- 13 10月, 2020 10 次提交
-
-
由 Tom Rini 提交于
- Fix verified boot on BE targets - Add support for multiple required keys in verified boots - Add support for Initialization Vectors in AES keys in FIT images - Assorted fixes in the RSA code
-
由 Heinrich Schuchardt 提交于
Remove initialization of ret with unused value. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
由 Rasmus Villemoes 提交于
Commit fdf0819a (rsa: fix alignment issue when getting public exponent) changed the logic to avoid doing an 8-byte access to a possibly-not-8-byte-aligned address. However, using rsa_convert_big_endian is wrong: That function converts an array of big-endian (32-bit) words with the most significant word first (aka a BE byte array) to an array of cpu-endian words with the least significant word first. While the exponent is indeed _stored_ as a big-endian 64-bit word (two BE words with MSW first), we want to extract it as a cpu-endian 64 bit word. On a little-endian host, swapping the words and byte-swapping each 32-bit word works, because that's the same as byte-swapping the whole 64 bit word. But on a big-endian host, the fdt32_to_cpu are no-ops, but rsa_convert_big_endian() still does the word-swapping, breaking verified boot. To fix that, while still ensuring we don't do unaligned accesses, add a little helper that first memcpy's the bytes to a local fdt64_t, then applies fdt64_to_cpu(). [The name is chosen based on the [bl]eXX_to_cpup in linux/byteorder/generic.h]. Fixes: fdf0819a ("rsa: fix alignment issue when getting public exponent") Signed-off-by: NRasmus Villemoes <rasmus.villemoes@prevas.dk> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
由 Matthieu CASTET 提交于
The algo name should match between the FIT's signature node and the U-Boot's control FDT. If we do not check it, U-Boot's control FDT can expect sha512 hash but nothing will prevent to accept image with sha1 hash if the signature is correct. Signed-off-by: NMatthieu CASTET <castet.matthieu@free.fr>
-
由 Philippe Reynes 提交于
This commit add the support in u-boot to read the IV in the FIT image instead of u-boot device tree. Signed-off-by: NPhilippe Reynes <philippe.reynes@softathome.com>
-
由 Philippe Reynes 提交于
Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: NPhilippe Reynes <philippe.reynes@softathome.com>
-
由 Heinrich Schuchardt 提交于
We assign first_deleted = 0. There is no need to check its value without any further assignment in between. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
Add documentation about 'required-mode' property in /signature node in U-Boot's control FDT. Signed-off-by: NThirupathaiah Annapureddy <thiruan@linux.microsoft.com> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
This patch adds vboot tests to verify the support for multiple required keys using new required-mode DTB policy. This patch also fixes existing test where dev key is assumed to be marked as not required, although it is marked as required. Note that this patch re-added sign_fit_norequire(). sign_fit_norequire() was removed as part of the following: commit b008677d ("test: vboot: Fix pylint errors"). This patch leverages sign_fit_norequire() to fix the existing bug. Signed-off-by: NThirupathaiah Annapureddy <thiruan@linux.microsoft.com> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
Currently FIT image must be signed by all required conf keys. This means Verified Boot fails if there is a signature verification failure using any required key in U-Boot DTB. This patch introduces a new policy in DTB that can be set to any required conf key. This means if verified boot passes with one of the required keys, U-Boot will continue the OS hand off. There were prior attempts to address this: https://lists.denx.de/pipermail/u-boot/2019-April/366047.html The above patch was failing "make tests". https://lists.denx.de/pipermail/u-boot/2020-January/396629.htmlSigned-off-by: NThirupathaiah Annapureddy <thiruan@linux.microsoft.com> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
- 12 10月, 2020 12 次提交
-
-
-
https://gitlab.denx.de/u-boot/custodians/u-boot-ti由 Tom Rini 提交于
- Minor cleanup on K3 env variables - Fix OSPI compatible for J721e - Drop unused property in omap-usb2-phy - Update Maintainer for am335x-guardian board.
-
由 Vignesh Raghavendra 提交于
"ti,dis-chg-det-quirk" property is not part of Linux kernel DT binding documentation. Therefore drop this and instead use soc_device_match() to distinguish b/w AM654 SR1.0 and SR2.0 devices similar to Linux kernel driver. Signed-off-by: NVignesh Raghavendra <vigneshr@ti.com>
-
由 Nishanth Menon 提交于
Use DEFAULT_LINUX_BOOT_ENV to define the standard addresses used in rest of TI platforms as defined in ti_armv7_common.h This avoids the standard pitfalls we've had with kernel images and fdt addresses stomping on each other. As part of this process, redefine overlayaddr to be dtboaddr (defined in ti_armv7_common.h for this very purpose) and get rid of the definition of overlayaddr.. Signed-off-by: NNishanth Menon <nm@ti.com>
-
由 Nishanth Menon 提交于
Now that we dont have any further users of overlayaddr, get rid of it. Signed-off-by: NNishanth Menon <nm@ti.com>
-
由 Nishanth Menon 提交于
Use dtboaddr to define the overlay address common to all TI platforms instead of creating a new overlayaddr for the purpose. Signed-off-by: NNishanth Menon <nm@ti.com>
-
由 Nishanth Menon 提交于
Use DEFAULT_LINUX_BOOT_ENV to define the standard addresses used in rest of TI platforms as defined in ti_armv7_common.h This avoids the standard pitfalls we've had with kernel images and fdt addresses stomping on each other. As part of this process, redefine overlayaddr to be dtboaddr (defined in ti_armv7_common.h for this very purpose).. we will get rid of overlayaddr later in the series. Signed-off-by: NNishanth Menon <nm@ti.com>
-
由 Vignesh Raghavendra 提交于
Reset the channel completely during channel release in order to clear teardown bit before handing over to next user or jumping to Linux. Signed-off-by: NVignesh Raghavendra <vigneshr@ti.com> Reviewed-by: NGrygorii Strashko <grygorii.strashko@ti.com>
-
由 Vignesh Raghavendra 提交于
This enables applying DTBOs at U-Boot prompt before booting to kernel. Signed-off-by: NVignesh Raghavendra <vigneshr@ti.com>
-
由 Vignesh Raghavendra 提交于
Update detect_enable_hyperflash() to look for "ti,am654-ospi" compatible to match the upstream DT node. Signed-off-by: NVignesh Raghavendra <vigneshr@ti.com>
-
由 Moses Christopher 提交于
I am leaving Bosch, so replacing myself with Gireesh Signed-off-by: NMoses Christopher <BollavarapuMoses.Christopher@in.bosch.com>
-
由 Tom Rini 提交于
- Assorted improvements to our log functionality.
