default n/no doesn't need to be specified. It is default option anyway.
Signed-off-by: Michal Simek
---
Kconfig | 6 --
api/Kconfig | 1 -
arch/arc/Kconfig | 5 -
arch/arm/Kconfig
Hi Tom,
On 17.08.21 14:35, Tom Rini wrote:
Getting back to this to hopefully get this decided:
It seems that we (most of us?) agree on this change, that wdt_stop_all()
shall be changed to return an error code and the caller can decide what
to do with it?
If yes, then Rasmus, could you pleas
On 8/27/21 6:49 AM, AKASHI Takahiro wrote:
On Fri, Aug 27, 2021 at 06:42:39AM +0200, Heinrich Schuchardt wrote:
On 8/27/21 6:12 AM, AKASHI Takahiro wrote:
On Thu, Aug 26, 2021 at 03:48:02PM +0200, Heinrich Schuchardt wrote:
The UEFI specification requires that the signature database may only b
On 8/27/21 6:47 AM, AKASHI Takahiro wrote:
On Fri, Aug 27, 2021 at 06:34:30AM +0200, Heinrich Schuchardt wrote:
On 8/27/21 5:53 AM, AKASHI Takahiro wrote:
On Thu, Aug 26, 2021 at 03:48:05PM +0200, Heinrich Schuchardt wrote:
Even if we cannot read the variable store from disk we still need to
i
On Fri, Aug 27, 2021 at 01:49:41PM +0900, AKASHI Takahiro wrote:
> On Fri, Aug 27, 2021 at 06:42:39AM +0200, Heinrich Schuchardt wrote:
> > On 8/27/21 6:12 AM, AKASHI Takahiro wrote:
> > > On Thu, Aug 26, 2021 at 03:48:02PM +0200, Heinrich Schuchardt wrote:
> > > > The UEFI specification requires t
On Fri, Aug 27, 2021 at 06:42:39AM +0200, Heinrich Schuchardt wrote:
> On 8/27/21 6:12 AM, AKASHI Takahiro wrote:
> > On Thu, Aug 26, 2021 at 03:48:02PM +0200, Heinrich Schuchardt wrote:
> > > The UEFI specification requires that the signature database may only be
> > > stored in tamper-resistant s
On Fri, Aug 27, 2021 at 06:34:30AM +0200, Heinrich Schuchardt wrote:
> On 8/27/21 5:53 AM, AKASHI Takahiro wrote:
> > On Thu, Aug 26, 2021 at 03:48:05PM +0200, Heinrich Schuchardt wrote:
> > > Even if we cannot read the variable store from disk we still need to
> > > initialize the secure boot stat
On 8/27/21 6:12 AM, AKASHI Takahiro wrote:
On Thu, Aug 26, 2021 at 03:48:02PM +0200, Heinrich Schuchardt wrote:
The UEFI specification requires that the signature database may only be
stored in tamper-resistant storage. So these variable may not be read
from an unsigned file.
I don't have a st
On 8/27/21 5:53 AM, AKASHI Takahiro wrote:
On Thu, Aug 26, 2021 at 03:48:05PM +0200, Heinrich Schuchardt wrote:
Even if we cannot read the variable store from disk we still need to
initialize the secure boot state.
Don't continue to boot if the variable preseed is invalid as this indicates
that
On Thu, Aug 26, 2021 at 03:48:02PM +0200, Heinrich Schuchardt wrote:
> The UEFI specification requires that the signature database may only be
> stored in tamper-resistant storage. So these variable may not be read
> from an unsigned file.
I don't have a strong opinion here, but it seems to be too
On 8/27/21 5:05 AM, AKASHI Takahiro wrote:
Heinrich,
On Thu, Aug 26, 2021 at 03:48:04PM +0200, Heinrich Schuchardt wrote:
Writing variables AuditMode or Deployed Mode must update the secure boot
state.
Signed-off-by: Heinrich Schuchardt
---
v2:
correct variable name in lib/efi_loader/
Hi Simon,
On Tue, Aug 17, 2021 at 9:09 AM Simon Glass wrote:
>
> Hi Tony,
>
> On Sun, 15 Aug 2021 at 15:28, Tony Dinh wrote:
> >
> > Hi Simon,
> >
> > On Sun, Aug 15, 2021 at 7:10 AM Simon Glass wrote:
> > >
> > > Hi Tony,
> > >
> > > On Thu, 5 Aug 2021 at 22:49, Tony Dinh wrote:
> > > >
> > >
On Thu, Aug 26, 2021 at 03:47:59PM +0200, Heinrich Schuchardt wrote:
> The UEFI specification 2.9 defines the different modes that secure boot may
> be in.
