to support Falcon mode from NOR but not
MMC. In that case, mmc_load_image_raw_os() would not be used. To
address this, conditionally compile mmc_load_image_raw_os() when
SPL_FALCON_BOOT_MMCSD, instead of SPL_OS_BOOT.
Signed-off-by: Alexandru Gagniuc
---
This is designed to apply on top of next:
the OP-TEE memory nodes to the
SPL devicetree.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 3 ---
1 file changed, 3 deletions(-)
diff --git a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
b/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
index fb60549f4d..fe347377ba 100644
required to copy the optee nodes
to he target's FDT. Do this as part of spl_board_prepare_for_optee().
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/spl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/arm/mach-stm32mp/spl.c b/arch/arm/mach-stm32mp/spl.c
index d9fdc5926c
node if
it already-exists.
Add the "/firmware/optee" node the SPL devicetree.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
b/arch/arm/dts/stm32mp157a-dk1-u-boot.d
We want the optee_copy_fdt_nodes symbols in SPL. This is for cases
when booting an OPTEE payload directly.
Signed-off-by: Alexandru Gagniuc
---
lib/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/Makefile b/lib/Makefile
index 962470f496..c7dc217e2b 100644
--- a
alcon mode from NOR but not MMC. In that case, it doesn't
make sense to have mmc_load_image_raw_os().
Signed-off-by: Alexandru Gagniuc
---
README| 4
common/spl/Kconfig| 16
common/spl/spl_mmc.c
L finagling, and possibly carry security side-effects.
Thus, adding "mac-address" nodes to the kernel devicetree is the most
economical method in terms of lines of code and complexity.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/cpu.c | 22 ++
Move the reading the OTP into a separate function. This is
required for a subsequent change which sets the MAC in SPL.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/cpu.c | 37 +++--
1 file changed, 23 insertions(+), 14 deletions(-)
diff --git a
when TFABOOT is selected.
Thus, do not skip this step for SPL_BUILD. Note that because SPL is
now doing this step, we no longer need to do it in u-boot. The new
logic is "let the FSBL do it", which is simpler.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/bsec.c | 4 ++--
1
s is where fdt_ethernet_set_macaddr() comes in. It is similar in
function to fdt_fixup_ethernet(), but only updates one interface,
without using the u-boot env, and without string processing.
Signed-off-by: Alexandru Gagniuc
---
common/fdt_support.c | 30 ++
include/fdt_supp
The UART can reliably go up to 200 baud when connected to the
on-board st-link. Unfortunately u-boot will fall back to 115200 unless
higher rates are declared via CONFIG_SYS_BAUDRATE_TABLE.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Patrick Delaunay
---
include/configs/stm32mp1.h | 4
et to -dk2. This is because EV1 does
not have a crypto-enabled CPU, and thus enabling ECDSA support would
have made far less sense. That and all the goodies with FIT in SPL
are enabled to give this config some continuous integration TLC.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/dts/stm32
This function is needed when loading a FIT image from SPL. It selects
the correct configuration node for the current board. Implement it.
Signed-off-by: Alexandru Gagniuc
---
board/st/stm32mp1/spl.c | 14 ++
1 file changed, 14 insertions(+)
diff --git a/board/st/stm32mp1/spl.c b
tions
- Use "u-boot,falcon-gpios" instead of "st,fastboot-gpios"
- Only update shadow registers in SPL for BSEC .probe()
Alexandru Gagniuc (13):
spl: Untagle spl_start_uboot() from spl_mmc.c
spl: Move SYS_MMCSD_RAW_MODE_KERNEL_SECTOR to Kconfig
stm32mp1: Add support fo
() exists in spl/spl.c, so
leverage that one and stop defining the symbol in spl_mmc.c. We need
the symbol because spl_start_uboot() is called in spl_mmc.c
irrespective of the Falcon mode being activated.
Signed-off-by: Alexandru Gagniuc
---
common/spl/spl.c | 10 ++
common/spl/spl_mmc.c
"). None of the tests caught that CRC32 was broken.
