Add support for generating version 5 UUIDs, these are determistic and work
by hashing a "namespace" UUID together with some unique data. One intended
usecase is to allow for dynamically generate payload UUIDs for UEFI
capsule updates, so that supported boards can have their own UUIDs
without needing to hardcode them.
In addition, move the common bit twiddling code from gen_ran_uuid into a
separate function and rewrite it not to use clrsetbits (which is not
available when building as part of host tools).
Tests for this are added in an upcoming patch.
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Caleb Connolly <caleb.connolly@linaro.org>
The EFI_LOADER and EFI config options are randomly scattered under lib/
making it cumbersome to navigate and enable options, unless you really
know what you are doing. On top of that the existing options are in
random order instead of a logical one.
So let's move things around a bit and move them under boot/. Present a
generic UEFI entry where people can select Capsules, Protocols,
Services, and an option to compile U-Boot as an EFI for X86
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
The TCG event log buffer is being set at the end of ram memory. This
region of memory is to be reserved as LMB_NOMAP memory in the LMB
memory map. The current location of this buffer overlaps with the
memory region reserved for the U-Boot image, which is at the top of
the usable memory. This worked earlier as the LMB memory map was not
global but caller specific, but fails now because of the overlap.
Move the TCG event log buffer to the start of the ram memory region
instead. Move the location of the early trace buffer and the load
buffer for U-Boot(spl boot) accordingly.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
All the current function definitions of arch_lmb_reserve() are doing
the same thing -- reserve the U-Boot memory region. The powerpc(ppc)
architecture, in addition, is making some LMB reservations for the
bootm related image loading. Move these ppc specific reservations to
the arch_misc_init() function. This allows to move the U-Boot memory
region reservation to a different function, and remove
arch_lmb_reserve() in a subsequent commit.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add separate config symbols for enabling the LMB module for the SPL
phase. The LMB module implementation now relies on alloced list data
structure which requires heap area to be present. Add specific config
symbol for the SPL phase of U-Boot so that this can be enabled on
platforms which support a heap in SPL.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The LMB memory maps are now being maintained through a couple of
alloced lists, one for the available(added) memory, and one for the
used memory. These lists are not static arrays but can be extended at
runtime. Remove the config symbols which were being used to define the
size of these lists with the earlier implementation of static arrays.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Adjust indentation from spaces to tab (+optional two spaces) as in
coding style with command like:
$ sed -e 's/^ /\t/' -i */Kconfig
Signed-off-by: Anand Moon <linux.amoon@gmail.com>
Simon reports that after enabling all algorithms on the TPM some boards
fail since they don't have enough storage to accommodate the ~5KB growth.
The choice of hash algorithms is determined by the platform and the TPM
configuration. Failing to cap a PCR in a bank which the platform left
active is a security vulnerability. It might allow unsealing of secrets
if an attacker can replay a good set of measurements into an unused bank.
If MEASURED_BOOT or EFI_TCG2_PROTOCOL is enabled our Kconfig will enable
all supported hashing algorithms. We still want to allow users to add a
TPM and not enable measured boot via EFI or bootm though and at the same
time, control the compiled algorithms for size reasons.
So let's add a function tpm2_allow_extend() which checks the TPM active
PCRs banks against the one U-Boot was compiled with. We only allow
extending PCRs if the algorithms selected during build match the TPM
configuration.
It's worth noting that this is only added for TPM2.0, since TPM1.2 is
lacking a lot of code at the moment to read the available PCR banks.
We unconditionally enable SHA1 when a TPM is selected, which is the only
hashing algorithm v1.2 supports.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org> # chromebook-link
All errors are generated by ./tools/qconfig.py -b -j8 -i whatever.
Error look like this:
drivers/crypto/Kconfig:9: warning: style: quotes recommended around
'drivers/crypto/nuvoton/Kconfig' in 'source drivers/crypto/nuvoton/Kconfig'
Signed-off-by: Michal Simek <michal.simek@amd.com>
The correct symbol to enable to have SMBIOS populate fields based on the
device tree is SYSINFO_SMBIOS and not SMBIOS_SYSINFO.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add support for a semihosting fallback on 32-bit ARM. The assembly is
lightly adapted from the irq return code, except there is no offset
since lr already points to the correct instruction. The C side is mostly
like ARM64, except we have fewer cases to deal with.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
This option is independent from any commands and should be managed
under lib. For instance, drivers/block/rkmtd.c is a user.