>
> The patch series adds support for the "Deployed Mode" and the "Setup Mode".
This sentence seems to be wrong, or at least inaccurate.
"Se
Hi Mark,
On Thu, 26 Aug 2021 at 14:27, Mark Kettenis wrote:
>
> > From: Simon Glass
> > Date: Thu, 26 Aug 2021 14:00:12 -0600
> >
> > Hi Mark,
> >
> > On Thu, 26 Aug 2021 at 06:55, Mark Kettenis wrote:
> > >
> > > > From: Simon Glass
> > > > Date: Wed, 25 Aug 2021 21:15:00 -0600
> > > >
> > >
Hi Mark,
On Thu, 26 Aug 2021 at 14:18, Mark Kettenis wrote:
>
> > From: Simon Glass
> > Date: Thu, 26 Aug 2021 13:54:49 -0600
> >
> > Hi Heinrich,
> >
> >
> > On Thu, 26 Aug 2021 at 01:10, Heinrich Schuchardt
> > wrote:
> > >
> > > On 8/26/21 5:15 AM, Simon Glass wrote:
> > > > Hi Heinrich,
>
On Thu, Aug 26, 2021 at 03:48:05PM +0200, Heinrich Schuchardt wrote:
> Even if we cannot read the variable store from disk we still need to
> initialize the secure boot state.
>
> Don't continue to boot if the variable preseed is invalid as this indicates
> that the variable store has been tampere
Heinrich,
On Thu, Aug 26, 2021 at 03:48:04PM +0200, Heinrich Schuchardt wrote:
> Writing variables AuditMode or Deployed Mode must update the secure boot
> state.
>
> Signed-off-by: Heinrich Schuchardt
> ---
> v2:
> correct variable name in lib/efi_loader/efi_variable_tee.c
> ---
> includ
On Thu, Aug 26, 2021 at 02:04:24PM +0300, Oleksandr Suvorov wrote:
> From: Ricardo Salveti
>
> Move setting CONFIG_BOOTCOMMAND to the mx7ulp_com_defconfig file.
> It also allows replacing the default CONFIG_BOOTCOMMAND without
> code modification.
>
> Signed-off-by: Ricardo Salveti
> Signed-of
On Thu, Aug 26, 2021 at 11:33:35PM +0800, Bin Meng wrote:
> This adds CI tests for SiFive Unleashed board.
>
> QEMU supports booting exact the same images as used on the real
> hardware out of the box, that U-Boot SPL loads U-Boot proper
> from either an SD card or the SPI NOR flash, hence we can
On Thu, Aug 26, 2021 at 11:33:33PM +0800, Bin Meng wrote:
> genimage [1] is a tool to create flash/disk images. This is required
> by some targets, e.g.: sifive_unleashed, to generate sdcard or spi-nor
> images for real hardware, as well as U-Boot CI testing.
>
> [1] https://github.com/pengutroni
On Thu, Aug 26, 2021 at 11:33:32PM +0800, Bin Meng wrote:
> At present U-Boot CI testing is still using QEMU 4.2.0 which is
> pretty old. Let's bump up to QEMU 6.1.0.
>
> ninja-build is added as the prerequisite required by QEMU 6.1.0.
>
> Note there is a bug in QEMU 6.1.0 Xilinx Zynq UART emula
On Thu, Aug 26, 2021 at 04:31:36PM +0800, nicholas_zh...@outlook.com wrote:
> From: weichangzheng
>
> This adds platform code and the device tree for the Phytium Pomelo Board.
> The initial support comprises the UART and the PCIE.
