| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the board is configured without CONFIG_GIC_V3_ITS, an error occurs:
board/freescale/lx2160a/lx2160a.c: In function ‘ft_board_setup’:
board/freescale/lx2160a/lx2160a.c:673:6: error: unused variable
‘gic_lpi_base’ [-Werror=unused-variable]
673 | u64 gic_lpi_base;
| ^~~~~~~~~~~~
Let's define the variable as __maybe_unused.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
| |
|
|
|
|
|
| |
Fix board name for ls1012afrwy
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
| |
|
|
|
|
|
|
|
|
| |
If CONFIG_CMD_NAND is disabled, get_nand_dev_by_index() is not
accessible.
This fix allows the build to succeed in this case.
Signed-off-by: Francois Gervais <fgervais@distech-controls.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
https://gitlab.denx.de/u-boot/custodians/u-boot-arc
This is pretty minor set of changes mostly touching HSDK board:
* Enable on-chip reset controller on HSDK
* Add possibility to turn-on & off L2$ on more
recent ARC HS processors.
* AXI tunnel clock calculation on HSDK
|
| | |
| |
| |
| |
| |
| |
| |
| | |
We set wrong tunnel PLL frequency when we request 125MHz tunnel clock.
Fix that.
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
As the driver of on-chip reset controller became available
we are ready to enable it.
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Force inlining of IOC related functions used in other cache
functions. This is preventive change.
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Since version 3.0 ARC HS supports SL$ (L2 system level cache)
disable. So add support for SL$ disable/enable to code.
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
https://gitlab.denx.de/u-boot/custodians/u-boot-efi
Pull request for UEFI sub-system for efi-2020-07-rc1
This pull request
* provides an implementation of UEFI secure booting
* fixes a problem with the rsa_mod_exp driver which stops some boards
from booting when CONFIG_RSA is enabled which is needed for UEFI
secure booting
* enables the EFI_RNG_PROTOCOL if DM_RNG is enabled
* fixes some function comments
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A small text in docs/uefi/uefi.rst was added to explain how we can
configure and utilise UEFI secure boot feature on U-Boot.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Pytest for UEFI secure boot will use several host commands.
In particular, Test setup relies on efitools, whose version must be v1.5.2
or later. So fetch a new version of deb package directly.
Please note it has a dependency on mtools, which must also be installed
along wih efitools.
In addition, the path, '/sbin', is added to PATH for use of sgdisk and
mkfs.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Adding those extra configurations allows us to successfully run UEFI
secure boot pytest on Travis CI.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Provide test cases for
* image authentication for signed images
(test_efi_secboot/test_signed.py)
* image authentication for unsigned images
(test_efi_secboot/test_unsigned.py)
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Provide a couple of test cases for variable authentication.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A fixture for UEFI secure boot tests (image authentication and variable
authentication) is defined. A small file system with test data in a single
partition formatted in fat is created.
This test requires efitools v1.5.2 or later. If the system's efitools
is older, you have to build it on your own and define EFITOOLS_PATH.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This sub-command will be used to test image authentication,
in particular, a case where efi_load_image() failed with
EFI_SECURITY_VIOLATION but we still want to try efi_start_image().
We won't run such a case under normal bootmgr because it simply
refuses to call efi_start_image() if anything but EFI_SUCCESS
is returned when loading an image.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
With "-at" option, EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
will be passed to SetVariable() to authenticate the variable.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A signature database variable is associated with a specific guid.
For convenience, if user doesn't supply any guid info, "env set|print -e"
should complement it.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The following variable is exported as UEFI specification defines:
SignatureSupport: array of GUIDs representing the type of signatures
supported by the platform firmware
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
With this commit, image validation can be enforced, as UEFI specification
section 32.5 describes, if CONFIG_EFI_SECURE_BOOT is enabled.
Currently we support
* authentication based on db and dbx,
so dbx-validated image will always be rejected.
* following signature types:
EFI_CERT_SHA256_GUID (SHA256 digest for unsigned images)
EFI_CERT_X509_GUID (x509 certificate for signed images)
Timestamp-based certificate revocation is not supported here.
Internally, authentication data is stored in one of certificates tables
of PE image (See efi_image_parse()) and will be verified by
efi_image_authenticate() before loading a given image.
It seems that UEFI specification defines the verification process
in a bit ambiguous way. I tried to implement it as closely to as
EDK2 does.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The following variable is exported as UEFI specification defines:
VendorKeys: whether the system is configured to use only vendor-provided
keys or not
The value will have to be modified if a platform has its own way of
initializing signature database, in particular, PK.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
UEFI specification defines several global variables which are related to
the current secure boot state. In this commit, those values will be
maintained according to operations. Currently, AuditMode and DeployedMode
are defined but not implemented.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
With this commit, EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
is supported for authenticated variables and the system secure state
will transfer between setup mode and user mode as UEFI specification
section 32.3 describes.