It would be better to remove this configuration.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
bootX measurements and measurement API moved to u-boot core:
Up to now, U-Boot could perform measurements and EventLog creation as
described by the TCG spec when booting via EFI.
The EFI code was residing in lib/efi_loader/efi_tcg2.c and contained
both EFI specific code + the API needed to access the TPM, extend PCRs
and create an EventLog. The non-EFI part proved modular enough and
moving it around to the TPM subsystem was straightforward.
With that in place we can have a common API for measuring binaries
regardless of the boot command, EFI or boot(m|i|z), and contructing an
EventLog.
I've tested all of the EFI cases -- booting with an empty EventLog and
booting with a previous stage loader providing one and found no
regressions. Eddie tested the bootX part.
Eddie also fixed the sandbox TPM which couldn't be used for the EFI code
and it now supports all the required capabilities. This had a slight
sideeffect in our testing since the EFI subsystem initializes the TPM
early and 'tpm2 init' failed during some python tests. That code only
opens the device though, so we can replace it with 'tpm2 autostart'
which doesn't error out and still allows you to perfom the rest of the
tests but doesn't report an error if the device is already opened.
There's a few minor issues with this PR as well but since testing and
verifying the changes takes a considerable amount of time, I prefer
merging it now.
Heinrich has already sent a PR for -master containing "efi_loader: fix
EFI_ENTRY point on get_active_pcr_banks" and I am not sure if that will
cause any conflicts, but in any case they should be trivial to resolve.
Both the EFI and non-EFI code have a Kconfig for measuring the loaded
Device Tree. The reason this is optional is that we can't reason
when/if devices add random info like kaslr-seed, mac addresses etc in
the DT. In that case measurements are random, board specific and
eventually useless. The reason it was difficult to fix it prior to this
patchset is because the EFI subsystem and thus measurements was brought
up late and DT fixups might have already been applied. With this
patchset we can measure the DT really early in the future.
Heinrich also pointed out that the two Kconfigs for the DTB measurements
can be squashed in a single one and that the documentation only explains
the non-EFI case. I agree on both but as I said this is a sane working
version, so let's pull this first it's aleady big enough and painful to
test.
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James <eajames@linux.ibm.com>
For the API moving around from EFI -> u-boot core
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
For EFI testing
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
If EXT4_WRITE is enabled, write capabilities will be compiled into SPL, but
not CRC16. Add an option to enable CRC16 to avoid linker errors.
Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
U-Boot should set up the SMBIOS tables during startup, as it does on x86.
Ensure that it does this correctly on non-x86 machines too, by creating
an event spy for last-stage init.
Tidy up the installation-condition code while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
When booted from coreboot, U-Boot does not build the SMBIOS tables, but
it should still pass them on to the OS. Add a new option which indicates
whether SMBIOS tables are present, however they were built.
Flip the ordering so that the dependency is listed first, which is less
confusing.
Adjust GENERATE_SMBIOS_TABLE to depend on this new symbol.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
This is needed so we can find the DBG2 table provided by coreboot. Add a
Kconfig so it can be enabled.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
These should not be part of the 'system tables' menu. Move them outside
on their own.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: 7d0f3fbb93 ("lib: rational: copy the rational fraction lib...")
Reviewed-by: Tom Rini <trini@konsulko.com>
It is not a parse error to have a default value of "0" for a "hex" type
entry, instead of "0x0". However, "0" and "0x0" are not treated the
same even by the tools themselves. Correct this by changing the default
value from "0" to "0x0" for all hex type questions that had the
incorrect default. Fix one instance (in two configs) of a default of "0"
being used on a hex question to be "0x0". Remove the cases where a
defconfig had set a value of "0x0" to be used as the default had been
"0".
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
All SPL hash algorithm options are collected in lib/Kconfig. Move
SPL_CRC32 there as well.
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Reviewed-by: Simon Glass <sjg@chromium.org>
We are using our custMpk for signing that is a 4096 bit key, 4096 bit
rsa key requires a SHA512 hashing algorithm to be enabled as per the
source. Even though it is not mandated but this is how it works and is
tested.
Enables SHA512 if fit signature is enabled on K3 platforms.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
We have several Kconfig options for ACPI, but all relate to specific
functions, such as generating tables and AML code.
Add a new option which controls including basic ACPI library code,
including the lib/acpi directory. This will allow us to add functions
which are available even if table generation is not supported.
