Commit Graph

66866 Commits

Author SHA1 Message Date
AKASHI Takahiro
5ee81c6e3f lib: crypto: export and enhance pkcs7_verify_one()
The function, pkcs7_verify_one(), will be utilized to rework signature
verification logic aiming to support intermediate certificates in
"chain of trust."

To do that, its function interface is expanded, adding an extra argument
which is expected to return the last certificate in trusted chain.
Then, this last one must further be verified with signature database, db
and/or dbx.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-22 12:37:17 +02:00
AKASHI Takahiro
05329fa4c0 lib: crypto: add pkcs7_digest()
This function was nullified when the file, pkcs7_verify.c, was imported
because it calls further linux-specific interfaces inside, hence that
could lead to more files being imported from linux.

We need this function in pkcs7_verify_one() and so simply re-implement it
here instead of re-using the code.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-22 12:36:29 +02:00
AKASHI Takahiro
063499e38e lib: crypto: import pkcs7_verify.c from linux
The file, pkcs7_verify.c, will now be imported from linux code
(crypto/asymmetric_keys/pkcs7_verify.c in 5.7) and modified to fit
into U-Boot environment.

In particular, pkcs7_verify_one() function will be used in a later patch
to rework signature verification logic aiming to support intermediate
certificates in "chain of trust."

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-22 12:35:45 +02:00
AKASHI Takahiro
6244b3c7d9 lib: crypto: enable x509_check_for_self_signed()
When the file, x509_public_key.c, was imported from linux code in
    commit b4adf627d5 ("lib: crypto: add x509 parser"),
x509_check_for_self_signed() was commented out for simplicity.

Now it need be enabled in order to make pkcs7_verify_one(), which will be
imported in a later patch, functional.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-22 12:35:04 +02:00
AKASHI Takahiro
b2a1049b5c lib: crypto: add public_key_verify_signature()
This function will be called from x509_check_for_self_signed() and
pkcs7_verify_one(), which will be imported from linux in a later patch.

While it does exist in linux code and has a similar functionality of
rsa_verify(), it calls further linux-specific interfaces inside.
That could lead to more files being imported from linux.

So simply re-implement it here instead of re-using the code.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2020-07-22 12:33:55 +02:00
AKASHI Takahiro
a58dfd2969 test/py: efi_secboot: fix additional pylint errors
This is a fixup by autopep8 after the commit ("test/py: efi_secboot:
apply autopep8").

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22 12:32:42 +02:00
AKASHI Takahiro
d09745b196 test/py: efi_secboot: remove unused function
'tool_is_in_path' function is no longer used anywhere after Heinrich
has removed 'sudo' version of fixture setup.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22 12:32:42 +02:00
Heinrich Schuchardt
af457cfca9 efi_loader: use logging for block device messages
Use logging instead of printf() for messages occurring when scanning block
devices during the initialization of the UEFI sub-system.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22 12:32:42 +02:00
Heinrich Schuchardt
c001837400 efi_loader: use logging for bootefi command
Log messages of the bootefi command instead of simply printing them to the
console.

Do not show "## Application terminated" message when the UEFI binary
completed successfully.

Adjust the python tests testing for '## Application terminated'.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22 12:32:42 +02:00
Heinrich Schuchardt
bf758125d8 efi_loader: returning from UEFI FIT images
Do not reset the board when returning from an UEFI FIT image.

For failed UEFI binary we already print the return status in efi_run_image.
Remove duplicate output.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22 12:32:42 +02:00
Heinrich Schuchardt
e7d64065cb efi_loader: document efi_save_gd(), efi_restore_gd()
Provide function descriptions for efi_save_gd() and efi_restore_gd().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22 12:32:42 +02:00
Stefan Sørensen
1ef1cf1f93 efi_loader: loosen buffer parameter check in efi_file_read
When reading a directory, EFI_BUFFER_TOO_SMALL should be returned when
the supplied buffer is too small, so a use-case is to call
efi_file_read with *buffer_size=0 and buffer=NULL to obtain the needed
size before doing the actual read.

So move the buffer!=NULL check to after the buffer size has been checked.

This fix allows the Redhat shim fallback to run and e.g. Fedora 32 now
boots out of the box.

Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22 12:32:41 +02:00
Ilias Apalodimas
9b87d4429c efi_loader: Check for the native OP-TEE result on mm_communicate calls
Currently we only check for the return value of tee_invoke_func().
Although OP-TEE and StMM will correctly set param[1].u.value.a and we'll
eventually return an error, the correct thing to do is check for the
OP_TEE return code as well.
So let's check for that and move tee_shm_free() and tee_close_session()
before exiting with an error to make sure we always clear the registered
memory.

