Merge branch '2022-05-02-add-verifying-program-loader'

To quote the author:

U-Boot provides a verified-boot feature based around FIT, but there is
no standard way of implementing it for a board. At present the various
required pieces must be built up separately, to produce a working
implementation. In particular, there is no built-in support for selecting
A/B boot or recovery mode.

This series introduces VPL, a verified program loader phase for U-Boot.
Its purpose is to run the verified-boot process and decide which SPL
binary should be run. It is critical that this decision happens before
SPL runs, since SPL sets up SDRAM and we need to be able to update the
SDRAM-init code in the field.

Adding VPL into the boot flow provides a standard place to implement
verified boot. This series includes the phase itself, some useful Kconfig
options and a sandbox_vpl build for sandbox. No verfied-boot support is
provided in this series.

Most of the patches in this series are fixes and improvements to docs and
various Kconfig conditions for SPL.

1 files changed, 62 insertions, 0 deletions

diff --git a/lib/Kconfig b/lib/Kconfig
index 858be14f091..e2697ab2ceb 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -90,6 +90,11 @@ config TPL_PRINTF
 	select TPL_SPRINTF
 	select TPL_STRTO if !TPL_USE_TINY_PRINTF
 
+config VPL_PRINTF
+	bool
+	select VPL_SPRINTF
+	select VPL_STRTO if !VPL_USE_TINY_PRINTF
+
 config SPRINTF
 	bool
 	default y
@@ -100,6 +105,9 @@ config SPL_SPRINTF
 config TPL_SPRINTF
 	bool
 
+config VPL_SPRINTF
+	bool
+
 config SSCANF
 	bool
 
@@ -113,6 +121,9 @@ config SPL_STRTO
 config TPL_STRTO
 	bool
 
+config VPL_STRTO
+	bool
+
 config IMAGE_SPARSE
 	bool
 
@@ -165,6 +176,17 @@ config TPL_USE_TINY_PRINTF
 
 	  The supported format specifiers are %c, %s, %u/%d and %x.
 
+config VPL_USE_TINY_PRINTF
+	bool "Enable tiny printf() version for VPL"
+	depends on VPL
+	help
+	  This option enables a tiny, stripped down printf version.
+	  This should only be used in space limited environments,
+	  like SPL versions with hard memory limits. This version
+	  reduces the code size by about 2.5KiB on armv7.
+
+	  The supported format specifiers are %c, %s, %u/%d and %x.
+
 config PANIC_HANG
 	bool "Do not reset the system on fatal error"
 	help
@@ -371,6 +393,17 @@ config TPL_TPM
 	  for the low-level TPM interface, but only one TPM is supported at
 	  a time by the TPM library.
 
+config VPL_TPM
+	bool "Trusted Platform Module (TPM) Support in VPL"
+	depends on VPL_DM
+	help
+	  This enables support for TPMs which can be used to provide security
+	  features for your board. The TPM can be connected via LPC or I2C
+	  and a sandbox TPM is provided for testing purposes. Use the 'tpm'
+	  command to interactive the TPM. Driver model support is provided
+	  for the low-level TPM interface, but only one TPM is supported at
+	  a time by the TPM library.
+
 endmenu
 
 menu "Android Verified Boot"
@@ -625,6 +658,12 @@ config SPL_LZMA
 	help
 	  This enables support for LZMA compression algorithm for SPL boot.
 
+config VPL_LZMA
+	bool "Enable LZMA decompression support for VPL build"
+	default y if LZMA
+	help
+	  This enables support for LZMA compression algorithm for VPL boot.
+
 config SPL_LZO
 	bool "Enable LZO decompression support in SPL"
 	help
@@ -704,6 +743,7 @@ config OF_LIBFDT_OVERLAY
 
 config SPL_OF_LIBFDT
 	bool "Enable the FDT library for SPL"
+	depends on SPL_LIBGENERIC_SUPPORT
 	default y if SPL_OF_CONTROL
 	help
 	  This enables the FDT library (libfdt). It provides functions for
@@ -725,6 +765,7 @@ config SPL_OF_LIBFDT_ASSUME_MASK
 
 config TPL_OF_LIBFDT
 	bool "Enable the FDT library for TPL"
+	depends on TPL_LIBGENERIC_SUPPORT
 	default y if TPL_OF_CONTROL
 	help
 	  This enables the FDT library (libfdt). It provides functions for
@@ -744,6 +785,27 @@ config TPL_OF_LIBFDT_ASSUME_MASK
 	  0xff means all assumptions are made and any invalid data may cause
 	  unsafe execution. See FDT_ASSUME_PERFECT, etc. in libfdt_internal.h
 
+config VPL_OF_LIBFDT
+	bool "Enable the FDT library for VPL"
+	default y if VPL_OF_CONTROL && !VPL_OF_PLATDATA
+	help
+	  This enables the FDT library (libfdt). It provides functions for
+	  accessing binary device tree images in memory, such as adding and
+	  removing nodes and properties, scanning through the tree and finding
+	  particular compatible nodes. The library operates on a flattened
+	  version of the device tree.
+
+config VPL_OF_LIBFDT_ASSUME_MASK
+	hex "Mask of conditions to assume for libfdt"
+	depends on VPL_OF_LIBFDT || FIT
+	default 0xff
+	help
+	  Use this to change the assumptions made by libfdt in SPL about the
+	  device tree it is working with. A value of 0 means that no assumptions
+	  are made, and libfdt is able to deal with malicious data. A value of
+	  0xff means all assumptions are made and any invalid data may cause
+	  unsafe execution. See FDT_ASSUME_PERFECT, etc. in libfdt_internal.h
+
 config FDT_FIXUP_PARTITIONS
 	bool "overwrite MTD partitions in DTS through defined in 'mtdparts'"
 	depends on OF_LIBFDT