Adjust the command to avoid a build error when ACPIGEN is not enabled.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Remove test on CONFIG_LMB_MEMORY_REGIONS introduced by commit
7c1860fce4 ("lmb: Fix lmb property's defination under struct lmb").
This code in lmb_init() is strange, because if CONFIG_LMB_USE_MAX_REGIONS
and CONFIG_LMB_MEMORY_REGIONS are not defined, the implicit #else is empty
and the required initialization is not done:
lmb->memory.max = ?
lmb->reserved.max = ?
But this setting is not possible:
- CONFIG_LMB_USE_MAX_REGIONS not defined
- CONFIG_LMB_MEMORY_REGIONS not defined
because CONFIG_LMB_MEMORY_REGIONS and CONFIG_LMB_RESERVED_REGIONS are
defined as soon as the CONFIG_LMB_USE_MAX_REGIONS is not defined.
This patch removes this impossible case #elif and I add some
explanation in lmb.h to explain why in the struct lmb {} the lmb
property is defined if CONFIG_LMB_MEMORY_REGIONS is NOT defined.
This patch also removes CONFIG_LMB_XXX dependency on CONFIG_LMB as these
defines are used in API file lmb.h and not only in library file.
Fixes: 5e2548c1d6 ("lmb: Fix LMB_MEMORY_REGIONS flag usage")
Reported-by: Mark Millard <marklmi@yahoo.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Acked-by: Michal Simek <michal.simek@amd.com>
This is selected by PARTITION_UUIDS which has a separate option for SPL.
Add an SPL option for LIB_UUID also, so that we can keep them consistent.
Also add one for PARTITION_TYPE_GUID to avoid a build error in part_efi.c
which wants to call a uuid function in SPL.
Signed-off-by: Simon Glass <sjg@chromium.org>
Since commit 06d514d77c ("lmb: consider EFI memory map") the EFI regions
are also pushed into the lmb if EFI_LOADER is enabled (which is by
default on most system). Which can cause the number of entries to go
over the maximum as it's default is only 8.
Specifically i ran into this case on an TI am62 which has an fdt with
4 reserved regions (in practice 3 lmb entries due to adjecent ranges).
As this is likely to impact more devices bump the default max
regions to 16 so there is a bit more slack.
Fixes: 06d514d77c ("lmb: consider EFI memory map")
Link: https://bugzilla.opensuse.org/show_bug.cgi?id=1207562
Reviewed-by: Francesco Dolcini <francesco.dolcini@toradex.com>
Signed-off-by: Sjoerd Simons <sjoerd@collabora.com>
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
[trini: collect tags from the other equivalent patch]
As explained by Philippe Schenker, I was misinterpreting what happened
in the case where we do not set LMB_USE_MAX_REGIONS and so had
re-introduced the problem I was attempting to more widely resolve.
This reverts commit 007ae5d108.
Reported-by: Philippe Schenker <philippe.schenker@toradex.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
The LMB code allows for picking a hard limit on the number of regions it
can know of, or to dynamically allocate these regions. The reason for
this choice is to allow for the compiler to perform a size optimization
in the common case. This optimization however, is very small, ranging
from 196 bytes to 15 bytes saved, or in some cases, being larger. Now
that we also have more regions covered by LMB (in order to protect
various parts of our self at run time), the default of 8 is also much
easier to hit and leads to non-obvious error messages (which imply that
an area is protected, not that we're out of areas to add to the list).
Switch to the dynamic use as the default.
Signed-off-by: Tom Rini <trini@konsulko.com>
convert rockchip to use binman
patman fix for checkpatch
binman optional entries, improved support for ELF symbols
trace improvements
minor fdt refactoring
Update the zstd implementation to match Linux zstd 1.5.2 from commit
2aa14b1ab2.
This was motivated by running into decompression corruption issues when
trying to uncompress files compressed with newer versions of zstd. zstd
users also claim significantly improved decompression times with newer
zstd versions which is a side benefit.
Original zstd code was copied from Linux commit 2aa14b1ab2 which is a
custom-built implementation based on zstd 1.3.1. Linux switched to an
implementation that is a copy of the upstream zstd code in Linux commit
e0c1b49f5b, this results in a large code diff. However this should make
future updates easier along with other benefits[1].
