Add a description of how to implement verified boot using signed FIT images,
and a simple test which verifies operation on sandbox.
The test signs a FIT image and verifies it, then signs a FIT configuration
and verifies it. Then it corrupts the signature to check that this is
detected.
Signed-off-by: Simon Glass <sjg@chromium.org>
While signing images is useful, it does not provide complete protection
against several types of attack. For example, it it possible to create a
FIT with the same signed images, but with the configuration changed such
that a different one is selected (mix and match attack). It is also possible
to substitute a signed image from an older FIT version into a newer FIT
(roll-back attack).
Add support for signing of FIT configurations using the libfdt's region
support.
Please see doc/uImage.FIT/signature.txt for more information.
Signed-off-by: Simon Glass <sjg@chromium.org>
Normally, multiple public keys can be provided and U-Boot is not
required to use all of them for verification. This is because some
images may not be signed, or may be optionally signed.
But we still need a mechanism to determine when a key must be used.
This feature cannot be implemented in the FIT itself, since anyone
could change it to mark a key as optional. The requirement for
key verification must go in with the public keys, in a place that
is protected from modification.
Add a -r option which tells mkimage to mark all keys that it uses
for signing as 'required'.
If some keys are optional and some are required, run mkimage several
times (perhaps with different key directories if some keys are very
secret) using the -F flag to update an existing FIT.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
When signing an image, it is useful to add some details about which tool
or person is authorising the signing. Add a comment field which can take
care of miscellaneous requirements.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
When signing images it is sometimes necessary to sign with different keys
at different times, or make the signer entirely separate from the FIT
creation to avoid needing the private keys to be publicly available in
the system.
Add a -F option so that key signing can be a separate step, and possibly
done multiple times as different keys are avaiable.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
FIT image verification requires public keys. Add a convenient option to
mkimage to write the public keys to an FDT blob when it uses then for
signing an image. This allows us to use:
mkimage -f test.its -K dest.dtb -k keys test.fit
and have the signatures written to test.fit and the corresponding public
keys written to dest.dtb. Then dest.dtb can be used as the control FDT
for U-Boot (CONFIG_OF_CONTROL), thus providing U-Boot with access to the
public keys it needs.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
Keys required for signing images will be in a specific directory. Add a
-k option to specify that directory.
Also update the mkimage man page with this information and a clearer list
of available commands.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de> (v1)
Add support for signing images using a new signature node. The process
is handled by fdt_add_verification_data() which now takes parameters to
provide the keys and related information.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a library which supports tracing of execution using built-in gcc
features and a microsecond timer. This can be used to record a list of
function which are executed, along with a timestamp for each. Later
this information can be sent to the host for processing.
Signed-off-by: Simon Glass <sjg@chromium.org>
This patch adds the driver for keyboard that's controlled by ChromeOS EC.
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
Signed-off-by: Hung-ying Tyan <tyanh@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
This patch adds the cros_ec driver that implements the protocol for
communicating with Google's ChromeOS embedded controller.
Signed-off-by: Bernie Thompson <bhthompson@chromium.org>
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Signed-off-by: Che-Liang Chiou <clchiou@chromium.org>
Signed-off-by: Doug Anderson <dianders@chromium.org>
Signed-off-by: Gabe Black <gabeblack@chromium.org>
Signed-off-by: Hung-ying Tyan <tyanh@chromium.org>
Signed-off-by: Louis Yung-Chieh Lo <yjlou@chromium.org>
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Signed-off-by: Sean Paul <seanpaul@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
1. Misalignment will be found in the doc/README.srio-pcie-boot-corenet
file when the tabs are set to 8 characters. And the standard for
u-boot should be 8 character tabs! So this issue should be amended.
