| Age | Commit message (Collapse) | Author |
|---|
|
- rti: support SPL (or re-start) (Alexander)
- rti: drop hack manipulating WDT clock rate (Alexander)
|
|
https://source.denx.de/u-boot/custodians/u-boot-tpm
A few changes for the TPM subsystem wrt to EventLong creation and measurements.
Generally speaking it's insecure for a TPM to not cap all the active PCRs
when performing measurements.
Up to now we had code querying the active PCR banks on the fly and reason
whether it should perform a measurement or not. Since a TPM requires a reset
to change the active PCR banks, it's easier and faster to store them in an
array in the device private data and check against that.
This relates to an interesting feature some bootloaders have. For example
TF-A can't extend a PCR since it has no TPM drivers, but can produce an
EventLog that U-Boot can replay on the hardware once that comes up.
The supported hash algorithms of the TF-A generated Eventlog are generated
at compile time. When trying to replay an EventLog the TPM active PCR banks
and the created EventLog algorithms must agree. We used to report an error
but that changed in commit 97707f12fdab ("tpm: Support boot measurements").
This PR also brings up the old behavior and an error is reported now while
printing a human readable list of the mismatched algorithms.
|
|
* Provide a link to 'TPM 2.0 Library Specification'
* Remove outdated comment for TPM2_NUM_PCR_BANKS.
The value 16 can be found in the current standard
TCG TSS 2.0 Overview and Common Structures Specification 1.0, rev 10
* Describe some of the structures in Sphinx style.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
https://source.denx.de/u-boot/custodians/u-boot-efi
Pull request efi-next-20250105
Documentation:
* doc: develop: Fix typos and wording in binman/binman.rst
* doc: develop: Fix typos and wording in gdb.rst
* doc: sandbox: Fix the "sb" command name
* doc/develop/distro.rst: Better document upstream definition of extlinux.conf
UEFI:
* efi_loader: avoid writing message in Exit() boot service
* efi_loader: update EFI specification version
* cmd: efidebug: update output of memory attributes
* efi_loader: Don't warn if the TCG2 FinalEvents table is not installed
* cmd: bootmenu: add parameter -e for UEFI boot options
* efi_loader: Update startimage_exit self-test to check error
* efi: Correct ECPT table GUID
Others:
Building the API demo application for riscv64 is supported.
* API: unify platform_sys_info() implementations
* examples: implement _start and syscall for RISC-V
* examples: use architecture specific memset() on RISC-V
* examples: use QEMU compatible LOAD_ADDR on RISC-V
* test: fix test_extension.py
* configs: sandbox_deconfig: remove CONFIG_AMIGA_PARTITION
* CI: xilinx_versal_virt: disable USB_DWC3
* net: eth_bootdev_hunt() should not run DHCP
|
|
|
|
Venkatesh Yadav Abbarapu <venkatesh.abbarapu@amd.com> says:
Add the basic 'hello world ta' command which increments the value passed.
This provides easy test for establishing a session with OP-TEE TA and verify.
It includes following subcommands:
optee hello
optee hello <value>; value to increment via OP-TEE HELLO WORLD TA.
Link: https://lore.kernel.org/r/20241219043918.1646095-1-venkatesh.abbarapu@amd.com
|
|
Judith Mendez <jm@ti.com> says:
This patch series adds config options for Sitara K3 boards
to support MMC UHS modes.
While testing with SD card boot and eMMC boot,
found missing eMMC boot support for am62ax in am62a7_init,
patch 1/7, and missing config option to support eMMC boot.
While we are here, for am62ax, enable config option to
change MMC bus modes and enable r5 SDHCI ADMA for faster boot
time.
Also for all k3 Sitara boards, cleanup MMC ENV configs that
are no longer needed since we no longer load env from MMC
device.
Link: https://lore.kernel.org/r/20241220203704.2076499-1-jm@ti.com
|
|
To allow disabling algorithms for tcg2, in function
tcg2_create_digest(), each hash algorithm operations should under
the hash kconfig control to avoid building errors when the algorithm
is disabled.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
We used to stop replaying an EventLog if parsing failed, but that got
lost in commit 97707f12fdab ("tpm: Support boot measurements").
When an EventLog is passed yo us from a previous bootloader, we want to
validate it as much as we can and make sure the defined PCR banks of
the log exist in our TPM and firmware so we can replay it if needed or
use it as-in, in case the PCRs are already extended.
So let's add the checks back and while at it simplify the logic of
rejecting an EventLog.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
A previous patch is storing the active PCR banks on the TPM private
data. Instead of parsing them on the fly use the stored values.
This allows us to simplify our checks during the log creation and
parsing.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
A previous patch is storing the active PCR banks on the TPM private
data. Instead of parsing them on the fly use the stored values.
This allows us to simplify our checks during the log creation and
parsing.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
We have a lot of code trying to reason about the active TPM PCRs
when creating an EventLog. Since changing the active banks can't
be done on the fly and requires a TPM reset, let's store them
in the chip private data instead.
