mod_exp driver which stops some boards
from booting when CONFIG_RSA is enabled which is needed for UEFI
secure booting
* enables the EFI_RNG_PROTOCOL if DM_RNG is enabled
* fixes some function comments
'fdt systemsetup' wasn't working, due to the fact that the 'set' command
was being parsed in do_fdt() by only testing for the leading 's' instead
of "se", which kept the "sys" test further down from executing. Changed
to test for "se" instead, now 'fdt systemsetup' works (to test the
ft_system_setup proc w/o having to boot a kernel).
Signed-off-by: Tom Warren <twarren@nvidia.com>
This sub-command will be used to test image authentication,
in particular, a case where efi_load_image() failed with
EFI_SECURITY_VIOLATION but we still want to try efi_start_image().
We won't run such a case under normal bootmgr because it simply
refuses to call efi_start_image() if anything but EFI_SUCCESS
is returned when loading an image.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
With "-at" option, EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
will be passed to SetVariable() to authenticate the variable.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
A signature database variable is associated with a specific guid.
For convenience, if user doesn't supply any guid info, "env set|print -e"
should complement it.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Pull in changes that have been pending in our 'next' branch. This
includes:
- A large number of CI improvements including moving to gcc-9.2 for all
platforms.
- amlogic, xilinx, stm32, TI SoC updates
- USB and i2c subsystem updtaes
- Re-sync Kbuild/etc logic with v4.19 of the Linux kernel.
- RSA key handling improvements
Add a test for the dm drivers command. Also fix a null pointer dereference
revealed by said test.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Sub-nodes of /reserved-memory may be disabled. In this case we should not
reserve memory in the memory map.
Reported-by: Patrick DELAUNAY <patrick.delaunay@st.com>
Fixes: fef907b2e4 ("efi_loader: create reservations after
ft_board_setup")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
On 32 bit systems fix
warning: cast to pointer from integer of different size
[-Wint-to-pointer-cast]
Fixes: a415d61eac ("cmd: map addresses to sysmem in efidebug memmap")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
K3 J721E:
* OSPI boot support
* Support for loading remote cores in R5 SPL
* PMIC ESM Support
* Minor fixes for R5F and C7x remoteproc drivers
K3 AM654:
* Update AVS class 0 voltages.
* Add I2C nodes
DRA7xx/AM57xx:
* Fixed Android boot on AM57xx
AM33/AM43/Davinci:
* switch to driver model for the net and mdio driver for baltos
* Add DM/DTS support for omap video driver
* Enable fastboot on am335x-evm
Currently, bootefi only parses memory reservation block to setup
EFI reserved memory mappings. However, it doesn't parse the
reserved-memory[1] device tree node that also can contain the
reserved memory regions.
Add capability to parse reserved-memory node and update the EFI memory
mappings accordingly.
1. <U-Boot source>/doc/device-tree-bindings/reserved-memory/reserved-memory.txt]
Signed-off-by: Atish Patra <atish.patra@wdc.com>
Fix an endless loop.
The /reserved-memory node may have children without reg property. Remove
a superfluous debug statement.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Addresses in the sandbox's device tree are in the sandbox's virtual address
space. If we want to compare memory reservations in the device-tree with
the output of 'efidebug memmap', we need to convert back to this address
space.
Adjust the output of the 'efidebug memmap' command.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Some memory reservations are made in ft_board_setup(). Ensure that we
create reserved memory map entries after ft_board_setup().
The downside of this patch is that if bootefi is called multiple times with
an devicetree argument superfluous reservations for the old copies of the
device tree will exist. But that is still better than missing a reservation.
Deleting the superfluous reservations is not possible because reservations
in the memory map are rounded to page size and may be coallesced.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
4dbc107f46 ("cmd: gpio: Correct do_gpio() return value") correctly
changed the behaviour of the gpio command to return CMD_RET_SUCCESS or
CMD_RET_FAILURE, but any existing script which expects the return value
to be the pin value is broken by this change.
Reinstate the legacy behaviour for `gpio input` only.
Fixes: 4dbc107f46 ("cmd: gpio: Correct do_gpio() return value")
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Alex Kiernan <alex.kiernan@hivehome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add the missing line feed at the error message if the variable referred to
by 'efidebug boot rm' does not exist.
