Before the bootm refactor, fixup_silent_linux() was done only in the
monolithic bootm case, not in the subcommand case. With the refactor, it
is done always, which is good. Unfortunately it is done too late, since it
is the PREP or CMDLINE stages that set up the command line for Linux.
Move fixup_silent_linux() into the LOADOS stage, which is where we find
out the OS being used, and can thus decide whether to perform this step.
Signed-off-by: Simon Glass <sjg@chromium.org>
Extend the tpm library with support for single authorized (AUTH1) commands
as specified in the TCG Main Specification 1.2. (The internally used helper
functions are implemented in a way that they could also be used for double
authorized commands if someone needs it.)
Provide enums with the return codes from the TCG Main specification.
For now only a single OIAP session is supported.
OIAP authorized version of the commands TPM_LoadKey2 and TPM_GetPubKey are
provided. Both features are available using the 'tpm' command, too.
Authorized commands are enabled with CONFIG_TPM_AUTH_SESSIONS. (Note that
this also requires CONFIG_SHA1 to be enabled.)
Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Signed-off-by: Dirk Eibach <dirk.eibach@gdsys.cc>
Acked-by: Che-Liang Chiou <clchiou@chromium.org>
Signed-off-by: Andy Fleming <afleming@freescale.com>
With CONFIG_SYS_64BIT_LBA, lbaint_t gets defined as a 64-bit type,
which is required to represent block numbers for storage devices that
exceed 2TiB (the block size usually is 512B), e.g. recent hard drives
We now use lbaint_t for partition offset to reflect the lbaint_t change,
and access partitions beyond or crossing the 2.1TiB limit.
This required changes to signature of ext4fs_devread(), and type of all
variables relatives to block sector.
ext2/ext4 fs uses logical block represented by a 32 bit value. Logical
block is a multiple of device block sector. To avoid overflow problem
when calling ext4fs_devread(), we need to cast the sector parameter.
Signed-off-by: Frédéric Leroy <fredo@starox.org>
Some ARM compilers may emit code that makes unaligned accesses when
faced with constructs such as:
char name[12] = "bootmenu_";
same fix as commit: 064d55f8bc
=========================================================
data abort
MAYBE you should read doc/README.arm-unaligned-accesses
pc : [<3ff4b60c>] lr : [<3ff4b7b0>]
sp : 3f346a58 ip : 3ff9c8e6 fp : 02000060
r10: 00000000 r9 : 3df47fc0 r8 : 3f347f40
r7 : 00000000 r6 : 00000000 r5 : 00000003 r4 : 3f759140
r3 : 000003f0 r2 : 00000000 r1 : 000003f1 r0 : 00000000
Flags: nzCv IRQs on FIQs off Mode SVC_32
Resetting CPU ...
======================================================
Signed-off-by: Lan Yixun (dlan) <dennis.yxun@gmail.com>
The block device expects to see lbaint_t for the blknr parameter. Change
the SCSI read/write functions to suit.
This fixes the following build warnings for coreboot:
cmd_scsi.c: In function ‘scsi_scan’:
cmd_scsi.c:119:30: error: assignment from incompatible pointer type [-Werror]
cmd_scsi.c:120:32: error: assignment from incompatible pointer type [-Werror]
Signed-off-by: Simon Glass <sjg@chromium.org>
A recent bootm fix left the error path incomplete. If CONFIG_TRACE is
set it may still not be a supported command, so cover that with the
unsupported subcommand print. Once we handle BOOTM_STATE_OS_GO, we can
just move into the error handler itself, no need for a goto there.
Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Update slightly based on Simon's changes to also cover
CONFIG_TRACE/BOOTM_STATE_FAKE_OS_GO]
Signed-off-by: Tom Rini <trini@ti.com>
A FIT image with a ramdisk that sets the entry or load points to 0x0
must be treated as meaning "leave in place" and NOT "relocate to 0x0".
This regression was introduced in a51ec63.
Signed-off-by: Stefano Babic <sbabic@denx.de>
The arguments were out of place since commit 983c72f, since this file was
missed and not tested. Correct this.
Signed-off-by: Simon Glass <sjg@chromium.org>
If a specific configuraion is selected by the bootm command, e.g. with
'bootm 84000000#recoveryconf' we must honour this for not just the kernel,
but also the ramdisk and FDT.
In the conversion to using a common fit_image_load() function for loading
images from FITs (commits a51ec63 and 53f375f) this feature was lost.
Reinstate it by passing the selected configuration back from
fit_image_load() to boot_get_kernel(), then use this configuration
(which is stored in images->fit_uname_cfg) in both boot_get_ramdisk()
and boot_get_fdt().
Signed-off-by: Simon Glass <sjg@chromium.org>
The OS function is now always called with the PREP stage. Adjust the
remaining bootm OS functions to deal with this correctly.
Signed-off-by: Simon Glass <sjg@chromium.org>
With ELDK4.2 we were getting a warning that load_end may be used
uninitialized in calling lmb_reserve. This could not be the case,
however. If we re-order the checks (and make them slightly clearer as
well) the warning goes away. bootm_load_os may only return 0 on
success, BOOTM_ERR_OVERLAP in a non-fatal overlap (already covered in
comments) or a fatal BOOTM_ERR that is covered in the error handler.
