35 Commits

Author SHA1 Message Date
Jonathan Humphreys
659f97eb1f scripts/Makefile.lib: EFI: Use capsule CRT instead of ESL file
The EFI Capsule ESL file (EFI Signature List File) used for authentication
is a binary generated from the EFI Capsule public key certificate. Instead
of including it in the source repo, automatically generate it from the
certificate file during the build process.

Currently, sandbox is the only device using this, so removed its ESL file
and set the (new) CONFIG_EFI_CAPSULE_CRT_FILE config to point to its public
key certificate.

Signed-off-by: Jonathan Humphreys <j-humphreys@ti.com>
2024-07-14 09:56:24 +02:00
Tom Rini
a7eada2432 Prepare v2024.07-rc5
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmZ5yTEACgkQFHw5/5Y0
 tywDtwv6AhYfLbudtOBBnDzEaZ0oC3ZbxfqwvSq4A16ftZoKdzv6stXLJg4L4nJ2
 u5OQo9DuSw+x1bE1bTo/ajumwJyymZ1SqQJZ7MlGJ/+ZARSpKOsN9J9JWNY9n2Ew
 A0PQ20WcDX93QjEMnS2cxfNx7jOBkKsWXAkgQ/K4ITxBmne55ioPmJvzxhGyHkPJ
 +JtOSEJxhHiFhxHy4ptb1sQSYs6wHxHt/im88CutyG/hYjaXp0xiuLQMXoIg4sQT
 P7Y4AtvDEjD6/y4VHG7Hg04pZMv255zQAGm2dlmOeOUT+Hsi0E9xrEnT7q0WOcjV
 tkx5HjxkLyGiQbHB4UFip8u/xfJb432HNGifCBBuIA6CP4zrM7VoKrs2Ql9xQ7UV
 mNFHPnwr5K0Ge+QvmJS9RgCfqFk+UgcfFHh+ReDVCGeW8WYfDNJzvfpx+UsrB98b
 APJ9JxnVmOo5WlA5FSLDrod2l4WXrLL8jo6LdxAKJWZTLWddpL2y/AA39lVq76vi
 EnSUt2Mf
 =t6QJ
 -----END PGP SIGNATURE-----

Merge tag 'v2024.07-rc5' into next

Prepare v2024.07-rc5
2024-06-24 13:34:52 -06:00
Heinrich Schuchardt
dfb28817c1 doc: FIT links in develop/uefi/uefi.rst
Correct the links to the FIT documentation.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2024-06-22 17:02:23 +02:00
Jonathan Humphreys
cedad0670e doc: uefi: capsules: Add Capsule Update porting section
Created a capsule update porting section in the documentation that outlines
the steps a board developer must do when porting from an existing reference
board implementation.

In particular, added a big warning that new capsule GUID's need to be
defined.

Signed-off-by: Jonathan Humphreys <j-humphreys@ti.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2024-06-18 10:43:29 -06:00
Wei Ming Chen
3a99d05a39 doc: uefi: remove ".py" suffix for pytest.py command
the file pytest.py does not exist

Signed-off-by: Wei Ming Chen <jj251510319013@gmail.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2024-01-29 11:30:28 +01:00
Wei Ming Chen
0d7634ebc1 doc: uefi: remove duplicate word "has"
There should be only one "has" instead of "has has"

Signed-off-by: Wei Ming Chen <jj251510319013@gmail.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2024-01-21 11:24:18 +01:00
Masahisa Kojima
c022eed4be doc: uefi: add HTTP Boot support
This adds the description about HTTP Boot.

