commit 322c813f ("mkeficapsule: Add support for embedding public key in a dtb")
added a bunch of options enabling the addition of the capsule public key
in a dtb.  Since now we embedded the key in U-Boot's .rodata we don't this
this functionality anymore
Signed-off-by: NIlias Apalodimas <ilias.apalodimas@linaro.org>

The capsule signature is now part of our DTB.  This is problematic when a
user is allowed to change/fixup that DTB from U-Boots command line since he
can overwrite the signature as well.
So Instead of adding the key on the DTB, embed it in the u-boot binary it
self as part of it's .rodata.  This assumes that the U-Boot binary we load
is authenticated by a previous boot stage loader.
Reviewed-by: NMasami Hiramatsu <masami.hiramatsu@linaro.org>
Tested-by: NMasami Hiramatsu <masami.hiramatsu@linaro.org>
Tested-by: NSughosh Ganu <sughosh.ganu@linaro.org>
Signed-off-by: NIlias Apalodimas <ilias.apalodimas@linaro.org>

TCG PC Client PFP spec says "The Log Area Minimum Length
for the TCG event log MUST be at least 64KB." in ACPI chapter.
This commit increase the buffer size to 64KB.
Signed-off-by: NMasahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>

Use %pD to log device-path instead of using efi_dp_str() and
efi_free_pool() locally in find_boot_device().
This is a cleanup patch, no feature update nor fix.
Suggested-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: NMasami Hiramatsu <masami.hiramatsu@linaro.org>
Reviewed-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>

Previously, the GPT device GUID was being used instead of the partition,
which was incorrect.
Signed-off-by: NAlfonso Sánchez-Beato <alfonso.sanchez-beato@canonical.com>

Let EFI_LOADER select CONFIG_PARTITION_UUIDS.
Use log_warning() instead of printf() for warning.
Reviewed-by: NHeinrich Schuchardt <heinrich.schuchardt@canonical.com>

- A large rework of the logic around supporting various image
  types/formats and sharing between the host and target.

i.MX
----

- mx7ulp : fix  WDOG
- imx8 : Phytec
- USB3 support for i.MX8

CI: https://source.denx.de/u-boot/custodians/u-boot-imx/-/pipelines/8277

According to i.MX7ULP Reference Manual we should wait for WDOG unlock
and reconfiguration to complete.

Section "59.5.3 Configure Watchdog" provides the following example:

DisableInterrupts; //disable global interrupt
WDOG_CNT = 0xD928C520; //unlock watchdog
while(WDOG_CS[ULK]==0); //wait until registers are unlocked
WDOG_TOVAL = 256; //set timeout value
WDOG_CS = WDOG_CS_EN(1) | WDOG_CS_CLK(1) | WDOG_CS_INT(1) |
	  WDOG_CS_WIN(0) | WDOG_CS_UPDATE(1);
while(WDOG_CS[RCS]==0); //wait until new configuration takes effect
EnableInterrupts; //enable global interrupt

Update U-Boot WDOG driver to align with i.MX7ULP reference manual.

Use 32 bits accessing to CS register. According to RM, the bits in
this register only can write once after unlock. So using 8 bits access
will cause problem.
Reviewed-by: NYe Li <ye.li@nxp.com>
Signed-off-by: NBreno Lima <breno.lima@nxp.com>
Signed-off-by: NPeng Fan <peng.fan@nxp.com>

According to i.MX7ULP Reference Manual the second word write for both
UNLOCK and REFRESH operations must occur in maximum 16 bus clock.

The current code is using writel() function which has a DMB barrier to
order the memory access. The DMB between two words write may introduce
some delay in certain circumstance, causing a WDOG timeout due to 16 bus
clock window requirement.

Replace writel() function by __raw_writel() to achieve a faster memory
access and avoid such issue.
Reviewed-by: NYe Li <ye.li@nxp.com>
Signed-off-by: NBreno Lima <breno.lima@nxp.com>

Setup USB clock in board codes, and enable the DWC3 XHCI and
PHY drivers to make USB3.0 host port working on i.MX8MQ EVK.
Signed-off-by: NYe Li <ye.li@nxp.com>
Reviewed-by: NPatrick Wildt <patrick@blueri.se>

Add clock function to setup relevant clocks for USB3.0 controllers and
PHYs on i.MX8MQ
Signed-off-by: NYe Li <ye.li@nxp.com>
Reviewed-by: NPatrick Wildt <patrick@blueri.se>
Tested-by: NPatrick Wildt <patrick@blueri.se>

Add alias for two DWC3 usb controllers to fix the seq index.
Signed-off-by: NYe Li <ye.li@nxp.com>
Tested-by: NPatrick Wildt <patrick@blueri.se>

Add the USB PHY driver for i.MX8MQ to work with DWC3 USB controller.
Signed-off-by: NYe Li <ye.li@nxp.com>
Reviewed-by: NPatrick Wildt <patrick@blueri.se>
Tested-by: NPatrick Wildt <patrick@blueri.se>

Host tool features, such as mkimage's ability to sign FIT images were
enabled or disabled based on the target configuration. However, this
misses the point of a target-agnostic host tool.