>
> Signed-off-by: weichangzheng
> Changes since v1:
>
On Fri, Aug 27, 2021 at 1:39 PM Marek Behún wrote:
>
> On Fri, 27 Aug 2021 13:16:25 +1200
> Chris Packham wrote:
>
> > On Thu, Aug 26, 2021 at 1:46 AM Marek Behún wrote:
> > >
> > > Hello Stefan and others,
> > >
> > > this series adds support for booting Marvell platforms via UART (those
> > >
Heinrich,
On Thu, Aug 26, 2021 at 03:48:00PM +0200, Heinrich Schuchardt wrote:
> efi_init_secure_state() calls efi_transfer_secure_state() which may delete
> variable "PK" which will result in calling efi_init_secure_state() again.
I don't think it is a right thing to do. So I would say nak to th
On Fri, 27 Aug 2021 13:16:25 +1200
Chris Packham wrote:
> On Thu, Aug 26, 2021 at 1:46 AM Marek Behún wrote:
> >
> > Hello Stefan and others,
> >
> > this series adds support for booting Marvell platforms via UART (those
> > bootable with kwboot) at higher baudrates.
> >
> > Tested on Turris Omn
On Thu, Aug 26, 2021 at 1:46 AM Marek Behún wrote:
>
> Update man page for the kwboot utility.
>
> Signed-off-by: Marek Behún
> ---
> doc/kwboot.1 | 58 ++--
> 1 file changed, 38 insertions(+), 20 deletions(-)
>
> diff --git a/doc/kwboot.1 b/doc/kw
On Fri, Aug 27, 2021 at 1:16 PM Chris Packham wrote:
>
> On Thu, Aug 26, 2021 at 1:46 AM Marek Behún wrote:
> >
> > Hello Stefan and others,
> >
> > this series adds support for booting Marvell platforms via UART (those
> > bootable with kwboot) at higher baudrates.
> >
> > Tested on Turris Omnia
On Thu, Aug 26, 2021 at 1:46 AM Marek Behún wrote:
>
> Hello Stefan and others,
>
> this series adds support for booting Marvell platforms via UART (those
> bootable with kwboot) at higher baudrates.
>
> Tested on Turris Omnia up to 5.15 MBd, which is 44x faster than
> 115200 Bd.
>
> The user can
On 8/26/21 11:47 AM, Tom Rini wrote:
We move the SYS_CACHE_SHIFT_N options from arch/arm/Kconfig to
arch/Kconfig, and introduce SYS_CACHE_SHIFT_4 to provide a size of 16.
Introduce select statements for other architectures based on current
usage. For MIPS, we take the existing arch-specific symb
Hi Sean,
On 8/26/21 6:35 PM, Sean Anderson wrote:
On 8/26/21 5:42 PM, Alexandru Gagniuc wrote:
Oftentimes we have MAC address information stored in a ROM or OTP. The
way to add that to the FDT would be through the u-boot environment,
and then fdt_fixup_ethernet(). This is not very useful in S
On 8/26/21 5:42 PM, Alexandru Gagniuc wrote:
Oftentimes we have MAC address information stored in a ROM or OTP. The
way to add that to the FDT would be through the u-boot environment,
and then fdt_fixup_ethernet(). This is not very useful in SPL.
It would be more helpful to be able to "set in
We want the u-boot tools to be target agnostic, as explained in commit
cb9faa6f98ae (" tools: Use a single target-independent config to
enable OpenSSL")
Making mkimage features depend on CONFIG_FIT_CIPHER is contrary to
that goal. Thus, always enable cihper features in mkimage, and ignore
the valu
Hi Patrick,
I proposing a better fix fir the issues I outlined earlier, I made a
classification of the currently supported boot modes.
1) BL1 -> SPL -> u-boot
2) BL1 -> SPL -> OP-TEE
-
| 3) BL1 -> TF-A -> u-boot
We want the optee_copy_fdt_nodes symbols in SPL. This is for cases
when booting an OPTEE payload directly.
Signed-off-by: Alexandru Gagniuc
---
lib/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/Makefile b/lib/Makefile
index 8ba745faa0..73dacbb01b 100644
--- a/l
OP-TEE does not take a devicetree for its own use. However, it does
pass the devicetree to the normal world OS. In most cases that will
be some other devicetree-bearing platform, such as linux.
As in other cases where there's an OPTEE payload (e.g. BOOTM_OPTEE),
it is required to copy the optee no
When OP-TEE is booted as the SPL payload, the stage after OP-TEE is
not guaranteed to be u-boot. Thus the FDT patching in u-boot is not
guaranteed to occur. Add this step to SPL.