[Ilias add the new EFI_HTTP_BOOT option in docs]
Lore: https://lore.kernel.org/u-boot/20231110042542.3797301-1-masahisa.kojima@linaro.org/T/#m36acf922a888cc14f74e823ec57bacd9f977194e
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-11-18 10:08:09 +02:00
Sughosh Ganu
ba5b960dcb doc: capsule: Add documentation for the capsule dump feature
Add documentation to explain the printing of the capsule headers
through the mkeficapsule tool.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-10-13 14:01:42 -06:00
Rasmus Villemoes
4fb7e570d6 doc: use .dtso as extension for device tree overlay sources
Moving towards using .dtso for overlay sources, update the
documentation examples to follow that pattern.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-10-11 13:22:32 -04:00
Sughosh Ganu
1df1d566d2 doc: capsule: Document the new mechanism to embed ESL file into dtb
Update the document to specify how the EFI Signature List(ESL) file
can be embedded into the platform's dtb as part of the U-Boot build.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2023-08-29 13:38:56 -04:00
Sughosh Ganu
3107f78485 doc: Add documentation to highlight capsule generation related updates
The EFI capsules can now be generated as part of U-Boot build, through
binman. Highlight these changes in the documentation.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2023-08-29 13:37:54 -04:00
Masahisa Kojima
345a8b15ac doc: uefi: enhance anti-rollback documentation
To enforce anti-rollback to any older version, dtb must be
always update manually. This should be described in the
documentation.

This commit also adds the recommendation that secure system should not
enable the fdt command because lowest-supported-version
property in device tree can be changed by fdt command.

Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2023-07-15 11:20:41 +02:00
Tom Rini
7da82de916 Xilinx changes for v2023.10-rc1
global:
 - Use proper U-Boot project name
 
 Fix sparse warnings in zynqmp-clk, zynqmp handoff, board
 
 cmd:
 - Cover incorrect 0 length entries
 
 Versal NET:
 - Add bootmode logic
 - Support SPP production version
 - Add loadpdi command
 
 ZynqMP:
 - Clear pmufw node command ID handling
 - Change power domain behavior around zynqmp_pmufw_node()
 - Fix zynqmp cmd return values and pmufw command
 - Fix R5 tcm init and modes
 
 mmc:
 - Sync Versal NET emmc DT binding
 
 pcie:
 - Add support for ZynqMP PCIe root port
 
 video:
 - Add support for ZynqMP DP
 
 tools:
 - Fix debug message in relocate-rela
 -----BEGIN PGP SIGNATURE-----
 
 iF0EABECAB0WIQQbPNTMvXmYlBPRwx7KSWXLKUoMIQUCZIcDaAAKCRDKSWXLKUoM
 IZmlAKCbiI7CS8ngZpbzOIuMveebNn1jYgCghyl20Bb2zWoNy+sIY2fPIO9mwx4=
 =wPDv
 -----END PGP SIGNATURE-----

Merge tag 'xilinx-for-v2023.10-rc1' of https://source.denx.de/u-boot/custodians/u-boot-microblaze into next

Xilinx changes for v2023.10-rc1

global:
- Use proper U-Boot project name

Fix sparse warnings in zynqmp-clk, zynqmp handoff, board

cmd:
- Cover incorrect 0 length entries

Versal NET:
- Add bootmode logic
- Support SPP production version
- Add loadpdi command

ZynqMP:
- Clear pmufw node command ID handling
- Change power domain behavior around zynqmp_pmufw_node()
- Fix zynqmp cmd return values and pmufw command
- Fix R5 tcm init and modes

mmc:
- Sync Versal NET emmc DT binding

pcie:
- Add support for ZynqMP PCIe root port

video:
- Add support for ZynqMP DP

tools:
- Fix debug message in relocate-rela
2023-06-12 16:42:37 -04:00
Michal Simek
1be82afa80 global: Use proper project name U-Boot
Use proper project name in comments, Kconfig, readmes.

Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Michal Simek <michal.simek@amd.com>
Link: https://lore.kernel.org/r/0dbdf0432405c1c38ffca55703b6737a48219e79.1684307818.git.michal.simek@amd.com
2023-06-12 13:24:31 +02:00
Masahisa Kojima
027f8a82ea doc: uefi: add anti-rollback documentation
This commit describe the procedure to configure lowest supported
version in the device tree for anti-rollback protection.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2023-06-08 09:20:36 +02:00
Masahisa Kojima
83be41049b doc: uefi: add firmware versioning documentation
This commit describes the procedure to add the firmware version
into the capsule file.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2023-06-08 09:20:36 +02:00
Vincent Stehlé
ac2ac69080 doc: uefi: fix links
Fix a couple of links so that they are rendered correctly with sphinx.

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2023-03-13 13:56:14 +01:00
Vincent Stehlé
63db1561f1 efi: adjust ebbr to v2.1 in conformance profile
The EFI Conformance Profile Table entry for EBBR appears in v2.1.0 of the
EBBR specification[1]. Update naming accordingly.

While at it, update the EBBR version referenced in the documentation.

[1]: https://github.com/ARM-software/ebbr/releases/tag/v2.1.0

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-12-17 13:37:33 +00:00
Sughosh Ganu
75f11c3bfd FWU: doc: Add documentation for the FWU feature
Add documentation for the FWU Multi Bank Update feature. The document
describes the steps needed for setting up the platform for the
feature, as well as steps for enabling the feature on the platform.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-10-31 14:47:33 -04:00
Simon Glass
e33a5c6be5 blk: Switch over to using uclass IDs
We currently have an if_type (interface type) and a uclass id. These are
closely related and we don't need to have both.

Drop the if_type values and use the uclass ones instead.

Maintain the existing, subtle, one-way conversion between UCLASS_USB and
UCLASS_MASS_STORAGE for now, and add a comment.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-09-16 11:05:16 -04:00
Sughosh Ganu
aad7f1ad60 EFI: Update the documentation to reflect the correct value of OsIndications
The OsIndications is a 64 bit variable, and the current code expects
the value of the variable to be 64 bit. Update the documentation to
reflect this fact.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-06-04 08:43:55 +02:00
Sughosh Ganu
2cc2fa4458 doc: uefi: Update the capsule update related documentation
Update the capsule update functionality related documentation to
refect the additional definitions that need to be made per platform
for supporting the capsule update feature.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
2022-04-15 10:43:18 +02:00
Jan Kiszka
2899296e5c doc: uefi: Fix reference to CONFIG_EFI_SECURE_BOOT
There is no CONFIG_UEFI_SECURE_BOOT, and there was never any.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-03-20 11:03:06 +01:00
AKASHI Takahiro
d9612f4426 tools: mkeficapsule: allow for specifying GUID explicitly
The existing options, "--fit" and "--raw," are only used to put a proper
GUID in a capsule header, where GUID identifies a particular FMP (Firmware
Management Protocol) driver which then would handle the firmware binary in
a capsule. In fact, mkeficapsule does the exact same job in creating
a capsule file whatever the firmware binary type is.

To prepare for the future extension, the command syntax will be a bit
modified to allow users to specify arbitrary GUID for their own FMP driver.
OLD:
   [--fit <image> | --raw <image>] <capsule file>
NEW:
   [--fit | --raw | --guid <guid-string>] <image> <capsule file>

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-02-11 20:07:55 +01:00
AKASHI Takahiro
a62eb06f7c doc: update UEFI document for usage of mkeficapsule
Now we can use mkeficapsule command instead of EDK-II's script
to create a signed capsule file. So update the instruction for
capsule authentication.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-02-11 20:07:55 +01:00
Ilias Apalodimas
d241d2c879 doc: Fix usage of CFG_RPMB_WRITE_KEY
This is a 'y/n' selection, so fix it.
While at it remove the duplicate usage of CFG_CORE_HEAP_SIZE

