| Age | Commit message (Collapse) | Author |
|---|
|
Add porting layer for MSCode on top of MbedTLS ASN1 library.
Introduce _MBEDTLS kconfigs for MSCode MbedTLS implementation.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Previous patch has introduced MbedTLS porting layer for PKCS7 parser,
here to adjust the header and makefiles accordingly.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
|
|
Add porting layer for PKCS7 parser on top of MbedTLS PKCS7 library.
Introduce _LEGACY and _MBEDTLS kconfigs for PKCS7 parser legacy and
MbedTLS implementations respectively.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Previous patch has introduced MbedTLS porting layer for x509 cert parser,
here to adjust the header and makefiles accordingly.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
|
|
Add porting layer for X509 cert parser on top of MbedTLS X509
library.
Introduce _LEGACY and _MBEDTLS kconfigs for X509 cert parser legacy
and MbedTLS implementations respectively.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
|
|
Previous patch has introduced MbedTLS porting layer for public key,
here to adjust the header and makefiles accordingly.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Add porting layer for public key on top of MbedTLS X509 library.
Introduce _LEGACY and _MBEDTLS kconfigs for public key legacy and
MbedTLS implementations respectively.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Move pkcs7_get_content_data as a helper function that can be
shared by legacy crypto lib and MbedTLS implementation.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Move x509_check_for_self_signed as a common helper function
that can be shared by legacy crypto lib and MbedTLS implementation.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Move public_key_free and public_key_signature_free as helper
functions that can be shared by legacy crypto lib and MbedTLS
implementation.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Update the PKCS7 test suites for multiple certs.
The PR for this patch is at:
https://github.com/Mbed-TLS/mbedtls/pull/9001
For enabling EFI loader PKCS7 features with MbedTLS build,
we need this patch on top of MbedTLS v3.6.0 before it is merged into
the next MbedTLS LTS release.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Support decoding multiple signer's cert in the signed data within
a PKCS7 message.
The PR for this patch is at:
https://github.com/Mbed-TLS/mbedtls/pull/9001
For enabling EFI loader PKCS7 features with MbedTLS build,
we need this patch on top of MbedTLS v3.6.0 before it is merged into
the next MbedTLS LTS release.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
|
|
Populate PKCS9 Authenticate Attributes from signer info if it exists
in a PKCS7 message.
Add OIDs for describing objects using for Authenticate Attributes.
The PR for this patch is at:
https://github.com/Mbed-TLS/mbedtls/pull/9001
For enabling EFI loader PKCS7 features with MbedTLS build,
we need this patch on top of MbedTLS v3.6.0 before it is merged into
the next MbedTLS LTS release.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Populate Microsoft Authentication Code from the content data
into PKCS7 decoding context if it exists in a PKCS7 message.
Add OIDs for describing objects using for Microsoft Authentication
Code.
The PR for this patch is at:
https://github.com/Mbed-TLS/mbedtls/pull/9001
For enabling EFI loader PKCS7 features with MbedTLS build,
we need this patch on top of MbedTLS v3.6.0 before it is merged into
the next MbedTLS LTS release.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Smaller implementation for SHA256 and SHA512 helps to reduce the
ROM footprint though it has a certain impact on performance.
As a trade-off, enable it as a default config when MbedTLS is
enabled can reduce the target size significantly with acceptable
performance loss.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Implement digest shim layer on top of MbedTLS crypto library.
Introduce <alg>_MBEDTLS kconfig for MbedTLS crypto implementations.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
|
|
We don't need an API specially for non-watchdog since sha1_csum_wd
supports it by disabling CONFIG_HW_WATCHDOG and CONFIG_WATCHDOG.
Set 0x10000 as default chunk size for SHA1.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
We don't need an API specially for non-watchdog since md5_wd supports
it by disabling CONFIG_HW_WATCHDOG and CONFIG_WATCHDOG.
Set 0x10000 as default chunk size for MD5.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Michal Simek <michal.simek@amd.com>
|
|
Adapt digest header files to support both original libs and MbedTLS
by switching on/off MBEDTLS_LIB_CRYPTO.
Introduce <alg>_LEGACY kconfig for legacy hash implementations.
sha256.o should depend on SHA256 kconfig only but not SUPPORT_EMMC_RPMB,
SHA256 should be selected when SUPPORT_EMMC_RPMB is enabled instead.
`IS_ENABLED` or `CONFIG_IS_ENABLED` is not applicable here, since
including <linux/kconfig.h> causes undefined reference on schedule()
with sandbox build, as <linux/kconfig.h> includes <generated/autoconf.h>
which enables `CONFIG_HW_WATCHDOG` and `CONFIG_WATCHDOG` but no schedule()
are defined in sandbox build,
Thus we use `#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)` instead.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
Port mbedtls with adapted libc header files.