The patching by stm32_fdt_setup_mac_addr() is done in SPL, and patches
the target FDT directly. This differs is differe
Move the reading the OTP into a separate function. This is
required for a subsequent change which sets the MAC in SPL.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/cpu.c | 37 +++--
1 file changed, 23 insertions(+), 14 deletions(-)
diff --git a/arch
This node is required in SPL when booting an OP-TEE payload. Add it to
the SPL devicetree.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
b/arch/arm/dts/stm32mp157a-dk1-u-
Oftentimes we have MAC address information stored in a ROM or OTP. The
way to add that to the FDT would be through the u-boot environment,
and then fdt_fixup_ethernet(). This is not very useful in SPL.
It would be more helpful to be able to "set interface x to MAC y".
This is where fdt_ethernet_se
stm32mp_bsec_probe() was skipped for TFABOOT and SPL_BUILD. The idea
of skipping probe() is that we can't access BSEC from the normal
world. This is true with TFABOOT. However, in SPL, we are in the
secure world, so skipping probe is incorrect. In fact, SPL is not
even built when TFABOOT is selecte
This function is needed when loading a FIT image from SPL. It selects
the correct configuration node for the current board. Implement it.
Signed-off-by: Alexandru Gagniuc
---
board/st/stm32mp1/spl.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/board/st/stm32mp1/spl.c b/board/s
Falcon mode requires a board-specific mechanism to select between
fast and normal boot. This is done via spl_start_uboot()
Use the B2 button as the selection mechanism. This is connected to
GPIO PA13. Incidentally, this GPIO is already accessible via the
"st,fastboot-gpios" devicetree node.
Offse
The UART can reliably go up to 200 baud when connected to the
on-board st-link. Unfortunately u-boot will fall back to 115200 unless
higher rates are declared via CONFIG_SYS_BAUDRATE_TABLE.
Signed-off-by: Alexandru Gagniuc
---
include/configs/stm32mp1.h | 4
1 file changed, 4 insertions
My goal when I started on this project a year ago was to get to linux
userspace within a second from power on. Oh, and it had to be secure!
Contrast that to the two minutes it took the STLinux demo to come up.
It was obvious that the accepted way of running an FSBL, then SSBL was
going to blow the
On 8/26/21 3:54 PM, Simon Glass wrote:
Hi Heinrich,
On Thu, 26 Aug 2021 at 01:10, Heinrich Schuchardt wrote:
On 8/26/21 5:15 AM, Simon Glass wrote:
> Hi Heinrich,
>
> On Wed, 25 Aug 2021 at 02:05, Heinrich Schuchardt wrote:
>>
>> Hello Simon,
>>
>> some boards like qemu-riscv64_defconfig
> From: Simon Glass
> Date: Thu, 26 Aug 2021 14:00:12 -0600
>
> Hi Mark,
>
> On Thu, 26 Aug 2021 at 06:55, Mark Kettenis wrote:
> >
> > > From: Simon Glass
> > > Date: Wed, 25 Aug 2021 21:15:00 -0600
> > >
> > > Hi Heinrich,
> > >
> > > On Wed, 25 Aug 2021 at 02:05, Heinrich Schuchardt
> > >
> From: Simon Glass
> Date: Thu, 26 Aug 2021 13:54:49 -0600
>
> Hi Heinrich,
>
>
> On Thu, 26 Aug 2021 at 01:10, Heinrich Schuchardt wrote:
> >
> > On 8/26/21 5:15 AM, Simon Glass wrote:
> > > Hi Heinrich,
> > >
> > > On Wed, 25 Aug 2021 at 02:05, Heinrich Schuchardt
> > > wrote:
> > >>
> >
Hi Mark,
On Thu, 26 Aug 2021 at 06:55, Mark Kettenis wrote:
>
> > From: Simon Glass
> > Date: Wed, 25 Aug 2021 21:15:00 -0600
> >
> > Hi Heinrich,
> >
> > On Wed, 25 Aug 2021 at 02:05, Heinrich Schuchardt
> > wrote:
> > >
> > > Hello Simon,
> > >
> > > some boards like qemu-riscv64_defconfig d
Hi Heinrich,
On Thu, 26 Aug 2021 at 01:10, Heinrich Schuchardt wrote:
>
> On 8/26/21 5:15 AM, Simon Glass wrote:
> > Hi Heinrich,
> >
> > On Wed, 25 Aug 2021 at 02:05, Heinrich Schuchardt
> > wrote:
> >>
> >> Hello Simon,
> >>
> >> some boards like qemu-riscv64_defconfig do not use any device-
On Thu, Aug 26, 2021 at 09:39:20AM -0700, Tim Harvey wrote:
> Greetings,
>
> I'm trying to understand what the best memory usage is in U-Boot for
> IMX8M boards for generic distro configs such as: loadaddr,
> kernel_addr_r, fdt_addr_r, ramdisk_addr, scriptaddr.