Upcoming patches will use this during the EventLog creation.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
We already check the active banks vs what U-Boot was compiled with when
trying to extend a PCR and we refuse to do so if the TPM active ones
don't match the ones U-Boot supports.
Do the same thing for the EventLog creation since extending will fail
anyway and print a message so the user can figure out the missing
algorithms.
Co-developed-by: Raymond Mao <raymond.mao@linaro.org>
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Add a bool var into hash_algo_list to indicate whether the algorithm
is supported or not and move the IS_ENABLED to only cover this var.
So that we can have the name, hash, mask and size no matter the
digest kconfigs are enabled or not.
In before, tpm2_algorithm_to_len() and tcg2_algorithm_to_mask() are used to
identify an unsupported algorithm when they return 0.
It is not the case now when hash_algo_list always provides algorithm size
and mask, thus a new API is introduced to check if an algorithm is
supported by U-Boot.
Suggested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Rename the arguments of tcg2_get_pcr_info() to clarify
they are bank masks, not PCR mask.
Remove the unused local variable.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
When that function was introduced we were only using it to check if
extending a PCR was allowed, so the name made sense. A few patches ago
we used that function to reason about the EventLog creation and general
usage of PCRs , so let's rename it to something more generic that makes
more sense in all contexts.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
This function is checking for active PCR banks, so rename it
to something that's easier to read and closer to what the function
does.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
The hack itself seems to be copied from Linux rti_wdt.c, but the WDT reset
principle is different in U-Boot. While Linux relies on correct frequencies
and timers and doesn't check the actual WDT counter value U-Boot driver
seems to be more robust: it does compare RTIDWDCNTR vs RTIDWDPRLD.
Now the root cause of the original motivation to manipulate the clock rate
is said to be understood and fixed in Linux commit cae58516534e
("watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin")
which simultaneously removed the hack itself.
While is fix part of the mentioned patch is neither applicable nor requried
for the U-Boot driver just drop the hack setting WDT clock rate to 90% of
the real rate. This has a nice effect that the WDT timeout is now as
requested and not 10% shorter.
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@siemens.com>
Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Stefan Roese <sr@denx.de>
|
|
If the RTI watchdog has been enabled in SPL, enabling it in U-Boot proper
fails because it can only be enabled once in HW and never stopped. This
however leads to a situation that wdt_cyclic() watchdog trigger is not
being started any longer and the WDT fires at some point.
Allow for WDT re-start by not bailing out if the [previously] configured
period matches the one to be configured.
Enabling in [A53] SPL has been tested on AM62x-based HW (where [A53] SPL is
responsible for loading R5 DM firmware and not this driver).
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@siemens.com>
Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Stefan Roese <sr@denx.de>
|
|
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
Refer to UEFI specification 2.10:
#define EFI_CONFORMANCE_PROFILES_TABLE_GUID \
{ 0x36122546, 0xf7e7, 0x4c8f, \
{ 0xbd, 0x9b, 0xeb, 0x85, 0x25, 0xb5, 0x0c, 0x0b }}
Signed-off-by: Yang Gang <yanggang@byosoft.com.cn>
Fixes: 6b92c1735205 ("efi: Create ECPT table")
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
|
First, the "Boot Loader Specification" link has moved to a new location,
so link to that directly. Second, that link does not document as much of
the extlinux.conf format as I recall the old version doing at least.
However, the Syslinux Project wiki is the current location of the documentation
linked to in doc/README.pxe and also has a reference for SYSLINUX. Link
to both of these.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
* add EFI_MEMORY_CPU_CRYPTO, EFI_MEMORY_HOT_PLUGGABLE
* correct output for EFI_MEMORY_XP
* remove duplicate list entry for EFI_MEMORY_UC
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
|
UEFI specification 2.11 has been published.
There are no changes relevant for the U-Boot scope.
So let us update the supported specification version.
Change the comment for the constant to Sphinx style.
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
|
This is done so that the device path protocol interface of the network
device can be changed internally by u-boot when a new bootfile gets
downloaded.
Signed-off-by: Adriano Cordova <adriano.cordova@canonical.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
The command name was "sbi" instead of "sb" in "doc/usage/cmd/sb.rst",
the file documenting the "sb" command. It is annoying, because the
index in the left panel on the
<https://docs.u-boot.org/en/latest/usage/cmd/sb.html> page shows no
"sb" command, which makes difficult to navigate to the "sb"
documentation.
Fixed the command name: "sbi" -> "sb".
Fixes: ec6d30649cd5 (doc: sandbox: Add docs for the sb command, 2024-10-28)
Signed-off-by: Olivier L'Heureux <olivier.lheureux@mind.be>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Fix some typos and duplicate words in gdb.rst.
Signed-off-by: Lothar Rubusch <l.rubusch@gmail.com>
Acked-by: Alexander Dahl <ada@thorsis.com>
|
|
Fix some typos and duplicate words in binman.rst.
Signed-off-by: Lothar Rubusch <l.rubusch@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Check for an error returned from the decompress() function, just in
case.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
The fix provided by 997fc12ec91 is actually introducing
a buffer overrun, and the overrun is effective if the
memory after the reloc section is not zeroed.
Probably that's why this bug is not always noticeable.