Shorten the format string by using the variable name instead of the number
of the boot variable.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
There is a wrong usage of utf8_utf16_strncpy() in "boot rm" command, and
then it will end up with a failure of this command due to a wrong
value of an interim variable ("var_name16").
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Move the generic elf loading/validating functions to lib/
so that they can be re-used and accessed by code existing
outside cmd.
While at it remove the duplicate static version of load_elf_image_phdr
under arch/arm/mach-imx/imx_bootaux.c.
Signed-off-by: Keerthy <j-keerthy@ti.com>
Suggested-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Following kernel's proposal for an arch-agnostic initrd loading
mechanism [1] let's implement the U-boot counterpart.
This new approach has a number of advantages compared to what we did up
to now. The file is loaded into memory only when requested limiting the
area of TOCTOU attacks. Users will be allowed to place the initramfs
file on any u-boot accessible partition instead of just the ESP one.
Finally this is an attempt of a generic interface across architectures
in the linux kernel so it makes sense to support that.
The file location is intentionally only supported as a config option
argument(CONFIG_EFI_INITRD_FILESPEC), in an effort to enhance security.
Although U-boot is not responsible for verifying the integrity of the
initramfs, we can enhance the offered security by only accepting a
built-in option, which will be naturally verified by UEFI Secure Boot.
This can easily change in the future if needed and configure that via ENV
or UEFI variable.
[1] https://lore.kernel.org/linux-efi/20200207202637.GA3464906@rani.riverdale.lan/T/#m4a25eb33112fab7a22faa0fd65d4d663209af32f
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
UEFI spec 2.8 errata A replaces the RuntimeServicesSupported variable
defined in UEFI spec 2.8 by the configuration table
EFI_RT_PROPERTIES_TABLE. So let's follow suit.
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Ard Biesheuvel <ardb@kernel.org>
TPM TEE driver
Various minor sandbox video enhancements
New driver model core utility functions
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAl48iogACgkQfxc6PpAI
reaVzAf/an3/yKe6r3CVWlcRV6H/dVg1ApnnLpX7jS0p0b++oCVvOiy7z1WPXj3k
b1SSgENDeeZ/8EHio+Gf7ZidH/TGEj7L6YEFwd1t60GMkZiWEkNf4Z53tw482YG+
96hoPD+ySTW+ddIdVHWAFG2I4aEiKHANJAp/ItNdD+rLbrEwNQy+eiK5JTOk80B6
/X8AJCLZeAC1s7vs+2+WolgjT78QGzA9HHalMiublcqh0ivKKk0QeQiOKKPe8JYJ
om5YY1TxayQ60Xmo5f39/SBfzEEklxw83sU9o1tBeYzyVUpu7fQdkxiDbWdsij77
DgwLdeYQJGbN+hdSWE0gjTqyhW+lWA==
=KRoA
-----END PGP SIGNATURE-----
Merge tag 'dm-pull-6feb20' of https://gitlab.denx.de/u-boot/custodians/u-boot-dm
sandbox conversion to SDL2
TPM TEE driver
Various minor sandbox video enhancements
New driver model core utility functions
Both CMD_MX_CYCLIC and MX_CYCLIC are in use and defined in Kconfig,
but only the non-CMD version currently does anything. This changes all
usages to prefer the CMD_MX_CYCLIC option (since it's only affecting
addition of the commands), and switches defconfigs using the non-CMD
version to use the CMD version.
Signed-off-by: Joel Johnson <mrjoel@lixil.net>
Reviewed-by: Tom Rini <trini@konsulko.com>
Based on reading the text of the license comment this appears to be
the BSD-2-Clause license but with an imperfect word match as
BSD-2-Clause was not (as far as I recall) a common license choice at the
time the code was written.
Cc: Wolfgang Denk <wd@denx.de>
Signed-off-by: Tom Rini <trini@konsulko.com>
Use the correct return value in function do_gpio() and update
commands documentation with the return values from command_ret_t enum.
CMD_RET_SUCCESS is returned on command success and CMD_RET_FAILURE is
returned on command failure.
The command was returning the pin value, which caused confusion when
debugging (#define DEBUG).
Signed-off-by: Luka Kovacic <luka.kovacic@sartura.hr>
Tested-by: Robert Marko <robert.marko@sartura.hr>
At present dm/device.h includes the linux-compatible features. This
requires including linux/compat.h which in turn includes a lot of headers.