>
> My understanding is that the f
Hi Ryan,
I'm only aware of the work that Tim has published. I don't think anyone
is actively working on it.
Alex
On 8/26/21 9:00 AM, Pabis, Ryan wrote:
I see that Tim was working to add a non-platform specific implementation of the
ECDSA algorithm to u-boot back in February. I would like t
Greetings,
I'm trying to understand what the best memory usage is in U-Boot for
IMX8M boards for generic distro configs such as: loadaddr,
kernel_addr_r, fdt_addr_r, ramdisk_addr, scriptaddr.
My understanding is that the following is a good rule of thumb:
loadaddr = DDR start + 32MB (as FIT image
On Thu, Aug 26, 2021 at 09:35:12AM +0200, Michael Walle wrote:
> Am 2021-08-26 01:03, schrieb Vladimir Oltean:
> > On Wed, Aug 25, 2021 at 04:09:50PM -0400, Tom Rini wrote:
> > In any case, it doesn't sound absurd at all, with a bit of passion it
> > could be done on all Layerscapes. I would be abs
Hi Tim
On Thu, 2021-08-26 at 07:57 -0700, Tim Harvey wrote:
> ...
> Marcel,
>
> This would break imx8mm-venice.
Sure, that's why I made it an RFC. I was just missing some context.
> The of-list, @fdt-SEQ and @config-SEQ are required to support
> automatic generation of fdt and config nodes wh
On J721e R5 SPL, dfu buffer for loading sysfw.itb image gets allocated
before DRAM gets initialized. So, the buffer gets allocated in MCU L3
RAM. The current buffer size to be allocated is 256KB and the available
total heap memory is 0x7 (448KB). This leads to NOMEM errors during
allocation.
The size of u-boot.img is above 1MB and that of tispl.bin is close to 1MB,
in case of j721e. Therefore, increase the sizes allocated for tispl.bin and
u-boot.img to 2 MB and 4 MB respectively, in dfu_alt_info_ram environment
variable.
Signed-off-by: Aswath Govindraju
---
include/environment/ti/k
In the cdns3 usb driver, the clock name looked for is ref. Therefore, fix
the clock-names property in usb0 instance for proper initialization of
cdns3 usb gadget driver.
Signed-off-by: Aswath Govindraju
---
arch/arm/dts/k3-j721e-r5-common-proc-board.dts | 2 +-
1 file changed, 1 insertion(+), 1
The following series of patches fix USB DFU Boot mode in J7200 and J721E
SoC's.
changes since v1:
- synced up the size allocated for tispl.bin and u-boot.img in dfu ram env
variable with that of OSPI and eMMC dfu env variables
Aswath Govindraju (3):
arm: dts: k3-j721e-r5-*.dts: Fix clock-name
We move the SYS_CACHE_SHIFT_N options from arch/arm/Kconfig to
arch/Kconfig, and introduce SYS_CACHE_SHIFT_4 to provide a size of 16.
Introduce select statements for other architectures based on current
usage. For MIPS, we take the existing arch-specific symbol and migrate
to the generic symbol.
This adds genimage [1] config files for generating SD card and spi-nor
images, which can be programmed to an SD card or SPI flash and boot
from there.
The same images will be used for U-Boot CI testing for this board.
[1] https://github.com/pengutronix/genimage
Signed-off-by: Bin Meng
---
(no
This adds CI tests for SiFive Unleashed board.
QEMU supports booting exact the same images as used on the real
hardware out of the box, that U-Boot SPL loads U-Boot proper
from either an SD card or the SPI NOR flash, hence we can easily
set up CI to cover these 2 boot flows of SiFive Unleashed boa
genimage [1] is a tool to create flash/disk images. This is required
by some targets, e.g.: sifive_unleashed, to generate sdcard or spi-nor
images for real hardware, as well as U-Boot CI testing.
