u-boot.git/common/Makefile, branch master Unnamed repository; edit this file 'description' to name the repository. Add support for stack-protector 2021-04-20T11:31:12+00:00 Joel Peshkin joel.peshkin@broadcom.com 2021-04-11T09:21:58+00:00 4e9bce12432492aa7a7c2121d9fae1640606ace5 Add support for stack protector for UBOOT, SPL, and TPL as well as new pytest for stackprotector Signed-off-by: Joel Peshkin <joel.peshkin@broadcom.com> Adjust UEFI build flags. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> 
Add support for stack protector for UBOOT, SPL, and TPL
as well as new pytest for stackprotector

Signed-off-by: Joel Peshkin <joel.peshkin@broadcom.com>

Adjust UEFI build flags.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
x86: qemu: move QFW to its own uclass 2021-04-12T21:44:55+00:00 Asherah Connor ashe@kivikakk.ee 2021-03-19T07:21:40+00:00 5b0b43e0e25dbeed62a2155e7f3be562b9ceb9bd We move qfw into its own uclass and split the PIO functions into a specific driver for that uclass. The PIO driver is selected in the qemu-x86 board config (this covers x86 and x86_64). include/qfw.h is cleaned up and documentation added. Signed-off-by: Asherah Connor <ashe@kivikakk.ee> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Tested-by: Bin Meng <bmeng.cn@gmail.com> 
We move qfw into its own uclass and split the PIO functions into a
specific driver for that uclass.  The PIO driver is selected in the
qemu-x86 board config (this covers x86 and x86_64).

include/qfw.h is cleaned up and documentation added.

Signed-off-by: Asherah Connor <ashe@kivikakk.ee>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
common: SCP03 control (enable and provision of keys) 2021-03-13T18:14:52+00:00 Jorge Ramirez-Ortiz jorge@foundries.io 2021-02-14T15:27:23+00:00 166363f2ed9e72ed3e2bf09d9317d6a5fdafcbea This Trusted Application allows enabling SCP03 as well as provisioning the keys on TEE controlled secure element (ie, NXP SE050). All the information flowing on buses (ie I2C) between the processor and the secure element must be encrypted. Secure elements are pre-provisioned with a set of keys known to the user so that the secure channel protocol (encryption) can be enforced on the first boot. This situation is however unsafe since the keys are publically available. For example, in the case of the NXP SE050, these keys would be available in the OP-TEE source tree [2] and of course in the documentation corresponding to the part. To address that, users are required to rotate/provision those keys (ie, generate new keys and write them in the secure element's persistent memory). For information on SCP03, check the Global Platform HomePage and google for that term [1] [1] globalplatform.org [2] https://github.com/OP-TEE/optee_os/ check: core/drivers/crypto/se050/adaptors/utils/scp_config.c Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Reviewed-by: Simon Glass <sjg@chromium.org> 
This Trusted Application allows enabling SCP03 as well as provisioning
the keys on TEE controlled secure element (ie, NXP SE050).

All the information flowing on buses (ie I2C) between the processor
and the secure element must be encrypted. Secure elements are
pre-provisioned with a set of keys known to the user so that the
secure channel protocol (encryption) can be enforced on the first
boot. This situation is however unsafe since the keys are publically
available.

For example, in the case of the NXP SE050, these keys would be
available in the OP-TEE source tree [2] and of course in the
documentation corresponding to the part.

To address that, users are required to rotate/provision those keys
(ie, generate new keys and write them in the secure element's
persistent memory).

For information on SCP03, check the Global Platform HomePage and
google for that term [1]
[1] globalplatform.org
[2] https://github.com/OP-TEE/optee_os/
    check:
    core/drivers/crypto/se050/adaptors/utils/scp_config.c

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Simon Glass <sjg@chromium.org>
common: Makefile: drop duplicated line 2021-01-16T19:49:09+00:00 Peng Fan peng.fan@nxp.com 2020-12-28T12:13:11+00:00 52e77726ef94f6c800be52a725072b738a452273 obj-$(CONFIG_$(SPL_TPL_)YMODEM_SUPPORT) += xyzModem.o is there, no need obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o Signed-off-by: Peng Fan <peng.fan@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
obj-$(CONFIG_$(SPL_TPL_)YMODEM_SUPPORT) += xyzModem.o is there,
no need obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
common: update: add a generic interface for FIT image 2020-10-30T13:20:27+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-10-29T04:47:43+00:00 3149e524fc1e76ec1420cd17588c724d4232a904 The main purpose of this patch is to separate a generic interface for updating firmware using DFU drivers from "auto-update" via tftp. This function will also be used in implementing UEFI capsule update in a later commit. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Tom Rini <trini@konsulko.com> 
The main purpose of this patch is to separate a generic interface for
updating firmware using DFU drivers from "auto-update" via tftp.