-
- 11 10月, 2020 9 次提交
-
-
由 Heinrich Schuchardt 提交于
doc/README.log was already moved to doc/develop/logging.rst but has been recreated by an incorrect merge. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
由 Sean Anderson 提交于
Since the previous patch, net_init now exposes some errors, so check for them. Signed-off-by: NSean Anderson <seanga2@gmail.com> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
由 Sean Anderson 提交于
net_init does not always succeed, and there is no existing mechanism to discover errors. This patch allows callers of net_init (such as net_init) to handle errors. The root issue is that eth_get_dev can fail, but net_init_loop doesn't expose that. The ideal way to fix eth_get_dev would be to return an error with ERR_PTR, but there are a lot of callers, and all of them just check if it's NULL. Another approach would be to change the signature to something like int eth_get_dev(struct udevice **pdev) but that would require rewriting all of the many callers. Signed-off-by: NSean Anderson <seanga2@gmail.com> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
由 Simon Glass 提交于
This driver interferes with other sandbox tests since it causes log output to be interspersed with "No ethernet found." messages. Disable this driver by default. Enable it for the syslog tests so that they still pass. Signed-off-by: NSimon Glass <sjg@chromium.org>
-
由 Simon Glass 提交于
At present all log devices are enabled by default. Add a function to allow devices to be disabled or enabled at runtime. Signed-off-by: NSimon Glass <sjg@chromium.org>
-
由 Simon Glass 提交于
This is not needed as the Makefile only builds the file if CONFIG_LOG_TEST is enabled. Drop it. Signed-off-by: NSimon Glass <sjg@chromium.org>
-
由 Simon Glass 提交于
At present there is no way to disable a log driver. But the syslog driver causes (attempted) network traffic in sandbox every time a log message is printed, which is often. Add a flag to enable a log driver. Adjust struct log_device to use a short for next_filter_num so that no more memory is used for devices. Also fix a missing line in the struct log_driver comment while here. To maintain compatibility, enable it for all drivers for now. Signed-off-by: NSimon Glass <sjg@chromium.org>
-
由 Simon Glass 提交于
It is sometimes useful to output hex dumps in SPL. Add a config option to allow this. Signed-off-by: NSimon Glass <sjg@chromium.org> Reviewed-by: NStefan Roese <sr@denx.de>
-
由 Simon Glass 提交于
At present if CONFIG_LOG enabled, putting LOG_DEBUG at the top of a file (before log.h inclusion) causes _log() to be executed for every log() call, regardless of the build- or run-time logging level. However there is no guarantee that the log record will actually be displayed. If the current log level is lower than LOGL_DEBUG then it will not be. Add a way to signal that the log record should always be displayed and update log_passes_filters() to handle this. With the new behaviour, log_debug() will always log if LOG_DEBUG is enabled. Move log_test_syslog_nodebug() into its own file since it cannot be made to work where it is, with LOG_DEBUG defined. Signed-off-by: NSimon Glass <sjg@chromium.org>
-
- 10 10月, 2020 9 次提交
-
-
由 Tom Rini 提交于
- Re-organize a number of Kconfig related entries to be better organized for long term maintenance.
-
由 Tom Rini 提交于
Rsync all defconfig files using moveconfig.py Signed-off-by: NTom Rini <trini@konsulko.com>
-
由 Simon Glass 提交于
At present MKIMAGE_DTC_PATH is in the devicetree menu but not within 'devicetree control' since it does not relate to that. As a result it shows up in the top menu. It actually relates to the mkimage tool, so create a new tools menu for it and move it there. Signed-off-by: NSimon Glass <sjg@chromium.org>
-
由 Simon Glass 提交于
This actually relates to something displayed on start-up, so move it into that menu. Signed-off-by: NSimon Glass <sjg@chromium.org>
-
由 Simon Glass 提交于
This option does not belong at the top level. Move it under generic driver options. Signed-off-by: NSimon Glass <sjg@chromium.org>
-
由 Simon Glass 提交于
This relates to the environment so should not be at the top level. Move it. Signed-off-by: NSimon Glass <sjg@chromium.org>
-
由 Simon Glass 提交于
These are start-up hooks so put them under that menu. Signed-off-by: NSimon Glass <sjg@chromium.org>
-
由 Simon Glass 提交于
These hooks relate to U-Boot init so move them under that menu. Signed-off-by: NSimon Glass <sjg@chromium.org>
-
由 Simon Glass 提交于
There are quite a few options at the top level relating to U-Boot init. Move them into their own menu. Signed-off-by: NSimon Glass <sjg@chromium.org>
-