Instead of testing hash_calculate() against itself, create a FIT with
containing a kernel with pre-calculated hashes. Then check the hashes
produced against the known good hashes.
Signed-off-by: Alexandru Gagniuc
---
Desired:
$ ./tes
once.
Fixes: 92055e138f28 ("image: Drop if/elseif hash selection in
calculate_hash()")
Tested-by: Tom Rini
Signed-off-by: Alexandru Gagniuc
---
common/image-fit.c | 9 -
1 file changed, 9 deletions(-)
diff --git a/common/image-fit.c b/common/image-fit.c
index 92d914
r the "falcon" flow. Only remove them for "fip".
3) Makefile logic for .stm32 images
Because we've removed CONFIG_STM32MP15x_STM32IMAGE, we can't use it in
mach-stm32mp/config.mk to control the creation of u-boot.stm32 images.
Instead of complicating the makefile logic, we rev
who should patch the FDT optee nodes.
This Kconfig can be justified as a natural extension of TFABOOT.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/Kconfig | 15 +++
1 file changed, 15 insertions(+)
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 2d59562665..0bfdc2adc4
s are "basic", "trusted", and "tfaboot_fip".
To this effect, avoid having a naked config name and rename it to
"stm32mp15_tfaboot_fip_defconig".
Signed-off-by: Alexandru Gagniuc
---
board/st/stm32mp1/MAINTAINERS| 2 +-
...defco
nfusing because it conflates image
generation with u-boot behavior. I'm proposing replacing it with
TFABOOT_FIP_CONTAINER because I think this new config is much easier
to understand in layman's terms. I also thinks it maps more elegantly
to what STM is trying to do: add a new boot flow.
node if
it already-exists.
Add the "/firmware/optee" node the SPL devicetree.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
b/arch/arm/dts/stm32mp157a-dk1-u-boot.d
required to copy the optee nodes
to he target's FDT. Do this as part of spl_board_prepare_for_optee().
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/spl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/arm/mach-stm32mp/spl.c b/arch/arm/mach-stm32mp/spl.c
index d9fdc5926c
We want the optee_copy_fdt_nodes symbols in SPL. This is for cases
when booting an OPTEE payload directly.
Signed-off-by: Alexandru Gagniuc
---
lib/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/Makefile b/lib/Makefile
index 8ba745faa0..73dacbb01b 100644
--- a
L finagling, and possibly carry security side-effects.
Thus, adding "mac-address" nodes to the kernel devicetree is the most
economical method in terms of lines of code and complexity.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/cpu.c | 22 ++
said about the wisdom of using a raw
sector as opposed to more elegant schemes. However, changing how
falcon mode works is beyond the scope of this change.
Signed-off-by: Alexandru Gagniuc
---
README| 4
common/spl/Kconfig
s is where fdt_ethernet_set_macaddr() comes in. It is similar in
function to fdt_fixup_ethernet(), but only updates one interface,
without using the u-boot env, and without string processing.
Signed-off-by: Alexandru Gagniuc
---
common/fdt_support.c | 30 ++
include/fdt_supp
Move the reading the OTP into a separate function. This is
required for a subsequent change which sets the MAC in SPL.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/cpu.c | 37 +++--
1 file changed, 23 insertions(+), 14 deletions(-)
diff --git a
when TFABOOT is selected.
Thus, do not skip this step for SPL_BUILD. Note that because SPL is
now doing this step, we no longer need to do it in u-boot. The new
logic is "let the FSBL do it", which is simpler.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/bsec.c | 4 ++--
1
et to -dk2. This is because EV1 does
not have a crypto-enabled CPU, and thus enabling ECDSA support would
have made far less sense. That and all the goodies with FIT in SPL
are enabled to give this config some continuous integration TLC.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/dts/stm32
This function is needed when loading a FIT image from SPL. It selects
the correct configuration node for the current board. Implement it.
