| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
|
|
The fdt command currently handles stringlists as strings in 'fdt get value'
subcommand. Since strings in FDT stringlists are separated by '\0', only
the first value gets inserted into the environment variable passed to the
'fdt get value' command.
Example, consider the following DT snippet:
/ { compatible = "foo", "bar" };
The following command only reports the first string in stringlist:
=> fdt get value var / compatible ; print var
foo
It is not possible to assign list of null-terminated strings into U-Boot
environment variable. Add optional 'index' parameter to the subcommand
'fdt get value <var> <path> <prop> [<index>]' which lets user specify which
string within the stringlist should be assigned into the 'var' variable.
The default value of 'index' is 0 in case it is not present. This way the
'fdt' command API does not change and existing scripts are not broken.
The following command now reports the Nth string in stringlist, counting
from zero:
=> fdt get value var / compatible 1 ; print var
bar
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
|
|
For obvious reasons BootROMS rejects unsigned images when secure boot is
enabled in OTP secure bits. So check for OPT secure bits and do not allow
flashing unsigned images when secure boot is enabled. Access to OTP via
U-Boot fuse API is currently implemented only for A38x and A37xx SoCs.
Additionally Armada 3700 BootROM rejects signed trusted image when secure
boot is not enabled in OTP. So add also check for this case. On the other
hand Armada 38x BootROM acceps images with secure boot header when secure
boot is not enabled in OTP.
OTP secure bits may have burned also boot device source. Check it also and
reject flashing images to target storage which does not match OTP.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
|
|
Currently for A38x image is checked only header checksum.
So check also for image data checksum to prevent flashing broken image.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
|
|
The command's name is a misnomer.
The command loads a file but does not run (boot) it.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Calling tftpput with less than 2 arguments must lead to a failure.
If tftpput is called with two arguments, these are the address and
the size of the file to be transferred.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
This converts the FIT loading process of the fpga command to use
fit_get_data_node.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
|
Format the KVM implementation number in a human readable form.
With the patch output of the sbi command for Linux 5.19.1 looks like:
=> sbi
SBI 0.3
KVM 5.19.1
Machine:
Vendor ID 0
Architecture ID 7005c
Implementation ID 7005c
Extensions:
SBI Base Functionality
Timer Extension
IPI Extension
RFENCE Extension
Hart State Management Extension
System Reset Extension
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Leo Yu-Chi Liang <ycliang@andestech.com>
|
|
It is useful to read information about the current TPM state, where
supported, e.g. for debugging purposes when verified boot fails.
Add support for this to the TPM interface as well as Cr50. Add a simple
sandbox test.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
This feature is used for measured boot, so we can add a log entry to the
TCPA with some information about where the digest comes from. It is not
currently supported in the TPM drivers, but add it to the API so that
code which expects it can signal its request.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
fit_image_get_comp() should not set value -1 in case it can't read
the compression node. Instead, leave the value untouched in that case
as it can be absent and a default value previously defined by the
caller of fit_image_get_comp() should be used.
As a result the warning message
WARNING: 'compression' nodes for ramdisks are deprecated, please fix your .its file!
no longer shows if the compression node is actually absent.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
This reinstates fix from commit 8f8c04bf1ebb ("i2c: fix stack buffer
overflow vulnerability in i2c md command") without the changes unrelated
to the actual fix. Avoid the underflow by setting only nbytes and
linebytes as unsigned integers.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Heiko Schocher <hs@denx.de>
Cc: Nicolas Iooss <nicolas.iooss+uboot@ledger.fr>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tim Harvey <tharvey@gateworks.com>
Acked-by: Tim Harvey <tharvey@gateworks.com>
|
|
This reverts commit 8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409.
The commit is largely wrong and breaks most of i2c command functionality.
The problem described in the aforementioned commit commit message is valid,
however the commit itself does many more changes unrelated to fixing that
one problem it describes. Those extra changes, namely the handling of i2c
device address length as unsigned instead of signed integer, breaks the
expectation that address length may be negative value. The negative value
is used by DM to indicate that address length of device does not change.
