TOC1 is an container format used by Allwinner's boot0 that can hold
multiple images. It supports encryption and signatures, but that
functionality is not implemented, only the basic "non-secure" subset.
A config file is used to provide the list of data files to include. Its
path is passed as the argument to "-d". It contains sections of the
following form:
[name]
file = /path/to/file
addr = 0x12345678
Specific well-known names, such as "dtb", "opensbi", and "u-boot", are
used by the bootloader to distinguish the items inside the image.
Cover-letter:
tools: mkimage: Add Allwinner TOC1 support
The SPL port for the Allwinner D1 RISC-V SoC will probably take a while
longer than porting U-Boot proper, as none of the relevant drivers are
set up for DM in SPL. In the meantime, we are using[1][2] a fork[3] of
Allwinner's boot0 loader, which they also call "spl" in their BSP. boot0
uses this TOC1 image format.
The vendor tools for generating TOC1 images require a binary config file
generated by their FEX compiler. Instead of trying to support that, I
made up a simple human-readable config file format. I didn't see any
existing platform-agnostic parser for multi-image containers in mkimage.
I am sending this as RFC because it is only of temporary/limited use.
It only works with one specific fork of boot0 which was modified to
"behave" (the the original vendor version monkey-patches a custom header
inside the U-Boot image during boot). So it will be obsolete once U-Boot
SPL is ported. And it is Yet Another Image Format. On the other hand, it
does work, and it is currently being used.
[1]: https://linux-sunxi.org/Allwinner_Nezha#U-Boot
[2]: https://fedoraproject.org/wiki/Architectures/RISC-V/Allwinner
[3]: https://github.com/smaeul/sun20i_d1_spl
END
Series-prefix: RFC
Series-to: sunxi
Signed-off-by: Samuel Holland <samuel@sholland.org>
Most Allwinner sunxi SoCs have separate boot ROMs in non-secure and
secure mode. The "non-secure" or "normal" boot ROM (NBROM) uses the
existing sunxi_egon image type. The secure boot ROM (SBROM) uses a
completely different image type, known as TOC0.
A TOC0 image is composed of a header and two or more items. One item
is the firmware binary. The others form a chain linking the firmware
signature to the root-of-trust public key (ROTPK), which has its hash
burned in the SoC's eFuses. Signatures are made using RSA-2048 + SHA256.
The pseudo-ASN.1 structure is manually assembled; this is done to work
around bugs/quirks in the boot ROM, which vary between SoCs. This TOC0
implementation has been verified to work with the A50, A64, H5, H6,
and H616 SBROMs, and it may work with other SoCs.
Series-changes: 2
- Moved certificate and key item structures out of sunxi_image.h
- Renamed "main" and "item" variables for clarity
- Improved error messages, and added a hint about key generation
- Added a comment explaining the purpose of the various key files
- Mentioned testing this code on A50 in the commit message
Series-changes: 3
- Removed TOOLS_LIBCRYPTO selection for sunxi, since most boards
do not need it
- Added __packed to all new "ABI" structs
- Added entry to MAINTAINERS for sunxi tools
Signed-off-by: Samuel Holland <samuel@sholland.org>
this will add kaslrseed keyword to sysboot lable,
when it set, it will request to genarate random number
from hwrng as kaslr-seed.
with this patch exlinux.conf label looks like
label l0
menu testing
linux /boot/vmlinuz-5.15.16-arm
initrd /boot/initramfs-5.15.16-arm.img
fdtdir /boot/dtbs/5.15.16-arm/
kaslrseed
append root=UUID=92ae1e50-eeeb-4c5b-8939-7e1cd6cfb059 ro
Tested on Khadas VIM with kernel 5.16.0-rc5-arm64, Debian 11.
Signed-off-by: Zhang Ning <zhangn1985@qq.com>
The Lichee Pi Nano is a board based on the F1C100s.
Add defconfigs for it.