Signed-off-by: Tom Rini <trini@ti.com>
As a zImage does not have a U-Boot header, we cannot really do what
BOOTM_STATE_FINDOTHER does, exactly. Break the ramdisk/fdt portions of
bootm_find_other into bootm_find_ramdisk/fdt which can be called in both
cases.
Signed-off-by: Tom Rini <trini@ti.com>
In the recent bootm refactor, the PREP stage was missing in the bootz
command. This causes unpredictable behaviour.
The use of a local variable means that the reset of cmd_bootm.c does not
in fact use the same image structure, so remove this.
Also manually set the OS type to Linux, since this is the only possibility
at present, and we need to select the right boot function.
Signed-off-by: Simon Glass <sjg@chromium.org>
This function has no prototype in the headers and passes void * around, thus
requiring several casts. Tidy this up.
- Add new patch to clean up bootz_setup() function
Signed-off-by: Simon Glass <sjg@chromium.org>
The original bootm code (before commit 35fc84f) did not check for a valid
boot function in the subcommand case, which was incorrect.
This check was introduced in all cases, but in fact we should only check
for the function when we need it. Otherwise in some cases the check fires
before the OS type is known.
Signed-off-by: Simon Glass <sjg@chromium.org>
With the move of the interrupt code to earlier in the sequence, we
exposed a problem where the interrupts are disabled at each bootm
stage. This is not correct - it should be done only once. Let's disable
interrupts in the LOAD stage. Put the code in a function for clarity.
Also, bootz lost its interrupt code altogether, so reinstate it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Code for checking "splashpos" environment variable is
duplicated in drivers, move it to the common function.
Call this function also in the bmp display command to
consider "splashpos" settings.
Signed-off-by: Anatolij Gustschin <agust@denx.de>
Acked-by: Otavio Salvador <otavio@ossystems.com.br>
With the do_bootm_states re-organization, we have the call to any
potential sub-commands in a single spot. If one fails, we can then stop
right there and return to the caller. Prior to these calls we have
already ensured that ret is zero so we will not be returning this error
for some other case.
Signed-off-by: Tom Rini <trini@ti.com>
Tested-by: Andreas Bießmann <andreas.devel@googlemail.com>
Remove CONFIG_SPLASH_SCREEN_PREPARE from README
Add doc/README.splashprepare to document functionality
Signed-off-by: Robert Winkler <robert.winkler@boundarydevices.com>
Acked-by: Igor Grinberg <grinberg@compulab.co.il>
Create splash.c/h to put the function and any future common splash
screen code in.
Signed-off-by: Robert Winkler <robert.winkler@boundarydevices.com>
Acked-by: Igor Grinberg <grinberg@compulab.co.il>
When compressed image is loaded, it must be decompressed
to an aligned address + 2 to avoid unaligned access exception
on some ARM platforms.
Signed-off-by: Piotr Wilczek <p.wilczek@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
CC: Anatolij Gustschin <agust@denx.de>
CC: Wolfgang Denk <wd@denx.de>
Signed-off-by: Anatolij Gustschin <agust@denx.de>
Some ARM compilers may emit code that makes unaligned accesses when
faced with constructs such as:
const char format[] = "r5g6b5";
Make this data static since it doesn't chagne; the compiler will simply
place it into the .rodata section directly, and avoid any unaligned run-
time initialization.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
This restores the ordering of interrupt disable to what it what before
commit 35fc84fa. It seems that on some archiectures (e.g. PowerPC) the
OS is loaded into an interrupt region, which can cause problems if
interrupts are still running.
Tested-by: Stefan Roese <sr@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
With 35fc84fa1 [Refactor the bootm command to reduce code duplication]
we stopped checking the return value of bootm_load_os (unintentionally!)
and simply returned if we had a non-zero return value from the function.
This broke the valid case of a legacy image file of a single kernel
loaded into an overlapping memory area (the default way of booting
nearly all TI platforms).
The best way to fix this problem in the new code is to make
bootm_load_os be the one to see if we have a problem with this, and if
it's fatal return BOOTM_ERR_RESET and if it's not BOOTM_ERR_OVERLAP, so
that we can avoid calling lmb_reserve() but continue with booting. We
however still need to handle the other BOOTM_ERR values so re-work
do_bootm_states so that we have an error handler at the bottom we can
goto for problems from bootm_load_os, or problems from the other callers
(as the code was before). Add a comment to do_bootm_states noting the
existing restriction on negative return values.
Signed-off-by: Tom Rini <trini@ti.com>
---
Changes in v2:
- Rework so that only bootm_load_os and boot_selected_os head down into
the err case code, and other errors simply return back to the caller.
Fixes 'spl export'.
With CONFIG_SYS_64BIT_LBA, lbaint_t gets defined as a 64-bit type,
which is required to represent block numbers for storage devices that
exceed 2TiB (the block size usually is 512B), e.g. recent hard drives.