This function will also be used in implementing UEFI capsule update
in a later commit.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
fdt_region: move fdt_region.c to common/ from lib/libfdt/ 2020-04-26T20:23:55+00:00 Masahiro Yamada masahiroy@kernel.org 2020-04-16T09:30:17+00:00 3e69db1223b9db82705fcc96b76caf0d8a468d12 My goal is to sync lib/libfdt/ with scripts/dtc/libfdt/, that is, make lib/libfdt/ contain only wrapper files. fdt_region.c was written only for U-Boot to implement the verified boot. So, this belongs to the same group as common/fdt_support.c, which is a collection of U-Boot own fdt helpers. Move lib/libfdt/fdt_region.c to common/fdt_region.c . This is necessary only when CONFIG_(SPL_TPL_)_FIT_SIGNATURE is enabled. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> 
My goal is to sync lib/libfdt/ with scripts/dtc/libfdt/, that is,
make lib/libfdt/ contain only wrapper files.

fdt_region.c was written only for U-Boot to implement the verified
boot. So, this belongs to the same group as common/fdt_support.c,
which is a collection of U-Boot own fdt helpers.

Move lib/libfdt/fdt_region.c to common/fdt_region.c . This is
necessary only when CONFIG_(SPL_TPL_)_FIT_SIGNATURE is enabled.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
common: image_sign_info helper functions in SPL 2020-04-24T14:51:32+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-04-15T16:46:21+00:00 6441164dda7dac0c4039c90c329e973786c21b22 Do not build image_sign_info helper functions in SPL if not needed. Fixes: b983cc2da0ba ("lib: rsa: decouple rsa from FIT image verification") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Tom Rini <trini@konsulko.com> 
Do not build image_sign_info helper functions in SPL if not needed.

Fixes: b983cc2da0ba ("lib: rsa: decouple rsa from FIT image verification")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
log: syslog driver 2020-04-16T14:07:58+00:00 Heinrich Schuchardt xypron.glpk@gmx.de 2020-02-26T20:48:16+00:00 befadde0a24c3a726689745d5a00c8586adc9c84 Provide a log driver that broadcasts RFC 3164 messages to syslog servers. rsyslog is one implementation of such a server. The messages are sent to the local broadcast address 255.255.255.255 on port 514. The environment variable log_hostname can be used to provide the HOSTNAME field for the messages. The optional TIMESTAMP field of RFC 3164 is not provided. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org> 
Provide a log driver that broadcasts RFC 3164 messages to syslog servers.
rsyslog is one implementation of such a server.

The messages are sent to the local broadcast address 255.255.255.255 on
port 514.

The environment variable log_hostname can be used to provide the HOSTNAME
field for the messages. The optional TIMESTAMP field of RFC 3164 is not
provided.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
lib: rsa: decouple rsa from FIT image verification 2020-03-12T12:20:38+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-02-21T06:12:55+00:00 b983cc2da0bafd73a4dfc069eb3c3a98677e2d92 Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building RSA functions from FIT verification and allow for adding a RSA-based signature verification for other file formats, in particular PE file for UEFI secure boot. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> 
Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building
RSA functions from FIT verification and allow for adding a RSA-based
signature verification for other file formats, in particular PE file
for UEFI secure boot.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
image: android: Add functions for handling dtb field 2020-02-04T03:37:24+00:00 Sam Protsenko joe.skb7@gmail.com 2020-01-24T15:53:40+00:00 c3bfad825a71eafb16fa9ff95e2ae01c23448a53 Android Boot Image v2 adds "DTB" payload (and corresponding field in the image header). Provide functions for its handling: - android_image_get_dtb_by_index(): Obtain DTB blob from "DTB" part of boot image, by blob's index - android_image_print_dtb_contents(): Iterate over all DTB blobs in "DTB" part of boot image and print those blobs info "DTB" payload might be in one of the following formats: 1. concatenated DTB blobs 2. Android DTBO format The latter requires "android-image-dt.c" functionality, so this commit selects that file for building for CONFIG_ANDROID_BOOT_IMAGE option. Right now this new functionality isn't used, but it can be used further. As it's required to apply some specific dtbo blob(s) from "dtbo" partition, we can't automate this process inside of "bootm" command. But we can do next: - come up with some new command like "abootimg" to extract dtb blob from boot image (using functions from this patch) - extract desired dtbo blobs from "dtbo" partition using "adtimg" command - merge dtbo blobs into dtb blob using "fdt apply" command - pass resulting dtb blob into bootm command in order to boot the Android kernel with Android ramdisk from boot image Signed-off-by: Sam Protsenko <joe.skb7@gmail.com> Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com> 
Android Boot Image v2 adds "DTB" payload (and corresponding field in the
image header). Provide functions for its handling:

  - android_image_get_dtb_by_index(): Obtain DTB blob from "DTB" part of
    boot image, by blob's index
  - android_image_print_dtb_contents(): Iterate over all DTB blobs in
    "DTB" part of boot image and print those blobs info

"DTB" payload might be in one of the following formats:
  1. concatenated DTB blobs
  2. Android DTBO format

The latter requires "android-image-dt.c" functionality, so this commit
selects that file for building for CONFIG_ANDROID_BOOT_IMAGE option.

Right now this new functionality isn't used, but it can be used further.
As it's required to apply some specific dtbo blob(s) from "dtbo"
partition, we can't automate this process inside of "bootm" command. But
we can do next:
  - come up with some new command like "abootimg" to extract dtb blob
    from boot image (using functions from this patch)
  - extract desired dtbo blobs from "dtbo" partition using "adtimg"
    command
  - merge dtbo blobs into dtb blob using "fdt apply" command
  - pass resulting dtb blob into bootm command in order to boot the
    Android kernel with Android ramdisk from boot image

Signed-off-by: Sam Protsenko <joe.skb7@gmail.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>