Signed-off-by: Icenowy Zheng <icenowy@aosc.io>
Signed-off-by: Jesse Taube <Mr.Bossman075@gmail.com>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At present we rely on the key blob being in the global_data fdt_blob
pointer. This is true in U-Boot but not with tools. For clarity, pass the
parameter around.
Signed-off-by: Simon Glass <sjg@chromium.org>
Put the parent node first in the parameters as this is more natural. Also
add a comment to explain what is going on.
Signed-off-by: Simon Glass <sjg@chromium.org>
We should be consistent in using the term 'signature' to describe a value
added to sign something and 'key' to describe the key that can be used to
verify the signature.
Tidy up the code to stick to this.
Add some comments to fit_config_verify_key() and its callers while we are
here.
Signed-off-by: Simon Glass <sjg@chromium.org>
This will allow consumers to choose a pxe label at runtime instead of
having to prompt the user. One good use-case for this, is choosing
whether or not to apply a dtbo depending on the hardware configuration.
e.g: for TI's AM335x EVM, it would be convenient to apply a particular
dtbo only when the J9 jumper is on PRUSS mode. To achieve this, the
pxe menu should have 2 labels, one with the dtbo and the other without,
then the "pxe_label_override" env variable should point to the label with
the dtbo at runtime only when the jumper is on PRUSS mode.
This change can be used for different use-cases and bring more
flexibilty to consumers who use sysboot/pxe_utils.
if "pxe_label_override" is set but does not exist in the pxe menu,
the code should fallback to the default label if given, and no failure
is returned but rather a warning message.
Signed-off-by: Amjad Ouled-Ameur <aouledameur@baylibre.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
LynxOS needed the do_bootm_lynxkdi() function that got removed in
7e713067ee ("Remove LYNX KDI remainders") - and that function needed
a lynxkdi_boot() function, where the last implementation had been
removed in 98f705c9ce ("powerpc: remove 4xx support") already. Looks
like this OS is definitely not supported anymore, so remove it from
the corresponding lists.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Stefan Roese <sr@denx.de>
In order to finish moving this symbol to Kconfig for all platforms, we
need to do a few more things. First, for all platforms that define this
to a function, introduce CONFIG_DYNAMIC_SYS_CLK_FREQ, similar to
CONFIG_DYNAMIC_DDR_CLK_FREQ and populate clock_legacy.h. This entails
also switching all users from CONFIG_SYS_CLK_FREQ to get_board_sys_clk()
and updating a few preprocessor tests.
With that done, all platforms that define a value here can be converted
to Kconfig, and a fall-back of zero is sufficiently safe to use (and
what is used today in cases where code may or may not have this
available). Make sure that code which calls this function includes
<clock_legacy.h> to get the prototype.
Signed-off-by: Tom Rini <trini@konsulko.com>
In strange cases it is possible for fdtgrep to find nothing to output.
Typically this means that the resulting SPL device tree is not going to
allow anything to boot, but at present the tree is actually invalid,
since it only has an END tag in the struct region.
The FDT spec requires at least a root node. So add a special case to
include at least this, if the FDT_REG_SUPERNODES flag is set.
This ensures that grepping an empty tree still produces a valid tree.
Also add comments to the enum since it is not completely obvious from
the names now.
The typical symptom of this problem is a message from binman:
pylibfdt error -11: FDT_ERR_BADSTRUCTURE
Signed-off-by: Simon Glass <sjg@chromium.org>
If using OF_CONTROL, fdtcontroladdr is set to the fdt used to configure
U-Boot. When using PXE, if no fdt is defined in the menu file, and
there is no fdt at fdt_addr, add fall back on fdtcontroladdr too.
We are developing board support for the Armv8r64 FVP using
config_distro_bootcmd. We are also using OF_BOARD and would like the
PXE boot option to default to the fdt provided by board_fdt_blob_setup.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ramon Fried <rfried.dev@gmail.com>
Fix inconsistent function parameter name of the hash algorithm.
Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Fixes: 92055e138f2 ("image: Drop if/elseif hash selection in calculate_hash()")
Reviewed-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Simon Glass <sjg@chromium.org>
This has different semantics in different places. Go with the bootm method
and put it in a common function so that the behaviour is consistent in
U-Boot. Update the docs.
To be clear, this changes the way that 'bootelf' and standalone boot
work. Before, if autostart was set to "fred" or "YES", for example, they
would consider that a "yes". This may change behaviour for some boards,
but the only in-tree boards which mention autostart use "no" to disable
it, which will still work.
Signed-off-by: Simon Glass <sjg@chromium.org>
Suggested-by: Wolfgang Denk <wd@denx.de>
Compiler is not happy:
common/image-board.c: In function ‘boot_get_kbd’:
common/image-board.c:902:17: warning: implicit declaration of function ‘do_bdinfo’ [-Wimplicit-function-declaration]
902 | do_bdinfo(NULL, 0, 0, NULL);
| ^~~~~~~~~
Move the forward declaration to a header.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Both U-Boot proper and SPL entries were using the same description.
Fixes: b55881dd ("bootstage: Add SPL support")
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The last board that used to set CONFIG_LYNXKDI has been removed in
commit 242836a893ae ("powerpc: ppc4xx: remove pcs440ep support"),
doc/README.lynxkdi only talks about a MPC8260 board being supported,
and the mpc8260 support has been removed four years ago in commit
2eb48ff7a210d ("powerpc, 8260: remove support for mpc8260") already,
and common/lynxkdi.c only consists of an "#error" statement these
days, so it seems like the LYNX KDI code is dead code nowadays.
Let's remove it now.
Signed-off-by: Thomas Huth <thuth@redhat.com>
It is pretty strange that the pxe code uses the 'filesize' environment
variable find the size of a file it has just read.
Partly this is because it uses the command-line interpreter to parse its
request to load the file.
As a first step towards unwinding this, return it directly from the
getfile() function. This makes the code a bit longer, for now, but will be
cleaned up in future patches.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
Tested-by: Artem Lapkin <email2tema@gmail.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
This function no longer makes sense, since it is pretty easy to prepend
the boot directory to the filename. Drop it and update its only caller.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
Tested-by: Artem Lapkin <email2tema@gmail.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
The 'bootfile' environment variable is read in the bowels of pxe_util to
provide a directory to which all loaded files are relative.
This is not obvious from the API to PXE and it is strange to make the
caller set an environment variable rather than pass this as a parameter.
The code is also convoluted, which this feature implemented by
get_bootfile_path().
Update the API to improve this. Unfortunately this means that
pxe_setup_ctx() can fail, so add error checking.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
Tested-by: Artem Lapkin <email2tema@gmail.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
Both the syslinux and pxe commands use essentially the same code to parse
and run extlinux.conf files. Move this into a common function.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
Tested-by: Artem Lapkin <email2tema@gmail.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
There are a few more blank lines than makes sense for readability. Also
free() handles a NULL pointer so drop the pointless checks.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
Tested-by: Artem Lapkin <email2tema@gmail.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
Some of these functions are a big vague in the comments. Tidy them up a
bit.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
Tested-by: Artem Lapkin <email2tema@gmail.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
Move the header file into the main include/ directory so we can use it
from the bootmethod code. Move the C file into boot/ since it relates to
booting.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
Tested-by: Artem Lapkin <email2tema@gmail.com>
Reviewed-by: Ramon Fried <rfried.dev@gmail.com>
Quite a lot of the code in common/relates to booting and images. Before
adding more it seems like a good time to move the code into its own
directory.
Most files with 'boot' or 'image' in them are moved, except:
- autoboot.c which relates to U-Boot automatically running a script
- bootstage.c which relates to U-Boot timing
Drop the removal of boot* files from the output directory, since this
interfers with the symlinks created by tools and there does not appear
to be any such file from my brief testing.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Artem Lapkin <email2tema@gmail.com>
Tested-by: Artem Lapkin <email2tema@gmail.com>
