Commit Graph

1823 Commits

Author SHA1 Message Date
Mario Six
a1b6b0a9c1 arm: mvebu: Implement secure boot
The patch implements secure booting for the mvebu architecture.

This includes:
- The addition of secure headers and all needed signatures and keys in
  mkimage
- Commands capable of writing the board's efuses to both write the
  needed cryptographic data and enable the secure booting mechanism
- The creation of convenience text files containing the necessary
  commands to write the efuses

The KAK and CSK keys are expected to reside in the files kwb_kak.key and
kwb_csk.key (OpenSSL 2048 bit private keys) in the top-level directory.

Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01 09:04:18 +01:00
Tom Rini
794c6e2c96 Prepare v2017.03-rc1
Signed-off-by: Tom Rini <trini@konsulko.com>
2017-01-30 19:05:43 -05:00
Tom Rini
a705ebc81b Prepare v2017.01
Signed-off-by: Tom Rini <trini@konsulko.com>
2017-01-09 11:57:05 -05:00
Tom Rini
87f5f5417f Prepare v2017.01-rc3
Signed-off-by: Tom Rini <trini@konsulko.com>
2017-01-02 20:00:55 -05:00
Sven Ebenfeld
1f6a664802 Makefile: preserve output for images that can contain HAB Blocks
To being able to sign created binaries, we need to know the HAB Blocks
for that image. Especially for the imximage type the HAB Blocks are
only available during creation of the image. We want to preserve the
information until we get to sign the files.
In the verbose case we still get them printed out instead of writing
to log files.

Cc: sbabic@denx.de

v2-Changes:
 - No usage of MKIMAGEOUTPUT_$(@F) macro.
 - Predefine default value /dev/null in every involved Makefile.

Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
Tested-by: George McCollister <george.mccollister@gmail.com>
2017-01-02 17:07:39 +01:00
Sven Ebenfeld
d21bd69b6e tools: mkimage: add firmware-ivt image type for HAB verification
When we want to use Secure Boot with HAB from SPL over U-Boot.img,
we need to append the IVT to the image and leave space for the CSF.
Images generated as firmware_ivt can directly be signed using the
Freescale code signing tool. For creation of a CSF, mkimage outputs
the correct HAB Blocks for the image.
The changes to the usual firmware image class are quite small,
that is why I implemented that directly into the default_image.

Cc: sbabic@denx.de

v2-Changes: None

Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
Tested-by: George McCollister <george.mccollister@gmail.com>
2017-01-02 17:06:57 +01:00
Tom Rini
36737f22b7 Merge git://git.denx.de/u-boot-dm 2016-12-20 08:42:04 -05:00
Tom Rini
4cf5c5f1e6 Prepare v2017.01-rc2
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-12-19 16:08:57 -05:00
Simon Glass
b215fbd868 x86: Use binman all x86 boards
Change x86 boards to use binman to produce the ROM. This involves adding the
image definition to the device tree and using it in the Makefile. The
existing ifdtool features are no-longer needed.

Note that the u-boot.dtsi file is common and is used for all x86 boards which
use microcode. A separate emulation-u-boot-dtsi is used for the others.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
2016-12-20 08:09:55 +13:00
Simon Glass
61b994a386 sunxi: Use binman for sunxi boards
Move sunxi boards to use binman. This involves adding the image definition
to the device tree and using it in the Makefile.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-12-20 08:09:55 +13:00
Simon Glass
17a944b671 binman: Add a build rule for binman
Add a standard command definition for binman so that it can be used in
makefiles.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
2016-12-20 08:09:55 +13:00
Tom Rini
3cfb67d041 Prepare v2017.01-rc1
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-12-05 18:36:23 -05:00
Simon Glass
1bd876301b Makefile: Add a target to create the .cfg files
A common requirement when converting CONFIG options to Kconfig is to check
that the effective configuration has not changed due to the conversion. Add
a target which creates this configuration (in the form of u-boot.cfg) but
does not build U-Boot. This speeds up the checking.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-12-02 10:37:47 -07:00
Simon Glass
2dcd4e9ee1 x86: Move efi .S files into the 'lib' directory
These files now need to be in a standard place so that they can be located
by generic Makefile rules. Move them to the 'lib' directory.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
2016-11-14 23:24:04 +01:00
Simon Glass
bb1ae55948 efi: Makefile: Export variables for use with EFI
When building an EFI app we need three things:

   - start-up code
   - relocation code
   - link script

These are all different for each architecture. We also need special
compiler flags in some cases.