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-12-27 11:38:50 +01:00
Simon Glass
2abd8d1c99 efi: Rename UCLASS_EFI and IF_TYPE_EFI
These names are better used for access to devices provided by an EFI
layer. Use EFI_LOADER instead here, since these are only available in
U-Boot's EFI_LOADER layer.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-12-09 11:43:25 -08:00
AKASHI Takahiro
c5e81fddf2 Revert "Revert "doc: Update CapsuleUpdate READMEs""
This reverts commit a7e4f905d206d5895dab4bd38a8316e4f2fe15fe.
The description originally written by Sughosh is still valid
even after the commit 47a25e81d35c ("Revert "efi_capsule: Move signature
from DTB to .rodata"") was applied.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2021-10-25 21:13:06 +02:00
Simon Glass
a7e4f905d2 Revert "doc: Update CapsuleUpdate READMEs"
This reverts commit 316ab801c0d91c02b21b8be1e3db7e69555364e9.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-09-18 03:46:56 -06:00
Michal Simek
acbbd98313 doc: Remove information about CAPSULE_FMP_HEADER
This Kconfig symbol was never added to U-Boot but it was mentioned in the
origin commit c35df7c9e43e ("qemu: arm64: Add documentation for capsule
update"). That's why remove it from documentation to be accurate.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-09-03 09:09:16 +02:00
Ilias Apalodimas
316ab801c0 doc: Update CapsuleUpdate READMEs
Since we removed embeddingg the capsule key into a .dtb and fixed
authenticated capsule updates for all boards, move the relevant
documentation in the efi file and update it accordingly

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-07-18 14:43:56 +02:00
Ilias Apalodimas
bfb5ce4edd doc: Add build instructions for OP-TEE backed EFI variables
Since that invlolves external projects and not only U-Boot, add guidance
for supported platforms

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-10 12:00:24 +02:00
Ilias Apalodimas
cd64031c16 doc: Update uefi documentation for initrd loading options
Document the command line options for efidebug and initrd loading

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Rewiewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-10 12:00:24 +02:00
Tom Rini
9c7335e4e6 dtoc support for of-platdata-inst
driver model support for of-platdata-inst
 support of-platdata-inst on x86 / coral
 binman support for exapanded entries
 binman convert docs to reST
 ti-sysc fix for duplicate uclass driver
 patman minor improvements
 pylibfdt build only if needed
 correct obscure CI error with OF_PLATDATA_INST
 -----BEGIN PGP SIGNATURE-----
 
 iQFFBAABCgAvFiEEslwAIq+Gp8wWVbYnfxc6PpAIreYFAmBdZYURHHNqZ0BjaHJv
 bWl1bS5vcmcACgkQfxc6PpAIreb2rQgAyr1rufrt1UGjZlVjk0HtqX0sdmcOoE4e
 6NIuatWXPcP2QR93O9zeGgf/yqNIf3lVIa6Cy3baJBfP6fceZ8B24/xgKKEauPFf
 g99sec+q7LPL/oigajXIaWorFXK/NDRtQcSIQFu/EmvCmi0m8Iu0HKFa7YBqa7dc
 YdhGnJZZOdYuQmlKewq9q4cIr6qNtTZczsozt4PNZVgB2lKusBNyKRPZErNEFiN6
 7A56bb8tcfWgGXenKVTUUcyjWRXM2tt4QtrPFedZsF6cLa8D5v4MfWMs0QBRFl/u
 fMzxyeb46x0wsYBNqIBOC7DQWaU/ZeFlr5mQObIH0ypdcsUnEX98sw==
 =Ld3P
 -----END PGP SIGNATURE-----

Merge tag 'dm-pull-26mar21-take2' of git://git.denx.de/u-boot-dm into next

dtoc support for of-platdata-inst
driver model support for of-platdata-inst
support of-platdata-inst on x86 / coral
binman support for exapanded entries
binman convert docs to reST
ti-sysc fix for duplicate uclass driver
patman minor improvements
pylibfdt build only if needed
correct obscure CI error with OF_PLATDATA_INST
2021-03-26 12:15:26 -04:00
Simon Glass
d1ceeeff6c doc: Move UEFI under develop/
Much of the content here is useful only for development. Move it under
that section.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-26 17:03:10 +13:00