When kernel uses file system encryption, fscrypt on UBIFS v5,
after a hard power cycle UBIFS journal replay fails which results in mount failure.
Failure logs:
UBIFS: recovery needed
UBIFS error (pid 0): ubifs_validate_entry: bad directory entry node
UBIFS error (pid 0): replay_bud: bad node is at LEB 890:24576
UBIFS error (pid 0): ubifs_mount: Error reading superblock on volume 'ubi0:rootfs' errno=-22!
This change is ported from kernel:
commit id: 304790c038bc4af4f19774705409db27eafb09fc
Kernel commit description:
Kernel commit description:
ubifs: Relax checks in ubifs_validate_entry()
With encrypted filenames we store raw binary data, doing
string tests is no longer possible.
Signed-off-by: rminnikanti <rminnikanti@marvell.com>
Reviewed-by: Heiko Schocher <hs@denx.de>
Safety guard in the U-Boot filesystem glue code, because these functions
are called from different parts of the codebase. For generic filesystem
handling this should have been checked in blk_get_device_part_str()
already. Commands from cmd/ubifs.c should also check this before
calling those functions, but you never know?!
Signed-off-by: Alexander Dahl <ada@thorsis.com>
Although kfree() is in fact only a slim wrapper to free() in U-Boot, use
kfree() here, because those structs where allocated with kalloc() or
kzalloc().
Signed-off-by: Alexander Dahl <ada@thorsis.com>
Global superblock pointer 'ubifs_sb' and volume pointer 'ubi' of type
struct ubi_volume_desc in private member sb->s_fs_info of type struct
ubifs_info, can be allocated and freed at runtime, and allocated and
freed again, depending which console or script commands are run. In
some cases ubifs_sb is even tested to determine if the filesystem is
mounted. Reset those pointers to NULL after free to clearly mark them
as not valid. This avoids potential double free on invalid pointers.
(The ubifs_sb pointer was already reset, but that statement was moved
now to directly after the free() to make it easier to understand.)
Signed-off-by: Alexander Dahl <ada@thorsis.com>
When mounting ubifs e.g. through command 'ubifsmount' one global static
superblock 'ubifs_sb' is used _and_ the requested volume is opened (like
in Linux). The pointer returned by 'ubifs_open_volume()' is stored in
that superblock struct and freed later on cmd 'ubifsumount' or another
call to 'ubifsmount' with a different volume, through ubifs_umount() and
ubi_close_volume().
In ubifs_ls(), ubifs_exists(), ubifs_size(), and ubifs_read() the volume
was opened again, which is technically no problem with regard to
refcounting, but here the still valid pointer in sb was overwritten,
leading to a memory leak. Even worse, when using one of those
functions and calling ubifsumount later, ubi_close_volume() was called
again but now on an already freed pointer, leading to a double free.
This actually crashed with different invalid memory accesses on a board
using the old distro boot and a rather long script handling RAUC
updates.
Example:
> ubi part UBI
> ubifsmount ubi0:boot
> test -e ubi ubi0:boot /boot.scr.uimg
> ubifsumount
The ubifs specific commands 'ubifsls' and 'ubifsload' check for a
mounted volume by themselves, for the generic fs variants 'ls', 'load',
(and 'size', and 'test -e') this is covered by special ubifs handling in
fs_set_blk_dev() and deeper down blk_get_device_part_str() then. So for
ubifs_ls(), ubifs_exists(), ubifs_size(), and ubifs_read() we can be
sure the volume is opened and the necessary struct pointer in sb is
valid, so it is not needed to open volume again.
Fixes: 9eefe2a2b3 ("UBIFS: Implement read-only UBIFS support in U-Boot")
Fixes: 29cc5bcadf ("ubifs: Add functions for generic fs use")
Signed-off-by: Alexander Dahl <ada@thorsis.com>
Back when the TPM subsystem was refactored tpm_tis_wait_init() ended up
being called after tpm_tis_init() which initializes values the former needs.