For some obscure reason, the current U-Boot code uses lbaint_t for the
number of blocks to read (a rather optimistic estimation of how RAM
sizes will evolve), but not for the starting address. Trying to access
blocks beyond the 2TiB boundary will simply wrap around and read a
block within the 0..2TiB range.
We now use lbaint_t for block start addresses, too. This required
changes to all block drivers as the signature of block_read(),
block_write() and block_erase() in block_dev_desc_t changed.
Signed-off-by: Sascha Silbe <t-uboot@infra-silbe.de>
This patch introduces support for command line arguments to Plan 9.
Plan 9 generally dedicates a small region of kernel memory (known
as CONFADDR) for runtime configuration. A new environment variable
named confaddr was introduced to indicate this location when copying
arguments.
Signed-off-by: Steven Stallion <sstallion@gmail.com>
[trini: Adapt for Simon's changes about correcting argc, no need to bump
by 2 now]
Signed-off-by: Tom Rini <trini@ti.com>
While signing images is useful, it does not provide complete protection
against several types of attack. For example, it it possible to create a
FIT with the same signed images, but with the configuration changed such
that a different one is selected (mix and match attack). It is also possible
to substitute a signed image from an older FIT version into a newer FIT
(roll-back attack).
Add support for signing of FIT configurations using the libfdt's region
support.
Please see doc/uImage.FIT/signature.txt for more information.
Signed-off-by: Simon Glass <sjg@chromium.org>
RSA provides a public key encryption facility which is ideal for image
signing and verification.
Images are signed using a private key by mkimage. Then at run-time, the
images are verified using a private key.
This implementation uses openssl for the host part (mkimage). To avoid
bringing large libraries into the U-Boot binary, the RSA public key
is encoded using a simple numeric representation in the device tree.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add support for signing images using a new signature node. The process
is handled by fdt_add_verification_data() which now takes parameters to
provide the keys and related information.
Signed-off-by: Simon Glass <sjg@chromium.org>
For tracing it is useful to run as much of U-Boot as possible so as to get
a complete picture. Quite a bit of work happens in bootm, and we don't want
to have to stop tracing before bootm starts.
Add a way of doing a 'fake' boot of the OS - which does everything up to
the point where U-Boot is about to jump to the OS image. This allows
tracing to record right until the end.
This requires arch support to work.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present the bootm code is mostly duplicated for the plain 'bootm'
command and its sub-command variant. This makes the code harder to
maintain and means that changes must be made to several places.
Introduce do_bootm_states() which performs selected portions of the bootm
work, so that both plain 'bootm' and 'bootm <sub_command>' can use the
same code.
Additional duplication exists in bootz, so tidy that up as well. This
is not intended to change behaviour, apart from minor fixes where the
previously-duplicated code missed some chunks of code.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present the arguments to bootm are processed in a somewhat confusing
way. Sub-functions must know how many arguments their calling functions
have processed, and the OS boot function must also have this information.
Also it isn't obvious that 'bootm' and 'bootm start' provide arguments in
the same way.
Adjust the code so that arguments are removed from the list before calling
a sub-function. This means that all functions can know that argv[0] is the
first argument of which they need to take notice.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add hooks for tracing to generic board, including:
- allow early tracing to start early as possible in U-Boot
- reserve memory for trace buffer
- copy early trace buffer to main trace buffer after relocation
- setup full tracing support after relocation
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a trace command with sub-commands to start/stop tracing, print out
statistics and dump trace information to memory for later upload to a host.
Signed-off-by: Simon Glass <sjg@chromium.org>
For some reason this does not normally cause a compiler warning, but the code
seems to be incorrect. Add the missing return.
Signed-off-by: Simon Glass <sjg@chromium.org>
Not all boards define an SOC. As a result, we can't depend on that.
This was introduced in 39f985536d
Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
A pxelinux server setup for "default" menu is typically an x86 binary.
This does not work well with a mixed architecture setup. Extend the default
search to look for default-<arch>-<soc> and then default-<arch> before
falling back to just "default".
Signed-off-by: Rob Herring <rob.herring@calxeda.com>
ontimeout is similar to default, but is the selection on menu timeout.
This is how cobbler sets a default. The label default is supposed to be
the default selection when <enter> is pressed. If both default and
ontimeout are set, last one parsed wins.
Signed-off-by: Rob Herring <rob.herring@calxeda.com>
Menus with lots of entries and long append lines are hard to read.
Just show a numbered list using the label or name and make the choice
by entering the number.
Signed-off-by: Rob Herring <rob.herring@calxeda.com>
The prompt flag is for displaying a "boot:" prompt in pxelinux. This
doesn't make sense for u-boot as we don't support the pxelinux command
interface. So we should just ignore prompt statements and always show the
menu if a menu is present.
Signed-off-by: Rob Herring <rob.herring@calxeda.com>
Standard pxelinux servers will typically use a zImage rather than u-boot
image format, so fallback to bootz if bootm fails.
Signed-off-by: Rob Herring <rob.herring@calxeda.com>