[1] https://github.com/pengutronix/genimage
Signed-off-by: Bin Meng
---
Changes in v2:
- Build gen
At present U-Boot CI testing is still using QEMU 4.2.0 which is
pretty old. Let's bump up to QEMU 6.1.0.
ninja-build is added as the prerequisite required by QEMU 6.1.0.
Note there is a bug in QEMU 6.1.0 Xilinx Zynq UART emulation codes.
A quick fix [1] was posted on QEMU mailing list but it it t
On Thu, Aug 26, 2021 at 5:27 AM Marcel Ziswiler wrote:
>
> From: Marcel Ziswiler
>
>
> With the move to using binman to generate SPL aka u-boot-spl-ddr.bin and
> U-Boot proper aka u-boot.itb every board now covers such configuration
> in its own U-Boot specific device tree include. Introduce a ne
On Thu, Aug 26, 2021 at 5:14 AM Marcel Ziswiler wrote:
>
> From: Marcel Ziswiler
>
> With the move to using binman to generate SPL aka u-boot-spl-ddr.bin and
> U-Boot proper aka u-boot.itb every board now covers such configuration
> in its own U-Boot specific device tree include. Introduce a new
I see that Tim was working to add a non-platform specific implementation of the
ECDSA algorithm to u-boot back in February. I would like to use this feature
as well and was wondering if this work has been completed and where I can find
the patch.
Thanks,
Ryan
Hi Mark,
> > > > > > > > > > >
[...]
> > > > > > > > > > > Well, there's "find the next stage", which is
> > > > > > > > > > > boot_targets environment
> > > > > > > > > > > variable, and then "where that next stage looks for
> > > > > > > > > > > stuff" which is
> > > > > > > > > > > OS-depe
efi_init_secure_state() calls efi_transfer_secure_state() which may delete
variable "PK" which will result in calling efi_init_secure_state() again.
Signed-off-by: Heinrich Schuchardt
---
v2:
no change
---
lib/efi_loader/efi_var_common.c | 6 ++
1 file changed, 6 insertions(+)
diff
Writing variables AuditMode or Deployed Mode must update the secure boot
state.
Signed-off-by: Heinrich Schuchardt
---
v2:
correct variable name in lib/efi_loader/efi_variable_tee.c
---
include/efi_variable.h| 1 +
lib/efi_loader/efi_var_common.c | 2 ++
lib/efi_loader/efi_
The UEFI specification requires that the signature database may only be
stored in tamper-resistant storage. So these variable may not be read
from an unsigned file.
Signed-off-by: Heinrich Schuchardt
---
v2:
no change
---
include/efi_variable.h | 5 +++-
lib/efi_loader/efi_var_
When U-Boot is started we have to use the existing variables to determine
in which secure boot state we are.
* If a platform key PK is present and DeployedMode=1, we are in deployed
mode.
* If no platform key PK is present and AuditMode=1, we are in audit mode.
* Otherwise if a platform key is p
Even if we cannot read the variable store from disk we still need to
initialize the secure boot state.
Don't continue to boot if the variable preseed is invalid as this indicates
that the variable store has been tampered.
Signed-off-by: Heinrich Schuchardt
---
v2:
no change
---
lib/efi_
Variable PK must be deleted when switching either to setup mode or to audit
mode.
Variable AuditMode must be writable in setup mode and user mode.
Variable DeployedMode must only be writable in user mode; simplify the
logic.
Signed-off-by: Heinrich Schuchardt
---
v2:
no change
---
lib/ef
The UEFI specification 2.9 defines the different modes that secure boot may
be in.
The patch series adds support for the "Deployed Mode" and the "Setup Mode".
Furthermore the secure boot signature database must only be loaded from
tamper-resistant storage. So we must not load it from ubootefi.va
> Date: Thu, 26 Aug 2021 09:00:01 -0400
> From: Tom Rini
>
> On Thu, Aug 26, 2021 at 02:01:07PM +0200, Mark Kettenis wrote:
> > > Date: Wed, 25 Aug 2021 18:06:05 -0400
> > > From: Tom Rini
> > >
> > > On Wed, Aug 25, 2021 at 11:54:58PM +0200, Mark Kettenis wrote:
> > > > > Date: Wed, 25 Aug 202
OK, there were yet some other issues with execaddr when higheer
baudrate is used. I will send v2 in a few days, to wait for some more
reactions for v1.
