diff options
65 files changed, 1021 insertions, 455 deletions
@@ -42,6 +42,7 @@ Durga Challa <durga.challa@amd.com> <vnsl.durga.challa@xilinx.com> Eugen Hristev <eugen.hristev@linaro.org> <eugen.hristev@microchip.com> Eugen Hristev <eugen.hristev@linaro.org> <eugen.hristev@collabora.com> Fabio Estevam <fabio.estevam@nxp.com> +Greg Malysa <malysagreg@gmail.com> <greg.malysa@timesys.com> Harini Katakam <harini.katakam@amd.com> <harini.katakam@xilinx.com> Harsha <harsha.harsha@amd.com> <harsha.harsha@xilinx.com> Heiko Stuebner <heiko.stuebner@cherry.de> <heiko.stuebner@theobroma-systems.com> @@ -123,6 +124,7 @@ Srinivas Neeli <srinivas.neeli@amd.com> <srinivas.neeli@xilinx.com> Stefan Roese <sr@denx.de> <stroese> Stefano Babic <sbabic@denx.de> Stefano Stabellini <stefano.stabellini@amd.com> <stefano.stabellini@xilinx.com> +Sumit Garg <sumit.garg@kernel.org> <sumit.garg@linaro.org> Tom Rini <trini@konsulko.com> <trini@ti.com> Tomas Thoresen <tomas.thoresen@amd.com> <tomast@xilinx.com> TsiChung Liew <Tsi-Chung.Liew@freescale.com> diff --git a/MAINTAINERS b/MAINTAINERS index c1851280e6e..0315c606744 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -615,7 +615,7 @@ F: arch/arm/dts/am335x-sancloud* ARM SC5XX M: Nathan Barrett-Morrison <nathan.morrison@timesys.com> -M: Greg Malysa <greg.malysa@timesys.com> +M: Greg Malysa <malysagreg@gmail.com> M: Ian Roberts <ian.roberts@timesys.com> M: Vasileios Bimpikas <vasileios.bimpikas@analog.com> M: Utsav Agarwal <utsav.agarwal@analog.com> @@ -639,7 +639,7 @@ F: include/env/adi/ ARM SNAPDRAGON M: Caleb Connolly <caleb.connolly@linaro.org> M: Neil Armstrong <neil.armstrong@linaro.org> -R: Sumit Garg <sumit.garg@linaro.org> +R: Sumit Garg <sumit.garg@kernel.org> L: u-boot-qcom@groups.io S: Maintained T: git https://source.denx.de/u-boot/custodians/u-boot-snapdragon.git @@ -1043,9 +1043,10 @@ F: common/cyclic.c F: include/cyclic.h DEVICETREE REBASING SUBTREE -M: Sumit Garg <sumit.garg@linaro.org> +M: Sumit Garg <sumit.garg@kernel.org> S: Maintained F: dts/upstream/ +N: OF_UPSTREAM DFU M: Lukasz Majewski <lukma@denx.de> @@ -1451,7 +1452,7 @@ S: Maintained F: tools/patman/ PCIe DWC IMX -M: Sumit Garg <sumit.garg@linaro.org> +M: Sumit Garg <sumit.garg@kernel.org> S: Maintained F: drivers/pci/pcie_dw_imx.c F: drivers/phy/phy-imx8m-pcie.c @@ -829,7 +829,7 @@ KBUILD_HOSTCFLAGS += $(if $(CONFIG_TOOLS_DEBUG),-g) UBOOTINCLUDE := \ -Iinclude \ $(if $(KBUILD_SRC), -I$(srctree)/include) \ - $(if $(CONFIG_MBEDTLS_LIB), \ + $(if $(CONFIG_$(XPL_)MBEDTLS_LIB), \ "-DMBEDTLS_CONFIG_FILE=\"mbedtls_def_config.h\"" \ -I$(srctree)/lib/mbedtls \ -I$(srctree)/lib/mbedtls/port \ diff --git a/arch/arm/dts/k3-am625-phycore-som-binman.dtsi b/arch/arm/dts/k3-am625-phycore-som-binman.dtsi index 31456d23167..4a65427e877 100644 --- a/arch/arm/dts/k3-am625-phycore-som-binman.dtsi +++ b/arch/arm/dts/k3-am625-phycore-som-binman.dtsi @@ -321,8 +321,11 @@ compression = "none"; load = <0x8F000000>; arch = "arm"; - - blob-ext { + ti-secure { + content = <&am6xx_phycore_disable_rtc_dtbo>; + keyfile = "custMpk.pem"; + }; + am6xx_phycore_disable_rtc_dtbo: blob-ext { filename = "dts/upstream/src/arm64/ti/k3-am6xx-phycore-disable-rtc.dtbo"; }; }; @@ -333,8 +336,11 @@ compression = "none"; load = <0x8F001000>; arch = "arm"; - - blob-ext { + ti-secure { + content = <&am6xx_phycore_disable_spi_not_dtbo>; + keyfile = "custMpk.pem"; + }; + am6xx_phycore_disable_spi_not_dtbo: blob-ext { filename = "dts/upstream/src/arm64/ti/k3-am6xx-phycore-disable-spi-nor.dtbo"; }; }; @@ -345,8 +351,11 @@ compression = "none"; load = <0x8F002000>; arch = "arm"; - - blob-ext { + ti-secure { + content = <&am6xx_phycore_disable_eth_phy_dtbo>; + keyfile = "custMpk.pem"; + }; + am6xx_phycore_disable_eth_phy_dtbo: blob-ext { filename = "dts/upstream/src/arm64/ti/k3-am6xx-phycore-disable-eth-phy.dtbo"; }; }; @@ -357,8 +366,11 @@ compression = "none"; load = <0x8F003000>; arch = "arm"; - - blob-ext { + ti-secure { + content = <&am6xx_phycore_disable_qspi_nor_dtbo>; + keyfile = "custMpk.pem"; + }; + am6xx_phycore_disable_qspi_nor_dtbo: blob-ext { filename = "dts/upstream/src/arm64/ti/k3-am6xx-phycore-qspi-nor.dtbo"; }; }; diff --git a/arch/arm/dts/k3-am642-phycore-som-binman.dtsi b/arch/arm/dts/k3-am642-phycore-som-binman.dtsi index 3710564cd4a..5228eed19bf 100644 --- a/arch/arm/dts/k3-am642-phycore-som-binman.dtsi +++ b/arch/arm/dts/k3-am642-phycore-som-binman.dtsi @@ -363,8 +363,11 @@ compression = "none"; load = <0x8F000000>; arch = "arm"; - - blob-ext { + ti-secure { + content = <&am6xx_phycore_disable_rtc_dtbo>; + keyfile = "custMpk.pem"; + }; + am6xx_phycore_disable_rtc_dtbo: blob-ext { filename = "dts/upstream/src/arm64/ti/k3-am6xx-phycore-disable-rtc.dtbo"; }; }; @@ -375,8 +378,11 @@ compression = "none"; load = <0x8F001000>; arch = "arm"; - - blob-ext { + ti-secure { + content = <&am6xx_phycore_disable_spi_not_dtbo>; + keyfile = "custMpk.pem"; + }; + am6xx_phycore_disable_spi_not_dtbo: blob-ext { filename = "dts/upstream/src/arm64/ti/k3-am6xx-phycore-disable-spi-nor.dtbo"; }; }; @@ -387,8 +393,11 @@ compression = "none"; load = <0x8F002000>; arch = "arm"; - - blob-ext { + ti-secure { + content = <&am6xx_phycore_disable_eth_phy_dtbo>; + keyfile = "custMpk.pem"; + }; + am6xx_phycore_disable_eth_phy_dtbo: blob-ext { filename = "dts/upstream/src/arm64/ti/k3-am6xx-phycore-disable-eth-phy.dtbo"; }; }; @@ -399,8 +408,11 @@ compression = "none"; load = <0x8F003000>; arch = "arm"; - - blob-ext { + ti-secure { + content = <&am6xx_phycore_disable_qspi_nor_dtbo>; + keyfile = "custMpk.pem"; + }; + am6xx_phycore_disable_qspi_nor_dtbo: blob-ext { filename = "dts/upstream/src/arm64/ti/k3-am6xx-phycore-qspi-nor.dtbo"; }; }; diff --git a/arch/arm/dts/rk3308-rock-s0-u-boot.dtsi b/arch/arm/dts/rk3308-rock-s0-u-boot.dtsi index 84ca2ee0d5f..c8c56b17a15 100644 --- a/arch/arm/dts/rk3308-rock-s0-u-boot.dtsi +++ b/arch/arm/dts/rk3308-rock-s0-u-boot.dtsi @@ -7,6 +7,14 @@ bootph-some-ram; }; +&gpio4 { + bootph-pre-ram; +}; + +&sdmmc_2030 { + bootph-pre-ram; +}; + &uart0 { bootph-all; clock-frequency = <24000000>; @@ -16,6 +24,10 @@ bootph-all; }; +&vcc_sd { + bootph-pre-ram; +}; + &vdd_core { regulator-init-microvolt = <1015000>; }; diff --git a/arch/arm/dts/rk3399-nanopi-r4s-u-boot.dtsi b/arch/arm/dts/rk3399-nanopi-r4s-u-boot.dtsi index 69800cc368d..931499b084c 100644 --- a/arch/arm/dts/rk3399-nanopi-r4s-u-boot.dtsi +++ b/arch/arm/dts/rk3399-nanopi-r4s-u-boot.dtsi @@ -36,3 +36,8 @@ }; }; }; + +&u2phy1_host { + phy-supply = <&vdd_5v>; + status = "okay"; +}; diff --git a/arch/arm/mach-imx/imx8m/Kconfig b/arch/arm/mach-imx/imx8m/Kconfig index 0fe9c46e499..89f2b50c8a2 100644 --- a/arch/arm/mach-imx/imx8m/Kconfig +++ b/arch/arm/mach-imx/imx8m/Kconfig @@ -92,6 +92,8 @@ config TARGET_IMX8MM_EVK select FSL_CAAM select ARCH_MISC_INIT select SPL_CRYPTO if SPL + imply BOOTSTD_FULL + imply BOOTSTD_BOOTCOMMAND imply OF_UPSTREAM config TARGET_IMX8MM_ICORE_MX8MM diff --git a/arch/arm/mach-versal2/include/mach/hardware.h b/arch/arm/mach-versal2/include/mach/hardware.h index 42e3061a0ae..15085f941e0 100644 --- a/arch/arm/mach-versal2/include/mach/hardware.h +++ b/arch/arm/mach-versal2/include/mach/hardware.h @@ -51,7 +51,8 @@ struct crp_regs { #define PMC_TAP_VERSION (PMC_TAP + 0x4) # define PMC_VERSION_MASK GENMASK(7, 0) # define PS_VERSION_MASK GENMASK(15, 8) -# define PS_VERSION_PRODUCTION 0x20 +# define PS_VERSION_MAJOR GENMASK(7, 4) +# define PS_VERSION_MINOR GENMASK(3, 0) # define RTL_VERSION_MASK GENMASK(23, 16) # define PLATFORM_MASK GENMASK(27, 24) # define PLATFORM_VERSION_MASK GENMASK(31, 28) diff --git a/arch/x86/cpu/intel_common/intel_opregion.c b/arch/x86/cpu/intel_common/intel_opregion.c index 78caff0dc12..4a2717b3584 100644 --- a/arch/x86/cpu/intel_common/intel_opregion.c +++ b/arch/x86/cpu/intel_common/intel_opregion.c @@ -31,6 +31,7 @@ static int locate_vbt(char **vbtp, int *sizep) size = vbt.size; if (size > sizeof(vbt_data)) return log_msg_ret("vbt", -E2BIG); + vbt.image_pos += CONFIG_ROM_SIZE; ret = spi_flash_read_dm(dev, vbt.image_pos, size, vbt_data); if (ret) return log_msg_ret("read", ret); diff --git a/arch/x86/lib/fsp2/fsp_init.c b/arch/x86/lib/fsp2/fsp_init.c index 1a2bf46c5c5..0be892b14dc 100644 --- a/arch/x86/lib/fsp2/fsp_init.c +++ b/arch/x86/lib/fsp2/fsp_init.c @@ -107,7 +107,6 @@ int fsp_locate_fsp(enum fsp_type_t type, struct binman_entry *entry, bool use_spi_flash, struct udevice **devp, struct fsp_header **hdrp, ulong *rom_offsetp) { - ulong mask = CONFIG_ROM_SIZE - 1; struct udevice *dev; ulong rom_offset = 0; uint map_size; @@ -141,7 +140,7 @@ int fsp_locate_fsp(enum fsp_type_t type, struct binman_entry *entry, if (ret) return log_msg_ret("binman entry", ret); if (!use_spi_flash) - rom_offset = (map_base & mask) - CONFIG_ROM_SIZE; + rom_offset = map_base + CONFIG_ROM_SIZE; } else { ret = -ENOENT; if (false) diff --git a/board/freescale/imx8mp_evk/imx8mp_evk.env b/board/freescale/imx8mp_evk/imx8mp_evk.env index 18f6c6e200e..f70e18fa9d9 100644 --- a/board/freescale/imx8mp_evk/imx8mp_evk.env +++ b/board/freescale/imx8mp_evk/imx8mp_evk.env @@ -16,6 +16,7 @@ mmcroot=/dev/mmcblk1p2 rootwait rw mmcautodetect=yes mmcargs=setenv bootargs ${jh_clk} ${mcore_clk} console=${console} root=${mmcroot} prepare_mcore=setenv mcore_clk clk-imx8mp.mcore_booted +kernel_addr_r=CONFIG_SYS_LOAD_ADDR loadimage=fatload mmc ${mmcdev}:${mmcpart} ${loadaddr} ${image} loadfdt=fatload mmc ${mmcdev}:${mmcpart} ${fdt_addr_r} ${fdtfile} mmcboot=echo Booting from mmc ...; diff --git a/board/freescale/imx93_evk/imx93_evk.env b/board/freescale/imx93_evk/imx93_evk.env index f692f42f78a..8c3aef6b557 100644 --- a/board/freescale/imx93_evk/imx93_evk.env +++ b/board/freescale/imx93_evk/imx93_evk.env @@ -16,6 +16,7 @@ mmcroot=/dev/mmcblk1p2 rootwait rw mmcautodetect=yes mmcargs=setenv bootargs ${jh_clk} ${mcore_clk} console=${console} root=${mmcroot} prepare_mcore=setenv mcore_clk clk-imx93.mcore_booted +kernel_addr_r=CONFIG_SYS_LOAD_ADDR loadimage=fatload mmc ${mmcdev}:${mmcpart} ${loadaddr} ${image} loadfdt=fatload mmc ${mmcdev}:${mmcpart} ${fdt_addr_r} ${fdtfile} loadcntr=fatload mmc ${mmcdev}:${mmcpart} ${cntr_addr} ${cntr_file} diff --git a/board/freescale/ls1021atsn/ls1021atsn.c b/board/freescale/ls1021atsn/ls1021atsn.c index d1acccec110..c92430c0896 100644 --- a/board/freescale/ls1021atsn/ls1021atsn.c +++ b/board/freescale/ls1021atsn/ls1021atsn.c @@ -166,10 +166,9 @@ void board_init_f(ulong dummy) get_clocks(); -#if defined(CONFIG_DEEP_SLEEP) - if (is_warm_boot()) - fsl_dp_disable_console(); -#endif + if (CONFIG_IS_ENABLED(DEEP_SLEEP)) + if (is_warm_boot()) + fsl_dp_disable_console(); preloader_console_init(); @@ -187,9 +186,11 @@ void board_init_f(ulong dummy) * it from SD since it has already been reserved in memory * in last boot. */ - if (is_warm_boot()) { - second_uboot = (void (*)(void))CONFIG_TEXT_BASE; - second_uboot(); + if (CONFIG_IS_ENABLED(DEEP_SLEEP)) { + if (is_warm_boot()) { + second_uboot = (void (*)(void))CONFIG_TEXT_BASE; + second_uboot(); + } } board_init_r(NULL, 0); diff --git a/board/freescale/ls1021atwr/ls1021atwr.c b/board/freescale/ls1021atwr/ls1021atwr.c index cc9665c0410..0758e5eae25 