One of these is malloc.h which we thus end up including in every file in
U-Boot. Apart from the inefficiency of this, it is problematic for sandbox
which needs to use the system malloc() in some files.
Move the compatibility features into a separate header file.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present devres.h is included in all files that include dm.h but few
make use of it. Also this pulls in linux/compat which adds several more
headers. Drop the automatic inclusion and require files to include devres
themselves. This provides a good indication of which files use devres.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Anatolij Gustschin <agust@denx.de>
This adds a subcommand to dm to dump out what drivers are installed, and their
compatible strings. I have found this useful in ensuring that I have the correct
drivers compiled, and that I have put in the correct compatible strings.
Signed-off-by Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The command tpm (and tpm2) search the tpm and use it.
On sandbox, there are two tpm (tpm 1.x and tpm 2.0).
So the command tpm and tpm2 are always executed with
the first tpm (tpm 1.x), and the command tpm2 always
fails.
This add a subcommand device to command tpm and
command tpm2. Then the command tpm and tpm2 use
the device selected with the subcommand device.
To be compatible with previous behaviour, if the
subcommand device is not used before a tpm (or tpm2)
command, the device 0 is selected.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
Convert Android documentation from regular txt format to Sphinx (RST).
Also add Android index.rst file and reference it in root index.rst, so
that Android documentation is visible.
Test:
$ make htmldocs
$ xdg-open doc/output/index.html
Signed-off-by: Sam Protsenko <joe.skb7@gmail.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Describe Android Boot Image format, how its support is implemented in
U-Boot and associated commands usage.
Signed-off-by: Sam Protsenko <joe.skb7@gmail.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
This command can be used to extract fields and image payloads from
Android Boot Image. It can be used for example to implement boot flow
where dtb is taken from boot.img (as v2 incorporated dtb inside of
boot.img). Using this command, one can obtain needed dtb blob from
boot.img in scripting manner, and then apply needed dtbo's (from "dtbo"
partition) on top of that, providing then the resulting image to bootm
command in order to boot the Android.
Also right now this command has the sub-command to get an address and
size of recovery dtbo from recovery image (for non-A/B devices only,
see [1,2] for details).
It can be tested like this:
=> mmc dev 1
=> part start mmc 1 boot_a boot_start
=> part size mmc 1 boot_a boot_size
=> mmc read $loadaddr $boot_start $boot_size
=> abootimg get ver
=> abootimg dump dtb
[1] https://source.android.com/devices/bootloader/boot-image-header
[2] https://source.android.com/devices/architecture/dto/partitions
Signed-off-by: Sam Protsenko <joe.skb7@gmail.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
New analysis by the tool has shown that we have some cases where we
weren't handling the error exit condition correctly. When we ran into
the ENOMEM case we wouldn't exit the function and thus incorrect things
could happen. Rework the unwinding such that we don't need a helper
function now and free what we may have allocated.
Fixes: 18030d04d2 ("GPT: fix memory leaks identified by Coverity")
Reported-by: Coverity (CID: 275475, 275476)
Cc: Alison Chaiken <alison@she-devel.com>
Cc: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Cc: Jordy <jordy@simplyhacker.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Some PMICs (such as the DA9063) have non-contiguous register maps.
Attempting to read the non implemented registers returns an error
rather than a dummy value which causes 'pmic dump' to terminate
prematurely.
Fix this by allowing the PMIC driver to return -ENODATA for such
registers, which will then be displayed as '--' by pmic dump.
Use a single error code rather than any error code so that
we can distinguish between a hardware failure reading the PMIC
and a non implemented register known to the driver.