Marek
On Thu, Aug 26, 2021 at 03:33:07PM +0900, AKASHI Takahiro wrote:
> Mark, Tom,
>
> On Wed, Aug 25, 2021 at 06:06:05PM -0400, Tom Rini wrote:
> > On Wed, Aug 25, 2021 at 11:54:58PM +0200, Mark Kettenis wrote:
> > > > Date: Wed, 25 Aug 2021 10:56:35 -0400
> > > > From: Tom Rini
> > > >
> > > > On W
On Thu, Aug 26, 2021 at 02:01:07PM +0200, Mark Kettenis wrote:
> > Date: Wed, 25 Aug 2021 18:06:05 -0400
> > From: Tom Rini
> >
> > On Wed, Aug 25, 2021 at 11:54:58PM +0200, Mark Kettenis wrote:
> > > > Date: Wed, 25 Aug 2021 10:56:35 -0400
> > > > From: Tom Rini
> > > >
> > > > On Wed, Aug 25,
> From: Simon Glass
> Date: Wed, 25 Aug 2021 21:15:00 -0600
>
> Hi Heinrich,
>
> On Wed, 25 Aug 2021 at 02:05, Heinrich Schuchardt wrote:
> >
> > Hello Simon,
> >
> > some boards like qemu-riscv64_defconfig do not use any device-tree at
> > build time. A device-tree is only supplied at runtime
On Thu, Aug 26, 2021 at 07:17:24AM +, eugen.hris...@microchip.com wrote:
> Hello everyone,
>
> I plan to rename the u-boot-atmel tree to u-boot-at91 .
>
> It's been more than 5 years since Atmel is part of Microchip, and the
> name is slowly being changed to reflect the new reality.
>
> It
From: Marcel Ziswiler
With the move to using binman to generate SPL aka u-boot-spl-ddr.bin and
U-Boot proper aka u-boot.itb every board now covers such configuration
in its own U-Boot specific device tree include. Introduce a new common
imx8mm-binman.dtsi which covers the common part of that conf
From: Marcel Ziswiler
Rather than using odd implicit blob-ext naming, explicitly specify the
type to be of blob-ext and therefore also simplify the node naming.
Signed-off-by: Marcel Ziswiler
---
Changes in v1:
- This was suggested by Simon on my earlier patch set upon which we
decided to f
From: Marcel Ziswiler
Alphabetically re-order properties.
Signed-off-by: Marcel Ziswiler
---
arch/arm/dts/imx8mm-binman.dtsi | 30 +++---
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/arch/arm/dts/imx8mm-binman.dtsi b/arch/arm/dts/imx8mm-binman.dtsi
i
From: Marcel Ziswiler
Explicitly add SPL aka u-boot-spl.bin filename.
Signed-off-by: Marcel Ziswiler
---
arch/arm/dts/imx8mm-binman.dtsi | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/dts/imx8mm-binman.dtsi b/arch/arm/dts/imx8mm-binman.dtsi
index b7ab8d19934..1d2895d8970 100644
From: Marcel Ziswiler
With the move to using binman to generate SPL aka u-boot-spl-ddr.bin and
U-Boot proper aka u-boot.itb every board now covers such configuration
in its own U-Boot specific device tree include. Introduce a new common
imx8mm-binman.dtsi which covers the common part of that con
From: Marcel Ziswiler
This fixes the following build time issue:
...
BINMAN all
binman: Error 1 running 'mkimage -d ./mkimage.spl.mkimage -n
spl/u-boot-spl.cfgout -T imx8mimage -e 0x7e1000
./mkimage-out.spl.mkimage': mkimage.flash.mkimage: Can't open: No such
file or directory
make: *** [
> Date: Wed, 25 Aug 2021 18:06:05 -0400
> From: Tom Rini
>
> On Wed, Aug 25, 2021 at 11:54:58PM +0200, Mark Kettenis wrote:
> > > Date: Wed, 25 Aug 2021 10:56:35 -0400
> > > From: Tom Rini
> > >
> > > On Wed, Aug 25, 2021 at 11:42:51PM +0900, AKASHI Takahiro wrote:
> > > > Simon,
> > > >
> > >
> > By "EFI app", do you mean a way of booting "/efi/boot/bootXX.efi"
> > (default file name in case that no image path is specified)?