100644 --- a/board/freescale/ls1021atwr/ls1021atwr.c +++ b/board/freescale/ls1021atwr/ls1021atwr.c @@ -417,10 +417,9 @@ void board_init_f(ulong dummy) get_clocks(); -#if defined(CONFIG_DEEP_SLEEP) - if (is_warm_boot()) - fsl_dp_disable_console(); -#endif + if (CONFIG_IS_ENABLED(DEEP_SLEEP)) + if (is_warm_boot()) + fsl_dp_disable_console(); preloader_console_init(); @@ -438,9 +437,11 @@ void board_init_f(ulong dummy) * it from SD since it has already been reserved in memeory * in last boot. */ - if (is_warm_boot()) { - second_uboot = (void (*)(void))CONFIG_TEXT_BASE; - second_uboot(); + if (CONFIG_IS_ENABLED(DEEP_SLEEP)) { + if (is_warm_boot()) { + second_uboot = (void (*)(void))CONFIG_TEXT_BASE; + second_uboot(); + } } board_init_r(NULL, 0); diff --git a/board/toradex/verdin-am62/verdin-am62.c b/board/toradex/verdin-am62/verdin-am62.c index b80b39b6767..a1c471111a0 100644 --- a/board/toradex/verdin-am62/verdin-am62.c +++ b/board/toradex/verdin-am62/verdin-am62.c @@ -15,6 +15,7 @@ #include <init.h> #include <k3-ddrss.h> #include <spl.h> +#include <asm/arch/k3-ddr.h> #include "../common/tdx-cfg-block.h" @@ -43,6 +44,9 @@ int dram_init_banksize(void) if (ret) printf("Error setting up memory banksize. %d\n", ret); + /* Use the detected RAM size, we only support 1 bank right now. */ + gd->bd->bi_dram[0].size = gd->ram_size; + return ret; } @@ -108,6 +112,13 @@ int board_late_init(void) #define CORE_VOLTAGE 0x80000000 #define MCU_CTRL_LFXOSC_32K_BYPASS_VAL BIT(4) +#if IS_ENABLED(CONFIG_XPL_BUILD) +void spl_perform_fixups(struct spl_image_info *spl_image) +{ + fixup_memory_node(spl_image); +} +#endif + #ifdef CONFIG_SPL_BOARD_INIT void spl_board_init(void) { diff --git a/board/xilinx/zynq/board.c b/board/xilinx/zynq/board.c index a852d5b8ed5..8dbfa560423 100644 --- a/board/xilinx/zynq/board.c +++ b/board/xilinx/zynq/board.c @@ -179,6 +179,7 @@ void set_dfu_alt_info(char *interface, char *devstr) memset(buf, 0, sizeof(buf)); switch ((zynq_slcr_get_boot_mode()) & ZYNQ_BM_MASK) { +#if defined(CONFIG_SPL_FS_LOAD_PAYLOAD_NAME) case ZYNQ_BM_SD: snprintf(buf, DFU_ALT_BUF_LEN, "mmc 0=boot.bin fat 0 1;" @@ -193,6 +194,7 @@ void set_dfu_alt_info(char *interface, char *devstr) CONFIG_SYS_SPI_U_BOOT_OFFS); break; #endif +#endif default: return; } diff --git a/cmd/Kconfig b/cmd/Kconfig index a04fcaa0e08..642cc1116e8 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -2168,7 +2168,6 @@ config WGET_HTTPS select ASYMMETRIC_PUBLIC_KEY_SUBTYPE select X509_CERTIFICATE_PARSER select PKCS7_MESSAGE_PARSER - select MBEDTLS_LIB_CRYPTO select MBEDTLS_LIB_TLS select RSA_VERIFY_WITH_PKEY select X509_CERTIFICATE_PARSER diff --git a/cmd/ufetch.c b/cmd/ufetch.c index ed5a856c7ab..46bd16824e6 100644 --- a/cmd/ufetch.c +++ b/cmd/ufetch.c @@ -24,8 +24,8 @@ DECLARE_GLOBAL_DATA_PTR; #define LINE_WIDTH 40 -#define BLUE "\033[38;5;4m" -#define YELLOW "\033[38;5;11m" +#define BLUE "\033[34m" +#define YELLOW "\033[33m" #define BOLD "\033[1m" #define RESET "\033[0m" static const char * const logo_lines[] = { diff --git a/common/board_f.c b/common/board_f.c index 6c5c3bfab48..99616fdac80 100644 --- a/common/board_f.c +++ b/common/board_f.c @@ -822,13 +822,13 @@ static int initf_dm(void) bootstage_start(BOOTSTAGE_ID_ACCUM_DM_F, "dm_f"); ret = dm_init_and_scan(true); - bootstage_accum(BOOTSTAGE_ID_ACCUM_DM_F); if (ret) return ret; ret = dm_autoprobe(); if (ret) return ret; + bootstage_accum(BOOTSTAGE_ID_ACCUM_DM_F); if (IS_ENABLED(CONFIG_TIMER_EARLY)) { ret = dm_timer_init(); diff --git a/common/miiphyutil.c b/common/miiphyutil.c index 9b8744e5d8b..6169ea884ae 100644 --- a/common/miiphyutil.c +++ b/common/miiphyutil.c @@ -30,7 +30,7 @@ #define debug(fmt, args...) #endif /* MII_DEBUG */ -static struct list_head mii_devs; +static LIST_HEAD(mii_devs); static struct mii_dev *current_mii; /* @@ -55,16 +55,6 @@ struct mii_dev *miiphy_get_dev_by_name(const char *devname) return NULL; } -/***************************************************************************** - * - * Initialize global data. Need to be called before any other miiphy routine. - */ -void miiphy_init(void) -{ - INIT_LIST_HEAD(&mii_devs); - current_mii = NULL; -} - struct mii_dev *mdio_alloc(void) { struct mii_dev *bus; diff --git a/configs/amd_versal2_virt_defconfig b/configs/amd_versal2_virt_defconfig index 8bee002777a..9911caa0e46 100644 --- a/configs/amd_versal2_virt_defconfig +++ b/configs/amd_versal2_virt_defconfig @@ -70,7 +70,6 @@ CONFIG_SYS_REDUNDAND_ENVIRONMENT=y CONFIG_SYS_RELOC_GD_ENV_ADDR=y CONFIG_NET_LWIP=y CONFIG_NET_RANDOM_ETHADDR=y -CONFIG_TFTP_BLOCKSIZE=4096 CONFIG_SIMPLE_PM_BUS=y CONFIG_CLK_CCF=y CONFIG_CLK_SCMI=y diff --git a/configs/imx8mm_evk_defconfig b/configs/imx8mm_evk_defconfig index 659fc9ec039..2048391439f 100644 --- a/configs/imx8mm_evk_defconfig +++ b/configs/imx8mm_evk_defconfig @@ -25,7 +25,8 @@ CONFIG_FIT=y CONFIG_FIT_EXTERNAL_OFFSET=0x3000 CONFIG_SPL_LOAD_FIT=y CONFIG_OF_SYSTEM_SETUP=y -CONFIG_DEFAULT_FDT_FILE="imx8mp-evk.dtb" +CONFIG_BOOTCOMMAND="bootflow scan -lb; run bsp_bootcmd" +CONFIG_DEFAULT_FDT_FILE="imx8mm-evk.dtb" CONFIG_SYS_CBSIZE=2048 CONFIG_SYS_PBSIZE=2074 CONFIG_BOARD_LATE_INIT=y diff --git a/configs/imx8mm_evk_fspi_defconfig b/configs/imx8mm_evk_fspi_defconfig index 4a8d4994b80..59ebdc5782f 100644 --- a/configs/imx8mm_evk_fspi_defconfig +++ b/configs/imx8mm_evk_fspi_defconfig @@ -5,7 +5,6 @@ CONFIG_SYS_MALLOC_LEN=0x2000000 CONFIG_SPL_GPIO=y CONFIG_SPL_LIBCOMMON_SUPPORT=y CONFIG_SPL_LIBGENERIC_SUPPORT=y -CONFIG_ENV_SOURCE_FILE="imx8mn_evk" CONFIG_SF_DEFAULT_SPEED=40000000 CONFIG_SF_DEFAULT_MODE=0 CONFIG_ENV_SIZE=0x1000 @@ -29,7 +28,8 @@ CONFIG_FIT=y CONFIG_FIT_EXTERNAL_OFFSET=0x3000 CONFIG_SPL_LOAD_FIT=y CONFIG_OF_SYSTEM_SETUP=y -CONFIG_DEFAULT_FDT_FILE="imx8mp-evk.dtb" +CONFIG_BOOTCOMMAND="bootflow scan -lb; run bsp_bootcmd" +CONFIG_DEFAULT_FDT_FILE="imx8mm-evk.dtb" CONFIG_SYS_CBSIZE=2048 CONFIG_SYS_PBSIZE=2074 CONFIG_BOARD_LATE_INIT=y diff --git a/configs/imx8mq_evk_defconfig b/configs/imx8mq_evk_defconfig index 97ef352dfb8..0de98152b2b 100644 --- a/configs/imx8mq_evk_defconfig +++ b/configs/imx8mq_evk_defconfig @@ -32,7 +32,7 @@ CONFIG_FIT_EXTERNAL_OFFSET=0x3000 CONFIG_SPL_LOAD_FIT=y CONFIG_OF_SYSTEM_SETUP=y CONFIG_BOOTCOMMAND="bootflow scan -lb; run bsp_bootcmd" -CONFIG_DEFAULT_FDT_FILE="imx8mp-evk.dtb" +CONFIG_DEFAULT_FDT_FILE="imx8mq-evk.dtb" CONFIG_SYS_PBSIZE=1050 CONFIG_BOARD_EARLY_INIT_F=y CONFIG_BOARD_LATE_INIT=y diff --git a/configs/nanopi-r3s-rk3566_defconfig b/configs/nanopi-r3s-rk3566_defconfig index 870613f690a..16e09753a72 100644 --- a/configs/nanopi-r3s-rk3566_defconfig +++ b/configs/nanopi-r3s-rk3566_defconfig @@ -54,7 +54,6 @@ CONFIG_PHY_REALTEK=y CONFIG_DWC_ETH_QOS=y CONFIG_DWC_ETH_QOS_ROCKCHIP=y CONFIG_RTL8169=y -CONFIG_NVME_PCI=y CONFIG_PCIE_DW_ROCKCHIP=y CONFIG_PHY_ROCKCHIP_INNO_USB2=y CONFIG_PHY_ROCKCHIP_NANENG_COMBOPHY=y diff --git a/configs/qcom_defconfig b/configs/qcom_defconfig index e4abfdf16bb..9f5518a9fe9 100644 --- a/configs/qcom_defconfig +++ b/configs/qcom_defconfig @@ -58,6 +58,7 @@ CONFIG_CLK_QCOM_SM8550=y CONFIG_CLK_QCOM_SM8650=y CONFIG_CLK_QCOM_SC7280=y CONFIG_CLK_QCOM_X1E80100=y +CONFIG_CLK_STUB=y CONFIG_DFU_MMC=y CONFIG_DFU_SCSI=y CONFIG_SYS_DFU_DATA_BUF_SIZE=0x200000 diff --git a/configs/rock-s0-rk3308_defconfig b/configs/rock-s0-rk3308_defconfig index 0a46e7bb187..063e0b921d7 100644 --- a/configs/rock-s0-rk3308_defconfig +++ b/configs/rock-s0-rk3308_defconfig @@ -2,6 +2,7 @@ CONFIG_ARM=y CONFIG_SKIP_LOWLEVEL_INIT=y CONFIG_COUNTER_FREQUENCY=24000000 CONFIG_ARCH_ROCKCHIP=y +CONFIG_SPL_GPIO=y CONFIG_DEFAULT_DEVICE_TREE="rockchip/rk3308-rock-s0" CONFIG_DM_RESET=y CONFIG_ROCKCHIP_RK3308=y @@ -53,6 +54,7 @@ CONFIG_PHY_ROCKCHIP_INNO_USB2=y CONFIG_PINCTRL=y CONFIG_REGULATOR_PWM=y CONFIG_DM_REGULATOR_FIXED=y +CONFIG_SPL_DM_REGULATOR_FIXED=y CONFIG_PWM_ROCKCHIP=y CONFIG_RAM=y CONFIG_BAUDRATE=1500000 diff --git a/configs/snow_defconfig b/configs/snow_defconfig index 7a1dc80b1cc..f9fd76daa67 100644 --- a/configs/snow_defconfig +++ b/configs/snow_defconfig @@ -33,7 +33,9 @@ CONFIG_DISTRO_DEFAULTS=y CONFIG_SYS_PBSIZE=1024 CONFIG_SILENT_CONSOLE=y CONFIG_BLOBLIST=y +CONFIG_BLOBLIST_FIXED=y # CONFIG_SPL_BLOBLIST is not set +CONFIG_BLOBLIST_ADDR=0x43d00000 # CONFIG_SPL_FRAMEWORK is not set CONFIG_SPL_FOOTPRINT_LIMIT=y CONFIG_SPL_MAX_FOOTPRINT=0x3800 diff --git a/configs/xilinx_versal_net_virt_defconfig b/configs/xilinx_versal_net_virt_defconfig index 5ef5fd44fd3..1604b5915db 100644 --- a/configs/xilinx_versal_net_virt_defconfig +++ b/configs/xilinx_versal_net_virt_defconfig @@ -70,7 +70,6 @@ CONFIG_SYS_REDUNDAND_ENVIRONMENT=y CONFIG_SYS_RELOC_GD_ENV_ADDR=y CONFIG_NET_LWIP=y CONFIG_NET_RANDOM_ETHADDR=y -CONFIG_TFTP_BLOCKSIZE=4096 CONFIG_SIMPLE_PM_BUS=y CONFIG_CLK_VERSAL=y CONFIG_DFU_RAM=y diff --git a/configs/xilinx_versal_virt_defconfig b/configs/xilinx_versal_virt_defconfig index f228eef7c95..baa4b8e412e 100644 --- a/configs/xilinx_versal_virt_defconfig +++ b/configs/xilinx_versal_virt_defconfig @@ -74,7 +74,6 @@ CONFIG_SYS_REDUNDAND_ENVIRONMENT=y CONFIG_SYS_RELOC_GD_ENV_ADDR=y CONFIG_NET_LWIP=y CONFIG_NET_RANDOM_ETHADDR=y -CONFIG_TFTP_BLOCKSIZE=4096 CONFIG_SIMPLE_PM_BUS=y CONFIG_CLK_VERSAL=y CONFIG_DFU_TIMEOUT=y diff --git a/drivers/clk/Kconfig b/drivers/clk/Kconfig index d9d518d7038..18bd640a68b 100644 --- a/drivers/clk/Kconfig +++ b/drivers/clk/Kconfig @@ -96,6 +96,13 @@ config SPL_CLK_GPIO Enable this option to add GPIO-controlled clock gate driver in U-Boot SPL. +config CLK_STUB + bool "Stub clock driver" + depends on CLK + help + Enable this to provide a stub clock driver for non-essential clock + controllers. + config CLK_BCM6345 bool "Clock controller driver for BCM6345" depends on CLK && ARCH_BMIPS diff --git a/drivers/clk/Makefile b/drivers/clk/Makefile index 7f84f22d4b1..fe0e49f6112 100644 --- a/drivers/clk/Makefile +++ b/drivers/clk/Makefile @@ -11,6 +11,7 @@ obj-$(CONFIG_$(PHASE_)CLK_CCF) += clk.o clk-divider.o clk-mux.o clk-gate.o obj-$(CONFIG_$(PHASE_)CLK_CCF) += clk-fixed-factor.o obj-$(CONFIG_$(PHASE_)CLK_COMPOSITE_CCF) += clk-composite.o obj-$(CONFIG_$(PHASE_)CLK_GPIO) += clk-gpio.o +obj-$(CONFIG_$(PHASE_)CLK_STUB) += clk-stub.o obj-y += adi/ obj-y += analogbits/ diff --git a/drivers/clk/clk-stub.c b/drivers/clk/clk-stub.c new file mode 100644 index 00000000000..5fbbb07b7f7 --- /dev/null +++ b/drivers/clk/clk-stub.c @@ -0,0 +1,67 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Stub clk driver for non-essential clocks. + * + * This driver should be used for clock controllers + * which are described as dependencies in DT but aren't + * actually necessary for hardware functionality. + */ + +#include <clk-uclass.h> +#include <dm.h> + +/* NOP parent nodes to stub clocks */ +static const struct udevice_id nop_parent_ids[] = { + { .compatible = "qcom,rpm-proc" }, + { .compatible = "qcom,glink-rpm" }, + { .compatible = "qcom,rpm-sm6115" }, + { } +}; + +U_BOOT_DRIVER(nop_parent) = { + .name = "nop_parent", + .id = UCLASS_NOP, + .of_match = nop_parent_ids, + .bind = dm_scan_fdt_dev, + .flags = DM_FLAG_DEFAULT_PD_CTRL_OFF, +}; + +static ulong stub_clk_set_rate(struct clk *clk, ulong rate) +{ + return (clk->rate = rate); +} + +static