Add top-level Makefile variables for these along with documentation.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
2016-11-14 23:24:03 +01:00
Tom Rini
29e0cfb4f7 Prepare v2016.11
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-11-14 11:27:11 -05:00
Tom Rini
d8bdfc80da Prepare v2016.11-rc3
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-10-31 16:36:10 -04:00
Jagan Teki
aec9a0f19f sunxi: Rename CONFIG_SUNXI to CONFIG_ARCH_SUNXI
CONFIG_SUNXI -> CONFIG_ARCH_SUNXI
and removed CONFIG_SUNIX from config_whitelist.txt

Cc: Simon Glass <sjg@chromium.org>
Cc: Ian Campbell <ijc@hellion.org.uk>
Cc: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Jagan Teki <jteki@openedev.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2016-10-30 11:38:04 +01:00
Tom Rini
d5a815327d Prepare v2016.11-rc2
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-10-17 20:09:33 -04:00
Tom Rini
f5fd45ff64 Merge branch 'master' of git://www.denx.de/git/u-boot-imx 2016-10-08 09:33:37 -04:00
Masahiro Yamada
e19b0fb485 kbuild: generate u-boot.cfg as a byproduct of include/autoconf.mk
Our build system still parses ad-hoc CONFIG options in header files
and generates include/autoconf.mk so that Makefiles can reference
them.  This gimmick was introduced in the pre-Kconfig days and will
be kept until Kconfig migration is completed.

The include/autoconf.mk is generated like follows:

  [1] Preprocess include/common.h with -DDO_DEPS_ONLY and
      retrieve macros into include/autoconf.mk.tmp
  [2] Reformat include/autoconf.mk.dep into include/autoconf.mk
      with tools/scripts/define2mk.sed script
  [3] Remove include/autoconf.mk.tmp

Here, include/autoconf.mk.tmp is similar to u-boot.cfg, which is
also generated by preprocessing include/config.h with -DDO_DEPS_ONLY.
In other words, there is much overlap among include/autoconf.mk and
u-boot.cfg build rules.

So, the idea is to split the build rule of include/autoconf.mk
into two stages.  The first preprocesses headers into u-boot.cfg.
The second parses the u-boot.cfg into include/autoconf.mk.  The
build rules of u-boot.cfg in Makefile and spl/Makefile will be gone.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-10-07 14:26:34 +00:00
Masahiro Yamada
4bf06d11c3 kbuild: move no_new_adhoc_configs_check to "all" target command
I am going to move the build rule of u-boot.cfg.  Before that,
no_new_adhoc_configs_check must be tweaked to not depend on it.

The ad-hoc option check can be done at the end of build, along
with other checks.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-10-07 14:26:32 +00:00
Albert ARIBAUD \(3ADEV\)
ed0c2c0a9e tools: mkimage: add support for Vybrid image format
This format can be flashed directly at address 0 of
the NAND FLASH, as it contains all necessary headers.

Signed-off-by: Albert ARIBAUD (3ADEV) <albert.aribaud@3adev.fr>
2016-10-06 09:06:16 +02:00
Tom Rini
53fec16206 Prepare v2016.11-rc1
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-10-03 09:28:13 -04:00
Tom Rini
cbe7706ab8 Merge git://git.denx.de/u-boot-fsl-qoriq
trini: Drop local memset() from
examples/standalone/mem_to_mem_idma2intr.c

Signed-off-by: Tom Rini <trini@konsulko.com>
2016-09-26 17:10:56 -04:00
Stephen Warren
a6c1309782 Makefile: rm u-boot.cfg dependencies are missing
Prior to the previous patch, a freshly created .u-boot.cfg.cmd may not
correctly represent all dependencies for u-boot.cfg. The previous change
only solved this issue for fresh builds; when performing an incremental
build, the deficient .u-boot.cfg.cmd is already present, so u-boot.cfg
is not rebuilt, and hence .u-boot.cfg.cmd is not rebuilt with the correct
content.