2. Add a NOTE for the ENV parameters of the Slave.
Signed-off-by: Liu Gang <Gang.Liu@freescale.com>
Signed-off-by: Andy Fleming <afleming@freescale.com>
Small conflict over DRA7XX updates and adding SRAM_SCRATCH_SPACE_ADDR
Conflicts:
arch/arm/include/asm/arch-omap5/omap.h
Signed-off-by: Tom Rini <trini@ti.com>
This patch adds DWMMC device node data for exynos5.
This patch also adds binding file for DWMMC device node.
Signed-off-by: Vivek Gautam <gautam.vivek@samsung.com>
Signed-off-by: Amar <amarendra.xt@samsung.com>
Acked-by: Jaehoon Chung <jh80.chung@samsung.com>
Acked-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Minkyu Kang <mk7.kang@samsung.com>
The omap2420H4 was the only mainline omap24xx board. Prior to being
fixed by Jon Hunter in time for v2013.04 it had been functionally broken
for a very long time. Remove this board as there's not been interest in
it in U-Boot for quite a long time.
Signed-off-by: Tom Rini <trini@ti.com>
simple-framebuffer is a new device tree binding that describes a pre-
configured frame-buffer memory region and its format. The Linux kernel
contains a driver that supports this binding. Implement functions to
create a DT node (or fill in an existing node) with parameters that
describe the framebuffer format that U-Boot is using.
This will be immediately used by the Raspberry Pi board in U-Boot, and
likely will be used by the Samsung ARM ChromeBook support soon too. It
could well be used by many other boards (e.g. Tegra boards with built-in
LCD panels, which aren't yet supported by the Linux kernel).
Signed-off-by: Stephen Warren <swarren@wwwdotorg.org>
Acked-by: Simon Glass <sjg@chromium.org>
This patch adds generic codes to support Freescale's Vybrid VF610 CPU.
It aligns Vybrid VF610 platform with i.MX platform. As there are
some differences between VF610 and i.MX platforms, the specific
codes are in the arch/arm/cpu/armv7/vf610 directory.
Signed-off-by: Alison Wang <b18965@freescale.com>
Reviewed-by: Benoît Thébaudeau <benoit.thebaudeau@advansee.com>
Debug trace buffers are memory mapped in DCSR space beyond 4M.
Signed-off-by: Stephen George <stephen.george@freescale.com>
Signed-off-by: Andy Fleming <afleming@freescale.com>
Allow VDD voltage overriding with a command. This is an add-on feasture of
VID. To override VDD, use command vdd_override with the value of voltage
in mV, for example
vdd_override <voltage in mV, eg. 1050>
The above example will set the VDD to 1.050 volt. Any wrong value out of
range of 0.8188 to 1.2125 volt or invalid string is ignored.
In addition to the command, if overriding VDD is needed earlier in booting
process, save an variable and reboot:
setenv t4240qds_vdd_mv <voltage in mV>
saveenv
Signed-off-by: York Sun <yorksun@freescale.com>
Signed-off-by: Andy Fleming <afleming@freescale.com>
Add NAND partition table, EK board support boot up NAND flash using
the same NAND partition table
Add Index in this file
Signed-off-by: Bo Shen <voice.shen@atmel.com>
Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com>
This patch add following EK information
- at91sam9n12ek, at91sam9x5ek
- sama5d3xek
Signed-off-by: Bo Shen <voice.shen@atmel.com>
Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com>
This patch implement following things
- The link no longer accessable
- Remove the error configuration command
- Update soldered data flash memory map
- Update at91sam9m10g45ek memory size to 128MiB
Signed-off-by: Bo Shen <voice.shen@atmel.com>
Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com>
The Freescale MPC8220 Power Architecture processors have long reached
EOL; Freescale does not even list these any more on their web site.
Remove the code to avoid wasting maitaining efforts on dead stuff.
Signed-off-by: Wolfgang Denk <wd@denx.de>
Cc: Andy Fleming <afleming@gmail.com>
Warm reset on OMAP5 freezes when USB cable is connected.
Fix requires PRM_RSTTIME.RSTTIME1 to be programmed
with the time for which reset should be held low for the
voltages and the oscillator to reach stable state.