A target's ability to verify FIT signatures is independent of
mkimage's ability to create those signatures. In fact, u-boot's build
system doesn't sign images. The target code can be successfully built
without relying on any ability to sign such code.

Conversely, mkimage's ability to sign images does not require that
those images will only work on targets which support FIT verification.
Linking mkimage cryptographic features to target support for FIT
verification is misguided.

Without loss of generality, we can say that host features are and
should be independent of target features.

While we prefer that a host tool always supports the same feature set,
we recognize the following
  - some users prefer to build u-boot without a dependency on OpenSSL.
  - some distros prefer to ship mkimage without linking to OpenSSL

To allow these use cases, introduce a host-only Kconfig which is used
to select or deselect libcrypto support. Some mkimage features or some
host tools might not be available, but this shouldn't affect the
u-boot build.

I also considered setting the default of this config based on
FIT_SIGNATURE. While it would preserve the old behaviour it's also
contrary to the goals of this change. I decided to enable it by
default, so that the default build yields the most feature-complete
mkimage.
Signed-off-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>

Function pointers from crypto_algos array are relocated, when
NEEDS_MANUAL_RELOC is set. This relocation doesn't happen if the algo
is placed in a linker list. Implement this relocation.
Signed-off-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: NSimon Glass <sjg@chromium.org>
Acked-by: NMichal Simek <michal.simek@xilinx.com>

This macro is no longer needed for code flow or #ifdefs. Remove it.
Signed-off-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: NSimon Glass <sjg@chromium.org>

This macro is no longer needed for code flow or #ifdefs. Remove it.
Signed-off-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: NSimon Glass <sjg@chromium.org>

It is no longer necessary to implement rsa_() functions as no-ops
depending on config options. It is merely sufficient to provide the
prototypes, as the rsa code is no longer linked when unused.
Signed-off-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: NSimon Glass <sjg@chromium.org>

It is no longer necessary to implement ecdsa_() functions as no-ops
depending on config options. It is merely sufficient to provide the
prototypes, as the ecdsa code is no longer linked when unused.
Signed-off-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: NSimon Glass <sjg@chromium.org>

Crytographic algorithms (currently RSA), are stored in linker lists.
The crypto_algos array is unused, so remove it, and any logic
associated with it.
Signed-off-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: NSimon Glass <sjg@chromium.org>

Move the RSA verification crytpo_algo structure out of the
crypto_algos array, and into a linker list.

Although it appears we are adding an #ifdef to rsa-verify.c, the gains
outweigh this small inconvenience. This is because rsa_verify() is
defined differently based on #ifdefs. This change allows us to have
a single definition of rsa_verify().
Signed-off-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: NSimon Glass <sjg@chromium.org>

The purpose of this change is to enable crypto algorithms to be placed
in linker lists, rather than be declared as a static array. The goal
is to remove the crypto_algos array in a subsequent patch.

Create a new linker list named "cryptos", and search it when
image_get_crypto_algo() is invoked.

NOTE that adding support for manual relocation of crypto_algos within
linker lists is beyond the scope of this patch.
Signed-off-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: NSimon Glass <sjg@chromium.org>

Remove any ifdefs in image-sig.c that were previously used to
differentiate from the host code. Note that all code dedicated to
relocating ->sign() and ->add_verify_data)_ can be safely removed,
as signing is not supported target-side.

NOTE that although it appears we are removing ecdsa256 support, this
is intentional. ecdsa_verify() is a no-op on the target, and is
currently only used by host code.
Signed-off-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: NSimon Glass <sjg@chromium.org>

image-sig.c is used to map a hash or crypto algorithm name to a
handler of that algorithm. There is some similarity between the host
and target variants, with the differences worked out by #ifdefs. The
purpose of this change is to remove those ifdefs.