ulong stub_clk_get_rate(struct clk *clk) +{ + return clk->rate; +} + +static int stub_clk_nop(struct clk *clk) +{ + return 0; +} + +static struct clk_ops stub_clk_ops = { + .set_rate = stub_clk_set_rate, + .get_rate = stub_clk_get_rate, + .enable = stub_clk_nop, + .disable = stub_clk_nop, +}; + +static const struct udevice_id stub_clk_ids[] = { + { .compatible = "qcom,rpmcc" }, + { .compatible = "qcom,sm8150-rpmh-clk" }, + { .compatible = "qcom,sm8250-rpmh-clk" }, + { .compatible = "qcom,sm8550-rpmh-clk" }, + { .compatible = "qcom,sm8650-rpmh-clk" }, + { } +}; + +U_BOOT_DRIVER(clk_stub) = { + .name = "clk_stub", + .id = UCLASS_CLK, + .ops = &stub_clk_ops, + .of_match = stub_clk_ids, + .flags = DM_FLAG_DEFAULT_PD_CTRL_OFF, +}; + diff --git a/drivers/clk/clk_versal.c b/drivers/clk/clk_versal.c index 35ee56d0693..cb98f34b5ec 100644 --- a/drivers/clk/clk_versal.c +++ b/drivers/clk/clk_versal.c @@ -106,8 +106,8 @@ struct versal_clk_priv { struct versal_clock *clk; }; -static ulong pl_alt_ref_clk; -static ulong ref_clk; +static ulong pl_alt_ref_clk __section(".data"); +static ulong ref_clk __section(".data"); struct versal_pm_query_data { u32 qid; @@ -116,8 +116,8 @@ struct versal_pm_query_data { u32 arg3; }; -static struct versal_clock *clock; -static unsigned int clock_max_idx; +static struct versal_clock *clock __section(".data"); +static unsigned int clock_max_idx __section(".data"); #define PM_QUERY_DATA 35 @@ -679,12 +679,21 @@ static int versal_clk_probe(struct udevice *dev) debug("%s\n", __func__); - ret = versal_clock_get_freq_by_name("pl_alt_ref_clk", + ret = versal_clock_get_freq_by_name("pl_alt_ref", dev, &pl_alt_ref_clk); + if (ret == -ENODATA) { + /* Fallback to old DT binding clk name "pl_alt_ref_clk" */ + ret = versal_clock_get_freq_by_name("pl_alt_ref_clk", + dev, &pl_alt_ref_clk); + } if (ret < 0) return -EINVAL; - ret = versal_clock_get_freq_by_name("ref_clk", dev, &ref_clk); + ret = versal_clock_get_freq_by_name("ref", dev, &ref_clk); + if (ret == -ENODATA) { + /* Fallback to old DT binding clk name "ref_clk" */ + ret = versal_clock_get_freq_by_name("ref_clk", dev, &ref_clk); + } if (ret < 0) return -EINVAL; diff --git a/drivers/clk/rockchip/clk_rk3568.c b/drivers/clk/rockchip/clk_rk3568.c index 977699d509d..533031caead 100644 --- a/drivers/clk/rockchip/clk_rk3568.c +++ b/drivers/clk/rockchip/clk_rk3568.c @@ -2680,7 +2680,7 @@ static ulong rk3568_clk_set_rate(struct clk *clk, ulong rate) return ret; }; -#if (IS_ENABLED(OF_CONTROL)) || (!IS_ENABLED(OF_PLATDATA)) +#if (CONFIG_IS_ENABLED(OF_CONTROL)) || (!CONFIG_IS_ENABLED(OF_PLATDATA)) static int rk3568_gmac0_src_set_parent(struct clk *clk, struct clk *parent) { struct rk3568_clk_priv *priv = dev_get_priv(clk->dev); @@ -2859,7 +2859,7 @@ static int rk3568_clk_set_parent(struct clk *clk, struct clk *parent) static struct clk_ops rk3568_clk_ops = { .get_rate = rk3568_clk_get_rate, .set_rate = rk3568_clk_set_rate, -#if (IS_ENABLED(OF_CONTROL)) || (!IS_ENABLED(OF_PLATDATA)) +#if (CONFIG_IS_ENABLED(OF_CONTROL)) || (!CONFIG_IS_ENABLED(OF_PLATDATA)) .set_parent = rk3568_clk_set_parent, #endif }; diff --git a/drivers/clk/rockchip/clk_rk3588.c b/drivers/clk/rockchip/clk_rk3588.c index 6042fc10cdb..8c3a113526f 100644 --- a/drivers/clk/rockchip/clk_rk3588.c +++ b/drivers/clk/rockchip/clk_rk3588.c @@ -1822,7 +1822,7 @@ static ulong rk3588_clk_set_rate(struct clk *clk, ulong rate) */ #define ROCKCHIP_MMC_DELAY_ELEMENT_PSEC 60 -#if (IS_ENABLED(OF_CONTROL)) || (!IS_ENABLED(OF_PLATDATA)) +#if (CONFIG_IS_ENABLED(OF_CONTROL)) || (!CONFIG_IS_ENABLED(OF_PLATDATA)) static int __maybe_unused rk3588_dclk_vop_set_parent(struct clk *clk, struct clk *parent) { @@ -1915,7 +1915,7 @@ static int rk3588_clk_set_parent(struct clk *clk, struct clk *parent) static struct clk_ops rk3588_clk_ops = { .get_rate = rk3588_clk_get_rate, .set_rate = rk3588_clk_set_rate, -#if (IS_ENABLED(OF_CONTROL)) || (!IS_ENABLED(OF_PLATDATA)) +#if (CONFIG_IS_ENABLED(OF_CONTROL)) || (!CONFIG_IS_ENABLED(OF_PLATDATA)) .set_parent = rk3588_clk_set_parent, #endif }; diff --git a/drivers/core/root.c b/drivers/core/root.c index 15b8c83fee9..e53381e3b32 100644 --- a/drivers/core/root.c +++ b/drivers/core/root.c @@ -295,22 +295,29 @@ void *dm_priv_to_rw(void *priv) * all its children recursively to do the same. * * @dev: Device to (maybe) probe + * @pre_reloc_only: Probe only devices marked with the DM_FLAG_PRE_RELOC flag * Return 0 if OK, -ve on error */ -static int dm_probe_devices(struct udevice *dev) +static int dm_probe_devices(struct udevice *dev, bool pre_reloc_only) { + ofnode node = dev_ofnode(dev); struct udevice *child; + int ret; - if (dev_get_flags(dev) & DM_FLAG_PROBE_AFTER_BIND) { - int ret; + if (pre_reloc_only && + (!ofnode_valid(node) || !ofnode_pre_reloc(node)) && + !(dev->driver->flags & DM_FLAG_PRE_RELOC)) + goto probe_children; + if (dev_get_flags(dev) & DM_FLAG_PROBE_AFTER_BIND) { ret = device_probe(dev); if (ret) return ret; } +probe_children: list_for_each_entry(child, &dev->child_head, sibling_node) - dm_probe_devices(child); + dm_probe_devices(child, pre_reloc_only); return 0; } @@ -319,7 +326,7 @@ int dm_autoprobe(void) { int ret; - ret = dm_probe_devices(gd->dm_root); + ret = dm_probe_devices(gd->dm_root, !(gd->flags & GD_FLG_RELOC)); if (ret) return log_msg_ret("pro", ret); diff --git a/drivers/crypto/fsl/fsl_hash.c b/drivers/crypto/fsl/fsl_hash.c index 79b32e2627c..b721c866095 100644 --- a/drivers/crypto/fsl/fsl_hash.c +++ b/drivers/crypto/fsl/fsl_hash.c @@ -183,6 +183,7 @@ int caam_hash(const unsigned char *pbuf, unsigned int buf_len, { int ret = 0; uint32_t *desc; + unsigned long pbuf_aligned; unsigned int size; desc = malloc_cache_aligned(sizeof(int) * MAX_CAAM_DESCSIZE); @@ -191,8 +192,9 @@ int caam_hash(const unsigned char *pbuf, unsigned int buf_len, return -ENOMEM; } - size = ALIGN(buf_len, ARCH_DMA_MINALIGN); - flush_dcache_range((unsigned long)pbuf, (unsigned long)pbuf + size); + pbuf_aligned = ALIGN_DOWN((unsigned long)pbuf, ARCH_DMA_MINALIGN); + size = ALIGN(buf_len + ((unsigned long)pbuf - pbuf_aligned), ARCH_DMA_MINALIGN); + flush_dcache_range(pbuf_aligned, pbuf_aligned + size); inline_cnstr_jobdesc_hash(desc, pbuf, buf_len, pout, driver_hash[algo].alg_type, diff --git a/drivers/gpio/Kconfig b/drivers/gpio/Kconfig index f4a453e1cdd..21361f56e69 100644 --- a/drivers/gpio/Kconfig +++ b/drivers/gpio/Kconfig @@ -516,7 +516,7 @@ config ZYNQ_GPIO config DM_74X164 bool "74x164 serial-in/parallel-out 8-bits shift register" - depends on DM_GPIO + depends on DM_GPIO && DM_SPI help Driver for 74x164 compatible serial-in/parallel-out 8-outputs shift registers, such as 74lv165, 74hc595. diff --git a/drivers/led/led-uclass.c b/drivers/led/led-uclass.c index 22f61d12d38..edcdeee1e9a 100644 --- a/drivers/led/led-uclass.c +++ b/drivers/led/led-uclass.c @@ -273,8 +273,12 @@ static const char *led_get_function_name(struct udevice *dev) /* Now try to detect function label name */ func = dev_read_string(dev, "function"); cp = dev_read_u32(dev, "color", &color); - // prevent coverity scan error CID 541279: (TAINTED_SCALAR) - if (color < LED_COLOR_ID_WHITE || color >= LED_COLOR_ID_MAX) + /* + * prevent coverity scan error CID 541279: (TAINTED_SCALAR) + * only check the upper bound. No need to check the lower bound + * as color is from type u32 and never can be lower than 0. + */ + if (color >= LED_COLOR_ID_MAX) cp = -EINVAL; if (cp == 0 || func) { diff --git a/drivers/net/tsec.c b/drivers/net/tsec.c index 6481ee24a60..bd4ebdd745a 100644 --- a/drivers/net/tsec.c +++ b/drivers/net/tsec.c @@ -278,6 +278,24 @@ static int tsec_send(struct udevice *dev, void *packet, int length) return result; } +static int tsec_free_pkt(struct udevice *dev, uchar *packet, int length) +{ + struct tsec_private *priv = (struct tsec_private *)dev_get_priv(dev); + u16 status; + + out_be16(&priv->rxbd[priv->rx_idx].length, 0); + + status = RXBD_EMPTY; + /* Set the wrap bit if this is the last element in the list */ + if ((priv->rx_idx + 1) == PKTBUFSRX) + status |= RXBD_WRAP; + out_be16(&priv->rxbd[priv->rx_idx].status, status); + + priv->rx_idx = (priv->rx_idx + 1) % PKTBUFSRX; + + return 0; +} + static int tsec_recv(struct udevice *dev, int flags, uchar **packetp) { struct tsec_private *priv = (struct tsec_private *)dev_get_priv(dev); @@ -296,6 +314,9 @@ static int tsec_recv(struct udevice *dev, int flags, uchar **packetp) ret = length - 4; } else { printf("Got error %x\n", (status & RXBD_STATS)); + + /* Rearm the packet buffer */ + tsec_free_pkt(dev, NULL, 0); } } @@ -307,24 +328,6 @@ static int tsec_recv(struct udevice *dev, int flags, uchar **packetp) return ret; } -static int tsec_free_pkt(struct udevice *dev, uchar *packet, int length) -{ - struct tsec_private *priv = (struct tsec_private *)dev_get_priv(dev); - u16 status; - - out_be16(&priv->rxbd[priv->rx_idx].length, 0); - - status = RXBD_EMPTY; - /* Set the wrap bit if this is the last element in the list */ - if ((priv->rx_idx + 1) == PKTBUFSRX) - status |= RXBD_WRAP; - out_be16(&priv->rxbd[priv->rx_idx].status, status); - - priv->rx_idx = (priv->rx_idx + 1) % PKTBUFSRX; - - return 0; -} - static void tsec_halt(struct udevice *dev) { struct tsec_private *priv; diff --git a/drivers/pinctrl/qcom/pinctrl-sm8250.c b/drivers/pinctrl/qcom/pinctrl-sm8250.c index cab42fa64ed..b21cdc4d24b 100644 --- a/drivers/pinctrl/qcom/pinctrl-sm8250.c +++ b/drivers/pinctrl/qcom/pinctrl-sm8250.c @@ -107,7 +107,7 @@ static unsigned int sm8250_get_function_mux(__maybe_unused unsigned int pin, uns static struct msm_pinctrl_data sm8250_data = { .pin_data = { .pin_offsets = sm8250_pin_offsets, - .pin_count = ARRAY_SIZE(sm8250_pin_offsets), + .pin_count = 184, .special_pins_start = 180, .special_pins_data = sm8250_special_pins_data, }, diff --git a/drivers/power/regulator/qcom-rpmh-regulator.c b/drivers/power/regulator/qcom-rpmh-regulator.c index 70df51b5fa4..cd2b1a654c1 100644 --- a/drivers/power/regulator/qcom-rpmh-regulator.c +++ b/drivers/power/regulator/qcom-rpmh-regulator.c @@ -481,6 +481,13 @@ static const struct rpmh_vreg_init_data pm8150_vreg_data[] = { static const struct rpmh_vreg_init_data pm8150l_vreg_data[] = { RPMH_VREG("ldo1", "ldo%s1", &pmic5_pldo_lv, "vdd-l1-l8"), + RPMH_VREG("ldo4", "ldo%s4", &pmic5_pldo, "vdd-l4-l5-l6"), + RPMH_VREG("ldo5", "ldo%s5", &pmic5_pldo, "vdd-l4-l5-l6"), + RPMH_VREG("ldo6", "ldo%s6", &pmic5_pldo, "vdd-l4-l5-l6"), + RPMH_VREG("ldo7", "ldo%s7", &pmic5_pldo, "vdd-l7-l11"), + RPMH_VREG("ldo8", "ldo%s8", &pmic5_pldo_lv, "vdd-l1-l8"), + RPMH_VREG("ldo9", "ldo%s9", &pmic5_pldo, "vdd-l9-l10"), + RPMH_VREG("ldo10", "ldo%s10", &pmic5_pldo, "vdd-l9-l10"), RPMH_VREG("ldo11", "ldo%s11", &pmic5_pldo, "vdd-l7-l11"), {} }; diff --git a/drivers/soc/soc_amd_versal2.c b/drivers/soc/soc_amd_versal2.c index 66bcb22b4fa..8507da0bd22 100644 --- a/drivers/soc/soc_amd_versal2.c +++ b/drivers/soc/soc_amd_versal2.c @@ -35,7 +35,9 @@ static int soc_amd_versal2_get_revision(struct udevice *dev, char *buf, int size { struct soc_amd_versal2_priv *priv = dev_get_priv(dev); - return snprintf(buf, size, "v%d", priv->revision); + return snprintf(buf, size, "v%d.