- 15 2月, 2022 5 次提交
-
-
由 Tom Rini 提交于
Signed-off-by: NTom Rini <trini@konsulko.com>
-
由 Tom Rini 提交于
- Fix for pstore already being in the DT, "setlocalversion" script bugfix and pdu001 platform bugfix
-
由 Felix Brack 提交于
The changes introduced with commit 6337d53f ("arm: dts: sync am33xx with Linux 5.9-rc7") prevent the PDU001 from operating correctly. This patch fixes the configuration of the pin multiplexer and uart3. Signed-off-by: NFelix Brack <fb@ltec.ch>
-
由 Nikita Maslov 提交于
After replacing of include/config/auto.conf sourcing with extraction of CONFIG_LOCALVERSION, resulting version string contains quotes around localversion part which are always present in auto.conf (even if localversion is empty). This patch fixes this script to remove quotes. Signed-off-by: NNikita Maslov <wkernelteam@gmail.com> Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com> Cc: Tom Rini <trini@konsulko.com> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
由 Detlev Casanova 提交于
The pstore command tries to create a reserved-memory node but fails if it is already present with: Add 'reserved-memory' node failed: FDT_ERR_EXISTS This patch creates the node only if it does not exist and adapts the reg values sizes depending on already present #address-cells and #size-cells values. Signed-off-by: NDetlev Casanova <detlev.casanova@collabora.com>
-
- 12 2月, 2022 26 次提交
-
-
https://source.denx.de/u-boot/custodians/u-boot-efi由 Tom Rini 提交于
Pull request for efi-2022-04-rc2-4 Documentation: * mkeficapsule man-page UEFI changes: * add support for signing images to mkeficapsule * add support for user define capsule GUID * adjust unit tests for capsules * fix UEFI image signature validation in case of multiple signatures
-
由 Ilias Apalodimas 提交于
The previous patch is changing U-Boot's behavior wrt certificate based binary authentication. Specifically an image who's digest of a certificate is found in dbx is now rejected. Fix the test accordingly and add another one testing signatures in reverse order Signed-off-by: NIlias Apalodimas <ilias.apalodimas@linaro.org>
-
由 Ilias Apalodimas 提交于
The EFI spec allows for images to carry multiple signatures. Currently we don't adhere to the verification process for such images. The spec says: "Multiple signatures are allowed to exist in the binary's certificate table (as per PE/COFF Section "Attribute Certificate Table"). Only one hash or signature is required to be present in db in order to pass validation, so long as neither the SHA-256 hash of the binary nor any present signature is reflected in dbx." With our current implementation signing the image with two certificates and inserting both of them in db and one of them dbx doesn't always reject the image. The rejection depends on the order that the image was signed and the order the certificates are read (and checked) in db. While at it move the sha256 hash verification outside the signature checking loop, since it only needs to run once per image and get simplify the logic for authenticating an unsigned imahe using sha256 hashes. Signed-off-by: NIlias Apalodimas <ilias.apalodimas@linaro.org>
-
由 AKASHI Takahiro 提交于
Before the capsule authentication is supported, this test script works correctly, but with the feature enabled, most tests will fail due to unsigned capsules. So check the results depending on CAPSULE_AUTHENTICATE or not. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
由 AKASHI Takahiro 提交于
This test scenario tests a new feature of mkeficapsule, "--guid" option, which allows us to specify FMP driver's guid explicitly at the command line. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org>
-
由 AKASHI Takahiro 提交于
Since the syntax of mkeficapsule was changed in the previous commit, we need to modify command line arguments in a pytest script. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
由 AKASHI Takahiro 提交于
The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
由 AKASHI Takahiro 提交于
Add a couple of test cases against capsule image authentication for capsule-on-disk, where only a signed capsule file with the verified signature will be applied to the system. Due to the difficulty of embedding a public key (esl file) in U-Boot binary during pytest setup time, all the keys/certificates are pre-created. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: NSimon Glass <sjg@chromium.org> Acked-by: NIlias Apalodimas <ilias.apalodimas@linaro.org>
-
由 AKASHI Takahiro 提交于
Now we can use mkeficapsule command instead of EDK-II's script to create a signed capsule file. So update the instruction for capsule authentication. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: NSimon Glass <sjg@chromium.org> Acked-by: NIlias Apalodimas <ilias.apalodimas@linaro.org>
-
由 AKASHI Takahiro 提交于
Add a man page for mkeficapsule command. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: NSimon Glass <sjg@chromium.org> Acked-by: NIlias Apalodimas <ilias.apalodimas@linaro.org>
-
由 AKASHI Takahiro 提交于
With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: NSimon Glass <sjg@chromium.org> Acked-by: NIlias Apalodimas <ilias.apalodimas@linaro.org>
-
由 AKASHI Takahiro 提交于
Add CONFIG_TOOLS_MKEFICAPSULE. Then we want to always build mkeficapsule if tools-only_defconfig is used. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
由 AKASHI Takahiro 提交于