The actual bug documented in commit 8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409
can be fixed by extra sanitization in separate patch.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Heiko Schocher <hs@denx.de>
Cc: Nicolas Iooss <nicolas.iooss+uboot@ledger.fr>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
https://source.denx.de/u-boot/custodians/u-boot-dm
binman/patman documentation improvements
other minor fixes
|
|
Avoid enabling this command by default. This saves about 1KB of code
space.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Signed-off-by: Sergei Antonov <saproj@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
PCIe config space has address range 0-4095. So do not allow reading from
addresses outside of this range. Lot of U-Boot drivers do not expect that
passed value is not in this range. PCI DM read function is extended to
fill read value to all ones or zeros when it fails as U-Boot callers
ignores return value.
Calling U-Boot command 'pci display.b 0.0.0 0 0x2000' now stops printing
config space at the end (before 0x1000 address).
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
|
|
Currently message is not intended that prompt end up at the end of debug
line. For example like this:
DFU alt info setting: done
DFU entities configuration failed!
(partition table does not match dfu_alt_info?)
Firmware update failed: <NULL>
Cannot handle a capsule at 10000000Zynq>
Signed-off-by: Michal Simek <michal.simek@amd.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Add a command to look at VBE methods and their status. Provide a test for
all of this as well.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Add support for handling this concept in bootflows. Update the 'bootflow'
command to allow only the normal bootmeths to be used. This alllows
skipping EFI bootmgr and VBE, for example.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
With global bootmeths we want to scan without a bootdev. Update the logic
to allow this.
Change the bootflow command to show the bootdev only when valid.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
The current way of handling things like EFI bootmgr is a bit odd, since
that bootmeth handles selection of the bootdev itself. VBE needs to work
the same way, so we should support it properly.
Add a flag that indicates that the bootmeth is global, rather than being
invoked on each bootdev. Provide a helper to read a bootflow from the
bootmeth.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Update the 'read' command to work correctly with sandbox.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
We want to use VBE to mean Verfiied Boot for Embedded in U-Boot. Rename
the existing VBE (Vesa BIOS extensions) to allow this.
Verified Boot for Embedded is documented doc/develop/vbe.rst
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
https://source.denx.de/u-boot/custodians/u-boot-dm
dtoc fixes with pylint, tests
|
|
Remove the dependency on CMD_PXE from BOOTMETH_DISTRO by introducing a
new hidden kconfig symbol to control whether pxe_utils is compiled,
allowing bootstd's distro method to be compiled without needing
networking support enabled.
Signed-off-by: John Keeping <john@metanate.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Correct build errors when CMD_BOOTM is not enabled:
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Move this out of the common header and include it only where needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
EFI_RNG_PROTOCOL with a TPM
|
|
A large number of files include <flash.h> as it used to be how various
SPI flash related functions were found, or for other reasons entirely.
In order to migrate some further CONFIG symbols to Kconfig we need to
not include flash.h in cases where we don't have a NOR flash of some
sort enabled. Furthermore, in cases where we are in common code and it
doesn't make sense to try and further refactor the code itself in to new
files we need to guard this inclusion.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
No board uses lcd_clear() anymore. So we can remove support for it.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
|
If 'extension apply all' is executed and no extension is found, the return
value of do_extension_apply() is undefined. Return CMD_RET_FAILURE in this
case.
Fixes: 2f84e9cf06d3 ("cmd: add support for a new "extension" command")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Kory Maincent <kory.maincent@bootlin.com>
|
|
The source code contains an error:
- argv[2] contains <channel> arg, variable for env_set is in argv[3]
- number of args is 4
Revert 54d24d72601321f4470c4edf31c6b29adae424a7
cmd: simplify do_adc_single()
Fixes 9de612ae4ded53f742f5f99929c06d0839471ced
cmd: adc: Add support for storing ADC result in env variable
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
The 'rng' command dumps a number of random bytes on the console. Add a
set of tests for the 'rng' command. The test function performs basic
sanity testing of the command.
Since a unit test is being added for the command, enable it by default
in the sandbox platforms.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Use a statically allocated buffer on stack instead of using malloc for
reading the random bytes. Using a local array is faster than
allocating heap memory on every initiation of the command.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
The 'rng' u-boot command is used for printing a select number of
random bytes on the console. Currently, the RNG device from which the
random bytes are read is fixed. However, a platform can have multiple
RNG devices, one example being qemu, which has a virtio RNG device and
the RNG pseudo device through the TPM chip.