Signed-off-by: Martin Fuzzey <martin.fuzzey@flowbird.group>
If we didn't unbind the sata from block device, the same devices would
be added after sata remove,
This patch is to resolve this issue as below:
=> sata info
SATA#0:
(3.0 Gbps)
SATA#1:
(3.0 Gbps)
Device 0: Model: INTEL SSDSA2BW300G3D Firm: 4PC10362 Ser#: BTPR247005PY30
Type: Hard Disk
Supports 48-bit addressing
Capacity: 286168.1 MB = 279.4 GB (586072368 x 512)
Device 1: Model: INTEL SSDSA2BW300G3D Firm: 4PC10362 Ser#: BTPR247005VX30
Type: Hard Disk
Supports 48-bit addressing
Capacity: 286168.1 MB = 279.4 GB (586072368 x 512)
=> sata stop
=> sata info
SATA#0:
(3.0 Gbps)
SATA#1:
(3.0 Gbps)
Device 0: Model: INTEL SSDSA2BW300G3D Firm: 4PC10362 Ser#: BTPR247005PY300
Type: Hard Disk
Supports 48-bit addressing
Capacity: 286168.1 MB = 279.4 GB (586072368 x 512)
Device 1: Model: INTEL SSDSA2BW300G3D Firm: 4PC10362 Ser#: BTPR247005VX300
Type: Hard Disk
Supports 48-bit addressing
Capacity: 286168.1 MB = 279.4 GB (586072368 x 512)
Device 2: Model: INTEL SSDSA2BW300G3D Firm: 4PC10362 Ser#: BTPR247005PY300
Type: Hard Disk
Supports 48-bit addressing
Capacity: 286168.1 MB = 279.4 GB (586072368 x 512)
Device 3: Model: INTEL SSDSA2BW300G3D Firm: 4PC10362 Ser#: BTPR247005VX300
Type: Hard Disk
Supports 48-bit addressing
Capacity: 286168.1 MB = 279.4 GB (586072368 x 512)
Signed-off-by: Peng Ma <peng.ma@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The 'sspi' command hard-coded 1 MHz bus frequency for all transmissions.
Allow changing that at runtime by specifying '@freq' bus frequency in Hz.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Tom Rini <trini@konsulko.com>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
Reviewed-by: Jagan Teki <jagan@amarulasolutions.com>
This patch modify the loop in mtd erase command to erase one by one
the blocks in the requested area.
It solves issue on "mtd erase" command on nand with existing bad block,
the command is interrupted on the first bad block with the trace:
"Skipping bad block at 0xffffffffffffffff"
In MTD driver (nand/raw), when a bad block is present on the MTD
device, the erase_op.fail_addr is not updated and we have the initial
value MTD_FAIL_ADDR_UNKNOWN = (ULL)-1.
This case seems normal in nand_base.c:nand_erase_nand(),
we have the 2 exit cases during the loop:
1/ we have a bad block (nand_block_checkbad)
instr->state = MTD_ERASE_FAILED
loop interrupted (goto erase_exit)
2/ if block erase failed (status & NAND_STATUS_FAIL)
instr->state = MTD_ERASE_FAILED;
instr->fail_addr =
((loff_t)page << chip->page_shift);
loop interrupted (goto erase_exit)
So erase_op.fail_addr can't be used if bad blocks were present
in the erased area; we need to use mtd_erase only one block to detect
and skip these existing bad blocks (as it is done in nand_util.c).
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
Execute the command cls (for clear screen), when the "menu background"
keyword is present in extlinux.conf file, only if the command is supported.
This patch avoid the warning "Unknown command 'cls'"
with "menu background" in extlinux.conf when CONFIG_CMD_BMP is activated
and CONFIG_CMD_CLS not activated (default for CONFIG_DM_VIDEO).
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@st.com>
Add support for read/write of ONIE "Tlvinfo" EEPROM data format. TLV
stands for Type-Length-Value. The data format is described here:
https://opencomputeproject.github.io/onie/design-spec/hw_requirements.html#board-eeprom-information-format
Based on U-Boot patch from the Open Compute project:
ec87e872d4/patches/u-boot/common/feature-sys-eeprom-tlv-common.patch
Keep only I2C EEPROM support. Use the generic eeprom driver. Fix
checkpatch issues.
Add support for multiple EEPROM TLV stores on the same system. This is
useful in case of SOM and carrier that both provide ID and hardware
configuration information.
Add option to enable for SPL. This allows selection of RAM configuration
based on EEPROM stored board identification.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
This is not really a CONFIG since it is not intended to be set by boards.
Move it into the compiler header with other similar defines, and rename
it.
Signed-off-by: Simon Glass <sjg@chromium.org>
This function has a very generic name which does not adequately describe
its purpose. Rename it and move it to image.h, since it relates to reading
a script from an image.
Signed-off-by: Simon Glass <sjg@chromium.org>