Add mbedtls default config header file.
Optimize mbedtls default config by disabling unused features to
reduce the target size.
Add mbedtls kbuild makefile.
Add Kconfig skeleton and config submenu entry for selecting
crypto libraries between mbedtls and legacy ones.
Add the mbedtls include directories into the build system.
Port u-boot hash functions as MbedTLS crypto alternatives and set
it as default.
Subsequent patches will separate those Kconfigs into pairs of
_LEGACY and _MBEDTLS for controlling the implementations of legacy
crypto libraries and MbedTLS ones respectively.
The motivation of moving and adapting *INT* macros from kernel.h
to limits.h is to fulfill the MbedTLS building requirement.
The conditional compilation statements in MbedTLS expects the
*INT* macros as constant expressions, thus expressions like
`((int)(~0U >> 1))` will not work.
Prerequisite
------------
This patch series requires mbedtls git repo to be added as a
subtree to the main U-Boot repo via:
$ git subtree add --prefix lib/mbedtls/external/mbedtls \
https://github.com/Mbed-TLS/mbedtls.git \
v3.6.0 --squash
Moreover, due to the Windows-style files from mbedtls git repo,
we need to convert the CRLF endings to LF and do a commit manually:
$ git add --renormalize .
$ git commit
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
|
|
Since MbedTLS is an external repo with its own coding style,
exclude it from Azure and gitlab CI CONFIG checks.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
'lib/mbedtls/external/mbedtls'
|
|
git-subtree-dir: lib/mbedtls/external/mbedtls
git-subtree-split: 2ca6c285a0dd3f33982dd57299012dacab1ff206
|
|
During DT sync with kernel 6.6, AVS feature was removed by mistake.
So adding back AVS feature.
Fixes: df73e791ce09("arm: dts: j7200: dts sync with Linux 6.6-rc1")
Signed-off-by: Udit Kumar <u-kumar1@ti.com>
Reviewed-by: Aniket Limaye <a-limaye@ti.com>
|
|
Rsync all defconfig files using moveconfig.py
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
There are lots of usecases for running baremetal ELF
binaries via bootelf but if you enable bootelf you
get bootvx as well and you probably don't want or need
it.
Hide bootvx behind it's own configuration option.
Signed-off-by: Daniel Palmer <daniel@0x0f.com>
|
|
Add the "required", "algo", and "key-name-hint" nodes to the
signature/key node if ecdsa256 is used.
This change is mainly copy&paste from rsa_add_verify_data which already
adds these nodes.
Signed-off-by: Matthias Pritschet <matthias.pritschet@itk-engineering.de>
|
|
If the signature/key node(s) are not yet present in the U-Boot device
tree, ecdsa_add_verify_data simply fails if it can't find the nodes.
This behaviour differs from rsa_add_verify_data, wich does add the missing
nodes and proceeds in that case.
This change is mainly copy&paste from rsa_add_verify_data to add the
same behaviour to ecdsa_add_verify_data.
Signed-off-by: Matthias Pritschet <matthias.pritschet@itk-engineering.de>
|
|
There is no need to define a default for bootcmd in R5 u-boot because
the R5 is directly booting into the next stage A53 bootloader.
Signed-off-by: Wadim Egorov <w.egorov@phytec.de>
|
|
Initializing a clock driver to read a known static clock rate can take
some time at U-Boot proper pre-reloc phase.
Change to first try and read clock rate from DT to speed up boot time,
fall back to getting the clock rate from clock driver.
This help reduce boot time by around:
- ~35ms on a Radxa ROCK Pi 4 (RK3399)
- ~15ms on a Radxa ZERO 3W (RK3566)
Time that is wasted getting a static rate known at compile time.
Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Mediatek pinctrl drivers call mtk_gpiochip_register() to bind the child
gpio controller as part of mtk_pinctrl_common_probe(). This breaks
gpiohog support because the gpio controller is bound too late for
DM_FLAG_PROBE_AFTER_BIND (set while binding hogs) to work.
Move the mtk_gpiochip_register() to mtk_pinctrl_common_bind() and call
this as the .bind method of each of the mediatek pinctrl drivers.
Signed-off-by: Chris Webb <chris@arachsys.com>
|
|
|
|
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
The SSCG is active with MDSEL[12] is not set. Previous commit
99c7e031196d ("clk: renesas: rcar-gen3: Replace SSCG caching
with MDSEL/PE caching") inverted the conditional assignment
of priv->sscg = !(cpg_mode & BIT(12)) during conversion from
(priv->sscg ? 16 : 0) to priv->cpg_mode & BIT(core->offset) ? 16 : 0;
Invert the assignment back to the correct state.
This fixes R8A77980, R8A77990, R8A77995 and R8A774C0.