Since we added more TPM chipsets since then sitting on an i2c bus, this patch
folds in tpm_tis_wait_init into tpm_tis_init and makes sure it's called in the
right order regardless of the bus the TPM sits on.
i2c updates for v2024.10-rc3 (second try)
- i2c: samsung: Support platforms other than EXYNOS4 and EXYNOS5
from David
- imx_lpi2c: cleanups and support read transfers longer than 256 bytes
from Fedor
- pca954x: Remove pointer to GD
from Michal
- i2c: mux: Fix error path in i2c-arb-gpio
from Michal
The TXFIFO register of LPI2C only has one byte length, and if the length
of the data that needs to be read exceeds 256 bytes, it needs to be
written to TXFIFO multiple times.
Signed-off-by: Fedor Ross <fedor.ross@ifm.com>
Instead of using the hard-coded bus speed value I2C_SPEED_STANDARD_RATE,
use the actual configured bus speed. This way the bus speed doesn't
change suddenly after calling the imx_lpi2c_probe_chip() function for
example.
Signed-off-by: Fedor Ross <fedor.ross@ifm.com>
Newer Samsung SoCs (including newer Exynos, ExynosAuto, Google Tensor)
still use these IPs, or slightly newer versions of it.
Make these drivers available on these platforms by guarding
EXYNOS4/EXYNOS5 specific code behind their configs, and using CCF for
clocks on other platforms.
Tested S3C I2C driver on Exynos7885.
This along with extended clock driver should enable S3C I2C on
Exynos850.
Signed-off-by: David Virag <virag.david003@gmail.com>
Tested-by: Henrik Grimler <henrik@grimler.se>
Reviewed-by: Heiko Schocher <hs@denx.de>
There is no reason to use goto and just call return. Better is to call
return directly which is done for some if/else parts.
Also make no sense to setup ret to -ETIMEDOUT and then to 0.
Return timeout directly.
Signed-off-by: Michal Simek <michal.simek@amd.com>
Reviewed-by: Heiko Schocher <hs@denx.de>
There is no reason to have any pointer to GD that's why remove it.
Signed-off-by: Michal Simek <michal.simek@amd.com>
Reviewed-by: Heiko Schocher <hs@denx.de>
Dhruva Gole <d-gole@ti.com> says:
This series aims to add documentation around the boot flow and tispl
packaging details regarding the TIFS Stub. While at it, also refactors the
k3 common docs to add more labels to provide more granularity on how we
include chunks from common docs into SoC specific docs.
This series also includes the binman related changes required to package
TIFS Stub to support Low Power Modes on BeaglePlay and phycore-am625 SOM.
Add support for packaging the TIFS Stub as it's required for basic Low
Power Modes like Deep Sleep.
The reason it is packaged using binman and not inherently as part of the
DM firmware is because for HS devices, customer owns the customer key
and only customer has access to it.
DM is release by TI, Since TI doesn't have access to the customer key it
cannot have a component that is signed by customer key.
Hence, it's left as part of binman to be signed and packaged.
While at it, also make sure it's documented in phycore-am62x
Reviewed-by: Nishanth Menon <nm@ti.com>
Reviewed-by: Wadim Egorov <w.egorov@phytec.de>
Signed-off-by: Dhruva Gole <d-gole@ti.com>
* Include the actual common documentation about the TIFS Stub and role
it plays to enable Low Power Modes in the platform.
* Add the AM62x boot flow to show at which point the TIFS Stub actually
gets loaded.
* Mention the TIFS Stub in the TISPL image format.
Reviewed-by: Nishanth Menon <nm@ti.com>
Signed-off-by: Dhruva Gole <d-gole@ti.com>
Add support for packaging the TIFS Stub as it's required for basic Low
Power Modes like Deep Sleep.
The reason it is packaged using binman and not inherently as part of the
DM firmware is because for HS devices, customer owns the customer key
and only customer has access to it.
DM is release by TI, Since TI doesn't have access to the customer key it
cannot have a component that is signed by customer key.
Hence, it's left as part of binman to be signed and packaged.
Reviewed-by: Nishanth Menon <nm@ti.com>
Acked-by: Neha Malcom Francis <n-francis@ti.com>
Signed-off-by: Dhruva Gole <d-gole@ti.com>
Since AM62x, AM62P and AM62A all use similar boot flows and their low
power mode s/w ARCH is also similar in the way that they make use of the
TIFS Stub, update their documentation to show where TIFS Stub is.
