568 Commits

Author SHA1 Message Date
Tom Rini
158cf0270c Prepare v2024.10-rc3
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmbD0g8ACgkQFHw5/5Y0
 tywZ2QwAkw9g2+FPsQGEau5LPOGAb+OUb25BItmEAjSwQ7Kjdeef8DJOePAclsEY
 VTFl1570fphFkvdnGmNdkefXZoyQqNke6GGgM8rQj3/I6Pn0jmN+QLbcfNE4V4PC
 rY2zbBQI+ChMbgGO3sFGl5rJ8viNDasGLJVFqzQpRD0qaWw3CvqLPAz+3MtGkv7K
 k31ltUoZ/NWqGO4XFwlZkJvYPSA2L3Ng4FdXQP1Ur4zrSdevSF6QQ8rHIiqamEpv
 FwLJ/AdSuwJ/CWy8HalBH7NZdqtYLM7KhdFMcYvQmJTxz4+6KY0u5rsUsvTVvs3k
 HTXkxYoeDLdLcym+Gz0yDzKKGnWUVmgVlyGPQ6m2ZM2lk/hBOhYES4f+envYPhsk
 JBvS4ojkSwzG7Tuk3b4dUMTDNwx2pEz2fwUY/6CxCJc9KXaUJXNVNPCSr6FwH6Jc
 NbZEcwblzmkS/ozBHMd6X3Qx3w5ZptyFR7qC7dusDBA3madxta7vF5U5n9juSdhI
 7txv7SuY
 =n74P
 -----END PGP SIGNATURE-----

Merge tag 'v2024.10-rc3' into next

Prepare v2024.10-rc3
2024-08-19 18:24:58 -06:00
Heinrich Schuchardt
ed3ce65958 boot: set correct block device name in set_efi_bootdev()
For SATA devices the class name is 'ahci' but the block device name is
'sata'.

Use function blk_get_uclass_name() to retrieve the correct string.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2024-08-11 07:53:16 +02:00
Simon Glass
0fc406ab20 upl: Plumb in universal payload to the init process
Read the UPL early in boot so that it is available. For now none of the
information is used.

Signed-off-by: Simon Glass <sjg@chromium.org>
2024-08-09 16:03:20 -06:00
Simon Glass
ec2186acbc spl: Plumb in the Universal Payload handoff
Specify the FIT and include information about each loaded image, as
required by the UPL handoff.

Write the UPL handoff into the bloblist before jumping to the next phase.

Control this using a runtime flag to avoid conflicting with other
handoff mechanisms.

Signed-off-by: Simon Glass <sjg@chromium.org>
2024-08-09 16:03:20 -06:00
Simon Glass
fefb53492f upl: Add support for Universal Payload in SPL
Add the basic code to create a handoff structure in SPL, so it can be
passed to the next phase. For now this is not plumbed in.

Signed-off-by: Simon Glass <sjg@chromium.org>
2024-08-09 16:03:20 -06:00
Simon Glass
264f4b0b34 upl: Add a command
Add a 'upl' command to work with Universal Payload features. For now it
only supports reading and writing a handoff structure.

Signed-off-by: Simon Glass <sjg@chromium.org>
2024-08-09 16:03:20 -06:00
Simon Glass
3848e97c5c upl: Add support for writing a upl handoff
Universal Payload provides a standard way of handing off control between
two firmware phases. Add support for writing the handoff information from
a structure.

Signed-off-by: Simon Glass <sjg@chromium.org>
2024-08-09 16:03:20 -06:00
Simon Glass
90469da3da upl: Add support for reading a upl handoff
Universal Payload provides a standard way of handing off control between
two firmware phases. Add support for reading the handoff information into
a structure.

Signed-off-by: Simon Glass <sjg@chromium.org>
2024-08-09 16:03:19 -06:00
Simon Glass
59ca3a2f20 usb: bootm: Drop old USB-device-removal code
USB is stopped using driver model now, in dm_remove_devices_flags() in
announce_and_cleanup() at the top of this file.

The usb_stop() call actually unbinds devices.

When a USB device is unbound, it causes any bootflows attached to it to
be removed, via a call to bootdev_clear_bootflows() from
bootdev_pre_unbind(). This obviously makes it impossible to boot the
bootflow.

However, when booting a bootflow that relies on USB, usb_stop() is
called, which unbinds the device. At that point any information
attached to the bootflow is dropped.

This is quite risky since the contents of freed memory are not
guaranteed to remain unchanged. Depending on what other options are
done before boot, a hard-to-find bug may crop up.

Drop the call to this old function.

Leave the netconsole call there, since this needs conversion to
driver model.

Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Shantur Rathore <i@shantur.com>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
2024-07-31 11:20:57 -06:00
Heinrich Schuchardt
4f65851007 boot: provide CONFIG_BOOTMETH_QFW Kconfig parameter
U-Boot is often used conjunction with QEMU to boot via EFI or syslinux.
Here the QFW boot method is not needed.

At least for qemu-riscv64_smode_defconfig the kernel parameter is used
to specify the U-Boot binary. Trying to run U-Boot as a kernel makes
no sense.

Provide Kconfig parameter CONFIG_BOOTMETH_QFW to decide if the QFW boot
method shall be provided.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2024-07-19 16:48:07 -06:00
Tom Rini
b81e31a1e6 bootstash: Do not provide a default address for all
A valid memory location to stash bootstage information at will be
architecture dependent. Move the existing defaults to the main Kconfig
file for this option and set 0x0 as the default only for sandbox.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
2024-07-19 16:48:07 -06:00
Simon Glass
6b387c9396 boot: Correct indentation in efi bootmeth
Fix a minor indentation / whitespace problem in a comment.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glkp@gmx.de>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
2024-07-19 14:01:42 +02:00
Simon Glass
60b180fdba bootstd: Correct handling of script from network
When reading a script from a network, no block device is available.
Update the implementation to support this correctly, avoiding setting
environment variables which relate only to block devices.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
2024-07-19 13:57:50 +02:00
Simon Glass
cfed2219e3 bootstd: Tidy up comments on the boothmeth drivers
Fix a typo in the comment and add one to the EFI driver too.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
2024-07-19 13:57:47 +02:00
Simon Glass
95403023cf doc: Add a description for bootmeth_sandbox
Add documentation for the sandbox bootmeth.

Fix up the compatible string to drop the 'extlinux' part, which is not
relevant to this bootmeth.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
2024-07-19 13:57:44 +02:00
Simon Glass
70a4982d4f doc: Add a description for bootmeth_qfw
Add documentation for the qfw bootmeth.

Fix up the compatible string to drop the 'extlinux' part, which is not
relevant to this bootmeth.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
2024-07-19 13:54:54 +02:00
Tom Rini
4595600007 Merge patch series "bootstd: Add Android support"
Mattijs Korpershoek <mkorpershoek@baylibre.com> says:

Android boot flow is a bit different than a regular Linux distro.
Android relies on multiple partitions in order to boot.

A typical boot flow would be:
1. Parse the Bootloader Control Block (BCB, misc partition)
2. If BCB requested bootonce-bootloader, start fastboot and wait.
3. If BCB requested recovery or normal android, run the following:
   a. Get slot (A/B) from BCB
   b. Run AVB (Android Verified Boot) on boot partitions
   c. Load boot and vendor_boot partitions
   d. Load device-tree, ramdisk and boot

The AOSP documentation has more details at [1], [2], [3]

This has been implemented via complex boot scripts such as [4].
However, these boot script are neither very maintainable nor generic.
Moreover, DISTRO_DEFAULTS is being deprecated [5].

Add a generic Android bootflow implementation for bootstd.

For this initial version, only boot image v4 is supported.

This has been tested on sandbox using:
$ ./test/py/test.py --bd sandbox --build -k test_ut

This has also been tested on the AM62X SK EVM using TI's Android SDK[6]
To test on TI board, the following (WIP) patch is needed as well:
84cceb912b

[1] https://source.android.com/docs/core/architecture/bootloader
[2] https://source.android.com/docs/core/architecture/partitions
[3] https://source.android.com/docs/core/architecture/partitions/generic-boot
[4] https://source.denx.de/u-boot/u-boot/-/blob/master/include/configs/meson64_android.h
[5] https://lore.kernel.org/r/all/20230914165615.1058529-17-sjg@chromium.org/
[6] https://software-dl.ti.com/processor-sdk-android/esd/AM62X/09_02_00/docs/android/Overview.html
2024-07-18 17:03:47 -06:00
Mattijs Korpershoek
125d9f3306 bootstd: Add a bootmeth for Android
Android boot flow is a bit different than a regular Linux distro.
Android relies on multiple partitions in order to boot.

A typical boot flow would be:
1. Parse the Bootloader Control Block (BCB, misc partition)
2. If BCB requested bootonce-bootloader, start fastboot and wait.
3. If BCB requested recovery or normal android, run the following:
3.a. Get slot (A/B) from BCB
3.b. Run AVB (Android Verified Boot) on boot partitions
3.c. Load boot and vendor_boot partitions
3.d. Load device-tree, ramdisk and boot

The AOSP documentation has more details at [1], [2], [3]

This has been implemented via complex boot scripts such as [4].
However, these boot script are neither very maintainable nor generic.
Moreover, DISTRO_DEFAULTS is being deprecated [5].

