Writing variables AuditMode and DeployedMode serves to switch between
Secure Boot modes. Provide a separate value for these in efi_auth_var_type.
With this patch the variables will not be read from from file even if they
are marked as non-volatile by mistake.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The UEFI specification requires that the signature database may only be
stored in tamper-resistant storage. So these variable may not be read
from an unsigned file.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Define all standard baudrates plus 3 non-standard high speed:
3125000 4000000 5150000
3125000 matches divisor 5 with 250 MHz TCLK and divisor 4 with 200 MHz TCLK.
4000000 is the rounded value for divisor 4 with 250 MHz TCLK (3906250) and
divisor 3 with 200 MHz TCLK (4166666).
5150000 is the rounded value (5208333) for divisor 3 with 250 MHz TCLK.
Testing showed that rounded value is more stable then exactly calculated.
And it is the highest possible baudrate which is stable on A38x platform.
Any other baudrate values above 2500000 are unstable, which is reason why
e.g. standard value 3000000 is not defined, and it is needed to use
non-standard value 3125000.
Tested all defined UART baudrates on Turris Omnia (A38x with 250 MHz TCLK).
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Xilinx changes for v2021.10-rc3
xilinx:
- Disable CONFIG_ARCH_FIXUP_FDT_MEMORY
- Print information about cpu via soc drivers and enable DISPLAY_CPUINFO
- Wire infrastructure for DTB_RESELECT and MULTI_DTB_FIT
zynq:
- Wire single QSPI
- Use power-source instead of io-standard properties
- Enable nor on zc770-xm012
zynqmp:
- Change handling around multi_boot()
- Setup offset for u-boot.itb in spi
- Generate run time dfu_alt_info for capsule update
- Use explicit values for enums (zynqmp_firmware.h)
- Enable RTC/SHA1/BUTTON/BUTTON_GPIO command
- Disable WDT driver by default
- Bind usb/scsi via preboot because of EFI
- DT updates/fixes
- Add soc driver
- Fix SPL SPI boot mode
versal:
- Add soc driver
sdhci:
- Update tap delay programming for zynq_sdhci driver
cmd:
- Fix RTC uclass handling in date command
- Update pwm help message
- Update reset help message
watchdog:
- Fix wwdt compilation
rtc:
- Deal with seq alias in rtc uclass
- Add zynqmp RTC driver
fdt:
- Add kernel-doc for fdt_fixup_memory_banks()
Move tapdelay function calls to zynq_sdhci.c and make them static
inline. zynqmp_tap_delay.h has function prototypes for the functions
defined in tap_delays.c, which will not be needed anymore.
Remove tap_delays.c and zynqmp_tap_delay.h files.
Signed-off-by: Ashok Reddy Soma <ashok.reddy.soma@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
Currently xilinx sdhci driver is using zynqmp_mmio_write() to set
tapdelay values and DLL resets. Continue to use this for SPL and mini
U-Boot where U-Boot will be executed at EL3 level.
Use firmware call xilinx_pm_request() using appropriate arguments to
set input/output tapdelays and also for DLL resets in regular flow(EL2).
Host driver should explicitly request DLL reset before ITAP (assert DLL)
and after OTAP (release DLL) to avoid issues in some cases. Also handle
error return where possible.
Signed-off-by: T Karthik Reddy <t.karthik.reddy@xilinx.com>
Signed-off-by: Ashok Reddy Soma <ashok.reddy.soma@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Jaehoon Chung <jh80.chung@samsung.com>
Rename to common file name to used by all SOC64 devices and change
"_S10_" to "_SOC64_" in base_addr_soc64.h.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Pull request for efi-2021-10-rc3
Documentation:
* Rename Freescale to NXP
* Document structures used for the UEFI TCG2 protocol
UEFI:
* Device paths must use EfiBootServicesData
fsl-qoriq: Fixes related to env, spi, usb, crypto, configs, distro-boot
for Layerscape Boards like lx2, sl28, ls2088ardb.
powerpc: Fixes for t208xrdb revd board and cortina related configs
update for T208xRDB, T4240RDB.