Signed-off-by: Alexandru Gagniuc
---
board/st/stm32mp1/spl.c | 14 ++
1 file changed, 14 insertions(+)
diff --git a/board/st/stm32mp1/spl.c b
The UART can reliably go up to 200 baud when connected to the
on-board st-link. Unfortunately u-boot will fall back to 115200 unless
higher rates are declared via CONFIG_SYS_BAUDRATE_TABLE.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Patrick Delaunay
---
include/configs/stm32mp1.h | 4
- Rework board_fit_config_name_match() per Patrick's suggestions
- Use "u-boot,falcon-gpios" instead of "st,fastboot-gpios"
- Only update shadow registers in SPL for BSEC .probe()
Alexandru Gagniuc (11):
spl: Move SYS_MMCSD_RAW_MODE_KERNEL_SECTOR to Kconfig
stm3
alue.
Move it to imx7 for those boards who still make use of it.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-imx/mx7/Kconfig | 8
lib/optee/Kconfig | 8
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/arch/arm/mach-imx/mx7/Kconfig b/arch/arm/ma
hardcodes a value
which is then not used. In fact the load address that u-boot uses is
the one derived from the OPTEE image.
Confused yet? I sure was. To prevent future confusion, remove
CONFIG_OPTEE_LOAD_ADDR.
Signed-off-by: Alexandru Gagniuc
---
configs/warp7_defconfig | 1 -
include/configs/w
It is no longer used in u-boot. Information about the TZDRAM location
is usually available in the devicetree as "/reserved-memory/" nodes.
Because this isn't used, remove it.
Signed-off-by: Alexandru Gagniuc
---
configs/warp7_bl33_defconfig | 1 -
configs/warp7_defconfig |
ion in Kconfig for
"bootm". To remedy this, do not use TZDRAM_BASE and TZDRAM_SIZE in the
verification of OPTEE images.
Signed-off-by: Alexandru Gagniuc
---
include/tee/optee.h | 14 --
lib/optee/optee.c | 21 ++---
2 files changed, 6 insertions(+), 29 deletion
ng. This
also resolves the problems with "bootm" mentioned earlier.
I hypothesize that one could re-add the removed checks from
optee_verify_image() by deriving TZDRAM information from (1) instead
of (3). I chose not to implement it because I don't see the value.
Alexan
rogressive_lookup_algo() will catch that, and
return -EPROTONOSUPPORT, while hash_lookup_algo() will return the
correct pointer.
Signed-off-by: Alexandru Gagniuc
---
common/hash.c| 13 +
include/image.h | 1 +
include/u-boot/md5.h | 6 --
lib/md5.c| 4 +
All of these configs exist. Stick to using CONFIG_[ST]PL_HASH, and drop all
references to CONFIG_[ST]PL_HASH_SUPPORT. This means we need for
CHAIN_OF_TRUST to select SPL_HASH now.
Signed-off-by: Alexandru Gagniuc
[trini: Add TPL case, fix CHAIN_OF_TRUST, other tweaks]
Signed-off-by: Tom Rini
akes sense because
even basic FITs will have to deal with "hash" nodes.
My only concern is that the 'select SPL_HASH' might cause some
platform to grow above its SPL size allowance
Signed-off-by: Alexandru Gagniuc
---
common/Kconfig.boot| 2 ++
c
These are no longer used, so drop them.
Signed-off-by: Alexandru Gagniuc
---
include/image.h | 20
1 file changed, 20 deletions(-)
diff --git a/include/image.h b/include/image.h
index e4b9cd0df2..98b33d0629 100644
--- a/include/image.h
+++ b/include/image.h
@@ -60,26 +60,6
sha512.c. The latter doesn't make any sense.
It's reasonable to say in Kconfig that SHA384 depends on SHA512, and
seems to be the more polite way to handle the selection.
Thus, automatically select SHA512 when SHA384 is enabled.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-socfp
since v1:
- Taken in all of Tom's fixes from WIP/30Aug2021 branch
- CMD_MVEBU_BUBT: select SHA256 if ARMADA_3700 (sha256_update() reference)
- fsl: FSL_CAAM: imply SPL_CRYPTO (Fixes undefined reference to hw_sha1)
- Add MD5 to hash_algos[] (Fixes "Can't add hashes to FIT: -93&
did not manifest before.