Fixes: f042e47e8f ("efi_loader: Implement EFI variable handling via OP-TEE")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Use EFI_DEVICE_ERROR for TEE communication problems.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22 12:32:41 +02:00
Ilias Apalodimas
5d1f79ba43 efi_loader: Rename and correct values for ARM_SMC_MM_*
Instead of adding the definition for the specific MM SVC used in
StandAloneMM we added the one used in the standard SMC calls.
So change the value from -4 to -5 to match the correct one defined in
EDK2 and rename them to avoid future confusion

Fixes 23a397d2e2: ("efi_loader: Add headers for EDK2 StandAloneMM communication")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22 12:32:41 +02:00
Heinrich Schuchardt
ebbad02c1b efi_loader: don't use memmove() in efi_var_mem_del()
efi_var_mem_del() is in __efi_runtime because it would be needed for a
runtime implementation of SetVariable(). memmove() is not in __efi_runtime.
So we should not use it in efi_var_mem_del().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22 12:32:41 +02:00
Heinrich Schuchardt
01fa922bbb efi_loader: efi_current_var after SetVirtualAddressMap
Variable efi_current_var is a pointer to a physical memory address that
becomes invalid after SetVirtualAddressMap(). Instead of converting it via
ConvertPointer() simply set it to NULL.

Fixes: b02a707152 ("efi_loader: enable UEFI variables at runtime")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-22 12:32:41 +02:00
Tom Rini
e9f1f5f486 Merge https://gitlab.denx.de/u-boot/custodians/u-boot-spi
- add new series Micron SPI NAND devices (Shivamurthy)
2020-07-21 16:13:43 -04:00
Masahiro Yamada
60e7fa8b3b treewide: convert devfdt_get_addr() to dev_read_addr()
When you enable CONFIG_OF_LIVE, you will end up with a lot of
conversions.

To generate this commit, I used coccinelle excluding drivers/core/,
include/dm/, and test/

The semantic patch that makes this change is as follows:

  <smpl>
  @@
  expression dev;
  @@
  -devfdt_get_addr(dev)
  +dev_read_addr(dev)
  </smpl>

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2020-07-20 11:37:47 -06:00
Masahiro Yamada
6f25e274da treewide: remove (phys_addr_t) casts from devfdt_get_addr()
This cast is unneeded.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2020-07-20 11:37:47 -06:00
Masahiro Yamada
3c12c62ba5 treewide: convert (void *)devfdt_get_addr() to dev_read_addr_ptr()
Use the _ptr suffixed variant instead of casting. Also, convert it to
dev_read_addr_ptr(), which is safe to CONFIG_OF_LIVE.

One curious part is an error check like follows in
drivers/watchdog/omap_wdt.c:

    priv->regs = (struct wd_timer *)devfdt_get_addr(dev);
    if (!priv->regs)
            return -EINVAL;

devfdt_get_addr() returns FDT_ADDR_T_NONE (i.e. -1) on error.
So, this code does not catch any error in DT parsing.

dev_read_addr_ptr() returns NULL on error, so this error check
will work.

I generated this commit by the following command:

 $ find . -name .git -prune -o -name '*.[ch]' -type f -print | \
   xargs sed -i -e 's/([^*)]*\*)devfdt_get_addr(/dev_read_addr_ptr(/'

I manually fixed drivers/usb/host/ehci-mx6.c

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2020-07-20 11:37:47 -06:00
Masahiro Yamada
6ec7545b99 fdt_support: skip MTD node with "disabled" in fdt_fixup_mtdparts()
Currently, fdt_fixup_mtdparts() only checks the compatible property.
It is pointless to fix up the disabled node.

Skip the node if it has the property:

  status = "disabled"

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-20 11:37:47 -06:00
Masahiro Yamada
245ad6c4ad fdt_support: call mtdparts_init() after finding MTD node to fix up
Platform code can call fdt_fixup_mtdparts() in order to hand U-Boot's
MTD partitions over to the Linux device tree.

Currently, fdt_fixup_mtdparts() calls mtdparts_init() in its entry.
If no target MTD device is found, an error message like follows is
displayed:

    Device nand0 not found!

This occurs when the same code (e.g. arch/arm/mach-uniphier/fdt-fixup.c)
is shared among several boards, but not all of them support an MTD device.

Parse the DT first, then call mtdparts_init() only when the target MTD
node is found.

Yet, you still need to call mtdparts_init() before device_find().