This commit is a straight mirror of the Linux zstd code, except to:
- update a few #include that do not translate cleanly
- linux/swab.h -> asm/byteorder.h
- linux/limits.h -> linux/kernel.h
- linux/module.h -> linux/compat.h
- remove assert() from debug.h so it doesn't conflict with u-boot's
assert()
- strip out the compressor code as was done in the previous u-boot zstd
- update existing zstd users to the new Linux zstd API
- change the #define for MEM_STATIC to use INLINE_KEYWORD for codesize
- add a new KConfig option that sets zstd build options to minify code
based on zstd's ZSTD_LIB_MINIFY[2].
These changes were tested by booting a zstd 1.5.2 compressed kernel inside a
FIT. And the squashfs changes by loading a file from zstd compressed squashfs
with sqfsload. buildman was used to compile test other boards and check for
binary bloat, as follows:
> $ buildman -b zstd2 --boards dh_imx6,m53menlo,mvebu_espressobin-88f3720,sandbox,sandbox64,stm32mp15_dhcom_basic,stm32mp15_dhcor_basic,turris_mox,turris_omnia -sS
> Summary of 6 commits for 9 boards (8 threads, 1 job per thread)
> 01: Merge branch '2023-01-10-platform-updates'
> arm: w+ m53menlo dh_imx6
> 02: lib: zstd: update to latest Linux zstd 1.5.2
> aarch64: (for 2/2 boards) all -3186.0 rodata +920.0 text -4106.0
> arm: (for 5/5 boards) all +1254.4 rodata +940.0 text +314.4
> sandbox: (for 2/2 boards) all -4452.0 data -16.0 rodata +640.0 text -5076.0
[1] e0c1b49f5b
[2] f302ad8811/lib/libzstd.mk (L31)
Signed-off-by: Brandon Maier <brandon.maier@collins.com>
[trini: Set ret to -EINVAL for the error of "failed to detect
compressed" to fix warning, drop ZSTD_SRCSIZEHINT_MAX for non-Linux host
tool builds]
Signed-off-by: Tom Rini <trini@konsulko.com>
The fdt_path_offset() function is slow since it must scan the tree.
This substantial overhead now applies to all boards.
The original code may not be ideal but it is fit for purpose and is only
needed on a few boards.
Reverting this reduces time to set up driver model by about 30ms.
Before revert:
Accumulated time:
47,170 dm_r
53,237 dm_spl
572,986 dm_f
Accumulated time:
44,598 dm_r
50,347 dm_spl
549,133 dm_f
This reverts commit 26f981f295.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some platforms cannot honour this and don't need trace before relocation.
Use 'imply' instead, so boards can disable this.
Signed-off-by: Simon Glass <sjg@chromium.org>
The current approach is a bit of a hack and only works for the tpm
subsystem. Add a Kconfig so that crc8 can be enabled in SPL for other
purposes.
Signed-off-by: Simon Glass <sjg@chromium.org>
We factor out the arch-independent parts of the ARM semihosting
implementation as a common library so that it can be shared
with RISC-V.
Signed-off-by: Kautuk Consul <kconsul@ventanamicro.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
This converts the following to Kconfig:
CONFIG_SYS_TIMER_COUNTS_DOWN
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The FWU Multi Bank Update feature supports updating firmware images
to one of multiple sets(also called banks) of images. The firmware
images are clubbed together in banks, with the system booting images
from the active bank. Information on the images such as which bank
they belong to is stored as part of the metadata structure, which is
stored on the same storage media as the firmware images on a dedicated
partition.
At the time of update, the metadata is read to identify the bank to
which the images need to be flashed(update bank). On a successful
update, the metadata is modified to set the updated bank as active
bank to subsequently boot from.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
The TPM device has a builtin random number generator(RNG)
functionality. Expose the RNG functions of the TPM device to the
driver model so that they can be used by the EFI_RNG_PROTOCOL if the
protocol is installed.
Also change the function arguments and return type of the random
number functions to comply with the driver model api.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tighten up symbol dependencies in a number of places. Ensure that a SPL
specific option has at least a direct dependency on SPL. In places
where it's clear that we depend on something more specific, use that
dependency instead. This means in a very small number of places we can
drop redundant dependencies.
Reported-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Tighten up symbol dependencies in a number of places. Ensure that a VPL
specific option has at least a direct dependency on VPL. In places
where it's clear that we depend on something more specific, use that
dependency instead.
Reported-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