We need to install libgnutls-devel package to build the host tool, mkeficapsule, and as of now, there seems to be a depencency conflict in the current msys2 installer; :: installing libp11-kit (0.24.1-1) breaks dependency \ 'libp11-kit=0.23.22' required by p11-kit To resolve this conflict, however, the initial "pacman -Syyuu" in 'tools_only_windows' job is not enough. Another "pacman -Su" will enforce all the out-of-date packages being upgraded. (Probably the first "-Syyuu" can be changed to "-Syu".) See the installation steps in https://www.msys2.org/Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org>
-
由 Tom Rini 提交于
A partial list: - fw_env updates, a new testcase for mkimage -o ..., nop-phy reset-gpios support, DFU updates, kaslr-seed support in extlinux.conf, modern "partitions" support in mtd device tree
-
由 Heinrich Schuchardt 提交于
The output size for snprint() should not only be respected for whole fields but also with fields. Add more tests. Signed-off-by: NHeinrich Schuchardt <heinrich.schuchardt@canonical.com>
-
由 Adam Ford 提交于
Some usb-nop-xceiv devices use a gpio take them out of reset. Add a reset function to put them into that state. This is similar to how Linux handles the usb-nop-xceiv driver. Signed-off-by: NAdam Ford <aford173@gmail.com>
-
由 Rafał Miłecki 提交于
Environment variables can be stored in two formats: 1. Single entry with header containing CRC32 2. Two entries with extra flags field in each entry header For that reason fw_env_open() has two main code paths and there are pointers for CRC32/flags/data. Previous implementation was a bit hard to follow: 1. It was checking for used format twice (in reversed order each time) 2. It was setting "environment" global struct fields to some temporary values that required extra comments explaining it This change simplifies that code: 1. It introduces two clear code paths 2. It sets "environment" global struct fields values only once it really knows them To be fair there are *two* crc32() calls now and an extra pointer variable but that should be cheap enough and worth it. Signed-off-by: NRafał Miłecki <rafal@milecki.pl>
-
由 Rafał Miłecki 提交于
It's usually easier to understand code & follow it if all arguments are passed explicitly. Many coding styles also discourage using global variables. Behaviour of flash_io() was a bit unintuitive as it was writing to a buffer referenced in a global struct. That required developers to remember how it works and sometimes required hacking "environment" global struct variable to read data into a proper buffer. Signed-off-by: NRafał Miłecki <rafal@milecki.pl>
-
由 Simon Glass 提交于
This function is used by both x86 and sandbox. Put it in a common header file. Signed-off-by: NSimon Glass <sjg@chromium.org>
-
由 Masami Hiramatsu 提交于
Since dfu is not only used for USB, and some platform only supports DFU_OVER_TFTP or EFI capsule update, dfu_alt_info is defined on such platforms too. For such platform, 'dfu list' command is useful to check how the current dfu_alt_info setting is parsed. Signed-off-by: NMasami Hiramatsu <masami.hiramatsu@linaro.org>
-
由 Masami Hiramatsu 提交于
Fix some typo and wrong information about dfu_alt_info. - Add the parameter format, decimal only or hexadecimal. - Use same parameter name for the same kind of parameters. (e.g. dev -> dev_id) Signed-off-by: NMasami Hiramatsu <masami.hiramatsu@linaro.org>
-
由 Masami Hiramatsu 提交于
When parsing the dfu_alt_info, check the number of arguments and argument string strictly. If there is any garbage data (which is not able to be parsed correctly) in dfu_alt_info, that means something wrong and user may make a typo or mis- understanding about the syntax. Since the dfu_alt_info is used for updating the firmware, this mistake may lead to brick the hardware. Thus it should be checked strictly for making sure there is no mistake. Signed-off-by: NMasami Hiramatsu <masami.hiramatsu@linaro.org>
-
由 Masami Hiramatsu 提交于
If dfu_alt_info has repeated spaces or tab (for indentation or readability), the dfu fails to parse it. For example, if dfu_alt_info="mtd nor1=image raw 100000 200000" (double spaces after "raw"), the image entity start address is '0' and the size '0x100000'. This is because the repeated space is not skipped. Use space and tab as a separater and apply skip_spaces() to skip redundant spaces and tabs. Signed-off-by: NMasami Hiramatsu <masami.hiramatsu@linaro.org>
-
由 Masami Hiramatsu 提交于
Use strlcpy() instead of strcpy() to prevent copying the entity name over the name buffer size. Signed-off-by: NMasami Hiramatsu <masami.hiramatsu@linaro.org>
-
由 Jan Kiszka 提交于
Addresses the feedback provided on 5902a397 ("mkimage: Allow to specify the signature algorithm on the command line") which raced with the merge. Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
由 qthedev 提交于
echo -n does not give the intended effect when invoked in macOS through /bin/sh, which is the shell make uses by default, see "https://stackoverflow.com/questions/11675070/makefile-echo-n-not-working" for a detailed explanation. In this case, it resulted in "-n" being written to env.txt and env.in even though they should be empty, which caused compilation to fail with "Your board uses a text-file environment, so must not define CONFIG_EXTRA_ENV_SETTINGS". This patch prevents the error by replacing echo -n's with touch, as they are used to create empty files in these cases.