Reviewed-by: Nishanth Menon <nm@ti.com>
Signed-off-by: Dhruva Gole <d-gole@ti.com>
Use the new boot_firmwares labels that help make documentation more
specific as to which firmwares are used in which devices
Signed-off-by: Dhruva Gole <d-gole@ti.com>
* Add documentation to briefly explain the role of TIFS Stub in relevant
K3 SoC's.
* Shed light on why TIFS Stub isn't package with the DM firmware itself.
* Modify the platform docs wherever the TIFS Stub documentation applies.
* Also, refactor and add a few new labels to help split the firmware
documentation chunks. This will make it easier to include them one by
one wherever applicable
Reviewed-by: Nishanth Menon <nm@ti.com>
Signed-off-by: Dhruva Gole <d-gole@ti.com>
Acked-by: Francesco Dolcini <francesco.dolcini@toradex.com> # verdin-am62
Block devices can already set partition type at initialization
stage, so, in this case is no point in searching for partition type.
Signed-off-by: Alexey Romanov <avromanov@salutedevices.com>
Reviewed-by: Heiko Schocher <hs@denx.de>
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
UBI block is an virtual device, that runs on top
of the MTD layer. The blocks are UBI volumes.
Intended to be used in combination with other MTD
drivers.
Despite the fact that it, like mtdblock abstraction,
it used with UCLASS_MTD, they can be used together
on the system without conflicting. For example,
using bcb command:
# Trying to load bcb via mtdblock:
$ bcb load mtd 0 mtd_partition_name
# Trying to load bcb via UBI block:
$ bcb load ubi 1 ubi_volume_name
User always must attach UBI layer (for example, using
ubi_part()) before using UBI block device.
Signed-off-by: Alexey Romanov <avromanov@salutedevices.com>
Reviewed-by: Heiko Schocher <hs@denx.de>
Acked-by: Heiko Schocher <hs@denx.de>
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
Introduce ubi_volume_offset_write() helper, which
allow to write to ubi volume with specified offset.
Signed-off-by: Alexey Romanov <avromanov@salutedevices.com>
Reviewed-by: Heiko Schocher <hs@denx.de>
Acked-by: Heiko Schocher <hs@denx.de>
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
MTD block - abstraction over MTD subsystem, allowing
to read and write in blocks using BLK UCLASS.
Signed-off-by: Alexey Romanov <avromanov@salutedevices.com>
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
This updates the "old style" DTs to that of Linux v6.10, matching what
OF_UPSTREAM is at now. Hopefully we won't need to do this (manually)
anymore. Since this brings in the DT for a new board (Tanix TX1), also
add the defconfig for that, which has just been waiting for that sync.
There are three more fixes: two for the SPI clock setup, which avoids
too high frequencies in some cases, and one fix to avoid a build warning
with GCC 14 for the sunxi TOC0 part of the mkimage tool.
The gitlab CI passed, and I tested the SPI flash on the OrangePi Zero 3
and also booted that into Linux.
AMD/Xilinx changes for v2024.10-rc2
amd/xilinx:
- Enable CONFIG_MMC_SPEED_MODE_SET
env:
- support overriding spi dev from board code
clk:
- Add set_rate support for display clocks
spi:
- Describe is25lp01gg flash
zynq:
- Add support for 7z010_lr and 7z020_lr
zynqmp:
- Add support for zu1eg_lr
- Enable NFS for Kria
- DT changes
- Cleanup firmware handling in board_init()
versal-net:
- Setup spi seq number based on boot device
- dt-schema update for mini configurations
versal2:
- Disable uartlite driver
- Add support for mini configurations
- Enable NFS
tpm_tis_wait_init() is using the 'chip->timeout_b' field which is
initialized in tpm_tis_init(). However, the init-function is called
*after* tpm_tis_wait_init() introducing an uninitalized field access.
This commit switches both routines.
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Acked-by: Miquel Raynal <miquel.raynal@bootlin.com>
[Ilias removed unusged 'chip' definition in tpm_tis_spi_probe()]
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Fixes: a5c30c26b2 ("tpm: Use the new API on tpm2 spi driver")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
If the maximum frequency is requested, we still fall into the CDR2
handling. But there the minimal divider is 2. For the sun6i and sun8i we
can do better with the CDR1 setting where the minimal divider is 1:
SPI_CLK = MOD_CLK / 2 ^ cdr with cdr = 0
Thus, handle the div = 1 case specially.