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-20 11:37:47 -06:00
Heinrich Schuchardt
105da6251a test/dm: check if devices exist
Running 'ut dm' on the sandbox without -D or -d results in segmentation
faults due to NULL pointer dereferences.

Check that device pointers are non-NULL before using them.

Use ut_assertnonnull() for pointers instead of ut_assert().

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Philippe Reynes <philippe.reynes@softathome.com>
2020-07-20 11:37:47 -06:00
Dave Gerlach
469f04e882 arm: mach-k3: Use SOC driver for device identification
Make use of UCLASS_SOC to find device family and revision for
print_cpuinfo.

Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
2020-07-20 11:37:47 -06:00
Dave Gerlach
4c2718f9b1 configs: j721e_evm: Enable CONFIG_SOC_DEVICE and CONFIG_SOC_DEVICE_TI_K3
Enable CONFIG_SOC_DEVICE and CONFIG_SOC_DEVICE_TI_K3 so the TI K3 SoC
driver can be used for SoC detection.

Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
2020-07-20 11:37:47 -06:00
Dave Gerlach
b6d8a26866 configs: am65x_evm: Enable CONFIG_SOC_DEVICE and CONFIG_SOC_DEVICE_TI_K3
Enable CONFIG_SOC_DEVICE and CONFIG_SOC_DEVICE_TI_K3 so the TI K3 SoC
driver can be used for SoC detection.

Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
2020-07-20 11:37:47 -06:00
Dave Gerlach
a1631d51ad arm: dts: k3-j721e-mcu-wakeup: Introduce chipid node
Introduce a chipid node to provide a UCLASS_SOC driver to identify TI K3
SoCs.

Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
2020-07-20 11:37:47 -06:00
Dave Gerlach
30402cadb3 arm: dts: k3-am65-wakeup: Introduce chipid node
Introduce a chipid node to provide a UCLASS_SOC driver to identify TI K3
SoCs.

Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
2020-07-20 11:37:47 -06:00
Dave Gerlach
527be812a8 dm: soc: Introduce soc_ti_k3 driver for TI K3 SoCs
Introduce an soc_ti_k3_driver that allows identification and selection
of SoC specific data based on the JTAG ID register for device
identification, as described for AM65x[0] and J721E[1] devices.

[0] http://www.ti.com/lit/ug/spruid7e/spruid7e.pdf
[1] http://www.ti.com/lit/ug/spruil1a/spruil1a.pdf

Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
2020-07-20 11:37:47 -06:00
Dave Gerlach
fbde39f417 test: Add tests for SOC uclass
Add a sandbox SOC driver, and some tests for the SOC uclass.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
2020-07-20 11:37:47 -06:00
Dave Gerlach
6426a26f4c dm: soc: Introduce UCLASS_SOC for SOC ID and attribute matching
Introduce UCLASS_SOC to be used for SOC identification and attribute
matching based on the SoC ID info. This allows drivers to be provided
for SoCs to retrieve SoC identifying information and also for matching
device attributes for selecting SoC specific data.

This is useful for other device drivers that may need different
parameters or quirks enabled depending on the specific device variant in
use.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
2020-07-20 11:37:47 -06:00
Dave Gerlach
41c1a693e5 doc: Add new doc for soc ID driver model
Add a new documentation file for UCLASS_SOC and its usage to describe
the SoC Device ID framework that allows SoC identification and device
data matching.

Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-20 11:37:47 -06:00
Masahiro Yamada
d772db3f9a fdt_support: add static to fdt_node_set_part_info()
This function is only called from fdt_fixup_mtdpart() in the same file.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-20 11:37:47 -06:00
Nicolas Boichat
28e0367fc8 patman: When no tracking branch is provided, tell the user
The user can either count the number of patches, or provide a
tracking branch.

Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-20 11:37:47 -06:00
Nicolas Boichat
754c05caf3 patman: Make sure sendemail.suppresscc is (un)set correctly
Setting sendemail.suppresscc to all or cccmd leads to --cc-cmd
parameter being ignored, and emails going either nowhere, or
just to the To: line maintainer.

Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-20 11:37:47 -06:00
Michal Simek
b589b80971 Revert "lib: fdt: Split fdtdec_setup_mem_size_base()"
This reverts commit 3ebe09d09a.

There is no user of this split function that's why remove it.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-20 11:37:47 -06:00
Michal Simek
d4cc6f638c Revert "lib: fdt: Split fdtdec_setup_memory_banksize()"
This reverts commit 118f4d4559.