-
- 11 2月, 2022 9 次提交
-
-
由 Heinrich Schuchardt 提交于
strlen() returns size_t. So we should use %zu to print it. This avoids incorrect output on 32bit systems. Fixes: 2fc62f29 ("stackprot: Make our test a bit more complex") Signed-off-by: NHeinrich Schuchardt <heinrich.schuchardt@canonical.com>
-
由 Jan Kiszka 提交于
Stress the '-o algo_name' argument of mkimage by expanding the vboot test. Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com> Reviewed-by: NSimon Glass <sjg@chromium.org> [trini: Update scripts/pylint.base]
-
由 Pali Rohár 提交于
Replace %zx by %lx and cast size_t to ulong. U-Boot currently prints garbage debug output: size=x, ptr=18, limit=18: 4002a000 With this change it prints correct debug data: size=18, ptr=18, limit=2000: 4002a000 Signed-off-by: NPali Rohár <pali@kernel.org> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
由 Matthias Schiffer 提交于
Listing MTD partitions directly in the flash mode has been deprecated for a while for kernel Device Trees. Look for a node "partitions" in the found flash nodes and use it instead of the flash node itself for the partition list when it exists, so Device Trees following the current best practices can be fixed up. Signed-off-by: NMatthias Schiffer <matthias.schiffer@ew.tq-group.com> Reviewed-by: NSimon Glass <sjg@chromium.org>
-
由 Peter Cai 提交于
In the Linux implementation of adc-keys (drivers/input/keyboard/adc-keys.c), `press-threshold-microvolt` is not really interpreted as a threshold, but rather as the "nominal voltage" of the button. When the voltage read from the ADC is closest to a button's `press-threshold-microvolt`, the button is considered pressed. This patch reconciles the behavior of button-adc with Linux's adc-keys such that device trees can be synchronized with minimal modifications. Signed-off-by: NPeter Cai <peter@typeblog.net>
-
由 Zhang Ning 提交于
this will add kaslrseed keyword to sysboot lable, when it set, it will request to genarate random number from hwrng as kaslr-seed. with this patch exlinux.conf label looks like label l0 menu testing linux /boot/vmlinuz-5.15.16-arm initrd /boot/initramfs-5.15.16-arm.img fdtdir /boot/dtbs/5.15.16-arm/ kaslrseed append root=UUID=92ae1e50-eeeb-4c5b-8939-7e1cd6cfb059 ro Tested on Khadas VIM with kernel 5.16.0-rc5-arm64, Debian 11. Signed-off-by: NZhang Ning <zhangn1985@qq.com>
-
-
由 Marek Vasut 提交于
The ci_req->hw_buf can be NULL, test whether it is and if so, avoid accessing it. Else, the system may crash. Signed-off-by: NMarek Vasut <marex@denx.de> Cc: Peter Chen <peter.chen@nxp.com> Cc: Li Jun <jun.li@nxp.com> Cc: Peng Fan <peng.fan@nxp.com>
-
由 Thomas Watson 提交于
Using the XHCI driver, the function `usb_kbd_poll_for_event` takes 30-40ms to run. The exact time is dependent on the polling interval the keyboard requests in its descriptor, and likely cannot be significantly reduced without major rework to the XHCI driver. The U-Boot EFI console service sets a timer to poll the keyboard every 5 microseconds, and this timer is checked every time a block is read off disk. The net effect is that, on my system, loading a ~40MiB kernel and initrd takes about 62 seconds with a slower keyboard and 53 seconds with a faster one, with the vast majority of the time spent polling the keyboard. To solve this problem, this patch adds a 20ms delay between consecutive calls to `usb_kbd_poll_for_event`. This is sufficient to reduce the total loading time to under half a second for both keyboards, and does not impact the perceived keystroke latency. Signed-off-by: NThomas Watson <twatson52@icloud.com>
-