Fixes: 99c7e031196d ("clk: renesas: rcar-gen3: Replace SSCG caching with MDSEL/PE caching")
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
|
|
https://gitlab.denx.de/u-boot/custodians/u-boot-nand-flash into next
These are a number of assorted upstream Linux fixes to the
BRCMNAND driver.
This patch set lowers the hamming distance between the Linux
and U-Boot drivers a bit as well, while we deviate quite
a bit it is still possible to bring fixes over thanks to
exercises like this.
The patches pass the pipeline CI:
https://source.denx.de/u-boot/custodians/u-boot-nand-flash/-/pipelines/22535
|
|
Backport from the upstream Linux kernel
commit c2cf7e25eb2a3c915a420fb8ceed8912add7f36c
"mtd: rawnand: brcmnand: Add support for getting ecc setting from strap"
Note: the upstream kernel introduces a new
bool brcmnand_get_sector_size_1k() function because the int
version in U-Boot has been removed in Linux. I kept the old
int-returning version that is already in U-Boot as we depend
on that in other code.
BCMBCA broadband SoC based board design does not specify ecc setting in
dts but rather use the SoC NAND strap info to obtain the ecc strength
and spare area size setting. Add brcm,nand-ecc-use-strap dts propety for
this purpose and update driver to support this option. However these two
options can not be used at the same time.
Signed-off-by: William Zhang <william.zhang@broadcom.com>
Reviewed-by: David Regan <dregan@broadcom.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20240301173308.226004-1-william.zhang@broadcom.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Reviewed-by: William Zhang <william.zhang@broadcom.com>
Tested-by: William Zhang <william.zhang@broadcom.com>
|
|
Backport of upstream Linux
commit 8e7daa85641c9559c113f6b217bdc923397de77c
"mtd: rawnand: brcmnand: Support write protection setting from dts"
Augmented to also support the "write-protect" boolean property.
The write protection feature is controlled by the module parameter wp_on
with default set to enabled. But not all the board use this feature
especially in BCMBCA broadband board. And module parameter is not
sufficient as different board can have different option. Add a device
tree property and allow this feature to be configured through the board
dts on per board basis.
Signed-off-by: William Zhang <william.zhang@broadcom.com>
Reviewed-by: Florian Fainelli <florian.fainelli@broadcom.com>
Reviewed-by: Kamal Dasu <kamal.dasu@broadcom.com>
Reviewed-by: David Regan <dregan@broadcom.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20240223034758.13753-14-william.zhang@broadcom.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Reviewed-by: William Zhang <william.zhang@broadcom.com>
|
|
This is a port of the read data bus interface from the Linux
brcmnand driver, commit 546e425991205f59281e160a0d0daed47b7ca9b3
"mtd: rawnand: brcmnand: Add BCMBCA read data bus interface"
This is needed for the BCMBCA RAW NAND driver.
Signed-off-by: William Zhang <william.zhang@broadcom.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Reviewed-by: William Zhang <william.zhang@broadcom.com>
|
|
Backport from upstream Linux
commit 60177390fa061c62d156f4a546e3efd90df3c183
"mtd: rawnand: brcmnand: Fix mtd oobsize"
brcmnand controller can only access the flash spare area up to certain
bytes based on the ECC level. It can be less than the actual flash spare
area size. For example, for many NAND chip supporting ECC BCH-8, it has
226 bytes spare area. But controller can only uses 218 bytes. So brcmand
driver overrides the mtd oobsize with the controller's accessible spare
area size. When the nand base driver utilizes the nand_device object, it
resets the oobsize back to the actual flash spare aprea size from
nand_memory_organization structure and controller may not able to access
all the oob area as mtd advises.
This change fixes the issue by overriding the oobsize in the
nand_memory_organization structure to the controller's accessible spare
area size.
Fixes: a7ab085d7c16 ("mtd: rawnand: Initialize the nand_device object")
Signed-off-by: William Zhang <william.zhang@broadcom.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20230706182909.79151-6-william.zhang@broadcom.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Reviewed-by: William Zhang <william.zhang@broadcom.com>
|
|
Backport of upstream Linux
commit 5d53244186c9ac58cb88d76a0958ca55b83a15cd
"mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write"
When the oob buffer length is not in multiple of words, the oob write
function does out-of-bounds read on the oob source buffer at the last
iteration. Fix that by always checking length limit on the oob buffer
read and fill with 0xff when reaching the end of the buffer to the oob
registers.