Add a generic Android bootflow implementation for bootstd.
For this initial version, only boot image v4 is supported.

[1] https://source.android.com/docs/core/architecture/bootloader
[2] https://source.android.com/docs/core/architecture/partitions
[3] https://source.android.com/docs/core/architecture/partitions/generic-boot
[4] https://source.denx.de/u-boot/u-boot/-/blob/master/include/configs/meson64_android.h
[5] https://lore.kernel.org/r/all/20230914165615.1058529-17-sjg@chromium.org/

Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Julien Masson <jmasson@baylibre.com>
Tested-by: Guillaume La Roque <glaroque@baylibre.com>
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
2024-07-18 13:51:30 -06:00
Mattijs Korpershoek
be0b076c55 bootstd: Add bootflow_iter_check_mmc() helper
Some bootflows might be able to only boot from MMC devices.

Add a helper function these bootflows can use.

Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Reviewed-by: Julien Masson <jmasson@baylibre.com>
Reviewed-by: Guillaume La Roque <glaroque@baylibre.com>
Tested-by: Guillaume La Roque <glaroque@baylibre.com>
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2024-07-18 13:51:30 -06:00
Mattijs Korpershoek
58fed99f46 boot: android: Provide vendor_bootimg_addr in boot_get_fdt()
When calling android_image_get_dtb_by_index() using boot image v3+,
we should also pass the vendor_boot ramdisk address.

Use get_avendor_bootimg_addr() to do so.

Notes: on boot image v2, this is harmless since get_avendor_bootimg_addr()
       returns -1.
       for legacy implementations that don't have CMD_ABOOTIMG, add a weak
       implementation to avoid linking errors.

Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Julien Masson <jmasson@baylibre.com>
Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Reviewed-by: Guillaume La Roque <glaroque@baylibre.com>
Tested-by: Guillaume La Roque <glaroque@baylibre.com>
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
2024-07-18 13:51:30 -06:00
Tom Rini
0c7c9494d6 Merge patch series "Respin bootstd cros patch into a series of two"
Vincent Stehlé <vincent.stehle@arm.com> says:

Hi,

This is a respin of this patch [1] after discussion [2]. Thanks to
Simon and Heinrich for their reviews.

To use the guidcmp() function, as suggested by Heinrich, we need to
make it available to bootmeth_cros.c and I think that the cleanest way
to do that is (arguably) to move the guid helper functions to efi.h
near the efi_guid_t definition; this is why the original patch has now
become a series of two patches.

The alternative would be to include efi_loader.h from bootmeth_cros.c
but I think this does not sound "right". If this is in fact the
preferred approach just let me know and I will respin.

There is no difference in the sandbox binaries before/after this
series on Arm and on PC, and all the tests I have run on the sandbox
are unchanged.
2024-07-18 07:40:30 -06:00
Vincent Stehlé
1b1b1e7f60 bootstd: cros: store partition type in an efi_guid_t
The scan_part() function uses a struct uuid to store the little-endian
partition type GUID, but this structure should be used only to contain a
big-endian UUID. Use an efi_guid_t instead and use guidcmp() for the
comparison.

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
2024-07-16 17:09:33 -06:00
Marek Vasut
789934f1bb boot: Remove duplicate newlines
Drop all duplicate newlines. No functional change.

Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
2024-07-15 12:12:17 -06:00
Tom Rini
246a0ce1e1 Merge patch series "Add Turris 1.x board"
Marek Mojík <marek.mojik@nic.cz> says:

Hello all,

this is a continuation of previous work by Pali to add support for the
Turris 1.x board. As the patches were based on u-boot v2022.04, a
nontrivial rebasing was needed.

Some notes:
- Some options that are in SD defconfig are disabled in NOR defconfig
  because over the years u-boot grew and the old NOR defconfig will not
  fit into NOR memory.
- SD boot with RAM larger than 2GB will only allocate 2GB of RAM (We
  were not able to fix this yet)
2024-07-12 14:00:45 -06:00
Pali Rohár
f41582035c powerpc: Add support for CZ.NIC Turris 1.x routers
Add support for CZ.NIC Turris 1.x routers.

CZ.NIC Turris 1.0 (RTRS01) and 1.1 (RTRS02) are open source routers, they
have dual-core PowerPC Freescale P2020 CPU and are based on reference
Freescale P2020RDB-PC-A board design.

Hardware design is fully open source, all firmware and hardware design
files are available at Turris project website:

https://docs.turris.cz/hw/turris-1x/turris-1x/
https://project.turris.cz/en/hardware.html

The P2020 BootROM can load U-Boot either from NOR flash or from SD card.
We add the new defconfigs, turris_1x_nor_defconfig, which configures
U-Boot for building the NOR image, and turris_1x_sdcard_defconfig, which
configures U-Boot for building an image suitable for SD card.