There is no user of this split function that's why remove it.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-20 11:37:47 -06:00
Michal Simek
2feb4ea9dd ARM: rmobile: Switch back to fdtdec_setup_memory/banksize_fdt()
The commit 361377dbdb ("ARM: rmobile: Merge prior-stage firmware DT
fragment into U-Boot DT on Gen3") reverted changes introduced by commit
175f502734 ("ARM: renesas: Configure DRAM size from ATF DT fragment")
that's why there is no reason to use functions with _fdt() suffix because
parameter is gd->fdt_blob as is already for functions without _fdt()
suffix.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-20 11:37:47 -06:00
Patrick Delaunay
3ce7f75f78 Add information for skipped commit options
The unsupported Commit-xxx option are silently skipped
and removed as 're_remove=Commit-\w*', this patch adds
warning message in this case to detect misspelled issue
for the 2 supported options:
  Commit-notes:
  Commit-changes:

For example: the final 's' is missing (Commit-note:)

NB: no issue for Series-xxx option as only the supported
    options are accepted (see valid_series in series.py)

Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-20 11:37:47 -06:00
Philippe Reynes
2a3be302d5 lib: libfdt: fdt_region: avoid NULL pointer access
The function fdt_find_regions look in the exclude list for each
property, even if the name is NULL. It could happen if the fit
image is corrupted. On sandbox, it generates a segfault.

To avoid this issue, if the name of a property is NULL, we report
an error and avoid looking in the exclude list.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-20 11:37:47 -06:00
Patrick Delaunay
df1fa4b223 patman: Detect unexpected END
Detect unexpected 'END' line when a section is not detected.

This patch detect issue when tag name for section start is misspelled,
for example 'Commit-note:' for 'Commit-notes:'

  Commit-note:
  ....
  END

Then 'Commit-note:' is removed silently by re_remove = "Commit-\w*:"
but 'END' is kept in commit message.

Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-20 11:37:47 -06:00
Simon Glass
f07e58b878 cpu: Convert the methods to use a const udevice *
These functions should not modify the device. Convert them to const so
that callers don't need to cast if they have a const udevice *.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-07-20 11:37:47 -06:00
Simon Glass
3b9a87321c binman: Add support for generating a FIT
FIT (Flat Image Tree) is the main image format used by U-Boot. In some
cases scripts are used to create FITs within the U-Boot build system. This
is not ideal for various reasons:

- Each architecture has its own slightly different script
- There are no tests
- Some are written in shell, some in Python

To help address this, add support for FIT generation to binman. This works
by putting the FIT source directly in the binman definition, with the
ability to adjust parameters, etc. The contents of each FIT image come
from sub-entries of the image, as is normal with binman.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-07-20 11:37:47 -06:00
Simon Glass
1f238bd5bd dtoc: Allow adding variable-sized data to a dtb
Add a method for adding a property containing arbitrary bytes. Make sure
that the tree can expand as needed in this case.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-07-20 11:37:47 -06:00
Simon Glass
4c63d21754 mkimage: Allow updating the FIT timestamp
Normally the FIT timestamp is created the first time mkimage is run on a
FIT, when converting the source .its to the binary .fit file. This
corresponds to using the -f flag. But if the original input to mkimage is
a binary file (already compiled) then the timestamp is assumed to have
been set previously.

Add a -t flag to allow setting the timestamp in this case.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-20 11:37:47 -06:00
Simon Glass
8200d8871a binman: Allow zero-length entries to overlap
Some binary blobs unfortunately obtain their position in the image from
other binary blobs, such as Intel's 'descriptor'. In this case we cannot
rely on packing to work. It is not possible to produce a valid image in
any case, due to the missing blobs.

Allow zero-length overlaps so that this does not cause any problems.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-20 11:37:47 -06:00
Simon Glass
2f5c3a4d1d binman: Allow missing Intel blobs
Update the Intel blob entries to support missing binaries.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-20 11:37:47 -06:00
Simon Glass
13262c9362 binman: Detect when valid images are not produced
When external blobs are missing, show a message indicating that the images
are not functional.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-07-20 11:37:47 -06:00
Simon Glass
f9793a12c5 patman: Update errors and warnings to use stderr
When warnings and errors are produced by tools they should be written to
stderr. Update the tout implementation to handle this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-20 11:37:47 -06:00
Simon Glass
5f850fb9a6 binman: Allow external binaries to be missing
Sometimes it is useful to build an image even though external binaries are
not present. This allows the build system to continue to function without
these files, albeit not producing valid images.

U-Boot does with with ATF (ARM Trusted Firmware) today.

Add a new flag to binman to request this behaviour.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-20 11:37:47 -06:00