Note that SHA selection in SPL is broken for this exact reason. There
is no corresponding SPL_SHAxxx. Fixing this is is beyond the scope of
this change.
Signed-off-by: Alexandru Gagniuc
---
cmd/mvebu/Kconfig| 1 +
common/Kconfig.boot | 28 -
ignore
the value of CONFIG_FIT_CIPHER for host-only code.
Signed-off-by: Alexandru Gagniuc
---
include/image.h| 5 -
tools/image-host.c | 2 +-
2 files changed, 1 insertion(+), 6 deletions(-)
diff --git a/include/image.h b/include/image.h
index e20f0b69d5..381ee91eb5 100644
--- a/include/ima
Hi Patrick,
I proposing a better fix fir the issues I outlined earlier, I made a
classification of the currently supported boot modes.
1) BL1 -> SPL -> u-boot
2) BL1 -> SPL -> OP-TEE
-
| 3) BL1 -> TF-A -> u-boot
We want the optee_copy_fdt_nodes symbols in SPL. This is for cases
when booting an OPTEE payload directly.
Signed-off-by: Alexandru Gagniuc
---
lib/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/Makefile b/lib/Makefile
index 8ba745faa0..73dacbb01b 100644
--- a
optee nodes to he target's FDT. Do this as
part of spl_board_prepare_for_optee().
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/spl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/arm/mach-stm32mp/spl.c b/arch/arm/mach-stm32mp/spl.c
index d9fdc5926c..94fbb45cf9 10
different from
setup_mac_address(), which sets the "ethaddr" env variable, and does
not work in SPL.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/cpu.c | 22 +++
.../arm/mach-stm32mp/include/mach/sys_proto.h | 3 +++
arch/arm/mach-stm
Move the reading the OTP into a separate function. This is
required for a subsequent change which sets the MAC in SPL.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/cpu.c | 37 +++--
1 file changed, 23 insertions(+), 14 deletions(-)
diff --git a
This node is required in SPL when booting an OP-TEE payload. Add it to
the SPL devicetree.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
b/arch/arm/dts/stm32mp157a-dk1-u
s is where fdt_ethernet_set_macaddr() comes in. It is similar in
function to fdt_fixup_ethernet(), but only updates one interface,
without using the u-boot env, and without string processing.
Signed-off-by: Alexandru Gagniuc
---
common/fdt_support.c | 30 ++
include/fdt_supp
OT is selected.
Thus, only skip probe with TFABOOT, but not SPL_BUILD.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/bsec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/mach-stm32mp/bsec.c b/arch/arm/mach-stm32mp/bsec.c
index fe39bd80cf..a02d19c1b9 100644
This function is needed when loading a FIT image from SPL. It selects
the correct configuration node for the current board. Implement it.
Signed-off-by: Alexandru Gagniuc
---
board/st/stm32mp1/spl.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/board/st/stm32mp1/spl.c b/board
etree node.
Offsets for raw MMC loading are defined. These point to the partition
after "ssbl".
Signed-off-by: Alexandru Gagniuc
---
board/st/stm32mp1/spl.c| 39 ++
include/configs/stm32mp1.h | 13 +
2 files changed, 52 insertions(+)
d
The UART can reliably go up to 200 baud when connected to the
on-board st-link. Unfortunately u-boot will fall back to 115200 unless
higher rates are declared via CONFIG_SYS_BAUDRATE_TABLE.
Signed-off-by: Alexandru Gagniuc
---
include/configs/stm32mp1.h | 4
1 file changed, 4
he boot flow is
SPL -> OP-TEE -> Linux
Incidentally, these patches are some of the earlier ones I wrote for
this project. It didn't make sense to publish them at the time, as the
supporting infrastructure was not in place then
I decided not to separate these patches into mini-seri
akes sense because
even basic FITs will have to deal with "hash" nodes.