The defconfig for NOR image is stripped-down a - many config options
enabled in SD defconfig are disabled for NOR defconfig. This is because
U-Boot grew non-trivially in the last two years and it would not fit
into the space allocated for U-Boot in the NOR memory. In the future we
may try to use LTO to reduce the size of the code and enable more
options.

The design of CZ.NIC Turris 1.x routers is based on Freescale P2020RDB-PC-A
board, so some code from boards/freescale/p1_p2_rdb_pc is used and linked
into Turris 1.x board code.

Turris 1.x code in this patch uses modern distroboot and can boot Linux
kernel from various locations, including NAND, SD card, USB flash disks,
NVMe disks or SATA disks (connected to extra SATA/SCSI PCIe controllers).
Via distroboot is implemented also rescue NOR boot for factory recovery,
triggered by reset button, like on other existing Turris routers.

SD boot with RAM larger than 2GB will only allocate 2GB of RAM (We were
not able to fix this yet)

[ Because various CONFIG_ macros were migrated to Kconfig since the last
  time this worked on upstream U-Boot (in 2022), a non-trivial rebasing
  was needed and some issues were solved. ]

Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Mojík <marek.mojik@nic.cz>
Reviewed-by: Marek Behún <kabel@kernel.org>
2024-07-12 13:07:43 -06:00
Anand Moon
608a88c270 Fix Kconfig coding style from spaces to tab
Adjust indentation from spaces to tab (+optional two spaces) as in
coding style with command like:
	$ sed -e 's/^        /\t/' -i */Kconfig

Signed-off-by: Anand Moon <linux.amoon@gmail.com>
2024-07-05 13:57:02 -06:00
Maxim Moskalets
2abf14df5d cmd: bootm: add ELF file support
Some operating systems (e.g. seL4) and embedded applications are ELF
images. It is convenient to use FIT-images to implement trusted boot.
Added "elf" image type for booting using bootm command.

Signed-off-by: Maxim Moskalets <maximmosk4@gmail.com>
2024-07-05 13:57:02 -06:00
Vincent Stehlé
c85a05a5d8 bootstd: cros: store partition type in an efi_guid_t
The scan_part() function uses a struct uuid to store the little-endian
partition type GUID, but this structure should be used only to contain a
big-endian UUID. Use an efi_guid_t instead.

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2024-07-03 07:36:33 +01:00
Tom Rini
2f96033923 Pull request efi-2024-10-rc1
Documentation:
       Update requirements.txt to use current Python module versions
       Add a page describing debugging U-Boot with GDB
       FIT: describe data-size as a conditionally mandatory property
       Correct link to FIT specification in SPL code.
       Correct kaslrseed command long text description
 
 UEFI:
       Add unit test checking that don't have kaslr-seed when measuring boot
       Deduplicate code for measured boot.
 
 Other:
       Print size information in fwu command
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEK7wKXt3/btL6/yA+hO4vgnE3U0sFAmaBU44ACgkQhO4vgnE3
 U0s1JRAAgyxfK6mjgS0rGI3wBv9N9twxYm/+2XcBFxqywcazuls31uNs+XO+U14u
 pS73qzRn4gempz8FxOEjlEhzN4ycEjlR1zpO39Z21/wq1TSGSVjnRPmGnBx5t19Y
 wxtptXr1A8mnaoqv3A3seEepC3/PDNSANjo/euHwHruepVM+f9VdotqVbr4Y4kFM
 qYHuIBKawjMWDy8BB0HlbMgGDDanZZKbXjus8h0RVrbHQePUgAiztZ5bQCRSp9A7
 uFNVvuIKSl2SUQ3kHIL9pwYhRCOXaNTSCsyiaxwfAMkhK9Em6QP2647ddvNNKAw2
 V4EUf52lTUnd527iLqjvEvKcGcrVNCoYWsKtuRS8YHk/2jn7BjPY/bHW8MCiWN3Z
 sG48Cqbq+fVG0+Qk2/I68kvGYGh4S4f9AeNihtQRXaxDzrLk1jBESakzUXI52ub3
 YK+aZ83t232n9pyXZe855Qxpcp5HLfg6ZtdjnB/Oqp7NpSpuPeo8FmFwZ2Nz/+5u
 qk29LwA5U8gO3N3qbwjIt7FpjlYuYyo8A3kiZttOy9epSM+0YrHx7V+dx8RJPKrD
 a1NT1dONWL2QhoYC5788o/L+WPJprEy38aY3LYrbdtxlbqoTV1RRg5/RVfD6D6vk
 lVR+RP/l/5iCa6nw5Cls6DZcMgV7DyCtyp0uMTJDVe7L62qhBFk=
 =7g5n
 -----END PGP SIGNATURE-----