Signed-off-by: William Zhang <william.zhang@broadcom.com>
Reviewed-by: Florian Fainelli <florian.fainelli@broadcom.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20230706182909.79151-5-william.zhang@broadcom.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Reviewed-by: William Zhang <william.zhang@broadcom.com>
|
|
Backport from the Linux kernel:
commit 9cc0a598b944816f2968baf2631757f22721b996
"mtd: rawnand: brcmnand: Fix potential false time out warning"
If system is busy during the command status polling function, the driver
may not get the chance to poll the status register till the end of time
out and return the premature status. Do a final check after time out
happens to ensure reading the correct status.
Signed-off-by: William Zhang <william.zhang@broadcom.com>
Reviewed-by: Florian Fainelli <florian.fainelli@broadcom.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20230706182909.79151-3-william.zhang@broadcom.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Reviewed-by: William Zhang <william.zhang@broadcom.com>
|
|
Backport from the Linux kernel
commit 2ec2839a9062db8a592525a3fdabd42dcd9a3a9b
"mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller"
v7.2 controller has different ECC level field size and shift in the acc
control register than its predecessor and successor controller. It needs
to be set specifically.
Signed-off-by: William Zhang <william.zhang@broadcom.com>
Reviewed-by: Florian Fainelli <florian.fainelli@broadcom.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20230706182909.79151-2-william.zhang@broadcom.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Reviewed-by: William Zhang <william.zhang@broadcom.com>
|
|
https://gitlab.denx.de/u-boot/custodians/u-boot-imx into next
CI: https://source.denx.de/u-boot/custodians/u-boot-imx/-/pipelines/22526
- Add DA9063 watchdog support for the imx6q-lxr2 board.
- Add support for DH electronics i.MX8M Plus DHCOM PicoITX
- Add DH i.MX8MP DHCOM SoM on DRC02 carrier board
- Several fsl_esdhc_imx improvements.
- Pas no-mmc-hs400 to mmc2 on imx8mm-cl-iot-gate.
|
|
https://source.denx.de/u-boot/custodians/u-boot-snapdragon into next
* Initial UFS PHY driver
* Support for SM8150 (clock and pinctrl)
* Allow writing configuration to PMIC GPIOs again
* Support for configuring "special" pins (e.g. UFS reset or sdhc pins)
* Support for "clk dump" command to decode various clocks.
|
|
The TF-A URL was updated, as a result the name of the
directory changed as part of the new git URL and not
all the referenced directories were updated.
Fixes: 0ec0207fe07 ("Update the ARM trusted firmware git URL")
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
|
|
The series "rockchip: Add efuse and otp support to more SoCs" [1],
merged in v2023.04, refactored and extended the Rockchip efuse and otp
driver to support reading eFUSE/OTP for all supported Rockchip SoCs.
Due to use of different licenses the drivers were never combined into a
single driver, however anything non SoC specific should be applied to
both drivers.
The commit fe38b88453d2 ("rockchip: Provided SPL control over efuse
presence") changed Makefile options for only one of the two drivers,
apply same change to keep these two drivers in sync.
[1] https://lore.kernel.org/r/20230222224436.1570224-1-jonas@kwiboo.se/
Fixes: fe38b88453d2 ("rockchip: Provided SPL control over efuse presence")
Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
|
|
Drop in the RCG and GPLL data for debugging these clocks.
Signed-off-by: Caleb Connolly <caleb.connolly@linaro.org>
|
|
Add "clk dump" support for SM6115.
Signed-off-by: Caleb Connolly <caleb.connolly@linaro.org>
|
|
Add debug data to dump PLL and RCG clocks.
Signed-off-by: Caleb Connolly <caleb.connolly@linaro.org>
|
|
Add support for dumping a few of the clocks used on Qualcomm platforms.
Naming the Global PLL's, Root Clock Generators, and gate clocks.
This helps a lot with platform bringup and feature enablement by making
it easy to sanity check that the clocks are programmed correctly.
== Usage ==
Enable CONFIG_CMD_CLK and "#define LOG_DEBUG" at the top of
qcom-<soc>.c.
The "clk dump" command should print the states of all the gates, GPLLs
and RCGs for your SoC.
== Glossary ==
RCG: Root Clock Generator
* Takes in some fairly arbitrary high freq clock (configurable clock
source and options for taking just even pulses and other things)
* Output frequency = input_freq * (m/n) * (1/d) where m/n are arbitrary
8 or 16-bit values (depending on the RCG), and d is a number (with
support for .5 offsets).
GPLL: Global Phase Locked Loop
* Crystal as input
* integer multiplier + exponent part (2^-40)
Gate: Simple on/off clock
* Put between RCGs and the peripherals they power
* Required to allow for correct power sequencing
If you do the maths manually using the equations from "clk dump", the
numbers should roughly line up by they're likely to be out by a handful
of MHz. They output is formatted so that it can be pasted directly into
the python interpreter.
Signed-off-by: Caleb Connolly <caleb.connolly@linaro.org>
|