The problem is that 8-bytes 'rel' pointer can be 4-bytes aligned
according to the PE Format, so the actual relocate function can
take values after the reloc section.
One example is the following dump from the reloc section:
bce26000: 3000 0000 000c 0000 0000 0000 0000 0000
bce26010: 7c00 9340 67e0 f900 1c00 0ea1 a400 0f20
This section has two relocations at offset bce26008 and bce2600a,
however the given size (rel_size) for this relocation is 16-bytes
and this is coming form the efi image Misc.VirtualSize, so in this
case the 'reloc' pointer ends at affset bce2600c and is taken as
valid and this is where the overflow is.
In our system we see this problem when we are starting the
Boot Guard efi image.
This patch is fixing the overrun while preserving the fix done
by 997fc12ec91.
Signed-off-by: Aleksandar Gerasimovski <aleksandar.gerasimovski@belden.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
|
When the TCG2 protocol installation fails, we are trying to remove
all the objects we created in tcg2_uninit().
However, there are cases when this function runs before the config
table was installed. So instead of printing an error unconditionally
check against EFI_NOT_FOUND and don't print anything if the table wasn't
installed to begin with.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
The bootmenu command can display
* menu entries defined by environment variables
* menu entries defined by UEFI boot options
Not in all cases showing the UEFI boot options is desired.
Provide a new parameter '-e' to select the display of UEFI boot options.
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
|
Currently when booting dhcp_run() may be executed multiple times:
once in eth_bootdev_hunt() and once in the network booting bootmeth.
We need to call eth_bootdev_hunt() when setting up the EFI sub-system to
supply the simple network protocol. We don't need an IP address set up.
We can reduce the bootime by not executing dhcp_run() in
eth_bootdev_hunt().
Furthermore eth_bootdev_hunt() with autostart=yes leads on the legacy
network stack leads to downloading a file via TFTP and to booting the
downloaded file.
Instead of running dchp_run() just check that there is a network device
in eth_bootdev_hunt().
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
The CI uses the following command to launch xilinx_versal_virt_defconfig:
qemu-system-aarch64 -M xlnx-versal-virt \
-display none -m 4G -serial mon:stdio \
-device loader,file=u-boot,cpu-num=0
'usb start' or invoking eth_bootdev_hunt leads to a crash when function
dwc3_core_init() tries to access a register at offset 0xc704 (DWC3_DCTL)
relative to the register start address 0xfe20c100.
Disable CONFIG_USB_DWC3 in the CI until the driver problem is fixed.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
|
We do not actually test the code.
Scanning for Amiga partitions of the sandbox is extremely slow,
especially on the partially implemented USB device.
For build testing the other sandbox defconfigs are good enough.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
test_extension.py assumes that no extension is known at test start.
This assumption is wrong because we do not come out of reboot.
A prior test may have already hunted for the extension bootdev.
Remove the invalid assert.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
|
We should not write messages in UEFI API functions. This may lead to
incorrect screen layout in UEFI application.
For single statements after if clause we don't need braces.
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
|
On some RISC-V including QEMU $loadaddr is 0x80200000.
For bootelf to work choose a different LOAD_ADDR to which the demo ELF
binary is relocated.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
|
Build the architecture specific memset() if configured.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
|
To build the API examples on RISC-V we need to
implement _start and syscall for RISC-V.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
|
ARM, MIPS, and RISCV can use the same implementation of
platform_sys_info(). PPC provides some extra information.
So keep it separate.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
|
Provide a man-page for the optee command.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@amd.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
Add the basic 'hello world ta' command which increment
of the value passed. This provides easy test for
establishing a session with OP-TEE TA and verify.
It includes following "hello world ta" subcommands:
optee hello; default value '0' is passed and gets incremented.
optee hello <value>; value to increment via OP-TEE HELLO
WORLD TA.
To enable the OP-TEE side HELLO WORLD example please refer
https://optee.readthedocs.io/en/latest/building/gits/optee_examples/optee_examples.html
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@amd.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
Enable SUPPORT_EMMC_BOOT to help support eMMC boot on am62ax
device.
Signed-off-by: Judith Mendez <jm@ti.com>
|
|
Enable MMC_SPEED_MODE_SET config option in defconfig to enable
changing MMC bus modes with mmc rescan for am62ax device.
Signed-off-by: Judith Mendez <jm@ti.com>
|
|
Enable SPL_MMC_SDHCI_ADMA config option for r5 SPL
to improve boot time during r5 SPL stage.
Signed-off-by: Judith Mendez <jm@ti.com>
|
|
Enable configs required to enable MMC UHS modes in A53 SPL
and U-Boot proper.
Signed-off-by: Judith Mendez <jm@ti.com>
|
|
Enable configs required to enable MMC UHS modes in A53 SPL
and U-Boot proper.
Signed-off-by: Judith Mendez <jm@ti.com>
|
|
Since we do not load env from MMC device anymore, remove
any MMC env config options.
Signed-off-by: Judith Mendez <jm@ti.com>
|
|
This adds FS and raw boot mode support for eMMC similar to other K3
platforms.
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
|