Merge tag 'efi-2024-10-rc1' of https://source.denx.de/u-boot/custodians/u-boot-efi into next

Pull request efi-2024-10-rc1

Documentation:
      Update requirements.txt to use current Python module versions
      Add a page describing debugging U-Boot with GDB
      FIT: describe data-size as a conditionally mandatory property
      Correct link to FIT specification in SPL code.
      Correct kaslrseed command long text description

UEFI:
      Add unit test checking that don't have kaslr-seed when measuring boot
      Deduplicate code for measured boot.

Other:
      Print size information in fwu command
2024-06-30 10:59:42 -06:00
Ilias Apalodimas
e7505b3b8b tpm: allow the user to select the compiled algorithms
Simon reports that after enabling all algorithms on the TPM some boards
fail since they don't have enough storage to accommodate the ~5KB growth.

The choice of hash algorithms is determined by the platform and the TPM
configuration. Failing to cap a PCR in a bank which the platform left
active is a security vulnerability. It might allow  unsealing of secrets
if an attacker can replay a good set of measurements into an unused bank.

If MEASURED_BOOT or EFI_TCG2_PROTOCOL is enabled our Kconfig will enable
all supported hashing algorithms. We still want to allow users to add a
TPM and not enable measured boot via EFI or bootm though and at the same
time, control the compiled algorithms for size reasons.

So let's add a function tpm2_allow_extend() which checks the TPM active
PCRs banks against the one U-Boot was compiled with. We only allow
extending PCRs if the algorithms selected during build match the TPM
configuration.

It's worth noting that this is only added for TPM2.0, since TPM1.2 is
lacking a lot of code at the moment to read the available PCR banks.
We unconditionally enable SHA1 when a TPM is selected, which is the only
hashing algorithm v1.2 supports.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>  # chromebook-link
2024-06-30 13:58:31 +02:00
Ilias Apalodimas
27b462cec1 tpm: Move TCG headers into a separate file
commit 97707f12fdab ("tpm: Support boot measurements") moved out code
from the EFI subsystem into the TPM one to support measurements when
booting with !EFI.

Those were moved directly into the TPM subsystem and in the tpm-v2.c
library. In hindsight, it would have been better to move it in new
files since the TCG2 is governed by its own spec, it's overeall cleaner
and also easier to enable certain parts of the TPM functionality.

So let's start moving the headers in a new file containing the TCG
specific bits.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2024-06-30 13:58:31 +02:00
Tom Rini
48641bfab7 Merge patch series "automatically add /chosen/kaslr-seed and deduplicate code"
Tim Harvey <tharvey@gateworks.com> says:

This series will automatically add /chosen/kaslr-seed to the dt if
DM_RNG is enabled
during the boot process.

If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to
randomize the virtual address at which the kernel image is loaded, it
expects entropy to be provided by the bootloader by populating
/chosen/kaslr-seed with a 64-bit value from source of entropy at boot.

If we have DM_RNG enabled populate this value automatically when
fdt_chosen is called. We skip this if ARMV8_SEC_FIRMWARE_SUPPORT
is enabled as its implementation uses a different source of entropy
that is not yet implemented as DM_RNG. We also skip this if
MEASURED_BOOT is enabled as in that case any modifications to the
dt will cause measured boot to fail (although there are many other
places the dt is altered).

As this fdt node is added elsewhere create a library function and
use it to deduplicate code. We will provide a parameter to overwrite
the node if present.

For our automatic injection, we will use the first rng device and
not overwrite if already present with a non-zero value (which may
have been populated by an earlier boot stage). This way if a board
specific ft_board_setup() function wants to customize this behavior
it can call fdt_kaslrseed with a rng device index of its choosing and
set overwrite true.

Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless now
but left in place in case boot scripts exist that rely on this command
existing and returning success. An informational message is printed to
alert users of this command that it is likely no longer needed.

Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for
randomization and completely ignores the kaslr-seed for its own
randomness needs (i.e the randomization of the physical placement of
the kernel). It gets weeded out from the DTB that gets handed over via
efi_install_fdt() as it would also mess up the measured boot DTB TPM
measurements as well.
2024-06-28 17:31:28 -06:00
Tim Harvey
909321bc6b use fdt_kaslrseed function to de-duplicate code
Use the fdt_kaslrseed function to deduplicate code doing the same thing.

Note that the kalsrseed command (CMD_KASLRSEED) is likely pointless now
but left in place in case boot scripts exist that rely on this command
existing and returning success. An informational message is printed to
alert users of this command that it is likely no longer needed.

Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for
randomization and completely ignores the kaslr-seed for its own
randomness needs (i.e the randomization of the physical placement of
the kernel). It gets weeded out from the DTB that gets handed over via
efi_install_fdt() as it would also mess up the measured boot DTB TPM
measurements as well.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Michal Simek <michal.simek@amd.com>
Cc: Andy Yan <andy.yan@rock-chips.com>
Cc: Akash Gajjar <gajjar04akash@gmail.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Simon Glass <sjg@chromium.org>
Cc: Patrick Delaunay <patrick.delaunay@foss.st.com>
Cc: Patrice Chotard <patrice.chotard@foss.st.com>
Cc: Devarsh Thakkar <devarsht@ti.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Hugo Villeneuve <hvilleneuve@dimonoff.com>
Cc: Marek Vasut <marex@denx.de>
Cc: Tom Rini <trini@konsulko.com>
Cc: Chris Morgan <macromorgan@hotmail.com>
Acked-by: Michal Simek <michal.simek@amd.com>
2024-06-28 17:30:45 -06:00
Tim Harvey
ea955eea4f fdt: automatically add /chosen/kaslr-seed if DM_RNG is enabled
If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to
randomize the virtual address at which the kernel image is loaded, it
expects entropy to be provided by the bootloader by populating
/chosen/kaslr-seed with a 64-bit value from source of entropy at boot.

If we have DM_RNG enabled populate this value automatically when
fdt_chosen is called. We skip this if ARMV8_SEC_FIRMWARE_SUPPORT
is enabled as its implementation uses a different source of entropy
that is not yet implemented as DM_RNG. We also skip this if
MEASURED_BOOT is enabled as in that case any modifications to the
dt will cause measured boot to fail (although there are many other
places the dt is altered).

Note that the Kernel's EFI STUB only relies on EFI_RNG_PROTOCOL for
randomization and completely ignores the kaslr-seed for its own
randomness needs (i.e the randomization of the physical placement of
the kernel). It gets weeded out from the DTB that gets handed over via
efi_install_fdt() as it would also mess up the measured boot DTB TPM
measurements as well.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Michal Simek <michal.simek@amd.com>
Cc: Andy Yan <andy.yan@rock-chips.com>
Cc: Akash Gajjar <gajjar04akash@gmail.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Simon Glass <sjg@chromium.org>
Cc: Patrick Delaunay <patrick.delaunay@foss.st.com>
Cc: Patrice Chotard <patrice.chotard@foss.st.com>
Cc: Devarsh Thakkar <devarsht@ti.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Hugo Villeneuve <hvilleneuve@dimonoff.com>
Cc: Marek Vasut <marex@denx.de>
Cc: Tom Rini <trini@konsulko.com>
Cc: Chris Morgan <macromorgan@hotmail.com>
2024-06-28 17:30:45 -06:00
Tim Harvey
00afd1ec82 Add fdt_kaslrseed function to add kaslr-seed to chosen node
If RANDOMIZE_BASE is enabled in the Linux kernel instructing it to
randomize the virtual address at which the kernel image is loaded, it
expects entropy to be provided by the bootloader by populating
/chosen/kaslr-seed with a 64-bit value from source of entropy at boot.

Add a fdt_kaslrseed function to accommodate this allowing an existing
node to be overwritten if present. For now use the first rng device
but it would be good to enhance this in the future to allow some sort
of selection or policy in choosing the rng device used.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Michal Simek <michal.simek@amd.com>
Cc: Andy Yan <andy.yan@rock-chips.com>
Cc: Akash Gajjar <gajjar04akash@gmail.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Simon Glass <sjg@chromium.org>
Cc: Patrick Delaunay <patrick.delaunay@foss.st.com>
Cc: Patrice Chotard <patrice.chotard@foss.st.com>
Cc: Devarsh Thakkar <devarsht@ti.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Hugo Villeneuve <hvilleneuve@dimonoff.com>
Cc: Marek Vasut <marex@denx.de>
Cc: Tom Rini <trini@konsulko.com>
Cc: Chris Morgan <macromorgan@hotmail.com>
Reviewed-by: Caleb Connolly <caleb.connolly@linaro.org>
2024-06-28 17:30:45 -06:00
Simon Glass
6e5e713e81 pxe: Add debugging for booting
Show which boot protocol is being used.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Michael Trimarchi <michael@amarulasolutions.com>
2024-06-26 13:17:51 -06:00
Tom Rini
a7eada2432 Prepare v2024.07-rc5
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmZ5yTEACgkQFHw5/5Y0
 tywDtwv6AhYfLbudtOBBnDzEaZ0oC3ZbxfqwvSq4A16ftZoKdzv6stXLJg4L4nJ2
 u5OQo9DuSw+x1bE1bTo/ajumwJyymZ1SqQJZ7MlGJ/+ZARSpKOsN9J9JWNY9n2Ew
 A0PQ20WcDX93QjEMnS2cxfNx7jOBkKsWXAkgQ/K4ITxBmne55ioPmJvzxhGyHkPJ
 +JtOSEJxhHiFhxHy4ptb1sQSYs6wHxHt/im88CutyG/hYjaXp0xiuLQMXoIg4sQT
 P7Y4AtvDEjD6/y4VHG7Hg04pZMv255zQAGm2dlmOeOUT+Hsi0E9xrEnT7q0WOcjV
 tkx5HjxkLyGiQbHB4UFip8u/xfJb432HNGifCBBuIA6CP4zrM7VoKrs2Ql9xQ7UV
 mNFHPnwr5K0Ge+QvmJS9RgCfqFk+UgcfFHh+ReDVCGeW8WYfDNJzvfpx+UsrB98b
 APJ9JxnVmOo5WlA5FSLDrod2l4WXrLL8jo6LdxAKJWZTLWddpL2y/AA39lVq76vi
 EnSUt2Mf
 =t6QJ
 -----END PGP SIGNATURE-----