My only concern is that the 'select SPL_HASH' might cause some
platform to grow above its SPL size allowance
Signed-off-by: Alexandru Gagniuc
---
common/Kconfig.boot |
These are no longer used, so drop them.
Signed-off-by: Alexandru Gagniuc
---
include/image.h | 20
1 file changed, 20 deletions(-)
diff --git a/include/image.h b/include/image.h
index 489b220eba..2d057d445c 100644
--- a/include/image.h
+++ b/include/image.h
@@ -59,26 +59,6
Both these configs exist. Stick to using CONFIG_SPL_HASH, and drop all
references to CONFIG_SPL_HASH_SUPPORT.
Signed-off-by: Alexandru Gagniuc
---
common/Kconfig.boot | 2 +-
common/Makefile | 3 +--
common/spl/Kconfig
sha512.c. The latter doesn't make any sense.
It's reasonable to say in Kconfig that SHA384 depends on SHA512, and
seems to be the more polite way to handle the selection.
Thus, automatically select SHA512 when SHA384 is enabled.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-socfp
, nor needed. Remove them.
One defconfig disables FIT_SHA256, which is now changed to 'SHA256'.
Note that SHA selection in SPL is broken for this exact reason. There
is no corresponding SPL_SHAxxx. Fixing this is is beyond the scope of
this change.
Signed-off-by: Alexandru Gag
uot;sha256"' FIT nodes to
work in SPL.
This series does not attempt to add individual SHA/CRC/MD5 configs for
SPL. Hash algo selection for SPL has been problematic even before. This
series is meant as an emergency fix, so it does not attempt to tackle
general refactoring issues.
Alexandru G
necessary. For example ecda-verify
makes use of U_BOOT_CRYPTO_ALGO() without any accompanying #ifdefs.
The fundamental issue is a lack of separation of host and target code
in rsa_verify. Therefore, the declaration of a padding algo with the
external #ifdef is more readable and consistent.
Signe
pport.
Signed-off-by: Alexandru Gagniuc
---
I would appreciate if somebody tested the RSA signing functionality
with this patch applied, as I am not equipped to test this
comprehensively.
lib/rsa/rsa-sign.c | 76 +++---
1 file changed, 4 insertions(+
for now.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Simon Glass
---
configs/sandbox_defconfig | 2 ++
test/dm/Makefile | 1 +
test/dm/ecdsa.c | 38 ++
3 files changed, 41 insertions(+)
create mode 100644 test/dm/ecdsa.c
FIT signatures can now be implemented with ECDSA. The assumption that
all FIT images are signed with RSA is no longer valid. Thus, instead
of 'select'ing RSA, only 'imply' it. This doesn't change the defaults,
but allows one to explicitly disable RSA support.
Signed-
Implement the crypto_algo .verify() function for ecdsa256. Because
it backends on UCLASS_ECDSA, this change is focused on parsing the
keys from devicetree and passing this information to the specific
UCLASS driver.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Simon Glass
---
lib/Kconfig
The STM32MP ROM provides several service. One of them is the ability
to verify ecdsa256 signatures. Hook the ROM API into the ECDSA uclass.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/Kconfig| 9 +++
arch/arm/mach-stm32mp/Makefile | 1 +
arch/arm/mach-stm32mp
Define a UCLASS API for verifying ECDSA signatures. Unlike
UCLASS_MOD_EXP, which focuses strictly on modular exponentiation,
the ECDSA class focuses on verification. This is done so that it
better aligns with mach-specific implementations, such as stm32mp.
Signed-off-by: Alexandru Gagniuc
st wrong sig_len in ecdsa_romapi.c
- s/U_BOOT_DEVICE/U_BOOT_DRVINFO/
- Use "if(!ret)" instead of "if (ret == 0)"
- Use uclass_first_device_err() instead of uclass_fi
Alexandru Gagniuc (5):
dm: crypto: Define UCLASS API for ECDSA signature verification
lib: ecdsa: Implement UC
Add the "/reserved-memory/optee" node to the SPL devicetree. The
purpose is to allow configuring TZC regions when booting OP-TEE.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Simon Glass
---
arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 3 +++
1 file changed, 3 insertions(+)
diff --
.