Add function to apply a bitmask to an i2c register, so
that specific bits can be cleared and/or set.
Suggested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Update boot-commands to load device-tree from
boot-device at 'fdt_addr_r' address in DDR
during distro-boot.
Signed-off-by: Priyanka Jain <priyanka.jain@nxp.com>
Use moveconfig.py script to convert below defines to Kconfig and move
these entries to defconfigs.
CONFIG_CORTINA_FW_ADDR
CONFIG_CORTINA_FW_LENGTH
Signed-off-by: Kuldeep Singh <kuldeep.singh@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
Use enum efi_memory_type and enum_allocate_type in the definitions of the
efi_allocate_pages(), efi_allocate_pool().
In the external UEFI API leave the type as int as the UEFI specification
explicitely requires that enums use a 32bit type.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
This commit adds the comment of the TCG Specification
efi_tcg2.h file refers, and comment for the structure.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Define a UCLASS API for verifying ECDSA signatures. Unlike
UCLASS_MOD_EXP, which focuses strictly on modular exponentiation,
the ECDSA class focuses on verification. This is done so that it
better aligns with mach-specific implementations, such as stm32mp.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
TCG PC Client PFP spec requires to measure
"Exit Boot Services Invocation" if ExitBootServices() is invoked.
Depending upon the return code from the ExitBootServices() call,
"Exit Boot Services Returned with Success" or "Exit Boot Services
Returned with Failure" is also measured.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Swap two ifs in efi_exit_boot_services().
efi_tcg2_notify_exit_boot_services must have EFIAPI signature.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
TCG PC Client PFP spec requires to measure "Boot####"
and "BootOrder" variables, EV_SEPARATOR event prior
to the Ready to Boot invocation.
Since u-boot does not implement Ready to Boot event,
these measurements are performed when efi_start_image() is called.
TCG spec also requires to measure "Calling EFI Application from
Boot Option" for each boot attempt, and "Returning from EFI
Application from Boot Option" if a boot device returns control
back to the Boot Manager.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
TCG PC Client PFP spec requires to measure the secure
boot policy before validating the UEFI image.
This commit adds the secure boot variable measurement
of "SecureBoot", "PK", "KEK", "db", "dbx", "dbt", and "dbr".
Note that this implementation assumes that secure boot
variables are pre-configured and not be set/updated in runtime.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
iPXE used Uri() device path nodes. So we should support them in the
device path to text protocol.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
- Convert GoFlex Home Ethernet and SATA to Driver Model (Tony)
- mvebu: Automatically detect CONFIG_SYS_TCLK (Pavel)
- mvebu: sata_mv: Fix HDD identication during cold start (Tony)
- a37xx: pci: Fix handling PIO config error responses (Pavel)
- Other minor misc changes and board maintainer updates
- odroid-n2: fix fdtfile suffix for n2-plus
- sei610 & meson64_android cleanups to prepare android 11 boot support
- use Android BCB mechanism for reboot reason instead of HW reboot flag
- Switch meson64_android boot flow to use abootimg for A/B, AVB and DTBO support
In order to update the DT for rk3188
sync the power domain dt-binding header.
This is the state as of v5.12 in Linux.
Signed-off-by: Johan Jonker <jbx6244@gmail.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
In order to update the DT for rk3066 and rk3188
sync the clock dt-binding header.
This is the state as of v5.12 in Linux.
Signed-off-by: Johan Jonker <jbx6244@gmail.com>
Reviewed-by: Heiko Stuebner <heiko@sntech.de>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Basically all, i.e. rk3036.dtsi, rk3128.dtsi, rk3xxx.dtsi, rk322x.dtsi,
rk3288.dtsi, rk3308-u-boot.dtsi, rk3328-u-boot.dtsi, rk3399-u-boot.dtsi
and px30-u-boot.dtsi Rockchip SoC devicetrees which have mmc indexes
are defining eMMC as mmc0 and sdmmc as mmc1.