%d", + (u32)FIELD_GET(PS_VERSION_MAJOR, priv->revision), + (u32)FIELD_GET(PS_VERSION_MINOR, priv->revision)); } static const struct soc_ops soc_amd_versal2_ops = { diff --git a/fs/squashfs/sqfs.c b/fs/squashfs/sqfs.c index 8fac6c6c5a9..7c364686f14 100644 --- a/fs/squashfs/sqfs.c +++ b/fs/squashfs/sqfs.c @@ -1712,7 +1712,8 @@ static int sqfs_size_nest(const char *filename, loff_t *size) case SQFS_LSYMLINK_TYPE: if (++symlinknest == MAX_SYMLINK_NEST) { *size = 0; - return -ELOOP; + ret = -ELOOP; + break; } symlink = (struct squashfs_symlink_inode *)ipos; diff --git a/include/crypto/mscode.h b/include/crypto/mscode.h index 678e69001b9..55501c22acb 100644 --- a/include/crypto/mscode.h +++ b/include/crypto/mscode.h @@ -10,6 +10,7 @@ #include <crypto/hash_info.h> #endif #if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) +#include "mbedtls_options.h" #include <mbedtls/asn1.h> #include <mbedtls/oid.h> #endif diff --git a/include/crypto/pkcs7_parser.h b/include/crypto/pkcs7_parser.h index 469c2711fa6..fd1e48da09e 100644 --- a/include/crypto/pkcs7_parser.h +++ b/include/crypto/pkcs7_parser.h @@ -12,6 +12,7 @@ #include <crypto/pkcs7.h> #include <crypto/x509_parser.h> #if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) +#include "mbedtls_options.h" #include <mbedtls/pkcs7.h> #include <library/x509_internal.h> #include <mbedtls/asn1.h> diff --git a/include/mcheck.h b/include/mcheck.h index bd506ae6291..4b11751ebcc 100644 --- a/include/mcheck.h +++ b/include/mcheck.h @@ -1,18 +1,7 @@ -/* SPDX-License-Identifier: GPL-2.1+ */ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ /* * Copyright (C) 1996-2024 Free Software Foundation, Inc. * This file is part of the GNU C Library. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * <https://www.gnu.org/licenses/>. */ #ifndef _MCHECK_H #define _MCHECK_H 1 diff --git a/include/miiphy.h b/include/miiphy.h index 1e6c7041fdc..63ec3bcc76b 100644 --- a/include/miiphy.h +++ b/include/miiphy.h @@ -33,8 +33,6 @@ int miiphy_is_1000base_x(const char *devname, unsigned char addr); int miiphy_link(const char *devname, unsigned char addr); #endif -void miiphy_init(void); - int miiphy_set_current_dev(const char *devname); const char *miiphy_get_current_dev(void); struct mii_dev *mdio_get_current_dev(void); diff --git a/include/u-boot/sha1.h b/include/u-boot/sha1.h index dd66258bbe9..c2d62e9cf0f 100644 --- a/include/u-boot/sha1.h +++ b/include/u-boot/sha1.h @@ -18,17 +18,7 @@ #include <linux/types.h> #if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO) -/* - * FIXME: - * MbedTLS define the members of "mbedtls_sha256_context" as private, - * but "state" needs to be access by arch/arm/cpu/armv8/sha1_ce_glue. - * MBEDTLS_ALLOW_PRIVATE_ACCESS needs to be enabled to allow the external - * access. - * Directly including <external/mbedtls/library/common.h> is not allowed, - * since this will include <malloc.h> and break the sandbox test. - */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - +#include "mbedtls_options.h" #include <mbedtls/sha1.h> #endif diff --git a/include/u-boot/sha256.h b/include/u-boot/sha256.h index d7a3403270b..2d86508332e 100644 --- a/include/u-boot/sha256.h +++ b/include/u-boot/sha256.h @@ -7,17 +7,7 @@ #include <linux/types.h> #if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO) -/* - * FIXME: - * MbedTLS define the members of "mbedtls_sha256_context" as private, - * but "state" needs to be access by arch/arm/cpu/armv8/sha256_ce_glue. - * MBEDTLS_ALLOW_PRIVATE_ACCESS needs to be enabled to allow the external - * access. - * Directly including <external/mbedtls/library/common.h> is not allowed, - * since this will include <malloc.h> and break the sandbox test. - */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - +#include "mbedtls_options.h" #include <mbedtls/sha256.h> #endif diff --git a/lib/efi_loader/efi_net.c b/lib/efi_loader/efi_net.c index ce9272fa240..60aa076feaa 100644 --- a/lib/efi_loader/efi_net.c +++ b/lib/efi_loader/efi_net.c @@ -927,12 +927,15 @@ efi_status_t efi_net_register(void) &netobj->net); if (r != EFI_SUCCESS) goto failure_to_add_protocol; - if (!net_dp) - efi_net_set_dp("Net", NULL); - r = efi_add_protocol(&netobj->header, &efi_guid_device_path, - net_dp); + + if (net_dp) + r = efi_add_protocol(&netobj->header, &efi_guid_device_path, + net_dp); + else + r = efi_net_set_dp("Net", NULL); if (r != EFI_SUCCESS) goto failure_to_add_protocol; + r = efi_add_protocol(&netobj->header, &efi_pxe_base_code_protocol_guid, &netobj->pxe); if (r != EFI_SUCCESS) @@ -1057,18 +1060,58 @@ out_of_resources: */ efi_status_t efi_net_set_dp(const char *dev, const char *server) { - efi_free_pool(net_dp); + efi_status_t ret = EFI_SUCCESS; + struct efi_handler *phandler; + struct efi_device_path *old_net_dp, *new_net_dp; - net_dp = NULL; + old_net_dp = net_dp; + new_net_dp = NULL; if (!strcmp(dev, "Net")) - net_dp = efi_dp_from_eth(); + new_net_dp = efi_dp_from_eth(); else if (!strcmp(dev, "Http")) - net_dp = efi_dp_from_http(server); + new_net_dp = efi_dp_from_http(server); - if (!net_dp) + if (!new_net_dp) { return EFI_OUT_OF_RESOURCES; + } + + // If netobj is not started yet, end here. + if (!netobj) { + goto exit; + } + + phandler = NULL; + efi_search_protocol(&netobj->header, &efi_guid_device_path, &phandler); + + // If the device path protocol is not yet installed, install it + if (!phandler) + goto add; + + // If it is already installed, try to update it + ret = efi_reinstall_protocol_interface(&netobj->header, &efi_guid_device_path, + old_net_dp, new_net_dp); + if (ret != EFI_SUCCESS) + goto error; + + net_dp = new_net_dp; + efi_free_pool(old_net_dp); return EFI_SUCCESS; +add: + ret = efi_add_protocol(&netobj->header, &efi_guid_device_path, + new_net_dp); + if (ret != EFI_SUCCESS) + goto error; +exit: + net_dp = new_net_dp; + efi_free_pool(old_net_dp); + + return ret; +error: + // Failed, restore + efi_free_pool(new_net_dp); + + return ret; } /** diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig index 35d8c507a89..789721ee6cd 100644 --- a/lib/mbedtls/Kconfig +++ b/lib/mbedtls/Kconfig @@ -1,57 +1,54 @@ +# For U-Boot Proper + choice - prompt "Select crypto libraries" - default LEGACY_CRYPTO + prompt "Crypto libraries (U-Boot Proper)" + default LEGACY_HASHING_AND_CRYPTO help Select crypto libraries. - LEGACY_CRYPTO for legacy crypto libraries, + LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries, MBEDTLS_LIB for MbedTLS libraries. -config LEGACY_CRYPTO +config LEGACY_HASHING_AND_CRYPTO bool "legacy crypto libraries" - select LEGACY_CRYPTO_BASIC - select LEGACY_CRYPTO_CERT + select LEGACY_HASHING + select LEGACY_CRYPTO config MBEDTLS_LIB bool "MbedTLS libraries" select MBEDTLS_LIB_X509 endchoice -if LEGACY_CRYPTO || MBEDTLS_LIB_CRYPTO_ALT +if LEGACY_HASHING_AND_CRYPTO || MBEDTLS_LIB_HASHING_ALT -config LEGACY_CRYPTO_BASIC - bool "legacy basic crypto libraries" +config LEGACY_HASHING + bool "Use U-Boot legacy hashing libraries" select MD5_LEGACY if MD5 select SHA1_LEGACY if SHA1 select SHA256_LEGACY if SHA256 select SHA512_LEGACY if SHA512 select SHA384_LEGACY if SHA384 - select SPL_MD5_LEGACY if SPL_MD5 - select SPL_SHA1_LEGACY if SPL_SHA1 - select SPL_SHA256_LEGACY if SPL_SHA256 - select SPL_SHA512_LEGACY if SPL_SHA512 - select SPL_SHA384_LEGACY if SPL_SHA384 help - Enable legacy basic crypto libraries. + Enable U-Boot legacy hashing libraries. -if LEGACY_CRYPTO_BASIC +if LEGACY_HASHING config SHA1_LEGACY bool "Enable SHA1 support with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SHA1 + depends on LEGACY_HASHING && SHA1 help This option enables support of hashing using SHA1 algorithm with legacy crypto library. config SHA256_LEGACY bool "Enable SHA256 support with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SHA256 + depends on LEGACY_HASHING && SHA256 help This option enables support of hashing using SHA256 algorithm with legacy crypto library. config SHA512_LEGACY bool "Enable SHA512 support with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SHA512 + depends on LEGACY_HASHING && SHA512 default y if TI_SECURE_DEVICE && FIT_SIGNATURE help This option enables support of hashing using SHA512 algorithm @@ -59,7 +56,7 @@ config SHA512_LEGACY config SHA384_LEGACY bool "Enable SHA384 support with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SHA384 + depends on LEGACY_HASHING && SHA384 select SHA512_LEGACY help This option enables support of hashing using SHA384 algorithm @@ -67,95 +64,16 @@ config SHA384_LEGACY config MD5_LEGACY bool "Enable MD5 support with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && MD5 + depends on LEGACY_HASHING && MD5 help This option enables support of hashing using MD5 algorithm with legacy crypto library. -if SPL - -config SPL_SHA1_LEGACY - bool "Enable SHA1 support in SPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SPL_SHA1 - help - This option enables support of hashing using SHA1 algorithm - with legacy crypto library. - -config SPL_SHA256_LEGACY - bool "Enable SHA256 support in SPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SPL_SHA256 - help - This option enables support of hashing using SHA256 algorithm - with legacy crypto library. +endif # LEGACY_HASHING -config SPL_SHA512_LEGACY - bool "Enable SHA512 support in SPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SPL_SHA512 - help - This option enables support of hashing using SHA512 algorithm - with legacy crypto library. - -config SPL_SHA384_LEGACY - bool "Enable SHA384 support in SPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SPL_SHA384 - select SPL_SHA512_LEGACY - help - This option enables support of hashing using SHA384 algorithm - with legacy crypto library. - -config SPL_MD5_LEGACY - bool "Enable MD5 support in SPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && SPL_MD5 - help - This option enables support of hashing using MD5 algorithm - with legacy crypto library. - -endif # SPL - -if VPL - -config VPL_SHA1_LEGACY - bool "Enable SHA1 support in VPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && VPL_SHA1 - help - This option enables support of hashing using SHA1 algorithm - with legacy crypto library. - -config VPL_SHA256_LEGACY - bool "Enable SHA256 support in VPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && VPL_SHA256 - help - This option enables support of hashing using SHA256 algorithm - with legacy crypto library. - -config VPL_SHA512_LEGACY - bool "Enable SHA512 support in VPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && VPL_SHA512 - help - This option enables support of hashing using SHA512 algorithm - with legacy crypto library. - -config VPL_SHA384_LEGACY - bool "Enable SHA384 support in VPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && VPL_SHA384 - select VPL_SHA512_LEGACY - help - This option enables support of hashing using SHA384 algorithm - with legacy crypto library. - -config VPL_MD5_LEGACY - bool "Enable MD5 support in VPL with legacy crypto library" - depends on LEGACY_CRYPTO_BASIC && VPL_MD5 - help - This option enables support of hashing using MD5 algorithm - with legacy crypto library. - -endif # VPL - -endif # LEGACY_CRYPTO_BASIC - -config LEGACY_CRYPTO_CERT +config LEGACY_CRYPTO