There are 3 parameters to be considered for calculating
the time, which are mostly board and PMIC dependent.
-1- Time taken by the Oscillator to shut + restart
-2- PMIC OTP times
-3- Voltage rail ramp times, which inturn depends on the
PMIC slew rate and value of the voltage ramp needed.
In order to keep the code in u-boot simple, have a way
for boards to specify a pre computed time directly using
the 'CONFIG_OMAP_PLATFORM_RESET_TIME_MAX_USEC'
option. If boards fail to specify the time, use a default
as specified by 'CONFIG_DEFAULT_OMAP_RESET_TIME_MAX_USEC' instead.
Using the default value translates into some ~22ms and should work in
all cases.
However in order to avoid this large delay hiding other bugs,
its recommended that all boards look at their respective data
sheets and specify a pre computed and optimal value using
'CONFIG_OMAP_PLATFORM_RESET_TIME_MAX_USEC'
In order to help future board additions to compute this
config option value, add a README at doc/README.omap-reset-time
which explains how to compute the value. Also update the toplevel
README with the additional option and pointers to
doc/README.omap-reset-time.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
[rnayak@ti.com: Updated changelog and added the README]
Signed-off-by: Rajendra Nayak <rnayak@ti.com>
Many boot image configuration files refer to the
appropriate documentation file, but these references
contain typos in the directory and file name. Fix
them. Also fix reference to doc/README.SPL file.
Signed-off-by: Anatolij Gustschin <agust@denx.de>
Cc: Prafulla Wadaskar <prafulla@marvell.com>
Cc: Stefano Babic <sbabic@denx.de>
Acked-by: Stefano Babic <sbabic@denx.de>
There could be scenarios where the user would like to manually(via JTAG)
configure the DDR/L2SRAM and load the bootloader binary onto DDR/L2SRAM.
This document explains thse usecases and the detailed explanation of what needs
to be done to use it.
Most of the code from CONFIG_SYS_RAMBOOT will be used except for small changes
of CCSRBAR etc.
The changes are not very large, but it is good to document them so that user
can get it working at once.
Signed-off-by: Poonam Aggrwal <poonam.aggrwal@freescale.com>
Signed-off-by: Andy Fleming <afleming@freescale.com>
With sandbox it is tricky to add an FDT to the image at build time (or
later) since we build an ELF file, not a plain binary, and the address
space of the whole U-Boot is not accessible in the emulated memory map
of sandbox.
Sandbox can read files directly from the host, though, so add an option
to read an FDT from a host file on start-up.
Signed-off-by: Simon Glass <sjg@chromium.org>
Watchdog can be used on Microblaze, PPC and Zynq hw designs.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Tom Rini <trini@ti.com>
This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.
The Internet standard for MIME PGP messages, RFC 2015, was published in 1996.
To open this message correctly you will need to install E-mail or Usenet
software that supports modern Internet standards.
Easier for using with patman.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Implement BOOT_OFFSET command for imximage. This command is parallel
to current BOOT_FROM command, but allows more flexibility in configuring
arbitrary image header offset. Also add an imximage.cfg with default
offset values into arm/arch/imx-common/ so the board-specific imximage.cfg
can include this file to avoid magic constants.
The syntax of BOOT_OFFSET command is "BOOT_OFFSET <u32 offset>".
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Albert ARIBAUD <albert.u.boot@aribaud.net>
Cc: Benoît Thébaudeau <benoit.thebaudeau@advansee.com>
Cc: Fabio Estevam <fabio.estevam@freescale.com>
Cc: Scott Wood <scottwood@freescale.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Tom Rini <trini@ti.com>
Acked-by: Stefano Babic <sbabic@denx.de>
Acked-by: Stefan Roese <sr@denx.de>
With 'mtest' no longer a default command, we will have unused defines
which should be removed for the v2013.10 release.
Signed-off-by: Tom Rini <trini@ti.com>