| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
The length of an underline must match the length of the header.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
|
| |\
| |
| |
| |
| |
| | |
- Add ECDSA support to FIT images
- Improve FIT image loadables (incl fpga) support
- Further FIT improvements with SPL
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Most modern OpenSSL engines have methods overridden at the EVP level rather
than at RSA level, to make these engines work properly with mkimage, the RSA
signing code needs to switch to using EVP_* APIs as much as possible.
Signed-off-by: Donald Chan <hoiho@lab126.com>
[trini: Rebase on top of keyfile changes]
Signed-off-by: Tom Rini <trini@konsulko.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
OP-TEE images are normally packaged with
type = "tee;
os = "tee";
However, fit_image_load() thinks that is somehow invalid. However if
they were declared as type = "kernel", os = "linux", fit_image_load()
would happily accept them and allow the boot to continue. There is no
technical limitation to excluding "tee".
Allowing "tee" images is useful in a boot flow where OP-TEE is
executed before linux.
In fact, I think it's unintuitive for a "load"ing function to also do
parsing and contain a bunch ad-hoc heuristics that only its caller
might know. But I don't make the rules, I just write fixes. In more
polite terms: refactoring the fit_image API is beyond the scope of
this change.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Consider the following FIT:
images {
whipple {};
};
configurations {
conf-1 {
firmware = "whipple";
};
};
Getting the 'firmware' image with fit_image_load() is not possible, as
it doesn't understand 'firmware =' properties. Although one could pass
IH_TYPE_FIRMWARE for 'image_type', this needs to be converted to a
"firmware" string for FDT lookup -- exactly what this change does.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The 'firmware' property of a config node takes precedence over the
'kernel' property. 'standalone' is deprecated. However, give users a
couple of releases where 'standalone' still works, but warns loudly.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
U-Boot expects the FDT to be located right after the _end
linker symbol (see fdtdec.c: board_fdt_blob_setup())
The "basic" LOAD_FIT path is aware of this limitation, and relocates
the FDT at the expected location. Guessing the expected location
probably only works reliably on 32-bit arm, and it feels like a hack.
One proposal would be to pass the FDT address to u-boot
(e.g. using 'r2' on arm platforms).
The variable is named "fdt_hack" to remind future contributors that,
"hey! we should fix the underlying problem". However, that is beyond
the scope of this patch.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The information on the OS should be contained in the FIT, as the
self-explanatory "os" property of a node under /images. Hard-coding
this to U_BOOT might send us down the wrong path later in the boot
process.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The correct FDT to use is described by the "fdt" property of the
configuration node. When the fit_unamep argument to fit_image_load()
is "fdt", we get the "/images/fdt" node. This is incorrect, as it
ignores the "fdt" property of the config node, and in most cases,
the "/images/fdt" node doesn't exist.
Use NULL for the 'fit_unamep' argument. With NULL, fit_image_load()
uses the IH_TYPE_FLATDT value to read the config property "fdt",
which points to the correct FDT node(s).
fit_image_load() should probably be split into a function that reads
an image by name, and one that reads an image by config reference. I
don't make those decisions, I just point out the craziness.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Several architectures had a default board_fit_config_name_match already;
this provides a generic weak version. We default to rejecting all configs.
This will use the FIT's default config, instead of the first config. This
may result in boot failures if there are multiple configurations and the
first config is *not* the default.
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The new correct way to load an FPGA image is to declare it in the list
of "loadables". multi-with-fpga.its used the now deprecated "fpga"
property. Since this example most likely intended to use u-boot's
generic FPGA loading code, compatible = "u-boot,fpga-legacy" is also
appropriate here.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The "simple" SPL_LOAD_FIT path is the most compliant with the format
documented in doc/uImage.FIT/source_file_format.txt. The other two
paths to load a FIT are SPL_LOAD_FIT_FULL and the "bootm" command.
