From 224b72e639e87040a1845cf9795b45417e064bba Mon Sep 17 00:00:00 2001 From: Che-Liang Chiou Date: Thu, 25 Oct 2012 16:31:07 +0000 Subject: fdt: Load boot command from device tree Load boot command from /config/bootcmd of device tree if present. Signed-off-by: Tom Wai-Hong Tam Signed-off-by: Che-Liang Chiou Signed-off-by: Simon Glass --- common/main.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'common') diff --git a/common/main.c b/common/main.c index 592ce077d2..48bed95386 100644 --- a/common/main.c +++ b/common/main.c @@ -30,6 +30,7 @@ #include #include #include +#include #include #include #ifdef CONFIG_MODEM_SUPPORT @@ -40,6 +41,10 @@ #include #endif +#ifdef CONFIG_OF_CONTROL +#include +#endif + #include #include #include @@ -284,7 +289,10 @@ void main_loop (void) int rc = 1; int flag; #endif - +#if defined(CONFIG_BOOTDELAY) && (CONFIG_BOOTDELAY >= 0) && \ + defined(CONFIG_OF_CONTROL) + char *env; +#endif #if defined(CONFIG_BOOTDELAY) && (CONFIG_BOOTDELAY >= 0) char *s; int bootdelay; @@ -380,6 +388,12 @@ void main_loop (void) else #endif /* CONFIG_BOOTCOUNT_LIMIT */ s = getenv ("bootcmd"); +#ifdef CONFIG_OF_CONTROL + /* Allow the fdt to override the boot command */ + env = fdtdec_get_config_string(gd->fdt_blob, "bootcmd"); + if (env) + s = env; +#endif /* CONFIG_OF_CONTROL */ debug ("### main_loop: bootcmd=\"%s\"\n", s ? s : ""); -- cgit v1.2.1 From 3b73459ea3421e9f8c6c8c62e1d3fe458ca5bc56 Mon Sep 17 00:00:00 2001 From: Gabe Black Date: Thu, 25 Oct 2012 16:31:08 +0000 Subject: fdt: Tell the FDT library where the device tree is This change adds a call to set_working_fdt_addr near the end of u-boot initialization which tells the fdt command/library where the device tree is. This makes it possible to use the fdt command to look at the active device tree since otherwise there would be no way to know what address it was at to set things up manually. Signed-off-by: Gabe Black Signed-off-by: Simon Glass --- common/main.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'common') diff --git a/common/main.c b/common/main.c index 48bed95386..fd70928a72 100644 --- a/common/main.c +++ b/common/main.c @@ -45,6 +45,10 @@ #include #endif +#ifdef CONFIG_OF_LIBFDT +#include +#endif /* CONFIG_OF_LIBFDT */ + #include #include #include @@ -418,6 +422,10 @@ void main_loop (void) #endif /* CONFIG_MENUKEY */ #endif /* CONFIG_BOOTDELAY */ +#if defined CONFIG_OF_CONTROL + set_working_fdt_addr((void *)gd->fdt_blob); +#endif /* CONFIG_OF_CONTROL */ + /* * Main Loop for Monitor Command Processing */ -- cgit v1.2.1 From 67e1ea26e89e19a550d86d6408f39d815eedaa7f Mon Sep 17 00:00:00 2001 From: Doug Anderson Date: Thu, 25 Oct 2012 16:31:09 +0000 Subject: fdt: Allow device tree to specify secure booting When secure booting is chosen: * The u-boot shell is never invoked during boot--we just do a simple table lookup to find the command. This means we could even remove the shell parsing from u-boot and still be able to boot. * The boot command can't be interruped. * Failure doesn't cause us to fall back to the shell. Signed-off-by: Gabe Black Signed-off-by: Doug Anderson Signed-off-by: Simon Glass --- common/main.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) (limited to 'common') diff --git a/common/main.c b/common/main.c index fd70928a72..61c6cac882 100644 --- a/common/main.c +++ b/common/main.c @@ -283,6 +283,59 @@ int abortboot(int bootdelay) # endif /* CONFIG_AUTOBOOT_KEYED */ #endif /* CONFIG_BOOTDELAY >= 0 */ +/* + * Runs the given boot command securely. Specifically: + * - Doesn't run the command with the shell (run_command or parse_string_outer), + * since that's a lot of code surface that an attacker might exploit. + * Because of this, we don't do any argument parsing--the secure boot command + * has to be a full-fledged u-boot command. + * - Doesn't check for keypresses before booting, since that could be a + * security hole; also disables Ctrl-C. + * - Doesn't allow the command to return. + * + * Upon any failures, this function will drop into an infinite loop after + * printing the error message to console. + */ + +#if defined(CONFIG_BOOTDELAY) && (CONFIG_BOOTDELAY >= 0) && \ + defined(CONFIG_OF_CONTROL) +static void secure_boot_cmd(char *cmd) +{ + cmd_tbl_t *cmdtp; + int rc; + + if (!cmd) { + printf("## Error: Secure boot command not specified\n"); + goto err; + } + + /* Disable Ctrl-C just in case some command is used that checks it. */ + disable_ctrlc(1); + + /* Find the command directly. */ + cmdtp = find_cmd(cmd); + if (!cmdtp) { + printf("## Error: \"%s\" not defined\n", cmd); + goto err; + } + + /* Run the command, forcing no flags and faking argc and argv. */ + rc = (cmdtp->cmd)(cmdtp, 0, 1, &cmd); + + /* Shouldn't ever return from boot command. */ + printf("## Error: \"%s\" returned (code %d)\n", cmd, rc); + +err: + /* + * Not a whole lot to do here. Rebooting won't help much, since we'll + * just end up right back here. Just loop. + */ + hang(); +} + +#endif /* CONFIG_OF_CONTROL */ + + /****************************************************************************/ void main_loop (void) @@ -397,6 +450,15 @@ void main_loop (void) env = fdtdec_get_config_string(gd->fdt_blob, "bootcmd"); if (env) s = env; + + /* + * If the bootsecure option was chosen, use secure_boot_cmd(). + * Always use 'env' in this case, since bootsecure requres that the + * bootcmd was specified in the FDT too. + */ + if (fdtdec_get_config_int(gd->fdt_blob, "bootsecure", 0)) + secure_boot_cmd(env); + #endif /* CONFIG_OF_CONTROL */ debug ("### main_loop: bootcmd=\"%s\"\n", s ? s : ""); -- cgit v1.2.1 From d95f6ec7334076a1e4b13f3748ebfd1b58ac90f6 Mon Sep 17 00:00:00 2001 From: Gabe Black Date: Thu, 25 Oct 2012 16:31:10 +0000 Subject: fdt: Add option to default to most compatible conf in a fit image When booting a fit image with multiple configurations, the user either has to specify which configuration to use explicitly, or there has to be a default defined which is chosen automatically. This change adds an option to change that behavior so that a configuration can be selected explicitly, or the configuration which has the device tree that claims to be compatible with the earliest item in U-Boot's device tree. In other words, if U-Boot claimed to be compatible with A, B, and then C, and the configurations claimed to be compatible with A, D and B, D and D, E, the first configuration, A, D, would be chosen. Both the first and second configurations match, but the first one matches a more specific entry in U-Boot's device tree. The order in the kernel's device tree is ignored. Signed-off-by: Gabe Black Commit-Ready: Gabe Black Signed-off-by: Simon Glass --- common/cmd_bootm.c | 11 +++++ common/image.c | 127 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 138 insertions(+) (limited to 'common') diff --git a/common/cmd_bootm.c b/common/cmd_bootm.c index d256ddfaa6..4dbe952bb0 100644 --- a/common/cmd_bootm.c +++ b/common/cmd_bootm.c @@ -949,8 +949,19 @@ static void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc, * node */ bootstage_mark(BOOTSTAGE_ID_FIT_NO_UNIT_NAME); +#ifdef CONFIG_FIT_BEST_MATCH + if (fit_uname_config) + cfg_noffset = + fit_conf_get_node(fit_hdr, + fit_uname_config); + else + cfg_noffset = + fit_conf_find_compat(fit_hdr, + gd->fdt_blob); +#else cfg_noffset = fit_conf_get_node(fit_hdr, fit_uname_config); +#endif if (cfg_noffset < 0) { bootstage_error(BOOTSTAGE_ID_FIT_NO_UNIT_NAME); return NULL; diff --git a/common/image.c b/common/image.c index df642e656c..e93b6e89cf 100644 --- a/common/image.c +++ b/common/image.c @@ -3049,6 +3049,133 @@ int fit_check_format(const void *fit) return 1; } + +/** + * fit_conf_find_compat + * @fit: pointer to the FIT format image header + * @fdt: pointer to the device tree to compare against + * + * fit_conf_find_compat() attempts to find the configuration whose fdt is the + * most compatible with the passed in device tree. + * + * Example: + * + * / o image-tree + * |-o images + * | |-o fdt@1 + * | |-o fdt@2 + * | + * |-o configurations + * |-o config@1 + * | |-fdt = fdt@1 + * | + * |-o config@2 + * |-fdt = fdt@2 + * + * / o U-Boot fdt + * |-compatible = "foo,bar", "bim,bam" + * + * / o kernel fdt1 + * |-compatible = "foo,bar", + * + * / o kernel fdt2 + * |-compatible = "bim,bam", "baz,biz" + * + * Configuration 1 would be picked because the first string in U-Boot's + * compatible list, "foo,bar", matches a compatible string in the root of fdt1. + * "bim,bam" in fdt2 matches the second string which isn't as good as fdt1. + * + * returns: + * offset to the configuration to use if one was found + * -1 otherwise + */ +int fit_conf_find_compat(const void *fit, const void *fdt) +{ + int ndepth = 0; + int noffset, confs_noffset, images_noffset; + const void *fdt_compat; + int fdt_compat_len; + int best_match_offset = 0; + int best_match_pos = 0; + + confs_noffset = fdt_path_offset(fit, FIT_CONFS_PATH); + images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH); + if (confs_noffset < 0 || images_noffset < 0) { + debug("Can't find configurations or images nodes.