> >
> > In fact, this behavior, or removable media support, is defined
> > as part of UEFI boot manager in UEFI specification. (See section 3.5)
> > What this means
Hi Oleksandr,
On Thu, Aug 26, 2021 at 8:04 AM Oleksandr Suvorov
wrote:
>
> From: Ricardo Salveti
>
> Move setting CONFIG_BOOTCOMMAND to the mx7ulp_com_defconfig file.
> It also allows replacing the default CONFIG_BOOTCOMMAND without
> code modification.
>
> Signed-off-by: Ricardo Salveti
> Sign
The UEFI specification requires that the signature database may only be
stored in tamper-resistant storage. So these variable may not be read
from an unsigned file.
Signed-off-by: Heinrich Schuchardt
---
include/efi_variable.h | 5 +++-
lib/efi_loader/efi_var_common.c | 2 --
lib/efi_
The UEFI specification 2.9 defines the different modes that secure boot may
be in.
The patch series adds support for the "Deployed Mode" and the "Setup Mode".
Furthermore the secure boot signature database must only be loaded from
tamper-resistant storage. So we must not load it from ubootefi.va
Variable PK must be deleted when switching either to setup mode or to audit
mode.
Variable AuditMode must be writable in setup mode and user mode.
Variable DeployedMode must only be writable in user mode; simplify the
logic.
Signed-off-by: Heinrich Schuchardt
---
lib/efi_loader/efi_var_common.c
Even if we cannot read the variable store from disk we still need to
initialize the secure boot state.
Don't continue to boot if the variable preseed is invalid as this indicates
that the variable store has been tampered.
Signed-off-by: Heinrich Schuchardt
---
lib/efi_loader/efi_variable.c | 12
Writing variables AuditMode or Deployed Mode must update the secure boot
state.
Signed-off-by: Heinrich Schuchardt
---
include/efi_variable.h| 1 +
lib/efi_loader/efi_var_common.c | 2 ++
lib/efi_loader/efi_variable.c | 6 +++---
lib/efi_loader/efi_variable_tee.c | 4 +++-
4 fi
efi_init_secure_state() calls efi_transfer_secure_state() which may delete
variable "PK" which will result in calling efi_init_secure_state() again.
Signed-off-by: Heinrich Schuchardt
---
lib/efi_loader/efi_var_common.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/lib/efi_loader/efi
When U-Boot is started we have to use the existing variables to determine
in which secure boot state we are.
* If a platform key PK is present and DeployedMode=1, we are in deployed
mode.
* If no platform key PK is present and AuditMode=1, we are in audit mode.
* Otherwise if a platform key is p
On 8/20/21 6:05 PM, Tom Rini wrote:
On Fri, Aug 20, 2021 at 05:57:51PM +0100, Andre Przywara wrote:
On 8/19/21 4:53 PM, Peter Hoyes wrote:
Hi,
From: Peter Hoyes
Use the environment variable armv8_switch_to_el1 to determine whether
to switch to EL1 at runtime. This is an alternative to the
Hello everyone,
I plan to rename the u-boot-atmel tree to u-boot-at91 .
It's been more than 5 years since Atmel is part of Microchip, and the
name is slowly being changed to reflect the new reality.
It makes more sense to have the custodian tree named u-boot-at91 , as
this tree is used only fo
From: Ricardo Salveti
Move setting CONFIG_BOOTCOMMAND to the mx7ulp_com_defconfig file.
It also allows replacing the default CONFIG_BOOTCOMMAND without
code modification.
Signed-off-by: Ricardo Salveti
Signed-off-by: Oleksandr Suvorov
---
Changes in v2:
- move setting the command to defconfig
From: Meenakshi Aggarwal
Rename emmc_bootcmd environment variable to sd2_bootcmd
to fix emmc boot on lx2162aqds board.
Signed-off-by: Meenakshi Aggarwal
---
include/configs/lx2162aqds.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/configs/lx2162aqds.h b/inclu
1 - 100 of 112 matches
Mail list logo