Changing TZC permissions needs to be done with care, so as not to cut
off access to memory we are currently using. One place where we can
use this is at the end of SPL, right before jumping to OP-TEE.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Patrick Delaunay
---
arch/arm/mach-stm32mp
This has to be hardcoded. The rest of the configuration is
fairly easy, and only requires 3 TZC regions. Configure them.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/spl.c | 92 +
1 file changed, 92 insertions(+)
diff --git a/arch/arm/mach-st
solution to avoid the use
of weak functions would trivially apply to all these implementations.
However, re-designing this is beyond the scope of this patch.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Tom Rini
Reviewed-by: Simon Glass
Reviewed-by: Patrick Delaunay
---
common/spl/spl.c | 5
_os()
only loading the binary, and leaving the decision of suitability to
someone else. However, a rework of the boot flow is beyond the scope
of this patch. Accept IH_OS_TEE as a valid OS value.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Tom Rini
Reviewed-by: Patrick Delaunay
---
common/spl
v4 branch was reported to have some issues with SPL becoming too big
on some platforms (e.g. imx6dl_mamoj) This is fixed by dropping the
call to genimg_get_os_name().
Alexandru Gagniuc (5):
spl: mmc: Support OP-TEE payloads in Falcon mode
spl: Introduce spl_board_prepare_for_optee() hook
Function pointers from crypto_algos array are relocated, when
NEEDS_MANUAL_RELOC is set. This relocation doesn't happen if the algo
is placed in a linker list. Implement this relocation.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Simon Glass
Acked-by: Michal Simek
---
common/image-
he default build yields the most feature-complete
mkimage.
Signed-off-by: Alexandru Gagniuc
---
tools/Kconfig | 11 +++
tools/Makefile | 48 +++-
2 files changed, 42 insertions(+), 17 deletions(-)
diff --git a/tools/Kconfig b/tools/Kconfig
index b
This macro is no longer needed for code flow or #ifdefs. Remove it.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Simon Glass
---
include/image.h | 5 +
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/include/image.h b/include/image.h
index d4c453428c..64663c591b 100644
--- a
This macro is no longer needed for code flow or #ifdefs. Remove it.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Simon Glass
---
include/image.h | 3 ---
1 file changed, 3 deletions(-)
diff --git a/include/image.h b/include/image.h
index 64663c591b..e20f0b69d5 100644
--- a/include/image.h
It is no longer necessary to implement rsa_() functions as no-ops
depending on config options. It is merely sufficient to provide the
prototypes, as the rsa code is no longer linked when unused.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Simon Glass
---
include/u-boot/rsa.h | 47
Crytographic algorithms (currently RSA), are stored in linker lists.
The crypto_algos array is unused, so remove it, and any logic
associated with it.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Simon Glass
---
common/image-sig.c | 22 --
1 file changed, 22 deletions
, and remove target
specific code. Although it looks like we are duplicating code,
subsequent patches will change the way target algorithms are searched.
Besides we are only duplicating three string to struct mapping
functions. This isn't something to fuss about.
Signed-off-by: Alexandru Ga
It is no longer necessary to implement ecdsa_() functions as no-ops
depending on config options. It is merely sufficient to provide the
prototypes, as the ecdsa code is no longer linked when unused.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Simon Glass
---
include/u-boot/ecdsa.h | 25
is invoked.
NOTE that adding support for manual relocation of crypto_algos within
linker lists is beyond the scope of this patch.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Simon Glass
---
common/image-sig.c | 9 +
include/image.h| 5 +
2 files changed, 14 insertions(+)
di
From: Simon Glass
We already have a host Kconfig for SHA1. Use CONFIG_IS_ENABLED(SHA1)
directly in the code shared with the host build, so we can drop the
unnecessary indirection.