Since the Kconfig menu is the most likely place for a new user to see
these options, it seems like the most logical candidate to document
the limitations. This documents the _known_ issues, and is not
intended to be a complete list of all follies.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Commit 4afc4f37c70e ("doc: FIT image: Clarify format and simplify
syntax") and delegated FPGA images to be added via the list of
"loadables" in lieu of the "fpga" property. Now actually implement
this in code.
Note that the "compatible" property is ignored for the time being, as
implementing "compatible" loading is beyond the scope of this change.
However, "u-boot,fpga-legacy" is accepted without warning.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Commit 4afc4f37c70e ("doc: FIT image: Clarify format and simplify
syntax") requires that FPGA images be referenced through the
"loadables" in the config node. This means that "fpga" properties in
config nodes are deprecated.
Given that there are likely FIT images which use "fpga", let's not
break those right away. Print a warning message that such use is
deprecated, and give users a couple of releases to update their
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The FPGA loading code in spl_simple_fit_read() can easily be separated
from the rest of the logic. It is split into two functions instead of
one because spl_fit_upload_fpga() is used in a subsequent patch.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Commit 4afc4f37c70e ("doc: FIT image: Clarify format and simplify
syntax") introduced a "compatible" property for loadable images.
It did not define its contents. Use "u-boot,fpga-legacy" compatible
string to specify that fpga_load() should be used to load the image.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
spl_load_fit_image() will try to load an image at the address given
in the "load" property. Absent such property, it uses
image_info->load_addr
Correct use of this is demonstrated in spl_fit_append_fdt(), which
resets the 'load_addr' before each spl_load_fit_image() call.
On the other hand loading "loadables" loop in spl_load_simple_fit()
completely ignores this. It re-uses the same structure, but doesn't
reset load_addr. If loadable [i] does not have a "load" property, its
load address defaults to load_addr, which still contains the address
of loadable [i - 1].
A simple solution is to treat NULL as an invalid load address. The
caller can set load_addr = 0 to request an abort if the "load"
property is absent.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Originally, the ECDSA code path used 'keydir' as the key filename.
mkimage has since been updated to include a new 'keyfile' argument.
Use the new argument for passing in the key.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Keys can be derived from keydir, and the "key-name-hint" property of
the FIT. They can also be specified ad-literam via 'keyfile'. Update
the ECDSA signing path to use the appropriate one.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Keys can be derived from keydir, and the "key-name-hint" property of
the FIT. They can also be specified ad-literam via 'keyfile'. Update
the RSA signing path to use the appropriate one.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It's not always desirable to use 'keydir' and some ad-hoc heuristics
to get the filename of the signing key. More often, just passing the
filename is the simpler, easier, and logical thing to do.
Since mkimage doesn't use long options, we're slowly running out of
letters. I've chosen '-G' because it was available.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
After lots of debating, this documents how we'd like mkimage to treat
'keydir' and 'keyfile' arguments. The rest is in the docs.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a test to make sure that the ECDSA signatures generated by
mkimage can be verified successfully. pyCryptodomex was chosen as the
crypto library because it integrates much better with python code.
Using openssl would have been unnecessarily painful.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
We wish to use pycryptodomex to verify code paths involving ECDSA
signatures. Add it to requirements.txt so that they get picked up
automatically .gitlab and .azure tasks
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| | |
| |
| |
| |
| | |
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
mkimage supports rsa2048, and rsa4096 signatures. With newer silicon
now supporting hardware-accelerated ECDSA, it makes sense to expand
signing support to elliptic curves.
Implement host-side ECDSA signing and verification with libcrypto.
Device-side implementation of signature verification is beyond the
scope of this patch.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
fdt_add_bignum() is useful for algorithms other than just RSA. To
allow its use for ECDSA, move it to a common file under lib/.
The new file is suffixed with '-libcrypto' because it has a direct
dependency on openssl. This is due to the use of the "BIGNUM *" type.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
rsa-checksum.c sontains the hash_calculate() implementations. Despite
the "rsa-" file prefix, this function is useful for other algorithms.