First, copy the file to a host-only version, and remove target
specific code. Although it looks like we are duplicating code,
subsequent patches will change the way target algorithms are searched.
Besides we are only duplicating three string to struct mapping
functions. This isn't something to fuss about.
Signed-off-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: NSimon Glass <sjg@chromium.org>

This is not needed with Kconfig, since we can use IS_ENABLED() easily
enough. Drop it.
Signed-off-by: NSimon Glass <sjg@chromium.org>
Reviewed-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>

We already have a host Kconfig for these SHA options. Use
CONFIG_IS_ENABLED(SHAxxx) directly in the code shared with the host build,
so we can drop the unnecessary indirections.
Signed-off-by: NSimon Glass <sjg@chromium.org>
Reviewed-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>

We already have a host Kconfig for SHA1. Use CONFIG_IS_ENABLED(SHA1)
directly in the code shared with the host build, so we can drop the
unnecessary indirection.
Signed-off-by: NSimon Glass <sjg@chromium.org>
Reviewed-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>

Drop the _SUPPORT suffix so we can use CONFIG_IS_ENABLED() with this
option.
Signed-off-by: NSimon Glass <sjg@chromium.org>
Reviewed-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>

Drop the _SUPPORT suffix so we can use CONFIG_IS_ENABLED() with this
option.
Signed-off-by: NSimon Glass <sjg@chromium.org>
Reviewed-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>

Drop the ENABLE and SUPPORT parts of this, which are redundant.
Signed-off-by: NSimon Glass <sjg@chromium.org>
Reviewed-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>

These option are named inconsistently with other SPL options, thus making
them incompatible with the CONFIG_IS_ENABLED() macro. Rename them.
Signed-off-by: NSimon Glass <sjg@chromium.org>
Reviewed-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>

The ENABLE part of this name is redundant, since all boolean Kconfig
options serve to enable something. The SUPPORT part is also redundant
since Kconfigs can be assumed to enable support for something. Together
they just serve to make these options overly long and inconsistent
with other options.

Rename FIT_ENABLE_SHAxxx_SUPPORT to FIT_SHAxxx
Signed-off-by: NSimon Glass <sjg@chromium.org>
Reviewed-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: NAlexandru Gagniuc <mr.nuke.me@gmail.com>

- Large number of Coverity reported issues addressed
- m41t62 bugfix
- Support more Android image compression formats
- FIT + DTO bugfix

- designware_wdt: reset watchdog in designware_wdt_stop() function
  (Meng)
- socfpga_stratix10: enable wdt command (Meng)
- wdt-uclass: Use IS_ENABLED for WATCHDOG_AUTOSTART (Teresa)

- DTS: alignment with Linux kernel v5.13 for stm32mp15 boards
- STM32MP1: update the stm32key command
- STM32MP1: activate the rng command
- STM32MP1: fix the stm32prog command (help, parttition size)
- STM32MP1: add fdtoverlay_addr_r variable
- STM32MP1: correctly managed SYSCON/SYSCFG clock
- STM32MP1: remove mmc alias and directly use device instance in boot_instance variable

There is no separate SPL/TPL config for WATCHDOG_AUTOSTART.
So use IS_ENABLED instead of CONFIG_IS_ENABLED to make watchdog
working in SPL again.

Fixes: 830d29ac ("watchdog: Allow to use CONFIG_WDT without starting watchdog")
Signed-off-by: NTeresa Remmet <t.remmet@phytec.de>
Reviewed-by: NStefan Roese <sr@denx.de>

In latest u-boot code, watchdog feature is implemented, so enable
wdt command by default.
Signed-off-by: NMeng Li <Meng.Li@windriver.com>

In uboot command line environment, watchdog is not able to be
stopped with below commands:
SOCFPGA_STRATIX10 # wdt dev watchdog@ffd00200
SOCFPGA_STRATIX10 # wdt stop
Refer to watchdog driver in linux kernel, it is also need to reset
watchdog after disable it so that the disable action takes effect.
Signed-off-by: NMeng Li <Meng.Li@windriver.com>
Reviewed-by: NStefan Roese <sr@denx.de>
Reviewed-by: NSean Anderson <sean.anderson@seco.com>

Remove the mmc alias no more required as the sequence number
of mmc device is used for boot_instance.
Signed-off-by: NPatrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: NPatrice Chotard <patrice.chotard@foss.st.com>

Use the device sequence number in boot_instance variable
and no more the SDMMC instance provided by ROM code/TF-A.

After this patch we don't need to define the mmc alias in
device tree, for example:
  mmc0 = &sdmmc1;
  mmc1 = &sdmmc2;
  mmc2 = &sdmmc3;
to have a correct mapping between the ROM code boot device =
"${boot_device}${boot_instance}" and the MMC device in U-Boot.

With this patch the 'mmc0' device (used in mmc commands) is
always used when only one instance sdmmc is activated in device
tree, even if it is only the sdmmc2 or sdmmc3.
Signed-off-by: NPatrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: NPatrice Chotard <patrice.chotard@foss.st.com>