Internally, authentication data is stored as part of authenticated
variable's value. It is nothing but a pkcs7 message (but we need some
wrapper, see efi_variable_parse_signature()) and will be validated by
efi_variable_authenticate(), hence efi_signature_verify_with_db().
Associated time value will be encoded in "{...,time=...}" along with
other UEFI variable's attributes.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
efi_signature_parse_sigdb() is a helper function will be used to parse
signature database variable and instantiate a signature store structure
in later patches.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In this commit, implemented are a couple of helper functions which will be
used to materialize variable authentication as well as image authentication
in later patches.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Under this configuration, UEFI secure boot support will be added
in later patches.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Function rsa_verify_key() is not called before relocation. So there is no
need to load the UCLASS_MOD_EXP drivers before relocation.
This avoid a failure to boot for pine64-lts_defconfig with CONFIG_RSA=y.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Correct function descriptions in efi_watchdog.c.
Add the descriptions to the generated HTML documentation.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Add missing descriptions for functions in efi_disk.c.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Correct function descriptions in efi_unicode_collation.c
Add the Unicode collation protocol to the generated HTML documentation.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Enable EFI_RNG_PROTOCOL by default if DM_RNG is set.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Acked-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Remove superfluous 'if DM_RNG'
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
| |\ \ \
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | | |
Functions for reading indexed values from device tree
Enhancements to 'dm' command
Log test enhancements and syslog driver
DM change to read parent ofdata before children
Minor fixes
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
At present a device can read its ofdata before its parent has done the
same. This can cause problems in the case where the parent has a 'ranges'
property, thus affecting the operation of dev_read_addr(), for example.
We already probe parent devices before children so it does not seem to be
a large step to do the same with ofdata.
Make the change and update the documentation in this area.
Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Ley Foon Tan <ley.foon.tan@intel.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add a new test for fdtdec_set_carveout().
Signed-off-by: Laurentiu Tudor <laurentiu.tudor@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Drop blank line at EFO:
Signed-off-by: Simon Glass <sjg@chromium.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
fdtdec_set_carveout() is limited to only one phandle. Fix this
limitation by adding support for multiple phandles.
Signed-off-by: Laurentiu Tudor <laurentiu.tudor@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The content dm_ofnode_pre_reloc() is identical with ofnode_pre_reloc()
defined in drivers/core/ofnode.c and used only three times:
- drivers/core/lists.c:lists_bind_fdt()
- drivers/clk/at91/pmc.c::at91_clk_sub_device_bind
- drivers/clk/altera/clk-arria10.c::socfpga_a10_clk_bind
So this function dm_ofnode_pre_reloc can be removed and replaced
by these function calls by ofnode_pre_reloc().
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Acked-by: Simon Glass <sjg@chromium.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Now reading a 32 bit value from a device-tree property can be expressed
as reading the first element of an array with a single value.
Signed-off-by: Dario Binacchi <dariobin@libero.it>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The patch adds helper functions to allow reading a single indexed u32
value from a device-tree property containing multiple u32 values, that
is an array of integers.
Signed-off-by: Dario Binacchi <dariobin@libero.it>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add test case to cover dev_read_u64 and dev_read_u64_default functions.
Signed-off-by: Dario Binacchi <dariobin@libero.it>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When removing a device the power domains it uses are generally powered
off. But when we are trying to unbind all devices (e.g. for running tests)
we don't want to probe a device in the 'remove' path.
Add a new flag to skip this power-down step.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This failure path is tricky to debug since it continues after failure and
there are a lot of error paths. Add logging to help.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
'fdt systemsetup' wasn't working, due to the fact that the 'set' command
was being parsed in do_fdt() by only testing for the leading 's' instead
of "se", which kept the "sys" test further down from executing. Changed
to test for "se" instead, now 'fdt systemsetup' works (to test the
ft_system_setup proc w/o having to boot a kernel).
Signed-off-by: Tom Warren <twarren@nvidia.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
'bootefi hello' is used in one of the Python tests.
efidebug can be used to verify the correct initialization of the UEFI
sub-system.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromum.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently we are not able to test reservations created by ft_board_setup().
Implement ft_board_setup() to create an arbitrary reservation and enable
OF_BOARD_SETUP.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromum.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
For testing the handling of memory reservations create a reserved-memory
node in sandbox.dts and sandbox64.dts.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromum.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Quite often on a series that has clean-up patches, the individual patches
may fit within the cc limit but the cover letter does not. Apply the same
limit to the cover letter.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
%s/UCLASS_ETHERNET/UCLASS_ETH/g
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
For testing purposes enable the syslog logging driver.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Provide unit tests for the syslog logging driver.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If CONFIG_LOG=n, we still expect output for log_err(), log_warning(),
log_notice(), log_info() and in case of DEBUG=1 also for log_debug().
Provide unit tests verifying this.
The tests depend on:
CONFIG_CONSOLE_RECORD=y
CONFIG_LOG=n
CONFIG_UT_LOG=y
It may be necessary to increase the value of CONFIG_SYS_MALLOC_F_LEN to
accommodate CONFIG_CONSOLE_RECORD=y.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