This means that the rule to try to boot from the SD card first is ignored,
which as per comment is what we want and is important for distros, which
rely on that.
Fix this by setting the correct mmc index, i.e. first from mmc1 (SD card),
second from mmc0 (eMMC).
Signed-off-by: Alex Bee <knaerzche@gmail.com>
Reviewed-by: Kever Yang <kever.yang@rock-chips.com>
Enable support to the 2 NOR flashes on the QEMU RISC-V virt machine.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Those embers wrapped with CONFIG_SYS_FLASH_CFI in struct flash_info_t
are unconditionally used in the cfi_flash.c driver.
Drop the #ifdefs in the definition of flash_info_t.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Config option CONFIG_SYS_TCLK is set by kw88f6281.h and kw88f6192.h files
to correct SOC/platform value. So do not overwrite it in board config
include files.
Kirkwood 88F6180 and 88F6192 uses 166 MHz TCLK and Kirkwood 88F6281 uses
200 MHz TCLK.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
This mvebu axp platform always uses fixed 250 MHz TCLK. So specify this
CONFIG_SYS_TCLK option in msys section of global file soc.h file instead of
manual configuration in every board file.
Now every #if-#else case of soc.h file defines CONFIG_SYS_TCLK, so remove
useless default CONFIG_SYS_TCLK value from the end of soc.h file.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
This mvebu msys platform always uses fixed 200 MHz TCLK. So specify this
CONFIG_SYS_TCLK option in msys section of global file soc.h file instead of
manual configuration in every board file.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Bit 20 in SAR register specifies if TCLK is running at 200 MHz or 166 MHz.
Use this information instead of manual configuration in every board file.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Bit 15 in SAR register specifies if TCLK is running at 200 MHz or 250 MHz.
Use this information instead of manual configuration in every board file.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Activate the following Kconfig options:
* AVB for Android Verified Boot support
* ADTIMG for merging DTBOs
* ABOOTIMG for extracting Android boot image
Also rework the partitioning tables:
- add a misc partition to handle BCB messages
- add a dtbo partition to store various DTBOs
- add a vbmeta partition for AVB hashes
- Merge vendor and system into the "super" partition
Note: avb support is disables by default. To activate it:
=> setenv force_avb 1;
=> saveenv;
Signed-off-by: Guillaume La Roque <glaroque@baylibre.com>
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Acked-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
doc/README.gpt states:
> The fields 'uuid' and 'uuid_disk' are optional if CONFIG_RANDOM_UUID is
> enabled. A random uuid will be used if omitted or they point to an empty/
> non-existent environment variable. The environment variable will be
> set to the generated UUID. The 'gpt guid' command reads the current
> value of the uuid_disk from the GPT.
Since we have CONFIG_RANDOM_UUID=y, remove the hard-coded uuids
and use meaningful variable names instead.
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Acked-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
There is a mix of spaces and tabs at the leading \. This makes updating
theses lines harder.
Add a single space before each \ for some consistency.
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Acked-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
AVB (Android Verified Boot) is well supported in U-Boot already.
Add support for it in meson64_android.
This is controlled by the "force_avb" environment variable and the
CONFIG_CMD_AVB option.
Signed-off-by: Guillaume La Roque <glaroque@baylibre.com>
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Acked-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
To prepare for AVB support, increase SYS_MALLOC_LEN to 128M.
This value has been found by testing the following on khadas vim3l:
=> avb init
=> avb verify
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Acked-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Permit redefining SYS_MALLOC_LEN for board specific configs.
This is especially useful for Android with AVB, which requires a malloc
length of 128M.
Signed-off-by: Guillaume La Roque <glaroque@baylibre.com>
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Acked-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