To prevent confusion, move this file to lib/, and rename it to
hash-checksum.c, to give it a more "generic" feel.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
update ls1028aqds networking protocol, config in ls1021atwr, env in ls1012a
Add seli3 board support, booke watchdog, update eTSEC support in ppc-qemu
Add DM_SERIAL and lpuart in sl28, add DM_ETH support for some of powerpc platforms
Signed-off-by: Priyanka Jain <priyanka.jain@nxp.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Enable DM_ETH and DM_MDIO for the T1042D4RDB.
Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add the FMan v3 nodes for the T1042D4RDB. The nodes are copied over with
little modification from the Linux kernel source code.
Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add the QorIQ DPAA 1 FMan v3 device tree nodes for the T1042 SoC.
The device tree nodes are copied over with little modification
from the Linux kernel source code.
Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Enable DM_ETH and DM_MDIO for the T4240RDB.
Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When two FMan's are present on a board, the MDIO nodes are found at the
same offsets inside each FMan. This causes "non unique device name"
errors when registering the MDIO nodes under the second FMan. Fix this
by updating the offsets of the MDIO nodes to include the parent FMan's
offset.
Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add the FMan v3 nodes for the T4240RDB. The nodes are copied over with
little modification from the Linux kernel source code.
Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add the QorIQ DPAA 1 FMan v3 device tree nodes for the T4240 SoC.
The device tree nodes are copied over with little modification
from the Linux kernel source code.
Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Enable DM_ETH and DM_MDIO for the T2080RDB.
Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Disable the FMan mEMAC 5 and 6 nodes from the fdt since they are not
available under the supported RCW. Also disable the associated
"fsl,dpa-ethernet" nodes that reference them.
This is a simplified version of the fdt_fixup_fman_ethernet call for
use under DM_ETH.
Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add the FMan v3 nodes for the T2080RDB. The nodes are copied over with
little modification from the Linux kernel source code.
Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add the QorIQ DPAA 1 FMan v3 device tree nodes for the T2080 SoC.
The device tree nodes are copied over with little modification from
the Linux kernel source code.
Signed-off-by: Camelia Groza <camelia.groza@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
scan_dev_for_efi is supposed to be called from scan_dev_for_boot.
However, this call is missing for ls1012a boards. As a result EFI
boot doesn’t work. Fix this issue by removing custom definition of
scan_dev_for_boot and use the default definition instead.
Signed-off-by: Mian Yousaf Kaukab <ykaukab@suse.de>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Sometimes it is desireable to have the console output on the first
serial line. Introduce a configuration option for it (in the board
scope).
Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
With all preparations in place, switch over to DM_SERIAL.
Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Move the CONFIG_DM_* from the defconfig to the TARGET_SL28 config.
Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
DM_SERIAL needs both the device tree as well as an early heap. Thus, we
have to call spl_early_init() to initialize the memory allocator and the
setup the device tree.
Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
To use the debug UART we have to call debug_uart_init() in the SPL. Do
so as soon as possible.
As an example, here is how you can use it on a LS1028A SoC:
CONFIG_DEBUG_UART=y
CONFIG_DEBUG_UART_BASE=0x21c0500
CONFIG_DEBUG_UART_CLOCK=200000000
Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It is not recommended to use CONFIG_xxx defines for things which are not
Kconfig options. Rename this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Document how to launch a QEMU session with eTSEC as a network device.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
QEMU ppce500 target can dynamically instantiate an eTSEC device
if "-device eTSEC" is given to QEMU. This commit enables eTSEC
driver and the required fixed PHY driver to create a usable
network configuration using eTSEC.
Unlike a real world 85xx board that usually stores the eTSEC MAC
address in an EEPROM, CONFIG_NET_RANDOM_ETHADDR is required for
QEMU otherwise U-Boot ethernet initialization complains no valid
ethernet address is set.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
QEMU ppce500 target can dynamically instantiate an eTSEC device on
a platform bus if "-device eTSEC" is given to QEMU. It is presented
as a "simple-bus" in the device tree, with an additional compatible
string "qemu,platform".
Let's create a virtual memory mapping for it in misc_init_r(), in
preparation to adding eTSEC support.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
|