Extend the 'rng' command so that the user can provide the RNG device
number from which the random bytes are to be read. This will be the
device index under the RNG uclass.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Negative return value from cmd main function cause U-Boot to print criplic
error message: exit not allowed from main input shell.
Set return value on error to 1.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
|
|
Armada 3700 BootROM supports also images with sha512 checksums and
mox-imager tool [1] generates such bootable images. Without sha512 support
U-Boot bubt command just prints error message:
Error: Unsupported hash_algorithm_id = 64
Error: Image header verification failed
This patch adds support for sha512 checksum validation for Armada 3700
images. With it bubt prints:
Image checksum...OK!
[1] - https://gitlab.nic.cz/turris/mox-boot-builder.git
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
|
|
net_loop() returns signed int type and negative value represents error.
tftp_read_file() returns unsigned size_t type and zero value represents
error. Casting signed negative value to unsigned size_t type cause losing
information about error and bubt thinks that no error happened, and
continue erasing SPI-NOR which cause malfunction device.
Fix this issue by correctly propagating failure during tftp transport.
With this change when there is no eth link, bubt does not erase SPI-NOR
anymore.
=> bubt
Burning U-Boot image "flash-image.bin" from "tftp" to "spi"
ethernet@30000 Waiting for PHY auto negotiation to complete......... TIMEOUT !
ethernet@30000: No link.
Error: Failed to read file flash-image.bin from tftp
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
|
|
Current image type verification code is specific to 32-bit Armada SoCs but
used only for Armada 38x. Implement image type verification for Armada 3700
and enable Armada 38x image verification for all 32-bit Armada SoCs.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
|
|
add arguments for mmc wp to assign which boot partition to protect.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Jaehoon Chung <jh80.chung@samsung.com>
|
|
These flags may be used to check whether an FPGA driver is able to
load a particular FPGA bitstream image.
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Tested-by: Ricardo Salveti <ricardo@foundries.io>
Tested-by: Adrian Fiergolski <adrian.fiergolski@fastree3d.com>
Link: https://lore.kernel.org/r/20220722141614.297383-7-oleksandr.suvorov@foundries.io
Signed-off-by: Michal Simek <michal.simek@amd.com>
|
|
It allows using this feature without enabling the "fpga loads"
command.
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
Co-developed-by: Adrian Fiergolski <adrian.fiergolski@fastree3d.com>
Signed-off-by: Adrian Fiergolski <adrian.fiergolski@fastree3d.com>
Tested-by: Ricardo Salveti <ricardo@foundries.io>
Tested-by: Adrian Fiergolski <adrian.fiergolski@fastree3d.com>
Link: https://lore.kernel.org/r/20220722141614.297383-2-oleksandr.suvorov@foundries.io
Signed-off-by: Michal Simek <michal.simek@amd.com>
|
|
Just a spelling mistake.
Signed-off-by: Ramin Zaghi <rzaghi@visualSilicon.com>
|
|
Fix diacritics in some instances of my name and change my e-mail address
to kabel@kernel.org.
Add corresponding .mailmap entries.
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
|
|
tlv_eeprom uses crc32() function, so add dependency into Kconfig.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Stefan Roese <sr@denx.de>
|
|
Do not suggest successful operation if a flash area to be changed is
actually locked, thus will not execute the request. Rather report an
error and bail out. That's way more user-friendly than asking them to
manually check for this case.
Derived from original patch by Chao Zeng.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Acked-by: Jagan Teki <jagan@amarulasolutions.com>
|
|
efi_dp_str() allocates memory which should be released after use.
Use %pD printf code. Adjust message wording.
Fixes: d837cb1e3b6b ("efi: Add debugging to efi_set_bootdev()")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
|
|
|
https://source.denx.de/u-boot/custodians/u-boot-dm into next
nman external-symbol improvements
Driver model memory-usage reporting
patman test-reporting improvements
Add bloblist design goals
|
|
This converts the following to Kconfig:
CONFIG_SYS_BOOTM_LEN
As part of this, rework error handling in boot/bootm.c so that we pass
the buffer size to handle_decomp_error as CONFIG_SYS_BOOTM_LEN will not
be available to host tools but we do know the size that we passed to
malloc().
Cc: Soeren Moch <smoch@web.de>
Signed-off-by: Tom Rini <trini@konsulko.com>
|
