Adds a test for the function sha256_hmac
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Raymond Mao <raymond.mao@linaro.org>
Adds the support of the hmac based on sha256.
This implementation is based on rfc2104.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Raymond Mao <raymond.mao@linaro.org>
The function sha256_csum_wd is defined in lib/sha256.c
and in lib/mbedtls/sha256.c. To avoid duplicating this
function (and future function), we move this function
to the file lib/sha256_common.c
Reviewed-by: Raymond Mao <raymond.mao@linaro.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Adds the support of key derivation using
the scheme hkdf.
Reviewed-by: Raymond Mao <raymond.mao@linaro.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
The attribute __packed was defined in the file
tools/renesas_spkgimage.h but this attribute is
already defined in linux/compiler_attributes.h.
So we include <linux/compiler_attributes.h.h>
and do not define __packed.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
The attribute __packed was defined in the file
tools/kwbimage.h but this attribute is already
defined in linux/compiler_attributes.h. So we
include <linux/compiler_attributes.h.h> and
do not define __packed.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Documentation:
* Correct the defconfig name in the coolpi documentation
UEFI:
* Carve out the biggest part of the RISC-V and ARM linker scripts for EFI
binary into a common include.
* Correct the values of SizeOfCode and SizeOfInitializedData in generated
EFI binaries for RISC-V and ARM.
* Avoid gaps between sections in EFI binaries causing a failure in secure
boot.
* Makefile: let clean remove capsule_in.capsule*.efi-capsule
* Refactor some of the code used for launching EFI binaries.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEK7wKXt3/btL6/yA+hO4vgnE3U0sFAmeLyu8ACgkQhO4vgnE3
U0tLDA//TSLPk2ovu8bibonuptFZs/fB8/X7ZyIy154L65cNpyk69ZiR+1R77FRG
9C8YhiF+XSABgckpGHTVqH8vPHZLRKawKgVhSi8CU31OrT9ahjfcDujvGuO8ZlsD
LxrVL2T55711buRDX1kw6VzEqtSGvQxI2IDoNnkeoiBZ29D8lptHvmvzD3G8CCPC
Z75Xxd4ly8euT3jDNznp10IoAu5eEp+rcmEEFC7UYJnDpFencuSWZjYcv3N1nKD6
nTVQPqkWvx6jOA/tcNgK3ERrSD2Zhmc1TZrvfDxg/ecynho9DZrMyq/MINpHo4Fk
OcDMZXG9C820qSYTkVdmaMnxklH4Sr+D6jyZDl523+GqCLiDD/lUOGt3qRAxhfwB
j6IdFynB3djE2Mlu0ep9MQ556gvqJPUaXeR/K8dQ/rOXmNpwOMmerqy0eqK1mrxO
IKXuyBVZWlRyMonnxQmDQAL4wXqlzhmSXevipaOupahHB0hSZKFT6z9mo6zKG7UH
g2fDMGMpOZfvfmxV4EoD59mDHJESSY5Aorm/vfpLqYJsDsPfu3v9+tHKOEfm5rOS
b0ykBQjhfVwda7JNpbwW+w1xVEpBEuWT41HbI6lijeGeFocJ8T6m7/eHlEYUvtmv
1rQ2DhVwvoVha0YW8rNa+stLqpWjjiqLI5DaUhsexoaGmReaZ3o=
=7RxC
-----END PGP SIGNATURE-----
Merge tag 'efi-2025-04-rc1' of https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request efi-2025-04-rc1
Documentation:
* Correct the defconfig name in the coolpi documentation
UEFI:
* Carve out the biggest part of the RISC-V and ARM linker scripts for EFI
binary into a common include.
* Correct the values of SizeOfCode and SizeOfInitializedData in generated
EFI binaries for RISC-V and ARM.
* Avoid gaps between sections in EFI binaries causing a failure in secure
boot.
* Makefile: let clean remove capsule_in.capsule*.efi-capsule
* Refactor some of the code used for launching EFI binaries.
Upon further consideration, we should have both DEFAULT_FAST_ARM64_TAG
and DEFAULT_ARM64_TAG values available. This will allow us to later run
a matrix of some jobs, such as sandbox, on any arm64 host and still keep
the world build to only fast arm64 hosts.