While at it, correct the comment above the calculation.
Signed-off-by: Michael Walle <mwalle@kernel.org>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
The CDR2 divider calculation always yield a frequency greater than the
requested one. Use DIV_ROUND_UP() to keep the frequency equal or below
the requested one. This way, we can also drop the "if div > 0" check
because we know for a fact that div cannot be zero.
FWIW, this aligns the CDR2 calculation with the linux driver.
Suggested-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Michael Walle <mwalle@kernel.org>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
The Tanix TX1 is a tiny TV box, featuring the Allwinner H313 SoC with up
to 2GB of DRAM and 16GB of eMMC. There is no SD card or Ethernet port on
this small device, but it can be booted via the USB debug "FEL" mode.
The bootloader could then be written to the eMMC.
Add the defconfig for that board, and add the devicetree file to the
Makefile, for it to be built.
The DRAM parameters were taken from the vendor firmware on the eMMC.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Sync the devicetree files from the official Linux kernel tree, v6.10.
This is covering Allwinner SoCs with 32-bit and 64-bit ARM cores.
Besides mostly cosmectic changes, this adds cpufreq support to H616
boards, Nothing that U-Boot needs for itself, but helpful to pass on
to kernels. We also get the .dts files for the Tanix TX1 TV box and
three Anbernic handheld gaming devices.
As before, this omits the non-backwards compatible changes to the R_INTC
controller, to remain compatible with older kernels.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
C99 introduced the possibility to mark function parameters declared as
arrays with an extra keyword "static":
void foo(uint8_t digest[static SHA256_DIGEST_LENGTH]);
This requires the respective function argument to be at least as large
as specified. Passing in random pointers (like NULL) then becomes
undefined behaviour, and compilers warn about this.
Newer GCC compilers (starting with GCC 14) will also automatically mark
those parameters as "nonnull", and thus warn if a (redundant) NULL check
is done inside the function:
tools/sunxi_toc0.o tools/sunxi_toc0.c
tools/sunxi_toc0.c: In function 'toc0_verify_cert_item':
tools/sunxi_toc0.c:447:12: warning: 'nonnull' argument 'digest' compared to NULL [-Wnonnull-compare]
447 | if (digest && memcmp(&extension->digest, digest, SHA256_DIGEST_LENGTH)) {
| ^
Remove the unnecessary NULL check from toc0_verify_cert_item(), to avoid
the warning.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
[Andre: extend commit message]
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Simon Glass <sjg@chromium.org> says:
This series includes fixes to get some rockchip and nvidia boards
working again. It also drops the broken Beaglebone Black config and
provides a devicetree fix for coral (x86).
The code here is confusing due to large blocks which are #ifdefed out.
Add a function phase_sdram_init() which returns whether SDRAM init
should happen in the current phase, using that as needed to control the
code flow.
This increases code size by about 500 bytes in SPL when the cache is on,
since it must call the rather large rockchip_sdram_size() function.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present gd->ram_size is 0 in SPL, meaning that it is not possible to
enable the cache. Correct this by always populating the RAM size
correctly.
This increases code size by about 500 bytes in SPL, since it must call
the rather large rockchip_sdram_size() function.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
On some boards, the bloblist is created in SPL once SDRAM is ready. It
cannot be accessed until that point, so is not available early in SPL.
Add a condition to avoid a hang in this case.
This fixes a hang in chromebook_coral
Fixes: 70fe238594 ("fdt: Allow the devicetree to come from a bloblist")
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Raymond Mao <raymond.mao@linaro.org>
There is no need to remove input files. It makes it harder to diagnose
failures. Keep the payload file.
There is no test for this condition, but one could be added.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Sughosh Ganu <sughosh.ganu@linaro.org>
The tool must return an error code when invalid arguments are provided,
otherwise binman has no way of knowing that anything went wrong.
Correct this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: fab430be2f ("tools: add mkeficapsule command for UEFI...")
Tools cannot be assumed to be present. Add a check for this with the
mkeficpasule tool.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: b617611b27 ("binman: capsule: Add support for generating...")