Solve this by explicitly detecting when the dependency file .u-boot.cfg.d
has not been integrated into .u-boot.cfg.cmd, and force u-boot.cfg to be
rebuilt in this case by deleting it first. This is possible since
if_changed_dep will always delete .u-boot.cfg.d when it executes
successfully, so its presence means either that the previous build was
made by a source tree that contained a Makefile that didn't include the
previous patch, or that the build failed part way through executing
if_changed_dep for u-boot.cfg. Forcing a rebuild of u-boot.cfg is required
in the former case, and will cause no additional work in the latter case,
since the file would be rebuilt anyway for the same reason it was being
rebuilt by the previous build.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
2016-09-22 11:34:59 -04:00
Stephen Warren
fcd29a4d0e Makefile: use if_change_dep for u-boot.cfg
cmd_cpp_cfg generates a dependency output, but because it's invoked using
if_changed rather than if_changed_dep, that dependency file is ignored.
This results in Kbuild not knowing about which files u-boot.cfg depends
on, so it may not be rebuilt when required.

A practical result of this is that u-boot.cfg may continue to reference
CONFIG_ options that no longer exist in the source tree, and this can
cause the adhoc config options check to fail.

This change modifies Makefile to use if_changed_dep, which in turn causes
all dependencies to be known to the next make invocation.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
2016-09-22 11:34:59 -04:00
Simon Glass
371244cb19 Makefile: Give a build error if ad-hoc CONFIG options are added
New CONFIG options should be added via Kconfig. To help prevent new ad-hoc
CONFIGs from being added, give a build error when these are detected.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Stephen Warren <swarren@nvidia.com>
Tested-by: Stephen Warren <swarren@nvidia.com>
2016-09-16 17:27:24 -04:00
Shengzhou Liu
b9e745bbe2 driver/ddr/fsl: Add general MMDC driver and reuse common MMDC driver for ls1012a
This general MMDC driver adds basic support for Freescale MMDC
(Multi Mode DDR Controller). Currently MMDC is integrated on ARMv8
LS1012A SoC for DDR3L, there will be a update to this driver to
support more flexible configuration if new features (DDR4, multiple
controllers/chip selections, etc) are implimented in future.

Meantime, reuse common MMDC driver for LS1012ARDB/LS1012AQDS/
LS1012AFRDM.

Signed-off-by: Shengzhou Liu <Shengzhou.Liu@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-09-14 14:08:22 -07:00
Tom Rini
8cbb389bb3 Prepare v2016.09
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-09-12 10:05:51 -04:00
Tom Rini
1d3bcb66ee Prepare v2016.09-rc2
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-08-22 20:30:42 -04:00
Vignesh R
68a2fd4357 Makefile: Remove tags file on mrproper
make tags creates a symbolic link called tags to ctags. Remove this file
on make mrproper or make distclean.

Signed-off-by: Vignesh R <vigneshr@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-08-20 14:03:27 -04:00
Maxime Ripard
f2a9942fbc tests: Introduce DT overlay tests
This adds a bunch of unit tests for the "fdt apply" command.

They've all been run successfully in the sandbox. However, as you still
require an out-of-tree dtc with overlay support, this is disabled by
default.

Acked-by: Simon Glass <sjg@chromium.org>
Acked-by: Pantelis Antoniou <pantelis.antoniou@konsulko.com>
Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
2016-08-20 11:35:07 -04:00
Chris Zankel
de5e5cea02 xtensa: add support for the xtensa processor architecture [1/2]
The Xtensa processor architecture is a configurable, extensible,
and synthesizable 32-bit RISC processor core provided by Cadence.

This is the first part of the basic architecture port with changes to
common files. The 'arch/xtensa' directory, and boards and additional
drivers will be in separate commits.