Merge tag 'v2024.07-rc5' into next

Prepare v2024.07-rc5
2024-06-24 13:34:52 -06:00
Heinrich Schuchardt
3fc9de484a boot: links to FIT documentation in Kconfig
Correct the links to the FIT documentation in boot/Kconfig.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2024-06-22 17:02:23 +02:00
Quentin Schulz
05b9665f09 boot: bootflow_menu: fix crash for EFI BOOTMGR global bootmeth
The global bootmeths don't set the dev in bootflow struct which means
the dev_get_parent(bflow->dev) triggers a NULL-pointer dereference and
crash U-Boot.

So before trying to handle a bootflow, check that the associated
bootmeth isn't global, otherwise skip it.

Suggested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2024-06-20 11:41:43 -06:00
Quentin Schulz
b88950fe04 boot: fix typos in help text of Kconfig configs
This fixes a handful of typos in various help texts in Kconfig configs.

Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
2024-06-20 11:41:43 -06:00
Ilias Apalodimas
d69759aec2 tpm: measure DTB in PCR1 instead of PCR0
The PC client spec [0], doesn't describe measurements for DTBs. It does
describe what do to for ACPI tables though.

There is a description for ACPI in 3.3.4.1 PCR[0] – SRTM, POST BIOS,
and Embedded Drivers and they explicitly mention ACPI in there. There's
no mention of ACPI in 3.3.4.2 PCR[1] – Host Platform Configuration.

However, in Figure 6 --  PCR Mapping of UEFI Components ACPI is shown
in PCR1. The general description also mentions PCR0 is for code and PCR1
is for data such as ACPI and SMBIOS.

So let's switch over the DTB measurements to PCR1 which seems a better
fit.

[0] https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification

Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Eddie James <eajames@linux.ibm.com>
2024-06-16 09:45:57 +02:00
Tom Rini
9cf83a7da9 Pull request efi-next-20240611
UEFI:
 
 * Allow specifying a device-tree in an EFI load option
   using the efidebug or eficonfig command.
 * Let the EFI boot manager fall back to an OS provided device-tree
   if no device-tree is specified.
 -----BEGIN PGP SIGNATURE-----
 
 iQJWBAABCABAFiEEK7wKXt3/btL6/yA+hO4vgnE3U0sFAmZoOXUiHGhlaW5yaWNo
 LnNjaHVjaGFyZHRAY2Fub25pY2FsLmNvbQAKCRCE7i+CcTdTS36HEACegzro+P2f
 XZbdiRi0zN+ef5UkUVm/LECwBWXo0p9R5L3XWsRtxz8nqzG5JgB4lzDr0X3cRAVr
 uUeg6xf5LSXCbme/Ct68bi27F54Z0OQDmVlvPC/zUQ6CUDPg+0HFlHiBgKGvkAy+
 0HZY57OhXbviyuZ8JND/zL5GBGnyVGjyoghS0OvtSeWZ+6JIHYrMGH9fc1jtdS4+
 jleIkKE4NKIJPOPQVpCr84SgtbsfFeaOtsAM6u5Asd8FkmKLjcgNpKw5Kj03vJwP
 javMY/hG7LkAxHLEfDOe1A3z8AKqN+zrHZ0Rj7Xy+TdwEmh6IgsPkorPCjWa5g0W
 Cp7pjf2Bq/dAZLhHCMPFBQ/aSv9t3b+LSdrGYJUffwmjhcJ/6+J+2ioD50cJc31E
 Ov85HF7FpB9s82+3LL9QuFkQIdDdseNPCPUdEesA1GJjZUa8QrrrmmeTDuZZAmXm
 HpAy3/hw1lTYG/yPSavQdr0bZNTcersvpIqchI5b/SXfAH+riSSuGGobtaYE61su
 2esMKTMma1/aO2X3i7QCTntG4fKd/7Wfbf3lcjIJ3nuWlty+AvXZiD1nHM48d2P4
 U3/Wbsls60mlAG/P15/eC8jxhkanrbSXNwGOjJMbh+OmwUukhvYg+35t5qZkCwuW
 OHIFOWhFuIs+tsEUoOllZldDgmWB9hpjxg==
 =D5PO
 -----END PGP SIGNATURE-----