Signed-off-by: Tom Rini <trini@konsulko.com>
A squashfs filesystem with extended attributes (xattrs) may have
inodes of type SQFS_LSYMLINK_TYPE. This might cause u-boot to fail to
handle the filesystem since it assumes a SYMLINK_TYPE and LSYMLINK_TYPE
inode are the same size. This is wrong, see:
https://github.com/plougher/squashfs-tools/blob/master/squashfs-tools/read_fs.c#L421
Using the mksquashfs '-no-xattrs' argument is probably best, but the
mksquashfs '-xattrs' argument is the default.
This patch fixes squashfs image handling by making sure parsing the
uncompressed inode_table (with sqfs_find_inode) succeeeds. The only change
needed is correctly determining the size of a SQFS_LSYMLINK_TYPE inode.
Signed-off-by: Norbert van Bolhuis <nvbolhuis@gmail.com>
When using qconfig.py to resync defconfig files and commit the result,
update it to say:
Resync all defconfig files using qconfig.py
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
In case the build system builds a directory with empty Makefile,
one which does not contain any obj-y entries, the build fails to
link due to missing built-in.o .
This happens because of this part of scripts/Makefile.build
81 ifneq ($(strip $(obj-y) $(obj-m) $(obj-) $(subdir-m) $(lib-target)),)
82 builtin-target := $(obj)/built-in.o
83 endif
which does not assign builtin-target in case obj-y is empty. The
built-in target is then not built at all, and built-in.o is not
generated by this part of scripts/Makefile.build
325 ifdef builtin-target
326 quiet_cmd_link_o_target = AR $@
327 # If the list of objects to link is empty, just create an empty built-in.o
...
335 targets += $(builtin-target)
336 endif # builtin-target
This is the correct behavior.
The final link however expects the built-in.o to exist in every directory
included in the build, even in those where the aforementioned code skipped
generation of built-in.o . Make sure the built-in.o does exist for every
directory used in final link simply by doing touch on every built-in.o used
for the link, which will create empty built-in.o in case any built-in.o is
missing.
A possible alternative fix is the always define the builtin-target
and always generate built-in.o .
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Tested-by: Quentin Schulz <quentin.schulz@cherry.de>
Most R-Car Gen3 and Gen4 systems require extalr_clk very early
in the boot process. Currently the extalr_clk { bootph-all } DT
property to indicate this clock should be available early is set
in each SoC U-Boot DT extras file. Deduplicate this assignment to
new common r8a779x-rcar64-u-boot.dtsi file.
Note that R-Car Gen3 R8A77990 E3 and R8A77995 D3 and RZ R8A774C0
do not require extalr_clk early, therefore these SoCs still include
plain r8a779x-u-boot.dtsi in their U-Boot DT extras .
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
The flash_writer tool and previous recovery tools require the SREC load
address to be 0x5000_0000 . The PIE U-Boot build sets the address to 0x0
instead, so override the address back to make u-boot-elf.srec compatible
with the recovery tools.
Tested-by: Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se>
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
This function is not called from outside this file and has no entry in
the header file, so mark it static.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Move this code into a function so it can be called from elsewhere.
Note that the recently added network code uses the same
'global variable' approach. It could use a separate clean-up.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Update the CLEAN_FILES list to remove capsule*.*.efi-capsule.
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Use the same include as arm64 for the linker script.
Adjust the 32-bit ARM PE-COFF header accordingly and harmonize it with the
64-bit ARM header.
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The fields SizeOfCode, SizeOfInitializedData, and SizeOfUninitializedData
are define in the PE-COFF specification [1].
* SizeOfCode must match the size of all .text sections.
* SizeOfInitializedData must match the size of all .data sections.
* SizeOfUninitializedData must match the size of all .bss sections.
We only have one .text and one .data section. SizeOfCode and
SizeOfInitializedData have to be calculated as the difference between
the end and the start of the respective section.
As we don't have any .bss sections in the generated EFI binaries.
SizeOfUninitializedData must remain 0.
[1] https://learn.microsoft.com/en-us/windows/win32/debug/pe-format
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Except for the architecture specific lines ARM and RISC-V can use the same
linker script. Move the common lines to an include.