Signed-off-by: Chris Zankel <chris@zankel.net>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-08-15 18:46:38 -04:00
Simon Glass
633cc7ae96 Makefile: Allow 'make tests' to run tests
Add this shortcut for running tests. Unfortunately 'make test' cannot be
used as it is an existing directory.

Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Teddy Reed <teddy.reed@gmail.com>
2016-08-05 20:55:18 -04:00
Stephen Warren
61f5ddcb7a Add a power domain framework/uclass
Many SoCs allow power to be applied to or removed from portions of the SoC
(power domains). This may be used to save power. This API provides the
means to control such power management hardware.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Acked-by: Simon Glass <sjg@chromium.org>
2016-07-27 16:29:56 -06:00
Tom Rini
4579720412 Prepare v2016.09-rc1
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-07-25 22:25:52 -04:00
Tom Rini
ebe621d5fb Merge git://git.denx.de/u-boot-dm 2016-07-15 08:06:22 -04:00
Simon Glass
054b3a1e80 dm: Makefile: Build of-platdata before SPL
Since SPL needs the of-platdata structures, build these before starting
to build any SPL components.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-07-14 20:40:24 -06:00
Simon Glass
7fcdac0ee9 sandbox: Don't print a warning for CONFIG_I2C_COMPAT
Sandbox includes this code to provide build coverage. While we retain this
feature we should have sandbox build it. Sandbox does not in fact use the
I2C compatibility mode. Showing a warning for sandbox is just confusing,
since no conversion is expected.

Drop the warning for sandbox.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-07-14 20:40:24 -06:00
Simon Glass
022885cb9c tools: Allow building with debug enabled
Sometimes it is useful to build tools with debugging information included so
that line-number information is available when run under gdb. Add a Kconfig
option to support this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-07-14 18:22:31 -04:00
Tom Rini
19ce924ff9 Prepare v2016.07
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-07-11 15:01:01 -04:00
Tom Rini
0e1e587ff4 Prepare v2016.07-rc3
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-07-01 17:43:17 -04:00
Masahiro Yamada
4141e85bcd kbuild: avoid race between dtbs and dt/dt.dtb targets
If the final targets depend on both "dtbs" and "dts/dt.dtb",
and -j option is given to the command line, multiple threads
descend into the dts/ directory, which causes build error.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Tested-by: Andreas Dannenberg <dannenberg@ti.com>
2016-06-24 17:24:41 -04:00
Vagrant Cascadian
42ffa51fd4 Use C locale when setting CC_VERSION_STRING and LD_VERSION_STRING.
The output reported may be locale-dependent, which results in
unreproducible builds.

  $ LANG=C ld --version | head -n 1
    GNU ld (GNU Binutils for Debian) 2.26

  $ LANG=it_CH.UTF-8 ld --version | head -n 1
    ld di GNU (GNU Binutils for Debian) 2.26

Forcing LC_ALL=C ensures the output is consistant regardless of the
build environment.

Thanks to HW42 for debugging the issue:

  https://lists.alioth.debian.org/pipermail/reproducible-builds/Week-of-Mon-20160606/005722.html

For more information about reproducible builds:

  https://reproducible-builds.org/

Signed-off-by: Vagrant Cascadian <vagrant@debian.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-06-24 17:23:10 -04:00
Tom Rini
46fd625dfe Prepare v2016.07-rc2
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-06-20 11:14:12 -04:00
Tom Rini
b104b3dc1d Prepare v2016.07-rc1
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-06-06 17:43:54 -04:00
Simon Glass
89b199c3d4 Remove/update old generic-board documentation and warning
Remove the warning from the Makefile, since boards that do not use generic
board will no longer build. Also update documentation.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Andreas Bießmann <andreas@biessmann.org>
2016-05-27 15:39:50 -04:00
Bin Meng
0fbdaa0e07 acpi: Clean IASL generated intermediate files
For boards that support ACPI, there are dsdt.aml, dsdt.asl.tmp and
dsdt.c in the board directory after a successful build. These are
intermediate files generated by IASL, and should be removed during
a 'make clean'.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-05-23 15:18:00 +08:00
Tom Rini
aeaec0e682 Prepare v2016.05
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-05-16 10:40:32 -04:00