Merge tag 'efi-next-20240611' of https://source.denx.de/u-boot/custodians/u-boot-efi into next

Pull request efi-next-20240611

UEFI:

* Allow specifying a device-tree in an EFI load option
  using the efidebug or eficonfig command.
* Let the EFI boot manager fall back to an OS provided device-tree
  if no device-tree is specified.
2024-06-11 07:42:55 -06:00
Heinrich Schuchardt
c946385950 efi_loader: move distro_efi_get_fdt_name()
Move distro_efi_get_fdt_name() to a separate C module
and rename it to efi_get_distro_fdt_name().

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2024-06-10 11:43:36 +02:00
Roman Stratiienko
17b1656dcd abootimg: Add init_boot image support
Quote from [1]:

"For devices launching with Android 13, the generic ramdisk is removed
from the boot image and placed in a separate init_boot image.
This change leaves the boot image with only the GKI kernel."

While at it, update wrong error handling message when vendor_boot
cannot be loaded.

[1]: https://source.android.com/docs/core/architecture/partitions/generic-boot

Signed-off-by: Roman Stratiienko <r.stratiienko@gmail.com>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
2024-06-07 16:20:33 -06:00
Roman Stratiienko
da3447d09f android: Fix ramdisk loading for bootimage v3+
The boot_ramdisk and vendor_ramdisk must be both concatenated together.
Without this change, Android root is missing some of the necessary tools
to complete virtual AB OTA.

Signed-off-by: Roman Stratiienko <r.stratiienko@gmail.com>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
2024-06-07 16:20:31 -06:00
Mattijs Korpershoek
3078766134 image: Set load_end on partial loads
When decompressing, it's possible that the algorithm only performs
a partial decompression.
This usually happens when CONFIG_SYS_BOOTM_LEN is too small for
the uncompressed image.

When that happens, image_decomp() returns an error and *load_end == load.
The error is then handled by handle_decomp_error().

handle_decomp_error() expects the number of uncompressed bytes in
uncomp_size but receives *load_end - load == load - load == 0.

Because of this, handle_decomp_error does not report the expected
"Image too large: increase CONFIG_SYS_BOOTM_LEN" error message.

Modify the image_decomp() logic to always report the decompressed size,
even when a partial decompression happened.

Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
2024-06-07 16:20:28 -06:00
Raymond Mao
d9e9e699be image: remove redundant hash includes
Remove the redundant includes of u-boot/md5.h, u-boot/sha1.h,
u-boot/sha256.h and u-boot/sha512.h

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2024-05-22 08:55:28 -06:00
Tom Rini
03de305ec4 Restore patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet"
As part of bringing the master branch back in to next, we need to allow
for all of these changes to exist here.

Reported-by: Jonas Karlman <jonas@kwiboo.se>
Signed-off-by: Tom Rini <trini@konsulko.com>
2024-05-20 13:35:03 -06:00
Tom Rini
d678a59d2d Revert "Merge patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet""
When bringing in the series 'arm: dts: am62-beagleplay: Fix Beagleplay
Ethernet"' I failed to notice that b4 noticed it was based on next and
so took that as the base commit and merged that part of next to master.

This reverts commit c8ffd1356d42223cbb8c86280a083cc3c93e6426, reversing
changes made to 2ee6f3a5f7550de3599faef9704e166e5dcace35.

Reported-by: Jonas Karlman <jonas@kwiboo.se>
Signed-off-by: Tom Rini <trini@konsulko.com>
2024-05-19 08:16:36 -06:00
Tom Rini
c4b646d436 boot: Remove <common.h> and add needed includes
Remove <common.h> from all "boot/" files and when needed add
missing include files directly.

Signed-off-by: Tom Rini <trini@konsulko.com>
2024-05-06 15:05:04 -06:00