Signed-off-by: Simon Glass
Reviewed-by: Alexandru Gagniuc
Signed-off-by: Alexandru Gagniuc
---
common/image
From: Simon Glass
Drop the ENABLE and SUPPORT parts of this, which are redundant.
Signed-off-by: Simon Glass
Reviewed-by: Alexandru Gagniuc
Signed-off-by: Alexandru Gagniuc
---
common/Kconfig.boot | 2 +-
common/image-sig.c | 4 ++--
configs/bcm963158_ram_defconfig
dsa256 support, this
is intentional. ecdsa_verify() is a no-op on the target, and is
currently only used by host code.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Simon Glass
---
common/image-sig.c | 39 ++-
1 file changed, 2 insertions(+), 37 deletions(-)
diff -
From: Simon Glass
We already have a host Kconfig for these SHA options. Use
CONFIG_IS_ENABLED(SHAxxx) directly in the code shared with the host build,
so we can drop the unnecessary indirections.
Signed-off-by: Simon Glass
Reviewed-by: Alexandru Gagniuc
Signed-off-by: Alexandru Gagniuc
us to have
a single definition of rsa_verify().
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Simon Glass
---
common/image-sig.c | 9 -
lib/rsa/rsa-verify.c | 16
2 files changed, 16 insertions(+), 9 deletions(-)
diff --git a/common/image-sig.c b/common/image-sig.c
From: Simon Glass
This is not needed with Kconfig, since we can use IS_ENABLED() easily
enough. Drop it.
Signed-off-by: Simon Glass
Reviewed-by: Alexandru Gagniuc
Signed-off-by: Alexandru Gagniuc
---
common/image-fit.c | 2 +-
include/image.h| 5 -
2 files changed, 1 insertion(+), 6
From: Simon Glass
Drop the _SUPPORT suffix so we can use CONFIG_IS_ENABLED() with this
option.
Signed-off-by: Simon Glass
Reviewed-by: Alexandru Gagniuc
Signed-off-by: Alexandru Gagniuc
---
common/spl/Kconfig | 2 +-
include/image.h| 2 +-
2 files changed, 2 insertions(+), 2 deletions
From: Simon Glass
Drop the _SUPPORT suffix so we can use CONFIG_IS_ENABLED() with this
option.
Signed-off-by: Simon Glass
Reviewed-by: Alexandru Gagniuc
Signed-off-by: Alexandru Gagniuc
---
common/spl/Kconfig| 4 ++--
configs/axm_defconfig | 2
From: Simon Glass
These option are named inconsistently with other SPL options, thus making
them incompatible with the CONFIG_IS_ENABLED() macro. Rename them.
Signed-off-by: Simon Glass
Reviewed-by: Alexandru Gagniuc
Signed-off-by: Alexandru Gagniuc
---
common/spl/Kconfig | 8
with other options.
Rename FIT_ENABLE_SHAxxx_SUPPORT to FIT_SHAxxx
Signed-off-by: Simon Glass
Reviewed-by: Alexandru Gagniuc
Signed-off-by: Alexandru Gagniuc
---
common/Kconfig.boot | 6 +++---
configs/mt8516_pumpkin_defconfig | 2 +-
include/image.h | 12
This series combines
[PATCH v2] tools: Use a single target-independent config to enable OpenSSL
and its dependencies.
Changes since v2:
* Replace FIT_OBJS-$(CONFIG_...) with FIT_OBJS-y to resolve rpi buld issue
Alexandru Gagniuc (11):
common: Move host-only logic in image-sig.c to separate
he default build yields the most feature-complete
mkimage.
Signed-off-by: Alexandru Gagniuc
---
Changes since v1:
* Drop the verb "_USE_" from the Kconfig option name
tools/Kconfig | 11 +++
tools/Makefile | 46 ++
2 files changed, 41
This has to be hardcoded. The rest of the configuration is
fairly easy, and only requires 3 TZC regions. Configure them.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/spl.c | 92 +
1 file changed, 92 insertions(+)
diff --git a/arch/arm/mach-st
1 - 100 of 385 matches
Mail list logo