\n"); + return -1; + } + + fdt_compat = fdt_getprop(fdt, 0, "compatible", &fdt_compat_len); + if (!fdt_compat) { + debug("Fdt for comparison has no \"compatible\" property.\n"); + return -1; + } + + /* + * Loop over the configurations in the FIT image. + */ + for (noffset = fdt_next_node(fit, confs_noffset, &ndepth); + (noffset >= 0) && (ndepth > 0); + noffset = fdt_next_node(fit, noffset, &ndepth)) { + const void *kfdt; + const char *kfdt_name; + int kfdt_noffset; + const char *cur_fdt_compat; + int len; + size_t size; + int i; + + if (ndepth > 1) + continue; + + kfdt_name = fdt_getprop(fit, noffset, "fdt", &len); + if (!kfdt_name) { + debug("No fdt property found.\n"); + continue; + } + kfdt_noffset = fdt_subnode_offset(fit, images_noffset, + kfdt_name); + if (kfdt_noffset < 0) { + debug("No image node named \"%s\" found.\n", + kfdt_name); + continue; + } + /* + * Get a pointer to this configuration's fdt. + */ + if (fit_image_get_data(fit, kfdt_noffset, &kfdt, &size)) { + debug("Failed to get fdt \"%s\".\n", kfdt_name); + continue; + } + + len = fdt_compat_len; + cur_fdt_compat = fdt_compat; + /* + * Look for a match for each U-Boot compatibility string in + * turn in this configuration's fdt. + */ + for (i = 0; len > 0 && + (!best_match_offset || best_match_pos > i); i++) { + int cur_len = strlen(cur_fdt_compat) + 1; + + if (!fdt_node_check_compatible(kfdt, 0, + cur_fdt_compat)) { + best_match_offset = noffset; + best_match_pos = i; + break; + } + len -= cur_len; + cur_fdt_compat += cur_len; + } + } + if (!best_match_offset) { + debug("No match found.\n"); + return -1; + } + + return best_match_offset; +} + /** * fit_conf_get_node - get node offset for configuration of a given unit name * @fit: pointer to the FIT format image header -- cgit v1.2.1 From fcabc24f4fd2fd581036c7a20eee47a204f04f39 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Thu, 25 Oct 2012 16:31:11 +0000 Subject: fdt: Set kernaddr if fdt indicates a kernel is present If kernel-offset is specified in the fdt, set an environment variable so that scripts can access the attached kernel. This can be used by a packaging program to tell U-Boot about a kernel that has been downloaded alongside U-Boot. The value in the fdt is the offset of the kernel from the start of the U-Boot image, so we can find it just by adding CONFIG_SYS_TEXT_BASE. It is then fairly easy to put something like this in the environment variables in the board header file: "if test ${kernaddr} != \"\"; then "\ "echo \"Using bundled kernel\"; "\ "bootm ${kernaddr};" \ "fi; "\ /* rest of boot sequence follows here */ Signed-off-by: Simon Glass --- common/main.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'common') diff --git a/common/main.c b/common/main.c index 61c6cac882..8052d4222e 100644 --- a/common/main.c +++ b/common/main.c @@ -333,6 +333,20 @@ err: hang(); } +static void process_fdt_options(const void *blob) +{ + ulong addr; + + /* Add an env variable to point to a kernel payload, if available */ + addr = fdtdec_get_config_int(gd->fdt_blob, "kernel-offset", 0); + if (addr) + setenv_addr("kernaddr", (void *)(CONFIG_SYS_TEXT_BASE + addr)); + + /* Add an env variable to point to a root disk, if available */ + addr = fdtdec_get_config_int(gd->fdt_blob, "rootdisk-offset", 0); + if (addr) + setenv_addr("rootaddr", (void *)(CONFIG_SYS_TEXT_BASE + addr)); +} #endif /* CONFIG_OF_CONTROL */ @@ -451,6 +465,8 @@ void main_loop (void) if (env) s = env; + process_fdt_options(gd->fdt_blob); + /* * If the bootsecure option was chosen, use secure_boot_cmd(). * Always use 'env' in this case, since bootsecure requres that the -- cgit v1.2.1