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The linker uses the path specified with -L to search for linker scripts
and for linker script includes.
For out-of-tree builds specify the build directory with -L instead of
the absolute path of the linker script. This allows using an INCLUDE
statement.
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
When creating EFI binaries, the alignment of the text section isn't
correctly factored in. As a result trying to load signed EFI binaries
throws an error with:
efi_image_region_add() efi_image_region_add: new region already part of another
Image not authenticated
Running the binary through sbverify has a similar warning
sbverify ./lib/efi_loader/helloworld.efi
warning: gap in section table:
.text : 0x00001000 - 0x00001c00,
.data : 0x00002000 - 0x00002200,
gaps in the section table may result in different checksums
warning: data remaining[7680 vs 12720]: gaps between PE/COFF sections?
.....
If we include the alignment in the text section, the signed binary boots
fine, and the relevant sbverify warning goes away
sbverify ./lib/efi_loader/helloworld.efi
warning: data remaining[8704 vs 12720]: gaps between PE/COFF sections?
.....
We should look into the remaining warning at some point as well
regarding the gaps between PE/COFF sections.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The defconfig name should be: coolpi-cm5-genbook-rk3588_defconfig
Signed-off-by: Andy Yan <andyshrk@163.com>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The function disable_thermal_cpu_nodes() corrupts the cooling-device
property.
For example, booting an i.MX93 devices with only one A55 core (IMX93x1)
with the cooling-device property set to:
$ dtc -I dtb foo.dtb | grep cooling-device
cooling-device = <0x08 0xffffffff 0xffffffff 0x09 0xffffffff 0xffffffff>;
Linux shows the following error at boot:
[ 1.715189] OF: /thermal-zones/cpu-thermal/cooling-maps/map0: could not find phandle 1083699869
[ 1.723977] thermal_sys: Add a cooling_device property with at least one device
[ 1.731285] thermal thermal_zone0: binding zone cpu-thermal with cdev thermal-devfreq-0 failed:-2
because the cooling-device property in the device tree passed to the
kernel is
$ dtc -I dtb /sys/firmware/fdt | grep cooling-device
cooling-device = <0x4097f29d 0x00 0xb05aef9d>;
The issue is because the wrong variable type is passed to the function
fdt_setprop() called in the function disable_thermal_cpu_nodes(). With
the variable type fixed, the error at boot is gone and the property is
properly set:
$ dtc -I dtb /sys/firmware/fdt | grep cooling-device
cooling-device = <0x08 0xffffffff 0xffffffff>;
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Capricorn boards have WDT (WDT_SIEMENS_PMIC) and U-Boot is not configured
to trigger the WDT. Enable the "wdt" command to be able to stop the WDT
from the command line.
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@siemens.com>
Reviewed-by: Heiko Schocher <hs@denx.de>
Add instructions on how to build and package OP-TEE for the
phycore-imx8mm based boards. The build instructions are identical for
phyGATE-Tauri-L and phyBOARD-Polis.
Also fix missig '-' for TF-A build instructions.
Signed-off-by: Yannic Moog <y.moog@phytec.de>
Add documentation for the phyBOARD-Pollux i.MX 8M Plus on OP-TEE
integration.
Also add missing '-' to TF-A build instruction while at it.
Signed-off-by: Yannic Moog <y.moog@phytec.de>
Add tee node in SoC u-boot device trees. Use a kconfig entry to specify
load and entry addresses for the op-tee image in the respective
defconfig.
Default IMX8M_OPTEE_LOAD_ADDR is supplied. To keep it simple, the same
addresses are used for each SoC as are defined in upstream tf-a
(BL32_BASE) [1].
[1] https://github.com/ARM-software/arm-trusted-firmware/tree/master/plat/imx/imx8m
Signed-off-by: Yannic Moog <y.moog@phytec.de>
i.MX93-11x11-EVK has switched to use upstream device tree, and use
"adi,adp5585". Since i.MX93-11x11-EVK is the only user of this driver,
so it is safe to drop "adp5585".
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Enable dynamic settings to mmcdev and mmcroot for i.MX8MQ-EVK
Since we are here, clean up the including headers
Signed-off-by: Peng Fan <peng.fan@nxp.com>