bool "legacy certificate libraries" + depends on LEGACY_HASHING_AND_CRYPTO select ASN1_DECODER_LEGACY if ASN1_DECODER select ASYMMETRIC_PUBLIC_KEY_LEGACY if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE @@ -163,24 +81,20 @@ config LEGACY_CRYPTO_CERT select X509_CERTIFICATE_PARSER_LEGACY if X509_CERTIFICATE_PARSER select PKCS7_MESSAGE_PARSER_LEGACY if PKCS7_MESSAGE_PARSER select MSCODE_PARSER_LEGACY if MSCODE_PARSER - select SPL_ASN1_DECODER_LEGACY if SPL_ASN1_DECODER - select SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY if \ - SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE - select SPL_RSA_PUBLIC_KEY_PARSER_LEGACY if SPL_RSA_PUBLIC_KEY_PARSER help Enable legacy certificate libraries. -if LEGACY_CRYPTO_CERT +if LEGACY_CRYPTO config ASN1_DECODER_LEGACY bool "ASN1 decoder with legacy certificate library" - depends on LEGACY_CRYPTO_CERT && ASN1_DECODER + depends on LEGACY_CRYPTO && ASN1_DECODER help This option chooses legacy certificate library for ASN1 decoder. config ASYMMETRIC_PUBLIC_KEY_LEGACY bool "Asymmetric public key crypto with legacy certificate library" - depends on LEGACY_CRYPTO_CERT && ASYMMETRIC_PUBLIC_KEY_SUBTYPE + depends on LEGACY_CRYPTO && ASYMMETRIC_PUBLIC_KEY_SUBTYPE help This option chooses legacy certificate library for asymmetric public key crypto algorithm. @@ -211,68 +125,41 @@ config PKCS7_MESSAGE_PARSER_LEGACY config MSCODE_PARSER_LEGACY bool "MS authenticode parser with legacy certificate library" - depends on LEGACY_CRYPTO_CERT && MSCODE_PARSER + depends on LEGACY_CRYPTO && MSCODE_PARSER select ASN1_DECODER_LEGACY help This option chooses legacy certificate library for MS authenticode parser. -if SPL - -config SPL_ASN1_DECODER_LEGACY - bool "ASN1 decoder with legacy certificate library in SPL" - depends on LEGACY_CRYPTO_CERT && SPL_ASN1_DECODER - help - This option chooses legacy certificate library for ASN1 decoder in - SPL. - -config SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY - bool "Asymmetric public key crypto with legacy certificate library in SPL" - depends on LEGACY_CRYPTO_CERT && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE - help - This option chooses legacy certificate library for asymmetric public - key crypto algorithm in SPL. - -config SPL_RSA_PUBLIC_KEY_PARSER_LEGACY - bool "RSA public key parser with legacy certificate library in SPL" - depends on SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY - select SPL_ASN1_DECODER_LEGACY - help - This option chooses legacy certificate library for RSA public key - parser in SPL. - -endif # SPL - -endif # LEGACY_CRYPTO_CERT - endif # LEGACY_CRYPTO +endif # LEGACY_HASHING_AND_CRYPTO || MBEDTLS_LIB_HASHING_ALT + if MBEDTLS_LIB -config MBEDTLS_LIB_CRYPTO_ALT - bool "MbedTLS crypto alternatives" +config MBEDTLS_LIB_HASHING_ALT + bool "Replace MbedTLS native hashing with U-Boot legacy libraries" depends on MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO - select LEGACY_CRYPTO_BASIC + select LEGACY_HASHING default y if MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO help - Enable MbedTLS crypto alternatives. + Enable MbedTLS hashing alternatives and replace them with legacy hashing + libraries. + This allows user to use U-Boot legacy hashing algorithms together with + other MbedTLS modules. Mutually incompatible with MBEDTLS_LIB_CRYPTO. config MBEDTLS_LIB_CRYPTO - bool "MbedTLS crypto libraries" + bool "Use MbedTLS native crypto libraries for hashing" + default y if MBEDTLS_LIB select MD5_MBEDTLS if MD5 select SHA1_MBEDTLS if SHA1 select SHA256_MBEDTLS if SHA256 select SHA512_MBEDTLS if SHA512 select SHA384_MBEDTLS if SHA384 - select SPL_MD5_MBEDTLS if SPL_MD5 - select SPL_SHA1_MBEDTLS if SPL_SHA1 - select SPL_SHA256_MBEDTLS if SPL_SHA256 - select SPL_SHA512_MBEDTLS if SPL_SHA512 - select SPL_SHA384_MBEDTLS if SPL_SHA384 help - Enable MbedTLS crypto libraries. - Mutually incompatible with MBEDTLS_LIB_CRYPTO_ALT. + Enable MbedTLS native crypto libraries. + Mutually incompatible with MBEDTLS_LIB_HASHING_ALT. if MBEDTLS_LIB_CRYPTO @@ -344,53 +231,6 @@ config HKDF_MBEDTLS This option enables support of key derivation using HKDF algorithm with MbedTLS crypto library. -if SPL - -config SPL_SHA1_MBEDTLS - bool "Enable SHA1 support in SPL with MbedTLS crypto library" - depends on MBEDTLS_LIB_CRYPTO && SPL_SHA1 - help - This option enables support of hashing using SHA1 algorithm - with MbedTLS crypto library. - -config SPL_SHA256_MBEDTLS - bool "Enable SHA256 support in SPL with MbedTLS crypto library" - depends on MBEDTLS_LIB_CRYPTO && SPL_SHA256 - help - This option enables support of hashing using SHA256 algorithm - with MbedTLS crypto library. - -config SPL_SHA512_MBEDTLS - bool "Enable SHA512 support in SPL with MbedTLS crypto library" - depends on MBEDTLS_LIB_CRYPTO && SPL_SHA512 - help - This option enables support of hashing using SHA512 algorithm - with MbedTLS crypto library. - -config SPL_SHA384_MBEDTLS - bool "Enable SHA384 support in SPL with MbedTLS crypto library" - depends on MBEDTLS_LIB_CRYPTO && SPL_SHA384 - select SPL_SHA512 - help - This option enables support of hashing using SHA384 algorithm - with MbedTLS crypto library. - -config SPL_MD5_MBEDTLS - bool "Enable MD5 support in SPL with MbedTLS crypto library" - depends on MBEDTLS_LIB_CRYPTO && SPL_MD5 - help - This option enables support of hashing using MD5 algorithm - with MbedTLS crypto library. - -config SPL_HKDF_MBEDTLS - bool "Enable HKDF support in SPL with MbedTLS crypto library" - depends on MBEDTLS_LIB_CRYPTO - help - This option enables support of key derivation using HKDF algorithm - with MbedTLS crypto library. - -endif # SPL - endif # MBEDTLS_LIB_CRYPTO config MBEDTLS_LIB_X509 @@ -402,10 +242,6 @@ config MBEDTLS_LIB_X509 select X509_CERTIFICATE_PARSER_MBEDTLS if X509_CERTIFICATE_PARSER select PKCS7_MESSAGE_PARSER_MBEDTLS if PKCS7_MESSAGE_PARSER select MSCODE_PARSER_MBEDTLS if MSCODE_PARSER - select SPL_ASN1_DECODER_MBEDTLS if SPL_ASN1_DECODER - select SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS if \ - SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE - select SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS if SPL_RSA_PUBLIC_KEY_PARSER help Enable MbedTLS certificate libraries. @@ -456,44 +292,554 @@ config MSCODE_PARSER_MBEDTLS This option chooses MbedTLS certificate library for MS authenticode parser. +endif # MBEDTLS_LIB_X509 + +config MBEDTLS_LIB_TLS + bool "MbedTLS TLS library" + depends on RSA_PUBLIC_KEY_PARSER_MBEDTLS + depends on X509_CERTIFICATE_PARSER_MBEDTLS + depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS + depends on ASN1_DECODER_MBEDTLS + depends on MBEDTLS_LIB + help + Enable MbedTLS TLS library. Required for HTTPs support + in wget + +endif # MBEDTLS_LIB + +# For SPL + if SPL +choice + prompt "Crypto libraries (SPL)" + default SPL_LEGACY_HASHING_AND_CRYPTO + help + Select crypto libraries in SPL. + SPL_LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries, + SPL_MBEDTLS_LIB for MbedTLS libraries. + +config SPL_LEGACY_HASHING_AND_CRYPTO + bool "legacy crypto libraries" + select SPL_LEGACY_HASHING + select SPL_LEGACY_CRYPTO + +config SPL_MBEDTLS_LIB + bool "MbedTLS libraries" + select SPL_MBEDTLS_LIB_X509 +endchoice + +if SPL_LEGACY_HASHING_AND_CRYPTO || SPL_MBEDTLS_LIB_HASHING_ALT + +config SPL_LEGACY_HASHING + bool "Use U-Boot legacy hashing libraries (SPL)" + select SPL_MD5_LEGACY if SPL_MD5 + select SPL_SHA1_LEGACY if SPL_SHA1 + select SPL_SHA256_LEGACY if SPL_SHA256 + select SPL_SHA512_LEGACY if SPL_SHA512 + select SPL_SHA384_LEGACY if SPL_SHA384 + help + Enable U-Boot legacy hashing libraries in SPL. + +if SPL_LEGACY_HASHING + +config SPL_SHA1_LEGACY + bool "Enable SHA1 support with legacy crypto library (SPL)" + depends on SPL_LEGACY_HASHING && SPL_SHA1 + help + This option enables support of hashing using SHA1 algorithm + with legacy crypto library in SPL. + +config SPL_SHA256_LEGACY + bool "Enable SHA256 support with legacy crypto library (SPL)" + depends on SPL_LEGACY_HASHING && SPL_SHA256 + help + This option enables support of hashing using SHA256 algorithm + with legacy crypto library in SPL. + +config SPL_SHA512_LEGACY + bool "Enable SHA512 support with legacy crypto library (SPL)" + depends on SPL_LEGACY_HASHING && SPL_SHA512 + help + This option enables support of hashing using SHA512 algorithm + with legacy crypto library in SPL. + +config SPL_SHA384_LEGACY + bool "Enable SHA384 support with legacy crypto library (SPL)" + depends on SPL_LEGACY_HASHING && SPL_SHA384 + select SPL_SHA512_LEGACY + help + This option enables support of hashing using SHA384 algorithm + with legacy crypto library in SPL. + +config SPL_MD5_LEGACY + bool "Enable MD5 support with legacy crypto library (SPL)" + depends on SPL_LEGACY_HASHING && SPL_MD5 + help + This option enables support of hashing using MD5 algorithm + with legacy crypto library in SPL. + +endif # SPL_LEGACY_HASHING + +config SPL_LEGACY_CRYPTO + bool "legacy certificate libraries (SPL)" + depends on SPL_LEGACY_HASHING_AND_CRYPTO + select SPL_ASN1_DECODER_LEGACY if SPL_ASN1_DECODER + select SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY if \ + SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select SPL_RSA_PUBLIC_KEY_PARSER_LEGACY if SPL_RSA_PUBLIC_KEY_PARSER + help + Enable legacy certificate libraries in SPL. + +if SPL_LEGACY_CRYPTO + +config SPL_ASN1_DECODER_LEGACY + bool "ASN1 decoder with legacy certificate library (SPL)" + depends on SPL_LEGACY_CRYPTO && SPL_ASN1_DECODER + help + This option chooses legacy certificate library for ASN1 decoder in + SPL. + +config SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY + bool "Asymmetric public key crypto with legacy certificate library (SPL)" + depends on SPL_LEGACY_CRYPTO && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE + help + This option chooses legacy certificate library for asymmetric public + key crypto algorithm in SPL. + +config SPL_RSA_PUBLIC_KEY_PARSER_LEGACY + bool "RSA public key parser with legacy certificate library (SPL)" + depends on SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY + select SPL_ASN1_DECODER_LEGACY + help + This option chooses legacy certificate library for RSA public key + parser in SPL. + +endif # SPL_LEGACY_CRYPTO + +endif # SPL_LEGACY_HASHING_AND_CRYPTO || SPL_MBEDTLS_LIB_HASHING_ALT + +if SPL_MBEDTLS_LIB + +config SPL_MBEDTLS_LIB_HASHING_ALT + bool "Replace MbedTLS native hashing with U-Boot legacy libraries (SPL)" + depends on SPL_MBEDTLS_LIB && !SPL_MBEDTLS_LIB_CRYPTO + select SPL_LEGACY_HASHING + default y if SPL_MBEDTLS_LIB && !SPL_MBEDTLS_LIB_CRYPTO + help + Enable MbedTLS hashing alternatives and replace them with legacy hashing + libraries in SPL. + This allows user to use U-Boot legacy hashing algorithms together with + other MbedTLS modules. + Mutually incompatible with SPL_MBEDTLS_LIB_CRYPTO. + +config SPL_MBEDTLS_LIB_CRYPTO + bool "Use MbedTLS native crypto libraries for hashing (SPL)" + default y if SPL_MBEDTLS_LIB + select SPL_MD5_MBEDTLS if SPL_MD5 + select SPL_SHA1_MBEDTLS if SPL_SHA1 + select SPL_SHA256_MBEDTLS if SPL_SHA256 + select SPL_SHA512_MBEDTLS if SPL_SHA512 + select SPL_SHA384_MBEDTLS if SPL_SHA384 + help + Enable MbedTLS native crypto libraries in SPL. + +if SPL_MBEDTLS_LIB_CRYPTO + +config SPL_SHA1_MBEDTLS + bool "Enable SHA1 support with MbedTLS crypto library (SPL)" + depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA1 + help + This option enables support of hashing using SHA1 algorithm + with MbedTLS crypto library in SPL. + +config SPL_SHA256_MBEDTLS + bool "Enable SHA256 support with MbedTLS crypto library (SPL)" + depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA256 + help + This option enables support of hashing using SHA256 algorithm + with MbedTLS crypto library in SPL. + +config SPL_SHA512_MBEDTLS + bool "Enable SHA512 support with MbedTLS crypto library (SPL)" + depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA512 + help + This option enables support of hashing using SHA512 algorithm + with MbedTLS crypto library in SPL. + +config SPL_SHA384_MBEDTLS + bool "Enable SHA384 support with MbedTLS crypto library (SPL)" + depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA384 + select SPL_SHA512 + help + This option enables support of hashing using SHA384 algorithm + with MbedTLS crypto library in SPL. + +config SPL_MD5_MBEDTLS + bool "Enable MD5 support with MbedTLS crypto library (SPL)" + depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_MD5 + help + This option enables support of hashing using MD5 algorithm + with MbedTLS crypto library in SPL. + +config SPL_HKDF_MBEDTLS + bool "Enable HKDF support with MbedTLS crypto library (SPL)" + depends on SPL_MBEDTLS_LIB_CRYPTO + help + This option enables support of key derivation using HKDF algorithm + with MbedTLS crypto library in SPL. + +endif # SPL_MBEDTLS_LIB_CRYPTO + +config SPL_MBEDTLS_LIB_X509 + bool "MbedTLS certificate libraries (SPL)" + select SPL_ASN1_DECODER_MBEDTLS if SPL_ASN1_DECODER + select SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS if \ + SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS if SPL_RSA_PUBLIC_KEY_PARSER + help + Enable MbedTLS certificate libraries in SPL. + +if SPL_MBEDTLS_LIB_X509 + config SPL_ASN1_DECODER_MBEDTLS - bool "ASN1 decoder with MbedTLS certificate library in SPL" - depends on MBEDTLS_LIB_X509 && SPL_ASN1_DECODER + bool "ASN1 decoder with MbedTLS certificate library (SPL)" + depends on SPL_MBEDTLS_LIB_X509 && SPL_ASN1_DECODER help This option chooses MbedTLS certificate library for ASN1 decoder in SPL. config SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS - bool "Asymmetric public key crypto with MbedTLS certificate library in SPL" - depends on MBEDTLS_LIB_X509 && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE + bool "Asymmetric public key crypto with MbedTLS certificate library (SPL)" + depends on SPL_MBEDTLS_LIB_X509 && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE help This option chooses MbedTLS certificate library for asymmetric public key crypto algorithm in SPL. config SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS - bool "RSA public key parser with MbedTLS certificate library in SPL" + bool "RSA public key parser with MbedTLS certificate library (SPL)" depends on SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS select SPL_ASN1_DECODER_MBEDTLS help This option chooses MbedTLS certificate library for RSA public key parser in SPL. +endif # SPL_MBEDTLS_LIB_X509 + +config SPL_MBEDTLS_LIB_TLS + bool "MbedTLS TLS library (SPL)" + depends on SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS + depends on SPL_X509_CERTIFICATE_PARSER_MBEDTLS + depends on SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS + depends on SPL_ASN1_DECODER_MBEDTLS + depends on SPL_MBEDTLS_LIB + help + Enable MbedTLS TLS library in SPL. Required for HTTPs support + in wget + +endif # SPL_MBEDTLS_LIB + endif # SPL -endif # MBEDTLS_LIB_X509 +# For TPL -config MBEDTLS_LIB_TLS - bool "MbedTLS TLS library" - depends on RSA_PUBLIC_KEY_PARSER_MBEDTLS - depends on X509_CERTIFICATE_PARSER_MBEDTLS - depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS - depends on ASN1_DECODER_MBEDTLS - depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS - depends on MBEDTLS_LIB_CRYPTO +if TPL + +choice + prompt "Crypto libraries (TPL)" + default TPL_LEGACY_HASHING_AND_CRYPTO help - Enable MbedTLS TLS library. Required for HTTPs support - in wget + Select crypto libraries in TPL. + TPL_LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries, + TPL_MBEDTLS_LIB for MbedTLS libraries. -endif # MBEDTLS_LIB +config TPL_LEGACY_HASHING_AND_CRYPTO + bool "legacy crypto libraries" + select TPL_LEGACY_HASHING + select TPL_LEGACY_CRYPTO + +config TPL_MBEDTLS_LIB + bool "MbedTLS libraries" + +endchoice + +if TPL_LEGACY_HASHING_AND_CRYPTO || TPL_MBEDTLS_LIB_HASHING_ALT + +config TPL_LEGACY_HASHING + bool "Use U-Boot legacy hashing libraries (TPL)" + select TPL_MD5_LEGACY if TPL_MD5 + select TPL_SHA1_LEGACY if TPL_SHA1 + select TPL_SHA256_LEGACY if TPL_SHA256 + select TPL_SHA512_LEGACY if TPL_SHA512 + select TPL_SHA384_LEGACY if TPL_SHA384 + help + Enable U-Boot legacy hashing libraries in TPL. + +if TPL_LEGACY_HASHING + +config TPL_SHA1_LEGACY + bool "Enable SHA1 support with legacy crypto library (TPL)" + depends on TPL_LEGACY_HASHING && TPL_SHA1 + help + This option enables support of hashing using SHA1 algorithm + with legacy crypto library in TPL. + +config TPL_SHA256_LEGACY + bool "Enable SHA256 support with legacy crypto library (TPL)" + depends on TPL_LEGACY_HASHING && TPL_SHA256 + help + This option enables support of hashing using SHA256 algorithm + with legacy crypto library in TPL. + +config TPL_SHA512_LEGACY + bool "Enable SHA512 support with legacy crypto library (TPL)" + depends on TPL_LEGACY_HASHING && TPL_SHA512 + help + This option enables support of hashing using SHA512 algorithm + with legacy crypto library in TPL. + +config TPL_SHA384_LEGACY + bool "Enable SHA384 support with legacy crypto library (TPL)" + depends on TPL_LEGACY_HASHING && TPL_SHA384 + select TPL_SHA512_LEGACY + help + This option enables support of hashing using SHA384 algorithm + with legacy crypto library in TPL. + +config TPL_MD5_LEGACY + bool "Enable MD5 support with legacy crypto library (TPL)" + depends on TPL_LEGACY_HASHING && TPL_MD5 + help + This option enables support of hashing using MD5 algorithm + with legacy crypto library in TPL. + +endif # TPL_LEGACY_HASHING + +endif # TPL_LEGACY_HASHING_AND_CRYPTO || TPL_MBEDTLS_LIB_HASHING_ALT + +if TPL_MBEDTLS_LIB + +config TPL_MBEDTLS_LIB_HASHING_ALT + bool "Replace MbedTLS native hashing with U-Boot legacy libraries (TPL)" + depends on TPL_MBEDTLS_LIB && !TPL_MBEDTLS_LIB_CRYPTO + select TPL_LEGACY_HASHING + default y if TPL_MBEDTLS_LIB && !TPL_MBEDTLS_LIB_CRYPTO + help + Enable MbedTLS hashing alternatives and replace them with legacy hashing + libraries in TPL. + This allows user to use U-Boot legacy hashing algorithms together with + other MbedTLS modules. + Mutually incompatible with TPL_MBEDTLS_LIB_CRYPTO. + +config TPL_MBEDTLS_LIB_CRYPTO + bool "Use MbedTLS native crypto libraries for hashing (TPL)" + default y if TPL_MBEDTLS_LIB + select TPL_MD5_MBEDTLS if TPL_MD5 + select TPL_SHA1_MBEDTLS if TPL_SHA1 + select TPL_SHA256_MBEDTLS if TPL_SHA256 + select TPL_SHA512_MBEDTLS if TPL_SHA512 + select TPL_SHA384_MBEDTLS if TPL_SHA384 + help + Enable MbedTLS native crypto libraries in TPL. + +if TPL_MBEDTLS_LIB_CRYPTO + +config TPL_SHA1_MBEDTLS + bool "Enable SHA1 support with MbedTLS crypto library (TPL)" + depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA1 + help + This option enables support of hashing using SHA1 algorithm + with MbedTLS crypto library in TPL. + +config TPL_SHA256_MBEDTLS + bool "Enable SHA256 support with MbedTLS crypto library (TPL)" + depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA256 + help + This option enables support of hashing using SHA256 algorithm + with MbedTLS crypto library in TPL. + +config TPL_SHA512_MBEDTLS + bool "Enable SHA512 support with MbedTLS crypto library (TPL)" + depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA512 + help + This option enables support of hashing using SHA512 algorithm + with MbedTLS crypto library in TPL. + +config TPL_SHA384_MBEDTLS + bool "Enable SHA384 support with MbedTLS crypto library (TPL)" + depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA384 + select TPL_SHA512 + help + This option enables support of hashing using SHA384 algorithm + with MbedTLS crypto library in TPL. + +config TPL_MD5_MBEDTLS + bool "Enable MD5 support with MbedTLS crypto library (TPL)" + depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_MD5 + help + This option enables support of hashing using MD5 algorithm + with MbedTLS crypto library in TPL. + +config TPL_HKDF_MBEDTLS + bool "Enable HKDF support with MbedTLS crypto library (TPL)" + depends on TPL_MBEDTLS_LIB_CRYPTO + help + This option enables support of key derivation using HKDF algorithm + with MbedTLS crypto library in TPL. + +endif # TPL_MBEDTLS_LIB_CRYPTO + +endif # TPL_MBEDTLS_LIB + +endif # TPL + +# For VPL + +if VPL + +choice + prompt "Crypto libraries (VPL)" + default VPL_LEGACY_HASHING_AND_CRYPTO + help + Select crypto libraries in VPL. + VPL_LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries, + VPL_MBEDTLS_LIB for MbedTLS libraries. + +config VPL_LEGACY_HASHING_AND_CRYPTO + bool "legacy crypto libraries" + select VPL_LEGACY_HASHING + +config VPL_MBEDTLS_LIB + bool "MbedTLS libraries" + +endchoice + +if VPL_LEGACY_HASHING_AND_CRYPTO || VPL_MBEDTLS_LIB_HASHING_ALT + +config VPL_LEGACY_HASHING + bool "Use U-Boot legacy hashing libraries (VPL)" + select VPL_MD5_LEGACY if VPL_MD5 + select VPL_SHA1_LEGACY if VPL_SHA1 + select VPL_SHA256_LEGACY if VPL_SHA256 + select VPL_SHA512_LEGACY if VPL_SHA512 + select VPL_SHA384_LEGACY if VPL_SHA384 + help + Enable U-Boot legacy hashing libraries in VPL. + +if VPL_LEGACY_HASHING + +config VPL_SHA1_LEGACY + bool "Enable SHA1 support with legacy crypto library (VPL)" + depends on VPL_LEGACY_HASHING && VPL_SHA1 + help + This option enables support of hashing using SHA1 algorithm + with legacy crypto library in VPL. + +config VPL_SHA256_LEGACY + bool "Enable SHA256 support with legacy crypto library (VPL)" + depends on VPL_LEGACY_HASHING && VPL_SHA256 + help + This option enables support of hashing using SHA256 algorithm + with legacy crypto library in VPL. + +config VPL_SHA512_LEGACY + bool "Enable SHA512 support with legacy crypto library (VPL)" + depends on VPL_LEGACY_HASHING && VPL_SHA512 + help + This option enables support of hashing using SHA512 algorithm + with legacy crypto library in VPL. + +config VPL_SHA384_LEGACY + bool "Enable SHA384 support with legacy crypto library (VPL)" + depends on VPL_LEGACY_HASHING && VPL_SHA384 + select VPL_SHA512_LEGACY + help + This option enables support of hashing using SHA384 algorithm + with legacy crypto library in VPL. + +config VPL_MD5_LEGACY + bool "Enable MD5 support with legacy crypto library (VPL)" + depends on VPL_LEGACY_HASHING && VPL_MD5 + help + This option enables support of hashing using MD5 algorithm + with legacy crypto library in VPL. + +endif # VPL_LEGACY_HASHING + +endif # VPL_LEGACY_HASHING_AND_CRYPTO || VPL_MBEDTLS_LIB_HASHING_ALT + +if VPL_MBEDTLS_LIB + +config VPL_MBEDTLS_LIB_HASHING_ALT + bool "Replace MbedTLS native hashing with U-Boot legacy libraries (VPL)" + depends on VPL_MBEDTLS_LIB && !VPL_MBEDTLS_LIB_CRYPTO + select VPL_LEGACY_HASHING + default y if VPL_MBEDTLS_LIB && !VPL_MBEDTLS_LIB_CRYPTO + help + Enable MbedTLS hashing alternatives and replace them with legacy hashing + libraries in VPL. + This allows user to use U-Boot legacy hashing algorithms together with + other MbedTLS modules. + Mutually incompatible with VPL_MBEDTLS_LIB_CRYPTO. + +config VPL_MBEDTLS_LIB_CRYPTO + bool "Use MbedTLS native crypto libraries for hashing (VPL)" + default y if VPL_MBEDTLS_LIB + select VPL_MD5_MBEDTLS if VPL_MD5 + select VPL_SHA1_MBEDTLS if VPL_SHA1 + select VPL_SHA256_MBEDTLS if VPL_SHA256 + select VPL_SHA512_MBEDTLS if VPL_SHA512 + select VPL_SHA384_MBEDTLS if VPL_SHA384 + help + Enable MbedTLS native crypto libraries in VPL. + +if VPL_MBEDTLS_LIB_CRYPTO + +config VPL_SHA1_MBEDTLS + bool "Enable SHA1 support with MbedTLS crypto library (VPL)" + depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA1 + help + This option enables support of hashing using SHA1 algorithm + with MbedTLS crypto library in VPL. + +config VPL_SHA256_MBEDTLS + bool "Enable SHA256 support with MbedTLS crypto library (VPL)" + depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA256 + help + This option enables support of hashing using SHA256 algorithm + with MbedTLS crypto library in VPL. + +config VPL_SHA512_MBEDTLS + bool "Enable SHA512 support with MbedTLS crypto library (VPL)" + depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA512 + help + This option enables support of hashing using SHA512 algorithm + with MbedTLS crypto library in VPL. + +config VPL_SHA384_MBEDTLS + bool "Enable SHA384 support with MbedTLS crypto library (VPL)" + depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA384 + select VPL_SHA512 + help + This option enables support of hashing using SHA384 algorithm + with MbedTLS crypto library in VPL. + +config VPL_MD5_MBEDTLS + bool "Enable MD5 support with MbedTLS crypto library (VPL)" + depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_MD5 + help + This option enables support of hashing using MD5 algorithm + with MbedTLS crypto library in VPL. + +config VPL_HKDF_MBEDTLS + bool "Enable HKDF support with MbedTLS crypto library (VPL)" + depends on VPL_MBEDTLS_LIB_CRYPTO + help + This option enables support of key derivation using HKDF algorithm + with MbedTLS crypto library in VPL. + +endif # VPL_MBEDTLS_LIB_CRYPTO + +endif # VPL_MBEDTLS_LIB + +endif # VPL diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile index e66c2018d97..4bbe7ceec45 100644 --- a/lib/mbedtls/Makefile +++ b/lib/mbedtls/Makefile @@ -6,60 +6,60 @@ MBEDTLS_LIB_DIR = external/mbedtls/library # shim layer for hash -obj-$(CONFIG_$(SPL_)MD5_MBEDTLS) += md5.o -obj-$(CONFIG_$(SPL_)SHA1_MBEDTLS) += sha1.o -obj-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += sha256.o -obj-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += sha512.o +obj-$(CONFIG_$(XPL_)MD5_MBEDTLS) += md5.o +obj-$(CONFIG_$(XPL_)SHA1_MBEDTLS) += sha1.o +obj-$(CONFIG_$(XPL_)SHA256_MBEDTLS) += sha256.o +obj-$(CONFIG_$(XPL_)SHA512_MBEDTLS) += sha512.o # x509 libraries -obj-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \ +obj-$(CONFIG_$(XPL_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \ public_key.o -obj-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \ +obj-$(CONFIG_$(XPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \ x509_cert_parser.o -obj-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += pkcs7_parser.o -obj-$(CONFIG_$(SPL_)MSCODE_PARSER_MBEDTLS) += mscode_parser.o -obj-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += rsa_helper.o +obj-$(CONFIG_$(XPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += pkcs7_parser.o +obj-$(CONFIG_$(XPL_)MSCODE_PARSER_MBEDTLS) += mscode_parser.o +obj-$(CONFIG_$(XPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += rsa_helper.o # MbedTLS crypto library -obj-$(CONFIG_MBEDTLS_LIB) += mbedtls_lib_crypto.o +obj-$(CONFIG_$(XPL_)MBEDTLS_LIB) += mbedtls_lib_crypto.o mbedtls_lib_crypto-y := \ $(MBEDTLS_LIB_DIR)/platform_util.o \ $(MBEDTLS_LIB_DIR)/constant_time.o \ $(MBEDTLS_LIB_DIR)/md.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)MD5_MBEDTLS) += $(MBEDTLS_LIB_DIR)/md5.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA1_MBEDTLS) += $(MBEDTLS_LIB_DIR)/sha1.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += \ +mbedtls_lib_crypto-$(CONFIG_$(XPL_)MD5_MBEDTLS) += $(MBEDTLS_LIB_DIR)/md5.o +mbedtls_lib_crypto-$(CONFIG_$(XPL_)SHA1_MBEDTLS) += $(MBEDTLS_LIB_DIR)/sha1.o +mbedtls_lib_crypto-$(CONFIG_$(XPL_)SHA256_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/sha256.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += \ +mbedtls_lib_crypto-$(CONFIG_$(XPL_)SHA512_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/sha512.o -mbedtls_lib_crypto-$(CONFIG_$(SPL_)HKDF_MBEDTLS) += \ +mbedtls_lib_crypto-$(CONFIG_$(XPL_)HKDF_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/hkdf.o # MbedTLS X509 library -obj-$(CONFIG_MBEDTLS_LIB_X509) += mbedtls_lib_x509.o +obj-$(CONFIG_$(XPL_)MBEDTLS_LIB_X509) += mbedtls_lib_x509.o mbedtls_lib_x509-y := $(MBEDTLS_LIB_DIR)/x509.o -mbedtls_lib_x509-$(CONFIG_$(SPL_)ASN1_DECODER_MBEDTLS) += \ +mbedtls_lib_x509-$(CONFIG_$(XPL_)ASN1_DECODER_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/asn1parse.o \ $(MBEDTLS_LIB_DIR)/asn1write.o \ $(MBEDTLS_LIB_DIR)/oid.o -mbedtls_lib_x509-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += \ +mbedtls_lib_x509-$(CONFIG_$(XPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/bignum.o \ $(MBEDTLS_LIB_DIR)/bignum_core.o \ $(MBEDTLS_LIB_DIR)/rsa.o \ $(MBEDTLS_LIB_DIR)/rsa_alt_helpers.o -mbedtls_lib_x509-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \ +mbedtls_lib_x509-$(CONFIG_$(XPL_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/pk.o \ $(MBEDTLS_LIB_DIR)/pk_wrap.o \ $(MBEDTLS_LIB_DIR)/pkparse.o -mbedtls_lib_x509-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \ +mbedtls_lib_x509-$(CONFIG_$(XPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/x509_crl.o \ $(MBEDTLS_LIB_DIR)/x509_crt.o -mbedtls_lib_x509-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += \ +mbedtls_lib_x509-$(CONFIG_$(XPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/pkcs7.o #mbedTLS TLS support -obj-$(CONFIG_MBEDTLS_LIB_TLS) += mbedtls_lib_tls.o +obj-$(CONFIG_$(XPL_)MBEDTLS_LIB_TLS) += mbedtls_lib_tls.o mbedtls_lib_tls-y := \ $(MBEDTLS_LIB_DIR)/mps_reader.o \ $(MBEDTLS_LIB_DIR)/mps_trace.o \ diff --git a/lib/mbedtls/mbedtls_def_config.h b/lib/mbedtls/mbedtls_def_config.h index fd440c392f9..dda3f4dd6e4 100644 --- a/lib/mbedtls/mbedtls_def_config.h +++ b/lib/mbedtls/mbedtls_def_config.h @@ -11,12 +11,12 @@ * Author: Raymond Mao <raymond.mao@linaro.org> */ -#if defined CONFIG_MBEDTLS_LIB +#if CONFIG_IS_ENABLED(MBEDTLS_LIB) #if CONFIG_IS_ENABLED(MD5) #define MBEDTLS_MD_C #define MBEDTLS_MD5_C -#if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_HASHING_ALT) #define MBEDTLS_MD5_ALT #endif #endif @@ -24,7 +24,7 @@ #if CONFIG_IS_ENABLED(SHA1) #define MBEDTLS_MD_C #define MBEDTLS_SHA1_C -#if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_HASHING_ALT) #define MBEDTLS_SHA1_ALT #endif #endif @@ -32,7 +32,7 @@ #if CONFIG_IS_ENABLED(SHA256) #define MBEDTLS_MD_C #define MBEDTLS_SHA256_C -#if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_HASHING_ALT) #define MBEDTLS_SHA256_ALT #endif #if CONFIG_IS_ENABLED(SHA256_SMALLER) @@ -48,7 +48,7 @@ #if CONFIG_IS_ENABLED(SHA512) #define MBEDTLS_MD_C #define MBEDTLS_SHA512_C -#if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_HASHING_ALT) #define MBEDTLS_SHA512_ALT #endif #if CONFIG_IS_ENABLED(SHA512_SMALLER) @@ -60,7 +60,7 @@ #define MBEDTLS_HKDF_C #endif -#if defined CONFIG_MBEDTLS_LIB_X509 +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) #if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER) #define MBEDTLS_X509_USE_C @@ -89,9 +89,9 @@ #define MBEDTLS_ASN1_WRITE_C #endif -#endif /* #if defined CONFIG_MBEDTLS_LIB_X509 */ +#endif /* #if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) */ -#if IS_ENABLED(CONFIG_MBEDTLS_LIB_TLS) +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_TLS) #include "rtc.h" /* Generic options */ @@ -106,25 +106,36 @@ #define MBEDTLS_ENTROPY_C #define MBEDTLS_NO_PLATFORM_ENTROPY #define MBEDTLS_SSL_PROTO_TLS1_2 +#if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER) #define MBEDTLS_SSL_SERVER_NAME_INDICATION +#endif #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED /* RSA */ +#if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER) && \ + CONFIG_IS_ENABLED(RSA_PUBLIC_KEY_PARSER) #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED +#endif #define MBEDTLS_GCM_C /* ECDSA */ +#if CONFIG_IS_ENABLED(ASN1_DECODER) #define MBEDTLS_ECDSA_C +#define MBEDTLS_ECP_C #define MBEDTLS_ECDH_C +#endif #define MBEDTLS_ECDSA_DETERMINISTIC #define MBEDTLS_HMAC_DRBG_C -#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED + #define MBEDTLS_CAN_ECDH #define MBEDTLS_PK_CAN_ECDSA_SIGN -#define MBEDTLS_ECP_C +#if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER) +#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +#endif + #define MBEDTLS_ECP_DP_SECP256K1_ENABLED #define MBEDTLS_ECP_DP_SECP192R1_ENABLED #define MBEDTLS_ECP_DP_SECP224R1_ENABLED @@ -138,6 +149,6 @@ #define MBEDTLS_ECP_DP_BP384R1_ENABLED #define MBEDTLS_ECP_DP_BP512R1_ENABLED -#endif /* #if defined CONFIG_MBEDTLS_LIB_TLS */ +#endif /* #if CONFIG_IS_ENABLED(MBEDTLS_LIB_TLS) */ -#endif /* #if defined CONFIG_MBEDTLS_LIB */ +#endif /* #if CONFIG_IS_ENABLED(MBEDTLS_LIB) */ diff --git a/lib/mbedtls/port/mbedtls_options.h b/lib/mbedtls/port/mbedtls_options.h new file mode 100644 index 00000000000..885ed6990b6 --- /dev/null +++ b/lib/mbedtls/port/mbedtls_options.h @@ -0,0 +1,23 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Internal build options for MbedTLS + * + * Copyright (c) 2025 Linaro Limited + * Author: Raymond Mao <raymond.mao@linaro.org> + */ + +#ifndef _MBEDTLS_OPT_H +#define _MBEDTLS_OPT_H + +/* + * FIXME: + * U-Boot/MbedTLS port requires to access a few of members which are defined + * as private in MbedTLS context. + * E.g: x509_internal.h, mbedtls_sha256_context and mbedtls_sha1_context. + * MBEDTLS_ALLOW_PRIVATE_ACCESS needs to be enabled to allow the external + * access, but directly including <external/mbedtls/library/common.h> is not + * allowed, since this will include <malloc.h> and break the sandbox test. + */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + +#endif /* _MBEDTLS_OPT_H */ diff --git a/net/eth_common.c b/net/eth_common.c index 89b5bb37189..ba57d836b0b 100644 --- a/net/eth_common.c +++ b/net/eth_common.c @@ -31,11 +31,6 @@ int eth_env_set_enetaddr_by_index(const char *base_name, int index, void eth_common_init(void) { bootstage_mark(BOOTSTAGE_ID_NET_ETH_START); -#if CONFIG_IS_ENABLED(ETH) -#if defined(CONFIG_MII) || defined(CONFIG_CMD_MII) || defined(CONFIG_PHYLIB) - miiphy_init(); -#endif -#endif } int eth_mac_skip(int index) diff --git a/net/wget.c b/net/wget.c index 0b082c61947..c73836cbc9d 100644 --- a/net/wget.c +++ b/net/wget.c @@ -53,6 +53,9 @@ static inline int store_block(uchar *src, unsigned int offset, unsigned int len) ulong store_addr = image_load_addr + offset; uchar *ptr; + // Avoid overflow + if (wget_info->buffer_size && wget_info->buffer_size < offset + len) + return -1; if (CONFIG_IS_ENABLED(LMB) && wget_info->set_bootdev) { if (store_addr < image_load_addr || lmb_read_check(store_addr, len)) { @@ -98,12 +101,6 @@ static void tcp_stream_on_closed(struct tcp_stream *tcp) net_set_state(wget_loop_state); if (wget_loop_state != NETLOOP_SUCCESS) { net_boot_file_size = 0; - if (wget_info->status_code == HTTP_STATUS_OK) { - wget_info->status_code = HTTP_STATUS_BAD; - wget_info->hdr_cont_len = 0; - if (wget_info->headers) - wget_info->headers[0] = 0; - } printf("\nwget: Transfer Fail, TCP status - %d\n", tcp->status); return; } @@ -212,6 +209,11 @@ static void tcp_stream_on_rcv_nxt_update(struct tcp_stream *tcp, u32 rx_bytes) "wget: Connected Len %lu\n", content_length); wget_info->hdr_cont_len = content_length; + if (wget_info->buffer_size && wget_info->buffer_size < wget_info->hdr_cont_len){ + tcp_stream_reset(tcp); + goto end; + } + } net_boot_file_size = rx_bytes - http_hdr_size; @@ -227,7 +229,9 @@ static int tcp_stream_rx(struct tcp_stream *tcp, u32 rx_offs, void *buf, int len if ((max_rx_pos == (u32)(-1)) || (max_rx_pos < rx_offs + len - 1)) max_rx_pos = rx_offs + len - 1; - store_block(buf, rx_offs - http_hdr_size, len); + // Avoid overflow + if (store_block(buf, rx_offs - http_hdr_size, len) < 0) + return -1; return len; } diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index b8eb57f38c7..f9f8891c0c4 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -7205,8 +7205,8 @@ sub process { # check for IS_ENABLED() without CONFIG_<FOO> ($rawline for comments too) if ($rawline =~ /\bIS_ENABLED\s*\(\s*(\w+)\s*\)/ && $1 !~ /^${CONFIG_}/) { - WARN("IS_ENABLED_CONFIG", - "IS_ENABLED($1) is normally used as IS_ENABLED(${CONFIG_}$1)\n" . $herecurr); + ERROR("IS_ENABLED_CONFIG", + "IS_ENABLED($1) must be used as IS_ENABLED(${CONFIG_}$1)\n" . $herecurr); } # check for #if defined CONFIG_<FOO> || defined CONFIG_<FOO>_MODULE diff --git a/tools/binman/binman.rst b/tools/binman/binman.rst index 990fc295770..84b1331df5c 100644 --- a/tools/binman/binman.rst +++ b/tools/binman/binman.rst @@ -823,24 +823,6 @@ multiple-images: }; }; -end-at-4gb: - For x86 machines the ROM offsets start just before 4GB and extend - up so that the image finished at the 4GB boundary. This boolean - option can be enabled to support this. The image size must be - provided so that binman knows when the image should start. For an - 8MB ROM, the offset of the first entry would be 0xfff80000 with - this option, instead of 0 without this option. - -skip-at-start: - This property specifies the entry offset of the first entry. - - For PowerPC mpc85xx based CPU, CONFIG_TEXT_BASE is the entry - offset of the first entry. It can be 0xeff40000 or 0xfff40000 for - nor flash boot, 0x201000 for sd boot etc. - - 'end-at-4gb' property is not applicable where CONFIG_TEXT_BASE + - Image size != 4gb. - align-default: Specifies the default alignment for entries in this section if they do not specify an alignment. Note that this only applies to top-level entries @@ -957,6 +939,35 @@ filename: section in different image, since there is currently no way to share data between images other than through files. +end-at-4gb: + For x86 machines the ROM offsets start just before 4GB and extend + up so that the image finished at the 4GB boundary. This boolean + option can be enabled to support this. The image size must be + provided so that binman knows when the image should start. For an + 8MB ROM, the offset of the first entry would be 0xfff80000 with + this option, instead of 0 without this option. + +skip-at-start: + This property specifies the entry offset of the first entry in the section. + It is useful when the Binman image is written to a particular offset in the + media. It allows the offset of the first entry to be the media offset, even + though it is at the start of the image. It effectively creates a hole at the + start of the image, an implied, empty area. + + For example, if the image is written to offset 4K on the media, set + skip-at-start to 0x1000. At runtime, the Binman image will assume that it + has be written at offset 4K and all symbols and offsets will take account of + that. The image-pos values will also be adjusted. The effect is similar to + adding an empty 4K region at the start, except that Binman does not actually + output it. + + For PowerPC mpc85xx based CPU, CONFIG_TEXT_BASE is the entry + offset of the first entry. It can be 0xeff40000 or 0xfff40000 for + nor flash boot, 0x201000 for sd boot etc. + + 'end-at-4gb' property is not applicable where CONFIG_TEXT_BASE + + Image size != 4gb. + Image Properties ---------------- diff --git a/tools/binman/entry.py b/tools/binman/entry.py index 68f8d62bba9..bdc60e47fca 100644 --- a/tools/binman/entry.py +++ b/tools/binman/entry.py @@ -392,9 +392,8 @@ class Entry(object): """Set the value of device-tree properties calculated by binman""" state.SetInt(self._node, 'offset', self.offset) state.SetInt(self._node, 'size', self.size) - base = self.section.GetRootSkipAtStart() if self.section else 0 if self.image_pos is not None: - state.SetInt(self._node, 'image-pos', self.image_pos - base) + state.SetInt(self._node, 'image-pos', self.image_pos) if self.GetImage().allow_repack: if self.orig_offset is not None: state.SetInt(self._node, 'orig-offset', self.orig_offset, True) @@ -722,7 +721,7 @@ class Entry(object): is_elf = self.GetDefaultFilename() == self.elf_fname symbols_base = self.symbols_base - if symbols_base is None and self.GetImage()._end_4gb: + if symbols_base is None and self.GetImage()._end_at_4gb: symbols_base = 0 elf.LookupAndWriteSymbols(self.elf_fname, self, section.GetImage(), diff --git a/tools/binman/etype/fmap.py b/tools/binman/etype/fmap.py index 3669d91a0bc..35ca8490f79 100644 --- a/tools/binman/etype/fmap.py +++ b/tools/binman/etype/fmap.py @@ -65,7 +65,7 @@ class Entry_fmap(Entry): if entry.image_pos is None: pos = 0 else: - pos = entry.image_pos - entry.GetRootSkipAtStart() + pos = entry.image_pos # Drop @ symbols in name name = entry.name.replace('@', '') @@ -75,8 +75,6 @@ class Entry_fmap(Entry): _AddEntries(areas, subentry) else: pos = entry.image_pos - if pos is not None: - pos -= entry.section.GetRootSkipAtStart() areas.append(fmap_util.FmapArea(pos or 0, entry.size or 0, entry.name, flags)) diff --git a/tools/binman/etype/section.py b/tools/binman/etype/section.py index f4f48c00e87..5e11cf58d28 100644 --- a/tools/binman/etype/section.py +++ b/tools/binman/etype/section.py @@ -165,7 +165,7 @@ class Entry_section(Entry): self._pad_byte = 0 self._sort = False self._skip_at_start = None - self._end_4gb = False + self._end_at_4gb = False self._ignore_missing = False self._filename = None self.align_default = 0 @@ -187,9 +187,9 @@ class Entry_section(Entry): super().ReadNode() self._pad_byte = fdt_util.GetInt(self._node, 'pad-byte', 0) self._sort = fdt_util.GetBool(self._node, 'sort-by-offset') - self._end_4gb = fdt_util.GetBool(self._node, 'end-at-4gb') + self._end_at_4gb = fdt_util.GetBool(self._node, 'end-at-4gb') self._skip_at_start = fdt_util.GetInt(self._node, 'skip-at-start') - if self._end_4gb: + if self._end_at_4gb: if not self.size: self.Raise("Section size must be provided when using end-at-4gb") if self._skip_at_start is not None: @@ -801,7 +801,7 @@ class Entry_section(Entry): if not entry: self._Raise("Unable to set offset/size for unknown entry '%s'" % name) - entry.SetOffsetSize(self._skip_at_start + offset if offset is not None + entry.SetOffsetSize(offset + self._skip_at_start if offset is not None else None, size) def GetEntryOffsets(self): diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py index a553ca9e564..733169b99f6 100644 --- a/tools/binman/ftest.py +++ b/tools/binman/ftest.py @@ -2297,16 +2297,17 @@ class TestFunctional(unittest.TestCase): fhdr, fentries = fmap_util.DecodeFmap(data[32:]) self.assertEqual(0x100, fhdr.image_size) + base = (1 << 32) - 0x100 - self.assertEqual(0, fentries[0].offset) + self.assertEqual(base, fentries[0].offset) self.assertEqual(4, fentries[0].size) self.assertEqual(b'U_BOOT', fentries[0].name) - self.assertEqual(4, fentries[1].offset) + self.assertEqual(base + 4, fentries[1].offset) self.assertEqual(3, fentries[1].size) self.assertEqual(b'INTEL_MRC', fentries[1].name) - self.assertEqual(32, fentries[2].offset) + self.assertEqual(base + 32, fentries[2].offset) self.assertEqual(fmap_util.FMAP_HEADER_LEN + fmap_util.FMAP_AREA_LEN * 3, fentries[2].size) self.assertEqual(b'FMAP', fentries[2].name) @@ -2319,27 +2320,28 @@ class TestFunctional(unittest.TestCase): fhdr, fentries = fmap_util.DecodeFmap(data[36:]) self.assertEqual(0x180, fhdr.image_size) + base = (1 << 32) - 0x180 expect_size = fmap_util.FMAP_HEADER_LEN + fmap_util.FMAP_AREA_LEN * 4 fiter = iter(fentries) fentry = next(fiter) self.assertEqual(b'U_BOOT', fentry.name) - self.assertEqual(0, fentry.offset) + self.assertEqual(base, fentry.offset) self.assertEqual(4, fentry.size) fentry = next(fiter) self.assertEqual(b'SECTION', fentry.name) - self.assertEqual(4, fentry.offset) + self.assertEqual(base + 4, fentry.offset) self.assertEqual(0x20 + expect_size, fentry.size) fentry = next(fiter) self.assertEqual(b'INTEL_MRC', fentry.name) - self.assertEqual(4, fentry.offset) + self.assertEqual(base + 4, fentry.offset) self.assertEqual(3, fentry.size) fentry = next(fiter) self.assertEqual(b'FMAP', fentry.name) - self.assertEqual(36, fentry.offset) + self.assertEqual(base + 36, fentry.offset) self.assertEqual(expect_size, fentry.size) def testElf(self): @@ -3535,8 +3537,8 @@ class TestFunctional(unittest.TestCase): image = control.images['image'] entries = image.GetEntries() desc = entries['intel-descriptor'] - self.assertEqual(0xff800000, desc.offset); - self.assertEqual(0xff800000, desc.image_pos); + self.assertEqual(0xff800000, desc.offset) + self.assertEqual(0xff800000, desc.image_pos) def testReplaceCbfs(self): """Test replacing a single file in CBFS without changing the size""" @@ -3778,8 +3780,8 @@ class TestFunctional(unittest.TestCase): image = control.images['image'] entries = image.GetEntries() - expected_ptr = entries['intel-fit'].image_pos - (1 << 32) - self.assertEqual(expected_ptr, ptr) + expected_ptr = entries['intel-fit'].image_pos #- (1 << 32) + self.assertEqual(expected_ptr, ptr + (1 << 32)) def testPackIntelFitMissing(self): """Test detection of a FIT pointer with not FIT region""" @@ -4773,7 +4775,7 @@ class TestFunctional(unittest.TestCase): entry = image.GetEntries()['fdtmap'] self.assertEqual(orig_entry.offset, entry.offset) self.assertEqual(orig_entry.size, entry.size) - self.assertEqual(16, entry.image_pos) + self.assertEqual((1 << 32) - 0x400 + 16, entry.image_pos) u_boot = image.GetEntries()['section'].GetEntries()['u-boot'] |